define('PROTOCOL', 'http://'); break; default: define('PROTOCOL', 'https://'); break; } } define("hu", PROTOCOL . $siteurl . '/'); // v1.0 experimental relative url global define("rhu", preg_replace("/https?:\\/\\/.+(\\/.*)\\/?\$/U", "\$1", hu)); if (!empty($locale)) { setlocale(LC_ALL, $locale); } $textarray = load_lang(LANG); include txpath . '/include/txp_auth.php'; doAuth(); // individual user prefs $prefs = get_user_prefs() + $prefs; build_element_list($elements_main); if ($elements_aux) { build_element_list($elements_aux); } load_elements('init'); register_element_tabs(); $event = gps('event') ? gps('event') : 'article'; $step = gps('step'); if (!$dbversion or $dbversion != $thisversion or $txp_using_svn) { define('TXP_UPDATE', 1); include txpath . '/update/_update.php'; } load_elements($event);
function doArticles($atts, $iscustom, $thing = null) { global $pretext, $prefs; extract($pretext); extract($prefs); $customFields = getCustomFields(); $customlAtts = array_null(array_flip($customFields)); if ($iscustom) { $extralAtts = array('category' => '', 'section' => '', 'excerpted' => '', 'author' => '', 'month' => '', 'expired' => $publish_expired_articles, 'id' => '', 'exclude' => ''); } else { $extralAtts = array('listform' => '', 'searchform' => '', 'searchall' => 1, 'searchsticky' => 0, 'pageby' => '', 'pgonly' => 0); } // Getting attributes. $theAtts = lAtts(array('form' => 'default', 'limit' => 10, 'sort' => '', 'sortby' => '', 'sortdir' => '', 'keywords' => '', 'time' => 'past', 'status' => STATUS_LIVE, 'allowoverride' => !$q and !$iscustom, 'offset' => 0, 'wraptag' => '', 'break' => '', 'label' => '', 'labeltag' => '', 'class' => '') + $customlAtts + $extralAtts, $atts); // For the txp:article tag, some attributes are taken from globals; // override them, then stash all filter attributes. if (!$iscustom) { $theAtts['category'] = $c ? $c : ''; $theAtts['section'] = $s && $s != 'default' ? $s : ''; $theAtts['author'] = !empty($author) ? $author : ''; $theAtts['month'] = !empty($month) ? $month : ''; $theAtts['frontpage'] = $s && $s == 'default' ? true : false; $theAtts['excerpted'] = 0; $theAtts['exclude'] = 0; $theAtts['expired'] = $publish_expired_articles; filterAtts($theAtts); } else { $theAtts['frontpage'] = false; } extract($theAtts); // If a listform is specified, $thing is for doArticle() - hence ignore here. if (!empty($listform)) { $thing = ''; } $pageby = empty($pageby) ? $limit : $pageby; // Treat sticky articles differently wrt search filtering, etc. $status = in_array(strtolower($status), array('sticky', STATUS_STICKY)) ? STATUS_STICKY : STATUS_LIVE; $issticky = $status == STATUS_STICKY; // Give control to search, if necessary. if ($q && !$iscustom && !$issticky) { include_once txpath . '/publish/search.php'; $s_filter = $searchall ? filterSearch() : ''; $q = trim($q); $quoted = $q[0] === '"' && $q[strlen($q) - 1] === '"'; $q = doSlash($quoted ? trim(trim($q, '"')) : $q); // Searchable article fields are limited to the columns of the // textpattern table and a matching fulltext index must exist. $cols = do_list_unique($searchable_article_fields); if (empty($cols) or $cols[0] == '') { $cols = array('Title', 'Body'); } $match = ", MATCH (`" . join("`, `", $cols) . "`) AGAINST ('{$q}') AS score"; $search_terms = preg_replace('/\\s+/', ' ', str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $q)); if ($quoted || empty($m) || $m === 'exact') { for ($i = 0; $i < count($cols); $i++) { $cols[$i] = "`{$cols[$i]}` LIKE '%{$search_terms}%'"; } } else { $colJoin = $m === 'any' ? "OR" : "AND"; $search_terms = explode(' ', $search_terms); for ($i = 0; $i < count($cols); $i++) { $like = array(); foreach ($search_terms as $search_term) { $like[] = "`{$cols[$i]}` LIKE '%{$search_term}%'"; } $cols[$i] = "(" . join(" {$colJoin} ", $like) . ")"; } } $cols = join(" OR ", $cols); $search = " AND ({$cols}) {$s_filter}"; // searchall=0 can be used to show search results for the current // section only. if ($searchall) { $section = ''; } if (!$sort) { $sort = "score DESC"; } } else { $match = $search = ''; if (!$sort) { $sort = "Posted DESC"; } } // For backwards compatibility. sortby and sortdir are deprecated. if ($sortby) { trigger_error(gTxt('deprecated_attribute', array('{name}' => 'sortby')), E_USER_NOTICE); if (!$sortdir) { $sortdir = "DESC"; } else { trigger_error(gTxt('deprecated_attribute', array('{name}' => 'sortdir')), E_USER_NOTICE); } $sort = "{$sortby} {$sortdir}"; } elseif ($sortdir) { trigger_error(gTxt('deprecated_attribute', array('{name}' => 'sortdir')), E_USER_NOTICE); $sort = "Posted {$sortdir}"; } // Building query parts. $frontpage = ($frontpage and (!$q or $issticky)) ? filterFrontPage() : ''; $category = join("','", doSlash(do_list_unique($category))); $category = !$category ? '' : " AND (Category1 IN ('" . $category . "') OR Category2 IN ('" . $category . "'))"; $section = !$section ? '' : " AND Section IN ('" . join("','", doSlash(do_list_unique($section))) . "')"; $excerpted = !$excerpted ? '' : " AND Excerpt !=''"; $author = !$author ? '' : " AND AuthorID IN ('" . join("','", doSlash(do_list_unique($author))) . "')"; $month = !$month ? '' : " AND Posted LIKE '" . doSlash($month) . "%'"; $ids = $id ? array_map('intval', do_list_unique($id)) : array(); $exclude = $exclude ? array_map('intval', do_list_unique($exclude)) : array(); $id = (!$id ? '' : " AND ID IN (" . join(',', $ids) . ")") . (!$exclude ? '' : " AND ID NOT IN (" . join(',', $exclude) . ")"); switch ($time) { case 'any': $time = ""; break; case 'future': $time = " AND Posted > " . now('posted'); break; default: $time = " AND Posted <= " . now('posted'); } if (!$expired) { $time .= " AND (" . now('expires') . " <= Expires OR Expires = " . NULLDATETIME . ")"; } $custom = ''; if ($customFields) { foreach ($customFields as $cField) { if (isset($atts[$cField])) { $customPairs[$cField] = $atts[$cField]; } } if (!empty($customPairs)) { $custom = buildCustomSql($customFields, $customPairs); } } // Allow keywords for no-custom articles. That tagging mode, you know. if ($keywords) { $keys = doSlash(do_list_unique($keywords)); foreach ($keys as $key) { $keyparts[] = "FIND_IN_SET('" . $key . "', Keywords)"; } $keywords = " AND (" . join(' or ', $keyparts) . ")"; } if ($q and $searchsticky) { $statusq = " AND Status >= " . STATUS_LIVE; } elseif ($id) { $statusq = " AND Status >= " . STATUS_LIVE; } else { $statusq = " AND Status = " . intval($status); } $where = "1 = 1" . $statusq . $time . $search . $id . $category . $section . $excerpted . $month . $author . $keywords . $custom . $frontpage; // Do not paginate if we are on a custom list. if (!$iscustom and !$issticky) { $grand_total = safe_count('textpattern', $where); $total = $grand_total - $offset; $numPages = ceil($total / $pageby); $pg = !$pg ? 1 : $pg; $pgoffset = $offset + ($pg - 1) * $pageby; // Send paging info to txp:newer and txp:older. $pageout['pg'] = $pg; $pageout['numPages'] = $numPages; $pageout['s'] = $s; $pageout['c'] = $c; $pageout['context'] = 'article'; $pageout['grand_total'] = $grand_total; $pageout['total'] = $total; global $thispage; if (empty($thispage)) { $thispage = $pageout; } if ($pgonly) { return; } } else { $pgoffset = $offset; } // Preserve order of custom article ids unless 'sort' attribute is set. if (!empty($atts['id']) && empty($atts['sort'])) { $safe_sort = "FIELD(id, " . join(',', $ids) . ")"; } else { $safe_sort = doSlash($sort); } $rs = safe_rows_start("*, UNIX_TIMESTAMP(Posted) AS uPosted, UNIX_TIMESTAMP(Expires) AS uExpires, UNIX_TIMESTAMP(LastMod) AS uLastMod" . $match, 'textpattern', "{$where} ORDER BY {$safe_sort} LIMIT " . intval($pgoffset) . ", " . intval($limit)); // Get the form name. if ($q and !$iscustom and !$issticky) { $fname = $searchform ? $searchform : 'search_results'; } else { $fname = !empty($listform) ? $listform : $form; } if ($rs) { $count = 0; $last = numRows($rs); $articles = array(); while ($a = nextRow($rs)) { ++$count; populateArticleData($a); global $thisarticle, $uPosted, $limit; $thisarticle['is_first'] = $count == 1; $thisarticle['is_last'] = $count == $last; // Article form preview. if (txpinterface === 'admin' && ps('Form')) { doAuth(); if (!has_privs('form')) { txp_status_header('401 Unauthorized'); exit(hed('401 Unauthorized', 1) . graf(gTxt('restricted_area'))); } $articles[] = parse(gps('Form')); } elseif ($allowoverride and $a['override_form']) { $articles[] = parse_form($a['override_form']); } else { $articles[] = $thing ? parse($thing) : parse_form($fname); } // Sending these to paging_link(); Required? $uPosted = $a['uPosted']; unset($GLOBALS['thisarticle']); } return doLabel($label, $labeltag) . doWrap($articles, $wraptag, $break, $class); } }
/** * Ask the user whether he wants to trust this site */ function action_trust() { $info = getRequestInfo(); $trusted = isset($_POST['trust']); return doAuth($info, $trusted, true, @$_POST['idSelect']); }
/** * Ask the user whether he wants to trust this site */ function action_trust() { global $store; $info = getRequestInfo(); $trusted = isset($_POST['trust']); if ($info && isset($_POST['remember'])) { $store->setTrustedSite($info->trust_root); } return doAuth($info, $trusted, true); }
} else { debug("...not allowing"); $content = array("page", "Not a valid Wiki", "That (" . $request[0] . ") not a Wiki I am aware of, and current config forbids creation of arbitrary new wikis", "Aquarion (Admin)", date("r")); } } else { debug("Loading wikipage " . $_EXTRAS['current']); $content = wiki($request[0], $_EXTRAS['current']); } } else { debug("Listing wikis"); $listOfwikis = $dataSource->listOfWikis(); foreach ($listOfwikis as $row) { $out .= "# <a href=\"" . $row[0] . "\">" . $row[0] . "</a>, " . $row[1] . " pages\n"; } $content = array("page", "Index of Wikis", $out, "Aquarion (Admin)", date("r")); } if (isset($_EXTRAS['reqUser'])) { debug("Requiring auth " . $_EXTRAS['reqAuth']); doAuth($_EXTRAS['reqUser'], "enter"); } if (isset($_EXTRAS['reqAuth'])) { debug("Requiring auth " . $_EXTRAS['reqAuth']); doAuth($_EXTRAS['reqAuth'], "enter"); } if (isset($_EXTRAS['reqUsers'])) { debug("Requiring auth from users array"); doAuth($_EXTRAS['reqUsers'], "enter"); } debug("Memory Track: " . number_format(memory_get_usage())); echo page($content); debug("Game over, No high score.");
function doArticles($atts, $iscustom, $thing = NULL) { global $pretext, $prefs; extract($pretext); extract($prefs); $customFields = getCustomFields(); $customlAtts = array_null(array_flip($customFields)); //getting attributes $theAtts = lAtts(array('form' => 'default', 'listform' => '', 'searchform' => '', 'limit' => 10, 'pageby' => '', 'category' => '', 'section' => '', 'excerpted' => '', 'author' => '', 'sort' => '', 'sortby' => '', 'sortdir' => '', 'month' => '', 'keywords' => '', 'expired' => $publish_expired_articles, 'frontpage' => '', 'id' => '', 'time' => 'past', 'status' => '4', 'pgonly' => 0, 'searchall' => 1, 'searchsticky' => 0, 'allowoverride' => !$q and !$iscustom, 'offset' => 0, 'wraptag' => '', 'break' => '', 'label' => '', 'labeltag' => '', 'class' => '') + $customlAtts, $atts); // if an article ID is specified, treat it as a custom list $iscustom = !empty($theAtts['id']) ? true : $iscustom; //for the txp:article tag, some attributes are taken from globals; //override them before extract if (!$iscustom) { $theAtts['category'] = $c ? $c : ''; $theAtts['section'] = $s && $s != 'default' ? $s : ''; $theAtts['author'] = !empty($author) ? $author : ''; $theAtts['month'] = !empty($month) ? $month : ''; $theAtts['frontpage'] = $s && $s == 'default' ? true : false; $theAtts['excerpted'] = ''; } extract($theAtts); // if a listform is specified, $thing is for doArticle() - hence ignore here. if (!empty($listform)) { $thing = ''; } $pageby = empty($pageby) ? $limit : $pageby; // treat sticky articles differently wrt search filtering, etc $status = in_array(strtolower($status), array('sticky', '5')) ? 5 : 4; $issticky = $status == 5; // give control to search, if necessary if ($q && !$iscustom && !$issticky) { include_once txpath . '/publish/search.php'; $s_filter = $searchall ? filterSearch() : ''; $q = trim($q); $quoted = $q[0] === '"' && $q[strlen($q) - 1] === '"'; $q = doSlash($quoted ? trim(trim($q, '"')) : $q); // searchable article fields are limited to the columns of // the textpattern table and a matching fulltext index must exist. $cols = do_list($searchable_article_fields); if (empty($cols) or $cols[0] == '') { $cols = array('Title', 'Body'); } $match = ', match (`' . join('`, `', $cols) . "`) against ('{$q}') as score"; $search_terms = preg_replace('/\\s+/', ' ', str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $q)); if ($quoted || empty($m) || $m === 'exact') { for ($i = 0; $i < count($cols); $i++) { $cols[$i] = "`{$cols[$i]}` like '%{$search_terms}%'"; } } else { $colJoin = $m === 'any' ? 'or' : 'and'; $search_terms = explode(' ', $search_terms); for ($i = 0; $i < count($cols); $i++) { $like = array(); foreach ($search_terms as $search_term) { $like[] = "`{$cols[$i]}` like '%{$search_term}%'"; } $cols[$i] = '(' . join(' ' . $colJoin . ' ', $like) . ')'; } } $cols = join(' or ', $cols); $search = " and ({$cols}) {$s_filter}"; // searchall=0 can be used to show search results for the current section only if ($searchall) { $section = ''; } if (!$sort) { $sort = 'score desc'; } } else { $match = $search = ''; if (!$sort) { $sort = 'Posted desc'; } } // for backwards compatibility // sortby and sortdir are deprecated if ($sortby) { trigger_error(gTxt('deprecated_attribute', array('{name}' => 'sortby')), E_USER_NOTICE); if (!$sortdir) { $sortdir = 'desc'; } else { trigger_error(gTxt('deprecated_attribute', array('{name}' => 'sortdir')), E_USER_NOTICE); } $sort = "{$sortby} {$sortdir}"; } elseif ($sortdir) { trigger_error(gTxt('deprecated_attribute', array('{name}' => 'sortdir')), E_USER_NOTICE); $sort = "Posted {$sortdir}"; } //Building query parts $frontpage = ($frontpage and (!$q or $issticky)) ? filterFrontPage() : ''; $category = join("','", doSlash(do_list($category))); $category = !$category ? '' : " and (Category1 IN ('" . $category . "') or Category2 IN ('" . $category . "'))"; $section = !$section ? '' : " and Section IN ('" . join("','", doSlash(do_list($section))) . "')"; $excerpted = $excerpted == 'y' || $excerpted == '1' ? " and Excerpt !=''" : ''; $author = !$author ? '' : " and AuthorID IN ('" . join("','", doSlash(do_list($author))) . "')"; $month = !$month ? '' : " and Posted like '" . doSlash($month) . "%'"; $ids = array_map('intval', do_list($id)); $id = !$id ? '' : " and ID IN (" . join(',', $ids) . ")"; switch ($time) { case 'any': $time = ""; break; case 'future': $time = " and Posted > now()"; break; default: $time = " and Posted <= now()"; } if (!$expired) { $time .= " and (now() <= Expires or Expires = " . NULLDATETIME . ")"; } $custom = ''; if ($customFields) { foreach ($customFields as $cField) { if (isset($atts[$cField])) { $customPairs[$cField] = $atts[$cField]; } } if (!empty($customPairs)) { $custom = buildCustomSql($customFields, $customPairs); } } //Allow keywords for no-custom articles. That tagging mode, you know if ($keywords) { $keys = doSlash(do_list($keywords)); foreach ($keys as $key) { $keyparts[] = "FIND_IN_SET('" . $key . "',Keywords)"; } $keywords = " and (" . join(' or ', $keyparts) . ")"; } if ($q and $searchsticky) { $statusq = ' and Status >= 4'; } elseif ($id) { $statusq = ' and Status >= 4'; } else { $statusq = ' and Status = ' . intval($status); } $where = "1=1" . $statusq . $time . $search . $id . $category . $section . $excerpted . $month . $author . $keywords . $custom . $frontpage; //do not paginate if we are on a custom list if (!$iscustom and !$issticky) { $grand_total = safe_count('textpattern', $where); $total = $grand_total - $offset; $numPages = ceil($total / $pageby); $pg = !$pg ? 1 : $pg; $pgoffset = $offset + ($pg - 1) * $pageby; // send paging info to txp:newer and txp:older $pageout['pg'] = $pg; $pageout['numPages'] = $numPages; $pageout['s'] = $s; $pageout['c'] = $c; $pageout['context'] = 'article'; $pageout['grand_total'] = $grand_total; $pageout['total'] = $total; global $thispage; if (empty($thispage)) { $thispage = $pageout; } if ($pgonly) { return; } } else { $pgoffset = $offset; } // preserve order of custom article ids unless 'sort' attribute is set if (!empty($atts['id']) && empty($atts['sort'])) { $safe_sort = 'field(id, ' . join(',', $ids) . ')'; } else { $safe_sort = doSlash($sort); } $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as uLastMod" . $match, 'textpattern', $where . ' order by ' . $safe_sort . ' limit ' . intval($pgoffset) . ', ' . intval($limit)); // get the form name if ($q and !$iscustom and !$issticky) { $fname = $searchform ? $searchform : 'search_results'; } else { $fname = $listform ? $listform : $form; } if ($rs) { $count = 0; $last = numRows($rs); $articles = array(); while ($a = nextRow($rs)) { ++$count; populateArticleData($a); global $thisarticle, $uPosted, $limit; $thisarticle['is_first'] = $count == 1; $thisarticle['is_last'] = $count == $last; filterAtts($theAtts); // article form preview if (txpinterface === 'admin' && ps('Form')) { doAuth(); if (!has_privs('form')) { txp_status_header('401 Unauthorized'); exit(hed('401 Unauthorized', 1) . graf(gTxt('restricted_area'))); } $articles[] = parse(gps('Form')); } elseif ($allowoverride and $a['override_form']) { $articles[] = parse_form($a['override_form']); } else { $articles[] = $thing ? parse($thing) : parse_form($fname); } // sending these to paging_link(); Required? $uPosted = $a['uPosted']; unset($GLOBALS['thisarticle']); } return doLabel($label, $labeltag) . doWrap($articles, $wraptag, $break, $class); } }
function wiki($wiki, $article) { global $dataSource; global $_CONFIG; global $_EXTRAS; $out = ''; //if ($_CONFIG['oneWiki']){ $base = $_CONFIG['base']; $url = $_CONFIG['base'] . "/{$article}"; //} else { // $base = $_CONFIG['base']."/".$wiki; // $url = $_CONFIG['base']."/$wiki/$article"; //} $content = array($wiki, $article, "", "aqWiki (Admin)", date("r")); if (!isset($_GET['action'])) { $_GET['action'] = false; } switch ($_GET['action']) { case "viewrev": if (!$_GET['id']) { panic("View Revision", "Parameters incorrect"); } $id = $_GET['id']; $pages = $dataSource->getPage($article); debug("Found " . count($pages) . " pages"); $row = $pages[$id]; $content[2] = '<div class="info"><b>Note:</b> This is a <i>specific revision</i> of this page, and may be outdated, The current version is ((here|' . $article . ')). You can see the differences between this and the current revision <a href="' . $url . '?action=diff&from=' . $id . '">here</a></div>'; if (in_array($_EXTRAS['me'], $_EXTRAS['admins'])) { $content[2] .= '<div class="adminFunctions">Admin Actions: <a href="' . $url . '?action=revert&id=' . $id . '">Revert back to this version</a> </div>'; } $content[2] .= $row['content']; #."\n\n [ \"Edit This Page\":$url?action=edit | \"View Source\":$url?action=src ]"; $content[3] = $row['creator']; $content[4] = date("r", $row['created']); $limit = 3; $current = 0; $_EXTRAS['versions'] = ''; foreach ($pages as $row) { $line = date("r", $row['created']) . " - \"" . $row['creator'] . "\":{$base}/~" . $row['creator']; if ($row['comment']) { $line .= " : " . $row['comment']; } if ($row['revision'] == $id) { $_EXTRAS['versions'] .= "# " . $line . " [ Current ]\n"; } else { $_EXTRAS['versions'] .= "# " . $line . " [ <a href=\"" . $url . "?action=viewrev&id=" . $row['revision'] . "\" title=\"View this revision\">View</a> |" . " <a href=\"" . $url . "?action=diff&from=" . $id . "&to=" . $row['revision'] . "\"\" title=\"View differences between this and the current revision\">Diff</a> ]\n"; } $current++; if ($id < $row['revision']) { // Nothing happens } elseif ($current >= $limit && $_GET['action'] != "allrev") { if ($id == $row['revision']) { $limit += 6; } else { $_EXTRAS['versions'] .= "# \"Show rest of revisions\":" . $url . "?action=allrev\n"; break; } } } $content[2] .= $out; break; case "diff": $content[2] = "These are the differences between two versions of (({$article})). Lines styled <span class=\"added\">" . "like this</span> have been added to the entry, lines <span class=\"removed\">like this</span> have been removed.\n\n"; $from = isset($_GET['from']) ? $_GET['from'] : false; $to = isset($_GET['to']) ? $_GET['to'] : false; $_EXTRAS['textarea'] = $dataSource->diff($article, $from, $to); $content[2] .= "[[TEXTAREA]]"; break; case "newUser": /*mysql> describe users; +---------------+------------------+-------------------+ | Field | Type | Collation | +---------------+------------------+-------------------+ | id | int(10) unsigned | binary | | username | varchar(64) | latin1_swedish_ci | | real_name | tinytext | latin1_swedish_ci | | email | tinytext | latin1_swedish_ci | | birthday | date | latin1_swedish_ci | | password | tinytext | latin1_swedish_ci | | location | int(11) | binary | | last_access | timestamp | latin1_swedish_ci | | date_creation | timestamp | latin1_swedish_ci | | access_level | int(11) | binary | +---------------+------------------+-------------------+ 10 rows in set (0.05 sec) */ $form = '<form class="shiny" method=post action="' . $_SERVER['REQUEST_URI'] . '"><h2>New User</h2>' . "\n\n" . '|Username|<input type="text" name="username" value="' . $_POST['username'] . '">|(Must not be blank)|' . "\n" . '|Display Name|<input type="text" name="name" value="' . $_POST['name'] . '">|(Must not be blank)<br>|' . "\n" . '|e-Mail|<input type="text" name="email" value="' . $_POST['email'] . '">|(Must not be blank)<br>|' . "\n" . '|Password|<input type="password" name="password">|(Must not be blank)<br>|' . "\n" . '|Repeat Password |<input type="password" name="password2">| (Must match above) |' . "\n\n"; if (isset($_CONFIG['recaptcha_public_key'])) { require_once 'recaptchalib.php'; $public_key = $_CONFIG['recaptcha_public_key']; $form .= '<aqWikiNoProcess>' . recaptcha_get_html($public_key) . "</aqWikiNoProcess>\n\n"; } $form .= '<input type="submit" name="submit" value="Create User">' . "\n\n" . '</form>'; #print_r($_POST); if ($_POST['submit']) { $errors = array(); if ($_POST['username'] == "") { $errors[] = "Username cannot be blank"; } elseif (strstr($_POST['username'], ",")) { $errors[] = "Username cannot contain commas"; } elseif (isset($_EXTRAS['reservedUsers']) && in_array($_POST['username'], $_EXTRAS['reservedUsers'])) { $errors[] = "Username invalid"; } elseif (!$dataSource->unique("users", "username", $_POST['username'])) { $errors[] = "Username must be unique"; } if ($_POST['email'] == "") { $errors[] = "email cannot be blank"; } elseif (!$dataSource->unique("users", "email", $_POST['email'])) { $errors[] = "email must be unique"; } if ($_POST['name'] == "") { $errors[] = "Display Name cannot be blank"; } elseif (!$dataSource->unique("users", "real_name", $_POST['name'])) { $errors[] = "Display Name must be unique"; } if ($_POST['password'] == "") { $errors[] = "password cannot be blank"; } elseif ($_POST['password'] != $_POST['password2']) { $errors[] = "passwords must match"; } if (isset($_CONFIG['recaptcha_private_key'])) { $privatekey = $_CONFIG['recaptcha_private_key']; $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $errors[] = "Captcha invalid"; } } if (count($errors) == 0) { $dataSource->newUser($_POST['username'], $_POST['name'], $_POST['password'], $_POST['email']); sendAdminEmail('New User Created', $_POST); $out = "h2. New user created\n\n"; $out .= "Hi, " . $_POST['name'] . ", Welcome to this aqWiki install.\n\n"; $url = parse_url($_SERVER['REQUEST_URI']); $out .= "You should now \"login\":" . $url['path'] . "?action=login"; } else { $out = "h2. Error in user creation\n\n"; foreach ($errors as $error) { $out .= "* " . $error . "\n"; } $out .= "\n\n" . $form; } } else { $out = "h2. New user\n\n"; $out .= $form; } $content[2] = $out; break; case "edit": if ($_EXTRAS['reqEdit']) { doAuth($_EXTRAS['reqEdit'], "edit a page"); } if ($_EXTRAS['restrictNewPages']) { doAuth($_EXTRAS['restrictNewPages'], "create a new page"); } $form = true; $text = false; switch ($_POST['submit']) { case "Preview": $out = $_POST['content']; $text = stripslashes($_POST['content']); break; case "Spell Check": $checker = new Spellchecker(); $text = strip_tags(textile($_POST['content'])); $num_errors = $checker->check($text); if ($num_errors > 0) { $out .= "h3. Spell Check\n\n"; #$out .= "Items <span class=\"spellCorrect\">like this</span> could be errors, hover over for suggestions. Items <span class=\"spellNoSuggest\">like this</span> arn't in the dictionary, and the spell checker has no idea.\n\n"; $errors = $checker->getErrors(); $oldtext = $text; foreach ($errors as $word => $suggestions) { /*$title = trim(implode(', ', $suggestions)); if ($title == ""){ $span = '<|-|'.$title.'|-|>'.$word.'</-|>'; } else { $span = '<|||'.$title.'|||>'.$word.'</||>'; }*/ $suggs = implode(' ', $suggestions); if ($suggs != " ") { $errorlist .= "*" . $word . ":* " . $suggs . "\n\n"; } else { $noidea[] = $word; } # $text = str_replace($word, $span, $text); #$text = preg_replace("/(\W|^)$word(\W|\$)/i", "$1$span$2", $text); } /* //if ($title == ""){ $text = str_replace('<|-|', '<span class="spellNoSuggest"', $text); $text = str_replace('|-|>', '>', $text); $text = str_replace('</-|>', '</span>', $text); //} else { $text = str_replace('<|||', '<span class="spellCorrect" title="', $text); $text = str_replace('|||>', '">', $text); $text = str_replace('</||>', '</span>', $text); //}*/ } if ($noidea) { $errorlist .= "*No idea about:* " . implode(' ', $noidea) . "\n\n"; } #$out .= $text; $out .= $errorlist . "\n"; $text = stripslashes($_POST['content']); break; case "Post": $page = array_shift($dataSource->getPage($article)); if ($page['rev_created'] > $_POST['edittime']) { $content[2] .= collision_detection($page, $_POST); $text = $_POST['content']; //$form = false; } else { $dataSource->post($article, $_POST['content'], $_POST['comment']); $form = false; header("location: {$url}"); } } if ($text) { $_EXTRAS['textarea'] = $text; } elseif (!$dataSource->pageExists($article)) { $_POST['comment'] = "Start of a brand new world"; $_EXTRAS['textarea'] = ""; } else { $_EXTRAS['textarea'] = stripslashes($dataSource->getContent($article)); } preg_match_all("/\\[\\[LOCKED\\|(.*?)\\]\\]/", $_EXTRAS['textarea'], $matches); foreach ($matches[0] as $index => $match) { $users = $matches[1][$index]; doAuth($users, "view this"); } if ($form) { $out .= "<form method=post action=\"" . $_SERVER['REQUEST_URI'] . "\" class=\"shiny wikiedit\">"; $out .= '<h2>Editing "' . $content[1] . '"</h2>'; $out .= "<p>You should read the ((help)). If you are having problems with the formatting, post it and add a note explaining the problem to ((formattingProblems)) and I'll dive in and fix it. If you believe you've found a bug in the wiki software, post your problem to \"the bug tracker\":http://trac.aqxs.net/aqwiki/newticket and I'll dive in and fix that too.</p>\n"; //$out .= "<label for=\"creator\">Author</label>\n"; //$out .= $_EXTRAS['me']."<br>\n"; $out .= "<label for=\"content\">Content of page \"" . $content[1] . "\"</label>\n"; $out .= "<textarea name=\"content\" id=\"content\" rows=\"30\" cols=\"72\">[[TEXTAREA]]</textarea>\n<br>\n"; $out .= "<label for=\"comment\">Comment</label>\n"; $out .= "<input type=\"text\" name=\"comment\" id=\"comment\" size=\"72\" value=\"" . $_POST['comment'] . "\"><br>\n"; $out .= "<input class=\"submit\" type=\"hidden\" name=\"edittime\" value=\"" . time() . "\">\n"; $out .= "<input class=\"submit\" type=\"submit\" name=\"submit\" value=\"Post\"> "; $out .= "<input class=\"submit\" type=\"submit\" name=\"submit\" value=\"Preview\"> "; $out .= "<input class=\"submit\" type=\"submit\" name=\"submit\" value=\"Spell Check\"> "; $out .= "<input class=\"submit\" type=\"reset\" name=\"revert\" value=\"Revert to pre-editing\">\n"; $out .= "</form>"; $content[2] .= $out; break; } case "allrev": if (!$dataSource->pageExists($article)) { $content[2] = 'Error: Page doesn\'t exist. What are you playing at?'; break; } $content[2] = '<form method="GET" action="' . $url . '" style="width: auto;">'; $content[2] .= '<h2>Viewing all revisions for ((' . $article . "))</h2>\n\n"; $content[2] .= 'Select the <input type="radio" /> boxes to compare two revisions' . "\n\n"; $pages = $dataSource->getPage($article); $pages = array_reverse($pages); foreach ($pages as $row) { $line = '<input type="radio" name="from" value="' . $row['revision'] . '">'; $line .= '<input type="radio" name="to" value="' . $row['revision'] . '">'; $line .= date("Y-m-d H:i", $row['created']) . " - " . userlink($row['creator']); if ($row['comment']) { $line .= " : " . $row['comment']; } $content[2] .= "# " . $line . " [ <a href=\"" . $url . "?action=viewrev&id=" . $row['revision'] . "\" title=\"View this revision\">View</a> |" . " <a href=\"" . $url . "?action=diff&from=" . $row['revision'] . "\"\" title=\"View differences between this and the current revision\">Diff</a> ]\n"; } $content[2] .= '<input type="submit" value="Compare Revisions"> <input type="hidden" value="diff" name="action"> </form>'; break; case "revert": if (!in_array($_EXTRAS['me'], $_EXTRAS['admins'])) { panic('AqWiki Reversion', 'You\'re not an admin, you can\'t do this shit'); } if (!$_GET['id']) { die("Parameters incorrect"); } $id = $_GET['id']; $pages = $dataSource->getPage($article); $oldVersion = $pages[$id]; //die($oldVersion['content']); $dataSource->post($article, $oldVersion['content'], 'reverted back to version ' . $id); $form = false; $content[2] = 'Reverted ((' . $article . ')) back to version ' . $id; break; default: $_EXTRAS['versions'] = ""; if (!$dataSource->pageExists($article)) { if ($_EXTRAS['restrictNewPages'] || $_EXTRAS['reqEdit']) { if ($_EXTRAS['restrictNewPages'] == "register") { $message = "any registered users"; } else { $message = "only certain users"; } if (!isset($_EXTRAS['newPageMessage'])) { $npm = "This page doesn't exist yet. [[TYPES]] can create new pages. Do you want to do so?\n\n\"Go On Then\":[[EDITURL]]"; } else { $npm = $_EXTRAS['newPageMessage']; } $content[2] = str_replace(array("[[TYPES]]", "[[EDITURL]]"), array($message, $url . "?action=edit"), $npm); } else { $content[2] = "This page doesn't exist yet, Would you like to create it?\n\n\"Go On Then\":" . $url . "?action=edit"; } } else { $_EXTRAS['nearby'] = $dataSource->nearby($article); $pages = $dataSource->getPage($article); $row = array_shift($pages); if (strcmp($row['wiki'], $wiki) != 0) { $base = $_CONFIG['base'] . "/" . $row['wiki']; $url = $base . "/" . $article; header("location: " . $url); } $content[2] = $row['content']; $content[3] = $row['creator']; $content[4] = date("r", $row['created']); $line = date("r", $row['created']) . " - " . userlink($row['creator']); if ($row['comment']) { $line .= " : " . $row['comment']; } if ($_EXTRAS['current'] != $article) { $pages = $dataSource->getPage($_EXTRAS['current']); $row = array_shift($pages); } $_EXTRAS['versions'] .= "# " . $line . " [ Current ]\n"; $limit = 10; $current = 0; foreach ($pages as $row) { $line = date("Y-m-d\tH:i", $row['created']) . " - " . userlink($row['creator']); if ($row['comment']) { $line .= " : " . $row['comment']; } $_EXTRAS['versions'] .= "# " . $line . " [ <a href=\"" . $url . "?action=viewrev&id=" . $row['revision'] . "\" title=\"View this revision\">View</a> |" . " <a href=\"" . $url . "?action=diff&from=" . $row['revision'] . "\"\" title=\"View differences between this and the current revision\">Diff</a> ]\n"; $current++; if ($_GET['action'] != "allrev" && $current > $limit) { $_EXTRAS['versions'] .= "# \"Show list of revisions\":" . $url . "?action=allrev\n"; break; } } #$content[2] .= $out; } } return $content; }
/** * Ask the user whether he wants to trust this site */ function action_trust() { $info = getRequestInfo(); $trusted = isset($_POST['trust']); if ($info && isset($_POST['remember'])) { $sites = getSessionSites(); $sites[$info->trust_root] = $trusted; setSessionSites($sites); } return doAuth($info, $trusted, true); }