utf8/nucleus/libs/ACTION.php

   1 <?php
   2
   3 /*
   4  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
   5  * Copyright (C) 2002-2009 The Nucleus Group
   6  *
   7  * This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * as published by the Free Software Foundation; either version 2
  10  * of the License, or (at your option) any later version.
  11  * (see nucleus/documentation/index.html#license for more info)
  12  */
  13 /**
  14  * Actions that can be called via action.php
  15  *
  16  * @license http://nucleuscms.org/license.txt GNU General Public License
  17  * @copyright Copyright (C) 2002-2009 The Nucleus Group
  18  * @version $Id$
  19  * $NucleusJP: ACTION.php,v 1.10 2007/05/31 07:23:39 kimitake Exp $
  20  */
  21 class ACTION
  22 {
  23         /**
  24          *  Constructor for an new ACTION object
  25          */
  26         function ACTION()
  27         {
  28                 // do nothing
  29         }
  30
  31         /**
  32          *  Calls functions that handle an action called from action.php
  33          */
  34         function doAction($action)
  35         {
  36                 switch($action) {
  37                         case 'autodraft':
  38                                 return $this->autoDraft();
  39                                 break;
  40                         case 'updateticket':
  41                                 return $this->updateTicket();
  42                                 break;
  43                         case 'addcomment':
  44                                 return $this->addComment();
  45                                 break;
  46                         case 'sendmessage':
  47                                 return $this->sendMessage();
  48                                 break;
  49                         case 'createaccount':
  50                                 return $this->createAccount();
  51                                 break;
  52                         case 'forgotpassword':
  53                                 return $this->forgotPassword();
  54                                 break;
  55                         case 'votepositive':
  56                                 return $this->doKarma('pos');
  57                                 break;
  58                         case 'votenegative':
  59                                 return $this->doKarma('neg');
  60                                 break;
  61                         case 'plugin':
  62                                 return $this->callPlugin();
  63                                 break;
  64                         default:
  65                                 doError(_ERROR_BADACTION);
  66                 }
  67         }
  68
  69         /**
  70          *  Adds a new comment to an item (if IP isn't banned)
  71          */
  72         function addComment() {
  73                 global $CONF, $errormessage, $manager;
  74
  75                 $post['itemid'] =       intPostVar('itemid');
  76                 $post['user'] =         postVar('user');
  77                 $post['userid'] =       postVar('userid');
  78                 $post['email'] =   postVar('email');
  79                 $post['body'] =         postVar('body');
  80
  81                 // set cookies when required
  82                 $remember = intPostVar('remember');
  83                 if ($remember == 1) {
  84                         $lifetime = time()+2592000;
  85                         setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
  86                         setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
  87                         setcookie($CONF['CookiePrefix'] . 'comment_email',  $post['email'], $lifetime,'/','',0);
  88                 }
  89
  90                 $comments = new COMMENTS($post['itemid']);
  91
  92                 $blogid = getBlogIDFromItemID($post['itemid']);
  93                 $this->checkban($blogid);
  94                 $blog =& $manager->getBlog($blogid);
  95
  96                 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
  97                 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
  98
  99                 if ($errormessage == '1') {
 100                         // redirect when adding comments succeeded
 101                         if (postVar('url')) {
 102                                 redirect(postVar('url'));
 103                         } else {
 104                                 $url = createItemLink($post['itemid']);
 105                                 redirect($url);
 106                         }
 107                 } else {
 108                         // else, show error message using default skin for blog
 109                         return array(
 110                                 'message' => $errormessage,
 111                                 'skinid' => $blog->getDefaultSkin()
 112                         );
 113                 }
 114
 115                 exit;
 116         }
 117
 118         /**
 119          *  Sends a message from the current member to the member given as argument
 120          */
 121         function sendMessage() {
 122                 global $CONF, $member;
 123
 124                 $error = $this->validateMessage();
 125                 if ($error != '')
 126                         return array('message' => $error);
 127
 128                 if (!$member->isLoggedIn()) {
 129                         $fromMail = postVar('frommail');
 130                         $fromName = _MMAIL_FROMANON;
 131                 } else {
 132                         $fromMail = $member->getEmail();
 133                         $fromName = $member->getDisplayName();
 134                 }
 135
 136                 $tomem = new MEMBER();
 137                 $tomem->readFromId(postVar('memberid'));
 138
 139                 $message  = _MMAIL_MSG . ' ' . $fromName . "\n"
 140                           . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
 141                           . _MMAIL_MAIL . " \n\n"
 142                           . postVar('message');
 143                 $message .= getMailFooter();
 144
 145                 $title = _MMAIL_TITLE . ' ' . $fromName;
 146                 mb_language('ja');
 147                 mb_internal_encoding(_CHARSET);
 148                 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
 149
 150                 if (postVar('url')) {
 151                         redirect(postVar('url'));
 152                 } else {
 153                         $CONF['MemberURL'] = $CONF['IndexURL'];
 154                         if ($CONF['URLMode'] == 'pathinfo')
 155                         {
 156                                 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName()));
 157                         }
 158                         else
 159                         {
 160                                 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
 161                         }
 162                         redirect($url);
 163                 }
 164                 exit;
 165         }
 166
 167         /**
 168          *  Checks if a mail to a member is allowed
 169          *  Returns a string with the error message if the mail is disallowed
 170          */
 171         function validateMessage() {
 172                 global $CONF, $member, $manager;
 173
 174                 if (!$CONF['AllowMemberMail'])
 175                         return _ERROR_MEMBERMAILDISABLED;
 176
 177                 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
 178                         return _ERROR_DISALLOWED;
 179
 180                 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
 181                         return _ERROR_BADMAILADDRESS;
 182
 183                 // let plugins do verification (any plugin which thinks the comment is invalid
 184                 // can change 'error' to something other than '')
 185                 $result = '';
 186                 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
 187
 188                 return $result;
 189
 190         }
 191
 192         /**
 193          *  Creates a new user account
 194          */
 195         function createAccount() {
 196                 global $CONF, $manager;
 197
 198                 if (!$CONF['AllowMemberCreate'])
 199                         doError(_ERROR_MEMBERCREATEDISABLED);
 200
 201                 // evaluate content from FormExtra
 202                 $result = 1;
 203                 $data = array('type' => 'membermail', 'error' => &$result);
 204                 $manager->notify('ValidateForm', &$data);
 205
 206                 if ($result!=1) {
 207                         return $result;
 208                 }
 209                 else {
 210
 211                         // even though the member can not log in, set some random initial password. One never knows.
 212                         srand((double)microtime()*1000000);
 213                         $initialPwd = md5(uniqid(rand(), true));
 214
 215                         // create member (non admin/can not login/no notes/random string as password)
 216                         $name = shorten(postVar('name'),16,'');
 217                         $r = MEMBER::create($name, postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
 218
 219                         if ($r != 1) {
 220                                 return $r;
 221                         }
 222
 223                         // send message containing password.
 224                         $newmem = new MEMBER();
 225                         $newmem->readFromName($name);
 226                         $newmem->sendActivationLink('register');
 227
 228                         $manager->notify('PostRegister',array('member' => &$newmem));
 229
 230                         if (postVar('desturl')) {
 231                                 redirect(postVar('desturl'));
 232                         } else {
 233                                 // header has been already sent, so deleted the line below
 234                                 //header ("Content-Type: text/html; charset="._CHARSET);
 235                                 echo _MSG_ACTIVATION_SENT;
 236                                 echo "\n</body>\n</html>";
 237                         }
 238                         exit;
 239                 }
 240         }
 241
 242         /**
 243          *  Sends a new password
 244          */
 245         function forgotPassword() {
 246                 $membername = trim(postVar('name'));
 247
 248                 if (!MEMBER::exists($membername))
 249                         doError(_ERROR_NOSUCHMEMBER);
 250                 $mem = MEMBER::createFromName($membername);
 251
 252                 /* below keeps regular users from resetting passwords using forgot password feature
 253                      Removing for now until clear why it is required.*/
 254                 /*if (!$mem->canLogin())
 255                         doError(_ERROR_NOLOGON_NOACTIVATE);*/
 256
 257                 // check if e-mail address is correct
 258                 if (!($mem->getEmail() == postVar('email')))
 259                         doError(_ERROR_INCORRECTEMAIL);
 260
 261                 // send activation link
 262                 $mem->sendActivationLink('forgot');
 263
 264                 if (postVar('url')) {
 265                         redirect(postVar('url'));
 266                 } else {
 267                         header ("Content-Type: text/html; charset="._CHARSET);
 268                         echo _MSG_ACTIVATION_SENT;
 269                 }
 270                 exit;
 271         }
 272
 273         /**
 274          *  Handle karma votes
 275          */
 276         function doKarma($type) {
 277                 global $itemid, $member, $CONF, $manager;
 278
 279                 // check if itemid exists
 280                 if (!$manager->existsItem($itemid,0,0))
 281                         doError(_ERROR_NOSUCHITEM);
 282
 283                 $blogid = getBlogIDFromItemID($itemid);
 284                 $this->checkban($blogid);
 285
 286                 $karma =& $manager->getKarma($itemid);
 287
 288                 // check if not already voted
 289                 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
 290                         doError(_ERROR_VOTEDBEFORE);
 291
 292                 // check if item does allow voting
 293                 $item =& $manager->getItem($itemid,0,0);
 294                 if ($item['closed'])
 295                         doError(_ERROR_ITEMCLOSED);
 296
 297                 switch($type) {
 298                         case 'pos':
 299                                 $karma->votePositive();
 300                                 break;
 301                         case 'neg':
 302                                 $karma->voteNegative();
 303                                 break;
 304                 }
 305
 306 //              $blogid = getBlogIDFromItemID($itemid);
 307                 $blog =& $manager->getBlog($blogid);
 308
 309                 // send email to notification address, if any
 310                 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
 311
 312                         $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
 313                         if ($CONF['URLMode'] == 'pathinfo') {
 314                                 $itemLink = createItemLink(intval($itemid));
 315                         } else {
 316                                 $itemLink = createItemLink(intval($itemid));
 317                                 if (strpos($itemLink, 'http') === false) {
 318                                         $itemLink = $CONF['IndexURL'] . $itemLink;
 319                                 }
 320                         }
 321                         $mailto_msg .= $itemLink . "\n\n";
 322                         if ($member->isLoggedIn()) {
 323                                 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
 324                         }
 325                         $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
 326                         $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";
 327                         $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
 328                         $mailto_msg .= getMailFooter();
 329
 330                         $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
 331
 332                         $frommail = $member->getNotifyFromMailAddress();
 333
 334                         $notify = new NOTIFICATION($blog->getNotifyAddress());
 335                         $notify->notify($mailto_title, $mailto_msg , $frommail);
 336                 }
 337
 338
 339                 $refererUrl = serverVar('HTTP_REFERER');
 340                 if ($refererUrl) {
 341                         $url = $refererUrl;
 342                 } else {
 343 //                      $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
 344                         $url = $itemLink;
 345                 }
 346
 347                 redirect($url);
 348                 exit;
 349         }
 350
 351         /**
 352           * Calls a plugin action
 353           */
 354         function callPlugin() {
 355                 global $manager;
 356
 357                 $pluginName = 'NP_' . requestVar('name');
 358                 $actionType = requestVar('type');
 359
 360                 // 1: check if plugin is installed
 361                 if (!$manager->pluginInstalled($pluginName))
 362                         doError(_ERROR_NOSUCHPLUGIN);
 363
 364                 // 2: call plugin
 365                 $pluginObject =& $manager->getPlugin($pluginName);
 366                 if ($pluginObject)
 367                         $error = $pluginObject->doAction($actionType);
 368                 else
 369                         $error = 'Could not load plugin (see actionlog)';
 370
 371                 // doAction returns error when:
 372                 // - an error occurred (duh)
 373                 // - no actions are allowed (doAction is not implemented)
 374                 if ($error)
 375                         doError($error);
 376
 377                 exit;
 378
 379         }
 380
 381         /**
 382          *  Checks if an IP or IP range is banned
 383          */
 384         function checkban($blogid) {
 385                 // check if banned
 386                 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
 387                 if ($ban != 0) {
 388                         doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
 389                 }
 390
 391         }
 392
 393         /**
 394          * Gets a new ticket
 395          */
 396         function updateTicket() {
 397                 global $manager;
 398                 if ($manager->checkTicket()) {
 399                         echo $manager->getNewTicket();
 400                 }
 401                 else {
 402                         echo _ERROR . ':' . _ERROR_BADTICKET;
 403                 }
 404                 return false;
 405         }
 406
 407         /**
 408          * Handles AutoSaveDraft
 409          */
 410         function autoDraft() {
 411                 global $manager;
 412                 if ($manager->checkTicket()) {
 413                         $manager->loadClass('ITEM');
 414                         $info = ITEM::createDraftFromRequest();
 415                         if ($info['status'] == 'error') {
 416                                 echo $info['message'];
 417                         }
 418                         else {
 419                                 echo $info['draftid'];
 420                         }
 421                 }
 422                 else {
 423                         echo _ERROR . ':' . _ERROR_BADTICKET;
 424                 }
 425                 return false;
 426         }
 427
 428
 429 }
 430
 431 ?>