16b13307fSandi<?php 26b13307fSandi/** 36b13307fSandi * DokuWiki Actions 46b13307fSandi * 56b13307fSandi * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 66b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 76b13307fSandi */ 86b13307fSandi 96b13307fSandi if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../').'/'); 106b13307fSandi require_once(DOKU_INC.'inc/template.php'); 116b13307fSandi 12af182434Sandi 136b13307fSandi/** 146b13307fSandi * Call the needed action handlers 156b13307fSandi * 166b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 176b13307fSandi */ 186b13307fSandifunction act_dispatch(){ 196b13307fSandi global $INFO; 206b13307fSandi global $ACT; 216b13307fSandi global $ID; 226b13307fSandi global $QUERY; 236b13307fSandi global $lang; 246b13307fSandi global $conf; 256b13307fSandi 26c2e830f2Schris // give plugins an opportunity to process the action 27c2e830f2Schris $evt = new event('ACTION_DISPATCH',$ACT); 28c2e830f2Schris $evt->trigger(); 29c2e830f2Schris if ($evt->_default) { 30c2e830f2Schris 31af182434Sandi //sanitize $ACT 32af182434Sandi $ACT = act_clean($ACT); 33af182434Sandi 34b8957367SBenjamin Gilbert //check if searchword was given - else just show 350868021bSAndreas Gohr $s = cleanID($QUERY); 360868021bSAndreas Gohr if($ACT == 'search' && empty($s)){ 37b8957367SBenjamin Gilbert $ACT = 'show'; 38b8957367SBenjamin Gilbert } 39b8957367SBenjamin Gilbert 40b8957367SBenjamin Gilbert //login stuff 41b8957367SBenjamin Gilbert if(in_array($ACT,array('login','logout'))) 42b8957367SBenjamin Gilbert $ACT = act_auth($ACT); 43b8957367SBenjamin Gilbert 441380fc45SAndreas Gohr //check if user is asking to (un)subscribe a page 451380fc45SAndreas Gohr if($ACT == 'subscribe' || $ACT == 'unsubscribe') 461380fc45SAndreas Gohr $ACT = act_subscription($ACT); 47b158d625SSteven Danz 486b13307fSandi //check permissions 496b13307fSandi $ACT = act_permcheck($ACT); 506b13307fSandi 51b8957367SBenjamin Gilbert //register 52b8957367SBenjamin Gilbert if($ACT == 'register' && register()){ 53b8957367SBenjamin Gilbert $ACT = 'login'; 54b8957367SBenjamin Gilbert } 556b13307fSandi 568b06d178Schris if ($ACT == 'resendpwd' && act_resendpwd()) { 578b06d178Schris $ACT = 'login'; 588b06d178Schris } 598b06d178Schris 608b06d178Schris //update user profile 618b06d178Schris if (($ACT == 'profile') && updateprofile()) { 624cb79657SMatthias Grimm msg($lang['profchanged'],1); 634cb79657SMatthias Grimm $ACT = 'show'; 648b06d178Schris } 658b06d178Schris 666b13307fSandi //save 676b13307fSandi if($ACT == 'save') 686b13307fSandi $ACT = act_save($ACT); 696b13307fSandi 70ee4c4a1bSAndreas Gohr //draft deletion 71ee4c4a1bSAndreas Gohr if($ACT == 'draftdel') 72ee4c4a1bSAndreas Gohr $ACT = act_draftdel($ACT); 73ee4c4a1bSAndreas Gohr 74ee4c4a1bSAndreas Gohr //draft saving on preview 75ee4c4a1bSAndreas Gohr if($ACT == 'preview') 76ee4c4a1bSAndreas Gohr $ACT = act_draftsave($ACT); 77ee4c4a1bSAndreas Gohr 786b13307fSandi //edit 79b146b32bSandi if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){ 80af182434Sandi $ACT = act_edit($ACT); 816b13307fSandi }else{ 826b13307fSandi unlock($ID); //try to unlock 836b13307fSandi } 846b13307fSandi 856b13307fSandi //handle export 86ac83b9d8Sandi if(substr($ACT,0,7) == 'export_') 876b13307fSandi $ACT = act_export($ACT); 886b13307fSandi 896b13307fSandi //display some infos 906b13307fSandi if($ACT == 'check'){ 916b13307fSandi check(); 926b13307fSandi $ACT = 'show'; 936b13307fSandi } 946b13307fSandi 95c19fe9c0Sandi //handle admin tasks 96c19fe9c0Sandi if($ACT == 'admin'){ 9711e2ce22Schris // retrieve admin plugin name from $_REQUEST['page'] 9811e2ce22Schris if ($_REQUEST['page']) { 9911e2ce22Schris $pluginlist = plugin_list('admin'); 10011e2ce22Schris if (in_array($_REQUEST['page'], $pluginlist)) { 10111e2ce22Schris // attempt to load the plugin 10211e2ce22Schris if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== NULL) 10311e2ce22Schris $plugin->handle(); 10411e2ce22Schris } 10511e2ce22Schris } 106c19fe9c0Sandi } 107c19fe9c0Sandi } 108c19fe9c0Sandi 1096b13307fSandi //call template FIXME: all needed vars available? 110*f63a2007Schris $headers[] = 'Content-Type: text/html; charset=utf-8'; 111*f63a2007Schris $evt = new event('SEND_HEADERS',$headers,act_sendheaders); 112*f63a2007Schris $evt->trigger(); 113*f63a2007Schris 1145a892029SAndreas Gohr include(template('main.php')); 115c19fe9c0Sandi // output for the commands is now handled in inc/templates.php 116c19fe9c0Sandi // in function tpl_content() 1176b13307fSandi} 1186b13307fSandi 119*f63a2007Schrisfunction act_sendheaders($headers) { 120*f63a2007Schris foreach ($headers as $hdr) header($hdr); 121*f63a2007Schris} 122*f63a2007Schris 1236b13307fSandi/** 124af182434Sandi * Sanitize the action command 125af182434Sandi * 126af182434Sandi * Add all allowed commands here. 127af182434Sandi * 128af182434Sandi * @author Andreas Gohr <andi@splitbrain.org> 129af182434Sandi */ 130af182434Sandifunction act_clean($act){ 131af182434Sandi global $lang; 13260e6b550SAndreas Gohr global $conf; 133af182434Sandi 134ee4c4a1bSAndreas Gohr // check if the action was given as array key 135ee4c4a1bSAndreas Gohr if(is_array($act)){ 136ee4c4a1bSAndreas Gohr list($act) = array_keys($act); 137ee4c4a1bSAndreas Gohr } 138ee4c4a1bSAndreas Gohr 139cf81b04aSandi //handle localized buttons 140cf81b04aSandi if($act == $lang['btn_save']) $act = 'save'; 141cf81b04aSandi if($act == $lang['btn_preview']) $act = 'preview'; 142cf81b04aSandi if($act == $lang['btn_cancel']) $act = 'show'; 143ee4c4a1bSAndreas Gohr if($act == $lang['btn_recover']) $act = 'recover'; 144ee4c4a1bSAndreas Gohr if($act == $lang['btn_draftdel']) $act = 'draftdel'; 145ee4c4a1bSAndreas Gohr 146cf81b04aSandi 147ac83b9d8Sandi //remove all bad chars 148ac83b9d8Sandi $act = strtolower($act); 149ac83b9d8Sandi $act = preg_replace('/[^a-z_]+/','',$act); 150ac83b9d8Sandi 151ac83b9d8Sandi if($act == 'export_html') $act = 'export_xhtml'; 152cc2ae802SAndreas Gohr if($act == 'export_htmlbody') $act = 'export_xhtmlbody'; 153b146b32bSandi 15460e6b550SAndreas Gohr //disable all acl related commands if ACL is disabled 15560e6b550SAndreas Gohr if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin', 15660e6b550SAndreas Gohr 'subscribe','unsubscribe','profile', 15760e6b550SAndreas Gohr 'resendpwd',))){ 15860e6b550SAndreas Gohr msg('Command unavailable: '.htmlspecialchars($act),-1); 15960e6b550SAndreas Gohr return 'show'; 16060e6b550SAndreas Gohr } 16160e6b550SAndreas Gohr 162ee4c4a1bSAndreas Gohr if(!in_array($act,array('login','logout','register','save','edit','draft', 163ac83b9d8Sandi 'preview','search','show','check','index','revisions', 1641380fc45SAndreas Gohr 'diff','recent','backlink','admin','subscribe', 165ee4c4a1bSAndreas Gohr 'unsubscribe','profile','resendpwd','recover', 166ee4c4a1bSAndreas Gohr 'draftdel',)) && substr($act,0,7) != 'export_' ) { 167ee4c4a1bSAndreas Gohr msg('Command unknown: '.htmlspecialchars($act),-1); 168af182434Sandi return 'show'; 169af182434Sandi } 170af182434Sandi return $act; 171af182434Sandi} 172af182434Sandi 173af182434Sandi/** 1746b13307fSandi * Run permissionchecks 1756b13307fSandi * 1766b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 1776b13307fSandi */ 1786b13307fSandifunction act_permcheck($act){ 179dbbc6aa7Sandi global $INFO; 1805e199953Smatthiasgrimm global $conf; 181dbbc6aa7Sandi 182ee4c4a1bSAndreas Gohr if(in_array($act,array('save','preview','edit','recover'))){ 1836b13307fSandi if($INFO['exists']){ 184bdbc16bfSandi if($act == 'edit'){ 185bdbc16bfSandi //the edit function will check again and do a source show 186bdbc16bfSandi //when no AUTH_EDIT available 187bdbc16bfSandi $permneed = AUTH_READ; 188bdbc16bfSandi }else{ 1896b13307fSandi $permneed = AUTH_EDIT; 190bdbc16bfSandi } 1916b13307fSandi }else{ 1926b13307fSandi $permneed = AUTH_CREATE; 1936b13307fSandi } 1948b06d178Schris }elseif(in_array($act,array('login','search','recent','profile'))){ 1956b13307fSandi $permneed = AUTH_NONE; 1965e199953Smatthiasgrimm }elseif($act == 'register'){ 197e1fcbe1eSandi if ($conf['openregister']){ 1985e199953Smatthiasgrimm $permneed = AUTH_NONE; 199e1fcbe1eSandi }else{ 200e1fcbe1eSandi $permneed = AUTH_ADMIN; 201e1fcbe1eSandi } 202c19fe9c0Sandi }elseif($act == 'admin'){ 203c19fe9c0Sandi $permneed = AUTH_ADMIN; 2046b13307fSandi }else{ 2056b13307fSandi $permneed = AUTH_READ; 2066b13307fSandi } 207dbbc6aa7Sandi if($INFO['perm'] >= $permneed) return $act; 208dbbc6aa7Sandi 2096b13307fSandi return 'denied'; 2106b13307fSandi} 2116b13307fSandi 2126b13307fSandi/** 213ee4c4a1bSAndreas Gohr * Handle 'draftdel' 214ee4c4a1bSAndreas Gohr * 215ee4c4a1bSAndreas Gohr * Deletes the draft for the current page and user 216ee4c4a1bSAndreas Gohr */ 217ee4c4a1bSAndreas Gohrfunction act_draftdel($act){ 218ee4c4a1bSAndreas Gohr global $INFO; 219ee4c4a1bSAndreas Gohr @unlink($INFO['draft']); 220ee4c4a1bSAndreas Gohr $INFO['draft'] = null; 221ee4c4a1bSAndreas Gohr return 'show'; 222ee4c4a1bSAndreas Gohr} 223ee4c4a1bSAndreas Gohr 224ee4c4a1bSAndreas Gohr/** 225ee4c4a1bSAndreas Gohr * Saves a draft on preview 226ee4c4a1bSAndreas Gohr * 227ee4c4a1bSAndreas Gohr * @todo this currently duplicates code from ajax.php :-/ 228ee4c4a1bSAndreas Gohr */ 229ee4c4a1bSAndreas Gohrfunction act_draftsave($act){ 230ee4c4a1bSAndreas Gohr global $INFO; 231ee4c4a1bSAndreas Gohr global $ID; 232ee4c4a1bSAndreas Gohr global $conf; 233ee4c4a1bSAndreas Gohr if($conf['usedraft'] && $_POST['wikitext']){ 234ee4c4a1bSAndreas Gohr $draft = array('id' => $ID, 235ee4c4a1bSAndreas Gohr 'prefix' => $_POST['prefix'], 236ee4c4a1bSAndreas Gohr 'text' => $_POST['wikitext'], 237ee4c4a1bSAndreas Gohr 'suffix' => $_POST['suffix'], 238ee4c4a1bSAndreas Gohr 'date' => $_POST['date'], 239ee4c4a1bSAndreas Gohr 'client' => $INFO['client'], 240ee4c4a1bSAndreas Gohr ); 241ee4c4a1bSAndreas Gohr $cname = getCacheName($draft['client'].$ID,'.draft'); 242ee4c4a1bSAndreas Gohr if(io_saveFile($cname,serialize($draft))){ 243ee4c4a1bSAndreas Gohr $INFO['draft'] = $cname; 244ee4c4a1bSAndreas Gohr } 245ee4c4a1bSAndreas Gohr } 246ee4c4a1bSAndreas Gohr return $act; 247ee4c4a1bSAndreas Gohr} 248ee4c4a1bSAndreas Gohr 249ee4c4a1bSAndreas Gohr/** 2506b13307fSandi * Handle 'save' 2516b13307fSandi * 2526b13307fSandi * Checks for spam and conflicts and saves the page. 2536b13307fSandi * Does a redirect to show the page afterwards or 2546b13307fSandi * returns a new action. 2556b13307fSandi * 2566b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 2576b13307fSandi */ 2586b13307fSandifunction act_save($act){ 2596b13307fSandi global $ID; 2606b13307fSandi global $DATE; 2616b13307fSandi global $PRE; 2626b13307fSandi global $TEXT; 2636b13307fSandi global $SUF; 2646b13307fSandi global $SUM; 2656b13307fSandi 2666b13307fSandi //spam check 2676b13307fSandi if(checkwordblock()) 2686b13307fSandi return 'wordblock'; 2696b13307fSandi //conflict check //FIXME use INFO 2706b13307fSandi if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE ) 2716b13307fSandi return 'conflict'; 2726b13307fSandi 2736b13307fSandi //save it 274b6912aeaSAndreas Gohr saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con 2756b13307fSandi //unlock it 2766b13307fSandi unlock($ID); 2776b13307fSandi 278ee4c4a1bSAndreas Gohr //delete draft 279ee4c4a1bSAndreas Gohr act_draftdel($act); 280ee4c4a1bSAndreas Gohr 2816b13307fSandi //show it 2826b13307fSandi session_write_close(); 2836b13307fSandi header("Location: ".wl($ID,'',true)); 2846b13307fSandi exit(); 2856b13307fSandi} 2866b13307fSandi 2876b13307fSandi/** 288b8957367SBenjamin Gilbert * Handle 'login', 'logout' 2896b13307fSandi * 2906b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 2916b13307fSandi */ 2926b13307fSandifunction act_auth($act){ 29308eda5bcSmatthiasgrimm global $ID; 2947cace34dSAndreas Gohr global $INFO; 29508eda5bcSmatthiasgrimm 2966b13307fSandi //already logged in? 2976b13307fSandi if($_SERVER['REMOTE_USER'] && $act=='login') 2986b13307fSandi return 'show'; 2996b13307fSandi 3006b13307fSandi //handle logout 3016b13307fSandi if($act=='logout'){ 30208eda5bcSmatthiasgrimm $lockedby = checklock($ID); //page still locked? 303424c3c4fSJohannes Buchner if($lockedby == $_SERVER['REMOTE_USER']) 30408eda5bcSmatthiasgrimm unlock($ID); //try to unlock 30508eda5bcSmatthiasgrimm 3067cace34dSAndreas Gohr // do the logout stuff 3076b13307fSandi auth_logoff(); 3087cace34dSAndreas Gohr 3097cace34dSAndreas Gohr // rebuild info array 3107cace34dSAndreas Gohr $INFO = pageinfo(); 3117cace34dSAndreas Gohr 3126b13307fSandi return 'login'; 3136b13307fSandi } 3146b13307fSandi 3156b13307fSandi return $act; 3166b13307fSandi} 3176b13307fSandi 3186b13307fSandi/** 3196b13307fSandi * Handle 'edit', 'preview' 3206b13307fSandi * 3216b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 3226b13307fSandi */ 3236b13307fSandifunction act_edit($act){ 324cd409024Sjorda global $ID; 325ee4c4a1bSAndreas Gohr global $INFO; 326cd409024Sjorda 3276b13307fSandi //check if locked by anyone - if not lock for my self 3286b13307fSandi $lockedby = checklock($ID); 3296b13307fSandi if($lockedby) return 'locked'; 3306b13307fSandi 3316b13307fSandi lock($ID); 3326b13307fSandi return $act; 3336b13307fSandi} 3346b13307fSandi 3356b13307fSandi/** 3366b13307fSandi * Handle 'edit', 'preview' 3376b13307fSandi * 3386b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 3396b13307fSandi */ 3406b13307fSandifunction act_export($act){ 3416b13307fSandi global $ID; 3426b13307fSandi global $REV; 3436b13307fSandi 344ac83b9d8Sandi // no renderer for this 345ac83b9d8Sandi if($act == 'export_raw'){ 346ac83b9d8Sandi header('Content-Type: text/plain; charset=utf-8'); 347ac83b9d8Sandi print rawWiki($ID,$REV); 348ac83b9d8Sandi exit; 349ac83b9d8Sandi } 350ac83b9d8Sandi 351ac83b9d8Sandi // html export #FIXME what about the template's style? 352ac83b9d8Sandi if($act == 'export_xhtml'){ 35385f8705cSAnika Henke global $conf; 35485f8705cSAnika Henke global $lang; 3556b13307fSandi header('Content-Type: text/html; charset=utf-8'); 35685f8705cSAnika Henke ptln('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"'); 35785f8705cSAnika Henke ptln(' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'); 35885f8705cSAnika Henke ptln('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$conf['lang'].'"'); 35985f8705cSAnika Henke ptln(' lang="'.$conf['lang'].'" dir="'.$lang['direction'].'">'); 3606b13307fSandi ptln('<head>'); 36185f8705cSAnika Henke ptln(' <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'); 36285f8705cSAnika Henke ptln(' <title>'.$ID.'</title>'); 3636b13307fSandi tpl_metaheaders(); 3646b13307fSandi ptln('</head>'); 3656b13307fSandi ptln('<body>'); 3662c5c3308SAndreas Gohr ptln('<div class="dokuwiki export">'); 367ac83b9d8Sandi print p_wiki_xhtml($ID,$REV,false); 368c771e9edSAnika Henke ptln('</div>'); 3696b13307fSandi ptln('</body>'); 3706b13307fSandi ptln('</html>'); 3716b13307fSandi exit; 3726b13307fSandi } 3736b13307fSandi 374cc2ae802SAndreas Gohr // html body only 375cc2ae802SAndreas Gohr if($act == 'export_xhtmlbody'){ 376cc2ae802SAndreas Gohr print p_wiki_xhtml($ID,$REV,false); 377cc2ae802SAndreas Gohr exit; 378cc2ae802SAndreas Gohr } 379cc2ae802SAndreas Gohr 380ac83b9d8Sandi // try to run renderer #FIXME use cached instructions 381ac83b9d8Sandi $mode = substr($act,7); 3829dc2c2afSandi $text = p_render($mode,p_get_instructions(rawWiki($ID,$REV)),$info); 383ac83b9d8Sandi if(!is_null($text)){ 384ac83b9d8Sandi print $text; 3856b13307fSandi exit; 3866b13307fSandi } 3876b13307fSandi 388ac83b9d8Sandi 389ac83b9d8Sandi 3906b13307fSandi return 'show'; 3916b13307fSandi} 392340756e4Sandi 393b158d625SSteven Danz/** 3941380fc45SAndreas Gohr * Handle 'subscribe', 'unsubscribe' 395b158d625SSteven Danz * 396b158d625SSteven Danz * @author Steven Danz <steven-danz@kc.rr.com> 3971380fc45SAndreas Gohr * @todo localize 398b158d625SSteven Danz */ 3991380fc45SAndreas Gohrfunction act_subscription($act){ 400b158d625SSteven Danz global $ID; 401b158d625SSteven Danz global $INFO; 402f9eb5648Ssteven-danz global $lang; 403b158d625SSteven Danz 4041380fc45SAndreas Gohr $file=metaFN($ID,'.mlist'); 4051380fc45SAndreas Gohr if ($act=='subscribe' && !$INFO['subscribed']){ 406b158d625SSteven Danz if ($INFO['userinfo']['mail']){ 4071380fc45SAndreas Gohr if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) { 4081380fc45SAndreas Gohr $INFO['subscribed'] = true; 409f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 410b158d625SSteven Danz } else { 411f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 412b158d625SSteven Danz } 413b158d625SSteven Danz } else { 414f9eb5648Ssteven-danz msg($lang['subscribe_noaddress']); 415b158d625SSteven Danz } 4161380fc45SAndreas Gohr } elseif ($act=='unsubscribe' && $INFO['subscribed']){ 417b158d625SSteven Danz if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) { 4181380fc45SAndreas Gohr $INFO['subscribed'] = false; 419f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 420b158d625SSteven Danz } else { 421f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 422b158d625SSteven Danz } 423b158d625SSteven Danz } 424b158d625SSteven Danz 425b158d625SSteven Danz return 'show'; 426b158d625SSteven Danz} 427b158d625SSteven Danz 428340756e4Sandi//Setup VIM: ex: et ts=2 enc=utf-8 :