function plugin_qhmauth_action()
{
global $script, $auth_method_type, $auth_users, $edit_auth_pages;
$qm = get_qm();
$page = isset($vars['page']) ? $vars['page'] : '';
$msg = $qm->m['plg_qhmauth']['title'];
// Checked by:
$target_str = '';
if ($auth_method_type == 'pagename') {
$target_str = $page;
// Page name
} else {
if ($auth_method_type == 'contents') {
$target_str = join('', get_source($page));
// Its contents
}
}
$user_list = array();
foreach ($edit_auth_pages as $key => $val) {
if (preg_match($key, $target_str)) {
$user_list = array_merge($user_list, explode(',', $val));
}
}
if (empty($user_list)) {
return array('msg' => $msg, 'body' => "<p>{$qm->m['plg_qhmauth']['err_pkwk_ini']}</p>");
}
//TRUE; // No limit
//--------------------------------------------
//Customize from here
//Session Auth instead of Basic Auth
//Thanks & Refer SiteDev + AT by AKKO
if (array_key_exists($_SESSION['usr'], $auth_users)) {
return array('msg' => $msg, 'body' => "<p>" . $qm->replace('plg_qhmauth.err_has_auth', $_SESSION['usr'], $script) . "</p>");
//return TRUE;
}
$fg = FALSE;
$fg = ss_chkusr($qm->m['plg_qhmauth']['title'], $auth_users);
if ($fg) {
$_SESSION['usr'] = $_POST['username'];
header('Location: ' . $script);
exit;
}
auth_catbody($msg, $qm->replace('plg_qhmauth.err_deny', $script));
exit;
}
/**
*
* 使い方 :
* &dwrite(passcode){表示する文言};
*
* インラインプラグイン :
* 通常の場合 -- 単に、return しただけ
* 編集モード -- 書き換え用フォームへのリンクを出力
*
* アクションプラグイン :
*
*
*/
function plugin_dwrite_action()
{
global $vars, $script;
$qm = get_qm();
//error
if ($vars['page'] == '') {
return array('msg' => $qm->m['plg_dwrite']['title_err'], 'body' => '<p>' . $qm->m['plg_dwrite']['err_invalid_url'] . '</p>');
}
if ($vars['mode'] == 'make') {
//create mode
$template = $script . '?plugin=dwrite&page=' . rawurlencode($vars['page']) . '&mode=write&code=' . $vars['code'];
$template_s = htmlspecialchars($template);
$title = $qm->m['plg_dwrite']['title'];
$contents = <<<EOD
<script type="text/javascript">
function gen_dwrite_code(val){
\tvar el = document.getElementById('dwrite_url');
\tel.value = '{$template}&value='+encodeURIComponent(val);
}
</script>
<p style="text-align:left;font-weight:bold;">{$qm->m['plg_dwrite']['note']}<br />
<input type="text" size="40" id="dwrite_data" onkeyup="gen_dwrite_code(this.value);return false;" style="background-color:#ffc;" /></p>
<p style="text-align:left;">{$qm->m['plg_dwrite']['url']}<br />
<input type="text" size="40" id="dwrite_url" readonly="readonly" onclick="this.select();" />
</p>
<p style="text-align:left;">{$qm->m['plg_dwrite']['edit_url']}<br />
<input type="text" size="40" id="dwrite_url" readonly="readonly" value="{$template_s}" onclick="this.select();" />
</p>
EOD;
auth_catbody($title, $contents);
exit;
} else {
if ($vars['mode'] == 'write') {
$code = $vars['code'];
$rep = array();
$cnt = 0;
foreach (get_source($vars['page']) as $line) {
if ($res = plugin_dwrite_getContent($code, $line)) {
$rep[$cnt] = $res;
$cnt++;
}
}
//error
if ($cnt == 0) {
return array('msg' => $qm->m['plg_dwrite']['title_err'], 'body' => '<p>' . $qm->m['plg_dwrite']['err_cannot_found'] . '</p>');
}
$title = $qm->m['plg_dwrite']['title_confirm'];
if (!isset($vars['value'])) {
$s_page = htmlspecialchars($vars['page']);
$s_code = htmlspecialchars($vars['code']);
$contents = <<<EOD
<p>{$qm->m['plg_dwrite']['note2']}</p>
<form method="post" action="{$script}">
<input type="hidden" name="plugin" value="dwrite" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="hidden" name="mode" value="write" />
<input type="hidden" name="code" value="{$s_code}" />
<input type="text" name="value" size="40" /> <input type="submit" name="ok" value="{$qm->m['plg_dwrite']['btn_confirm']}" />
</form>
EOD;
} else {
$s_page = htmlspecialchars($vars['page']);
$s_code = htmlspecialchars($vars['code']);
$s_value = htmlspecialchars($vars['value']);
$tmp_str = '';
foreach ($rep as $v) {
$tmp_str .= '「' . $v . '」';
}
$contents = $qm->replace('plg_dwrite.ntc_confirm', h($tmp_str), h($vars['value']));
$contents .= <<<EOD
<form method="post" action="{$script}">
<input type="hidden" name="plugin" value="dwrite" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="hidden" name="mode" value="do_write" />
<input type="hidden" name="code" value="{$s_code}" />
<input type="hidden" name="value" value="{$s_value}" /> <input type="submit" name="ok" value="{$qm->m['plg_dwrite']['btn_exec']}" />
</form>
EOD;
}
auth_catbody($title, $contents);
exit;
} else {
if ($vars['mode'] == 'do_write') {
$code = $vars['code'];
$ms = array();
$new_data = '';
foreach (get_source($vars['page']) as $line) {
if ($res = plugin_dwrite_getContent($code, $line)) {
$s = '&dwrite(' . $code . '){' . $res . '};';
$r = '&dwrite(' . $code . '){' . $vars['value'] . '};';
$new_data .= str_replace($s, $r, $line);
} else {
$new_data .= $line;
}
}
page_write($vars['page'], $new_data);
$title = $qm->replace('plg_dwrite.title_result', $vars['page']);
$url = $script . '?' . rawurlencode($vars['page']);
$contents = $qm->replace('plg_dwrite.result', $url);
auth_catbody($title, $contents);
exit;
}
}
}
return array('msg' => $title, 'body' => $body);
}
function ss_auth_loginform($title)
{
global $vars, $script, $script_ssl, $reg_exp_host, $session_save_path;
$title .= isset($_SESSION['usr']) ? ' : ' . $_SESSION['usr'] : '';
$qm = get_qm();
$qt = get_qt();
// Output Form
$tmp = $vars['page'];
$vars['page'] = "Page Edit Authorization";
$addjs = '
<script type="text/javascript">
var usr = document.getElementById("username");
usr.focus();
usr.select();
</script>
';
$contents = <<<EOD
<form method="post">
<div class="box">
<label for="username">{$qm->m['username']}</label>
<input type="text" name="username" tabindex="1" id="username" style="" /><br />
<label for="password">{$qm->m['password']}</label>
<input type="password" name="password" tabindex="2" id="password" style="" /><br />
<input type="hidden" name="keep" value="0" />
<input type="submit" name="send" value="{$qm->m['ss_authform']['btn_login']}" tabindex="3" />
</div>
</form>
{$addjs}
EOD;
//セッションの書き込み権限のチェック
$sspath = session_save_path();
$sspath = $sspath == '' ? '/tmp' : $sspath;
$ss_write = is_writable($sspath);
$error_ss = '';
if ($session_save_path != '') {
$error_ss = '<div id="sessionerror" style="border:2px solid #66AACC;background-color:#EEEEFF;margin:5px 0;"><p>' . $qm->replace('ss_authform.ntc_session_save_path', $script . '?plugin=qhmsetting&phase=sssavepath&mode=form') . '</p></div>';
}
if ($ss_write != true) {
if (!isset($vars['chksession'])) {
//セッションチェックのために、sessionをセットして移動させる。
$t = time();
$_SESSION['chksession'] = $t;
$cur_url = $_SERVER['REQUEST_URI'];
$url = $cur_url . (strpos($cur_url, '?') ? '&' : '?FrontPage&') . 'chksession=' . $t;
header('Content-Type: text/html;charset=utf-8');
echo '<html><head><meta http-equiv="Refresh" content="0;url=' . $url . '"/></head><body><p><a href="' . $url . '">please click here</a></p></body></html>';
exit;
} else {
if ($vars['chksession'] == $_SESSION['chksession']) {
//session OK!
} else {
$error_ss = '<div id="sessionerror" style="border:2px solid #FF3300;background-color:#FFEEEE;margin:5px 0;"><p style="color:red">' . $qm->replace('ss_authform.err_session_writable', $script . '?plugin=qhmsetting&phase=sssavepath&mode=form') . '</p></div>';
}
}
}
$error_path = '';
// catbody("Page Edit Authorization","Page Edit Authorization",$body);
auth_catbody($qm->m['ss_authform']['page_title'], $contents . $error_path . $error_ss);
$vars['page'] = $tmp;
}
function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
{
global $auth_method_type, $auth_users, $_msg_auth;
// Checked by:
$target_str = '';
if ($auth_method_type == 'pagename') {
$target_str = $page;
// Page name
} else {
if ($auth_method_type == 'contents') {
$target_str = join('', get_source($page));
// Its contents
}
}
$user_list = array();
foreach ($auth_pages as $key => $val) {
if (preg_match($key, $target_str)) {
$user_list = array_merge($user_list, explode(',', $val));
}
}
if (empty($user_list)) {
return TRUE;
}
// No limit
//--------------------------------------------
//Customize from here
//Session Auth instead of Basic Auth
//Thanks & Refer SiteDev + AT by AKKO
if (in_array($_SESSION['usr'], $user_list)) {
return TRUE;
}
$fg = FALSE;
if ($auth_flag) {
$arr_temp = array();
foreach ($user_list as $val) {
foreach ($auth_users as $user => $pass) {
if ($val == $user) {
$auth_temp[$user] = $pass;
}
}
}
$qm = get_qm();
$fg = ss_chkusr($qm->m['auth']['ss_chkusr'], $auth_temp);
if ($fg) {
$_SESSION['usr'] = $_POST['username'];
return TRUE;
}
}
if ($exit_flag) {
$body = $title = str_replace('$1', htmlspecialchars(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
auth_catbody($title, $body);
exit;
}
return FALSE;
}
