OSDN Git Service

070d917d457ba625490f1dff16dd7da263339549
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ACTION.php
1 <?php
2
3 /*
4  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5  * Copyright (C) 2002-2009 The Nucleus Group
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * as published by the Free Software Foundation; either version 2
10  * of the License, or (at your option) any later version.
11  * (see nucleus/documentation/index.html#license for more info)
12  */
13 /**
14  * Actions that can be called via action.php
15  *
16  * @license http://nucleuscms.org/license.txt GNU General Public License
17  * @copyright Copyright (C) 2002-2009 The Nucleus Group
18  * @version $Id$
19  * $NucleusJP: ACTION.php,v 1.10 2007/05/31 07:23:39 kimitake Exp $
20  */
21 class ACTION
22 {
23         /**
24          *  Constructor for an new ACTION object
25          */
26         function ACTION()
27         {
28                 // do nothing
29         }
30
31         /**
32          *  Calls functions that handle an action called from action.php
33          */
34         function doAction($action)
35         {
36                 switch($action) {
37                         case 'autodraft':
38                                 return $this->autoDraft();
39                                 break;
40                         case 'updateticket':
41                                 return $this->updateTicket();
42                                 break;
43                         case 'addcomment':
44                                 return $this->addComment();
45                                 break;
46                         case 'sendmessage':
47                                 return $this->sendMessage();
48                                 break;
49                         case 'createaccount':
50                                 return $this->createAccount();
51                                 break;
52                         case 'forgotpassword':
53                                 return $this->forgotPassword();
54                                 break;
55                         case 'votepositive':
56                                 return $this->doKarma('pos');
57                                 break;
58                         case 'votenegative':
59                                 return $this->doKarma('neg');
60                                 break;
61                         case 'plugin':
62                                 return $this->callPlugin();
63                                 break;
64                         default:
65                                 doError(_ERROR_BADACTION);
66                 }
67         }
68
69         /**
70          *  Adds a new comment to an item (if IP isn't banned)
71          */
72         function addComment() {
73                 global $CONF, $errormessage, $manager;
74
75                 $post['itemid'] =       intPostVar('itemid');
76                 $post['user'] =         postVar('user');
77                 $post['userid'] =       postVar('userid');
78                 $post['email'] =   postVar('email');
79                 $post['body'] =         postVar('body');
80
81                 // set cookies when required
82                 $remember = intPostVar('remember');
83                 if ($remember == 1) {
84                         $lifetime = time()+2592000;
85                         setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
86                         setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
87                         setcookie($CONF['CookiePrefix'] . 'comment_email',  $post['email'], $lifetime,'/','',0);
88                 }
89
90                 $comments = new COMMENTS($post['itemid']);
91
92                 $blogid = getBlogIDFromItemID($post['itemid']);
93                 $this->checkban($blogid);
94                 $blog =& $manager->getBlog($blogid);
95
96                 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
97                 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
98
99                 if ($errormessage == '1') {
100                         // redirect when adding comments succeeded
101                         if (postVar('url')) {
102                                 redirect(postVar('url'));
103                         } else {
104                                 $url = createItemLink($post['itemid']);
105                                 redirect($url);
106                         }
107                 } else {
108                         // else, show error message using default skin for blog
109                         return array(
110                                 'message' => $errormessage,
111                                 'skinid' => $blog->getDefaultSkin()
112                         );
113                 }
114
115                 exit;
116         }
117
118         /**
119          *  Sends a message from the current member to the member given as argument
120          */
121         function sendMessage() {
122                 global $CONF, $member;
123
124                 $error = $this->validateMessage();
125                 if ($error != '')
126                         return array('message' => $error);
127
128                 if (!$member->isLoggedIn()) {
129                         $fromMail = postVar('frommail');
130                         $fromName = _MMAIL_FROMANON;
131                 } else {
132                         $fromMail = $member->getEmail();
133                         $fromName = $member->getDisplayName();
134                 }
135
136                 $tomem = new MEMBER();
137                 $tomem->readFromId(postVar('memberid'));
138
139                 $message  = _MMAIL_MSG . ' ' . $fromName . "\n"
140                           . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
141                           . _MMAIL_MAIL . " \n\n"
142                           . postVar('message');
143                 $message .= getMailFooter();
144
145                 $title = _MMAIL_TITLE . ' ' . $fromName;
146                 mb_language('ja');
147                 mb_internal_encoding(_CHARSET);
148                 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
149
150                 if (postVar('url')) {
151                         redirect(postVar('url'));
152                 } else {
153                         $CONF['MemberURL'] = $CONF['IndexURL'];
154                         if ($CONF['URLMode'] == 'pathinfo')
155                         {
156                                 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName()));
157                         }
158                         else
159                         {
160                                 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
161                         }
162                         redirect($url);
163                 }
164                 exit;
165         }
166
167         /**
168          *  Checks if a mail to a member is allowed
169          *  Returns a string with the error message if the mail is disallowed
170          */
171         function validateMessage() {
172                 global $CONF, $member, $manager;
173
174                 if (!$CONF['AllowMemberMail'])
175                         return _ERROR_MEMBERMAILDISABLED;
176
177                 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
178                         return _ERROR_DISALLOWED;
179
180                 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
181                         return _ERROR_BADMAILADDRESS;
182
183                 // let plugins do verification (any plugin which thinks the comment is invalid
184                 // can change 'error' to something other than '')
185                 $result = '';
186                 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
187
188                 return $result;
189
190         }
191
192         /**
193          *  Creates a new user account
194          */
195         function createAccount() {
196                 global $CONF, $manager;
197
198                 if (!$CONF['AllowMemberCreate'])
199                         doError(_ERROR_MEMBERCREATEDISABLED);
200
201                 // evaluate content from FormExtra
202                 $result = 1;
203                 $data = array('type' => 'membermail', 'error' => &$result);
204                 $manager->notify('ValidateForm', &$data);
205
206                 if ($result!=1) {
207                         return $result;
208                 }
209                 else {
210
211                         // even though the member can not log in, set some random initial password. One never knows.
212                         srand((double)microtime()*1000000);
213                         $initialPwd = md5(uniqid(rand(), true));
214
215                         // create member (non admin/can not login/no notes/random string as password)
216                         $name = shorten(postVar('name'),16,'');
217                         $r = MEMBER::create($name, postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
218
219                         if ($r != 1) {
220                                 return $r;
221                         }
222
223                         // send message containing password.
224                         $newmem = new MEMBER();
225                         $newmem->readFromName($name);
226                         $newmem->sendActivationLink('register');
227
228                         $manager->notify('PostRegister',array('member' => &$newmem));
229
230                         if (postVar('desturl')) {
231                                 redirect(postVar('desturl'));
232                         } else {
233                                 // header has been already sent, so deleted the line below
234                                 //header ("Content-Type: text/html; charset="._CHARSET);
235                                 echo _MSG_ACTIVATION_SENT;
236                                 echo "\n</body>\n</html>";
237                         }
238                         exit;
239                 }
240         }
241
242         /**
243          *  Sends a new password
244          */
245         function forgotPassword() {
246                 $membername = trim(postVar('name'));
247
248                 if (!MEMBER::exists($membername))
249                         doError(_ERROR_NOSUCHMEMBER);
250                 $mem = MEMBER::createFromName($membername);
251
252                 /* below keeps regular users from resetting passwords using forgot password feature
253                      Removing for now until clear why it is required.*/
254                 /*if (!$mem->canLogin())
255                         doError(_ERROR_NOLOGON_NOACTIVATE);*/
256
257                 // check if e-mail address is correct
258                 if (!($mem->getEmail() == postVar('email')))
259                         doError(_ERROR_INCORRECTEMAIL);
260
261                 // send activation link
262                 $mem->sendActivationLink('forgot');
263
264                 if (postVar('url')) {
265                         redirect(postVar('url'));
266                 } else {
267                         header ("Content-Type: text/html; charset="._CHARSET);
268                         echo _MSG_ACTIVATION_SENT;
269                 }
270                 exit;
271         }
272
273         /**
274          *  Handle karma votes
275          */
276         function doKarma($type) {
277                 global $itemid, $member, $CONF, $manager;
278
279                 // check if itemid exists
280                 if (!$manager->existsItem($itemid,0,0))
281                         doError(_ERROR_NOSUCHITEM);
282
283                 $blogid = getBlogIDFromItemID($itemid);
284                 $this->checkban($blogid);
285
286                 $karma =& $manager->getKarma($itemid);
287
288                 // check if not already voted
289                 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
290                         doError(_ERROR_VOTEDBEFORE);
291
292                 // check if item does allow voting
293                 $item =& $manager->getItem($itemid,0,0);
294                 if ($item['closed'])
295                         doError(_ERROR_ITEMCLOSED);
296
297                 switch($type) {
298                         case 'pos':
299                                 $karma->votePositive();
300                                 break;
301                         case 'neg':
302                                 $karma->voteNegative();
303                                 break;
304                 }
305
306                 $blogid = getBlogIDFromItemID($itemid);
307                 $blog =& $manager->getBlog($blogid);
308
309                 // send email to notification address, if any
310                 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
311
312                         $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
313                         if ($CONF['URLMode'] == 'pathinfo') {
314                                 $itemLink = createItemLink(intval($itemid));
315                         } else {
316                                 $itemLink = $CONF['IndexURL'] . createItemLink(intval($itemid));
317                         }
318 //                      $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
319                         $mailto_msg .= $itemLink;
320                         if ($member->isLoggedIn()) {
321                                 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
322                         }
323                         $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
324                         $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";
325                         $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
326                         $mailto_msg .= getMailFooter();
327
328                         $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
329
330                         $frommail = $member->getNotifyFromMailAddress();
331
332                         $notify = new NOTIFICATION($blog->getNotifyAddress());
333                         $notify->notify($mailto_title, $mailto_msg , $frommail);
334                 }
335
336
337                 $refererUrl = serverVar('HTTP_REFERER');
338                 if ($refererUrl) {
339                         $url = $refererUrl;
340                 } else {
341 //                      $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
342                         $url = $itemLink;
343                 }
344
345                 redirect($url);
346                 exit;
347         }
348
349         /**
350           * Calls a plugin action
351           */
352         function callPlugin() {
353                 global $manager;
354
355                 $pluginName = 'NP_' . requestVar('name');
356                 $actionType = requestVar('type');
357
358                 // 1: check if plugin is installed
359                 if (!$manager->pluginInstalled($pluginName))
360                         doError(_ERROR_NOSUCHPLUGIN);
361
362                 // 2: call plugin
363                 $pluginObject =& $manager->getPlugin($pluginName);
364                 if ($pluginObject)
365                         $error = $pluginObject->doAction($actionType);
366                 else
367                         $error = 'Could not load plugin (see actionlog)';
368
369                 // doAction returns error when:
370                 // - an error occurred (duh)
371                 // - no actions are allowed (doAction is not implemented)
372                 if ($error)
373                         doError($error);
374
375                 exit;
376
377         }
378
379         /**
380          *  Checks if an IP or IP range is banned
381          */
382         function checkban($blogid) {
383                 // check if banned
384                 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
385                 if ($ban != 0) {
386                         doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
387                 }
388
389         }
390
391         /**
392          * Gets a new ticket
393          */
394         function updateTicket() {
395                 global $manager;
396                 if ($manager->checkTicket()) {
397                         echo $manager->getNewTicket();
398                 }
399                 else {
400                         echo 'err:' . _ERROR_BADTICKET;
401                 }
402                 return false;
403         }
404
405         /**
406          * Handles AutoSaveDraft
407          */
408         function autoDraft() {
409                 global $manager;
410                 if ($manager->checkTicket()) {
411                         $manager->loadClass('ITEM');
412                         $info = ITEM::createDraftFromRequest();
413                         if ($info['status'] == 'error') {
414                                 echo $info['message'];
415                         }
416                         else {
417                                 echo $info['draftid'];
418                         }
419                 }
420                 else {
421                         echo 'err:' . _ERROR_BADTICKET;
422                 }
423                 return false;
424         }
425
426
427 }
428
429 ?>