Extension:RPED/RPEDAPIReader.php

From MediaWiki.org
Jump to: navigation, search

RPEDAPIReader.php[edit | edit source]

<?php
/**
 * Remote Page Existence Detection (RPED) API extension by Tisane
 * URL: http://www.mediawiki.org/wiki/Extension:RemotePageExistenceDetection
 *
 * This program is free software. You can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version. You can also redistribute it and/or
 * modify it under the terms of the Creative Commons Attribution 3.0 license.
 *
 * This file gets parameters from a URL and parses them into records to be added or deleted from
 * the page title table in the database.
 *
 */
$url=urldecode  ($_SERVER['QUERY_STRING']);
//global $wgRRAnonOnly, $wgUser,$wgOut,$wgDBserver,$wgDBuser,$wgDBpassword;
$yourHost='localhost';
$yourUsername='wikiuser2';
$yourPassword='password';
$con = mysql_connect($yourHost,$yourUsername,$yourPassword);
if (!$con){
	die('Could not connect: ' . mysql_error());
}
mysql_select_db("page_title_db", $con);
//echo($url);
$myInputNum=0;
$myInput[0]='';
for ($count=0; $count<strlen($url); $count++){
	if (substr($url,$count,1)=='|'){
		$myInputNum++;
	} else {
		if (!isset($myInput[$myInputNum])){
			$myInput[$myInputNum]='';
		}
		if (substr($url,$count,1)==' '){
			$myInput[$myInputNum].='_';
		} else {
		$myInput[$myInputNum].=substr($url,$count,1);
		}
	}
}
$sql = "CREATE TABLE password_table(
		password text(1000)
		)";
mysql_query($sql,$con);
$sql="SELECT * FROM password_table";
$result=mysql_query($sql,$con);
$result2=mysql_fetch_array($result);
//$result3=trim($result2['password']);
$result3=$result2['password'];
// echo('<br />Your password: '.$myInput[0].'<br />');
// echo('My password: '.$result3.'<br />');
if ($result3==$myInput[0]){ // The password matches.
	for ($count=1; $count<=$myInputNum; $count++){
		$sql='Bad command';
		if (isset($myInput[$count])){
				if (substr($myInput[$count],0,4)=='ins='){
					$myInput[$count]=substr($myInput[$count],4,strlen($myInput[$count])-4);
					$myQuery=sprintf("SELECT * FROM page_title_table WHERE page_title='%s'",
						mysql_real_escape_string($myInput[$count]));
					$result=mysql_query($myQuery,$con);	
					$matches=0;
					if ($matches==0){ // If it's not already in the table...
						$matches=mysql_num_rows  ( $result  ); // Is this already in the table?
						$sql=sprintf("INSERT INTO page_title_table (page_title) VALUES ('%s'",
							mysql_real_escape_string($myInput[$count]));
				}
			}
			elseif (substr($myInput[$count],0,4)=='del='){
				$myInput[$count]=substr($myInput[$count],4,strlen($myInput[$count])-4);
				$sql=sprintf("DELETE FROM page_title_table WHERE page_title=('%s')",
					mysql_real_escape_string($myInput[$count]));
			}
		}
		if ($sql!='Bad command'){
			//echo ($sql);
			mysql_query($sql,$con);
		}
	}
	echo ('Access granted! '.$myInputNum.' records received and processed.');
}
else{ // The password doesn't match.
	echo("Access denied; the correct password was not provided.");
}