3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
4 * Copyright (C) 2002-2004 The Nucleus Group
\r
6 * This program is free software; you can redistribute it and/or
\r
7 * modify it under the terms of the GNU General Public License
\r
8 * as published by the Free Software Foundation; either version 2
\r
9 * of the License, or (at your option) any later version.
\r
10 * (see nucleus/documentation/index.html#license for more info)
\r
12 * File containing actions that can be performed by visitors of the site,
\r
13 * like adding comments, etc...
\r
17 include('./config.php'); // common functions
\r
19 $action = requestVar('action');
\r
27 case 'createaccount':
\r
30 case 'forgotpassword':
\r
33 case 'votepositive':
\r
36 case 'votenegative':
\r
43 doError(_ERROR_BADACTION);
\r
46 function addComment() {
\r
47 global $CONF, $errormessage, $manager;
\r
49 $post['itemid'] = intPostVar('itemid');
\r
50 $post['user'] = postVar('user');
\r
51 $post['userid'] = postVar('userid');
\r
52 $post['body'] = postVar('body');
\r
55 // set cookies when required
\r
56 $remember = intPostVar('remember');
\r
57 if ($remember == 1) {
\r
58 $lifetime = time()+2592000;
\r
59 setcookie('comment_user',$post['user'],$lifetime,'/','',0);
\r
60 setcookie('comment_userid', $post['userid'],$lifetime,'/','',0);
\r
63 $comments = new COMMENTS($post['itemid']);
\r
65 $blogid = getBlogIDFromItemID($post['itemid']);
\r
67 $blog =& $manager->getBlog($blogid);
\r
69 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
\r
70 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
\r
72 if ($errormessage == '1') {
\r
73 // redirect when adding comments succeeded
\r
74 if (postVar('url')) {
\r
75 redirect(postVar('url'));
\r
77 $url = createItemLink($post['itemid']);
\r
81 // else, show error message using default skin for blog
\r
82 doError($errormessage, new SKIN($blog->getDefaultSkin()));
\r
86 // Sends a message from the current member to the member given as argument
\r
87 function sendMessage() {
\r
88 global $CONF, $member;
\r
90 $error = validateMessage();
\r
94 if (!$member->isLoggedIn()) {
\r
95 $fromMail = postVar('frommail');
\r
96 if (!isValidMailAddress($fromMail))
\r
97 doError(_ERROR_BADMAILADDRESS);
\r
98 $fromName = _MMAIL_FROMANON;
\r
100 $fromMail = $member->getEmail();
\r
101 $fromName = $member->getDisplayName();
\r
104 $tomem = new MEMBER();
\r
105 $tomem->readFromId(postVar('memberid'));
\r
107 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
\r
108 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
\r
109 . _MMAIL_MAIL . " \n\n"
\r
110 . postVar('message');
\r
111 $message .= getMailFooter();
\r
113 $title = _MMAIL_TITLE . ' ' . $fromName;
\r
114 // mail($tomem->getEmail(), $title, $message, 'From: '. $fromMail);
\r
116 mb_internal_encoding(_CHARSET);
\r
117 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
\r
119 if (postVar('url')) {
\r
120 redirect(postVar('url'));
\r
122 $CONF['MemberURL'] = $CONF['IndexURL'];
\r
123 if ($CONF['URLMode'] == 'pathinfo')
\r
124 $url = createMemberLink($tomem->getID());
\r
126 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
\r
132 function validateMessage() {
\r
133 global $CONF, $member, $manager;
\r
135 if (!$CONF['AllowMemberMail'])
\r
136 return _ERROR_MEMBERMAILDISABLED;
\r
138 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
\r
139 return _ERROR_DISALLOWED;
\r
141 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
\r
142 return _ERROR_BADMAILADDRESS;
\r
144 // let plugins do verification (any plugin which thinks the comment is invalid
\r
145 // can change 'error' to something other than '')
\r
147 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
\r
154 // creates a new user account
\r
155 function createAccount() {
\r
156 global $CONF, $manager;
\r
158 if (!$CONF['AllowMemberCreate'])
\r
159 doError(_ERROR_MEMBERCREATEDISABLED);
\r
161 // create random password
\r
162 $pw = genPassword(10);
\r
163 // create member (non admin/can login/no notes)
\r
164 $r = MEMBER::create(postVar('name'), postVar('realname'), $pw, postVar('email'), postVar('url'), 0, $CONF['NewMemberCanLogon'], '');
\r
167 // send message containing password.
\r
168 $newmem = new MEMBER();
\r
169 $newmem->readFromName(postVar('name'));
\r
170 $newmem->sendPassword($pw);
\r
172 $manager->notify('PostRegister',array('member' => &$newmem));
\r
174 if (postVar('desturl')) {
\r
175 redirect(postVar('desturl'));
\r
177 header ("Content-Type: text/html; charset="._CHARSET);
\r
178 echo _MSG_ACCOUNTCREATED;
\r
182 // sends a new password
\r
183 function forgotPassword() {
\r
184 $membername = trim(postVar('name'));
\r
186 if (!MEMBER::exists($membername))
\r
187 doError(_ERROR_NOSUCHMEMBER);
\r
188 $mem = MEMBER::createFromName($membername);
\r
190 // check if e-mail address is correct
\r
191 if (!($mem->getEmail() == postVar('email')))
\r
192 doError(_ERROR_INCORRECTEMAIL);
\r
194 $pw = genPassword(10);
\r
195 $mem->setPassword($pw); // change password
\r
196 $mem->write(); // save
\r
197 $mem->sendPassword($pw);// send
\r
199 if (postVar('url')) {
\r
200 redirect(postVar('url'));
\r
202 header ("Content-Type: text/html; charset="._CHARSET);
\r
203 echo _MSG_PASSWORDSENT;
\r
207 // handle karma votes
\r
208 function doKarma($type) {
\r
209 global $itemid, $member, $CONF, $manager;
\r
211 // check if itemid exists
\r
212 if (!$manager->existsItem($itemid,0,0))
\r
213 doError(_ERROR_NOSUCHITEM);
\r
215 $blogid = getBlogIDFromItemID($itemid);
\r
216 checkban($blogid);
\r
218 $karma =& $manager->getKarma($itemid);
\r
220 // check if not already voted
\r
221 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
\r
222 doError(_ERROR_VOTEDBEFORE);
\r
224 // check if item does allow voting
\r
225 $item =& $manager->getItem($itemid,0,0);
\r
226 if ($item['closed'])
\r
227 doError(_ERROR_ITEMCLOSED);
\r
231 $karma->votePositive();
\r
234 $karma->voteNegative();
\r
238 $blogid = getBlogIDFromItemID($itemid);
\r
239 $blog =& $manager->getBlog($blogid);
\r
241 // send email to notification address, if any
\r
242 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
\r
244 $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
\r
245 $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
\r
246 if ($member->isLoggedIn()) {
\r
247 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
\r
249 $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
\r
250 $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
\r
251 $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
\r
252 $mailto_msg .= getMailFooter();
\r
254 $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
\r
256 $frommail = $member->getNotifyFromMailAddress();
\r
258 $notify = new NOTIFICATION($blog->getNotifyAddress());
\r
259 $notify->notify($mailto_title, $mailto_msg , $frommail);
\r
263 $refererUrl = serverVar('HTTP_REFERER');
\r
265 $url = $refererUrl;
\r
267 $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
\r
273 * Calls a plugin action
\r
275 function callPlugin() {
\r
278 $pluginName = 'NP_' . requestVar('name');
\r
279 $actionType = requestVar('type');
\r
281 // 1: check if plugin is installed
\r
282 if (!$manager->pluginInstalled($pluginName))
\r
283 doError(_ERROR_NOSUCHPLUGIN);
\r
286 $pluginObject =& $manager->getPlugin($pluginName);
\r
288 $error = $pluginObject->doAction($actionType);
\r
290 $error = 'Could not load plugin (see actionlog)';
\r
292 // doAction returns error when:
\r
293 // - an error occurred (duh)
\r
294 // - no actions are allowed (doAction is not implemented)
\r
300 function checkban($blogid) {
\r
302 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
\r
304 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
\r