if ($root->{auth} && &isAdmin) {
my $action = $query->{action} || 'index';
if ($action eq 'index') {
$root->{content} = "Admin Center
\n\n"
. "This is the admin center, where you can administer "
. "your website. Click one of the links below to continue.\n\n"
. "Site Configuration\n"
. "
\n"
. "Content Management\n"
. "\n";
}
elsif ($action eq 'config') {
my $cs = $root->{conf}->{site};
my $cp = $root->{conf}->{powers};
my $cm = $root->{conf}->{mail};
my $cu = $root->{conf}->{users};
my $cc = $root->{conf}->{cookies};
my $ckOpenReg = ($cu->{allowregister} ? " checked" : "");
my $selSMTP = ($cm->{method} =~ /smtp/i ? " selected" : "");
my $selMail = ($cm->{method} =~ /sendmail/i ? " selected" : "");
$root->{content} = "Core Site Configuration
\n\n"
. "\n"
. "\n";
}
elsif ($action eq 'writeconfig') {
# Copy the time zone.
$query->{'site-timezone'} = $query->{timezone};
my $changed = {};
# Fix checkboxes.
$query->{'users-allowregister'} = $query->{'users-allowregister'} eq 'checked' ? 1 : 0;
# Copy all the config fields.
foreach my $key (keys %{$query}) {
if ($key =~ /\-/) {
my ($section,$var) = split(/\-/, $key, 2);
next unless $section =~ /^(site|powers|mail|users|cookies)$/;
$root->{conf}->{$section}->{$var} = $query->{$key};
if (!exists $changed->{$section}) {
$changed->{$section} = [];
}
push (@{$changed->{$section}}, "$var=$query->{$key}");
}
}
# Write the configuration.
&writeConfig('site.conf',$root->{conf});
$root->{content} = "Configuration Saved
\n\n"
. "The site configuration has been updated successfully. Details:\n\n"
. "
Wrote: $root->{base}/conf/site.conf\n\n"
. "Fields Changed/Written:\n";
foreach my $section (sort { $a cmp $b } keys %{$changed}) {
$root->{content} .= "\n[$section]\n"
. (join("\n", sort { $a cmp $b } @{$changed->{$section}}))
. "\n";
}
$root->{content} .= "
\n";
}
elsif ($action eq 'users') {
# Get a list of all registered users.
opendir (DIR, "$root->{base}/users");
foreach my $file (sort(grep(/\.txt$/i, readdir(DIR)))) {
$file =~ s/\.txt$//i;
&readUser($file);
}
closedir (DIR);
$root->{content} = "Manage User Accounts
\n\n"
. "Use these pages to add, delete, and modify user accounts.\n\n"
. "\n"
. "Registered Users
\n\n"
. "\n"
. "\n"
. "\n"
. "Username\n"
. " | \n"
. "\n"
. "Real Name\n"
. " | \n"
. "\n"
. "Power\n"
. " | \n"
. "\n"
. "Groups\n"
. " | \n"
. "\n"
. "Passsword\n"
. " | \n"
. "\n"
. "Delete\n"
. " | \n"
. "
\n";
foreach my $usr (sort { $a cmp $b } keys %{$root->{users}}) {
my @grps = split(/\,/, $root->{users}->{$usr}->{group});
$root->{content} .= "\n"
. "\n"
. "$usr\n"
. " | \n"
. "\n"
. "$root->{users}->{$usr}->{name} \n"
. " | \n"
. "\n"
. ""
. "$root->{conf}->{powers}->{$root->{users}->{$usr}->{power}}\n"
. " | \n"
. "\n"
. ""
. (join(", ",@grps)) . "\n"
. " | \n"
. "\n"
. ""
. "Change\n"
. " | \n"
. "\n"
. ""
. "Delete\n"
. " | \n"
. "
\n";
}
$root->{content} .= "
";
}
elsif ($action eq 'edituser') {
my $method = $query->{method} || '';
my $user = $query->{user} || '';
if ($method !~ /^(power|group|passwd|delete)$/i) {
$root->{content} = "Unknown Method
\n\n"
. "Go back to the admin center and try again.";
}
else {
if ($method eq 'power') {
$root->{content} = "Change User Position
\n\n"
. "Use this page to modify a user's position, for example to "
. "give them moderator rights or ban them.\n\n";
}
elsif ($method eq 'group') {
$root->{content} = "
Change User Groups
\n\n"
. "Use this page to modify what groups a user belongs to. "
. "Separate multiple group names with a comma. Spaces will "
. "be ignored. Group names cannot contain spaces.\n\n";
}
elsif ($method eq 'passwd') {
$root->{content} = "
Reset User Password
\n\n"
. "Use this page to reset a user's password. You do not need "
. "to know their original password to reset it here.\n\n";
}
elsif ($method eq 'delete') {
$root->{content} = "
Delete User Account
\n\n"
. "Use this page to remove a user account. This can "
. "NOT be reversed!\n\n";
}
$root->{content} .= "
";
}
}
elsif ($action eq 'usermod') {
my $method = $query->{method} || '';
if ($method !~ /^(power|group|passwd|delete)$/i) {
$root->{content} = "Unknown Method
\n\n"
. "Go back to the admin center and try again.";
}
else {
if ($method eq 'power') {
my $user = $query->{user};
$user = &normalize($user);
my $power = $query->{power};
$power = 'user' unless $power =~ /^(admin|mod|user|banned)$/i;
if (&userExists($user)) {
&readUser($user);
$root->{users}->{$user}->{power} = $power;
&writeUser($user,%{$root->{users}->{$user}});
$root->{content} = "User Modified
\n\n"
. "The user $user has been given "
. "$power ($root->{conf}->{powers}->{$power}) "
. "status.\n\n"
. "Return to Admin Center";
}
else {
$root->{content} = "
Unknown User
\n\n"
. "The user $user was not found.";
}
}
elsif ($method eq 'group') {
my $user = $query->{user};
$user = &normalize($user);
my $group = $query->{group};
$group =~ s/\s+//g;
$group = 'everybody' unless $group =~ /everybody/i;
if (&userExists($user)) {
&readUser($user);
$root->{users}->{$user}->{group} = $group;
&writeUser($user, %{$root->{users}->{$user}});
$root->{content} = "User Modified
\n\n"
. "The user $user's groups have been changed."
. "\n\n"
. "Return to Admin Center";
}
else {
$root->{content} = "
Unknown User
\n\n"
. "The user $user was not found.";
}
}
elsif ($method eq 'passwd') {
my $user = $query->{user};
$user = &normalize($user);
my $pass = md5_hex ($query->{pass});
if (&userExists($user)) {
&readUser($user);
$root->{users}->{$user}->{password} = $pass;
&writeUser($user,%{$root->{users}->{$user}});
$root->{content} = "User Modified
\n\n"
. "The user $user has had their password "
. "modified successfully.\n\n"
. "Return to Admin Center";
}
else {
$root->{content} = "
Unknown User
\n\n"
. "The user $user was not found.";
}
}
elsif ($method eq 'delete') {
my $user = $query->{user};
$user = &normalize($user);
my $verify = $query->{verify};
if (&userExists($user) && $verify eq 'delete') {
&deleteUser($user);
$root->{content} = "User Deleted
\n\n"
. "The user $user has been deleted.\n\n"
. "Return to Admin Center";
}
else {
$root->{content} = "
Operation Failed
\n\n"
. "The user $user was not found, or "
. "the verification on the request has failed.";
}
}
}
}
elsif ($action eq 'pages') {
$root->{content} = "Manage Pages
\n\n"
. "Use this page to create, modify, and delete pages on your site.\n\n"
. "Create New Page
\n\n"
. "
Your Webpages
\n\n"
. "\n"
. "\n"
. "\n"
. "Page\n"
. " | \n"
. "\n"
. "Title\n"
. " | \n"
. "\n"
. "Actions\n"
. " | \n"
. "
\n";
opendir (DIR, "$root->{base}/pages");
foreach my $txt (sort(grep(/\.txt$/i, readdir(DIR)))) {
open (READ, "$root->{base}/pages/$txt");
my @data = ;
close (READ);
chomp @data;
my $page = $txt;
$page =~ s/\.txt$//i;
my $title = '[untitled]';
foreach my $line (@data) {
if ($line =~ /^title:(.+?)$/i) {
$title = $1;
$title =~ s/^\s+//ig;
$title =~ s/\s+$//ig;
last;
}
}
# Add a verification salt for deleting pages.
my $salt = md5_hex($page . $root->{me} . $root->{users}->{$root->{me}}->{password});
$root->{content} .= "\n"
. "\n"
. "$page\n"
. " | \n"
. "\n"
. "$title\n"
. " | \n"
. "\n"
. "[edit|"
. "delete]\n"
. " | \n"
. "
\n";
}
closedir (DIR);
$root->{content} .= "
\n\n"
. "\n";
}
elsif ($action eq 'write') {
my $page = $query->{page} || '';
my @headers = ('Title: New Webpage');
my @body = ();
if (length $page > 0) {
if (-f "$root->{base}/pages/$page\.txt") {
@headers = ();
open (READ, "$root->{base}/pages/$page\.txt");
my @data = ;
close (READ);
chomp @data;
my $inHead = 1;
foreach my $line (@data) {
if (length $line == 0) {
$inHead = 0;
next;
}
if ($inHead) {
push(@headers,$line);
}
else {
push(@body,$line);
}
}
}
}
# Join things and run filters.
my $txtHead = join("\n",@headers);
my $txtBody = join("\n",@body);
$txtHead =~ s~<~<~ig;
$txtHead =~ s~>~>~ig;
$txtBody =~ s~<~<~ig;
$txtBody =~ s~>~>~ig;
$root->{content} = "Page Editor
\n\n"
. "\n";
}
elsif ($action eq 'save') {
my $page = $query->{file} || '';
my $headers = $query->{headers} || '';
my $body = $query->{body} || '';
if (length $headers == 0) {
$headers = 'Title: Untitled Document';
}
if (length $body == 0) {
$body = '
';
}
if (length $page == 0) {
$page = 'untitled';
}
# Write the page.
&capture("$root->{base}/pages/$page\.txt");
open (WRITE, ">$root->{base}/pages/$page\.txt");
print WRITE $headers . "\n\n" . $body;
close (WRITE);
&release("$root->{base}/pages/$page\.txt");
$root->{content} = "Page Written
\n\n"
. "The page at $root->{base}/pages/$page\.txt has been written. "
. "View this page.";
}
elsif ($action eq 'delpage') {
my $page = $query->{page} || '';
my $salt = $query->{verify} || '';
my $denied = 0;
if (!-f "$root->{base}/pages/$page\.txt") {
$denied = 1;
}
# Verify the salt.
my $verify = md5_hex($page . $root->{me} . $root->{users}->{$root->{me}}->{password});
if ($verify ne $salt) {
$denied = 1;
}
if ($denied == 1) {
$root->{content} = "Page NOT Deleted
\n\n"
. "The page was not deleted because it didn't exist or "
. "because the verification salt was invalid.";
}
else {
# Create a backup, just in case.
my $stamp = time();
use File::Copy;
copy ("$root->{base}/pages/$page\.txt","$root->{base}/pages/$page\.$stamp");
# Delete it.
unlink ("$root->{base}/pages/$page\.txt");
$root->{content} = "Page Deleted
\n\n"
. "The page \"$page\" was deleted successfully.";
}
}
}