4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2010 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * Actions that can be called via action.php
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2010 The Nucleus Group
19 * $NucleusJP: ACTION.php,v 1.10 2007/05/31 07:23:39 kimitake Exp $
24 * Constructor for an new ACTION object
32 * Calls functions that handle an action called from action.php
34 function doAction($action)
38 return $this->autoDraft();
41 return $this->updateTicket();
44 return $this->addComment();
47 return $this->sendMessage();
50 return $this->createAccount();
52 case 'forgotpassword':
53 return $this->forgotPassword();
56 return $this->doKarma('pos');
59 return $this->doKarma('neg');
62 return $this->callPlugin();
65 doError(_ERROR_BADACTION);
70 * Adds a new comment to an item (if IP isn't banned)
72 function addComment() {
73 global $CONF, $errormessage, $manager;
75 $post['itemid'] = intPostVar('itemid');
76 $post['user'] = postVar('user');
77 $post['userid'] = postVar('userid');
78 $post['email'] = postVar('email');
79 $post['body'] = postVar('body');
81 // set cookies when required
82 $remember = intPostVar('remember');
84 $lifetime = time()+2592000;
85 setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
86 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
87 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime,'/','',0);
90 $comments = new COMMENTS($post['itemid']);
92 $blogid = getBlogIDFromItemID($post['itemid']);
93 $this->checkban($blogid);
94 $blog =& $manager->getBlog($blogid);
96 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
97 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
99 if ($errormessage == '1') {
100 // redirect when adding comments succeeded
101 if (postVar('url')) {
102 redirect(postVar('url'));
104 $url = createItemLink($post['itemid']);
108 // else, show error message using default skin for blog
110 'message' => $errormessage,
111 'skinid' => $blog->getDefaultSkin()
119 * Sends a message from the current member to the member given as argument
121 function sendMessage() {
122 global $CONF, $member;
124 $error = $this->validateMessage();
126 return array('message' => $error);
128 if (!$member->isLoggedIn()) {
129 $fromMail = postVar('frommail');
130 $fromName = _MMAIL_FROMANON;
132 $fromMail = $member->getEmail();
133 $fromName = $member->getDisplayName();
136 $tomem = new MEMBER();
137 $tomem->readFromId(postVar('memberid'));
139 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
140 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
141 . _MMAIL_MAIL . " \n\n"
142 . postVar('message');
143 $message .= getMailFooter();
145 $title = _MMAIL_TITLE . ' ' . $fromName;
147 mb_internal_encoding(_CHARSET);
148 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
150 if (postVar('url')) {
151 redirect(postVar('url'));
153 $CONF['MemberURL'] = $CONF['IndexURL'];
154 if ($CONF['URLMode'] == 'pathinfo')
156 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName()));
160 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
168 * Checks if a mail to a member is allowed
169 * Returns a string with the error message if the mail is disallowed
171 function validateMessage() {
172 global $CONF, $member, $manager;
174 if (!$CONF['AllowMemberMail'])
175 return _ERROR_MEMBERMAILDISABLED;
177 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
178 return _ERROR_DISALLOWED;
180 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
181 return _ERROR_BADMAILADDRESS;
183 // let plugins do verification (any plugin which thinks the comment is invalid
184 // can change 'error' to something other than '')
186 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
193 * Creates a new user account
195 function createAccount() {
196 global $CONF, $manager;
198 if (!$CONF['AllowMemberCreate'])
199 doError(_ERROR_MEMBERCREATEDISABLED);
201 // evaluate content from FormExtra
203 $data = array('type' => 'membermail', 'error' => &$result);
204 $manager->notify('ValidateForm', &$data);
211 // even though the member can not log in, set some random initial password. One never knows.
212 srand((double)microtime()*1000000);
213 $initialPwd = md5(uniqid(rand(), true));
215 // create member (non admin/can not login/no notes/random string as password)
216 $name = shorten(postVar('name'), 32, '');
217 $r = MEMBER::create($name, postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
223 // send message containing password.
224 $newmem = new MEMBER();
225 $newmem->readFromName($name);
226 $newmem->sendActivationLink('register');
228 $manager->notify('PostRegister',array('member' => &$newmem));
230 if (postVar('desturl')) {
231 redirect(postVar('desturl'));
233 // header has been already sent, so deleted the line below
234 //header ("Content-Type: text/html; charset="._CHARSET);
235 echo _MSG_ACTIVATION_SENT;
236 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
237 echo "\n</body>\n</html>";
244 * Sends a new password
246 function forgotPassword() {
247 $membername = trim(postVar('name'));
249 if (!MEMBER::exists($membername))
250 doError(_ERROR_NOSUCHMEMBER);
251 $mem = MEMBER::createFromName($membername);
253 /* below keeps regular users from resetting passwords using forgot password feature
254 Removing for now until clear why it is required.*/
255 /*if (!$mem->canLogin())
256 doError(_ERROR_NOLOGON_NOACTIVATE);*/
258 // check if e-mail address is correct
259 if (!($mem->getEmail() == postVar('email')))
260 doError(_ERROR_INCORRECTEMAIL);
262 // send activation link
263 $mem->sendActivationLink('forgot');
265 if (postVar('url')) {
266 redirect(postVar('url'));
268 header ("Content-Type: text/html; charset="._CHARSET);
269 echo _MSG_ACTIVATION_SENT;
270 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
278 function doKarma($type) {
279 global $itemid, $member, $CONF, $manager;
281 // check if itemid exists
282 if (!$manager->existsItem($itemid,0,0))
283 doError(_ERROR_NOSUCHITEM);
285 $blogid = getBlogIDFromItemID($itemid);
286 $this->checkban($blogid);
288 $karma =& $manager->getKarma($itemid);
290 // check if not already voted
291 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
292 doError(_ERROR_VOTEDBEFORE);
294 // check if item does allow voting
295 $item =& $manager->getItem($itemid,0,0);
297 doError(_ERROR_ITEMCLOSED);
301 $karma->votePositive();
304 $karma->voteNegative();
308 // $blogid = getBlogIDFromItemID($itemid);
309 $blog =& $manager->getBlog($blogid);
311 // send email to notification address, if any
312 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
314 $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
315 $itemLink = createItemLink(intval($itemid));
316 $temp = parse_url($itemLink);
317 if (!$temp['scheme']) {
318 $itemLink = $CONF['IndexURL'] . $itemLink;
320 $mailto_msg .= $itemLink . "\n\n";
321 if ($member->isLoggedIn()) {
322 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
324 $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
325 $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
326 $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
327 $mailto_msg .= getMailFooter();
329 $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
331 $frommail = $member->getNotifyFromMailAddress();
333 $notify = new NOTIFICATION($blog->getNotifyAddress());
334 $notify->notify($mailto_title, $mailto_msg , $frommail);
338 $refererUrl = serverVar('HTTP_REFERER');
342 // $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
351 * Calls a plugin action
353 function callPlugin() {
356 $pluginName = 'NP_' . requestVar('name');
357 $actionType = requestVar('type');
359 // 1: check if plugin is installed
360 if (!$manager->pluginInstalled($pluginName))
361 doError(_ERROR_NOSUCHPLUGIN);
364 $pluginObject =& $manager->getPlugin($pluginName);
366 $error = $pluginObject->doAction($actionType);
368 $error = 'Could not load plugin (see actionlog)';
370 // doAction returns error when:
371 // - an error occurred (duh)
372 // - no actions are allowed (doAction is not implemented)
381 * Checks if an IP or IP range is banned
383 function checkban($blogid) {
385 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
387 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
395 function updateTicket() {
397 if ($manager->checkTicket()) {
398 echo $manager->getNewTicket();
401 echo _ERROR . ':' . _ERROR_BADTICKET;
407 * Handles AutoSaveDraft
409 function autoDraft() {
411 if ($manager->checkTicket()) {
412 $manager->loadClass('ITEM');
413 $info = ITEM::createDraftFromRequest();
414 if ($info['status'] == 'error') {
415 echo $info['message'];
418 echo $info['draftid'];
422 echo _ERROR . ':' . _ERROR_BADTICKET;