Location: PHPKode > projects > VampMan: V:tR Character Manager > vampman-1.0.2/phpnuke/modules/Guiki/index.php
<?php							// Licence : GPL 
  /**
   * Guiki as PHP-Nuke module
   * A simple php wiki in one-page and a crossplatform WYSIWYG editor
   *
   */
if (!defined('MODULE_FILE')) {
    die ("You can't access this file directly...");
}


require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
$index = 1;
//get_lang($module_name); 				// no languages yet
$pagetitle = "$module_name";
global $user, $prefix;
$prefix_guiki = $prefix."_guiki";

if(!is_array($user)) {
  $user_get = base64_decode($user);
  $user_get = explode(":", $user_get);
  $user_id = $user_get[0];
  $user_name = "$user_get[1]";
} else {
	$user_id = $user[0];
  $user_name = "$user[1]";
}

if(!is_array($admin)) {
	$admin_get = base64_decode($admin);
	$admin_get = explode(":", $admin_get);
	$aid = $admin_get[0];
} else {
	$aid = $admin[0];
}
 
include("modules/$module_name/config.php");			// Get user set variables
$TPLT["EDIT"]	= "$TEMPLATE/edit.html";		// Set edit template
$TPLT["SHOW"]	= "$TEMPLATE/show.html";		// Set show template
$TPLT["SEARCH"]	= "$TEMPLATE/show.html";		// Set search template
$TPLT["INDEX"] = "$TEMPLATE/show.html";			// Set index template
$TPLT["HISTORY"] = "$TEMPLATE/show.html";

$CONTENT	= $HTTP_POST_VARS["CONTENT"];		// Get content from edit page
$SEARCH		= $HTTP_POST_VARS["SEARCH"];		// Get search term
$MODE		= $HTTP_GET_VARS["MODE"];		// Get mode
$DOCPOST	= $HTTP_POST_VARS["docpost"];		// Testing out new editor delete me
$PAGE		= $HTTP_GET_VARS["PAGE"];		// Get page name

$CONTENT 	= preg_replace("/<\?/","",$CONTENT);	// No PHP uploads
$SEARCH 	= checkVars($SEARCH);			// No special chars
$PAGE	 	= checkVars($PAGE);			// No special chars
$MODE	 	= checkVars($MODE);			// No special chars

if (! $MODE)	{$MODE = "SHOW";}			// Set default mode
if (! $PAGE)	{$PAGE = $HOME;}			// Set default page

# include("header.php");

function head() {
    global $slogan, $sitename, $banners, $nukeurl, $Version_Num, $artpage, $topic, $hlpfile, $user, $hr, $theme, $cookie, $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $textcolor1, $textcolor2, $forumpage, $adminpage, $userpage, $pagetitle;
    include("includes/ipban.php");
    $ThemeSel = get_theme();
//    $ThemeSel = "DeepRed";
    include_once("themes/$ThemeSel/theme.php");
    echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n";
    echo "<html>\n";
    echo "<head>\n";
    echo "<title>$sitename</title>\n";
    include("includes/meta.php");
    include("includes/javascript.php");

    if (file_exists("themes/$ThemeSel/images/favicon.ico")) {
        echo "<link REL=\"shortcut icon\" HREF=\"themes/$ThemeSel/images/favicon.ico\" TYPE=\"image/x-icon\">\n";
    }
    echo "<link rel=\"alternate\" type=\"application/rss+xml\" title=\"RSS\" href=\"backend.php\">\n";
    echo "<LINK REL=\"StyleSheet\" HREF=\"themes/$ThemeSel/style/style.css\" TYPE=\"text/css\">\n\n\n";
    if (file_exists("includes/custom_files/custom_head.php")) {
          include_once("includes/custom_files/custom_head.php");
    }
    echo "\n\n\n</head>\n\n";
    if (file_exists("includes/custom_files/custom_header.php")) {
          include_once("includes/custom_files/custom_header.php");
    }
    
    echo "\n\n\n</head>\n\n";

    themeheader();
}


online();
head();
include("includes/counter.php");
global $user_name, $home;
if ($home == 1) {
    message_box();
    blocks(Center);
}
//title("$sitename: $pagetitle - $MODE Page $PAGE");

if( $CONTENT )   					
	if (validate($user_name))			
		savePage($PAGE,$CONTENT); 	        

if( $DOCPOST )						 
	if (validate($user_name))		
		savePage($PAGE,$DOCPOST);        

if (! page_exists($PAGE)) 			       
	if ($MODE != "INDEX"&&$MODE != "SEARCH" && $MODE != "HISTORY")
		$MODE = "EDIT";				// Go into edit mode

if ($MODE == "EDIT"||$MODE == "DELETE")			// If $MODE is edit or delete
	if (! validate($user_name))			// Challenge for user and password
		$MODE = "SHOW";				// Change to show if they dont know login
if ($MODE == "DELETE"){					// If mode is delete (AUTH done above)
	deletepage($PAGE);				// Delete the page
	$PAGE = "$HOME";				// Set $PAGE to default
	$MODE = "SHOW";					// Set $MODE to show
}
if ($MODE == "REVERT") {
        revertpage($PAGE, $DATA);
        $MODE = "HISTORY";
        $DATA = "";
}
OpenTable();   

template($MODE,$PAGE,$DATA,$TPLT[$MODE],$SEARCH);	// Make replacements

CloseTable();   
include("footer.php"); 
//die();

/*
**  FUNCTIONS
*/

function isGuikiAdmin()
{
	global $user_name,$prefix,$db,$aid;
	$query = "select radminsuper from ".$prefix."_authors where aid='$aid'";
	//echo $query;

	$result = $db->sql_query($query,$dbi);
	if((list($radminsuper) = sql_fetch_array($result)) === FALSE)
		 return false;
	//echo $radminsuper;
	if($radminsuper)
		return true;
	
$row = $db->sql_fetchrow($db->sql_query("SELECT title, admins FROM ".$prefix."_modules WHERE title='Guiki'"));
$admins = explode(",", $row['admins']);

$auth_user = 0;

for ($i=0; $i < sizeof($admins); $i++) {
        if ($aid == $admins[$i] AND $admins[$i] != '') {
                $auth_user = 1;
        }
}

	return $auth_user;

	
	
	
	
	
	
}

function template($MODE,$PAGE,$DATA,$TEMPLATE,$SEARCH){
	$OUTPUT 		= implode( "", file($TEMPLATE) );
	if (page_exists($PAGE)){
		$CONTENT        = stripslashes(getpage($PAGE));
		$MODIFIED       = "Last Modified at ".date("H:i:s F d Y",pagemtime($PAGE))." by ".pagemuser($PAGE);
	}
	if ($MODE == "SEARCH") 
		$CONTENT	= findPage($SEARCH);
        if ($MODE == "INDEX") 
		$CONTENT	= indexPage(); 
        if ($MODE == "HISTORY")
                $CONTENT        = historypage($PAGE,$DATA);
	$OUTPUT	= str_replace("<!--MODIFIED-->"	,$MODIFIED		,$OUTPUT);
	$OUTPUT	= str_replace("<!--REVERT-->"	,showRevertLink()	,$OUTPUT);
	$OUTPUT	= str_replace("<!--CANCEL-->"	,showCancelLink()	,$OUTPUT);
	$OUTPUT	= str_replace("<!--EDIT-->"	,showEditLink($MODE, $PAGE)	,$OUTPUT);
      $OUTPUT     = str_replace("<!--HISTORY-->"  ,showHistoryLink($PAGE)      ,$OUTPUT);
      $OUTPUT	= str_replace("<!--INDEX-->"	,showIndexLink($PAGE)		,$OUTPUT);
	$OUTPUT	= str_replace("<!--DELETE-->"	,showDeleteLink()	,$OUTPUT);
	$OUTPUT	= str_replace("<!--PAGE-->"	,$PAGE			,$OUTPUT);
	$OUTPUT	= str_replace("<!--CONTENT-->"	,$CONTENT		,$OUTPUT);
	$OUTPUT	= str_replace("<!--TEMPLATE-->"	,dirname($TEMPLATE)	,$OUTPUT);
	if ($MODE == "SHOW") 
	{
		//$OUTPUT = preg_replace("/a href=/i","a target='_blank' href="),$OUTPUT); // now working popup all external links
		 //$OUTPUT = preg_replace("/{{(.*?)}}/e","recursepage('\\1')",$OUTPUT);
		 //$OUTPUT = preg_replace("/{{(.*?)}}/","\\1",$OUTPUT);
		//$searchstring[1] = '/{{(.*?)}}/e';
		//$searchstring[1] = '/\?\?(.*?)\?\?/e';
		//$searchstring[0] = '/\[\[(.*?)\]\]/e';
		//$replacestring[1] = 'recursepage("\\1")';
		//$replacestring[0] = 'writeLink("\\1")';
		$OUTPUT = preg_replace("/::(.*?)::/e","groupinfo('\\1')",$OUTPUT);
		$OUTPUT = preg_replace("/\[\[(.*?)\]\]/e","writeLink('\\1')",$OUTPUT);
		$OUTPUT = preg_replace("/\\\:\\\:(.*?)\\\:\\\:/","::\\1::",$OUTPUT);
	}
		//$OUTPUT = preg_replace($searchstring,$replacestring,$OUTPUT);
	writeHeaders();
	echo $OUTPUT;
}
function checkVars($DATA){
	 return preg_replace("/[\`|\.|\\|\/|<\?]/","",$DATA);
}
function findPage($SEARCH) {
	$output = "<ul>\n";
	foreach (getDataFiles() as $page) {
		
		//if (!preg_match("/.gif|.jpg|.png/i",$page)){
		if(!(strripos ($page, ".gif")|| strripos ($page, ".jpg")||strripos ($page, ".png"))){
			$current = getpage($page);
			if (preg_match("/$SEARCH/i",$current) )
				$output .= "<li>".writeLink($page)."</li>\n";
		}
	}
	$output .= "</ul>\n";
	return $output;
}
function validate($user){
    global $db, $prefix, $MAX_KARMA, $admin;
    if(isGuikiAdmin()) return true;
    $result = $db->sql_fetchrow($db->sql_query("SELECT karma FROM ".$prefix."_users WHERE username='$user'"));
    $karma = $result['karma'];
    if ($user != "" && $karma <= $MAX_KARMApwd) {
	return true;
    } else {
        return false;
    }
}
function showCancelLink(){
    global $module_name;
    return "<a href=\"modules.php?name=$module_name&amp;MODE=SHOW&PAGE=<!--PAGE-->\">Cancel</a>";
}
function showRevertLink(){
    global $module_name;
    return "<a href=\"modules.php?name=$module_name&amp;MODE=EDIT&PAGE=<!--PAGE-->\">Revert</font>";
}
function showDeleteLink(){
    global $module_name;
    return "<a href=\"modules.php?name=$module_name&amp;MODE=DELETE&PAGE=<!--PAGE-->\"><font color='red'>Delete</font></a>";
}
function showEditLink($MODE, $PAGE){
    global $module_name, $user_name;
    if ((validate($user_name)) && ( $MODE != "HISTORY" ) && ( $PAGE != "Index" )) {
        return "<a href=\"modules.php?name=$module_name&amp;MODE=EDIT&PAGE=<!--PAGE-->\">Edit</a>";
    }
}
function showIndexLink($PAGE){
    global $module_name;
    if ( $PAGE != "Index" ) 
       return "<a href=\"modules.php?name=$module_name&amp;MODE=INDEX&PAGE=Index\">Index</a>";
}

function showHistoryLink($PAGE){
    global $module_name, $user_name;
 if(validate($user_name)){
    if ($PAGE != "Index" )
       return "<a href=\"modules.php?name=$module_name&amp;MODE=HISTORY&PAGE=<!--PAGE-->\">History</a>";
    else
       return "<a href=\"modules.php?name=$module_name&amp;MODE=HISTORY&PAGE=<!--PAGE-->\">Recent Changes</a>";
    }
}

function savePage($PAGE,$CONTENT) {
    global $db, $prefix_guiki, $user_name;
    if (validate($user_name)) {
    $PAGE = addslashes($PAGE);
    $CONTENT = addslashes($CONTENT);
    if(page_exists($PAGE)){
       // Make a copy
       $query = "INSERT INTO ".$prefix_guiki."_history SELECT * FROM $prefix_guiki WHERE page = '$PAGE'";
       $db->sql_query($query);
	 //echo $query;
	 //$error = $db->sql_error();
	 //echo $error["message"];
       $db->sql_query("UPDATE $prefix_guiki SET content = '$CONTENT' WHERE page = '$PAGE'");
    }else{
    	$db->sql_query("INSERT INTO $prefix_guiki VALUES('$PAGE','$CONTENT',0,'')");
	//echo $query;
	//$error = $db->sql_error();
	//echo $error["message"];
    }
    //Update time
    $time=time();
    if($user_name=="")
    {
       $guser_name="Administrator";
    }else
    {
       $guser_name=$user_name;
    }
    $query = "UPDATE $prefix_guiki SET modtime = $time, editedby = '$guser_name' WHERE page = '$PAGE'";
    //echo $query;
    //$error = $db->sql_error();
    //echo $error["message"];
    $db->sql_query($query); 
    } else {
      echo "Illegal attempt to change wiki. Admin notified";
    }
}  

function revertpage($PAGE, $DATA) {
    global $db, $prefix_guiki, $user_name;
    if (validate($user_name)) {
       $PAGE = addslashes($PAGE);
       // Make a copy for history
       $query = "INSERT INTO ".$prefix_guiki."_history SELECT * FROM $prefix_guiki WHERE page = '$PAGE'";
       $db->sql_query($query);
       // Delete current page
       $query = "DELETE FROM $prefix_guiki WHERE page = '$PAGE'";
       $db->sql_query($query);
       // Copy page from history
       $query = "INSERT INTO ".$prefix_guiki." SELECT * FROM ".$prefix_guiki."_history WHERE page = '$PAGE' and modtime = '$DATA'";
       $db->sql_query($query);
       // Update edit time and user
       $time=time();
       $query = "UPDATE $prefix_guiki SET modtime = $time, editedby = '$user_name' WHERE page = '$PAGE'";
       $db->sql_query($query);
    } else {
      echo "Illegal attempt to change wiki. Admin notified";
    }
}


function writeHeaders() {
    header ("Expires: Mon, 26 Jul 1990 05:00:00 GMT");
    header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
    header ("Cache-Control: no-cache, must-revalidate");
    header ("Pragma: no-cache");
}
function getDataFiles() {
    global $db, $prefix_guiki;
    $pagelist = $db->sql_query("SELECT page FROM $prefix_guiki ORDER BY page");
    //Convert to array
    while( $pagename = $db->sql_fetchrow($pagelist)){
            $allpages[] = $pagename['page'];
    }           
    return $allpages;
}
function getpage($PAGE){
	global $db, $prefix_guiki;
	$PAGE = addslashes($PAGE); 
	$sqlrow = $db->sql_fetchrow($db->sql_query("SELECT content from $prefix_guiki WHERE page = '$PAGE'"));
	$content = $sqlrow['content'];
	if(substr($content,0,2) == "::")
	{
		$groupend = strpos($content,'::',2);
		$group = substr($content,2,$groupend - 2);
		if(checkgroup($group))
				$content = substr($content,$groupend+2);
		else
			return recursepage("access denied");
		
		
		
	}
	return $content;
}


function page_exists($PAGE){
	global $db, $prefix_guiki;
	$PAGE = addslashes($PAGE);
	return $db->sql_numrows($db->sql_query("SELECT page from $prefix_guiki WHERE page = '$PAGE'"));
}
function deletepage($PAGE){
	global $db, $prefix_guiki, $user_name,$admin;
        if (validate($user_name)&& is_admin($admin)) {
	$PAGE = addslashes($PAGE);
	$db->sql_query("DELETE FROM ".$prefix_guiki."_history WHERE page = '$PAGE'"); 
	return $db->sql_query("DELETE FROM $prefix_guiki WHERE page = '$PAGE'");
        } else {
          echo "Illegal attempt to delete page. Admins notified";
        }
}
function pagemtime($PAGE){
	global $db, $prefix_guiki;
	$PAGE = addslashes($PAGE);
	$sqlrow = $db->sql_fetchrow($db->sql_query("SELECT modtime from $prefix_guiki WHERE page = '$PAGE'"));
	return $sqlrow['modtime'];
}

function pagemuser($PAGE){
        global $db, $prefix_guiki;
        $PAGE = addslashes($PAGE);
        $sqlrow = $db->sql_fetchrow($db->sql_query("SELECT editedby from $prefix_guiki WHERE page = '$PAGE'"));
        return $sqlrow['editedby'];
}


function indexpage(){
	global $db, $prefix_guiki;
	$output = "<ul>\n";
	foreach(getDataFiles() as $page){
		$output .= "<li>".writeLink($page)."</li>\n";
	}
	$output .= "</ul>\n";
	return $output;
}

function historypage($PAGE,$DATA) {
    global $db, $prefix_guiki, $module_name;
    if ($PAGE == "Index"){
        $query = "SELECT page, modtime, editedby FROM ".$prefix_guiki."_history ORDER BY modtime ASC LIMIT 0,10";
	  $result = $db->sql_query($query);
        $output = "<table width=75% border=1>";
        $output .= "<tr><th>Date</th><th>Author</th><th>Page</th></tr>";
        while ($row = $db->sql_fetchrow($result))  {
            $output .= "<tr><td>".date("r", $row['modtime'])."</td><td>".$row['editedby']."</td><td>".$row["page"]."</td></tr>";
        }
        $output .= "</table>";
	  return $output;
    } else {
        $PAGE = addslashes($PAGE);
        $output = "<br>";
        if ( $DATA != "" ) {
           $output .= "<font color=red>History for $PAGE: ".date("r", $DATA)."</font><br>";
           $query = "SELECT content from ".$prefix_guiki."_history WHERE page = '$PAGE' AND modtime =' $DATA'";
           $sqlrow = $db->sql_fetchrow($db->sql_query($query));
           $output .= stripslashes($sqlrow['content']);
	   $output = preg_replace("/\[\[(.*?)\]\]/e","writeLink('\\1')",$output);

           $output .= "<br><hr><br>";
        }
        $output .= "<table width=75% border=1>";
        $output .= "<tr><th>Date</th><th>Author</th><th>Action</th></tr>";
        $query = "SELECT * FROM ".$prefix_guiki."_history WHERE page = '$PAGE' ORDER BY modtime DESC";
        $result = $db->sql_query($query);
        while ($row = $db->sql_fetchrow($result))  {
            $output .= "<tr><td>".date("r", $row['modtime'])."</td><td>".$row['editedby']."</td><td><a href=\"modules.php?name=$module_name&amp;MODE=HISTORY&PAGE=$PAGE&DATA=".$row['modtime']."\">view</a> <a href=\"modules.php?name=$module_name&amp;MODE=REVERT&PAGE=$PAGE&DATA=".$row['modtime']."\">revert</a> </td></tr>";
        }
        $output .= "</table>";
        return $output;
   }
}
 
function writeimage($something)
{
	global $module_name;
	$url = substr(strstr($something,"|"),1);
	if($url != ""){
	$image = substr($something,0,strpos($something,"|") - strlen($something));
	return "<a href=\"modules.php?name=$module_name&amp;MODE=SHOW&PAGE=$url\"><img alt=\"$url\" src=\"modules/$module_name/data/$image\"></a>";
	}
	else
		return "<img src=\"modules/$module_name/data/$something\">";

}


function writeLink($page) {
    global $module_name;

    if(substr($page,0,2) == "{{" && substr($page,strlen($page) -2, 2) == "}}")
	return recursepage(substr($page,2,strlen($page) - 4));
	if(substr($page,0,2) == "::")
	{
		$groupend = strpos($page,'::',2);
		$group = substr($page,2,$groupend - 2);
		if(checkgroup($group))
				$page = substr($page,$groupend+2);
		else
			return "<b>*".writeLink("access denied")."*</b>";
		
		
		
	}
    $imageext = substr($page,strpos($page,"."),4);
    if($imageext != "" && (strcasecmp($imageext,".jpg") == 0 || strcasecmp($imageext,".gif") == 0 || strcasecmp($imageext,".png") == 0) ){
	return writeimage($page);  //data is hardcoded this is BAD
    }

    $url = substr(strstr($page,"|"),1);
    if($url != "")
    {
    	$linktext = substr($page,0,strpos($page,"|") - strlen($page));
    	return "<a href=\"modules.php?name=$module_name&amp;MODE=SHOW&PAGE=$url\">$linktext</a>";
	}
    else
    {
    	return "<a href=\"modules.php?name=$module_name&amp;MODE=SHOW&PAGE=$page\">$page</a>";
    }
}
function recursepage($PAGE)
{
$CONTENT = "";
if (page_exists($PAGE)){
$CONTENT        = stripslashes(getpage($PAGE));
$CONTENT = preg_replace("/\[\[(.*?)\]\]/e","writeLink('\\1')",$CONTENT);
}


return $CONTENT;

	
}


function checkgroup($group)
{
	global $db,$prefix,$user_id;
	
	if(isGuikiAdmin())
		return true;
	
	$query = "select group_id, group_moderator from  ".$prefix."_bbgroups where group_name = '$group'";
	//echo $query;
	$result = $db->sql_query($query, $dbi);
	if(sql_num_rows($result))
		$line = sql_fetch_array($result);
	else
		return false;
		
	//echo "group mod: $line[group_moderator] user_id: $user_id";
	if($line['group_moderator'] == $user_id)
		return true;
	
	$query = "select group_id from ".$prefix."_bbuser_group where group_id='$line[group_id]' and user_id = '$user_id'";
	$result = $db->sql_query($query,$dbi);
	if(sql_num_rows($result))
		return true;

	return false;
	

}

function groupinfo($data)
{
	$groupend = strpos($data,"|");
	$group = substr($data,0,$groupend);
	
	$data = substr($data,$groupend+1);
	if(checkgroup($group))
		return $data;
	else
		return "<b>*".writeLink("access denied")."*</b>";
}
?>
Return current item: VampMan: V:tR Character Manager