OSDN Git Service

(root) / nucleus-jp / nucleus-jp-ancient.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
preparation for 4.0 trunk: move whole scripts just under trunk directory
[nucleus-jp/nucleus-jp-ancient.git] / nucleus / libs / ADMIN.php
1 <?php\r
2 /*\r
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
4  * Copyright (C) 2002-2011 The Nucleus Group\r
5  *\r
6  * This program is free software; you can redistribute it and/or\r
7  * modify it under the terms of the GNU General Public License\r
8  * as published by the Free Software Foundation; either version 2\r
9  * of the License, or (at your option) any later version.\r
10  * (see nucleus/documentation/index.html#license for more info)\r
11  */\r
12 /**\r
13  * The code for the Nucleus admin area\r
14  *\r
15  * @license http://nucleuscms.org/license.txt GNU General Public License\r
16  * @copyright Copyright (C) 2002-2011 The Nucleus Group\r
17  * @version $Id$\r
18  * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $\r
19  */\r
20 \r
21 if ( !function_exists('requestVar') ) exit;\r
22 require_once dirname(__FILE__) . '/showlist.php';\r
23 \r
24 /**\r
25  * Builds the admin area and executes admin actions\r
26  */\r
27 class ADMIN {\r
28 \r
29         /**\r
30          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)\r
31          */\r
32         var $action;\r
33 \r
34         /**\r
35          * Class constructor\r
36          */\r
37         function ADMIN() {\r
38 \r
39         }\r
40 \r
41         /**\r
42          * Executes an action\r
43          *\r
44          * @param string $action action to be performed\r
45          */\r
46         function action($action) {\r
47                 global $CONF, $manager;\r
48 \r
49                 // list of action aliases\r
50                 $alias = array(\r
51                         'login' => 'overview',\r
52                         '' => 'overview'\r
53                 );\r
54 \r
55                 if (isset($alias[$action]))\r
56                         $action = $alias[$action];\r
57 \r
58                 $methodName = 'action_' . $action;\r
59 \r
60                 $this->action = strtolower($action);\r
61 \r
62                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
63                 // is an action that requires user interaction before something is actually done)\r
64                 // all safe actions are in this array:\r
65                 $aActionsNotToCheck = array(\r
66                         'showlogin',\r
67                         'login',\r
68                         'overview',\r
69                         'itemlist',\r
70                         'blogcommentlist',\r
71                         'bookmarklet',\r
72                         'blogsettings',\r
73                         'banlist',\r
74                         'deleteblog',\r
75                         'editmembersettings',\r
76                         'browseownitems',\r
77                         'browseowncomments',\r
78                         'createitem',\r
79                         'itemedit',\r
80                         'itemmove',\r
81                         'categoryedit',\r
82                         'categorydelete',\r
83                         'manage',\r
84                         'actionlog',\r
85                         'settingsedit',\r
86                         'backupoverview',\r
87                         'pluginlist',\r
88                         'createnewlog',\r
89                         'usermanagement',\r
90                         'skinoverview',\r
91                         'templateoverview',\r
92                         'skinieoverview',\r
93                         'itemcommentlist',\r
94                         'commentedit',\r
95                         'commentdelete',\r
96                         'banlistnewfromitem',\r
97                         'banlistdelete',\r
98                         'itemdelete',\r
99                         'manageteam',\r
100                         'teamdelete',\r
101                         'banlistnew',\r
102                         'memberedit',\r
103                         'memberdelete',\r
104                         'pluginhelp',\r
105                         'pluginoptions',\r
106                         'plugindelete',\r
107                         'skinedittype',\r
108                         'skinremovetype',\r
109                         'skindelete',\r
110                         'skinedit',\r
111                         'templateedit',\r
112                         'templatedelete',\r
113                         'activate',\r
114                         'systemoverview'\r
115                 );\r
116 /*\r
117                 // the rest of the actions needs to be checked\r
118                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');\r
119 */\r
120                 if (!in_array($this->action, $aActionsNotToCheck))\r
121                 {\r
122                         if (!$manager->checkTicket())\r
123                                 $this->error(_ERROR_BADTICKET);\r
124                 }\r
125 \r
126                 if (method_exists($this, $methodName))\r
127                         call_user_func(array(&$this, $methodName));\r
128                 else\r
129                         $this->error(_BADACTION . htmlspecialchars(" ($action)"));\r
130 \r
131         }\r
132 \r
133         /**\r
134          * @todo document this\r
135          */\r
136         function action_showlogin() {\r
137                 global $error;\r
138                 $this->action_login($error);\r
139         }\r
140 \r
141         /**\r
142          * @todo document this\r
143          */\r
144         function action_login($msg = '', $passvars = 1) {\r
145                 global $member;\r
146 \r
147                 // skip to overview when allowed\r
148                 if ($member->isLoggedIn() && $member->canLogin()) {\r
149                         $this->action_overview();\r
150                         exit;\r
151                 }\r
152 \r
153                 $this->pagehead();\r
154 \r
155                 echo '<h2>', _LOGIN ,'</h2>';\r
156                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
157                 ?>\r
158 \r
159                 <form action="index.php" method="post"><p>\r
160                 <?php echo _LOGIN_NAME; ?> <br /><input name="login"  tabindex="10" />\r
161                 <br />\r
162                 <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password"  tabindex="20" type="password" />\r
163                 <br />\r
164                 <input name="action" value="login" type="hidden" />\r
165                 <br />\r
166                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
167                 <br />\r
168                 <small>\r
169                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
170                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
171                 </small>\r
172                 <?php              // pass through vars\r
173 \r
174                         $oldaction = postVar('oldaction');\r
175                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
176                                 passRequestVars();\r
177                         }\r
178 \r
179 \r
180                 ?>\r
181                 </p></form>\r
182                 <?php      $this->pagefoot();\r
183         }\r
184 \r
185 \r
186         /**\r
187          * provides a screen with the overview of the actions available\r
188          * @todo document parameter\r
189          */\r
190         function action_overview($msg = '') {\r
191                 global $member;\r
192 \r
193                 $this->pagehead();\r
194 \r
195                 if ($msg)\r
196                         echo _MESSAGE , ': ', $msg;\r
197 \r
198                 /* ---- add items ---- */\r
199                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
200 \r
201                 $showAll = requestVar('showall');\r
202 \r
203                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
204                         // Super-Admins have access to all blogs! (no add item support though)\r
205                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
206                                    . ' FROM ' . sql_table('blog')\r
207                                    . ' ORDER BY bname';\r
208                 } else {\r
209                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
210                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
211                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
212                                    . ' ORDER BY bname';\r
213                 }\r
214                 $template['content'] = 'bloglist';\r
215                 $template['superadmin'] = $member->isAdmin();\r
216                 $amount = showlist($query,'table',$template);\r
217 \r
218                 if (($showAll != 'yes') && ($member->isAdmin())) {\r
219                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
220                         if ($total > $amount)\r
221                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>';\r
222                 }\r
223 \r
224                 if ($amount == 0)\r
225                         echo _OVERVIEW_NOBLOGS;\r
226 \r
227                 if ($amount != 0) {\r
228                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
229                         $query =  'SELECT ititle, inumber, bshortname'\r
230                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
231                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
232                         $template['content'] = 'draftlist';\r
233                         $amountdrafts = showlist($query, 'table', $template);\r
234                         if ($amountdrafts == 0)\r
235                                 echo _OVERVIEW_NODRAFTS;\r
236                 }\r
237 \r
238                 /* ---- user settings ---- */\r
239                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
240                 echo '<ul>';\r
241                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
242                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
243                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
244                 echo '</ul>';\r
245 \r
246                 /* ---- general settings ---- */\r
247                 if ($member->isAdmin()) {\r
248                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
249                         echo '<ul>';\r
250                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
251                         echo '</ul>';\r
252                 }\r
253 \r
254 \r
255                 $this->pagefoot();\r
256         }\r
257 \r
258         /**\r
259          * Returns a link to a weblog\r
260          * @param object BLOG\r
261          */\r
262         function bloglink(&$blog) {\r
263                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';\r
264         }\r
265 \r
266         /**\r
267          * @todo document this\r
268          */\r
269         function action_manage($msg = '') {\r
270                 global $member;\r
271 \r
272                 $member->isAdmin() or $this->disallow();\r
273 \r
274                 $this->pagehead();\r
275 \r
276                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
277 \r
278                 if ($msg)\r
279                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
280 \r
281 \r
282                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
283 \r
284                 echo '<ul>';\r
285                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
286                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
287                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
288                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
289                 echo '</ul>';\r
290 \r
291                 echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
292                 echo '<ul>';\r
293                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
294                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
295                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
296                 echo '</ul>';\r
297 \r
298                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
299                 echo '<ul>';\r
300                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
301                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
302                 echo '</ul>';\r
303 \r
304                 $this->pagefoot();\r
305         }\r
306 \r
307         /**\r
308          * @todo document this\r
309          */\r
310         function action_itemlist($blogid = '') {\r
311                 global $member, $manager, $CONF;\r
312 \r
313                 if ($blogid == '')\r
314                         $blogid = intRequestVar('blogid');\r
315 \r
316                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
317 \r
318                 $this->pagehead();\r
319                 $blog =& $manager->getBlog($blogid);\r
320 \r
321                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
322                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
323 \r
324                 // start index\r
325                 if (postVar('start'))\r
326                         $start = intPostVar('start');\r
327                 else\r
328                         $start = 0;\r
329 \r
330                 if ($start == 0)\r
331                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
332 \r
333                 // amount of items to show\r
334                 if (postVar('amount'))\r
335                         $amount = intPostVar('amount');\r
336                 else {\r
337                         $amount = intval($CONF['DefaultListSize']);\r
338                         if ($amount < 1)\r
339                                 $amount = 10;\r
340                 }\r
341 \r
342                 $search = postVar('search');    // search through items\r
343 \r
344                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime, bnumber, catid'\r
345                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
346                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
347 \r
348                 if ($search)\r
349                         $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
350 \r
351                 // non-blog-admins can only edit/delete their own items\r
352                 if (!$member->blogAdminRights($blogid))\r
353                         $query .= ' and iauthor=' . $member->getID();\r
354 \r
355 \r
356                 $query .= ' ORDER BY itime DESC'\r
357                                 . " LIMIT $start,$amount";\r
358 \r
359                 $template['content'] = 'itemlist';\r
360                 $template['now'] = $blog->getCorrectTime(time());\r
361 \r
362                 $manager->loadClass("ENCAPSULATE");\r
363                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
364                 $navList->showBatchList('item',$query,'table',$template);\r
365 \r
366 \r
367                 $this->pagefoot();\r
368         }\r
369 \r
370         /**\r
371          * @todo document this\r
372          */\r
373         function action_batchitem() {\r
374                 global $member, $manager;\r
375 \r
376                 // check if logged in\r
377                 $member->isLoggedIn() or $this->disallow();\r
378 \r
379                 // more precise check will be done for each performed operation\r
380 \r
381                 // get array of itemids from request\r
382                 $selected = requestIntArray('batch');\r
383                 $action = requestVar('batchaction');\r
384 \r
385                 // Show error when no items were selected\r
386                 if (!is_array($selected) || sizeof($selected) == 0)\r
387                         $this->error(_BATCH_NOSELECTION);\r
388 \r
389                 // On move: when no destination blog/category chosen, show choice now\r
390                 $destCatid = intRequestVar('destcatid');\r
391                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
392                         $this->batchMoveSelectDestination('item',$selected);\r
393 \r
394                 // On delete: check if confirmation has been given\r
395                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
396                         $this->batchAskDeleteConfirmation('item',$selected);\r
397 \r
398                 $this->pagehead();\r
399 \r
400                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
401                 echo '<h2>',_BATCH_ITEMS,'</h2>';\r
402                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
403                 echo '<ul>';\r
404 \r
405 \r
406                 // walk over all itemids and perform action\r
407                 foreach ($selected as $itemid) {\r
408                         $itemid = intval($itemid);\r
409                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
410 \r
411                         // perform action, display errors if needed\r
412                         switch($action) {\r
413                                 case 'delete':\r
414                                         $error = $this->deleteOneItem($itemid);\r
415                                         break;\r
416                                 case 'move':\r
417                                         $error = $this->moveOneItem($itemid, $destCatid);\r
418                                         break;\r
419                                 default:\r
420                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
421                         }\r
422 \r
423                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
424                         echo '</li>';\r
425                 }\r
426 \r
427                 echo '</ul>';\r
428                 echo '<b>',_BATCH_DONE,'</b>';\r
429 \r
430                 $this->pagefoot();\r
431 \r
432 \r
433         }\r
434 \r
435         /**\r
436          * @todo document this\r
437          */\r
438         function action_batchcomment() {\r
439                 global $member;\r
440 \r
441                 // check if logged in\r
442                 $member->isLoggedIn() or $this->disallow();\r
443 \r
444                 // more precise check will be done for each performed operation\r
445 \r
446                 // get array of itemids from request\r
447                 $selected = requestIntArray('batch');\r
448                 $action = requestVar('batchaction');\r
449 \r
450                 // Show error when no items were selected\r
451                 if (!is_array($selected) || sizeof($selected) == 0)\r
452                         $this->error(_BATCH_NOSELECTION);\r
453 \r
454                 // On delete: check if confirmation has been given\r
455                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
456                         $this->batchAskDeleteConfirmation('comment',$selected);\r
457 \r
458                 $this->pagehead();\r
459 \r
460                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
461                 echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
462                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
463                 echo '<ul>';\r
464 \r
465                 // walk over all itemids and perform action\r
466                 foreach ($selected as $commentid) {\r
467                         $commentid = intval($commentid);\r
468                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
469 \r
470                         // perform action, display errors if needed\r
471                         switch($action) {\r
472                                 case 'delete':\r
473                                         $error = $this->deleteOneComment($commentid);\r
474                                         break;\r
475                                 default:\r
476                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
477                         }\r
478 \r
479                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
480                         echo '</li>';\r
481                 }\r
482 \r
483                 echo '</ul>';\r
484                 echo '<b>',_BATCH_DONE,'</b>';\r
485 \r
486                 $this->pagefoot();\r
487 \r
488 \r
489         }\r
490 \r
491         /**\r
492          * @todo document this\r
493          */\r
494         function action_batchmember() {\r
495                 global $member;\r
496 \r
497                 // check if logged in and admin\r
498                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
499 \r
500                 // get array of itemids from request\r
501                 $selected = requestIntArray('batch');\r
502                 $action = requestVar('batchaction');\r
503 \r
504                 // Show error when no members selected\r
505                 if (!is_array($selected) || sizeof($selected) == 0)\r
506                         $this->error(_BATCH_NOSELECTION);\r
507 \r
508                 // On delete: check if confirmation has been given\r
509                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
510                         $this->batchAskDeleteConfirmation('member',$selected);\r
511 \r
512                 $this->pagehead();\r
513 \r
514                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
515                 echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
516                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
517                 echo '<ul>';\r
518 \r
519                 // walk over all itemids and perform action\r
520                 foreach ($selected as $memberid) {\r
521                         $memberid = intval($memberid);\r
522                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
523 \r
524                         // perform action, display errors if needed\r
525                         switch($action) {\r
526                                 case 'delete':\r
527                                         $error = $this->deleteOneMember($memberid);\r
528                                         break;\r
529                                 case 'setadmin':\r
530                                         // always succeeds\r
531                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
532                                         $error = '';\r
533                                         break;\r
534                                 case 'unsetadmin':\r
535                                         // there should always remain at least one super-admin\r
536                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
537                                         if (sql_num_rows($r) < 2)\r
538                                                 $error = _ERROR_ATLEASTONEADMIN;\r
539                                         else\r
540                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
541                                         break;\r
542                                 default:\r
543                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
544                         }\r
545 \r
546                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
547                         echo '</li>';\r
548                 }\r
549 \r
550                 echo '</ul>';\r
551                 echo '<b>',_BATCH_DONE,'</b>';\r
552 \r
553                 $this->pagefoot();\r
554 \r
555 \r
556         }\r
557 \r
558         /**\r
559          * @todo document this\r
560          */\r
561         function action_batchteam() {\r
562                 global $member;\r
563 \r
564                 $blogid = intRequestVar('blogid');\r
565 \r
566                 // check if logged in and admin\r
567                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
568 \r
569                 // get array of itemids from request\r
570                 $selected = requestIntArray('batch');\r
571                 $action = requestVar('batchaction');\r
572 \r
573                 // Show error when no members selected\r
574                 if (!is_array($selected) || sizeof($selected) == 0)\r
575                         $this->error(_BATCH_NOSELECTION);\r
576 \r
577                 // On delete: check if confirmation has been given\r
578                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
579                         $this->batchAskDeleteConfirmation('team',$selected);\r
580 \r
581                 $this->pagehead();\r
582 \r
583                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
584 \r
585                 echo '<h2>',_BATCH_TEAM,'</h2>';\r
586                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
587                 echo '<ul>';\r
588 \r
589                 // walk over all itemids and perform action\r
590                 foreach ($selected as $memberid) {\r
591                         $memberid = intval($memberid);\r
592                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
593 \r
594                         // perform action, display errors if needed\r
595                         switch($action) {\r
596                                 case 'delete':\r
597                                         $error = $this->deleteOneTeamMember($blogid, $memberid);\r
598                                         break;\r
599                                 case 'setadmin':\r
600                                         // always succeeds\r
601                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
602                                         $error = '';\r
603                                         break;\r
604                                 case 'unsetadmin':\r
605                                         // there should always remain at least one admin\r
606                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
607                                         if (sql_num_rows($r) < 2)\r
608                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;\r
609                                         else\r
610                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
611                                         break;\r
612                                 default:\r
613                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
614                         }\r
615 \r
616                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
617                         echo '</li>';\r
618                 }\r
619 \r
620                 echo '</ul>';\r
621                 echo '<b>',_BATCH_DONE,'</b>';\r
622 \r
623                 $this->pagefoot();\r
624 \r
625 \r
626         }\r
627 \r
628         /**\r
629          * @todo document this\r
630          */\r
631         function action_batchcategory() {\r
632                 global $member, $manager;\r
633 \r
634                 // check if logged in\r
635                 $member->isLoggedIn() or $this->disallow();\r
636 \r
637                 // more precise check will be done for each performed operation\r
638 \r
639                 // get array of itemids from request\r
640                 $selected = requestIntArray('batch');\r
641                 $action = requestVar('batchaction');\r
642 \r
643                 // Show error when no items were selected\r
644                 if (!is_array($selected) || sizeof($selected) == 0)\r
645                         $this->error(_BATCH_NOSELECTION);\r
646 \r
647                 // On move: when no destination blog chosen, show choice now\r
648                 $destBlogId = intRequestVar('destblogid');\r
649                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
650                         $this->batchMoveCategorySelectDestination('category',$selected);\r
651 \r
652                 // On delete: check if confirmation has been given\r
653                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
654                         $this->batchAskDeleteConfirmation('category',$selected);\r
655 \r
656                 $this->pagehead();\r
657 \r
658                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
659                 echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
660                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
661                 echo '<ul>';\r
662 \r
663                 // walk over all itemids and perform action\r
664                 foreach ($selected as $catid) {\r
665                         $catid = intval($catid);\r
666                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
667 \r
668                         // perform action, display errors if needed\r
669                         switch($action) {\r
670                                 case 'delete':\r
671                                         $error = $this->deleteOneCategory($catid);\r
672                                         break;\r
673                                 case 'move':\r
674                                         $error = $this->moveOneCategory($catid, $destBlogId);\r
675                                         break;\r
676                                 default:\r
677                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
678                         }\r
679 \r
680                         echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>';\r
681                         echo '</li>';\r
682                 }\r
683 \r
684                 echo '</ul>';\r
685                 echo '<b>',_BATCH_DONE,'</b>';\r
686 \r
687                 $this->pagefoot();\r
688 \r
689         }\r
690 \r
691         /**\r
692          * @todo document this\r
693          */\r
694         function batchMoveSelectDestination($type, $ids) {\r
695                 global $manager;\r
696                 $this->pagehead();\r
697                 ?>\r
698                 <h2><?php echo _MOVE_TITLE?></h2>\r
699                 <form method="post" action="index.php"><div>\r
700 \r
701                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
702                         <input type="hidden" name="batchaction" value="move" />\r
703                         <?php\r
704                                 $manager->addTicketHidden();\r
705 \r
706                                 // insert selected item numbers\r
707                                 $idx = 0;\r
708                                 foreach ($ids as $id)\r
709                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
710 \r
711                                 // show blog/category selection list\r
712                                 $this->selectBlogCategory('destcatid');\r
713 \r
714                         ?>\r
715 \r
716 \r
717                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
718 \r
719                 </div></form>\r
720                 <?php      $this->pagefoot();\r
721                 exit;\r
722         }\r
723 \r
724         /**\r
725          * @todo document this\r
726          */\r
727         function batchMoveCategorySelectDestination($type, $ids) {\r
728                 global $manager;\r
729                 $this->pagehead();\r
730                 ?>\r
731                 <h2><?php echo _MOVECAT_TITLE?></h2>\r
732                 <form method="post" action="index.php"><div>\r
733 \r
734                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
735                         <input type="hidden" name="batchaction" value="move" />\r
736                         <?php\r
737                                 $manager->addTicketHidden();\r
738 \r
739                                 // insert selected item numbers\r
740                                 $idx = 0;\r
741                                 foreach ($ids as $id)\r
742                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
743 \r
744                                 // show blog/category selection list\r
745                                 $this->selectBlog('destblogid');\r
746 \r
747                         ?>\r
748 \r
749 \r
750                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
751 \r
752                 </div></form>\r
753                 <?php      $this->pagefoot();\r
754                 exit;\r
755         }\r
756 \r
757         /**\r
758          * @todo document this\r
759          */\r
760         function batchAskDeleteConfirmation($type, $ids) {\r
761                 global $manager;\r
762 \r
763                 $this->pagehead();\r
764                 ?>\r
765                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
766                 <form method="post" action="index.php"><div>\r
767 \r
768                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
769                         <?php $manager->addTicketHidden() ?>\r
770                         <input type="hidden" name="batchaction" value="delete" />\r
771                         <input type="hidden" name="confirmation" value="yes" />\r
772                         <?php                      // insert selected item numbers\r
773                                 $idx = 0;\r
774                                 foreach ($ids as $id)\r
775                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
776 \r
777                                 // add hidden vars for team & comment\r
778                                 if ($type == 'team')\r
779                                 {\r
780                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
781                                 }\r
782                                 if ($type == 'comment')\r
783                                 {\r
784                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
785                                 }\r
786 \r
787                         ?>\r
788 \r
789                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
790 \r
791                 </div></form>\r
792                 <?php      $this->pagefoot();\r
793                 exit;\r
794         }\r
795 \r
796 \r
797         /**\r
798          * Inserts a HTML select element with choices for all categories to which the current\r
799          * member has access\r
800          * @see function selectBlog\r
801          */\r
802         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
803                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
804         }\r
805 \r
806         /**\r
807          * Inserts a HTML select element with choices for all blogs to which the user has access\r
808          *        mode = 'blog' => shows blognames and values are blogids\r
809          *        mode = 'category' => show category names and values are catids\r
810          *\r
811          * @param $iForcedBlogInclude\r
812          *        ID of a blog that always needs to be included, without checking if the\r
813          *        member is on the blog team (-1 = none)\r
814          * @todo document parameters\r
815          */\r
816         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
817                 global $member, $CONF;\r
818 \r
819                 // 0. get IDs of blogs to which member can post items (+ forced blog)\r
820                 $aBlogIds = array();\r
821                 if ($iForcedBlogInclude != -1)\r
822                         $aBlogIds[] = intval($iForcedBlogInclude);\r
823 \r
824                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
825                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
826                 else\r
827                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
828                 $rblogids = sql_query($queryBlogs);\r
829                 while ($o = sql_fetch_object($rblogids))\r
830                         if ($o->bnumber != $iForcedBlogInclude)\r
831                                 $aBlogIds[] = intval($o->bnumber);\r
832 \r
833                 if (count($aBlogIds) == 0)\r
834                         return;\r
835 \r
836                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
837 \r
838                 // 1. select blogs (we'll create optiongroups)\r
839                 // (only select those blogs that have the user on the team)\r
840                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
841                 $blogs = sql_query($queryBlogs);\r
842                 if ($mode == 'category') {\r
843                         if (sql_num_rows($blogs) > 1)\r
844                                 $multipleBlogs = 1;\r
845 \r
846                         while ($oBlog = sql_fetch_object($blogs)) {\r
847                                 if ($multipleBlogs)\r
848                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
849 \r
850                                 // show selection to create new category when allowed/wanted\r
851                                 if ($showNewCat) {\r
852                                         // check if allowed to do so\r
853                                         if ($member->blogAdminRights($oBlog->bnumber))\r
854                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
855                                 }\r
856 \r
857                                 // 2. for each category in that blog\r
858                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
859                                 while ($oCat = sql_fetch_object($categories)) {\r
860                                         if ($oCat->catid == $selected)\r
861                                                 $selectText = ' selected="selected" ';\r
862                                         else\r
863                                                 $selectText = '';\r
864                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
865                                 }\r
866 \r
867                                 if ($multipleBlogs)\r
868                                         echo '</optgroup>';\r
869                         }\r
870                 } else {\r
871                         // blog mode\r
872                         while ($oBlog = sql_fetch_object($blogs)) {\r
873                                 echo '<option value="',$oBlog->bnumber,'"';\r
874                                 if ($oBlog->bnumber == $selected)\r
875                                         echo ' selected="selected"';\r
876                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
877                         }\r
878                 }\r
879                 echo '</select>';\r
880 \r
881         }\r
882 \r
883         /**\r
884          * @todo document this\r
885          */\r
886         function action_browseownitems() {\r
887                 global $member, $manager, $CONF;\r
888 \r
889                 $this->pagehead();\r
890 \r
891                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
892                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
893 \r
894                 // start index\r
895                 if (postVar('start'))\r
896                         $start = intPostVar('start');\r
897                 else\r
898                         $start = 0;\r
899 \r
900                 // amount of items to show\r
901                 if (postVar('amount'))\r
902                         $amount = intPostVar('amount');\r
903                 else {\r
904                         $amount = intval($CONF['DefaultListSize']);\r
905                         if ($amount < 1)\r
906                                 $amount = 10;\r
907                 }\r
908 \r
909                 $search = postVar('search');    // search through items\r
910 \r
911                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
912                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
913                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
914 \r
915                 if ($search)\r
916                         $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
917 \r
918                 $query .= ' ORDER BY itime DESC'\r
919                                 . " LIMIT $start,$amount";\r
920 \r
921                 $template['content'] = 'itemlist';\r
922                 $template['now'] = time();\r
923 \r
924                 $manager->loadClass("ENCAPSULATE");\r
925                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);\r
926                 $navList->showBatchList('item',$query,'table',$template);\r
927 \r
928                 $this->pagefoot();\r
929 \r
930         }\r
931 \r
932         /**\r
933          * Show all the comments for a given item\r
934          * @param int $itemid\r
935          */\r
936         function action_itemcommentlist($itemid = '') {\r
937                 global $member, $manager, $CONF;\r
938 \r
939                 if ($itemid == '')\r
940                         $itemid = intRequestVar('itemid');\r
941 \r
942                 // only allow if user is allowed to alter item\r
943                 $member->canAlterItem($itemid) or $this->disallow();\r
944 \r
945                 $blogid = getBlogIdFromItemId($itemid);\r
946 \r
947                 $this->pagehead();\r
948 \r
949                 // start index\r
950                 if (postVar('start'))\r
951                         $start = intPostVar('start');\r
952                 else\r
953                         $start = 0;\r
954 \r
955                 // amount of items to show\r
956                 if (postVar('amount'))\r
957                         $amount = intPostVar('amount');\r
958                 else {\r
959                         $amount = intval($CONF['DefaultListSize']);\r
960                         if ($amount < 1)\r
961                                 $amount = 10;\r
962                 }\r
963 \r
964                 $search = postVar('search');\r
965 \r
966                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
967                 echo '<h2>',_COMMENTS,'</h2>';\r
968 \r
969                 $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;\r
970 \r
971                 if ($search)\r
972                         $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
973 \r
974                 $query .= ' ORDER BY ctime ASC'\r
975                                 . " LIMIT $start,$amount";\r
976 \r
977                 $template['content'] = 'commentlist';\r
978                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
979 \r
980                 $manager->loadClass("ENCAPSULATE");\r
981                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
982                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
983 \r
984                 $this->pagefoot();\r
985         }\r
986 \r
987         /**\r
988          * Browse own comments\r
989          */\r
990         function action_browseowncomments() {\r
991                 global $member, $manager, $CONF;\r
992 \r
993                 // start index\r
994                 if (postVar('start'))\r
995                         $start = intPostVar('start');\r
996                 else\r
997                         $start = 0;\r
998 \r
999                 // amount of items to show\r
1000                 if (postVar('amount'))\r
1001                         $amount = intPostVar('amount');\r
1002                 else {\r
1003                         $amount = intval($CONF['DefaultListSize']);\r
1004                         if ($amount < 1)\r
1005                                 $amount = 10;\r
1006                 }\r
1007 \r
1008                 $search = postVar('search');\r
1009 \r
1010 \r
1011                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
1012 \r
1013                 if ($search)\r
1014                         $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
1015 \r
1016                 $query .= ' ORDER BY ctime DESC'\r
1017                                 . " LIMIT $start,$amount";\r
1018 \r
1019                 $this->pagehead();\r
1020 \r
1021                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
1022                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
1023 \r
1024                 $template['content'] = 'commentlist';\r
1025                 $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself\r
1026 \r
1027                 $manager->loadClass("ENCAPSULATE");\r
1028                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
1029                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
1030 \r
1031                 $this->pagefoot();\r
1032         }\r
1033 \r
1034         /**\r
1035          * Browse all comments for a weblog\r
1036          * @param int $blogid\r
1037          */\r
1038         function action_blogcommentlist($blogid = '')\r
1039         {\r
1040                 global $member, $manager, $CONF;\r
1041 \r
1042                 if ($blogid == '')\r
1043                         $blogid = intRequestVar('blogid');\r
1044                 else\r
1045                         $blogid = intval($blogid);\r
1046 \r
1047                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
1048 \r
1049                 // start index\r
1050                 if (postVar('start'))\r
1051                         $start = intPostVar('start');\r
1052                 else\r
1053                         $start = 0;\r
1054 \r
1055                 // amount of items to show\r
1056                 if (postVar('amount'))\r
1057                         $amount = intPostVar('amount');\r
1058                 else {\r
1059                         $amount = intval($CONF['DefaultListSize']);\r
1060                         if ($amount < 1)\r
1061                                 $amount = 10;\r
1062                 }\r
1063 \r
1064                 $search = postVar('search');            // search through comments\r
1065 \r
1066 \r
1067                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
1068 \r
1069                 if ($search != '')\r
1070                         $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
1071 \r
1072 \r
1073                 $query .= ' ORDER BY ctime DESC'\r
1074                                 . " LIMIT $start,$amount";\r
1075 \r
1076 \r
1077                 $blog =& $manager->getBlog($blogid);\r
1078 \r
1079                 $this->pagehead();\r
1080 \r
1081                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
1082                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
1083 \r
1084                 $template['content'] = 'commentlist';\r
1085                 $template['canAddBan'] = $member->blogAdminRights($blogid);\r
1086 \r
1087                 $manager->loadClass("ENCAPSULATE");\r
1088                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
1089                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
1090 \r
1091                 $this->pagefoot();\r
1092         }\r
1093 \r
1094         /**\r
1095          * Provide a page to item a new item to the given blog\r
1096          */\r
1097         function action_createitem() {\r
1098                 global $member, $manager;\r
1099 \r
1100                 $blogid = intRequestVar('blogid');\r
1101 \r
1102                 // check if allowed\r
1103                 $member->teamRights($blogid) or $this->disallow();\r
1104 \r
1105                 $memberid = $member->getID();\r
1106 \r
1107                 $blog =& $manager->getBlog($blogid);\r
1108 \r
1109                 $this->pagehead();\r
1110 \r
1111                 // generate the add-item form\r
1112                 $formfactory =& new PAGEFACTORY($blogid);\r
1113                 $formfactory->createAddForm('admin');\r
1114 \r
1115                 $this->pagefoot();\r
1116         }\r
1117 \r
1118         /**\r
1119          * @todo document this\r
1120          */\r
1121         function action_itemedit() {\r
1122                 global $member, $manager;\r
1123 \r
1124                 $itemid = intRequestVar('itemid');\r
1125 \r
1126                 // only allow if user is allowed to alter item\r
1127                 $member->canAlterItem($itemid) or $this->disallow();\r
1128 \r
1129                 $item =& $manager->getItem($itemid,1,1);\r
1130                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
1131 \r
1132                 $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
1133 \r
1134                 if ($blog->convertBreaks()) {\r
1135                         $item['body'] = removeBreaks($item['body']);\r
1136                         $item['more'] = removeBreaks($item['more']);\r
1137                 }\r
1138 \r
1139                 // form to edit blog items\r
1140                 $this->pagehead();\r
1141                 $formfactory =& new PAGEFACTORY($blog->getID());\r
1142                 $formfactory->createEditForm('admin',$item);\r
1143                 $this->pagefoot();\r
1144         }\r
1145 \r
1146         /**\r
1147          * @todo document this\r
1148          */\r
1149         function action_itemupdate() {\r
1150                 global $member, $manager, $CONF;\r
1151 \r
1152                 $itemid = intRequestVar('itemid');\r
1153                 $catid = postVar('catid');\r
1154 \r
1155                 // only allow if user is allowed to alter item\r
1156                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1157 \r
1158                 $actiontype = postVar('actiontype');\r
1159 \r
1160                 // delete actions are handled by itemdelete (which has confirmation)\r
1161                 if ($actiontype == 'delete') {\r
1162                         $this->action_itemdelete();\r
1163                         return;\r
1164                 }\r
1165 \r
1166                 $body   = postVar('body');\r
1167                 $title  = postVar('title');\r
1168                 $more   = postVar('more');\r
1169                 $closed = intPostVar('closed');\r
1170                 $draftid = intPostVar('draftid');\r
1171 \r
1172                 // default action = add now\r
1173                 if (!$actiontype)\r
1174                         $actiontype='addnow';\r
1175 \r
1176                 // create new category if needed\r
1177                 if (strstr($catid,'newcat')) {\r
1178                         // get blogid\r
1179                         list($blogid) = sscanf($catid,"newcat-%d");\r
1180 \r
1181                         // create\r
1182                         $blog =& $manager->getBlog($blogid);\r
1183                         $catid = $blog->createNewCategory();\r
1184 \r
1185                         // show error when sth goes wrong\r
1186                         if (!$catid)\r
1187                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1188                 }\r
1189 \r
1190                 /*\r
1191                         set some variables based on actiontype\r
1192 \r
1193                         actiontypes:\r
1194                                 draft items -> addnow, addfuture, adddraft, delete\r
1195                                 non-draft items -> edit, changedate, delete\r
1196 \r
1197                         variables set:\r
1198                                 $timestamp: set to a nonzero value for future dates or date changes\r
1199                                 $wasdraft: set to 1 when the item used to be a draft item\r
1200                                 $publish: set to 1 when the edited item is not a draft\r
1201                 */\r
1202                 $blogid =  getBlogIDFromItemID($itemid);\r
1203                 $blog   =& $manager->getBlog($blogid);\r
1204 \r
1205                 $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
1206                 $wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
1207                 $publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
1208                 if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
1209                         $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
1210                 } else {\r
1211                         $timestamp =0;\r
1212                 }\r
1213 \r
1214                 // edit the item for real\r
1215                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
1216 \r
1217                 $this->updateFuturePosted($blogid);\r
1218 \r
1219                 if ($draftid > 0) {\r
1220                         // delete permission is checked inside ITEM::delete()\r
1221                         ITEM::delete($draftid);\r
1222                 }\r
1223 \r
1224                 // show category edit window when we created a new category\r
1225                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
1226                 if ($catid != intPostVar('catid')) {\r
1227                         $this->action_categoryedit(\r
1228                                 $catid,\r
1229                                 $blog->getID(),\r
1230                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
1231                         );\r
1232                 } else {\r
1233                         // TODO: set start item correctly for itemlist\r
1234                         $this->action_itemlist(getBlogIDFromItemID($itemid));\r
1235                 }\r
1236         }\r
1237 \r
1238         /**\r
1239          * @todo document this\r
1240          */\r
1241         function action_itemdelete() {\r
1242                 global $member, $manager;\r
1243 \r
1244                 $itemid = intRequestVar('itemid');\r
1245 \r
1246                 // only allow if user is allowed to alter item\r
1247                 $member->canAlterItem($itemid) or $this->disallow();\r
1248 \r
1249                 if (!$manager->existsItem($itemid,1,1))\r
1250                         $this->error(_ERROR_NOSUCHITEM);\r
1251 \r
1252                 $item =& $manager->getItem($itemid,1,1);\r
1253                 $title = htmlspecialchars(strip_tags($item['title']));\r
1254                 $body = strip_tags($item['body']);\r
1255                 $body = htmlspecialchars(shorten($body,300,'...'));\r
1256 \r
1257                 $this->pagehead();\r
1258                 ?>\r
1259                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1260 \r
1261                         <p><?php echo _CONFIRMTXT_ITEM?></p>\r
1262 \r
1263                         <div class="note">\r
1264                                 <b>"<?php echo  $title ?>"</b>\r
1265                                 <br />\r
1266                                 <?php echo $body?>\r
1267                         </div>\r
1268 \r
1269                         <form method="post" action="index.php"><div>\r
1270                                 <input type="hidden" name="action" value="itemdeleteconfirm" />\r
1271                                 <?php $manager->addTicketHidden() ?>\r
1272                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1273                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
1274                         </div></form>\r
1275                 <?php\r
1276                 $this->pagefoot();\r
1277         }\r
1278 \r
1279         /**\r
1280          * @todo document this\r
1281          */\r
1282         function action_itemdeleteconfirm() {\r
1283                 global $member;\r
1284 \r
1285                 $itemid = intRequestVar('itemid');\r
1286 \r
1287                 // only allow if user is allowed to alter item\r
1288                 $member->canAlterItem($itemid) or $this->disallow();\r
1289 \r
1290                 // get blogid first\r
1291                 $blogid = getBlogIdFromItemId($itemid);\r
1292 \r
1293                 // delete item (note: some checks will be performed twice)\r
1294                 $this->deleteOneItem($itemid);\r
1295 \r
1296                 $this->action_itemlist($blogid);\r
1297         }\r
1298 \r
1299         /**\r
1300          * Deletes one item and returns error if something goes wrong\r
1301          * @param int $itemid\r
1302          */\r
1303         function deleteOneItem($itemid) {\r
1304                 global $member, $manager;\r
1305 \r
1306                 // only allow if user is allowed to alter item (also checks if itemid exists)\r
1307                 if (!$member->canAlterItem($itemid))\r
1308                         return _ERROR_DISALLOWED;\r
1309 \r
1310                 // need to get blogid before the item is deleted\r
1311                 $blogid = getBlogIDFromItemId($itemid);\r
1312 \r
1313                 $manager->loadClass('ITEM');\r
1314                 ITEM::delete($itemid);\r
1315 \r
1316                 // update blog's futureposted\r
1317                 $this->updateFuturePosted($blogid);\r
1318         }\r
1319 \r
1320         /**\r
1321          * Update a blog's future posted flag\r
1322          * @param int $blogid\r
1323          */\r
1324         function updateFuturePosted($blogid) {\r
1325                 global $manager;\r
1326 \r
1327                 $blog =& $manager->getBlog($blogid);\r
1328                 $currenttime = $blog->getCorrectTime(time());\r
1329                 $result = sql_query("SELECT * FROM ".sql_table('item').\r
1330                         " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
1331                 if (sql_num_rows($result) > 0) {\r
1332                                 $blog->setFuturePost();\r
1333                 }\r
1334                 else {\r
1335                                 $blog->clearFuturePost();\r
1336                 }\r
1337         }\r
1338 \r
1339         /**\r
1340          * @todo document this\r
1341          */\r
1342         function action_itemmove() {\r
1343                 global $member, $manager;\r
1344 \r
1345                 $itemid = intRequestVar('itemid');\r
1346 \r
1347                 // only allow if user is allowed to alter item\r
1348                 $member->canAlterItem($itemid) or $this->disallow();\r
1349 \r
1350                 $item =& $manager->getItem($itemid,1,1);\r
1351 \r
1352                 $this->pagehead();\r
1353                 ?>\r
1354                         <h2><?php echo _MOVE_TITLE?></h2>\r
1355                         <form method="post" action="index.php"><div>\r
1356                                 <input type="hidden" name="action" value="itemmoveto" />\r
1357                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1358 \r
1359                                 <?php\r
1360 \r
1361                                         $manager->addTicketHidden();\r
1362                                         $this->selectBlogCategory('catid',$item['catid'],10,1);\r
1363                                 ?>\r
1364 \r
1365                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
1366                         </div></form>\r
1367                 <?php\r
1368                 $this->pagefoot();\r
1369         }\r
1370 \r
1371         /**\r
1372          * @todo document this\r
1373          */\r
1374         function action_itemmoveto() {\r
1375                 global $member, $manager;\r
1376 \r
1377                 $itemid = intRequestVar('itemid');\r
1378                 $catid = requestVar('catid');\r
1379 \r
1380                 // create new category if needed\r
1381                 if (strstr($catid,'newcat')) {\r
1382                         // get blogid\r
1383                         list($blogid) = sscanf($catid,'newcat-%d');\r
1384 \r
1385                         // create\r
1386                         $blog =& $manager->getBlog($blogid);\r
1387                         $catid = $blog->createNewCategory();\r
1388 \r
1389                         // show error when sth goes wrong\r
1390                         if (!$catid)\r
1391                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1392                 }\r
1393 \r
1394                 // only allow if user is allowed to alter item\r
1395                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1396 \r
1397                 $old_blogid = getBlogIDFromItemId($itemid);\r
1398 \r
1399                 ITEM::move($itemid, $catid);\r
1400 \r
1401                 // set the futurePosted flag on the blog\r
1402                 $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
1403 \r
1404                 // reset the futurePosted in case the item is moved from one blog to another\r
1405                 $this->updateFuturePosted($old_blogid);\r
1406 \r
1407                 if ($catid != intRequestVar('catid'))\r
1408                         $this->action_categoryedit($catid, $blog->getID());\r
1409                 else\r
1410                         $this->action_itemlist(getBlogIDFromCatID($catid));\r
1411         }\r
1412 \r
1413         /**\r
1414          * Moves one item to a given category (category existance should be checked by caller)\r
1415          * errors are returned\r
1416          * @param int $itemid\r
1417          * @param int $destCatid category ID to which the item will be moved\r
1418          */\r
1419         function moveOneItem($itemid, $destCatid) {\r
1420                 global $member;\r
1421 \r
1422                 // only allow if user is allowed to move item\r
1423                 if (!$member->canUpdateItem($itemid, $destCatid))\r
1424                         return _ERROR_DISALLOWED;\r
1425 \r
1426                 ITEM::move($itemid, $destCatid);\r
1427         }\r
1428 \r
1429         /**\r
1430          * Adds a item to the chosen blog\r
1431          */\r
1432         function action_additem() {\r
1433                 global $manager, $CONF;\r
1434 \r
1435                 $manager->loadClass('ITEM');\r
1436 \r
1437                 $result = ITEM::createFromRequest();\r
1438 \r
1439                 if ($result['status'] == 'error')\r
1440                         $this->error($result['message']);\r
1441 \r
1442                 $blogid = getBlogIDFromItemID($result['itemid']);\r
1443                 $blog =& $manager->getBlog($blogid);\r
1444                 $btimestamp = $blog->getCorrectTime();\r
1445                 $item      = $manager->getItem(intval($result['itemid']), 1, 1);\r
1446 \r
1447                 if ($result['status'] == 'newcategory') {\r
1448                         $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));\r
1449                         $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
1450                 } else {\r
1451                         $methodName = 'action_itemList';\r
1452                         call_user_func(array(&$this, $methodName), $blogid);\r
1453                 }\r
1454         }\r
1455 \r
1456         /**\r
1457          * Allows to edit previously made comments\r
1458          */\r
1459         function action_commentedit() {\r
1460                 global $member, $manager;\r
1461 \r
1462                 $commentid = intRequestVar('commentid');\r
1463 \r
1464                 $member->canAlterComment($commentid) or $this->disallow();\r
1465 \r
1466                 $comment = COMMENT::getComment($commentid);\r
1467 \r
1468                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
1469 \r
1470                 // change <br /> to \n\r
1471                 $comment['body'] = str_replace('<br />','',$comment['body']);\r
1472                 \r
1473                 // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0\r
1474                 /* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */\r
1475                 $comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#i", "\\1", $comment['body']);\r
1476                 \r
1477                 $this->pagehead();\r
1478 \r
1479                 ?>\r
1480                 <h2><?php echo _EDITC_TITLE?></h2>\r
1481 \r
1482                 <form action="index.php" method="post"><div>\r
1483 \r
1484                 <input type="hidden" name="action" value="commentupdate" />\r
1485                 <?php $manager->addTicketHidden(); ?>\r
1486                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1487                 <table><tr>\r
1488                         <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
1489                 </tr><tr>\r
1490                         <td><?php echo _EDITC_WHO?></td>\r
1491                         <td>\r
1492                         <?php                      if ($comment['member'])\r
1493                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
1494                                 else\r
1495                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
1496                         ?>\r
1497                         </td>\r
1498                 </tr><tr>\r
1499                         <td><?php echo _EDITC_WHEN?></td>\r
1500                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
1501                 </tr><tr>\r
1502                         <td><?php echo _EDITC_HOST?></td>\r
1503                         <td><?php echo  $comment['host']; ?></td>\r
1504                 </tr>\r
1505                 <tr>\r
1506                         <td><?php echo _EDITC_URL; ?></td>\r
1507                         <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td>\r
1508                 </tr>\r
1509                 <tr>\r
1510                         <td><?php echo _EDITC_EMAIL; ?></td>\r
1511                         <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td>\r
1512                 </tr>\r
1513                 <tr>\r
1514                         <td><?php echo _EDITC_TEXT?></td>\r
1515                         <td>\r
1516                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                              // htmlspecialchars not needed (things should be escaped already)\r
1517                                         echo $comment['body'];\r
1518                                 ?></textarea>\r
1519                         </td>\r
1520                 </tr><tr>\r
1521                         <td><?php echo _EDITC_EDIT?></td>\r
1522                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
1523                 </tr></table>\r
1524 \r
1525                 </div></form>\r
1526                 <?php\r
1527                 $this->pagefoot();\r
1528         }\r
1529 \r
1530         /**\r
1531          * @todo document this\r
1532          */\r
1533         function action_commentupdate() {\r
1534                 global $member, $manager;\r
1535 \r
1536                 $commentid = intRequestVar('commentid');\r
1537 \r
1538                 $member->canAlterComment($commentid) or $this->disallow();\r
1539 \r
1540                 $url = postVar('url');\r
1541                 $email = postVar('email');\r
1542                 $body = postVar('body');\r
1543                 \r
1544                 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1545                 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE\r
1546                 # important note that '\' must be matched with '\\\\' in preg* expressions\r
1547                 // intercept words that are too long\r
1548                 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)\r
1549                 {\r
1550                         $this->error(_ERROR_COMMENT_LONGWORD);\r
1551                 }\r
1552                 \r
1553                 // check length\r
1554                 if (strlen($body) < 3)\r
1555                 {\r
1556                         $this->error(_ERROR_COMMENT_NOCOMMENT);\r
1557                 }\r
1558                 if (strlen($body)>5000)\r
1559                 {\r
1560                         $this->error(_ERROR_COMMENT_TOOLONG);\r
1561                 }\r
1562                 \r
1563                 // prepare body\r
1564                 $body = COMMENT::prepareBody($body);\r
1565 \r
1566                 // call plugins\r
1567                 $manager->notify('PreUpdateComment',array('body' => &$body));\r
1568 \r
1569                 $query =  'UPDATE '.sql_table('comment')\r
1570                            . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"\r
1571                            . " WHERE cnumber=" . $commentid;\r
1572                 sql_query($query);\r
1573 \r
1574                 // get itemid\r
1575                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
1576                 $o = sql_fetch_object($res);\r
1577                 $itemid = $o->citem;\r
1578 \r
1579                 if ($member->canAlterItem($itemid))\r
1580                         $this->action_itemcommentlist($itemid);\r
1581                 else\r
1582                         $this->action_browseowncomments();\r
1583 \r
1584         }\r
1585 \r
1586         /**\r
1587          * @todo document this\r
1588          */\r
1589         function action_commentdelete() {\r
1590                 global $member, $manager;\r
1591 \r
1592                 $commentid = intRequestVar('commentid');\r
1593 \r
1594                 $member->canAlterComment($commentid) or $this->disallow();\r
1595 \r
1596                 $comment = COMMENT::getComment($commentid);\r
1597 \r
1598                 $body = strip_tags($comment['body']);\r
1599                 $body = htmlspecialchars(shorten($body, 300, '...'));\r
1600 \r
1601                 if ($comment['member'])\r
1602                         $author = $comment['member'];\r
1603                 else\r
1604                         $author = $comment['user'];\r
1605 \r
1606                 $this->pagehead();\r
1607                 ?>\r
1608 \r
1609                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1610 \r
1611                         <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
1612 \r
1613                         <div class="note">\r
1614                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
1615                         <br />\r
1616                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
1617                         </div>\r
1618 \r
1619                         <form method="post" action="index.php"><div>\r
1620                                 <input type="hidden" name="action" value="commentdeleteconfirm" />\r
1621                                 <?php $manager->addTicketHidden() ?>\r
1622                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1623                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
1624                         </div></form>\r
1625                 <?php\r
1626                 $this->pagefoot();\r
1627         }\r
1628 \r
1629         /**\r
1630          * @todo document this\r
1631          */\r
1632         function action_commentdeleteconfirm() {\r
1633                 global $member;\r
1634 \r
1635                 $commentid = intRequestVar('commentid');\r
1636 \r
1637                 // get item id first\r
1638                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
1639                 $o = sql_fetch_object($res);\r
1640                 $itemid = $o->citem;\r
1641 \r
1642                 $error = $this->deleteOneComment($commentid);\r
1643                 if ($error)\r
1644                         $this->doError($error);\r
1645 \r
1646                 if ($member->canAlterItem($itemid))\r
1647                         $this->action_itemcommentlist($itemid);\r
1648                 else\r
1649                         $this->action_browseowncomments();\r
1650         }\r
1651 \r
1652         /**\r
1653          * @todo document this\r
1654          */\r
1655         function deleteOneComment($commentid) {\r
1656                 global $member, $manager;\r
1657 \r
1658                 $commentid = intval($commentid);\r
1659 \r
1660                 if (!$member->canAlterComment($commentid))\r
1661                         return _ERROR_DISALLOWED;\r
1662 \r
1663                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
1664 \r
1665                 // delete the comments associated with the item\r
1666                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
1667                 sql_query($query);\r
1668 \r
1669                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
1670 \r
1671                 return '';\r
1672         }\r
1673 \r
1674         /**\r
1675          * Usermanagement main\r
1676          */\r
1677         function action_usermanagement() {\r
1678                 global $member, $manager;\r
1679 \r
1680                 // check if allowed\r
1681                 $member->isAdmin() or $this->disallow();\r
1682 \r
1683                 $this->pagehead();\r
1684 \r
1685                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
1686 \r
1687                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
1688 \r
1689                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
1690 \r
1691                 // show list of members with actions\r
1692                 $query =  'SELECT *'\r
1693                            . ' FROM '.sql_table('member');\r
1694                 $template['content'] = 'memberlist';\r
1695                 $template['tabindex'] = 10;\r
1696 \r
1697                 $manager->loadClass("ENCAPSULATE");\r
1698                 $batch =& new BATCH('member');\r
1699                 $batch->showlist($query,'table',$template);\r
1700 \r
1701                 echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
1702                 ?>\r
1703                         <form method="post" action="index.php" name="memberedit"><div>\r
1704 \r
1705                         <input type="hidden" name="action" value="memberadd" />\r
1706                         <?php $manager->addTicketHidden() ?>\r
1707 \r
1708                         <table>\r
1709                         <tr>\r
1710                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
1711                         </tr><tr>\r
1712                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1713                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1714                                 </td>\r
1715                                 <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td>\r
1716                         </tr><tr>\r
1717                                 <td><?php echo _MEMBERS_REALNAME?></td>\r
1718                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
1719                         </tr><tr>\r
1720                                 <td><?php echo _MEMBERS_PWD?></td>\r
1721                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
1722                         </tr><tr>\r
1723                                 <td><?php echo _MEMBERS_REPPWD?></td>\r
1724                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
1725                         </tr><tr>\r
1726                                 <td><?php echo _MEMBERS_EMAIL?></td>\r
1727                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
1728                         </tr><tr>\r
1729                                 <td><?php echo _MEMBERS_URL?></td>\r
1730                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
1731                         </tr><tr>\r
1732                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1733                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
1734                         </tr><tr>\r
1735                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1736                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
1737                         </tr><tr>\r
1738                                 <td><?php echo _MEMBERS_NOTES?></td>\r
1739                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
1740                         </tr><tr>\r
1741                                 <td><?php echo _MEMBERS_NEW?></td>\r
1742                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
1743                         </tr></table>\r
1744 \r
1745                         </div></form>\r
1746                 <?php\r
1747                 $this->pagefoot();\r
1748         }\r
1749 \r
1750         /**\r
1751          * Edit member settings\r
1752          */\r
1753         function action_memberedit() {\r
1754                 $this->action_editmembersettings(intRequestVar('memberid'));\r
1755         }\r
1756 \r
1757         /**\r
1758          * @todo document this\r
1759          */\r
1760         function action_editmembersettings($memberid = '') {\r
1761                 global $member, $manager, $CONF;\r
1762 \r
1763                 if ($memberid == '')\r
1764                         $memberid = $member->getID();\r
1765 \r
1766                 // check if allowed\r
1767                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1768 \r
1769                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
1770                 $this->pagehead($extrahead);\r
1771 \r
1772                 // show message to go back to member overview (only for admins)\r
1773                 if ($member->isAdmin())\r
1774                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
1775                 else\r
1776                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
1777 \r
1778                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
1779 \r
1780                 $mem = MEMBER::createFromID($memberid);\r
1781 \r
1782                 ?>\r
1783                 <form method="post" action="index.php" name="memberedit"><div>\r
1784 \r
1785                 <input type="hidden" name="action" value="changemembersettings" />\r
1786                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
1787                 <?php $manager->addTicketHidden() ?>\r
1788 \r
1789                 <table><tr>\r
1790                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
1791                 </tr><tr>\r
1792                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1793                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1794                         </td>\r
1795                         <td>\r
1796                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1797                                 <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
1798                         <?php } else {\r
1799                                 echo htmlspecialchars($member->getDisplayName());\r
1800                            }\r
1801                         ?>\r
1802                         </td>\r
1803                 </tr><tr>\r
1804                         <td><?php echo _MEMBERS_REALNAME?></td>\r
1805                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
1806                 </tr><tr>\r
1807                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1808                         <td><?php echo _MEMBERS_PWD?></td>\r
1809                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
1810                 </tr><tr>\r
1811                         <td><?php echo _MEMBERS_REPPWD?></td>\r
1812                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
1813                 <?php } ?>\r
1814                 </tr><tr>\r
1815                         <td><?php echo _MEMBERS_EMAIL?>\r
1816                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
1817                         </td>\r
1818                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
1819                 </tr><tr>\r
1820                         <td><?php echo _MEMBERS_URL?></td>\r
1821                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
1822                 <?php // only allow to change this by super-admins\r
1823                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
1824                    if ($member->isAdmin()) {\r
1825                 ?>\r
1826                         </tr><tr>\r
1827                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1828                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
1829                         </tr><tr>\r
1830                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1831                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>\r
1832                 <?php } ?>\r
1833                 </tr><tr>\r
1834                         <td><?php echo _MEMBERS_NOTES?></td>\r
1835                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
1836                 </tr><tr>\r
1837                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
1838                         </td>\r
1839                         <td>\r
1840 \r
1841                                 <select name="deflang" tabindex="85">\r
1842                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
1843                                 <?php                      // show a dropdown list of all available languages\r
1844                                 global $DIR_LANG;\r
1845                                 $dirhandle = opendir($DIR_LANG);\r
1846                                 while ($filename = readdir($dirhandle))\r
1847                                 {\r
1848                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1849                                         # original ereg: ereg("^(.*)\.php$", $filename, $matches)\r
1850                                         if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
1851                                         {\r
1852                                                 $name = $matches[1];\r
1853                                                 echo "<option value=\"$name\"";\r
1854                                                 if ($name == $mem->getLanguage() )\r
1855                                                 {\r
1856                                                         echo " selected=\"selected\"";\r
1857                                                 }\r
1858                                                 echo ">$name</option>";\r
1859                                         }\r
1860                                 }\r
1861                                 closedir($dirhandle);\r
1862                                 \r
1863                                 ?>\r
1864                                 </select>\r
1865 \r
1866                         </td>\r
1867                 </tr>\r
1868                 <tr>\r
1869                         <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td>\r
1870                         <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td>\r
1871                 </tr>\r
1872                 <?php\r
1873                         // plugin options\r
1874                         $this->_insertPluginOptions('member',$memberid);\r
1875                 ?>\r
1876                 <tr>\r
1877                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
1878                 </tr><tr>\r
1879                         <td><?php echo _MEMBERS_EDIT?></td>\r
1880                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
1881                 </tr></table>\r
1882 \r
1883                 </div></form>\r
1884 \r
1885                 <?php\r
1886                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
1887 \r
1888                         $manager->notify(\r
1889                                 'MemberSettingsFormExtras',\r
1890                                 array(\r
1891                                         'member' => &$mem\r
1892                                 )\r
1893                         );\r
1894 \r
1895                 $this->pagefoot();\r
1896         }\r
1897 \r
1898         /**\r
1899          * @todo document this\r
1900          */\r
1901         function action_changemembersettings() {\r
1902                 global $member, $CONF, $manager;\r
1903 \r
1904                 $memberid = intRequestVar('memberid');\r
1905 \r
1906                 // check if allowed\r
1907                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1908 \r
1909                 $name              = trim(strip_tags(postVar('name')));\r
1910                 $realname          = trim(strip_tags(postVar('realname')));\r
1911                 $password          = postVar('password');\r
1912                 $repeatpassword = postVar('repeatpassword');\r
1913                 $email            = strip_tags(postVar('email'));\r
1914                 $url                    = strip_tags(postVar('url'));\r
1915 \r
1916                 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1917                 # original eregi: !eregi("^https?://", $url)\r
1918                 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.\r
1919                 if (!preg_match('#^https?://#', $url) )\r
1920                 {\r
1921                         $url = 'http://' . $url;\r
1922                 }\r
1923                 $admin            = postVar('admin');\r
1924                 $canlogin          = postVar('canlogin');\r
1925                 $notes            = strip_tags(postVar('notes'));\r
1926                 $deflang                = postVar('deflang');\r
1927 \r
1928                 $mem = MEMBER::createFromID($memberid);\r
1929 \r
1930                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1931 \r
1932                         if (!isValidDisplayName($name))\r
1933                                 $this->error(_ERROR_BADNAME);\r
1934 \r
1935                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
1936                                 $this->error(_ERROR_NICKNAMEINUSE);\r
1937 \r
1938                         if ($password != $repeatpassword)\r
1939                                 $this->error(_ERROR_PASSWORDMISMATCH);\r
1940 \r
1941                         if ($password && (strlen($password) < 6))\r
1942                                 $this->error(_ERROR_PASSWORDTOOSHORT);\r
1943 \r
1944                         if ($password) {\r
1945                                 $pwdvalid = true;\r
1946                                 $pwderror = '';\r
1947                                 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
1948                                 if (!$pwdvalid) {\r
1949                                         $this->error($pwderror);\r
1950                                 }\r
1951                         }\r
1952                 }\r
1953 \r
1954                 if (!isValidMailAddress($email))\r
1955                         $this->error(_ERROR_BADMAILADDRESS);\r
1956 \r
1957 \r
1958                 if (!$realname)\r
1959                         $this->error(_ERROR_REALNAMEMISSING);\r
1960 \r
1961                 if (($deflang != '') && (!checkLanguage($deflang)))\r
1962                         $this->error(_ERROR_NOSUCHLANGUAGE);\r
1963 \r
1964                 // check if there will remain at least one site member with both the logon and admin rights\r
1965                 // (check occurs when taking away one of these rights from such a member)\r
1966                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
1967                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
1968                    )\r
1969                 {\r
1970                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
1971                         if (sql_num_rows($r) < 2)\r
1972                                 $this->error(_ERROR_ATLEASTONEADMIN);\r
1973                 }\r
1974 \r
1975                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1976                         $mem->setDisplayName($name);\r
1977                         if ($password)\r
1978                                 $mem->setPassword($password);\r
1979                 }\r
1980 \r
1981                 $oldEmail = $mem->getEmail();\r
1982 \r
1983                 $mem->setRealName($realname);\r
1984                 $mem->setEmail($email);\r
1985                 $mem->setURL($url);\r
1986                 $mem->setNotes($notes);\r
1987                 $mem->setLanguage($deflang);\r
1988 \r
1989 \r
1990                 // only allow super-admins to make changes to the admin status\r
1991                 if ($member->isAdmin()) {\r
1992                         $mem->setAdmin($admin);\r
1993                         $mem->setCanLogin($canlogin);\r
1994                 }\r
1995 \r
1996                 $autosave = postVar ('autosave');\r
1997                 $mem->setAutosave($autosave);\r
1998 \r
1999                 $mem->write();\r
2000 \r
2001                 // store plugin options\r
2002                 $aOptions = requestArray('plugoption');\r
2003                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2004                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
2005 \r
2006                 // if email changed, generate new password\r
2007                 if ($oldEmail != $mem->getEmail())\r
2008                 {\r
2009                         $mem->sendActivationLink('addresschange', $oldEmail);\r
2010                         // logout member\r
2011                         $mem->newCookieKey();\r
2012 \r
2013                         // only log out if the member being edited is the current member.\r
2014                         if ($member->getID() == $memberid)\r
2015                                 $member->logout();\r
2016                         $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
2017                         return;\r
2018                 }\r
2019 \r
2020 \r
2021                 if (  ( $mem->getID() == $member->getID() )\r
2022                    && ( $mem->getDisplayName() != $member->getDisplayName() )\r
2023                    ) {\r
2024                         $mem->newCookieKey();\r
2025                         $member->logout();\r
2026                         $this->action_login(_MSG_LOGINAGAIN, 0);\r
2027                 } else {\r
2028                         $this->action_overview(_MSG_SETTINGSCHANGED);\r
2029                 }\r
2030         }\r
2031 \r
2032         /**\r
2033          * @todo document this\r
2034          */\r
2035         function action_memberadd() {\r
2036                 global $member, $manager;\r
2037 \r
2038                 // check if allowed\r
2039                 $member->isAdmin() or $this->disallow();\r
2040 \r
2041                 if (postVar('password') != postVar('repeatpassword'))\r
2042                         $this->error(_ERROR_PASSWORDMISMATCH);\r
2043                 if (strlen(postVar('password')) < 6)\r
2044                         $this->error(_ERROR_PASSWORDTOOSHORT);\r
2045 \r
2046                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
2047                 if ($res != 1)\r
2048                         $this->error($res);\r
2049 \r
2050                 // fire PostRegister event\r
2051                 $newmem = new MEMBER();\r
2052                 $newmem->readFromName(postVar('name'));\r
2053                 $manager->notify('PostRegister',array('member' => &$newmem));\r
2054 \r
2055                 $this->action_usermanagement();\r
2056         }\r
2057 \r
2058         /**\r
2059          * Account activation\r
2060          *\r
2061          * @author dekarma\r
2062          */\r
2063         function action_activate() {\r
2064 \r
2065                 $key = getVar('key');\r
2066                 $this->_showActivationPage($key);\r
2067         }\r
2068 \r
2069         /**\r
2070          * @todo document this\r
2071          */\r
2072         function _showActivationPage($key, $message = '')\r
2073         {\r
2074                 global $manager;\r
2075 \r
2076                 // clean up old activation keys\r
2077                 MEMBER::cleanupActivationTable();\r
2078 \r
2079                 // get activation info\r
2080                 $info = MEMBER::getActivationInfo($key);\r
2081 \r
2082                 if (!$info)\r
2083                         $this->error(_ERROR_ACTIVATE);\r
2084 \r
2085                 $mem = MEMBER::createFromId($info->vmember);\r
2086 \r
2087                 if (!$mem)\r
2088                         $this->error(_ERROR_ACTIVATE);\r
2089 \r
2090                 $text = '';\r
2091                 $title = '';\r
2092                 $bNeedsPasswordChange = true;\r
2093 \r
2094                 switch ($info->vtype)\r
2095                 {\r
2096                         case 'forgot':\r
2097                                 $title = _ACTIVATE_FORGOT_TITLE;\r
2098                                 $text = _ACTIVATE_FORGOT_TEXT;\r
2099                                 break;\r
2100                         case 'register':\r
2101                                 $title = _ACTIVATE_REGISTER_TITLE;\r
2102                                 $text = _ACTIVATE_REGISTER_TEXT;\r
2103                                 break;\r
2104                         case 'addresschange':\r
2105                                 $title = _ACTIVATE_CHANGE_TITLE;\r
2106                                 $text = _ACTIVATE_CHANGE_TEXT;\r
2107                                 $bNeedsPasswordChange = false;\r
2108                                 MEMBER::activate($key);\r
2109                                 break;\r
2110                 }\r
2111 \r
2112                 $aVars = array(\r
2113                         'memberName' => htmlspecialchars($mem->getDisplayName())\r
2114                 );\r
2115                 $title = TEMPLATE::fill($title, $aVars);\r
2116                 $text = TEMPLATE::fill($text, $aVars);\r
2117 \r
2118                 $this->pagehead();\r
2119 \r
2120                         echo '<h2>' , $title, '</h2>';\r
2121                         echo '<p>' , $text, '</p>';\r
2122 \r
2123                         if ($message != '')\r
2124                         {\r
2125                                 echo '<p class="error">',$message,'</p>';\r
2126                         }\r
2127 \r
2128                         if ($bNeedsPasswordChange)\r
2129                         {\r
2130                                 ?>\r
2131                                         <div><form action="index.php" method="post">\r
2132 \r
2133                                                 <input type="hidden" name="action" value="activatesetpwd" />\r
2134                                                 <?php $manager->addTicketHidden() ?>\r
2135                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
2136 \r
2137                                                 <table><tr>\r
2138                                                         <td><?php echo _MEMBERS_PWD?></td>\r
2139                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
2140                                                 </tr><tr>\r
2141                                                         <td><?php echo _MEMBERS_REPPWD?></td>\r
2142                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
2143                                                 <?php\r
2144 \r
2145                                                         global $manager;\r
2146                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));\r
2147 \r
2148                                                 ?>\r
2149                                                 </tr><tr>\r
2150                                                         <td><?php echo _MEMBERS_SETPWD ?></td>\r
2151                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
2152                                                 </tr></table>\r
2153 \r
2154 \r
2155                                         </form></div>\r
2156 \r
2157                                 <?php\r
2158 \r
2159                         }\r
2160 \r
2161                 $this->pagefoot();\r
2162 \r
2163         }\r
2164 \r
2165         /**\r
2166          * Account activation - set password part\r
2167          *\r
2168          * @author dekarma\r
2169          */\r
2170         function action_activatesetpwd() {\r
2171                 \r
2172                 $key = postVar('key');\r
2173 \r
2174                 // clean up old activation keys\r
2175                 MEMBER::cleanupActivationTable();\r
2176 \r
2177                 // get activation info\r
2178                 $info = MEMBER::getActivationInfo($key);\r
2179 \r
2180                 if (!$info || ($info->type == 'addresschange'))\r
2181                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2182 \r
2183                 $mem = MEMBER::createFromId($info->vmember);\r
2184 \r
2185                 if (!$mem)\r
2186                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2187 \r
2188                 $password          = postVar('password');\r
2189                 $repeatpassword = postVar('repeatpassword');\r
2190 \r
2191                 if (!$password) {
2192                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISSING);\r
2193                 }\r
2194                 \r
2195                 if ($password != $repeatpassword) {\r
2196                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
2197                 }\r
2198                 \r
2199                 if (strlen($password) < 6) {\r
2200                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
2201                 }\r
2202                 \r
2203                 $pwdvalid = true;\r
2204                 $pwderror = '';\r
2205                 \r
2206                 global $manager;\r
2207                 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
2208                 \r
2209                 if (!$pwdvalid) {\r
2210                         return $this->_showActivationPage($key,$pwderror);\r
2211                 }\r
2212                 \r
2213                 $error = '';\r
2214                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
2215                 if ($error != '')\r
2216                         return $this->_showActivationPage($key, $error);\r
2217 \r
2218 \r
2219                 // set password\r
2220                 $mem->setPassword($password);\r
2221                 $mem->write();\r
2222 \r
2223                 // do the activation\r
2224                 MEMBER::activate($key);\r
2225 \r
2226                 $this->pagehead();\r
2227                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
2228                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
2229                 $this->pagefoot();\r
2230         }\r
2231 \r
2232         /**\r
2233          * Manage team\r
2234          */\r
2235         function action_manageteam() {\r
2236                 global $member, $manager;\r
2237 \r
2238                 $blogid = intRequestVar('blogid');\r
2239 \r
2240                 // check if allowed\r
2241                 $member->blogAdminRights($blogid) or $this->disallow();\r
2242 \r
2243                 $this->pagehead();\r
2244 \r
2245                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2246 \r
2247                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
2248 \r
2249                 echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
2250 \r
2251 \r
2252 \r
2253                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
2254                            . ' FROM '.sql_table('member').', '.sql_table('team')\r
2255                            . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
2256 \r
2257                 $template['content'] = 'teamlist';\r
2258                 $template['tabindex'] = 10;\r
2259 \r
2260                 $manager->loadClass("ENCAPSULATE");\r
2261                 $batch =& new BATCH('team');\r
2262                 $batch->showlist($query, 'table', $template);\r
2263 \r
2264                 ?>\r
2265                         <h3><?php echo _TEAM_ADDNEW?></h3>\r
2266 \r
2267                         <form method='post' action='index.php'><div>\r
2268 \r
2269                         <input type='hidden' name='action' value='teamaddmember' />\r
2270                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
2271                         <?php $manager->addTicketHidden() ?>\r
2272 \r
2273                         <table><tr>\r
2274                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
2275                                 <td><?php                                  // TODO: try to make it so only non-team-members are listed\r
2276                                         $query =  'SELECT mname as text, mnumber as value'\r
2277                                                    . ' FROM '.sql_table('member');\r
2278 \r
2279                                         $template['name'] = 'memberid';\r
2280                                         $template['tabindex'] = 10000;\r
2281                                         showlist($query,'select',$template);\r
2282                                 ?></td>\r
2283                         </tr><tr>\r
2284                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
2285                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
2286                         </tr><tr>\r
2287                                 <td><?php echo _TEAM_ADD?></td>\r
2288                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
2289                         </tr></table>\r
2290 \r
2291                         </div></form>\r
2292                 <?php\r
2293                 $this->pagefoot();\r
2294         }\r
2295 \r
2296         /**\r
2297          * Add member to team\r
2298          */\r
2299         function action_teamaddmember() {\r
2300                 global $member, $manager;\r
2301 \r
2302                 $memberid = intPostVar('memberid');\r
2303                 $blogid = intPostVar('blogid');\r
2304                 $admin = intPostVar('admin');\r
2305 \r
2306                 // check if allowed\r
2307                 $member->blogAdminRights($blogid) or $this->disallow();\r
2308 \r
2309                 $blog =& $manager->getBlog($blogid);\r
2310                 if (!$blog->addTeamMember($memberid, $admin))\r
2311                         $this->error(_ERROR_ALREADYONTEAM);\r
2312 \r
2313                 $this->action_manageteam();\r
2314 \r
2315         }\r
2316 \r
2317         /**\r
2318          * @todo document this\r
2319          */\r
2320         function action_teamdelete() {\r
2321                 global $member, $manager;\r
2322 \r
2323                 $memberid = intRequestVar('memberid');\r
2324                 $blogid = intRequestVar('blogid');\r
2325 \r
2326                 // check if allowed\r
2327                 $member->blogAdminRights($blogid) or $this->disallow();\r
2328 \r
2329                 $teammem = MEMBER::createFromID($memberid);\r
2330                 $blog =& $manager->getBlog($blogid);\r
2331 \r
2332                 $this->pagehead();\r
2333                 ?>\r
2334                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2335 \r
2336                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
2337                         </p>\r
2338 \r
2339 \r
2340                         <form method="post" action="index.php"><div>\r
2341                         <input type="hidden" name="action" value="teamdeleteconfirm" />\r
2342                         <?php $manager->addTicketHidden() ?>\r
2343                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
2344                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2345                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2346                         </div></form>\r
2347                 <?php\r
2348                 $this->pagefoot();\r
2349         }\r
2350 \r
2351         /**\r
2352          * @todo document this\r
2353          */\r
2354         function action_teamdeleteconfirm() {\r
2355                 global $member;\r
2356 \r
2357                 $memberid = intRequestVar('memberid');\r
2358                 $blogid = intRequestVar('blogid');\r
2359 \r
2360                 $error = $this->deleteOneTeamMember($blogid, $memberid);\r
2361                 if ($error)\r
2362                         $this->error($error);\r
2363 \r
2364 \r
2365                 $this->action_manageteam();\r
2366         }\r
2367 \r
2368         /**\r
2369          * @todo document this\r
2370          */\r
2371         function deleteOneTeamMember($blogid, $memberid) {\r
2372                 global $member, $manager;\r
2373 \r
2374                 $blogid = intval($blogid);\r
2375                 $memberid = intval($memberid);\r
2376 \r
2377                 // check if allowed\r
2378                 if (!$member->blogAdminRights($blogid))\r
2379                         return _ERROR_DISALLOWED;\r
2380 \r
2381                 // check if: - there remains at least one blog admin\r
2382                 //                 - (there remains at least one team member)\r
2383                 $tmem = MEMBER::createFromID($memberid);\r
2384 \r
2385                 $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
2386 \r
2387                 if ($tmem->isBlogAdmin($blogid)) {\r
2388                         // check if there are more blog members left and at least one admin\r
2389                         // (check for at least two admins before deletion)\r
2390                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
2391                         $r = sql_query($query);\r
2392                         if (sql_num_rows($r) < 2)\r
2393                                 return _ERROR_ATLEASTONEBLOGADMIN;\r
2394                 }\r
2395 \r
2396                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
2397                 sql_query($query);\r
2398 \r
2399                 $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
2400 \r
2401                 return '';\r
2402         }\r
2403 \r
2404         /**\r
2405          * @todo document this\r
2406          */\r
2407         function action_teamchangeadmin() {\r
2408                 global $member;\r
2409 \r
2410                 $blogid = intRequestVar('blogid');\r
2411                 $memberid = intRequestVar('memberid');\r
2412 \r
2413                 // check if allowed\r
2414                 $member->blogAdminRights($blogid) or $this->disallow();\r
2415 \r
2416                 $mem = MEMBER::createFromID($memberid);\r
2417 \r
2418                 // don't allow when there is only one admin at this moment\r
2419                 if ($mem->isBlogAdmin($blogid)) {\r
2420                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
2421                         if (sql_num_rows($r) == 1)\r
2422                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
2423                 }\r
2424 \r
2425                 if ($mem->isBlogAdmin($blogid))\r
2426                         $newval = 0;\r
2427                 else\r
2428                         $newval = 1;\r
2429 \r
2430                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
2431                 sql_query($query);\r
2432 \r
2433                 // only show manageteam if member did not change its own admin privileges\r
2434                 if ($member->isBlogAdmin($blogid))\r
2435                         $this->action_manageteam();\r
2436                 else\r
2437                         $this->action_overview(_MSG_ADMINCHANGED);\r
2438         }\r
2439 \r
2440         /**\r
2441          * @todo document this\r
2442          */\r
2443         function action_blogsettings() {\r
2444                 global $member, $manager;\r
2445 \r
2446                 $blogid = intRequestVar('blogid');\r
2447 \r
2448                 // check if allowed\r
2449                 $member->blogAdminRights($blogid) or $this->disallow();\r
2450 \r
2451                 $blog =& $manager->getBlog($blogid);\r
2452 \r
2453                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2454                 $this->pagehead($extrahead);\r
2455 \r
2456                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
2457                 ?>\r
2458                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
2459 \r
2460                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
2461 \r
2462                 <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?>\r
2463                 <?php\r
2464                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
2465                         $aMemberNames = array();\r
2466                         while ($o = sql_fetch_object($res))\r
2467                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
2468                         echo implode(',', $aMemberNames);\r
2469                 ?>\r
2470                 </p>\r
2471 \r
2472 \r
2473 \r
2474                 <p>\r
2475                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
2476                 </p>\r
2477 \r
2478                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
2479 \r
2480                 <form method="post" action="index.php"><div>\r
2481 \r
2482                 <input type="hidden" name="action" value="blogsettingsupdate" />\r
2483                 <?php $manager->addTicketHidden() ?>\r
2484                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2485                 <table><tr>\r
2486                         <td><?php echo _EBLOG_NAME?></td>\r
2487                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
2488                 </tr><tr>\r
2489                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
2490                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
2491                         </td>\r
2492                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
2493                 </tr><tr>\r
2494                         <td><?php echo _EBLOG_DESC?></td>\r
2495                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
2496                 </tr><tr>\r
2497                         <td><?php echo _EBLOG_URL?></td>\r
2498                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
2499                 </tr><tr>\r
2500                         <td><?php echo _EBLOG_DEFSKIN?>\r
2501                                 <?php help('blogdefaultskin'); ?>\r
2502                         </td>\r
2503                         <td>\r
2504                                 <?php\r
2505                                         $query =  'SELECT sdname as text, sdnumber as value'\r
2506                                                    . ' FROM '.sql_table('skin_desc');\r
2507                                         $template['name'] = 'defskin';\r
2508                                         $template['selected'] = $blog->getDefaultSkin();\r
2509                                         $template['tabindex'] = 50;\r
2510                                         showlist($query,'select',$template);\r
2511                                 ?>\r
2512 \r
2513                         </td>\r
2514                 </tr><tr>\r
2515                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
2516                         </td>\r
2517                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
2518                 </tr><tr>\r
2519                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
2520                         </td>\r
2521                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
2522                 </tr><tr>\r
2523                         <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
2524                         </td>\r
2525                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
2526                 </tr><tr>\r
2527                         <td><?php echo _EBLOG_ANONYMOUS?>\r
2528                         </td>\r
2529                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
2530                 </tr><tr>\r
2531         <td><?php echo _EBLOG_REQUIREDEMAIL?>\r
2532                  </td>\r
2533                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>\r
2534           </tr><tr>\r
2535                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
2536                         <td><input name="notify" tabindex="80" maxlength="128" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
2537                 </tr><tr>\r
2538                         <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
2539                         <td>\r
2540                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
2541                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
2542                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
2543                                 <br />\r
2544                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
2545                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
2546                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
2547                                 <br />\r
2548                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
2549                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
2550                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
2551                         </td>\r
2552                 </tr><tr>\r
2553                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
2554                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
2555                 </tr><tr>\r
2556                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
2557                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
2558                 </tr><tr>\r
2559                         <td><?php echo _EBLOG_DEFCAT?></td>\r
2560                         <td>\r
2561                                 <?php\r
2562                                         $query =  'SELECT cname as text, catid as value'\r
2563                                                    . ' FROM '.sql_table('category')\r
2564                                                    . ' WHERE cblog=' . $blog->getID();\r
2565                                         $template['name'] = 'defcat';\r
2566                                         $template['selected'] = $blog->getDefaultCategory();\r
2567                                         $template['tabindex'] = 110;\r
2568                                         showlist($query,'select',$template);\r
2569                                 ?>\r
2570                         </td>\r
2571                 </tr><tr>\r
2572                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
2573                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
2574                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
2575                                 </td>\r
2576                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
2577                 </tr><tr>\r
2578                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
2579                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
2580                 </tr>\r
2581                 <?php\r
2582                         // plugin options\r
2583                         $this->_insertPluginOptions('blog',$blogid);\r
2584                 ?>\r
2585                 <tr>\r
2586                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
2587                 </tr><tr>\r
2588                         <td><?php echo _EBLOG_CHANGE?></td>\r
2589                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
2590                 </tr></table>\r
2591 \r
2592                 </div></form>\r
2593 \r
2594                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
2595 \r
2596 \r
2597                 <?php\r
2598                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
2599                 $template['content'] = 'categorylist';\r
2600                 $template['tabindex'] = 200;\r
2601 \r
2602                 $manager->loadClass("ENCAPSULATE");\r
2603                 $batch =& new BATCH('category');\r
2604                 $batch->showlist($query,'table',$template);\r
2605 \r
2606                 ?>\r
2607 \r
2608 \r
2609                 <form action="index.php" method="post"><div>\r
2610                 <input name="action" value="categorynew" type="hidden" />\r
2611                 <?php $manager->addTicketHidden() ?>\r
2612                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
2613 \r
2614                 <table><tr>\r
2615                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
2616                 </tr><tr>\r
2617                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2618                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
2619                 </tr><tr>\r
2620                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2621                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
2622                 </tr><tr>\r
2623                         <td><?php echo _EBLOG_CAT_CREATE?></td>\r
2624                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
2625                 </tr></table>\r
2626 \r
2627                 </div></form>\r
2628 \r
2629                 <?php\r
2630 \r
2631                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
2632 \r
2633                         $manager->notify(\r
2634                                 'BlogSettingsFormExtras',\r
2635                                 array(\r
2636                                         'blog' => &$blog\r
2637                                 )\r
2638                         );\r
2639 \r
2640                 $this->pagefoot();\r
2641         }\r
2642 \r
2643         /**\r
2644          * @todo document this\r
2645          */\r
2646         function action_categorynew() {\r
2647                 global $member, $manager;\r
2648 \r
2649                 $blogid = intRequestVar('blogid');\r
2650 \r
2651                 $member->blogAdminRights($blogid) or $this->disallow();\r
2652 \r
2653                 $cname = postVar('cname');\r
2654                 $cdesc = postVar('cdesc');\r
2655 \r
2656                 if (!isValidCategoryName($cname))\r
2657                         $this->error(_ERROR_BADCATEGORYNAME);\r
2658 \r
2659                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid);\r
2660                 $res = sql_query($query);\r
2661                 if (sql_num_rows($res) > 0)\r
2662                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2663 \r
2664                 $blog      =& $manager->getBlog($blogid);\r
2665                 $newCatID   =  $blog->createNewCategory($cname, $cdesc);\r
2666 \r
2667                 $this->action_blogsettings();\r
2668         }\r
2669 \r
2670         /**\r
2671          * @todo document this\r
2672          */\r
2673         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
2674                 global $member, $manager;\r
2675 \r
2676                 if ($blogid == '')\r
2677                         $blogid = intGetVar('blogid');\r
2678                 else\r
2679                         $blogid = intval($blogid);\r
2680                 if ($catid == '')\r
2681                         $catid = intGetVar('catid');\r
2682                 else\r
2683                         $catid = intval($catid);\r
2684 \r
2685                 $member->blogAdminRights($blogid) or $this->disallow();\r
2686 \r
2687                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
2688                 $obj = sql_fetch_object($res);\r
2689 \r
2690                 $cname = $obj->cname;\r
2691                 $cdesc = $obj->cdesc;\r
2692 \r
2693                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2694                 $this->pagehead($extrahead);\r
2695 \r
2696                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2697 \r
2698                 ?>\r
2699                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
2700                 <form method='post' action='index.php'><div>\r
2701                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
2702                 <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
2703                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
2704                 <input name="action" type="hidden" value="categoryupdate" />\r
2705                 <?php $manager->addTicketHidden(); ?>\r
2706 \r
2707                 <table><tr>\r
2708                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2709                 </tr><tr>\r
2710                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2711                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
2712                 </tr><tr>\r
2713                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2714                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
2715                 </tr>\r
2716                 <?php\r
2717                         // insert plugin options\r
2718                         $this->_insertPluginOptions('category',$catid);\r
2719                 ?>\r
2720                 <tr>\r
2721                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2722                 </tr><tr>\r
2723                         <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
2724                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
2725                 </tr></table>\r
2726 \r
2727                 </div></form>\r
2728                 <?php\r
2729                 $this->pagefoot();\r
2730         }\r
2731 \r
2732         /**\r
2733          * @todo document this\r
2734          */\r
2735         function action_categoryupdate() {\r
2736                 global $member, $manager;\r
2737 \r
2738                 $blogid = intPostVar('blogid');\r
2739                 $catid = intPostVar('catid');\r
2740                 $cname = postVar('cname');\r
2741                 $cdesc = postVar('cdesc');\r
2742                 $desturl = postVar('desturl');\r
2743 \r
2744                 $member->blogAdminRights($blogid) or $this->disallow();\r
2745 \r
2746                 if (!isValidCategoryName($cname))\r
2747                         $this->error(_ERROR_BADCATEGORYNAME);\r
2748 \r
2749                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
2750                 $res = sql_query($query);\r
2751                 if (sql_num_rows($res) > 0)\r
2752                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2753 \r
2754                 $query =  'UPDATE '.sql_table('category').' SET'\r
2755                            . " cname='" . sql_real_escape_string($cname) . "',"\r
2756                            . " cdesc='" . sql_real_escape_string($cdesc) . "'"\r
2757                            . " WHERE catid=" . $catid;\r
2758 \r
2759                 sql_query($query);\r
2760 \r
2761                 // store plugin options\r
2762                 $aOptions = requestArray('plugoption');\r
2763                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2764                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));\r
2765 \r
2766 \r
2767                 if ($desturl) {\r
2768                         redirect($desturl);\r
2769                         exit;\r
2770                 } else {\r
2771                         $this->action_blogsettings();\r
2772                 }\r
2773         }\r
2774 \r
2775         /**\r
2776          * @todo document this\r
2777          */\r
2778         function action_categorydelete() {\r
2779                 global $member, $manager;\r
2780 \r
2781                 $blogid = intRequestVar('blogid');\r
2782                 $catid = intRequestVar('catid');\r
2783 \r
2784                 $member->blogAdminRights($blogid) or $this->disallow();\r
2785 \r
2786                 $blog =& $manager->getBlog($blogid);\r
2787 \r
2788                 // check if the category is valid\r
2789                 if (!$blog->isValidCategory($catid))\r
2790                         $this->error(_ERROR_NOSUCHCATEGORY);\r
2791 \r
2792                 // don't allow deletion of default category\r
2793                 if ($blog->getDefaultCategory() == $catid)\r
2794                         $this->error(_ERROR_DELETEDEFCATEGORY);\r
2795 \r
2796                 // check if catid is the only category left for blogid\r
2797                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2798                 $res = sql_query($query);\r
2799                 if (sql_num_rows($res) == 1)\r
2800                         $this->error(_ERROR_DELETELASTCATEGORY);\r
2801 \r
2802 \r
2803                 $this->pagehead();\r
2804                 ?>\r
2805                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2806 \r
2807                         <div>\r
2808                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>\r
2809                         </div>\r
2810 \r
2811                         <form method="post" action="index.php"><div>\r
2812                         <input type="hidden" name="action" value="categorydeleteconfirm" />\r
2813                         <?php $manager->addTicketHidden() ?>\r
2814                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
2815                         <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
2816                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2817                         </div></form>\r
2818                 <?php\r
2819                 $this->pagefoot();\r
2820         }\r
2821 \r
2822         /**\r
2823          * @todo document this\r
2824          */\r
2825         function action_categorydeleteconfirm() {\r
2826                 global $member, $manager;\r
2827 \r
2828                 $blogid = intRequestVar('blogid');\r
2829                 $catid = intRequestVar('catid');\r
2830 \r
2831                 $member->blogAdminRights($blogid) or $this->disallow();\r
2832 \r
2833                 $error = $this->deleteOneCategory($catid);\r
2834                 if ($error)\r
2835                         $this->error($error);\r
2836 \r
2837                 $this->action_blogsettings();\r
2838         }\r
2839 \r
2840         /**\r
2841          * @todo document this\r
2842          */\r
2843         function deleteOneCategory($catid) {\r
2844                 global $manager, $member;\r
2845 \r
2846                 $catid = intval($catid);\r
2847 \r
2848                 $blogid = getBlogIDFromCatID($catid);\r
2849 \r
2850                 if (!$member->blogAdminRights($blogid))\r
2851                         return ERROR_DISALLOWED;\r
2852 \r
2853                 // get blog\r
2854                 $blog =& $manager->getBlog($blogid);\r
2855 \r
2856                 // check if the category is valid\r
2857                 if (!$blog || !$blog->isValidCategory($catid))\r
2858                         return _ERROR_NOSUCHCATEGORY;\r
2859 \r
2860                 $destcatid = $blog->getDefaultCategory();\r
2861 \r
2862                 // don't allow deletion of default category\r
2863                 if ($blog->getDefaultCategory() == $catid)\r
2864                         return _ERROR_DELETEDEFCATEGORY;\r
2865 \r
2866                 // check if catid is the only category left for blogid\r
2867                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2868                 $res = sql_query($query);\r
2869                 if (sql_num_rows($res) == 1)\r
2870                         return _ERROR_DELETELASTCATEGORY;\r
2871 \r
2872                 $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
2873 \r
2874                 // change category for all items to the default category\r
2875                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
2876                 sql_query($query);\r
2877 \r
2878                 // delete all associated plugin options\r
2879                 NucleusPlugin::_deleteOptionValues('category', $catid);\r
2880 \r
2881                 // delete category\r
2882                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
2883                 sql_query($query);\r
2884 \r
2885                 $manager->notify('PostDeleteCategory', array('catid' => $catid));\r
2886 \r
2887         }\r
2888 \r
2889         /**\r
2890          * @todo document this\r
2891          */\r
2892         function moveOneCategory($catid, $destblogid) {\r
2893                 global $manager, $member;\r
2894 \r
2895                 $catid = intval($catid);\r
2896                 $destblogid = intval($destblogid);\r
2897 \r
2898                 $blogid = getBlogIDFromCatID($catid);\r
2899 \r
2900                 // mover should have admin rights on both blogs\r
2901                 if (!$member->blogAdminRights($blogid))\r
2902                         return _ERROR_DISALLOWED;\r
2903                 if (!$member->blogAdminRights($destblogid))\r
2904                         return _ERROR_DISALLOWED;\r
2905 \r
2906                 // cannot move to self\r
2907                 if ($blogid == $destblogid)\r
2908                         return _ERROR_MOVETOSELF;\r
2909 \r
2910                 // get blogs\r
2911                 $blog =& $manager->getBlog($blogid);\r
2912                 $destblog =& $manager->getBlog($destblogid);\r
2913 \r
2914                 // check if the category is valid\r
2915                 if (!$blog || !$blog->isValidCategory($catid))\r
2916                         return _ERROR_NOSUCHCATEGORY;\r
2917 \r
2918                 // don't allow default category to be moved\r
2919                 if ($blog->getDefaultCategory() == $catid)\r
2920                         return _ERROR_MOVEDEFCATEGORY;\r
2921 \r
2922                 $manager->notify(\r
2923                         'PreMoveCategory',\r
2924                         array(\r
2925                                 'catid' => &$catid,\r
2926                                 'sourceblog' => &$blog,\r
2927                                 'destblog' => &$destblog\r
2928                         )\r
2929                 );\r
2930 \r
2931                 // update comments table (cblog)\r
2932                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
2933                 $items = sql_query($query);\r
2934                 while ($oItem = sql_fetch_object($items)) {\r
2935                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);\r
2936                 }\r
2937 \r
2938                 // update items (iblog)\r
2939                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;\r
2940                 sql_query($query);\r
2941 \r
2942                 // move category\r
2943                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;\r
2944                 sql_query($query);\r
2945 \r
2946                 $manager->notify(\r
2947                         'PostMoveCategory',\r
2948                         array(\r
2949                                 'catid' => &$catid,\r
2950                                 'sourceblog' => &$blog,\r
2951                                 'destblog' => $destblog\r
2952                         )\r
2953                 );\r
2954 \r
2955         }\r
2956 \r
2957         /**\r
2958          * @todo document this\r
2959          */\r
2960         function action_blogsettingsupdate() {\r
2961                 global $member, $manager;\r
2962 \r
2963                 $blogid = intRequestVar('blogid');\r
2964 \r
2965                 $member->blogAdminRights($blogid) or $this->disallow();\r
2966 \r
2967                 $blog =& $manager->getBlog($blogid);\r
2968 \r
2969                 $notify          = trim(postVar('notify'));\r
2970                 $shortname        = trim(postVar('shortname'));\r
2971                 $updatefile      = trim(postVar('update'));\r
2972 \r
2973                 $notifyComment  = intPostVar('notifyComment');\r
2974                 $notifyVote      = intPostVar('notifyVote');\r
2975                 $notifyNewItem  = intPostVar('notifyNewItem');\r
2976 \r
2977                 if ($notifyComment == 0)        $notifyComment = 1;\r
2978                 if ($notifyVote == 0)      $notifyVote = 1;\r
2979                 if ($notifyNewItem == 0)        $notifyNewItem = 1;\r
2980 \r
2981                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
2982 \r
2983 \r
2984                 if ($notify) {\r
2985                         $not =& new NOTIFICATION($notify);\r
2986                         if (!$not->validAddresses())\r
2987                                 $this->error(_ERROR_BADNOTIFY);\r
2988 \r
2989                 }\r
2990 \r
2991                 if (!isValidShortName($shortname))\r
2992                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
2993 \r
2994                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))\r
2995                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
2996 \r
2997                 // check if update file is writable\r
2998                 if ($updatefile && !is_writeable($updatefile))\r
2999                         $this->error(_ERROR_UPDATEFILE);\r
3000 \r
3001                 $blog->setName(trim(postVar('name')));\r
3002                 $blog->setShortName($shortname);\r
3003                 $blog->setNotifyAddress($notify);\r
3004                 $blog->setNotifyType($notifyType);\r
3005                 $blog->setMaxComments(postVar('maxcomments'));\r
3006                 $blog->setCommentsEnabled(postVar('comments'));\r
3007                 $blog->setTimeOffset(postVar('timeoffset'));\r
3008                 $blog->setUpdateFile($updatefile);\r
3009                 $blog->setURL(trim(postVar('url')));\r
3010                 $blog->setDefaultSkin(intPostVar('defskin'));\r
3011                 $blog->setDescription(trim(postVar('desc')));\r
3012                 $blog->setPublic(postVar('public'));\r
3013                 $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
3014                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
3015                 $blog->setDefaultCategory(intPostVar('defcat'));\r
3016                 $blog->setSearchable(intPostVar('searchable'));\r
3017                 $blog->setEmailRequired(intPostVar('reqemail'));\r
3018 \r
3019                 $blog->writeSettings();\r
3020 \r
3021                 // store plugin options\r
3022                 $aOptions = requestArray('plugoption');\r
3023                 NucleusPlugin::_applyPluginOptions($aOptions);\r
3024                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));\r
3025 \r
3026 \r
3027                 $this->action_overview(_MSG_SETTINGSCHANGED);\r
3028         }\r
3029 \r
3030         /**\r
3031          * @todo document this\r
3032          */\r
3033         function action_deleteblog() {\r
3034                 global $member, $CONF, $manager;\r
3035 \r
3036                 $blogid = intRequestVar('blogid');\r
3037 \r
3038                 $member->blogAdminRights($blogid) or $this->disallow();\r
3039 \r
3040                 // check if blog is default blog\r
3041                 if ($CONF['DefaultBlog'] == $blogid)\r
3042                         $this->error(_ERROR_DELDEFBLOG);\r
3043 \r
3044                 $blog =& $manager->getBlog($blogid);\r
3045 \r
3046                 $this->pagehead();\r
3047                 ?>\r
3048                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
3049 \r
3050                         <p><?php echo _WARNINGTXT_BLOGDEL?>\r
3051                         </p>\r
3052 \r
3053                         <div>\r
3054                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>\r
3055                         </div>\r
3056 \r
3057                         <form method="post" action="index.php"><div>\r
3058                         <input type="hidden" name="action" value="deleteblogconfirm" />\r
3059                         <?php $manager->addTicketHidden() ?>\r
3060                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
3061                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
3062                         </div></form>\r
3063                 <?php\r
3064                 $this->pagefoot();\r
3065         }\r
3066 \r
3067         /**\r
3068          * @todo document this\r
3069          */\r
3070         function action_deleteblogconfirm() {\r
3071                 global $member, $CONF, $manager;\r
3072 \r
3073                 $blogid = intRequestVar('blogid');\r
3074 \r
3075                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));\r
3076 \r
3077                 $member->blogAdminRights($blogid) or $this->disallow();\r
3078 \r
3079                 // check if blog is default blog\r
3080                 if ($CONF['DefaultBlog'] == $blogid)\r
3081                         $this->error(_ERROR_DELDEFBLOG);\r
3082 \r
3083                 // delete all comments\r
3084                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;\r
3085                 sql_query($query);\r
3086 \r
3087                 // delete all items\r
3088                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;\r
3089                 sql_query($query);\r
3090 \r
3091                 // delete all team members\r
3092                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;\r
3093                 sql_query($query);\r
3094 \r
3095                 // delete all bans\r
3096                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;\r
3097                 sql_query($query);\r
3098 \r
3099                 // delete all categories\r
3100                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;\r
3101                 sql_query($query);\r
3102 \r
3103                 // delete all associated plugin options\r
3104                 NucleusPlugin::_deleteOptionValues('blog', $blogid);\r
3105 \r
3106                 // delete the blog itself\r
3107                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;\r
3108                 sql_query($query);\r
3109 \r
3110                 $manager->notify('PostDeleteBlog', array('blogid' => $blogid));\r
3111 \r
3112                 $this->action_overview(_DELETED_BLOG);\r
3113         }\r
3114 \r
3115         /**\r
3116          * @todo document this\r
3117          */\r
3118         function action_memberdelete() {\r
3119                 global $member, $manager;\r
3120 \r
3121                 $memberid = intRequestVar('memberid');\r
3122 \r
3123                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
3124 \r
3125                 $mem = MEMBER::createFromID($memberid);\r
3126 \r
3127                 $this->pagehead();\r
3128                 ?>\r
3129                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
3130 \r
3131                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b>\r
3132                         </p>\r
3133 \r
3134                         <p>\r
3135                         <?php echo _WARNINGTXT_NOTDELMEDIAFILES ?>\r
3136                         </p>\r
3137 \r
3138                         <form method="post" action="index.php"><div>\r
3139                         <input type="hidden" name="action" value="memberdeleteconfirm" />\r
3140                         <?php $manager->addTicketHidden() ?>\r
3141                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
3142                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
3143                         </div></form>\r
3144                 <?php\r
3145                 $this->pagefoot();\r
3146         }\r
3147 \r
3148         /**\r
3149          * @todo document this\r
3150          */\r
3151         function action_memberdeleteconfirm() {\r
3152                 global $member;\r
3153 \r
3154                 $memberid = intRequestVar('memberid');\r
3155 \r
3156                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
3157 \r
3158                 $error = $this->deleteOneMember($memberid);\r
3159                 if ($error)\r
3160                         $this->error($error);\r
3161 \r
3162                 if ($member->isAdmin())\r
3163                         $this->action_usermanagement();\r
3164                 else\r
3165                         $this->action_overview(_DELETED_MEMBER);\r
3166         }\r
3167 \r
3168         /**\r
3169          * @static\r
3170          * @todo document this\r
3171          */\r
3172         function deleteOneMember($memberid) {\r
3173                 global $manager;\r
3174 \r
3175                 $memberid = intval($memberid);\r
3176                 $mem = MEMBER::createFromID($memberid);\r
3177 \r
3178                 if (!$mem->canBeDeleted())\r
3179                         return _ERROR_DELETEMEMBER;\r
3180 \r
3181                 $manager->notify('PreDeleteMember', array('member' => &$mem));\r
3182 \r
3183                 /* unlink comments from memberid */\r
3184                 if ($memberid) {\r
3185                         $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName())\r
3186                                    .'" WHERE cmember='.$memberid;\r
3187                         sql_query($query);\r
3188                 }\r
3189 \r
3190                 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;\r
3191                 sql_query($query);\r
3192 \r
3193                 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;\r
3194                 sql_query($query);\r
3195 \r
3196                 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;\r
3197                 sql_query($query);\r
3198 \r
3199                 // delete all associated plugin options\r
3200                 NucleusPlugin::_deleteOptionValues('member', $memberid);\r
3201 \r
3202                 $manager->notify('PostDeleteMember', array('member' => &$mem));\r
3203 \r
3204                 return '';\r
3205         }\r
3206 \r
3207         /**\r
3208          * @todo document this\r
3209          */\r
3210         function action_createnewlog() {\r
3211                 global $member, $CONF, $manager;\r
3212 \r
3213                 // Only Super-Admins can do this\r
3214                 $member->isAdmin() or $this->disallow();\r
3215 \r
3216                 $this->pagehead();\r
3217 \r
3218                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3219                 ?>\r
3220                 <h2><?php echo _EBLOG_CREATE_TITLE?></h2>\r
3221 \r
3222                 <h3><?php echo _ADMIN_NOTABILIA ?></h3>\r
3223 \r
3224                 <p><?php echo _ADMIN_PLEASE_READ ?></p>\r
3225 \r
3226                 <p><?php echo _ADMIN_HOW_TO_ACCESS ?></p>\r
3227 \r
3228                 <ol>\r
3229                         <li><?php echo _ADMIN_SIMPLE_WAY ?></li>\r
3230                         <li><?php echo _ADMIN_ADVANCED_WAY ?></li>\r
3231                 </ol>\r
3232 \r
3233                 <h3><?php echo _ADMIN_HOW_TO_CREATE ?></h3>\r
3234 \r
3235                 <p>\r
3236                 <?php echo _EBLOG_CREATE_TEXT?>\r
3237                 </p>\r
3238 \r
3239                 <form method="post" action="index.php"><div>\r
3240 \r
3241                 <input type="hidden" name="action" value="addnewlog" />\r
3242                 <?php $manager->addTicketHidden() ?>\r
3243 \r
3244 \r
3245                 <table><tr>\r
3246                         <td><?php echo _EBLOG_NAME?></td>\r
3247                         <td><input name="name" tabindex="10" size="40" maxlength="60" /></td>\r
3248                 </tr><tr>\r
3249                         <td><?php echo _EBLOG_SHORTNAME?>\r
3250                                 <?php help('shortblogname'); ?>\r
3251                         </td>\r
3252                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" /></td>\r
3253                 </tr><tr>\r
3254                         <td><?php echo _EBLOG_DESC?></td>\r
3255                         <td><input name="desc" tabindex="30" maxlength="200" size="40" /></td>\r
3256                 </tr><tr>\r
3257                         <td><?php echo _EBLOG_DEFSKIN?>\r
3258                                 <?php help('blogdefaultskin'); ?>\r
3259                         </td>\r
3260                         <td>\r
3261                                 <?php\r
3262                                         $query =  'SELECT sdname as text, sdnumber as value'\r
3263                                                    . ' FROM '.sql_table('skin_desc');\r
3264                                         $template['name'] = 'defskin';\r
3265                                         $template['tabindex'] = 50;\r
3266                                         $template['selected'] = $CONF['BaseSkin'];  // set default selected skin to be globally defined base skin\r
3267                                         showlist($query,'select',$template);\r
3268                                 ?>\r
3269                         </td>\r
3270                 </tr><tr>\r
3271                         <td><?php echo _EBLOG_OFFSET?>\r
3272                                 <?php help('blogtimeoffset'); ?>\r
3273                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
3274                         </td>\r
3275                         <td><input name="timeoffset" tabindex="110" size="3" value="0" /></td>\r
3276                 </tr><tr>\r
3277                         <td><?php echo _EBLOG_ADMIN?>\r
3278                                 <?php help('teamadmin'); ?>\r
3279                         </td>\r
3280                         <td><?php echo _EBLOG_ADMIN_MSG?></td>\r
3281                 </tr><tr>\r
3282                         <td><?php echo _EBLOG_CREATE?></td>\r
3283                         <td><input type="submit" tabindex="120" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3284                 </tr></table>\r
3285 \r
3286                 </div></form>\r
3287                 <?php\r
3288                 $this->pagefoot();\r
3289         }\r
3290 \r
3291         /**\r
3292          * @todo document this\r
3293          */\r
3294         function action_addnewlog() {\r
3295                 global $member, $manager, $CONF;\r
3296 \r
3297                 // Only Super-Admins can do this\r
3298                 $member->isAdmin() or $this->disallow();\r
3299 \r
3300                 $bname            = trim(postVar('name'));\r
3301                 $bshortname      = trim(postVar('shortname'));\r
3302                 $btimeoffset    = postVar('timeoffset');\r
3303                 $bdesc            = trim(postVar('desc'));\r
3304                 $bdefskin          = postVar('defskin');\r
3305 \r
3306                 if (!isValidShortName($bshortname))\r
3307                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
3308 \r
3309                 if ($manager->existsBlog($bshortname))\r
3310                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
3311 \r
3312                 $manager->notify(\r
3313                         'PreAddBlog',\r
3314                         array(\r
3315                                 'name'          => &$bname,\r
3316                                 'shortname'   => &$bshortname,\r
3317                                 'timeoffset'  => &$btimeoffset,\r
3318                                 'description' => &$bdesc,\r
3319                                 'defaultskin' => &$bdefskin\r
3320                         )\r
3321                 );\r
3322 \r
3323 \r
3324                 // add slashes for sql queries\r
3325                 $bname     = sql_real_escape_string($bname);\r
3326                 $bshortname  = sql_real_escape_string($bshortname);\r
3327                 $btimeoffset = sql_real_escape_string($btimeoffset);\r
3328                 $bdesc     = sql_real_escape_string($bdesc);\r
3329                 $bdefskin       = sql_real_escape_string($bdefskin);\r
3330 \r
3331                 // create blog\r
3332                 $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')";\r
3333                 sql_query($query);\r
3334                 $blogid = sql_insert_id();\r
3335                 $blog   =& $manager->getBlog($blogid);\r
3336 \r
3337                 // create new category\r
3338                 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');\r
3339                 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');\r
3340                 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';\r
3341                 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));\r
3342 //              sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)");\r
3343                 $catid = sql_insert_id();\r
3344 \r
3345                 // set as default category\r
3346                 $blog->setDefaultCategory($catid);\r
3347                 $blog->writeSettings();\r
3348 \r
3349                 // create team member\r
3350                 $memberid = $member->getID();\r
3351                 $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)";\r
3352                 sql_query($query);\r
3353                 \r
3354                 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');\r
3355                 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');\r
3356                 \r
3357                 $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);\r
3358                 //$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);\r
3359                 \r
3360                 \r
3361                 \r
3362                 $manager->notify(\r
3363                         'PostAddBlog',\r
3364                         array(\r
3365                                 'blog' => &$blog\r
3366                         )\r
3367                 );\r
3368 \r
3369                 $manager->notify(\r
3370                         'PostAddCategory',\r
3371                         array(\r
3372                                 'blog'          => &$blog,\r
3373                                 'name'          => _EBLOGDEFAULTCATEGORY_NAME,\r
3374                                 'description' => _EBLOGDEFAULTCATEGORY_DESC,\r
3375                                 'catid'    => $catid\r
3376                         )\r
3377                 );\r
3378 \r
3379                 $this->pagehead();\r
3380                 ?>\r
3381                 <h2><?php echo _BLOGCREATED_TITLE ?></h2>\r
3382 \r
3383                 <p><?php echo sprintf(_BLOGCREATED_ADDEDTXT, htmlspecialchars($bname)) ?></p>\r
3384 \r
3385                 <ol>\r
3386                         <li><a href="#index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></a></li>\r
3387                         <li><a href="#skins"><?php echo _BLOGCREATED_ADVANCEDWAY ?></a></li>\r
3388                 </ol>\r
3389 \r
3390                 <h3><a id="index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3>\r
3391 \r
3392                 <p><?php echo sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p>\r
3393 <pre><code>&lt;?php\r
3394 include('./benchmark.inc');\r
3395 $CONF = array();\r
3396 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>';\r
3397 \r
3398 include('<i>./config.php</i>');\r
3399 \r
3400 selectBlog('<b><?php echo htmlspecialchars($bshortname)?></b>');\r
3401 selector();\r
3402 \r
3403 ?&gt;</code></pre>\r
3404 \r
3405                 <p><?php echo _BLOGCREATED_SIMPLEDESC3 ?></p>\r
3406 \r
3407                 <p><?php echo _BLOGCREATED_SIMPLEDESC4 ?></p>\r
3408 \r
3409                 <form action="index.php" method="post"><div>\r
3410                         <input type="hidden" name="action" value="addnewlog2" />\r
3411                         <?php $manager->addTicketHidden() ?>\r
3412                         <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" />\r
3413                         <table><tr>\r
3414                                 <td><?php echo _EBLOG_URL?></td>\r
3415                                 <td><input name="url" maxlength="100" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL'].$bshortname.'.php')?>" /></td>\r
3416                         </tr><tr>\r
3417                                 <td><?php echo _EBLOG_CREATE?></td>\r
3418                                 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3419                         </tr></table>\r
3420                 </div></form>\r
3421 \r
3422                 <h3><a id="skins"><?php echo _BLOGCREATED_ADVANCEDWAY2 ?></a></h3>\r
3423 \r
3424                 <p><?php echo _BLOGCREATED_ADVANCEDWAY3 ?></p>\r
3425 \r
3426                 <form action="index.php" method="post"><div>\r
3427                         <input type="hidden" name="action" value="addnewlog2" />\r
3428                         <?php $manager->addTicketHidden() ?>\r
3429                         <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" />\r
3430                         <table><tr>\r
3431                                 <td><?php echo _EBLOG_URL?></td>\r
3432                                 <td><input name="url" maxlength="100" size="40" /></td>\r
3433                         </tr><tr>\r
3434                                 <td><?php echo _EBLOG_CREATE?></td>\r
3435                                 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3436                         </tr></table>\r
3437                 </div></form>\r
3438 \r
3439                 <?php      $this->pagefoot();\r
3440 \r
3441         }\r
3442 \r
3443         /**\r
3444          * @todo document this\r
3445          */\r
3446         function action_addnewlog2() {\r
3447                 global $member, $manager;\r
3448 \r
3449                 $member->blogAdminRights($blogid) or $this->disallow();\r
3450 \r
3451                 $burl   = requestVar('url');\r
3452                 $blogid = intRequestVar('blogid');\r
3453 \r
3454                 $blog =& $manager->getBlog($blogid);\r
3455                 $blog->setURL(trim($burl));\r
3456                 $blog->writeSettings();\r
3457 \r
3458                 $this->action_overview(_MSG_NEWBLOG);\r
3459         }\r
3460 \r
3461         /**\r
3462          * @todo document this\r
3463          */\r
3464         function action_skinieoverview() {\r
3465                 global $member, $DIR_LIBS, $manager;\r
3466 \r
3467                 $member->isAdmin() or $this->disallow();\r
3468 \r
3469                 // load skinie class\r
3470                 include_once($DIR_LIBS . 'skinie.php');\r
3471 \r
3472                 $this->pagehead();\r
3473 \r
3474                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3475 \r
3476         ?>\r
3477                 <h2><?php echo _SKINIE_TITLE_IMPORT?></h2>\r
3478 \r
3479                                 <p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label>\r
3480                                 <?php                              global $DIR_SKINS;\r
3481 \r
3482                                         $candidates = SKINIMPORT::searchForCandidates($DIR_SKINS);\r
3483 \r
3484                                         if (sizeof($candidates) > 0) {\r
3485                                                 ?>\r
3486                                                         <form method="post" action="index.php"><div>\r
3487                                                                 <input type="hidden" name="action" value="skinieimport" />\r
3488                                                                 <?php $manager->addTicketHidden() ?>\r
3489                                                                 <input type="hidden" name="mode" value="file" />\r
3490                                                                 <select name="skinfile" id="skinie_import_local">\r
3491                                                                 <?php                                                              foreach ($candidates as $skinname => $skinfile) {\r
3492                                                                                 $html = htmlspecialchars($skinfile);\r
3493                                                                                 echo '<option value="',$html,'">',$skinname,'</option>';\r
3494                                                                         }\r
3495                                                                 ?>\r
3496                                                                 </select>\r
3497                                                                 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" />\r
3498                                                         </div></form>\r
3499                                                 <?php                              } else {\r
3500                                                 echo _SKINIE_NOCANDIDATES;\r
3501                                         }\r
3502                                 ?>\r
3503                                 </p>\r
3504 \r
3505                                 <p><em><?php echo _OR?></em></p>\r
3506 \r
3507                                 <form method="post" action="index.php"><p>\r
3508                                         <?php $manager->addTicketHidden() ?>\r
3509                                         <input type="hidden" name="action" value="skinieimport" />\r
3510                                         <input type="hidden" name="mode" value="url" />\r
3511                                         <label for="skinie_import_url"><?php echo _SKINIE_FROMURL?></label>\r
3512                                         <input type="text" name="skinfile" id="skinie_import_url" size="60" value="http://" />\r
3513                                         <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" />\r
3514                                 </p></form>\r
3515 \r
3516 \r
3517                 <h2><?php echo _SKINIE_TITLE_EXPORT?></h2>\r
3518                 <form method="post" action="index.php"><div>\r
3519                         <input type="hidden" name="action" value="skinieexport" />\r
3520                         <?php $manager->addTicketHidden() ?>\r
3521 \r
3522                         <p><?php echo _SKINIE_EXPORT_INTRO?></p>\r
3523 \r
3524                         <table><tr>\r
3525                                 <th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th>\r
3526                         </tr><tr>\r
3527         <?php      // show list of skins\r
3528                 $res = sql_query('SELECT * FROM '.sql_table('skin_desc'));\r
3529                 while ($skinObj = sql_fetch_object($res)) {\r
3530                         $id = 'skinexp' . $skinObj->sdnumber;\r
3531                         echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']"  id="',$id,'" />';\r
3532                         echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>';\r
3533                         echo '<td>',htmlspecialchars($skinObj->sddesc),'</td>';\r
3534                         echo '</tr><tr>';\r
3535                 }\r
3536 \r
3537                 echo '<th colspan="2">',_SKINIE_EXPORT_TEMPLATES,'</th></tr><tr>';\r
3538 \r
3539                 // show list of templates\r
3540                 $res = sql_query('SELECT * FROM '.sql_table('template_desc'));\r
3541                 while ($templateObj = sql_fetch_object($res)) {\r
3542                         $id = 'templateexp' . $templateObj->tdnumber;\r
3543                         echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />';\r
3544                         echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>';\r
3545                         echo '<td>',htmlspecialchars($templateObj->tddesc),'</td>';\r
3546                         echo '</tr><tr>';\r
3547                 }\r
3548 \r
3549         ?>\r
3550                                 <th colspan="2"><?php echo _SKINIE_EXPORT_EXTRA?></th>\r
3551                         </tr><tr>\r
3552                                 <td colspan="2"><textarea cols="40" rows="5" name="info"></textarea></td>\r
3553                         </tr><tr>\r
3554                                 <th colspan="2"><?php echo _SKINIE_TITLE_EXPORT?></th>\r
3555                         </tr><tr>\r
3556                                 <td colspan="2"><input type="submit" value="<?php echo _SKINIE_BTN_EXPORT?>" /></td>\r
3557                         </tr></table>\r
3558                 </div></form>\r
3559 \r
3560         <?php\r
3561                 $this->pagefoot();\r
3562 \r
3563         }\r
3564 \r
3565         /**\r
3566          * @todo document this\r
3567          */\r
3568         function action_skinieimport() {\r
3569                 global $member, $DIR_LIBS, $DIR_SKINS, $manager;\r
3570 \r
3571                 $member->isAdmin() or $this->disallow();\r
3572 \r
3573                 // load skinie class\r
3574                 include_once($DIR_LIBS . 'skinie.php');\r
3575 \r
3576                 $skinFileRaw= postVar('skinfile');\r
3577                 $mode      = postVar('mode');\r
3578 \r
3579                 $importer =& new SKINIMPORT();\r
3580 \r
3581                 // get full filename\r
3582                 if ($mode == 'file')\r
3583                 {\r
3584                         $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';\r
3585 \r
3586                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
3587                         if (!file_exists($skinFile))\r
3588                                 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';\r
3589                 } else {\r
3590                         $skinFile = $skinFileRaw;\r
3591                 }\r
3592 \r
3593                 // read only metadata\r
3594                 $error = $importer->readFile($skinFile, 1);\r
3595 \r
3596                 // clashes\r
3597                 $skinNameClashes = $importer->checkSkinNameClashes();\r
3598                 $templateNameClashes = $importer->checkTemplateNameClashes();\r
3599                 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);\r
3600 \r
3601                 if ($error) $this->error($error);\r
3602 \r
3603                 $this->pagehead();\r
3604 \r
3605                 echo '<p><a href="index.php?action=skinieoverview">(',_BACK,')</a></p>';\r
3606                 ?>\r
3607                 <h2><?php echo _SKINIE_CONFIRM_TITLE?></h2>\r
3608 \r
3609                 <ul>\r
3610                         <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li>\r
3611                         <li><p><strong><?php echo _SKINIE_INFO_SKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li>\r
3612                         <li><p><strong><?php echo _SKINIE_INFO_TEMPLATES?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li>\r
3613                         <?php\r
3614                                 if ($hasNameClashes)\r
3615                                 {\r
3616                         ?>\r
3617                         <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_SKINCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$skinNameClashes)?></p></li>\r
3618                         <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_TEMPLCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$templateNameClashes)?></p></li>\r
3619                         <?php\r
3620                                 } // if (hasNameClashes)\r
3621                         ?>\r
3622                 </ul>\r
3623 \r
3624                 <form method="post" action="index.php"><div>\r
3625                         <input type="hidden" name="action" value="skiniedoimport" />\r
3626                         <?php $manager->addTicketHidden() ?>\r
3627                         <input type="hidden" name="skinfile" value="<?php echo htmlspecialchars(postVar('skinfile'))?>" />\r
3628                         <input type="hidden" name="mode" value="<?php echo htmlspecialchars($mode)?>" />\r
3629                         <input type="submit" value="<?php echo _SKINIE_CONFIRM_IMPORT?>" />\r
3630                         <?php\r
3631                                 if ($hasNameClashes)\r
3632                                 {\r
3633                         ?>\r
3634                         <br />\r
3635                         <input type="checkbox" name="overwrite" value="1" id="cb_overwrite" /><label for="cb_overwrite"><?php echo _SKINIE_CONFIRM_OVERWRITE?></label>\r
3636                         <?php\r
3637                                 } // if (hasNameClashes)\r
3638                         ?>\r
3639                 </div></form>\r
3640 \r
3641 \r
3642                 <?php\r
3643                 $this->pagefoot();\r
3644         }\r
3645 \r
3646         /**\r
3647          * @todo document this\r
3648          */\r
3649         function action_skiniedoimport() {\r
3650                 global $member, $DIR_LIBS, $DIR_SKINS;\r
3651 \r
3652                 $member->isAdmin() or $this->disallow();\r
3653 \r
3654                 // load skinie class\r
3655                 include_once($DIR_LIBS . 'skinie.php');\r
3656 \r
3657                 $skinFileRaw= postVar('skinfile');\r
3658                 $mode      = postVar('mode');\r
3659 \r
3660                 $allowOverwrite = intPostVar('overwrite');\r
3661 \r
3662                 // get full filename\r
3663                 if ($mode == 'file')\r
3664                 {\r
3665                         $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';\r
3666 \r
3667                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
3668                         if (!file_exists($skinFile))\r
3669                                 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';\r
3670 \r
3671                 } else {\r
3672                         $skinFile = $skinFileRaw;\r
3673                 }\r
3674 \r
3675                 $importer =& new SKINIMPORT();\r
3676 \r
3677                 $error = $importer->readFile($skinFile);\r
3678 \r
3679                 if ($error)\r
3680                         $this->error($error);\r
3681 \r
3682                 $error = $importer->writeToDatabase($allowOverwrite);\r
3683 \r
3684                 if ($error)\r
3685                         $this->error($error);\r
3686 \r
3687                 $this->pagehead();\r
3688 \r
3689                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3690         ?>\r
3691                 <h2><?php echo _SKINIE_DONE?></h2>\r
3692 \r
3693                 <ul>\r
3694                         <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li>\r
3695                         <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDSKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li>\r
3696                         <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li>\r
3697                 </ul>\r
3698 \r
3699         <?php      $this->pagefoot();\r
3700 \r
3701         }\r
3702 \r
3703         /**\r
3704          * @todo document this\r
3705          */\r
3706         function action_skinieexport() {\r
3707                 global $member, $DIR_LIBS;\r
3708 \r
3709                 $member->isAdmin() or $this->disallow();\r
3710 \r
3711                 // load skinie class\r
3712                 include_once($DIR_LIBS . 'skinie.php');\r
3713 \r
3714                 $aSkins = requestIntArray('skin');\r
3715                 $aTemplates = requestIntArray('template');\r
3716 \r
3717                 if (!is_array($aTemplates)) $aTemplates = array();\r
3718                 if (!is_array($aSkins)) $aSkins = array();\r
3719 \r
3720                 $skinList = array_keys($aSkins);\r
3721                 $templateList = array_keys($aTemplates);\r
3722 \r
3723                 $info = postVar('info');\r
3724 \r
3725                 $exporter =& new SKINEXPORT();\r
3726                 foreach ($skinList as $skinId) {\r
3727                         $exporter->addSkin($skinId);\r
3728                 }\r
3729                 foreach ($templateList as $templateId) {\r
3730                         $exporter->addTemplate($templateId);\r
3731                 }\r
3732                 $exporter->setInfo($info);\r
3733 \r
3734                 $exporter->export();\r
3735         }\r
3736 \r
3737         /**\r
3738          * @todo document this\r
3739          */\r
3740         function action_templateoverview() {\r
3741                 global $member, $manager;\r
3742 \r
3743                 $member->isAdmin() or $this->disallow();\r
3744 \r
3745                 $this->pagehead();\r
3746 \r
3747                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3748 \r
3749                 echo '<h2>' . _TEMPLATE_TITLE . '</h2>';\r
3750                 echo '<h3>' . _TEMPLATE_AVAILABLE_TITLE . '</h3>';\r
3751 \r
3752                 $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname';\r
3753                 $template['content'] = 'templatelist';\r
3754                 $template['tabindex'] = 10;\r
3755                 showlist($query,'table',$template);\r
3756 \r
3757                 echo '<h3>' . _TEMPLATE_NEW_TITLE . '</h3>';\r
3758 \r
3759                 ?>\r
3760                 <form method="post" action="index.php"><div>\r
3761 \r
3762                 <input name="action" value="templatenew" type="hidden" />\r
3763                 <?php $manager->addTicketHidden() ?>\r
3764                 <table><tr>\r
3765                         <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td>\r
3766                         <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td>\r
3767                 </tr><tr>\r
3768                         <td><?php echo _TEMPLATE_DESC?></td>\r
3769                         <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td>\r
3770                 </tr><tr>\r
3771                         <td><?php echo _TEMPLATE_CREATE?></td>\r
3772                         <td><input type="submit" tabindex="10030" value="<?php echo _TEMPLATE_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3773                 </tr></table>\r
3774 \r
3775                 </div></form>\r
3776 \r
3777                 <?php\r
3778                 $this->pagefoot();\r
3779         }\r
3780 \r
3781         /**\r
3782          * @todo document this\r
3783          */\r
3784         function action_templateedit($msg = '') {\r
3785                 global $member, $manager;\r
3786 \r
3787                 $templateid = intRequestVar('templateid');\r
3788 \r
3789                 $member->isAdmin() or $this->disallow();\r
3790 \r
3791                 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';\r
3792                 $extrahead .= '<script type="text/javascript">setTemplateEditText("'.sql_real_escape_string(_EDITTEMPLATE_EMPTY).'");</script>';\r
3793 \r
3794                 $this->pagehead($extrahead);\r
3795 \r
3796                 $templatename = TEMPLATE::getNameFromId($templateid);\r
3797                 $templatedescription = TEMPLATE::getDesc($templateid);\r
3798                 $template =& $manager->getTemplate($templatename);\r
3799 \r
3800                 ?>\r
3801                 <p>\r
3802                 <a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a>\r
3803                 </p>\r
3804 \r
3805                 <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo  htmlspecialchars($templatename); ?>'</h2>\r
3806 \r
3807                 <?php                              if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
3808                 ?>\r
3809 \r
3810                 <p><?php echo _TEMPLATE_EDIT_MSG?></p>\r
3811 \r
3812                 <form method="post" action="index.php">\r
3813                 <div>\r
3814 \r
3815                 <input type="hidden" name="action" value="templateupdate" />\r
3816                 <?php $manager->addTicketHidden() ?>\r
3817                 <input type="hidden" name="templateid" value="<?php echo  $templateid; ?>" />\r
3818 \r
3819                 <table><tr>\r
3820                         <th colspan="2"><?php echo _TEMPLATE_SETTINGS?></th>\r
3821                 </tr><tr>\r
3822                         <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td>\r
3823                         <td><input name="tname" tabindex="4" size="20" maxlength="20" value="<?php echo  htmlspecialchars($templatename) ?>" /></td>\r
3824                 </tr><tr>\r
3825                         <td><?php echo _TEMPLATE_DESC?></td>\r
3826                         <td><input name="tdesc" tabindex="5" size="50" maxlength="200" value="<?php echo  htmlspecialchars($templatedescription) ?>" /></td>\r
3827                 </tr><tr>\r
3828                         <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th>\r
3829                 </tr><tr>\r
3830                         <td><?php echo _TEMPLATE_UPDATE?></td>\r
3831                         <td>\r
3832                                 <input type="submit" tabindex="6" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
3833                                 <input type="reset" tabindex="7" value="<?php echo _TEMPLATE_RESET_BTN?>" />\r
3834                         </td>\r
3835                 </tr><tr>\r
3836                         <th colspan="2"><?php echo _TEMPLATE_ITEMS?> <?php help('templateitems'); ?></th>\r
3837 <?php   $this->_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8);\r
3838         $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1);\r
3839         $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10);\r
3840         $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20);\r
3841         $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25);\r
3842         $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30);\r
3843 ?>\r
3844                 </tr><tr>\r
3845                         <th colspan="2"><?php echo _TEMPLATE_COMMENTS_ANY?> <?php help('templatecomments'); ?></th>\r
3846 <?php   $this->_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40);\r
3847         $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1);\r
3848         $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60);\r
3849         $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70);\r
3850         $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80);\r
3851         $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90);\r
3852         $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100);\r
3853 ?>\r
3854                 </tr><tr>\r
3855                         <th colspan="2"><?php echo _TEMPLATE_COMMENTS_NONE?> <?php help('templatecomments'); ?></th>\r
3856 <?php\r
3857         $this->_templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110);\r
3858 ?>\r
3859                 </tr><tr>\r
3860                         <th colspan="2"><?php echo _TEMPLATE_COMMENTS_TOOMUCH?> <?php help('templatecomments'); ?></th>\r
3861 <?php   $this->_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120);\r
3862 ?>\r
3863                 </tr><tr>\r
3864                         <th colspan="2"><?php echo _TEMPLATE_ARCHIVELIST?> <?php help('templatearchivelists'); ?></th>\r
3865 <?php   $this->_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130);\r
3866         $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140);\r
3867         $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150);\r
3868 ?>\r
3869                 </tr><tr>\r
3870                         <th colspan="2"><?php echo _TEMPLATE_BLOGLIST?> <?php help('templatebloglists'); ?></th>\r
3871 <?php   $this->_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160);\r
3872         $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170);\r
3873         $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180);\r
3874 ?>\r
3875                 </tr><tr>\r
3876                         <th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th>\r
3877 <?php   $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190);\r
3878         $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200);\r
3879         $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210);\r
3880 ?>\r
3881                 </tr><tr>\r
3882                         <th colspan="2"><?php echo _TEMPLATE_DATETIME?></th>\r
3883 <?php   $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220);\r
3884         $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230);\r
3885         $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240);\r
3886         $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250);\r
3887         $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260);\r
3888 ?>\r
3889                 </tr><tr>\r
3890                         <th colspan="2"><?php echo _TEMPLATE_IMAGE?> <?php help('templatepopups'); ?></th>\r
3891 <?php   $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270);\r
3892         $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280);\r
3893         $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290);\r
3894 ?>\r
3895                 </tr><tr>\r
3896                         <th colspan="2"><?php echo _TEMPLATE_SEARCH?></th>\r
3897 <?php   $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300);\r
3898         $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310);\r
3899 ?>\r
3900                 </tr><tr>\r
3901                         <th colspan="2"><?php echo _TEMPLATE_PLUGIN_FIELDS?></th>\r
3902 <?php\r
3903                 $tab = 600;\r
3904                 $pluginfields = array();\r
3905                 $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields));\r
3906 \r
3907                 foreach ($pluginfields as $pfkey=>$pfvalue) {\r
3908                         echo "</tr><tr>\n";\r
3909                         echo '<th colspan="2">'.htmlentities($pfkey)."</th>\n";\r
3910                         foreach ($pfvalue as $pffield=>$pfdesc) {\r
3911                                 $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0);\r
3912                         }\r
3913                 }\r
3914 ?>\r
3915                 </tr><tr>\r
3916                         <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th>\r
3917                 </tr><tr>\r
3918                         <td><?php echo _TEMPLATE_UPDATE?></td>\r
3919                         <td>\r
3920                                 <input type="submit" tabindex="800" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
3921                                 <input type="reset" tabindex="810" value="<?php echo _TEMPLATE_RESET_BTN?>" />\r
3922                         </td>\r
3923                 </tr></table>\r
3924 \r
3925                 </div>\r
3926                 </form>\r
3927                 <?php\r
3928                 $this->pagefoot();\r
3929         }\r
3930 \r
3931         /**\r
3932          * @todo document this\r
3933          */\r
3934         function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {\r
3935                 static $count = 1;\r
3936                 if (!isset($template[$name])) $template[$name] = '';\r
3937         ?>\r
3938                 </tr><tr>\r
3939                         <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>\r
3940                         <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo  htmlspecialchars($template[$name]); ?></textarea></td>\r
3941         <?php      $count++;\r
3942         }\r
3943 \r
3944         /**\r
3945          * @todo document this\r
3946          */\r
3947         function action_templateupdate() {\r
3948                 global $member, $manager;\r
3949 \r
3950                 $templateid = intRequestVar('templateid');\r
3951 \r
3952                 $member->isAdmin() or $this->disallow();\r
3953 \r
3954                 $name = postVar('tname');\r
3955                 $desc = postVar('tdesc');\r
3956 \r
3957                 if (!isValidTemplateName($name))\r
3958                         $this->error(_ERROR_BADTEMPLATENAME);\r
3959 \r
3960                 if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name))\r
3961                         $this->error(_ERROR_DUPTEMPLATENAME);\r
3962 \r
3963 \r
3964                 $name = sql_real_escape_string($name);\r
3965                 $desc = sql_real_escape_string($desc);\r
3966 \r
3967                 // 1. Remove all template parts\r
3968                 $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid;\r
3969                 sql_query($query);\r
3970 \r
3971                 // 2. Update description\r
3972                 $query =  'UPDATE '.sql_table('template_desc').' SET'\r
3973                            . " tdname='" . $name . "',"\r
3974                            . " tddesc='" . $desc . "'"\r
3975                            . " WHERE tdnumber=" . $templateid;\r
3976                 sql_query($query);\r
3977 \r
3978                 // 3. Add non-empty template parts\r
3979                 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));\r
3980                 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM'));\r
3981                 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));\r
3982                 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));\r
3983                 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));\r
3984                 $this->addToTemplate($templateid, 'NEW', postVar('NEW'));\r
3985                 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));\r
3986                 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));\r
3987                 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));\r
3988                 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));\r
3989                 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));\r
3990                 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));\r
3991                 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));\r
3992                 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));\r
3993                 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));\r
3994                 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));\r
3995                 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));\r
3996                 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));\r
3997                 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));\r
3998                 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));\r
3999                 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));\r
4000                 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));\r
4001                 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));\r
4002                 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));\r
4003                 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));\r
4004                 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));\r
4005                 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));\r
4006                 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));\r
4007                 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));\r
4008                 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));\r
4009                 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));\r
4010                 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));\r
4011                 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));\r
4012                 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));\r
4013 \r
4014                 $pluginfields = array();\r
4015                 $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields));\r
4016                 foreach ($pluginfields as $pfkey=>$pfvalue) {\r
4017                         foreach ($pfvalue as $pffield=>$pfdesc) {\r
4018                                 $this->addToTemplate($templateid, $pffield, postVar($pffield));\r
4019                         }\r
4020                 }\r
4021 \r
4022                 // jump back to template edit\r
4023                 $this->action_templateedit(_TEMPLATE_UPDATED);\r
4024 \r
4025         }\r
4026 \r
4027         /**\r
4028          * @todo document this\r
4029          */\r
4030         function addToTemplate($id, $partname, $content) {\r
4031                 $partname = sql_real_escape_string($partname);\r
4032                 $content = sql_real_escape_string($content);\r
4033 \r
4034                 $id = intval($id);\r
4035 \r
4036                 // don't add empty parts:\r
4037                 if (!trim($content)) return -1;\r
4038 \r
4039                 $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) "\r
4040                            . "VALUES ($id, '$partname', '$content')";\r
4041                 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
4042                 return sql_insert_id();\r
4043         }\r
4044 \r
4045         /**\r
4046          * @todo document this\r
4047          */\r
4048         function action_templatedelete() {\r
4049                 global $member, $manager;\r
4050 \r
4051                 $member->isAdmin() or $this->disallow();\r
4052 \r
4053                 $templateid = intRequestVar('templateid');\r
4054                 // TODO: check if template can be deleted\r
4055 \r
4056                 $this->pagehead();\r
4057 \r
4058                 $name = TEMPLATE::getNameFromId($templateid);\r
4059                 $desc = TEMPLATE::getDesc($templateid);\r
4060 \r
4061                 ?>\r
4062                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
4063 \r
4064                         <p>\r
4065                         <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo htmlspecialchars($name)?></b> (<?php echo  htmlspecialchars($desc) ?>)\r
4066                         </p>\r
4067 \r
4068                         <form method="post" action="index.php"><div>\r
4069                                 <input type="hidden" name="action" value="templatedeleteconfirm" />\r
4070                                 <?php $manager->addTicketHidden() ?>\r
4071                                 <input type="hidden" name="templateid" value="<?php echo  $templateid ?>" />\r
4072                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
4073                         </div></form>\r
4074                 <?php\r
4075                 $this->pagefoot();\r
4076         }\r
4077 \r
4078         /**\r
4079          * @todo document this\r
4080          */\r
4081         function action_templatedeleteconfirm() {\r
4082                 global $member, $manager;\r
4083 \r
4084                 $templateid = intRequestVar('templateid');\r
4085 \r
4086                 $member->isAdmin() or $this->disallow();\r
4087 \r
4088                 $manager->notify('PreDeleteTemplate', array('templateid' => $templateid));\r
4089 \r
4090                 // 1. delete description\r
4091                 sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid);\r
4092 \r
4093                 // 2. delete parts\r
4094                 sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid);\r
4095 \r
4096                 $manager->notify('PostDeleteTemplate', array('templateid' => $templateid));\r
4097 \r
4098                 $this->action_templateoverview();\r
4099         }\r
4100 \r
4101         /**\r
4102          * @todo document this\r
4103          */\r
4104         function action_templatenew() {\r
4105                 global $member;\r
4106 \r
4107                 $member->isAdmin() or $this->disallow();\r
4108 \r
4109                 $name = postVar('name');\r
4110                 $desc = postVar('desc');\r
4111 \r
4112                 if (!isValidTemplateName($name))\r
4113                         $this->error(_ERROR_BADTEMPLATENAME);\r
4114 \r
4115                 if (TEMPLATE::exists($name))\r
4116                         $this->error(_ERROR_DUPTEMPLATENAME);\r
4117 \r
4118                 $newTemplateId = TEMPLATE::createNew($name, $desc);\r
4119 \r
4120                 $this->action_templateoverview();\r
4121         }\r
4122 \r
4123         /**\r
4124          * @todo document this\r
4125          */\r
4126         function action_templateclone() {\r
4127                 global $member;\r
4128 \r
4129                 $templateid = intRequestVar('templateid');\r
4130 \r
4131                 $member->isAdmin() or $this->disallow();\r
4132 \r
4133                 // 1. read old template\r
4134                 $name = TEMPLATE::getNameFromId($templateid);\r
4135                 $desc = TEMPLATE::getDesc($templateid);\r
4136 \r
4137                 // 2. create desc thing\r
4138                 $name = "cloned" . $name;\r
4139 \r
4140                 // if a template with that name already exists:\r
4141                 if (TEMPLATE::exists($name)) {\r
4142                         $i = 1;\r
4143                         while (TEMPLATE::exists($name . $i))\r
4144                                 $i++;\r
4145                         $name .= $i;\r
4146                 }\r
4147 \r
4148                 $newid = TEMPLATE::createNew($name, $desc);\r
4149 \r
4150                 // 3. create clone\r
4151                 // go through parts of old template and add them to the new one\r
4152                 $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);\r
4153                 while ($o = sql_fetch_object($res)) {\r
4154                         $this->addToTemplate($newid, $o->tpartname, $o->tcontent);\r
4155                 }\r
4156 \r
4157                 $this->action_templateoverview();\r
4158         }\r
4159 \r
4160         /**\r
4161          * @todo document this\r
4162          */\r
4163         function action_skinoverview() {\r
4164                 global $member, $manager;\r
4165 \r
4166                 $member->isAdmin() or $this->disallow();\r
4167 \r
4168                 $this->pagehead();\r
4169 \r
4170                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
4171 \r
4172                 echo '<h2>' . _SKIN_EDIT_TITLE . '</h2>';\r
4173 \r
4174                 echo '<h3>' . _SKIN_AVAILABLE_TITLE . '</h3>';\r
4175 \r
4176                 $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname';\r
4177                 $template['content'] = 'skinlist';\r
4178                 $template['tabindex'] = 10;\r
4179                 showlist($query,'table',$template);\r
4180 \r
4181                 echo '<h3>' . _SKIN_NEW_TITLE . '</h3>';\r
4182 \r
4183                 ?>\r
4184                 <form method="post" action="index.php">\r
4185                 <div>\r
4186 \r
4187                 <input name="action" value="skinnew" type="hidden" />\r
4188                 <?php $manager->addTicketHidden() ?>\r
4189                 <table><tr>\r
4190                         <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td>\r
4191                         <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td>\r
4192                 </tr><tr>\r
4193                         <td><?php echo _SKIN_DESC?></td>\r
4194                         <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td>\r
4195                 </tr><tr>\r
4196                         <td><?php echo _SKIN_CREATE?></td>\r
4197                         <td><input type="submit" tabindex="10030" value="<?php echo _SKIN_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
4198                 </tr></table>\r
4199 \r
4200                 </div>\r
4201                 </form>\r
4202 \r
4203                 <?php\r
4204                 $this->pagefoot();\r
4205         }\r
4206 \r
4207         /**\r
4208          * @todo document this\r
4209          */\r
4210         function action_skinnew() {\r
4211                 global $member;\r
4212 \r
4213                 $member->isAdmin() or $this->disallow();\r
4214 \r
4215                 $name = trim(postVar('name'));\r
4216                 $desc = trim(postVar('desc'));\r
4217 \r
4218                 if (!isValidSkinName($name))\r
4219                         $this->error(_ERROR_BADSKINNAME);\r
4220 \r
4221                 if (SKIN::exists($name))\r
4222                         $this->error(_ERROR_DUPSKINNAME);\r
4223 \r
4224                 $newId = SKIN::createNew($name, $desc);\r
4225 \r
4226                 $this->action_skinoverview();\r
4227         }\r
4228 \r
4229         /**\r
4230          * @todo document this\r
4231          */\r
4232         function action_skinedit() {\r
4233                 global $member, $manager;\r
4234 \r
4235                 $skinid = intRequestVar('skinid');\r
4236 \r
4237                 $member->isAdmin() or $this->disallow();\r
4238 \r
4239                 $skin =& new SKIN($skinid);\r
4240 \r
4241                 $this->pagehead();\r
4242                 ?>\r
4243                 <p>\r
4244                         <a href="index.php?action=skinoverview">(<?php echo _SKIN_BACK?>)</a>\r
4245                 </p>\r
4246                 <h2><?php echo _SKIN_EDITONE_TITLE?> '<?php echo  $skin->getName() ?>'</h2>\r
4247 \r
4248                 <h3><?php echo _SKIN_PARTS_TITLE?></h3>\r
4249                 <?php echo _SKIN_PARTS_MSG?>\r
4250                 <ul>\r
4251                         <li><a tabindex="10" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=index"><?php echo _SKIN_PART_MAIN?></a> <?php help('skinpartindex')?></li>\r
4252                         <li><a tabindex="20" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=item"><?php echo _SKIN_PART_ITEM?></a> <?php help('skinpartitem')?></li>\r
4253                         <li><a tabindex="30" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=archivelist"><?php echo _SKIN_PART_ALIST?></a> <?php help('skinpartarchivelist')?></li>\r
4254                         <li><a tabindex="40" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=archive"><?php echo _SKIN_PART_ARCHIVE?></a> <?php help('skinpartarchive')?></li>\r
4255                         <li><a tabindex="50" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=search"><?php echo _SKIN_PART_SEARCH?></a> <?php help('skinpartsearch')?></li>\r
4256                         <li><a tabindex="60" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=error"><?php echo _SKIN_PART_ERROR?></a> <?php help('skinparterror')?></li>\r
4257                         <li><a tabindex="70" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=member"><?php echo _SKIN_PART_MEMBER?></a> <?php help('skinpartmember')?></li>\r
4258                         <li><a tabindex="75" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=imagepopup"><?php echo _SKIN_PART_POPUP?></a> <?php help('skinpartimagepopup')?></li>\r
4259                 </ul>\r
4260 \r
4261                 <?php\r
4262 \r
4263                 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE stype NOT IN ('index', 'item', 'error', 'search', 'archive', 'archivelist', 'imagepopup', 'member') and sdesc = " . $skinid;\r
4264                 $res = sql_query($query);\r
4265 \r
4266                 echo '<h3>' . _SKIN_PARTS_SPECIAL . '</h3>';\r
4267                 echo '<form method="get" action="index.php">' . "\r\n";\r
4268                 echo '<input type="hidden" name="action" value="skinedittype" />' . "\r\n";\r
4269                 echo '<input type="hidden" name="skinid" value="' . $skinid . '" />' . "\r\n";\r
4270                 echo '<input name="type" tabindex="89" size="20" maxlength="20" />' . "\r\n";\r
4271                 echo '<input type="submit" tabindex="140" value="' . _SKIN_CREATE . '" onclick="return checkSubmit();" />' . "\r\n";\r
4272                 echo '</form>' . "\r\n";\r
4273 \r
4274                 if ($res && sql_num_rows($res) > 0) {\r
4275                         echo '<ul>';\r
4276                         $tabstart = 75;\r
4277 \r
4278                         while ($row = sql_fetch_assoc($res)) {\r
4279                                 echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">'._LISTS_DELETE.'</a>)</li>';\r
4280                         }\r
4281 \r
4282                         echo '</ul>';\r
4283                 }\r
4284 \r
4285                 ?>\r
4286 \r
4287                 <h3><?php echo _SKIN_GENSETTINGS_TITLE; ?></h3>\r
4288                 <form method="post" action="index.php">\r
4289                 <div>\r
4290 \r
4291                 <input type="hidden" name="action" value="skineditgeneral" />\r
4292                 <?php $manager->addTicketHidden() ?>\r
4293                 <input type="hidden" name="skinid" value="<?php echo  $skinid ?>" />\r
4294                 <table><tr>\r
4295                         <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td>\r
4296                         <td><input name="name" tabindex="90" value="<?php echo  htmlspecialchars($skin->getName()) ?>" maxlength="20" size="20" /></td>\r
4297                 </tr><tr>\r
4298                         <td><?php echo _SKIN_DESC?></td>\r
4299                         <td><input name="desc" tabindex="100" value="<?php echo  htmlspecialchars($skin->getDescription()) ?>" maxlength="200" size="50" /></td>\r
4300                 </tr><tr>\r
4301                         <td><?php echo _SKIN_TYPE?></td>\r
4302                         <td><input name="type" tabindex="110" value="<?php echo  htmlspecialchars($skin->getContentType()) ?>" maxlength="40" size="20" /></td>\r
4303                 </tr><tr>\r
4304                         <td><?php echo _SKIN_INCLUDE_MODE?> <?php help('includemode')?></td>\r
4305                         <td><?php $this->input_yesno('inc_mode',$skin->getIncludeMode(),120,'skindir','normal',_PARSER_INCMODE_SKINDIR,_PARSER_INCMODE_NORMAL);?></td>\r
4306                 </tr><tr>\r
4307                         <td><?php echo _SKIN_INCLUDE_PREFIX?> <?php help('includeprefix')?></td>\r
4308                         <td><input name="inc_prefix" tabindex="130" value="<?php echo  htmlspecialchars($skin->getIncludePrefix()) ?>" maxlength="40" size="20" /></td>\r
4309                 </tr><tr>\r
4310                         <td><?php echo _SKIN_CHANGE?></td>\r
4311                         <td><input type="submit" tabindex="140" value="<?php echo _SKIN_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
4312                 </tr></table>\r
4313 \r
4314                 </div>\r
4315                 </form>\r
4316 \r
4317 \r
4318                 <?php      $this->pagefoot();\r
4319         }\r
4320 \r
4321         /**\r
4322          * @todo document this\r
4323          */\r
4324         function action_skineditgeneral() {\r
4325                 global $member;\r
4326 \r
4327                 $skinid = intRequestVar('skinid');\r
4328 \r
4329                 $member->isAdmin() or $this->disallow();\r
4330 \r
4331                 $name = postVar('name');\r
4332                 $desc = postVar('desc');\r
4333                 $type = postVar('type');\r
4334                 $inc_mode = postVar('inc_mode');\r
4335                 $inc_prefix = postVar('inc_prefix');\r
4336 \r
4337                 $skin =& new SKIN($skinid);\r
4338 \r
4339                 // 1. Some checks\r
4340                 if (!isValidSkinName($name))\r
4341                         $this->error(_ERROR_BADSKINNAME);\r
4342 \r
4343                 if (($skin->getName() != $name) && SKIN::exists($name))\r
4344                         $this->error(_ERROR_DUPSKINNAME);\r
4345 \r
4346                 if (!$type) $type = 'text/html';\r
4347                 if (!$inc_mode) $inc_mode = 'normal';\r
4348 \r
4349                 // 2. Update description\r
4350                 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);\r
4351 \r
4352                 $this->action_skinedit();\r
4353 \r
4354         }\r
4355 \r
4356         /**\r
4357          * @todo document this\r
4358          */\r
4359         function action_skinedittype($msg = '') {\r
4360                 global $member, $manager;\r
4361 \r
4362                 $skinid = intRequestVar('skinid');\r
4363                 $type = requestVar('type');\r
4364 \r
4365                 $member->isAdmin() or $this->disallow();\r
4366 \r
4367                 $type = trim($type);\r
4368                 $type = strtolower($type);\r
4369 \r
4370                 if (!isValidShortName($type)) {\r
4371                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);\r
4372                 }\r
4373 \r
4374                 $skin =& new SKIN($skinid);\r
4375 \r
4376                 $friendlyNames = SKIN::getFriendlyNames();\r
4377 \r
4378                 $this->pagehead();\r
4379                 ?>\r
4380                 <p>(<a href="index.php?action=skinoverview"><?php echo _SKIN_GOBACK?></a>)</p>\r
4381 \r
4382                 <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>\r
4383 \r
4384                 <?php              if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
4385                 ?>\r
4386 \r
4387                 <div style="width:100%;">\r
4388                 <form method="post" action="index.php">\r
4389                 <div>\r
4390 \r
4391                 <input type="hidden" name="action" value="skinupdate" />\r
4392                 <?php $manager->addTicketHidden() ?>\r
4393                 <input type="hidden" name="skinid" value="<?php echo  $skinid ?>" />\r
4394                 <input type="hidden" name="type" value="<?php echo  $type ?>" />\r
4395 \r
4396                 <input type="submit" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
4397                 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />\r
4398                 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)\r
4399                 <?php if (in_array($type, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {\r
4400                         help('skinpart' . $type);\r
4401                 } else {\r
4402                         help('skinpartspecial');\r
4403                 }?>\r
4404                 <br />\r
4405 \r
4406                 <textarea class="skinedit" tabindex="10" rows="20" cols="80" name="content"><?php echo  htmlspecialchars($skin->getContent($type)) ?></textarea>\r
4407 \r
4408                 <br />\r
4409                 <input type="submit" tabindex="20" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
4410                 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />\r
4411                 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)\r
4412 \r
4413                 <br /><br />\r
4414                 <?php echo _SKIN_ALLOWEDVARS?>\r
4415                 <?php              $actions = SKIN::getAllowedActionsForType($type);\r
4416 \r
4417                         sort($actions);\r
4418 \r
4419                         while ($current = array_shift($actions)) {\r
4420                                 // skip deprecated vars\r
4421                                 if ($current == 'ifcat') continue;\r
4422                                 if ($current == 'imagetext') continue;\r
4423                                 if ($current == 'vars') continue;\r
4424 \r
4425                                 echo helplink('skinvar-' . $current) . "$current</a>";\r
4426                                 if (count($actions) != 0) echo ", ";\r
4427                         }\r
4428                 echo '<br /><br />' . _SKINEDIT_ALLOWEDBLOGS;\r
4429                 $query = 'SELECT bshortname, bname FROM '.sql_table('blog');\r
4430                         showlist($query,'table',array('content'=>'shortblognames'));\r
4431                 echo '<br />' . _SKINEDIT_ALLOWEDTEMPLATESS;\r
4432                 $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc');\r
4433                         showlist($query,'table',array('content'=>'shortnames'));\r
4434                 echo '</div></form></div>';\r
4435                 $this->pagefoot();\r
4436         }\r
4437 \r
4438         /**\r
4439          * @todo document this\r
4440          */\r
4441         function action_skinupdate() {\r
4442                 global $member;\r
4443 \r
4444                 $skinid = intRequestVar('skinid');\r
4445                 $content = trim(postVar('content'));\r
4446                 $type = postVar('type');\r
4447 \r
4448                 $member->isAdmin() or $this->disallow();\r
4449 \r
4450                 $skin =& new SKIN($skinid);\r
4451                 $skin->update($type, $content);\r
4452 \r
4453                 $this->action_skinedittype(_SKIN_UPDATED);\r
4454         }\r
4455 \r
4456         /**\r
4457          * @todo document this\r
4458          */\r
4459         function action_skindelete() {\r
4460                 global $member, $manager, $CONF;\r
4461 \r
4462                 $skinid = intRequestVar('skinid');\r
4463 \r
4464                 $member->isAdmin() or $this->disallow();\r
4465 \r
4466                 // don't allow default skin to be deleted\r
4467                 if ($skinid == $CONF['BaseSkin'])\r
4468                         $this->error(_ERROR_DEFAULTSKIN);\r
4469 \r
4470                 // don't allow deletion of default skins for blogs\r
4471                 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;\r
4472                 $r = sql_query($query);\r
4473                 if ($o = sql_fetch_object($r))\r
4474                         $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname));\r
4475 \r
4476                 $this->pagehead();\r
4477 \r
4478                 $skin =& new SKIN($skinid);\r
4479                 $name = $skin->getName();\r
4480                 $desc = $skin->getDescription();\r
4481 \r
4482                 ?>\r
4483                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
4484 \r
4485                         <p>\r
4486                                 <?php echo _CONFIRMTXT_SKIN?><b><?php echo htmlspecialchars($name) ?></b> (<?php echo  htmlspecialchars($desc)?>)\r
4487                         </p>\r
4488 \r
4489                         <form method="post" action="index.php"><div>\r
4490                                 <input type="hidden" name="action" value="skindeleteconfirm" />\r
4491                                 <?php $manager->addTicketHidden() ?>\r
4492                                 <input type="hidden" name="skinid" value="<?php echo  $skinid ?>" />\r
4493                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
4494                         </div></form>\r
4495                 <?php\r
4496                 $this->pagefoot();\r
4497         }\r
4498 \r
4499         /**\r
4500          * @todo document this\r
4501          */\r
4502         function action_skindeleteconfirm() {\r
4503                 global $member, $CONF, $manager;\r
4504 \r
4505                 $skinid = intRequestVar('skinid');\r
4506 \r
4507                 $member->isAdmin() or $this->disallow();\r
4508 \r
4509                 // don't allow default skin to be deleted\r
4510                 if ($skinid == $CONF['BaseSkin'])\r
4511                         $this->error(_ERROR_DEFAULTSKIN);\r
4512 \r
4513                 // don't allow deletion of default skins for blogs\r
4514                 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;\r
4515                 $r = sql_query($query);\r
4516                 if ($o = sql_fetch_object($r))\r
4517                         $this->error(_ERROR_SKINDEFDELETE .$o->bname);\r
4518 \r
4519                 $manager->notify('PreDeleteSkin', array('skinid' => $skinid));\r
4520 \r
4521                 // 1. delete description\r
4522                 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid);\r
4523 \r
4524                 // 2. delete parts\r
4525                 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid);\r
4526 \r
4527                 $manager->notify('PostDeleteSkin', array('skinid' => $skinid));\r
4528 \r
4529                 $this->action_skinoverview();\r
4530         }\r
4531 \r
4532         /**\r
4533          * @todo document this\r
4534          */\r
4535         function action_skinremovetype() {\r
4536                 global $member, $manager, $CONF;\r
4537 \r
4538                 $skinid = intRequestVar('skinid');\r
4539                 $skintype = requestVar('type');\r
4540 \r
4541                 if (!isValidShortName($skintype)) {\r
4542                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4543                 }\r
4544 \r
4545                 $member->isAdmin() or $this->disallow();\r
4546 \r
4547                 // don't allow default skinparts to be deleted\r
4548                 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {\r
4549                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4550                 }\r
4551 \r
4552                 $this->pagehead();\r
4553 \r
4554                 $skin =& new SKIN($skinid);\r
4555                 $name = $skin->getName();\r
4556                 $desc = $skin->getDescription();\r
4557 \r
4558                 ?>\r
4559                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
4560 \r
4561                         <p>\r
4562                                 <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo htmlspecialchars($skintype); ?> (<?php echo htmlspecialchars($name); ?>)</b> (<?php echo  htmlspecialchars($desc)?>)\r
4563                         </p>\r
4564 \r
4565                         <form method="post" action="index.php"><div>\r
4566                                 <input type="hidden" name="action" value="skinremovetypeconfirm" />\r
4567                                 <?php $manager->addTicketHidden() ?>\r
4568                                 <input type="hidden" name="skinid" value="<?php echo $skinid; ?>" />\r
4569                                 <input type="hidden" name="type" value="<?php echo htmlspecialchars($skintype); ?>" />\r
4570                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
4571                         </div></form>\r
4572                 <?php\r
4573                 $this->pagefoot();\r
4574         }\r
4575 \r
4576         /**\r
4577          * @todo document this\r
4578          */\r
4579         function action_skinremovetypeconfirm() {\r
4580                 global $member, $CONF, $manager;\r
4581 \r
4582                 $skinid = intRequestVar('skinid');\r
4583                 $skintype = requestVar('type');\r
4584 \r
4585                 if (!isValidShortName($skintype)) {\r
4586                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4587                 }\r
4588 \r
4589                 $member->isAdmin() or $this->disallow();\r
4590 \r
4591                 // don't allow default skinparts to be deleted\r
4592                 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {\r
4593                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4594                 }\r
4595 \r
4596                 $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype));\r
4597 \r
4598                 // delete part\r
4599                 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\'');\r
4600 \r
4601                 $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype));\r
4602 \r
4603                 $this->action_skinedit();\r
4604         }\r
4605 \r
4606         /**\r
4607          * @todo document this\r
4608          */\r
4609         function action_skinclone() {\r
4610                 global $member;\r
4611 \r
4612                 $skinid = intRequestVar('skinid');\r
4613 \r
4614                 $member->isAdmin() or $this->disallow();\r
4615 \r
4616                 // 1. read skin to clone\r
4617                 $skin =& new SKIN($skinid);\r
4618 \r
4619                 $name = "clone_" . $skin->getName();\r
4620 \r
4621                 // if a skin with that name already exists:\r
4622                 if (SKIN::exists($name)) {\r
4623                         $i = 1;\r
4624                         while (SKIN::exists($name . $i))\r
4625                                 $i++;\r
4626                         $name .= $i;\r
4627                 }\r
4628 \r
4629                 // 2. create skin desc\r
4630                 $newid = SKIN::createNew(\r
4631                         $name,\r
4632                         $skin->getDescription(),\r
4633                         $skin->getContentType(),\r
4634                         $skin->getIncludeMode(),\r
4635                         $skin->getIncludePrefix()\r
4636                 );\r
4637 \r
4638 \r
4639                 // 3. clone\r
4640                 /*\r
4641                 $this->skinclonetype($skin, $newid, 'index');\r
4642                 $this->skinclonetype($skin, $newid, 'item');\r
4643                 $this->skinclonetype($skin, $newid, 'archivelist');\r
4644                 $this->skinclonetype($skin, $newid, 'archive');\r
4645                 $this->skinclonetype($skin, $newid, 'search');\r
4646                 $this->skinclonetype($skin, $newid, 'error');\r
4647                 $this->skinclonetype($skin, $newid, 'member');\r
4648                 $this->skinclonetype($skin, $newid, 'imagepopup');\r
4649                 */\r
4650 \r
4651                 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;\r
4652                 $res = sql_query($query);\r
4653                 while ($row = sql_fetch_assoc($res)) {\r
4654                         $this->skinclonetype($skin, $newid, $row['stype']);\r
4655                 }\r
4656 \r
4657                 $this->action_skinoverview();\r
4658 \r
4659         }\r
4660 \r
4661         /**\r
4662          * @todo document this\r
4663          */\r
4664         function skinclonetype($skin, $newid, $type) {\r
4665                 $newid = intval($newid);\r
4666                 $content = $skin->getContent($type);\r
4667                 if ($content) {\r
4668                         $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". sql_real_escape_string($content)."', '". sql_real_escape_string($type)."')";\r
4669                         sql_query($query);\r
4670                 }\r
4671         }\r
4672 \r
4673         /**\r
4674          * @todo document this\r
4675          */\r
4676         function action_settingsedit() {\r
4677                 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;\r
4678 \r
4679                 $member->isAdmin() or $this->disallow();\r
4680 \r
4681                 $this->pagehead();\r
4682 \r
4683                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
4684                 ?>\r
4685 \r
4686                 <h2><?php echo _SETTINGS_TITLE?></h2>\r
4687 \r
4688                 <form action="index.php" method="post">\r
4689                 <div>\r
4690 \r
4691                 <input type="hidden" name="action" value="settingsupdate" />\r
4692                 <?php $manager->addTicketHidden() ?>\r
4693 \r
4694                 <table><tr>\r
4695                         <th colspan="2"><?php echo _SETTINGS_SUB_GENERAL?></th>\r
4696                 </tr><tr>\r
4697                         <td><?php echo _SETTINGS_DEFBLOG?> <?php help('defaultblog'); ?></td>\r
4698                         <td>\r
4699                                 <?php\r
4700                                         $query =  'SELECT bname as text, bnumber as value'\r
4701                                                    . ' FROM '.sql_table('blog');\r
4702                                         $template['name'] = 'DefaultBlog';\r
4703                                         $template['selected'] = $CONF['DefaultBlog'];\r
4704                                         $template['tabindex'] = 10;\r
4705                                         showlist($query,'select',$template);\r
4706                                 ?>\r
4707                         </td>\r
4708                 </tr><tr>\r
4709                         <td><?php echo _SETTINGS_BASESKIN?> <?php help('baseskin'); ?></td>\r
4710                         <td>\r
4711                                 <?php\r
4712                                         $query =  'SELECT sdname as text, sdnumber as value'\r
4713                                                    . ' FROM '.sql_table('skin_desc');\r
4714                                         $template['name'] = 'BaseSkin';\r
4715                                         $template['selected'] = $CONF['BaseSkin'];\r
4716                                         $template['tabindex'] = 1;\r
4717                                         showlist($query,'select',$template);\r
4718                                 ?>\r
4719                         </td>\r
4720                 </tr><tr>\r
4721                         <td><?php echo _SETTINGS_ADMINMAIL?></td>\r
4722                         <td><input name="AdminEmail" tabindex="10010" size="40" value="<?php echo  htmlspecialchars($CONF['AdminEmail']) ?>" /></td>\r
4723                 </tr><tr>\r
4724                         <td><?php echo _SETTINGS_SITENAME?></td>\r
4725                         <td><input name="SiteName" tabindex="10020" size="40" value="<?php echo  htmlspecialchars($CONF['SiteName']) ?>" /></td>\r
4726                 </tr><tr>\r
4727                         <td><?php echo _SETTINGS_SITEURL?></td>\r
4728                         <td><input name="IndexURL" tabindex="10030" size="40" value="<?php echo  htmlspecialchars($CONF['IndexURL']) ?>" /></td>\r
4729                 </tr><tr>\r
4730                         <td><?php echo _SETTINGS_ADMINURL?></td>\r
4731                         <td><input name="AdminURL" tabindex="10040" size="40" value="<?php echo  htmlspecialchars($CONF['AdminURL']) ?>" /></td>\r
4732                 </tr><tr>\r
4733                         <td><?php echo _SETTINGS_PLUGINURL?> <?php help('pluginurl');?></td>\r
4734                         <td><input name="PluginURL" tabindex="10045" size="40" value="<?php echo  htmlspecialchars($CONF['PluginURL']) ?>" /></td>\r
4735                 </tr><tr>\r
4736                         <td><?php echo _SETTINGS_SKINSURL?> <?php help('skinsurl');?></td>\r
4737                         <td><input name="SkinsURL" tabindex="10046" size="40" value="<?php echo  htmlspecialchars($CONF['SkinsURL']) ?>" /></td>\r
4738                 </tr><tr>\r
4739                         <td><?php echo _SETTINGS_ACTIONSURL?> <?php help('actionurl');?></td>\r
4740                         <td><input name="ActionURL" tabindex="10047" size="40" value="<?php echo  htmlspecialchars($CONF['ActionURL']) ?>" /></td>\r
4741                 </tr><tr>\r
4742                         <td><?php echo _SETTINGS_LANGUAGE?> <?php help('language'); ?>\r
4743                         </td>\r
4744                         <td>\r
4745 \r
4746                                 <select name="Language" tabindex="10050">\r
4747                                 <?php                      // show a dropdown list of all available languages\r
4748                                 global $DIR_LANG;\r
4749                                 $dirhandle = opendir($DIR_LANG);\r
4750                                 while ($filename = readdir($dirhandle) )\r
4751                                 {\r
4752                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
4753                                         # original ereg: ereg("^(.*)\.php$",$filename,$matches)\r
4754                                         if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
4755                                         {\r
4756                                                 $name = $matches[1];\r
4757                                                 echo "<option value=\"$name\"";\r
4758                                                 if ($name == $CONF['Language'])\r
4759                                                 {\r
4760                                                         echo " selected=\"selected\"";\r
4761                                                 }\r
4762                                                 echo ">$name</option>";\r
4763                                         }\r
4764                                 }\r
4765                                 closedir($dirhandle);\r
4766 \r
4767                                 ?>\r
4768                                 </select>\r
4769 \r
4770                         </td>\r
4771                 </tr><tr>\r
4772                         <td><?php echo _SETTINGS_DISABLESITE?> <?php help('disablesite'); ?>\r
4773                         </td>\r
4774                         <td><?php $this->input_yesno('DisableSite',$CONF['DisableSite'],10060); ?>\r
4775                                         <br />\r
4776                                 <?php echo _SETTINGS_DISABLESITEURL ?> <input name="DisableSiteURL" tabindex="10070" size="40" value="<?php echo  htmlspecialchars($CONF['DisableSiteURL'])?>" />\r
4777                         </td>\r
4778                 </tr><tr>\r
4779                         <td><?php echo _SETTINGS_DIRS?></td>\r
4780                         <td><?php echo  htmlspecialchars($DIR_NUCLEUS) ?>\r
4781                                 <i><?php echo _SETTINGS_SEECONFIGPHP?></i></td>\r
4782                 </tr><tr>\r
4783                         <td><?php echo _SETTINGS_DBLOGIN?></td>\r
4784                         <td><i><?php echo _SETTINGS_SEECONFIGPHP?></i></td>\r
4785                 </tr><tr>\r
4786                         <td>\r
4787                         <?php\r
4788                                 echo _SETTINGS_JSTOOLBAR\r
4789                                 /* =_SETTINGS_DISABLEJS\r
4790 \r
4791                                         I temporary changed the meaning of DisableJsTools, until I can find a good\r
4792                                         way to select the javascript version to use\r
4793 \r
4794                                         now, its:\r
4795                                                 0 : IE\r
4796                                                 1 : all javascript disabled\r
4797                                                 2 : 'simpler' javascript (for mozilla/opera/mac)\r
4798                                 */\r
4799                            ?>\r
4800                         </td>\r
4801                         <td><?php /* $this->input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?>\r
4802                                 <select name="DisableJsTools" tabindex="10075">\r
4803                         <?php                              $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : '';\r
4804                                         echo "<option $extra value='1'>",_SETTINGS_JSTOOLBAR_NONE,"</option>";\r
4805                                         $extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : '';\r
4806                                         echo "<option $extra value='2'>",_SETTINGS_JSTOOLBAR_SIMPLE,"</option>";\r
4807                                         $extra = ($CONF['DisableJsTools'] == 0) ? 'selected="selected"' : '';\r
4808                                         echo "<option $extra value='0'>",_SETTINGS_JSTOOLBAR_FULL,"</option>";\r
4809                         ?>\r
4810                                 </select>\r
4811                         </td>\r
4812                 </tr><tr>\r
4813                         <td><?php echo _SETTINGS_URLMODE?> <?php help('urlmode');?></td>\r
4814                                            <td><?php\r
4815 \r
4816                                            $this->input_yesno('URLMode',$CONF['URLMode'],10077,\r
4817                                                           'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO);\r
4818 \r
4819                                            echo ' ', _SETTINGS_URLMODE_HELP;\r
4820 \r
4821                                                          ?>\r
4822 \r
4823                                            </td>\r
4824                 </tr><tr>\r
4825                         <td><?php echo _SETTINGS_DEBUGVARS?> <?php help('debugvars');?></td>\r
4826                                            <td><?php\r
4827 \r
4828                                                 $this->input_yesno('DebugVars',$CONF['DebugVars'],10078);\r
4829 \r
4830                                                          ?>\r
4831 \r
4832                                            </td>\r
4833                 </tr><tr>\r
4834                         <td><?php echo _SETTINGS_DEFAULTLISTSIZE?> <?php help('defaultlistsize');?></td>\r
4835                         <td>\r
4836                         <?php\r
4837                                 if (!array_key_exists('DefaultListSize',$CONF)) {\r
4838                                         sql_query("INSERT INTO ".sql_table('config')." VALUES ('DefaultListSize', '10')");\r
4839                                         $CONF['DefaultListSize'] = 10;\r
4840                                 }\r
4841                         ?>\r
4842                                 <input name="DefaultListSize" tabindex="10079" size="40" value="<?php echo  htmlspecialchars((intval($CONF['DefaultListSize']) < 1 ? '10' : $CONF['DefaultListSize'])) ?>" />\r
4843                         </td>\r
4844                 </tr><tr>\r
4845                         <td><?php echo _SETTINGS_ADMINCSS?> \r
4846                         </td>\r
4847                         <td>\r
4848                                 <select name="AdminCSS" tabindex="10080">\r
4849                                 <?php           // show a dropdown list of all available admin css files\r
4850                                         global $DIR_NUCLEUS;\r
4851                                         $dirhandle = opendir($DIR_NUCLEUS."styles/");\r
4852                                 while ($filename = readdir($dirhandle) )\r
4853                                 {\r
4854                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
4855                                         # original ereg: ereg("^(.*)\.php$",$filename,$matches)\r
4856                                         if (preg_match('#^admin_(.*)\.css$#', $filename, $matches) )\r
4857                                         {\r
4858                                                 $name = $matches[1];\r
4859                                                 echo "<option value=\"$name\"";\r
4860                                                 if ($name == $CONF['AdminCSS'])\r
4861                                                 {\r
4862                                                         echo " selected=\"selected\"";\r
4863                                                 }\r
4864                                                 echo ">$name</option>";\r
4865                                         }\r
4866                                 }\r
4867                                 closedir($dirhandle);\r
4868                                 ?>\r
4869                                 </select>\r
4870                         </td>\r
4871                 </tr><tr>\r
4872                         <th colspan="2"><?php echo _SETTINGS_MEDIA?> <?php help('media'); ?></th>\r
4873                 </tr><tr>\r
4874                         <td><?php echo _SETTINGS_MEDIADIR?></td>\r
4875                         <td><?php echo  htmlspecialchars($DIR_MEDIA) ?>\r
4876                                 <i><?php echo _SETTINGS_SEECONFIGPHP?></i>\r
4877                                 <?php                              if (!is_dir($DIR_MEDIA))\r
4878                                                 echo "<br /><b>" . _WARNING_NOTADIR . "</b>";\r
4879                                         if (!is_readable($DIR_MEDIA))\r
4880                                                 echo "<br /><b>" . _WARNING_NOTREADABLE . "</b>";\r
4881                                         if (!is_writeable($DIR_MEDIA))\r
4882                                                 echo "<br /><b>" . _WARNING_NOTWRITABLE . "</b>";\r
4883                                 ?>\r
4884                         </td>\r
4885                 </tr><tr>\r
4886                         <td><?php echo _SETTINGS_MEDIAURL?></td>\r
4887                         <td>\r
4888                                 <input name="MediaURL" tabindex="10090" size="40" value="<?php echo  htmlspecialchars($CONF['MediaURL']) ?>" />\r
4889                         </td>\r
4890                 </tr><tr>\r
4891                         <td><?php echo _SETTINGS_ALLOWUPLOAD?></td>\r
4892                         <td><?php $this->input_yesno('AllowUpload',$CONF['AllowUpload'],10090); ?></td>\r
4893                 </tr><tr>\r
4894                         <td><?php echo _SETTINGS_ALLOWUPLOADTYPES?></td>\r
4895                         <td>\r
4896                                 <input name="AllowedTypes" tabindex="10100" size="40" value="<?php echo  htmlspecialchars($CONF['AllowedTypes']) ?>" />\r
4897                         </td>\r
4898                 </tr><tr>\r
4899                         <td><?php echo _SETTINGS_MAXUPLOADSIZE?></td>\r
4900                         <td>\r
4901                                 <input name="MaxUploadSize" tabindex="10105" size="40" value="<?php echo  htmlspecialchars($CONF['MaxUploadSize']) ?>" />\r
4902                         </td>\r
4903                 </tr><tr>\r
4904                         <td><?php echo _SETTINGS_MEDIAPREFIX?></td>\r
4905                         <td><?php $this->input_yesno('MediaPrefix',$CONF['MediaPrefix'],10110); ?></td>\r
4906 \r
4907                 </tr><tr>\r
4908                         <th colspan="2"><?php echo _SETTINGS_MEMBERS?></th>\r
4909                 </tr><tr>\r
4910                         <td><?php echo _SETTINGS_CHANGELOGIN?></td>\r
4911                         <td><?php $this->input_yesno('AllowLoginEdit',$CONF['AllowLoginEdit'],10120); ?></td>\r
4912                 </tr><tr>\r
4913                         <td><?php echo _SETTINGS_ALLOWCREATE?>\r
4914                                 <?php help('allowaccountcreation'); ?>\r
4915                         </td>\r
4916                         <td><?php $this->input_yesno('AllowMemberCreate',$CONF['AllowMemberCreate'],10130); ?>\r
4917                         </td>\r
4918                 </tr><tr>\r
4919                         <td><?php echo _SETTINGS_NEWLOGIN?> <?php help('allownewmemberlogin'); ?>\r
4920                                 <br /><?php echo _SETTINGS_NEWLOGIN2?>\r
4921                         </td>\r
4922                         <td><?php $this->input_yesno('NewMemberCanLogon',$CONF['NewMemberCanLogon'],10140); ?>\r
4923                         </td>\r
4924                 </tr><tr>\r
4925                         <td><?php echo _SETTINGS_MEMBERMSGS?>\r
4926                                 <?php help('messageservice'); ?>\r
4927                         </td>\r
4928                         <td><?php $this->input_yesno('AllowMemberMail',$CONF['AllowMemberMail'],10150); ?>\r
4929                         </td>\r
4930                 </tr><tr>\r
4931                         <td><?php echo _SETTINGS_NONMEMBERMSGS?>\r
4932                                 <?php help('messageservice'); ?>\r
4933                         </td>\r
4934                         <td><?php $this->input_yesno('NonmemberMail',$CONF['NonmemberMail'],10155); ?>\r
4935                         </td>\r
4936                 </tr><tr>\r
4937                         <td><?php echo _SETTINGS_PROTECTMEMNAMES?>\r
4938                                 <?php help('protectmemnames'); ?>\r
4939                         </td>\r
4940                         <td><?php $this->input_yesno('ProtectMemNames',$CONF['ProtectMemNames'],10156); ?>\r
4941                         </td>\r
4942 \r
4943 \r
4944 \r
4945                 </tr><tr>\r
4946                         <th colspan="2"><?php echo _SETTINGS_COOKIES_TITLE?> <?php help('cookies'); ?></th>\r
4947                 </tr><tr>\r
4948                         <td><?php echo _SETTINGS_COOKIEPREFIX?></td>\r
4949                         <td><input name="CookiePrefix" tabindex="10159" size="40" value="<?php echo  htmlspecialchars($CONF['CookiePrefix'])?>" /></td>\r
4950                 </tr><tr>\r
4951                         <td><?php echo _SETTINGS_COOKIEDOMAIN?></td>\r
4952                         <td><input name="CookieDomain" tabindex="10160" size="40" value="<?php echo  htmlspecialchars($CONF['CookieDomain'])?>" /></td>\r
4953                 </tr><tr>\r
4954                         <td><?php echo _SETTINGS_COOKIEPATH?></td>\r
4955                         <td><input name="CookiePath" tabindex="10170" size="40" value="<?php echo  htmlspecialchars($CONF['CookiePath'])?>" /></td>\r
4956                 </tr><tr>\r
4957                         <td><?php echo _SETTINGS_COOKIESECURE?></td>\r
4958                         <td><?php $this->input_yesno('CookieSecure',$CONF['CookieSecure'],10180); ?></td>\r
4959                 </tr><tr>\r
4960                         <td><?php echo _SETTINGS_COOKIELIFE?></td>\r
4961                         <td><?php $this->input_yesno('SessionCookie',$CONF['SessionCookie'],10190,\r
4962                                                           1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?>\r
4963                         </td>\r
4964                 </tr><tr>\r
4965                         <td><?php echo _SETTINGS_LASTVISIT?></td>\r
4966                         <td><?php $this->input_yesno('LastVisit',$CONF['LastVisit'],10200); ?></td>\r
4967 \r
4968 \r
4969 \r
4970                 </tr><tr>\r
4971                         <th colspan="2"><?php echo _SETTINGS_UPDATE?></th>\r
4972                 </tr><tr>\r
4973                         <td><?php echo _SETTINGS_UPDATE?></td>\r
4974                         <td><input type="submit" tabindex="10210" value="<?php echo _SETTINGS_UPDATE_BTN?>" onclick="return checkSubmit();" /></td>\r
4975                 </tr></table>\r
4976 \r
4977                 </div>\r
4978                 </form>\r
4979 \r
4980                 <?php\r
4981                         echo '<h2>',_PLUGINS_EXTRA,'</h2>';\r
4982 \r
4983                         $manager->notify(\r
4984                                 'GeneralSettingsFormExtras',\r
4985                                 array()\r
4986                         );\r
4987 \r
4988                 $this->pagefoot();\r
4989         }\r
4990 \r
4991         /**\r
4992          * @todo document this\r
4993          */\r
4994         function action_settingsupdate() {\r
4995                 global $member, $CONF;\r
4996 \r
4997                 $member->isAdmin() or $this->disallow();\r
4998 \r
4999                 // check if email address for admin is valid\r
5000                 if (!isValidMailAddress(postVar('AdminEmail')))\r
5001                         $this->error(_ERROR_BADMAILADDRESS);\r
5002 \r
5003 \r
5004                 // save settings\r
5005                 $this->updateConfig('DefaultBlog',        postVar('DefaultBlog'));\r
5006                 $this->updateConfig('BaseSkin',          postVar('BaseSkin'));\r
5007                 $this->updateConfig('IndexURL',          postVar('IndexURL'));\r
5008                 $this->updateConfig('AdminURL',          postVar('AdminURL'));\r
5009                 $this->updateConfig('PluginURL',                postVar('PluginURL'));\r
5010                 $this->updateConfig('SkinsURL',          postVar('SkinsURL'));\r
5011                 $this->updateConfig('ActionURL',                postVar('ActionURL'));\r
5012                 $this->updateConfig('Language',          postVar('Language'));\r
5013                 $this->updateConfig('AdminEmail',          postVar('AdminEmail'));\r
5014                 $this->updateConfig('SessionCookie',    postVar('SessionCookie'));\r
5015                 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));\r
5016                 $this->updateConfig('AllowMemberMail',  postVar('AllowMemberMail'));\r
5017                 $this->updateConfig('NonmemberMail',    postVar('NonmemberMail'));\r
5018                 $this->updateConfig('ProtectMemNames',  postVar('ProtectMemNames'));\r
5019                 $this->updateConfig('SiteName',          postVar('SiteName'));\r
5020                 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));\r
5021                 $this->updateConfig('DisableSite',        postVar('DisableSite'));\r
5022                 $this->updateConfig('DisableSiteURL',   postVar('DisableSiteURL'));\r
5023                 $this->updateConfig('LastVisit',                postVar('LastVisit'));\r
5024                 $this->updateConfig('MediaURL',          postVar('MediaURL'));\r
5025                 $this->updateConfig('AllowedTypes',      postVar('AllowedTypes'));\r
5026                 $this->updateConfig('AllowUpload',        postVar('AllowUpload'));\r
5027                 $this->updateConfig('MaxUploadSize',    postVar('MaxUploadSize'));\r
5028                 $this->updateConfig('MediaPrefix',        postVar('MediaPrefix'));\r
5029                 $this->updateConfig('AllowLoginEdit',   postVar('AllowLoginEdit'));\r
5030                 $this->updateConfig('DisableJsTools',   postVar('DisableJsTools'));\r
5031                 $this->updateConfig('CookieDomain',      postVar('CookieDomain'));\r
5032                 $this->updateConfig('CookiePath',          postVar('CookiePath'));\r
5033                 $this->updateConfig('CookieSecure',      postVar('CookieSecure'));\r
5034                 $this->updateConfig('URLMode',            postVar('URLMode'));\r
5035                 $this->updateConfig('CookiePrefix',      postVar('CookiePrefix'));\r
5036                 $this->updateConfig('DebugVars',                postVar('DebugVars'));\r
5037                 $this->updateConfig('DefaultListSize',  postVar('DefaultListSize'));\r
5038                 $this->updateConfig('AdminCSS',          postVar('AdminCSS'));\r
5039 \r
5040                 // load new config and redirect (this way, the new language will be used is necessary)\r
5041                 // note that when changing cookie settings, this redirect might cause the user\r
5042                 // to have to log in again.\r
5043                 getConfig();\r
5044                 redirect($CONF['AdminURL'] . '?action=manage');\r
5045                 exit;\r
5046 \r
5047         }\r
5048 \r
5049         /**\r
5050          *  Give an overview over the used system\r
5051          */\r
5052         function action_systemoverview() {\r
5053                 global $member, $nucleus, $CONF;\r
5054 \r
5055                 $this->pagehead();\r
5056 \r
5057                 echo '<h2>' . _ADMIN_SYSTEMOVERVIEW_HEADING . "</h2>\n";\r
5058 \r
5059                 if ($member->isLoggedIn() && $member->isAdmin()) {\r
5060 \r
5061                         // Information about the used PHP and MySQL installation\r
5062                         echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_PHPANDMYSQL . "</h3>\n";\r
5063 \r
5064                         // Version of PHP MySQL\r
5065                         echo "<table>\n";\r
5066                         echo "\t<tr>\n";\r
5067                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . "</th>\n";\r
5068                         echo "\t</tr><tr>\n";\r
5069                         echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . "</td>\n";\r
5070                         echo "\t\t" . '<td>' . phpversion() . "</td>\n";\r
5071                         echo "\t</tr><tr>\n";\r
5072                         echo "\t\t" . '<td>' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . "</td>\n";\r
5073                         echo "\t\t" . '<td>' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . "</td>\n";\r
5074                         echo "\t</tr>";\r
5075                         echo "</table>\n";\r
5076 \r
5077                         // Important PHP settings\r
5078                         echo "<table>\n";\r
5079                         echo "\t<tr>\n";\r
5080                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . "</th>\n";\r
5081                         echo "\t</tr><tr>\n";\r
5082                         echo "\t\t" . '<td width="50%">magic_quotes_gpc' . "</td>\n";\r
5083                         $mqg = get_magic_quotes_gpc() ? 'On' : 'Off';\r
5084                         echo "\t\t" . '<td>' . $mqg . "</td>\n";\r
5085                         echo "\t</tr><tr>\n";\r
5086                         echo "\t\t" . '<td>magic_quotes_runtime' . "</td>\n";\r
5087                         $mqr = get_magic_quotes_runtime() ? 'On' : 'Off';\r
5088                         echo "\t\t" . '<td>' . $mqr . "</td>\n";\r
5089                         echo "\t</tr><tr>\n";\r
5090                         echo "\t\t" . '<td>register_globals' . "</td>\n";\r
5091                         $rg = ini_get('register_globals') ? 'On' : 'Off';\r
5092                         echo "\t\t" . '<td>' . $rg . "</td>\n";\r
5093                         echo "\t</tr>";\r
5094                         echo "</table>\n";\r
5095 \r
5096                         // Information about GD library\r
5097                         $gdinfo = gd_info();\r
5098                         echo "<table>\n";\r
5099                         echo "\t<tr>";\r
5100                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . "</th>\n";\r
5101                         echo "\t</tr>\n";\r
5102                         foreach ($gdinfo as $key=>$value) {\r
5103                                 if (is_bool($value)) {\r
5104                                         $value = $value ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
5105                                 } else {\r
5106                                         $value = htmlspecialchars($value, ENT_QUOTES);\r
5107                                 }\r
5108                                 echo "\t<tr>";\r
5109                                 echo "\t\t" . '<td width="50%">' . $key . "</td>\n";\r
5110                                 echo "\t\t" . '<td>' . $value . "</td>\n";\r
5111                                 echo "\t</tr>\n";\r
5112                         }\r
5113                         echo "</table>\n";\r
5114 \r
5115                         // Check if special modules are loaded\r
5116                         ob_start();\r
5117                         phpinfo(INFO_MODULES);\r
5118                         $im = ob_get_contents();\r
5119                         ob_clean();\r
5120                         echo "<table>\n";\r
5121                         echo "\t<tr>";\r
5122                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_MODULES . "</th>\n";\r
5123                         echo "\t</tr><tr>\n";\r
5124                         echo "\t\t" . '<td width="50%">mod_rewrite' . "</td>\n";\r
5125                         $modrewrite = (strstr($im, 'mod_rewrite') != '') ?\r
5126                                                 _ADMIN_SYSTEMOVERVIEW_ENABLE :\r
5127                                                 _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
5128                         echo "\t\t" . '<td>' . $modrewrite . "</td>\n";\r
5129                         echo "\t</tr>\n";\r
5130                         echo "</table>\n";\r
5131 \r
5132                         // Information about the used Nucleus CMS\r
5133                         echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . "</h3>\n";\r
5134                         global $nucleus;\r
5135                         $nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')';\r
5136                         $np = getNucleusPatchLevel();\r
5137                         echo "<table>\n";\r
5138                         echo "\t<tr>";\r
5139                         echo "\t\t" . '<th colspan="2">Nucleus CMS' . "</th>\n";\r
5140                         echo "\t</tr><tr>\n";\r
5141                         echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . "</td>\n";\r
5142                         echo "\t\t" . '<td>' . $nv . "</td>\n";\r
5143                         echo "\t</tr><tr>\n";\r
5144                         echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . "</td>\n";\r
5145                         echo "\t\t" . '<td>' . $np . "</td>\n";\r
5146                         echo "\t</tr>\n";\r
5147                         echo "</table>\n";\r
5148 \r
5149                         // Important settings of the installation\r
5150                         echo "<table>\n";\r
5151                         echo "\t<tr>";\r
5152                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . "</th>\n";\r
5153                         echo "\t</tr><tr>\n";\r
5154                         echo "\t\t" . '<td width="50%">' . '$CONF[' . "'Self']</td>\n";\r
5155                         echo "\t\t" . '<td>' . $CONF['Self'] . "</td>\n";\r
5156                         echo "\t</tr><tr>\n";\r
5157                         echo "\t\t" . '<td width="50%">' . '$CONF[' . "'ItemURL']</td>\n";\r
5158                         echo "\t\t" . '<td>' . $CONF['ItemURL'] . "</td>\n";\r
5159                         echo "\t</tr><tr>\n";\r
5160                         echo "\t\t" . '<td width="50%">' . '$CONF[' . "'alertOnHeadersSent']</td>\n";\r
5161                         $ohs = $CONF['alertOnHeadersSent'] ?\r
5162                                                 _ADMIN_SYSTEMOVERVIEW_ENABLE :\r
5163                                                 _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
5164                         echo "\t\t" . '<td>' . $ohs . "</td>\n";\r
5165                         echo "\t</tr>\n";\r
5166                         echo "</table>\n";\r
5167 \r
5168                         // Link to the online version test at the Nucleus CMS website\r
5169                         echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK . "</h3>\n";\r
5170                         if ($nucleus['codename'] != '') {\r
5171                                 $codenamestring = ' &quot;' . $nucleus['codename'] . '&quot;';\r
5172                         } else {\r
5173                                 $codenamestring = '';\r
5174                         }\r
5175                         echo _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TXT;\r
5176                         $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());\r
5177                         echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">';\r
5178                         echo 'Nucleus CMS ' . $nv . $codenamestring;\r
5179                         echo '</a>';\r
5180                 //echo '<br />';\r
5181                 }\r
5182                 else {\r
5183                         echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN;\r
5184                 }\r
5185 \r
5186                 $this->pagefoot();\r
5187         }\r
5188 \r
5189         /**\r
5190          * @todo document this\r
5191          */\r
5192         function updateConfig($name, $val) {\r
5193                 $name = sql_real_escape_string($name);\r
5194                 $val = trim(sql_real_escape_string($val));\r
5195 \r
5196                 $query = 'UPDATE '.sql_table('config')\r
5197                            . " SET value='$val'"\r
5198                            . " WHERE name='$name'";\r
5199 \r
5200                 sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
5201                 return sql_insert_id();\r
5202         }\r
5203 \r
5204         /**\r
5205          * Error message\r
5206          * @param string $msg message that will be shown\r
5207          */\r
5208         function error($msg) {\r
5209                 $this->pagehead();\r
5210                 ?>\r
5211                 <h2>Error!</h2>\r
5212                 <?php      echo $msg;\r
5213                 echo "<br />";\r
5214                 echo "<a href='index.php' onclick='history.back(); return false;'>"._BACK."</a>";\r
5215                 $this->pagefoot();\r
5216                 exit;\r
5217         }\r
5218 \r
5219         /**\r
5220          * @todo document this\r
5221          */\r
5222         function disallow() {\r
5223                 ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));\r
5224 \r
5225                 $this->error(_ERROR_DISALLOWED);\r
5226         }\r
5227 \r
5228         /**\r
5229          * @todo document this\r
5230          */\r
5231         function pagehead($extrahead = '') {\r
5232                 global $member, $nucleus, $CONF, $manager;\r
5233 \r
5234                 $manager->notify(\r
5235                         'AdminPrePageHead',\r
5236                         array(\r
5237                                 'extrahead' => &$extrahead,\r
5238                                 'action' => $this->action\r
5239                         )\r
5240                 );\r
5241 \r
5242                 $baseUrl = htmlspecialchars($CONF['AdminURL']);\r
5243                 if (!array_key_exists('AdminCSS',$CONF)) \r
5244                 {\r
5245                         sql_query("INSERT INTO ".sql_table('config')." VALUES ('AdminCSS', 'contemporary_jp')");\r
5246                         $CONF['AdminCSS'] = 'contemporary_jp';\r
5247                 }\r
5248                 \r
5249                 ?>\r
5250                 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
5251                 <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>>\r
5252                 <head>\r
5253                         <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />\r
5254                         <title><?php echo htmlspecialchars($CONF['SiteName'])?> - Admin</title>\r
5255                         <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" href="<?php echo $baseUrl?>styles/admin_<?php echo $CONF["AdminCSS"]?>.css" />\r
5256                         <link rel="stylesheet" title="Nucleus Admin Default" type="text/css"\r
5257                         href="<?php echo $baseUrl?>styles/addedit.css" />\r
5258 \r
5259                         <script type="text/javascript" src="<?php echo $baseUrl?>javascript/edit.js"></script>\r
5260                         <script type="text/javascript" src="<?php echo $baseUrl?>javascript/admin.js"></script>\r
5261                         <script type="text/javascript" src="<?php echo $baseUrl?>javascript/compatibility.js"></script>\r
5262 \r
5263           <meta http-equiv='Pragma' content='no-cache' />\r
5264           <meta http-equiv='Cache-Control' content='no-cache, must-revalidate' />\r
5265           <meta http-equiv='Expires' content='-1' />\r
5266 \r
5267                         <?php echo $extrahead?>\r
5268                 </head>\r
5269                 <body>\r
5270                 <div id="adminwrapper">\r
5271                 <div class="header">\r
5272                 <h1><?php echo htmlspecialchars($CONF['SiteName'])?></h1>\r
5273                 </div>\r
5274                 <div id="container">\r
5275                 <div id="content">\r
5276                 <div class="loginname">\r
5277                 <?php              if ($member->isLoggedIn())\r
5278                                 echo _LOGGEDINAS . ' ' . $member->getDisplayName()\r
5279                                         ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a>"\r
5280                                         . "<br /><a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";\r
5281                         else\r
5282                                 echo '<a href="index.php?action=showlogin" title="Log in">' , _NOTLOGGEDIN , '</a> <br />';\r
5283 \r
5284                         echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a>";\r
5285 \r
5286                         echo '<br />(';\r
5287 \r
5288                         $codenamestring = ($nucleus['codename']!='')? ' &quot;'.$nucleus['codename'].'&quot;':'';\r
5289 \r
5290                         if ($member->isLoggedIn() && $member->isAdmin()) {\r
5291                                 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());\r
5292                                 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';\r
5293                                 $newestVersion = getLatestVersion();\r
5294                                 $newestCompare = str_replace('/','.',$newestVersion);\r
5295                                 $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);\r
5296                                 $currentVersion = floatval($currentVersion);\r
5297                                 if ($newestVersion && version_compare($newestCompare,$currentVersion) > 0) {\r
5298                                         echo '<br /><a style="color:red" href="'._ADMINPAGEFOOT_OFFICIALURL.'upgrade.php" title="'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE.'">'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT.$newestVersion.'</a>';\r
5299                                 }\r
5300                         } else {\r
5301                                 echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;\r
5302                         }\r
5303                         echo ')';\r
5304                 echo '</div>';\r
5305         }\r
5306 \r
5307         /**\r
5308          * @todo document this\r
5309          */\r
5310         function pagefoot() {\r
5311                 global $action, $member, $manager;\r
5312 \r
5313                 $manager->notify(\r
5314                         'AdminPrePageFoot',\r
5315                         array(\r
5316                                 'action' => $this->action\r
5317                         )\r
5318                 );\r
5319 \r
5320                 if ($member->isLoggedIn() && ($action != 'showlogin')) {\r
5321                         ?>\r
5322                         <h2><?php echo  _LOGOUT ?></h2>\r
5323                         <ul>\r
5324                                 <li><a href="index.php?action=overview"><?php echo  _BACKHOME?></a></li>\r
5325                                 <li><a href='index.php?action=logout'><?php echo  _LOGOUT?></a></li>\r
5326                         </ul>\r
5327                         <?php      }\r
5328                 ?>\r
5329                         <div class="foot">\r
5330                                 <a href="<?php echo _ADMINPAGEFOOT_OFFICIALURL ?>">Nucleus CMS</a> &copy; 2002-<?php echo date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT; ?>\r
5331                                 -\r
5332                                 <a href="<?php echo _ADMINPAGEFOOT_DONATEURL ?>"><?php echo _ADMINPAGEFOOT_DONATE ?></a>\r
5333                         </div>\r
5334 \r
5335                         </div><!-- content -->\r
5336 \r
5337                         <div id="quickmenu">\r
5338 \r
5339                                 <?php                      // ---- user settings ----\r
5340                                 if (($action != 'showlogin') && ($member->isLoggedIn())) {\r
5341                                         echo '<ul>';\r
5342                                         echo '<li><a href="index.php?action=overview">',_QMENU_HOME,'</a></li>';\r
5343                                         echo '</ul>';\r
5344 \r
5345                                         echo '<h2>',_QMENU_ADD,'</h2>';\r
5346                                         echo '<form method="get" action="index.php"><div>';\r
5347                                         echo '<input type="hidden" name="action" value="createitem" />';\r
5348 \r
5349                                                 $showAll = requestVar('showall');\r
5350                                                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
5351                                                         // Super-Admins have access to all blogs! (no add item support though)\r
5352                                                         $query =  'SELECT bnumber as value, bname as text'\r
5353                                                                    . ' FROM ' . sql_table('blog')\r
5354                                                                    . ' ORDER BY bname';\r
5355                                                 } else {\r
5356                                                         $query =  'SELECT bnumber as value, bname as text'\r
5357                                                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
5358                                                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
5359                                                                    . ' ORDER BY bname';\r
5360                                                 }\r
5361                                                 $template['name'] = 'blogid';\r
5362                                                 $template['tabindex'] = 15000;\r
5363                                                 $template['extra'] = _QMENU_ADD_SELECT;\r
5364                                                 $template['selected'] = -1;\r
5365                                                 $template['shorten'] = 10;\r
5366                                                 $template['shortenel'] = '';\r
5367                                                 $template['javascript'] = 'onchange="return form.submit()"';\r
5368                                                 showlist($query,'select',$template);\r
5369 \r
5370                                         echo '</div></form>';\r
5371 \r
5372                                         echo '<h2>' . $member->getDisplayName(). '</h2>';\r
5373                                         echo '<ul>';\r
5374                                         echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . '</a></li>';\r
5375                                         echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . '</a></li>';\r
5376                                         echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . '</a></li>';\r
5377                                         echo '</ul>';\r
5378 \r
5379 \r
5380 \r
5381 \r
5382                                         // ---- general settings ----\r
5383                                         if ($member->isAdmin()) {\r
5384 \r
5385                                                 echo '<h2>',_QMENU_MANAGE,'</h2>';\r
5386 \r
5387                                                 echo '<ul>';\r
5388                                                 echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . '</a></li>';\r
5389                                                 echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . '</a></li>';\r
5390                                                 echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . '</a></li>';\r
5391                                                 echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . '</a></li>';\r
5392                                                 echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . '</a></li>';\r
5393                                                 echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . '</a></li>';\r
5394                                                 echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . '</a></li>';\r
5395                                                 echo '</ul>';\r
5396 \r
5397                                                 echo '<h2>',_QMENU_LAYOUT,'</h2>';\r
5398                                                 echo '<ul>';\r
5399                                                 echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . '</a></li>';\r
5400                                                 echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . '</a></li>';\r
5401                                                 echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . '</a></li>';\r
5402                                                 echo '</ul>';\r
5403 \r
5404                                         }\r
5405 \r
5406                                         $aPluginExtras = array();\r
5407                                         $manager->notify(\r
5408                                                 'QuickMenu',\r
5409                                                 array(\r
5410                                                         'options' => &$aPluginExtras\r
5411                                                 )\r
5412                                         );\r
5413                                         if (count($aPluginExtras) > 0)\r
5414                                         {\r
5415                                                 echo '<h2>', _QMENU_PLUGINS, '</h2>';\r
5416                                                 echo '<ul>';\r
5417                                                 foreach ($aPluginExtras as $aInfo)\r
5418                                                 {\r
5419                                                         echo '<li><a href="'.htmlspecialchars($aInfo['url']).'" title="'.htmlspecialchars($aInfo['tooltip']).'">'.htmlspecialchars($aInfo['title']).'</a></li>';\r
5420                                                 }\r
5421                                                 echo '</ul>';\r
5422                                         }\r
5423 \r
5424                                 } else if (($action == 'activate') || ($action == 'activatesetpwd')) {\r
5425 \r
5426                                         echo '<h2>', _QMENU_ACTIVATE, '</h2>', _QMENU_ACTIVATE_TEXT;\r
5427                                 } else {\r
5428                                         // introduction text on login screen\r
5429                                         echo '<h2>', _QMENU_INTRO, '</h2>', _QMENU_INTRO_TEXT;\r
5430                                 }\r
5431                                 ?>\r
5432                         </div>\r
5433 \r
5434                         <!-- content / quickmenu container -->\r
5435                         <div class="clear"></div>       <!-- new -->\r
5436                         </div>\r
5437 \r
5438                         <!-- adminwrapper -->   <!-- new -->\r
5439                         </div>   <!-- new -->\r
5440                         </body>\r
5441                         </html>\r
5442                 <?php   }\r
5443 \r
5444         /**\r
5445          * @todo document this\r
5446          */\r
5447         function action_regfile() {\r
5448                 global $member, $CONF;\r
5449 \r
5450                 $blogid = intRequestVar('blogid');\r
5451 \r
5452                 $member->teamRights($blogid) or $this->disallow();\r
5453 \r
5454                 // header-code stolen from phpMyAdmin\r
5455                 // REGEDIT and bookmarklet code stolen from GreyMatter\r
5456 \r
5457                 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid));\r
5458                 $sjisBlogName = mb_convert_encoding($sjisBlogName, "SJIS", "auto");\r
5459 \r
5460                 header('Content-Type: application/octetstream');\r
5461                 header('Content-Disposition: filename="nucleus.reg"');\r
5462                 header('Pragma: no-cache');\r
5463                 header('Expires: 0');\r
5464 \r
5465                 echo "REGEDIT4\n";\r
5466                 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n";\r
5467                 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n";\r
5468                 echo '"contexts"=hex:31';\r
5469         }\r
5470 \r
5471         /**\r
5472          * @todo document this\r
5473          */\r
5474         function action_bookmarklet() {\r
5475                 global $member, $manager;\r
5476 \r
5477                 $blogid = intRequestVar('blogid');\r
5478 \r
5479                 $member->teamRights($blogid) or $this->disallow();\r
5480 \r
5481                 $blog =& $manager->getBlog($blogid);\r
5482                 $bm = getBookmarklet($blogid);\r
5483 \r
5484                 $this->pagehead();\r
5485 \r
5486                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
5487 \r
5488                 ?>\r
5489 \r
5490                 <h2><?php echo _BOOKMARKLET_TITLE ?></h2>\r
5491 \r
5492                 <p>\r
5493                 <?php echo _BOOKMARKLET_DESC1 . _BOOKMARKLET_DESC2 . _BOOKMARKLET_DESC3 . _BOOKMARKLET_DESC4 . _BOOKMARKLET_DESC5 ?>\r
5494                 </p>\r
5495 \r
5496                 <h3><?php echo _BOOKMARKLET_BOOKARKLET ?></h3>\r
5497                 <p>\r
5498                         <?php echo _BOOKMARKLET_BMARKTEXT ?><small><?php echo _BOOKMARKLET_BMARKTEST ?></small>\r
5499                         <br />\r
5500                         <br />\r
5501                         <?php echo '<a href="' . htmlspecialchars($bm, ENT_QUOTES) . '">' . sprintf(_BOOKMARKLET_ANCHOR, htmlspecialchars($blog->getName(), ENT_QUOTES)) . '</a>' . _BOOKMARKLET_BMARKFOLLOW; ?>\r
5502                 </p>\r
5503 \r
5504                 <h3><?php echo _BOOKMARKLET_RIGHTCLICK ?></h3>\r
5505                 <p>\r
5506                         <?php\r
5507                                 $url = 'index.php?action=regfile&blogid=' . intval($blogid);\r
5508                                 $url = $manager->addTicketToUrl($url);\r
5509                         ?>\r
5510                         <?php echo _BOOKMARKLET_RIGHTTEXT1 . '<a href="' . htmlspecialchars($url, ENT_QUOTES, "SJIS") . '">' . _BOOKMARKLET_RIGHTLABEL . '</a>' . _BOOKMARKLET_RIGHTTEXT2; ?>\r
5511                 </p>\r
5512 \r
5513                 <p>\r
5514                         <?php echo _BOOKMARKLET_RIGHTTEXT3 ?>\r
5515                 </p>\r
5516 \r
5517                 <h3><?php echo _BOOKMARKLET_UNINSTALLTT ?></h3>\r
5518                 <p>\r
5519                         <?php echo _BOOKMARKLET_DELETEBAR ?>\r
5520                 </p>\r
5521 \r
5522                 <p>\r
5523                         <?php echo _BOOKMARKLET_DELETERIGHTT ?>\r
5524                 </p>\r
5525 \r
5526                 <ol>\r
5527                         <li><?php echo _BOOKMARKLET_DELETERIGHT1 ?></li>\r
5528                         <li><?php echo _BOOKMARKLET_DELETERIGHT2 ?></li>\r
5529                         <li><?php echo _BOOKMARKLET_DELETERIGHT3 ?></li>\r
5530                         <li><?php echo _BOOKMARKLET_DELETERIGHT4 ?></li>\r
5531                         <li><?php echo _BOOKMARKLET_DELETERIGHT5 ?></li>\r
5532                 </ol>\r
5533 \r
5534                 <?php\r
5535                 $this->pagefoot();\r
5536 \r
5537         }\r
5538 \r
5539         /**\r
5540          * @todo document this\r
5541          */\r
5542         function action_actionlog() {\r
5543                 global $member, $manager;\r
5544 \r
5545                 $member->isAdmin() or $this->disallow();\r
5546 \r
5547                 $this->pagehead();\r
5548 \r
5549                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
5550 \r
5551                 $url = $manager->addTicketToUrl('index.php?action=clearactionlog');\r
5552 \r
5553                 ?>\r
5554                         <h2><?php echo _ACTIONLOG_CLEAR_TITLE?></h2>\r
5555                         <p><a href="<?php echo htmlspecialchars($url)?>"><?php echo _ACTIONLOG_CLEAR_TEXT?></a></p>\r
5556                 <?php\r
5557                 echo '<h2>' . _ACTIONLOG_TITLE . '</h2>';\r
5558 \r
5559                 $query =  'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC';\r
5560                 $template['content'] = 'actionlist';\r
5561                 $amount = showlist($query,'table',$template);\r
5562 \r
5563                 $this->pagefoot();\r
5564 \r
5565         }\r
5566 \r
5567         /**\r
5568          * @todo document this\r
5569          */\r
5570         function action_banlist() {\r
5571                 global $member, $manager;\r
5572 \r
5573                 $blogid = intRequestVar('blogid');\r
5574 \r
5575                 $member->blogAdminRights($blogid) or $this->disallow();\r
5576 \r
5577                 $blog =& $manager->getBlog($blogid);\r
5578 \r
5579                 $this->pagehead();\r
5580 \r
5581                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
5582 \r
5583                 echo '<h2>' . _BAN_TITLE . " '". $this->bloglink($blog) ."'</h2>";\r
5584 \r
5585                 $query =  'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid.' ORDER BY iprange';\r
5586                 $template['content'] = 'banlist';\r
5587                 $amount = showlist($query,'table',$template);\r
5588 \r
5589                 if ($amount == 0)\r
5590                         echo _BAN_NONE;\r
5591 \r
5592                 echo '<h2>'._BAN_NEW_TITLE.'</h2>';\r
5593                 echo "<p><a href='index.php?action=banlistnew&amp;blogid=$blogid'>"._BAN_NEW_TEXT."</a></p>";\r
5594 \r
5595 \r
5596                 $this->pagefoot();\r
5597 \r
5598         }\r
5599 \r
5600         /**\r
5601          * @todo document this\r
5602          */\r
5603         function action_banlistdelete() {\r
5604                 global $member, $manager;\r
5605 \r
5606                 $blogid = intRequestVar('blogid');\r
5607                 $iprange = requestVar('iprange');\r
5608 \r
5609                 $member->blogAdminRights($blogid) or $this->disallow();\r
5610 \r
5611                 $blog =& $manager->getBlog($blogid);\r
5612                 $banBlogName =  htmlspecialchars($blog->getName(), ENT_QUOTES);\r
5613 \r
5614                 $this->pagehead();\r
5615                 ?>\r
5616                         <h2><?php echo _BAN_REMOVE_TITLE?></h2>\r
5617 \r
5618                         <form method="post" action="index.php">\r
5619 \r
5620                         <h3><?php echo _BAN_IPRANGE?></h3>\r
5621 \r
5622                         <p>\r
5623                                 <?php echo _CONFIRMTXT_BAN?> <?php echo htmlspecialchars($iprange) ?>\r
5624                                 <input name="iprange" type="hidden" value="<?php echo htmlspecialchars($iprange)?>" />\r
5625                         </p>\r
5626 \r
5627                         <h3><?php echo _BAN_BLOGS?></h3>\r
5628 \r
5629                         <div>\r
5630                                 <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
5631                                 <input name="allblogs" type="radio" value="0" id="allblogs_one" />\r
5632                                 <label for="allblogs_one"><?php echo sprintf(_BAN_BANBLOGNAME, $banBlogName) ?></label>\r
5633                                 <br />\r
5634                                 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label>\r
5635                         </div>\r
5636 \r
5637                         <h3><?php echo _BAN_DELETE_TITLE?></h3>\r
5638 \r
5639                         <div>\r
5640                                 <?php $manager->addTicketHidden() ?>\r
5641                                 <input type="hidden" name="action" value="banlistdeleteconfirm" />\r
5642                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
5643                         </div>\r
5644 \r
5645                         </form>\r
5646                 <?php\r
5647                 $this->pagefoot();\r
5648         }\r
5649 \r
5650         /**\r
5651          * @todo document this\r
5652          */\r
5653         function action_banlistdeleteconfirm() {\r
5654                 global $member, $manager;\r
5655 \r
5656                 $blogid = intPostVar('blogid');\r
5657                 $allblogs = postVar('allblogs');\r
5658                 $iprange = postVar('iprange');\r
5659 \r
5660                 $member->blogAdminRights($blogid) or $this->disallow();\r
5661 \r
5662                 $deleted = array();\r
5663 \r
5664                 if (!$allblogs) {\r
5665                         if (BAN::removeBan($blogid, $iprange))\r
5666                                 array_push($deleted, $blogid);\r
5667                 } else {\r
5668                         // get blogs fot which member has admin rights\r
5669                         $adminblogs = $member->getAdminBlogs();\r
5670                         foreach ($adminblogs as $blogje) {\r
5671                                 if (BAN::removeBan($blogje, $iprange))\r
5672                                         array_push($deleted, $blogje);\r
5673                         }\r
5674                 }\r
5675 \r
5676                 if (sizeof($deleted) == 0)\r
5677                         $this->error(_ERROR_DELETEBAN);\r
5678 \r
5679                 $this->pagehead();\r
5680 \r
5681                 echo '<a href="index.php?action=banlist&amp;blogid=',$blogid,'">(',_BACK,')</a>';\r
5682                 echo '<h2>'._BAN_REMOVED_TITLE.'</h2>';\r
5683                 echo "<p>"._BAN_REMOVED_TEXT."</p>";\r
5684 \r
5685                 echo "<ul>";\r
5686                 foreach ($deleted as $delblog) {\r
5687                         $b =& $manager->getBlog($delblog);\r
5688                         echo "<li>" . htmlspecialchars($b->getName()). "</li>";\r
5689                 }\r
5690                 echo "</ul>";\r
5691 \r
5692                 $this->pagefoot();\r
5693 \r
5694         }\r
5695 \r
5696         /**\r
5697          * @todo document this\r
5698          */\r
5699         function action_banlistnewfromitem() {\r
5700                 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));\r
5701         }\r
5702 \r
5703         /**\r
5704          * @todo document this\r
5705          */\r
5706         function action_banlistnew($blogid = '') {\r
5707                 global $member, $manager;\r
5708 \r
5709                 if ($blogid == '')\r
5710                         $blogid = intRequestVar('blogid');\r
5711 \r
5712                 $ip = requestVar('ip');\r
5713 \r
5714                 $member->blogAdminRights($blogid) or $this->disallow();\r
5715 \r
5716                 $blog =& $manager->getBlog($blogid);\r
5717 \r
5718                 $this->pagehead();\r
5719                 ?>\r
5720                 <h2><?php echo _BAN_ADD_TITLE?></h2>\r
5721 \r
5722 \r
5723                 <form method="post" action="index.php">\r
5724 \r
5725                 <h3><?php echo _BAN_IPRANGE?></h3>\r
5726 \r
5727                 <p><?php echo _BAN_IPRANGE_TEXT?></p>\r
5728 \r
5729                 <div class="note">\r
5730                         <strong><?php echo _BAN_EXAMPLE_TITLE ?></strong>\r
5731                         <?php echo _BAN_EXAMPLE_TEXT ?>\r
5732                 </div>\r
5733 \r
5734                 <div>\r
5735                 <?php\r
5736                 if ($ip) {\r
5737                         $iprangeVal = htmlspecialchars($ip, ENT_QUOTES);\r
5738                 ?>\r
5739                         <input name="iprange" type="radio" value="<?php echo $iprangeVal ?>" checked="checked" id="ip_fixed" />\r
5740                         <label for="ip_fixed"><?php echo $iprangeVal ?></label>\r
5741                         <br />\r
5742                         <input name="iprange" type="radio" value="custom" id="ip_custom" />\r
5743                         <label for="ip_custom"><?php echo _BAN_IP_CUSTOM ?></label>\r
5744                         <input name='customiprange' value='<?php echo $iprangeVal ?>' maxlength='15' size='15' />\r
5745                 <?php\r
5746                 } else {\r
5747                                 echo "<input name='iprange' value='custom' type='hidden' />";\r
5748                                 echo "<input name='customiprange' value='' maxlength='15' size='15' />";\r
5749                         }\r
5750                 ?>\r
5751                 </div>\r
5752 \r
5753                 <h3><?php echo _BAN_BLOGS?></h3>\r
5754 \r
5755                 <p><?php echo _BAN_BLOGS_TEXT?></p>\r
5756 \r
5757                 <div>\r
5758                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
5759                         <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">'<?php echo htmlspecialchars($blog->getName())?>'</label>\r
5760                         <br />\r
5761                         <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label>\r
5762                 </div>\r
5763 \r
5764                 <h3><?php echo _BAN_REASON_TITLE?></h3>\r
5765 \r
5766                 <p><?php echo _BAN_REASON_TEXT?></p>\r
5767 \r
5768                 <div><textarea name="reason" cols="40" rows="5"></textarea></div>\r
5769 \r
5770                 <h3><?php echo _BAN_ADD_TITLE?></h3>\r
5771 \r
5772                 <div>\r
5773                         <input name="action" type="hidden" value="banlistadd" />\r
5774                         <?php $manager->addTicketHidden() ?>\r
5775                         <input type="submit" value="<?php echo _BAN_ADD_BTN?>" />\r
5776                 </div>\r
5777 \r
5778                 </form>\r
5779 \r
5780                 <?php      $this->pagefoot();\r
5781         }\r
5782 \r
5783         /**\r
5784          * @todo document this\r
5785          */\r
5786         function action_banlistadd() {\r
5787                 global $member;\r
5788 \r
5789                 $blogid =          intPostVar('blogid');\r
5790                 $allblogs =      postVar('allblogs');\r
5791                 $iprange =        postVar('iprange');\r
5792                 if ($iprange == "custom")\r
5793                         $iprange = postVar('customiprange');\r
5794                 $reason =          postVar('reason');\r
5795 \r
5796                 $member->blogAdminRights($blogid) or $this->disallow();\r
5797 \r
5798                 // TODO: check IP range validity\r
5799 \r
5800                 if (!$allblogs) {\r
5801                         if (!BAN::addBan($blogid, $iprange, $reason))\r
5802                                 $this->error(_ERROR_ADDBAN);\r
5803                 } else {\r
5804                         // get blogs fot which member has admin rights\r
5805                         $adminblogs = $member->getAdminBlogs();\r
5806                         $failed = 0;\r
5807                         foreach ($adminblogs as $blogje) {\r
5808                                 if (!BAN::addBan($blogje, $iprange, $reason))\r
5809                                         $failed = 1;\r
5810                         }\r
5811                         if ($failed)\r
5812                                 $this->error(_ERROR_ADDBAN);\r
5813                 }\r
5814 \r
5815                 $this->action_banlist();\r
5816 \r
5817         }\r
5818 \r
5819         /**\r
5820          * @todo document this\r
5821          */\r
5822         function action_clearactionlog() {\r
5823                 global $member;\r
5824 \r
5825                 $member->isAdmin() or $this->disallow();\r
5826 \r
5827                 ACTIONLOG::clear();\r
5828 \r
5829                 $this->action_manage(_MSG_ACTIONLOGCLEARED);\r
5830         }\r
5831 \r
5832         /**\r
5833          * @todo document this\r
5834          */\r
5835         function action_backupoverview() {\r
5836                 global $member, $manager;\r
5837 \r
5838                 $member->isAdmin() or $this->disallow();\r
5839 \r
5840                 $this->pagehead();\r
5841 \r
5842                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
5843                 ?>\r
5844                 <h2><?php echo _BACKUPS_TITLE?></h2>\r
5845 \r
5846                 <h3><?php echo _BACKUP_TITLE?></h3>\r
5847 \r
5848                 <p><?php echo _BACKUP_INTRO?></p>\r
5849 \r
5850                 <form method="post" action="index.php"><p>\r
5851                 <input type="hidden" name="action" value="backupcreate" />\r
5852                 <?php $manager->addTicketHidden() ?>\r
5853 \r
5854                 <input type="radio" name="gzip" value="1" checked="checked" id="gzip_yes" tabindex="10" /><label for="gzip_yes"><?php echo _BACKUP_ZIP_YES?></label>\r
5855                 <br />\r
5856                 <input type="radio" name="gzip" value="0" id="gzip_no" tabindex="10" /><label for="gzip_no" ><?php echo _BACKUP_ZIP_NO?></label>\r
5857                 <br /><br />\r
5858                 <input type="submit" value="<?php echo _BACKUP_BTN?>" tabindex="20" />\r
5859 \r
5860                 </p></form>\r
5861 \r
5862                 <div class="note"><?php echo _BACKUP_NOTE?></div>\r
5863 \r
5864 \r
5865                 <h3><?php echo _RESTORE_TITLE?></h3>\r
5866 \r
5867                 <div class="note"><?php echo _RESTORE_NOTE?></div>\r
5868 \r
5869                 <p><?php echo _RESTORE_INTRO?></p>\r
5870 \r
5871                 <form method="post" action="index.php" enctype="multipart/form-data"><p>\r
5872                         <input type="hidden" name="action" value="backuprestore" />\r
5873                         <?php $manager->addTicketHidden() ?>\r
5874                         <input name="backup_file" type="file" tabindex="30" />\r
5875                         <br /><br />\r
5876                         <input type="submit" value="<?php echo _RESTORE_BTN?>" tabindex="40" />\r
5877                         <br /><input type="checkbox" name="letsgo" value="1" id="letsgo" tabindex="50" /><label for="letsgo"><?php echo _RESTORE_IMSURE?></label>\r
5878                         <br /><?php echo _RESTORE_WARNING?>\r
5879                 </p></form>\r
5880 \r
5881                 <?php      $this->pagefoot();\r
5882         }\r
5883 \r
5884         /**\r
5885          * @todo document this\r
5886          */\r
5887         function action_backupcreate() {\r
5888                 global $member, $DIR_LIBS;\r
5889 \r
5890                 $member->isAdmin() or $this->disallow();\r
5891 \r
5892                 // use compression ?\r
5893                 $useGzip = intval(postVar('gzip'));\r
5894 \r
5895                 include($DIR_LIBS . 'backup.php');\r
5896 \r
5897                 // try to extend time limit\r
5898                 // (creating/restoring dumps might take a while)\r
5899                 @set_time_limit(1200);\r
5900 \r
5901                 $bu = new Backup();\r
5902                 $bu->do_backup($useGzip);\r
5903                 exit;\r
5904         }\r
5905 \r
5906         /**\r
5907          * @todo document this\r
5908          */\r
5909         function action_backuprestore() {\r
5910                 global $member, $DIR_LIBS;\r
5911 \r
5912                 $member->isAdmin() or $this->disallow();\r
5913 \r
5914                 if (intPostVar('letsgo') != 1)\r
5915                         $this->error(_ERROR_BACKUP_NOTSURE);\r
5916 \r
5917                 include($DIR_LIBS . 'backup.php');\r
5918 \r
5919                 // try to extend time limit\r
5920                 // (creating/restoring dumps might take a while)\r
5921                 @set_time_limit(1200);\r
5922 \r
5923                 $bu = new Backup();\r
5924                 $message = $bu->do_restore();\r
5925                 if ($message != '')\r
5926                         $this->error($message);\r
5927 \r
5928                 $this->pagehead();\r
5929                 ?>\r
5930                 <h2><?php echo _RESTORE_COMPLETE?></h2>\r
5931                 <?php      $this->pagefoot();\r
5932 \r
5933         }\r
5934 \r
5935 /*\r
5936  * @todo document this\r
5937  */\r
5938         function action_pluginlist() {\r
5939                 global $member, $manager;\r
5940 \r
5941                 // check if allowed\r
5942                 $member->isAdmin() or $this->disallow();\r
5943 \r
5944                 $this->pagehead();\r
5945 \r
5946                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
5947 \r
5948                 echo '<h2>' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '</h2>';\r
5949 \r
5950                 echo '<h3>' , _PLUGS_TITLE_INSTALLED , ' &nbsp;&nbsp;<span style="font-size:smaller">', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, '</a></span></h3>';\r
5951 \r
5952 \r
5953                 $query =  'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC';\r
5954 \r
5955                 $template['content'] = 'pluginlist';\r
5956                 $template['tabindex'] = 10;\r
5957                 showlist($query, 'table', $template);\r
5958 \r
5959                 ?>\r
5960                         <h3><?php echo _PLUGS_TITLE_UPDATE?></h3>\r
5961 \r
5962                         <p><?php echo _PLUGS_TEXT_UPDATE?></p>\r
5963 \r
5964                         <form method="post" action="index.php"><div>\r
5965                                 <input type="hidden" name="action" value="pluginupdate" />\r
5966                                 <?php $manager->addTicketHidden() ?>\r
5967                                 <input type="submit" value="<?php echo _PLUGS_BTN_UPDATE ?>" tabindex="20" />\r
5968                         </div></form>\r
5969 \r
5970                         <h3><?php echo _PLUGS_TITLE_NEW?></h3>\r
5971                         \r
5972                         <?php\r
5973                         // find a list of possibly non-installed plugins\r
5974                                 $candidates = array();\r
5975                                 global $DIR_PLUGINS;\r
5976                                 $dirhandle = opendir($DIR_PLUGINS);\r
5977                                 while ($filename = readdir($dirhandle) )\r
5978                                 {\r
5979                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
5980                                         # original ereg: ereg('^NP_(.*)\.php$',$filename,$matches)\r
5981                                         if (preg_match('#^NP_(.*)\.php$#', $filename, $matches) )\r
5982                                         {\r
5983                                                 $name = $matches[1];\r
5984                                                 // only show in list when not yet installed\r
5985                                                 $res = sql_query('SELECT * FROM ' . sql_table('plugin') . ' WHERE `pfile` = "NP_' . sql_real_escape_string($name) . '"');\r
5986                                                 if (sql_num_rows($res) == 0)\r
5987                                                 {\r
5988                                                         array_push($candidates, $name);\r
5989                                                 }\r
5990                                         }\r
5991                                 }\r
5992                                 closedir($dirhandle);\r
5993                                 \r
5994                                 if (sizeof($candidates) > 0)\r
5995                                 {\r
5996                         ?>\r
5997 \r
5998                         <p><?php echo _PLUGS_ADD_TEXT?></p>\r
5999 \r
6000 \r
6001                         <form method='post' action='index.php'><div>\r
6002                                 <input type='hidden' name='action' value='pluginadd' />\r
6003                                 <?php $manager->addTicketHidden() ?>\r
6004                                 <select name="filename" tabindex="30">\r
6005                                 <?php   \r
6006                                 foreach($candidates as $name)\r
6007                                 {\r
6008                                         echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>';\r
6009                                 }\r
6010                                 ?>\r
6011                                 </select>\r
6012                                 <input type='submit' tabindex="40" value='<?php echo _PLUGS_BTN_INSTALL?>' />\r
6013                         </div></form>\r
6014 \r
6015                 <?php\r
6016                                 }\r
6017                                 else\r
6018                                 {\r
6019                                 echo '<p>',_PLUGS_NOCANDIDATES,'</p>';\r
6020                         }\r
6021 \r
6022                 $this->pagefoot();\r
6023         }\r
6024 \r
6025         /**\r
6026          * @todo document this\r
6027          */\r
6028         function action_pluginhelp() {\r
6029                 global $member, $manager, $DIR_PLUGINS, $CONF;\r
6030 \r
6031                 // check if allowed\r
6032                 $member->isAdmin() or $this->disallow();\r
6033 \r
6034                 $plugid = intGetVar('plugid');\r
6035 \r
6036                 if (!$manager->pidInstalled($plugid))\r
6037                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6038 \r
6039                 $plugName = getPluginNameFromPid($plugid);\r
6040 \r
6041                 $this->pagehead();\r
6042 \r
6043                 echo '<p><a href="index.php?action=pluginlist">(',_PLUGS_BACK,')</a></p>';\r
6044 \r
6045                 echo '<h2>',_PLUGS_HELP_TITLE,': ',htmlspecialchars($plugName),'</h2>';\r
6046 \r
6047                 $plug =& $manager->getPlugin($plugName);\r
6048                 $helpFile = $DIR_PLUGINS.$plug->getShortName().'/help.html';\r
6049 \r
6050                 if (($plug->supportsFeature('HelpPage') > 0) && (@file_exists($helpFile))) {\r
6051                         @readfile($helpFile);\r
6052                 } else {\r
6053                         echo '<p>' . _ERROR .': ', _ERROR_PLUGNOHELPFILE,'</p>';\r
6054                         echo '<p><a href="index.php?action=pluginlist">(',_BACK,')</a></p>';\r
6055                 }\r
6056 \r
6057 \r
6058                 $this->pagefoot();\r
6059         }\r
6060 \r
6061         /**\r
6062          * @todo document this\r
6063          */\r
6064         function action_pluginadd() {\r
6065                 global $member, $manager, $DIR_PLUGINS;\r
6066 \r
6067                 // check if allowed\r
6068                 $member->isAdmin() or $this->disallow();\r
6069 \r
6070                 $name = postVar('filename');\r
6071 \r
6072                 if ($manager->pluginInstalled($name))\r
6073                         $this->error(_ERROR_DUPPLUGIN);\r
6074                 if (!checkPlugin($name))\r
6075                         $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')');\r
6076 \r
6077                 // get number of currently installed plugins\r
6078                 $res = sql_query('SELECT * FROM '.sql_table('plugin'));\r
6079                 $numCurrent = sql_num_rows($res);\r
6080 \r
6081                 // plugin will be added as last one in the list\r
6082                 $newOrder = $numCurrent + 1;\r
6083 \r
6084                 $manager->notify(\r
6085                         'PreAddPlugin',\r
6086                         array(\r
6087                                 'file' => &$name\r
6088                         )\r
6089                 );\r
6090 \r
6091                 // do this before calling getPlugin (in case the plugin id is used there)\r
6092                 $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")';\r
6093                 sql_query($query);\r
6094                 $iPid = sql_insert_id();\r
6095 \r
6096                 $manager->clearCachedInfo('installedPlugins');\r
6097 \r
6098                 // Load the plugin for condition checking and instalation\r
6099                 $plugin =& $manager->getPlugin($name);\r
6100 \r
6101                 // check if it got loaded (could have failed)\r
6102                 if (!$plugin)\r
6103                 {\r
6104                         sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));\r
6105                         $manager->clearCachedInfo('installedPlugins');\r
6106                         $this->error(_ERROR_PLUGIN_LOAD);\r
6107                 }\r
6108 \r
6109                 // check if plugin needs a newer Nucleus version\r
6110                 if (getNucleusVersion() < $plugin->getMinNucleusVersion())\r
6111                 {\r
6112                         // uninstall plugin again...\r
6113                         $this->deleteOnePlugin($plugin->getID());\r
6114 \r
6115                         // ...and show error\r
6116                         $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion()));\r
6117                 }\r
6118 \r
6119                 // check if plugin needs a newer Nucleus version\r
6120                 if ((getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()))\r
6121                 {\r
6122                         // uninstall plugin again...\r
6123                         $this->deleteOnePlugin($plugin->getID());\r
6124 \r
6125                         // ...and show error\r
6126                         $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );\r
6127                 }\r
6128 \r
6129                 $pluginList = $plugin->getPluginDep();\r
6130                 foreach ($pluginList as $pluginName)\r
6131                 {\r
6132 \r
6133                         $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');\r
6134                         if (sql_num_rows($res) == 0)\r
6135                         {\r
6136                                 // uninstall plugin again...\r
6137                                 $this->deleteOnePlugin($plugin->getID());\r
6138 \r
6139                                 $this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES)));\r
6140                         }\r
6141                 }\r
6142 \r
6143                 // call the install method of the plugin\r
6144                 $plugin->install();\r
6145 \r
6146                 $manager->notify(\r
6147                         'PostAddPlugin',\r
6148                         array(\r
6149                                 'plugin' => &$plugin\r
6150                         )\r
6151                 );\r
6152 \r
6153                 // update all events\r
6154                 $this->action_pluginupdate();\r
6155         }\r
6156 \r
6157         /**\r
6158          * @todo document this\r
6159          */\r
6160         function action_pluginupdate() {\r
6161                 global $member, $manager, $CONF;\r
6162 \r
6163                 // check if allowed\r
6164                 $member->isAdmin() or $this->disallow();\r
6165 \r
6166                 // delete everything from plugin_events\r
6167                 sql_query('DELETE FROM '.sql_table('plugin_event'));\r
6168 \r
6169                 // loop over all installed plugins\r
6170                 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));\r
6171                 while($o = sql_fetch_object($res)) {\r
6172                         $pid = $o->pid;\r
6173                         $plug =& $manager->getPlugin($o->pfile);\r
6174                         if ($plug)\r
6175                         {\r
6176                                 $eventList = $plug->getEventList();\r
6177                                 foreach ($eventList as $eventName)\r
6178                                         sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.sql_real_escape_string($eventName).'\')');\r
6179                         }\r
6180                 }\r
6181 \r
6182                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6183 //              $this->action_pluginlist();\r
6184         }\r
6185 \r
6186         /**\r
6187          * @todo document this\r
6188          */\r
6189         function action_plugindelete() {\r
6190                 global $member, $manager;\r
6191 \r
6192                 // check if allowed\r
6193                 $member->isAdmin() or $this->disallow();\r
6194 \r
6195                 $pid = intGetVar('plugid');\r
6196 \r
6197                 if (!$manager->pidInstalled($pid))\r
6198                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6199 \r
6200                 $this->pagehead();\r
6201                 ?>\r
6202                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
6203 \r
6204                         <p><?php echo _CONFIRMTXT_PLUGIN?> <strong><?php echo getPluginNameFromPid($pid)?></strong>?</p>\r
6205 \r
6206                         <form method="post" action="index.php"><div>\r
6207                         <?php $manager->addTicketHidden() ?>\r
6208                         <input type="hidden" name="action" value="plugindeleteconfirm" />\r
6209                         <input type="hidden" name="plugid" value="<?php echo $pid; ?>" />\r
6210                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
6211                         </div></form>\r
6212                 <?php\r
6213                 $this->pagefoot();\r
6214         }\r
6215 \r
6216         /**\r
6217          * @todo document this\r
6218          */\r
6219         function action_plugindeleteconfirm() {\r
6220                 global $member, $manager, $CONF;\r
6221 \r
6222                 // check if allowed\r
6223                 $member->isAdmin() or $this->disallow();\r
6224 \r
6225                 $pid = intPostVar('plugid');\r
6226 \r
6227                 $error = $this->deleteOnePlugin($pid, 1);\r
6228                 if ($error) {\r
6229                         $this->error($error);\r
6230                 }\r
6231 \r
6232                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6233 //              $this->action_pluginlist();\r
6234         }\r
6235 \r
6236         /**\r
6237          * @todo document this\r
6238          */\r
6239         function deleteOnePlugin($pid, $callUninstall = 0) {\r
6240                 global $manager;\r
6241 \r
6242                 $pid = intval($pid);\r
6243 \r
6244                 if (!$manager->pidInstalled($pid))\r
6245                         return _ERROR_NOSUCHPLUGIN;\r
6246 \r
6247                 $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid);\r
6248 \r
6249 /*              // call the unInstall method of the plugin\r
6250                 if ($callUninstall) {\r
6251                         $plugin =& $manager->getPlugin($name);\r
6252                         if ($plugin) $plugin->unInstall();\r
6253                 }*/\r
6254 \r
6255                 // check dependency before delete\r
6256                 $res = sql_query('SELECT pfile FROM '.sql_table('plugin'));\r
6257                 while($o = sql_fetch_object($res)) {\r
6258                         $plug =& $manager->getPlugin($o->pfile);\r
6259                         if ($plug)\r
6260                         {\r
6261                                 $depList = $plug->getPluginDep();\r
6262                                 foreach ($depList as $depName)\r
6263                                 {\r
6264                                         if ($name == $depName)\r
6265                                         {\r
6266                                                 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);\r
6267                                         }\r
6268                                 }\r
6269                         }\r
6270                 }\r
6271 \r
6272                 $manager->notify('PreDeletePlugin', array('plugid' => $pid));\r
6273 \r
6274                 // call the unInstall method of the plugin\r
6275                 if ($callUninstall) {\r
6276                         $plugin =& $manager->getPlugin($name);\r
6277                         if ($plugin) $plugin->unInstall();\r
6278                 }\r
6279 \r
6280                 // delete all subscriptions\r
6281                 sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid);\r
6282 \r
6283                 // delete all options\r
6284                 // get OIDs from plugin_option_desc\r
6285                 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);\r
6286                 $aOIDs = array();\r
6287                 while ($o = sql_fetch_object($res)) {\r
6288                         array_push($aOIDs, $o->oid);\r
6289                 }\r
6290 \r
6291                 // delete from plugin_option and plugin_option_desc\r
6292                 sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid);\r
6293                 if (count($aOIDs) > 0)\r
6294                         sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')');\r
6295 \r
6296                 // update order numbers\r
6297                 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid);\r
6298                 $o = sql_fetch_object($res);\r
6299                 sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder);\r
6300 \r
6301                 // delete row\r
6302                 sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid);\r
6303 \r
6304                 $manager->clearCachedInfo('installedPlugins');\r
6305                 $manager->notify('PostDeletePlugin', array('plugid' => $pid));\r
6306 \r
6307                 return '';\r
6308         }\r
6309 \r
6310         /**\r
6311          * @todo document this\r
6312          */\r
6313         function action_pluginup() {\r
6314                 global $member, $manager, $CONF;\r
6315 \r
6316                 // check if allowed\r
6317                 $member->isAdmin() or $this->disallow();\r
6318 \r
6319                 $plugid = intGetVar('plugid');\r
6320 \r
6321                 if (!$manager->pidInstalled($plugid))\r
6322                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6323 \r
6324                 // 1. get old order number\r
6325                 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);\r
6326                 $o = sql_fetch_object($res);\r
6327                 $oldOrder = $o->porder;\r
6328 \r
6329                 // 2. calculate new order number\r
6330                 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;\r
6331 \r
6332                 // 3. update plug numbers\r
6333                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);\r
6334                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);\r
6335 \r
6336                 //$this->action_pluginlist();\r
6337                 // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
6338                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6339         }\r
6340 \r
6341         /**\r
6342          * @todo document this\r
6343          */\r
6344         function action_plugindown() {\r
6345                 global $member, $manager, $CONF;\r
6346 \r
6347                 // check if allowed\r
6348                 $member->isAdmin() or $this->disallow();\r
6349 \r
6350                 $plugid = intGetVar('plugid');\r
6351                 if (!$manager->pidInstalled($plugid))\r
6352                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6353 \r
6354                 // 1. get old order number\r
6355                 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);\r
6356                 $o = sql_fetch_object($res);\r
6357                 $oldOrder = $o->porder;\r
6358 \r
6359                 $res = sql_query('SELECT * FROM '.sql_table('plugin'));\r
6360                 $maxOrder = sql_num_rows($res);\r
6361 \r
6362                 // 2. calculate new order number\r
6363                 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;\r
6364 \r
6365                 // 3. update plug numbers\r
6366                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);\r
6367                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);\r
6368 \r
6369                 //$this->action_pluginlist();\r
6370                 // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
6371                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6372         }\r
6373 \r
6374         /**\r
6375          * @todo document this\r
6376          */\r
6377         function action_pluginoptions($message = '') {\r
6378                 global $member, $manager;\r
6379 \r
6380                 // check if allowed\r
6381                 $member->isAdmin() or $this->disallow();\r
6382 \r
6383                 $pid = intRequestVar('plugid');\r
6384                 if (!$manager->pidInstalled($pid))\r
6385                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6386 \r
6387                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
6388                 $pluginName = htmlspecialchars(getPluginNameFromPid($pid), ENT_QUOTES);\r
6389                 $this->pagehead($extrahead);\r
6390 \r
6391                 ?>\r
6392                         <p><a href="index.php?action=pluginlist">(<?php echo _PLUGS_BACK?>)</a></p>\r
6393 \r
6394                         <h2><?php echo sprintf(_PLUGIN_OPTIONS_TITLE, $pluginName) ?></h2>\r
6395 \r
6396                         <?php if  ($message) echo $message?>\r
6397 \r
6398                         <form action="index.php" method="post">\r
6399                         <div>\r
6400                                 <input type="hidden" name="action" value="pluginoptionsupdate" />\r
6401                                 <input type="hidden" name="plugid" value="<?php echo $pid?>" />\r
6402 \r
6403                 <?php\r
6404 \r
6405                 $manager->addTicketHidden();\r
6406 \r
6407                 $aOptions = array();\r
6408                 $aOIDs = array();\r
6409                 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC';\r
6410                 $r = sql_query($query);\r
6411                 while ($o = sql_fetch_object($r)) {\r
6412                         array_push($aOIDs, $o->oid);\r
6413                         $aOptions[$o->oid] = array(\r
6414                                                 'oid' => $o->oid,\r
6415                                                 'value' => $o->odef,\r
6416                                                 'name' => $o->oname,\r
6417                                                 'description' => $o->odesc,\r
6418                                                 'type' => $o->otype,\r
6419                                                 'typeinfo' => $o->oextra,\r
6420                                                 'contextid' => 0\r
6421                         );\r
6422                 }\r
6423                 // fill out actual values\r
6424                 if (count($aOIDs) > 0) {\r
6425                         $r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')');\r
6426                         while ($o = sql_fetch_object($r))\r
6427                                 $aOptions[$o->oid]['value'] = $o->ovalue;\r
6428                 }\r
6429 \r
6430                 // call plugins\r
6431                 $manager->notify('PrePluginOptionsEdit',array('context' => 'global', 'plugid' => $pid, 'options'=>&$aOptions));\r
6432 \r
6433                 $template['content'] = 'plugoptionlist';\r
6434                 $amount = showlist($aOptions,'table',$template);\r
6435                 if ($amount == 0)\r
6436                         echo '<p>',_ERROR_NOPLUGOPTIONS,'</p>';\r
6437 \r
6438                 ?>\r
6439                         </div>\r
6440                         </form>\r
6441                 <?php      $this->pagefoot();\r
6442 \r
6443 \r
6444 \r
6445         }\r
6446 \r
6447         /**\r
6448          * @todo document this\r
6449          */\r
6450         function action_pluginoptionsupdate() {\r
6451                 global $member, $manager;\r
6452 \r
6453                 // check if allowed\r
6454                 $member->isAdmin() or $this->disallow();\r
6455 \r
6456                 $pid = intRequestVar('plugid');\r
6457                 if (!$manager->pidInstalled($pid))\r
6458                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6459 \r
6460                 $aOptions = requestArray('plugoption');\r
6461                 NucleusPlugin::_applyPluginOptions($aOptions);\r
6462 \r
6463                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'global', 'plugid' => $pid));\r
6464 \r
6465                 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED);\r
6466         }\r
6467 \r
6468         /**\r
6469          * @static\r
6470          * @todo document this\r
6471          */\r
6472         function _insertPluginOptions($context, $contextid = 0) {\r
6473                 // get all current values for this contextid\r
6474                 // (note: this might contain doubles for overlapping contextids)\r
6475                 $aIdToValue = array();\r
6476                 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));\r
6477                 while ($o = sql_fetch_object($res)) {\r
6478                         $aIdToValue[$o->oid] = $o->ovalue;\r
6479                 }\r
6480 \r
6481                 // get list of oids per pid\r
6482                 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin')\r
6483                            . ' WHERE opid=pid and ocontext=\''.sql_real_escape_string($context).'\' ORDER BY porder, oid ASC';\r
6484                 $res = sql_query($query);\r
6485                 $aOptions = array();\r
6486                 while ($o = sql_fetch_object($res)) {\r
6487                         if (in_array($o->oid, array_keys($aIdToValue)))\r
6488                                 $value = $aIdToValue[$o->oid];\r
6489                         else\r
6490                                 $value = $o->odef;\r
6491 \r
6492                         array_push($aOptions, array(\r
6493                                 'pid' => $o->pid,\r
6494                                 'pfile' => $o->pfile,\r
6495                                 'oid' => $o->oid,\r
6496                                 'value' => $value,\r
6497                                 'name' => $o->oname,\r
6498                                 'description' => $o->odesc,\r
6499                                 'type' => $o->otype,\r
6500                                 'typeinfo' => $o->oextra,\r
6501                                 'contextid' => $contextid,\r
6502                                 'extra' => ''\r
6503                         ));\r
6504                 }\r
6505 \r
6506                 global $manager;\r
6507                 $manager->notify('PrePluginOptionsEdit',array('context' => $context, 'contextid' => $contextid, 'options'=>&$aOptions));\r
6508 \r
6509 \r
6510                 $iPrevPid = -1;\r
6511                 foreach ($aOptions as $aOption) {\r
6512 \r
6513                         // new plugin?\r
6514                         if ($iPrevPid != $aOption['pid']) {\r
6515                                 $iPrevPid = $aOption['pid'];\r
6516                                 if (!defined('_PLUGIN_OPTIONS_TITLE')) {\r
6517                                         define('_PLUGIN_OPTIONS_TITLE', 'Options for %s');\r
6518                                 }\r
6519                                 echo '<tr><th colspan="2">'.sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)).'</th></tr>';\r
6520                         }\r
6521                         \r
6522                         $meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']);\r
6523                         if (@$meta['access'] != 'hidden') {\r
6524                                 echo '<tr>';\r
6525                                 listplug_plugOptionRow($aOption);\r
6526                                 echo '</tr>';\r
6527                         }\r
6528                 }\r
6529         }\r
6530 \r
6531         /**\r
6532          * Helper functions to create option forms etc.\r
6533          * @todo document parameters\r
6534          */\r
6535         function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO, $isAdmin = 0) {\r
6536                 $id = htmlspecialchars($name);\r
6537                 $id = str_replace('[','-',$id);\r
6538                 $id = str_replace(']','-',$id);\r
6539                 $id1 = $id . htmlspecialchars($value1);\r
6540                 $id2 = $id . htmlspecialchars($value2);\r
6541 \r
6542                 if ($name=="admin") {\r
6543                         echo '<input onclick="selectCanLogin(true);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';\r
6544                 } else {\r
6545                         echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';\r
6546                 }\r
6547 \r
6548                         if ($checkedval == $value1)\r
6549                                 echo "tabindex='$tabindex' checked='checked'";\r
6550                         echo ' id="'.$id1.'" /><label for="'.$id1.'">' . $yesval . '</label>';\r
6551                 echo ' ';\r
6552                 if ($name=="admin") {\r
6553                         echo '<input onclick="selectCanLogin(false);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" ';\r
6554                 } else {\r
6555                         echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" ';\r
6556                 }\r
6557                         if ($checkedval != $value1)\r
6558                                 echo "tabindex='$tabindex' checked='checked'";\r
6559                         if ($isAdmin && $name=="canlogin")\r
6560                                 echo ' disabled="disabled"';\r
6561                         echo ' id="'.$id2.'" /><label for="'.$id2.'">' . $noval . '</label>';\r
6562         }\r
6563 \r
6564 } // class ADMIN\r
6565 \r
6566 ?>
Nucleus CMS日本語版SVNをgit-svnしたもの。リポジトリの変換作業用
About OSDN
Find Software
Develop Software
Help