utf8/nucleus/libs/ACTION.php

   1 <?php
   2
   3 /*
   4  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
   5  * Copyright (C) 2002-2007 The Nucleus Group
   6  *
   7  * This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * as published by the Free Software Foundation; either version 2
  10  * of the License, or (at your option) any later version.
  11  * (see nucleus/documentation/index.html#license for more info)
  12  */
  13 /**
  14  * Actions that can be called via action.php
  15  *
  16  * @license http://nucleuscms.org/license.txt GNU General Public License
  17  * @copyright Copyright (C) 2002-2007 The Nucleus Group
  18  * @version $Id: ACTION.php,v 1.7 2007-02-04 06:28:45 kimitake Exp $
  19  * $NucleusJP: ACTION.php,v 1.6 2007/01/31 10:02:58 kimitake Exp $
  20  */
  21 class ACTION
  22 {
  23         function ACTION()
  24         {
  25
  26         }
  27
  28         function doAction($action)
  29         {
  30                 switch($action) {
  31                         case 'autodraft':
  32                                 return $this->autoDraft();
  33                                 break;
  34                         case 'updateticket':
  35                                 return $this->updateTicket();
  36                                 break;
  37                         case 'addcomment':
  38                                 return $this->addComment();
  39                                 break;
  40                         case 'sendmessage':
  41                                 return $this->sendMessage();
  42                                 break;
  43                         case 'createaccount':
  44                                 return $this->createAccount();
  45                                 break;
  46                         case 'forgotpassword':
  47                                 return $this->forgotPassword();
  48                                 break;
  49                         case 'votepositive':
  50                                 return $this->doKarma('pos');
  51                                 break;
  52                         case 'votenegative':
  53                                 return $this->doKarma('neg');
  54                                 break;
  55                         case 'plugin':
  56                                 return $this->callPlugin();
  57                                 break;
  58                         default:
  59                                 doError(_ERROR_BADACTION);
  60                 }
  61         }
  62
  63         function addComment() {
  64                 global $CONF, $errormessage, $manager;
  65
  66                 $post['itemid'] =       intPostVar('itemid');
  67                 $post['user'] =         postVar('user');
  68                 $post['userid'] =       postVar('userid');
  69                 $post['email'] =   postVar('email');
  70                 $post['body'] =         postVar('body');
  71
  72                 // set cookies when required
  73                 $remember = intPostVar('remember');
  74                 if ($remember == 1) {
  75                         $lifetime = time()+2592000;
  76                         setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
  77                         setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
  78                         setcookie($CONF['CookiePrefix'] . 'comment_email',  $post['email'], $lifetime,'/','',0);
  79                 }
  80
  81                 $comments = new COMMENTS($post['itemid']);
  82
  83                 $blogid = getBlogIDFromItemID($post['itemid']);
  84                 $this->checkban($blogid);
  85                 $blog =& $manager->getBlog($blogid);
  86
  87                 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
  88                 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
  89
  90                 if ($errormessage == '1') {
  91                         // redirect when adding comments succeeded
  92                         if (postVar('url')) {
  93                                 redirect(postVar('url'));
  94                         } else {
  95                                 $url = createItemLink($post['itemid']);
  96                                 redirect($url);
  97                         }
  98                 } else {
  99                         // else, show error message using default skin for blog
 100                         return array(
 101                                 'message' => $errormessage,
 102                                 'skinid' => $blog->getDefaultSkin()
 103                         );
 104                 }
 105
 106                 exit;
 107         }
 108
 109         // Sends a message from the current member to the member given as argument
 110         function sendMessage() {
 111                 global $CONF, $member;
 112
 113                 $error = $this->validateMessage();
 114                 if ($error != '')
 115                         return array('message' => $error);
 116
 117                 if (!$member->isLoggedIn()) {
 118                         $fromMail = postVar('frommail');
 119                         $fromName = _MMAIL_FROMANON;
 120                 } else {
 121                         $fromMail = $member->getEmail();
 122                         $fromName = $member->getDisplayName();
 123                 }
 124
 125                 $tomem = new MEMBER();
 126                 $tomem->readFromId(postVar('memberid'));
 127
 128                 $message  = _MMAIL_MSG . ' ' . $fromName . "\n"
 129                           . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
 130                           . _MMAIL_MAIL . " \n\n"
 131                           . postVar('message');
 132                 $message .= getMailFooter();
 133
 134                 $title = _MMAIL_TITLE . ' ' . $fromName;
 135                 mb_language('ja');
 136                 mb_internal_encoding(_CHARSET);
 137                 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
 138
 139                 if (postVar('url')) {
 140                         redirect(postVar('url'));
 141                 } else {
 142                         $CONF['MemberURL'] = $CONF['IndexURL'];
 143                         if ($CONF['URLMode'] == 'pathinfo')
 144                         {
 145                                 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName()));
 146                         }
 147                         else
 148                         {
 149                                 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
 150                         }
 151                         redirect($url);
 152                 }
 153
 154                 exit;
 155
 156         }
 157
 158         function validateMessage() {
 159                 global $CONF, $member, $manager;
 160
 161                 if (!$CONF['AllowMemberMail'])
 162                         return _ERROR_MEMBERMAILDISABLED;
 163
 164                 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
 165                         return _ERROR_DISALLOWED;
 166
 167                 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
 168                         return _ERROR_BADMAILADDRESS;
 169
 170                 // let plugins do verification (any plugin which thinks the comment is invalid
 171                 // can change 'error' to something other than '')
 172                 $result = '';
 173                 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
 174
 175                 return $result;
 176
 177         }
 178
 179         // creates a new user account
 180         function createAccount() {
 181                 global $CONF, $manager;
 182
 183                 if (!$CONF['AllowMemberCreate'])
 184                         doError(_ERROR_MEMBERCREATEDISABLED);
 185
 186                 // even though the member can not log in, set some random initial password. One never knows.
 187                 srand((double)microtime()*1000000);
 188                 $initialPwd = md5(uniqid(rand(), true));
 189
 190                 // create member (non admin/can not login/no notes/random string as password)
 191                 $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
 192
 193                 if ($r != 1)
 194                         doError($r);
 195
 196                 // send message containing password.
 197                 $newmem = new MEMBER();
 198                 $newmem->readFromName(postVar('name'));
 199                 $newmem->sendActivationLink('register');
 200
 201                 $manager->notify('PostRegister',array('member' => &$newmem));
 202
 203                 if (postVar('desturl')) {
 204                         redirect(postVar('desturl'));
 205                 } else {
 206                         header ("Content-Type: text/html; charset="._CHARSET);
 207                         echo _MSG_ACTIVATION_SENT;
 208                 }
 209
 210                 exit;
 211         }
 212
 213         // sends a new password
 214         function forgotPassword() {
 215                 $membername = trim(postVar('name'));
 216
 217                 if (!MEMBER::exists($membername))
 218                         doError(_ERROR_NOSUCHMEMBER);
 219                 $mem = MEMBER::createFromName($membername);
 220
 221                 if (!$mem->canLogin())
 222                         doError(_ERROR_NOLOGON_NOACTIVATE);
 223
 224                 // check if e-mail address is correct
 225                 if (!($mem->getEmail() == postVar('email')))
 226                         doError(_ERROR_INCORRECTEMAIL);
 227
 228                 // send activation link
 229                 $mem->sendActivationLink('forgot');
 230
 231                 if (postVar('url')) {
 232                         redirect(postVar('url'));
 233                 } else {
 234                         header ("Content-Type: text/html; charset="._CHARSET);
 235                         echo _MSG_ACTIVATION_SENT;
 236                 }
 237
 238                 exit;
 239         }
 240
 241         // handle karma votes
 242         function doKarma($type) {
 243                 global $itemid, $member, $CONF, $manager;
 244
 245                 // check if itemid exists
 246                 if (!$manager->existsItem($itemid,0,0))
 247                         doError(_ERROR_NOSUCHITEM);
 248
 249                 $blogid = getBlogIDFromItemID($itemid);
 250                 $this->checkban($blogid);
 251
 252                 $karma =& $manager->getKarma($itemid);
 253
 254                 // check if not already voted
 255                 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
 256                         doError(_ERROR_VOTEDBEFORE);
 257
 258                 // check if item does allow voting
 259                 $item =& $manager->getItem($itemid,0,0);
 260                 if ($item['closed'])
 261                         doError(_ERROR_ITEMCLOSED);
 262
 263                 switch($type) {
 264                         case 'pos':
 265                                 $karma->votePositive();
 266                                 break;
 267                         case 'neg':
 268                                 $karma->voteNegative();
 269                                 break;
 270                 }
 271
 272                 $blogid = getBlogIDFromItemID($itemid);
 273                 $blog =& $manager->getBlog($blogid);
 274
 275                 // send email to notification address, if any
 276                 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
 277
 278                         $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
 279                         $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
 280                         if ($member->isLoggedIn()) {
 281                                 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
 282                         }
 283                         $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
 284                         $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";
 285                         $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
 286                         $mailto_msg .= getMailFooter();
 287
 288                         $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
 289
 290                         $frommail = $member->getNotifyFromMailAddress();
 291
 292                         $notify = new NOTIFICATION($blog->getNotifyAddress());
 293                         $notify->notify($mailto_title, $mailto_msg , $frommail);
 294                 }
 295
 296
 297                 $refererUrl = serverVar('HTTP_REFERER');
 298                 if ($refererUrl)
 299                         $url = $refererUrl;
 300                 else
 301                         $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
 302
 303                 redirect($url);
 304                 exit;
 305         }
 306
 307         /**
 308           * Calls a plugin action
 309           */
 310         function callPlugin() {
 311                 global $manager;
 312
 313                 $pluginName = 'NP_' . requestVar('name');
 314                 $actionType = requestVar('type');
 315
 316                 // 1: check if plugin is installed
 317                 if (!$manager->pluginInstalled($pluginName))
 318                         doError(_ERROR_NOSUCHPLUGIN);
 319
 320                 // 2: call plugin
 321                 $pluginObject =& $manager->getPlugin($pluginName);
 322                 if ($pluginObject)
 323                         $error = $pluginObject->doAction($actionType);
 324                 else
 325                         $error = 'Could not load plugin (see actionlog)';
 326
 327                 // doAction returns error when:
 328                 // - an error occurred (duh)
 329                 // - no actions are allowed (doAction is not implemented)
 330                 if ($error)
 331                         doError($error);
 332
 333                 exit;
 334
 335         }
 336
 337         function checkban($blogid) {
 338                 // check if banned
 339                 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
 340                 if ($ban != 0) {
 341                         doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
 342                 }
 343
 344         }
 345
 346         /**
 347          * Gets a new ticket
 348          */
 349         function updateTicket() {
 350                 global $manager;
 351                 if ($manager->checkTicket()) {
 352                         echo $manager->getNewTicket();
 353                 }
 354                 else {
 355                         echo 'err:' . _ERROR_BADTICKET;
 356                 }
 357                 return false;
 358         }
 359
 360         /**
 361          * Handles AutoSaveDraft
 362          */
 363         function autoDraft() {
 364                 global $manager;
 365                 if ($manager->checkTicket()) {
 366                         $manager->loadClass('ITEM');
 367                         $info = ITEM::CreateDraftFromRequest();
 368                         if ($info['status'] == 'error') {
 369                                 echo $info['message'];
 370                         }
 371                         else {
 372                                 echo $info['draftid'];
 373                         }
 374                 }
 375                 else {
 376                         echo 'err:' . _ERROR_BADTICKET;
 377                 }
 378                 return false;
 379         }
 380
 381
 382 }
 383
 384 ?>