OSDN Git Service

FIX: PHP5/MySQL5における文法違反コードの修正
[nucleus-jp/nucleus-jp-ancient.git] / nucleus / libs / ACTION.php
1 <?php
2
3 /*
4  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5  * Copyright (C) 2002-2011 The Nucleus Group
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * as published by the Free Software Foundation; either version 2
10  * of the License, or (at your option) any later version.
11  * (see nucleus/documentation/index.html#license for more info)
12  */
13 /**
14  * Actions that can be called via action.php
15  *
16  * @license http://nucleuscms.org/license.txt GNU General Public License
17  * @copyright Copyright (C) 2002-2011 The Nucleus Group
18  * @version $Id$
19  * $NucleusJP: ACTION.php,v 1.10 2007/05/31 07:23:39 kimitake Exp $
20  */
21 class ACTION
22 {
23
24         /**
25          *  Constructor for an new ACTION object
26          */
27         function ACTION()
28         {
29                 // do nothing
30         }
31
32
33         /**
34          *  Calls functions that handle an action called from action.php
35          */
36         function doAction($action)\r
37         {\r
38                 switch($action)\r
39                 {\r
40                         case 'autodraft':\r
41                                 return $this->autoDraft();\r
42                         break;\r
43                 \r
44                         case 'updateticket':\r
45                                 return $this->updateTicket();\r
46                         break;\r
47 \r
48                         case 'addcomment':\r
49                                 return $this->addComment();\r
50                         break;\r
51 \r
52                         case 'sendmessage':\r
53                                 return $this->sendMessage();\r
54                         break;\r
55 \r
56                         case 'createaccount':\r
57                                 return $this->createAccount();\r
58                         break;\r
59 \r
60                         case 'forgotpassword':\r
61                                 return $this->forgotPassword();\r
62                         break;\r
63 \r
64                         case 'votepositive':\r
65                                 return $this->doKarma('pos');\r
66                         break;\r
67 \r
68                         case 'votenegative':\r
69                                 return $this->doKarma('neg');\r
70                         break;\r
71 \r
72                         case 'plugin':\r
73                                 return $this->callPlugin();\r
74                         break;\r
75 \r
76                         default:\r
77                                 doError(_ERROR_BADACTION);\r
78                         break;\r
79                 }\r
80         }
81
82
83         /**
84          *  Adds a new comment to an item (if IP isn't banned)
85          */
86         function addComment()\r
87         {\r
88                 global $CONF, $errormessage, $manager;\r
89 \r
90                 $post['itemid']         = intPostVar('itemid');\r
91                 $post['user']           = postVar('user');\r
92                 $post['userid']         = postVar('userid');\r
93                 $post['email']          = postVar('email');\r
94                 $post['body']           = postVar('body');\r
95                 $post['remember']       = intPostVar('remember');
96
97                 // set cookies when required
98                 #$remember = intPostVar('remember');
99 \r
100                 // begin if: "Remember Me" box checked\r
101                 if ( $post['remember'] == 1 )\r
102                 {\r
103                         $lifetime = time() + 2592000;\r
104                         setcookie($CONF['CookiePrefix'] . 'comment_user', $post['user'], $lifetime, '/', '', 0);\r
105                         setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'], $lifetime, '/', '', 0);\r
106                         setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime, '/', '', 0);\r
107                 } // end if
108
109                 $comments = new COMMENTS($post['itemid']);
110
111                 $blog_id = getBlogIDFromItemID($post['itemid']);\r
112                 $this->checkban($blog_id);\r
113                 $blog =& $manager->getBlog($blog_id);
114
115                 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
116                 $errormessage = $comments->addComment($blog->getCorrectTime(), $post);
117
118                 // begin if:\r
119                 if ( $errormessage == '1' )\r
120                 {
121                         // redirect when adding comments succeeded
122                         if ( postVar('url') )\r
123                         {\r
124                                 redirect(postVar('url') );\r
125                         }\r
126                         else\r
127                         {
128                                 $url = createItemLink($post['itemid']);
129                                 redirect($url);
130                         } // end if\r
131 \r
132                 }\r
133                 // else, show error message using default skin for blog\r
134                 else\r
135                 {
136                         return array(
137                                 'message'       => $errormessage,\r
138                                 'skinid'        => $blog->getDefaultSkin()
139                         );
140                 } // end if
141
142                 exit;
143         }
144
145
146         /**
147          *  Sends a message from the current member to the member given as argument
148          */
149         function sendMessage()\r
150         {
151                 global $CONF, $member;
152
153                 $error = $this->validateMessage();
154 \r
155                 if ( $error != '' )\r
156                 {
157                         return array('message' => $error);
158                 }
159
160                 if ( !$member->isLoggedIn() )\r
161                 {
162                         $fromMail = postVar('frommail');
163                         $fromName = _MMAIL_FROMANON;
164                 }\r
165                 else\r
166                 {
167                         $fromMail = $member->getEmail();
168                         $fromName = $member->getDisplayName();
169                 }
170
171                 $tomem = new MEMBER();
172                 $tomem->readFromId(postVar('memberid') );
173
174                 $message  = _MMAIL_MSG . ' ' . $fromName . "\n"
175                           . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
176                           . _MMAIL_MAIL . " \n\n"
177                           . postVar('message');
178                 $message .= getMailFooter();
179
180                 $title = _MMAIL_TITLE . ' ' . $fromName;
181                 mb_language('ja');
182                 mb_internal_encoding(_CHARSET);
183                 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
184
185                 if ( postVar('url') )\r
186                 {\r
187                         redirect(postVar('url') );\r
188                 }\r
189                 else\r
190                 {
191                         $CONF['MemberURL'] = $CONF['IndexURL'];
192 \r
193                         if ( $CONF['URLMode'] == 'pathinfo' )
194                         {
195                                 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName() ) );
196                         }
197                         else
198                         {
199                                 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
200                         }
201
202                         redirect($url);
203                 }
204
205                 exit;
206         }
207
208
209         /**
210          *  Checks if a mail to a member is allowed
211          *  Returns a string with the error message if the mail is disallowed
212          */
213         function validateMessage()\r
214         {
215                 global $CONF, $member, $manager;
216
217                 if ( !$CONF['AllowMemberMail'] )\r
218                 {
219                         return _ERROR_MEMBERMAILDISABLED;
220                 }
221
222                 if ( !$member->isLoggedIn() && !$CONF['NonmemberMail'] )\r
223                 {\r
224                         return _ERROR_DISALLOWED;\r
225                 }
226
227                 if ( !$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail') ) ) )\r
228                 {\r
229                         return _ERROR_BADMAILADDRESS;\r
230                 }
231
232                 // let plugins do verification (any plugin which thinks the comment is invalid
233                 // can change 'error' to something other than '')
234                 $result = '';
235                 $param = array(
236                         'type'  => 'membermail',
237                         'error' => &$result
238                 );
239                 $manager->notify('ValidateForm', $param);
240
241                 return $result;
242
243         }
244
245
246         /**
247          *  Creates a new user account
248          */
249         function createAccount()\r
250         {
251                 global $CONF, $manager;
252
253                 if ( !$CONF['AllowMemberCreate'] )\r
254                 {\r
255                         doError(_ERROR_MEMBERCREATEDISABLED);\r
256                 }
257
258                 // evaluate content from FormExtra
259                 $result = 1;
260                 $param = array(
261                         'type'  => 'membermail',
262                         'error' => &$result
263                 );
264                 $manager->notify('ValidateForm', $param);
265                 
266                 if ( $result != 1 )\r
267                 {
268                         return $result;
269                 }
270                 else\r
271                 {
272
273                         // even though the member can not log in, set some random initial password. One never knows.
274                         srand( (double) microtime() * 1000000);\r
275                         $initialPwd = md5(uniqid(rand(), TRUE) );
276
277                         // create member (non admin/can not login/no notes/random string as password)
278                         $name = shorten(postVar('name'), 32, '');
279                         $r = MEMBER::create($name, postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
280
281                         if ( $r != 1 )\r
282                         {
283                                 return $r;
284                         }
285
286                         // send message containing password.
287                         $newmem = new MEMBER();
288                         $newmem->readFromName($name);
289                         $newmem->sendActivationLink('register');
290                         
291                         $param = array('member' => &$newmem);
292                         $manager->notify('PostRegister', $param);
293
294                         if ( postVar('desturl') )\r
295                         {\r
296                                 redirect(postVar('desturl') );\r
297                         }\r
298                         else\r
299                         {
300                                 // header has been already sent, so deleted the line below
301                                 sendContentType('text/html', '', _CHARSET);
302                                 echo _MSG_ACTIVATION_SENT;
303                                 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
304                                 echo "\n</body>\n</html>";
305                         }
306
307                         exit;
308                 }
309
310         }
311
312
313         /**
314          *  Sends a new password
315          */
316         function forgotPassword()\r
317         {\r
318                 $membername = trim(postVar('name') );
319
320                 if ( !MEMBER::exists($membername) )\r
321                 {\r
322                         doError(_ERROR_NOSUCHMEMBER);\r
323                 }\r
324
325                 $mem = MEMBER::createFromName($membername);
326
327                 /* below keeps regular users from resetting passwords using forgot password feature
328                          Removing for now until clear why it is required.*/
329                 /*if (!$mem->canLogin())
330                         doError(_ERROR_NOLOGON_NOACTIVATE);*/
331
332                 // check if e-mail address is correct
333                 if ( !($mem->getEmail() == postVar('email') ) )\r
334                 {\r
335                         doError(_ERROR_INCORRECTEMAIL);\r
336                 }
337
338                 // send activation link
339                 $mem->sendActivationLink('forgot');
340
341                 if ( postVar('url') )\r
342                 {\r
343                         redirect(postVar('url') );\r
344                 }\r
345                 else\r
346                 {
347 //                      header ("Content-Type: text/html; charset="._CHARSET);
348                         sendContentType('text/html', '', _CHARSET);
349                         echo _MSG_ACTIVATION_SENT;
350                         echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
351                 }
352
353                 exit;
354         }
355
356
357         /**
358          *  Handle karma votes
359          */
360         function doKarma($type)\r
361         {
362                 global $itemid, $member, $CONF, $manager;
363
364                 // check if itemid exists
365                 if ( !$manager->existsItem($itemid, 0, 0) )\r
366                 {\r
367                         doError(_ERROR_NOSUCHITEM);\r
368                 }
369
370                 $blogid = getBlogIDFromItemID($itemid);
371                 $this->checkban($blogid);
372
373                 $karma =& $manager->getKarma($itemid);
374
375                 // check if not already voted
376                 if ( !$karma->isVoteAllowed(serverVar('REMOTE_ADDR') ) )\r
377                 {\r
378                         doError(_ERROR_VOTEDBEFORE);\r
379                 }
380
381                 // check if item does allow voting
382                 $item =& $manager->getItem($itemid, 0, 0);\r
383 \r
384                 if ( $item['closed'] )\r
385                 {\r
386                         doError(_ERROR_ITEMCLOSED);\r
387                 }
388
389                 switch ( $type )\r
390                 {\r
391                         case 'pos':\r
392                                 $karma->votePositive();\r
393                         break;\r
394 \r
395                         case 'neg':\r
396                                 $karma->voteNegative();\r
397                         break;\r
398                 }
399
400 //              $blogid = getBlogIDFromItemID($itemid);
401                 $blog =& $manager->getBlog($blogid);
402
403                 // send email to notification address, if any
404                 if ( $blog->getNotifyAddress() && $blog->notifyOnVote() )\r
405                 {
406
407                         $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
408                         $itemLink = createItemLink(intval($itemid) );
409                         $temp = parse_url($itemLink);
410
411                         if ( !$temp['scheme'] )\r
412                         {
413                                 $itemLink = $CONF['IndexURL'] . $itemLink;
414                         }
415
416                         $mailto_msg .= $itemLink . "\n\n";
417
418                         if ( $member->isLoggedIn() )\r
419                         {
420                                 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
421                         }
422
423                         $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
424                         $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";
425                         $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
426                         $mailto_msg .= getMailFooter();
427
428                         $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
429
430                         $frommail = $member->getNotifyFromMailAddress();
431
432                         $notify = new NOTIFICATION($blog->getNotifyAddress() );\r
433                         $notify->notify($mailto_title, $mailto_msg, $frommail);
434                 }
435
436                 $refererUrl = serverVar('HTTP_REFERER');
437 \r
438                 if ( $refererUrl )\r
439                 {
440                         $url = $refererUrl;
441                 }\r
442                 else\r
443                 {
444 //                      $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
445                         $url = $itemLink;
446                 }
447
448                 redirect($url);
449                 exit;
450         }
451
452
453         /**
454           * Calls a plugin action
455           */
456         function callPlugin()\r
457         {
458                 global $manager;
459
460                 $pluginName = 'NP_' . requestVar('name');
461                 $actionType = requestVar('type');
462
463                 // 1: check if plugin is installed
464                 if ( !$manager->pluginInstalled($pluginName) )\r
465                 {
466                         doError(_ERROR_NOSUCHPLUGIN);
467                 }
468
469                 // 2: call plugin
470                 $pluginObject =& $manager->getPlugin($pluginName);
471 \r
472                 if ( $pluginObject )\r
473                 {
474                         $error = $pluginObject->doAction($actionType);
475                 }\r
476                 else\r
477                 {
478                         $error = 'Could not load plugin (see actionlog)';
479                 }
480
481                 // doAction returns error when:
482                 // - an error occurred (duh)
483                 // - no actions are allowed (doAction is not implemented)
484                 if ( $error )\r
485                 {\r
486                         doError($error);\r
487                 }
488
489                 exit;
490
491         }
492
493
494         /**
495          *  Checks if an IP or IP range is banned
496          */
497         function checkban($blogid)\r
498         {
499                 // check if banned
500                 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR') );\r
501 \r
502                 if ( $ban != 0 )\r
503                 {
504                         doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
505                 }
506
507         }
508
509
510         /**
511          * Gets a new ticket
512          */
513         function updateTicket()\r
514         {
515                 global $manager;
516 \r
517                 if ( $manager->checkTicket() )\r
518                 {
519                         echo $manager->getNewTicket();
520                 }
521                 else\r
522                 {
523                         echo _ERROR . ':' . _ERROR_BADTICKET;
524                 }
525 \r
526                 return FALSE;
527         }
528
529
530         /**
531          * Handles AutoSaveDraft
532          */
533         function autoDraft()\r
534         {
535                 global $manager;
536 \r
537                 if ( $manager->checkTicket() )\r
538                 {
539                         $manager->loadClass('ITEM');
540                         $info = ITEM::createDraftFromRequest();
541
542                         if ( $info['status'] == 'error' )\r
543                         {
544                                 echo $info['message'];
545                         }
546                         else\r
547                         {
548                                 echo $info['draftid'];
549                         }
550                 }
551                 else\r
552                 {
553                         echo _ERROR . ':' . _ERROR_BADTICKET;
554                 }
555 \r
556                 return FALSE;
557         }
558
559 }
560
561 ?>