OSDN Git Service

merged from v3.31sp1
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php
2 /*
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4  * Copyright (C) 2002-2007 The Nucleus Group
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2
9  * of the License, or (at your option) any later version.
10  * (see nucleus/documentation/index.html#license for more info)
11  */
12 /**
13  * The code for the Nucleus admin area
14  *
15  * @license http://nucleuscms.org/license.txt GNU General Public License
16  * @copyright Copyright (C) 2002-2007 The Nucleus Group
17  * @version $Id: ADMIN.php,v 1.24 2008-02-08 09:31:22 kimitake Exp $
18  * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $
19  */
20
21 if ( !function_exists('requestVar') ) exit;
22 require_once dirname(__FILE__) . '/showlist.php';
23
24 /**
25  * Builds the admin area and executes admin actions
26  */
27 class ADMIN {
28
29         /**
30          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)
31          */
32         var $action;
33
34         /**
35          * Class constructor
36          */
37         function ADMIN() {
38
39         }
40
41         /**
42          * Executes an action
43          *
44          * @param string $action action to be performed
45          */
46         function action($action) {
47                 global $CONF, $manager;
48
49                 // list of action aliases
50                 $alias = array(
51                         'login' => 'overview',
52                         '' => 'overview'
53                 );
54
55                 if (isset($alias[$action]))
56                         $action = $alias[$action];
57
58                 $methodName = 'action_' . $action;
59
60                 $this->action = strtolower($action);
61
62                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
63                 // is an action that requires user interaction before something is actually done)
64                 // all safe actions are in this array:
65                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');
66 /*
67                 // the rest of the actions needs to be checked
68                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
69 */
70                 if (!in_array($this->action, $aActionsNotToCheck))
71                 {
72                         if (!$manager->checkTicket())
73                                 $this->error(_ERROR_BADTICKET);
74                 }
75
76                 if (method_exists($this, $methodName))
77                         call_user_func(array(&$this, $methodName));
78                 else
79                         $this->error(_BADACTION . htmlspecialchars(" ($action)"));
80
81         }
82
83         /**
84          * @todo document this
85          */
86         function action_showlogin() {
87                 global $error;
88                 $this->action_login($error);
89         }
90
91         /**
92          * @todo document this
93          */
94         function action_login($msg = '', $passvars = 1) {
95                 global $member;
96
97                 // skip to overview when allowed
98                 if ($member->isLoggedIn() && $member->canLogin()) {
99                         $this->action_overview();
100                         exit;
101                 }
102
103                 $this->pagehead();
104
105                 echo '<h2>', _LOGIN ,'</h2>';
106                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);
107                 ?>
108
109                 <form action="index.php" method="post"><p>
110                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />
111                 <br />
112                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />
113                 <br />
114                 <input name="action" value="login" type="hidden" />
115                 <br />
116                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />
117                 <br />
118                 <small>
119                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>
120                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>
121                 </small>
122                 <?php                   // pass through vars
123
124                         $oldaction = postVar('oldaction');
125                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {
126                                 passRequestVars();
127                         }
128
129
130                 ?>
131                 </p></form>
132                 <?php           $this->pagefoot();
133         }
134
135
136         /**
137          * provides a screen with the overview of the actions available
138          * @todo document parameter
139          */
140         function action_overview($msg = '') {
141                 global $member;
142
143                 $this->pagehead();
144
145                 if ($msg)
146                         echo _MESSAGE , ': ', $msg;
147
148                 /* ---- add items ---- */
149                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';
150
151                 $showAll = requestVar('showall');
152
153                 if (($member->isAdmin()) && ($showAll == 'yes')) {
154                         // Super-Admins have access to all blogs! (no add item support though)
155                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'
156                                    . ' FROM ' . sql_table('blog')
157                                    . ' ORDER BY bname';
158                 } else {
159                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'
160                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
161                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()
162                                    . ' ORDER BY bname';
163                 }
164                 $template['content'] = 'bloglist';
165                 $template['superadmin'] = $member->isAdmin();
166                 $amount = showlist($query,'table',$template);
167
168                 if (($showAll != 'yes') && ($member->isAdmin())) {
169                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));
170                         if ($total > $amount)
171                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';
172                 }
173
174                 if ($amount == 0)
175                         echo _OVERVIEW_NOBLOGS;
176
177                 if ($amount != 0) {
178                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';
179                         $query =  'SELECT ititle, inumber, bshortname'
180                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')
181                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';
182                         $template['content'] = 'draftlist';
183                         $amountdrafts = showlist($query, 'table', $template);
184                         if ($amountdrafts == 0)
185                                 echo _OVERVIEW_NODRAFTS;
186                 }
187
188                 /* ---- user settings ---- */
189                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';
190                 echo '<ul>';
191                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';
192                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';
193                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';
194                 echo '</ul>';
195
196                 /* ---- general settings ---- */
197                 if ($member->isAdmin()) {
198                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';
199                         echo '<ul>';
200                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';
201                         echo '</ul>';
202                 }
203
204
205                 $this->pagefoot();
206         }
207
208         /**
209          * Returns a link to a weblog
210          * @param object BLOG
211          */
212         function bloglink(&$blog) {
213                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';
214         }
215
216         /**
217          * @todo document this
218          */
219         function action_manage($msg = '') {
220                 global $member;
221
222                 $member->isAdmin() or $this->disallow();
223
224                 $this->pagehead();
225
226                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
227
228                 if ($msg)
229                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';
230
231
232                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';
233
234                 echo '<ul>';
235                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';
236                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';
237                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';
238                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';
239                 echo '</ul>';
240
241                 echo '<h2>' . _MANAGE_SKINS . '</h2>';
242                 echo '<ul>';
243                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';
244                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';
245                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';
246                 echo '</ul>';
247
248                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';
249                 echo '<ul>';
250                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';
251                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';
252                 echo '</ul>';
253
254                 $this->pagefoot();
255         }
256
257         /**
258          * @todo document this
259          */
260         function action_itemlist($blogid = '') {
261                 global $member, $manager;
262
263                 if ($blogid == '')
264                         $blogid = intRequestVar('blogid');
265
266                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
267
268                 $this->pagehead();
269                 $blog =& $manager->getBlog($blogid);
270
271                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
272                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';
273
274                 // start index
275                 if (postVar('start'))
276                         $start = intPostVar('start');
277                 else
278                         $start = 0;
279
280                 if ($start == 0)
281                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';
282
283                 // amount of items to show
284                 if (postVar('amount'))
285                         $amount = intPostVar('amount');
286                 else
287                         $amount = 10;
288
289                 $search = postVar('search');    // search through items
290
291                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
292                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
293                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
294
295                 if ($search)
296                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
297
298                 // non-blog-admins can only edit/delete their own items
299                 if (!$member->blogAdminRights($blogid))
300                         $query .= ' and iauthor=' . $member->getID();
301
302
303                 $query .= ' ORDER BY itime DESC'
304                                 . " LIMIT $start,$amount";
305
306                 $template['content'] = 'itemlist';
307                 $template['now'] = $blog->getCorrectTime(time());
308
309                 $manager->loadClass("ENCAPSULATE");
310                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
311                 $navList->showBatchList('item',$query,'table',$template);
312
313
314                 $this->pagefoot();
315         }
316
317         /**
318          * @todo document this
319          */
320         function action_batchitem() {
321                 global $member, $manager;
322
323                 // check if logged in
324                 $member->isLoggedIn() or $this->disallow();
325
326                 // more precise check will be done for each performed operation
327
328                 // get array of itemids from request
329                 $selected = requestIntArray('batch');
330                 $action = requestVar('batchaction');
331
332                 // Show error when no items were selected
333                 if (!is_array($selected) || sizeof($selected) == 0)
334                         $this->error(_BATCH_NOSELECTION);
335
336                 // On move: when no destination blog/category chosen, show choice now
337                 $destCatid = intRequestVar('destcatid');
338                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))
339                         $this->batchMoveSelectDestination('item',$selected);
340
341                 // On delete: check if confirmation has been given
342                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
343                         $this->batchAskDeleteConfirmation('item',$selected);
344
345                 $this->pagehead();
346
347                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
348                 echo '<h2>',_BATCH_ITEMS,'</h2>';
349                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
350                 echo '<ul>';
351
352
353                 // walk over all itemids and perform action
354                 foreach ($selected as $itemid) {
355                         $itemid = intval($itemid);
356                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';
357
358                         // perform action, display errors if needed
359                         switch($action) {
360                                 case 'delete':
361                                         $error = $this->deleteOneItem($itemid);
362                                         break;
363                                 case 'move':
364                                         $error = $this->moveOneItem($itemid, $destCatid);
365                                         break;
366                                 default:
367                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
368                         }
369
370                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
371                         echo '</li>';
372                 }
373
374                 echo '</ul>';
375                 echo '<b>',_BATCH_DONE,'</b>';
376
377                 $this->pagefoot();
378
379
380         }
381
382         /**
383          * @todo document this
384          */
385         function action_batchcomment() {
386                 global $member;
387
388                 // check if logged in
389                 $member->isLoggedIn() or $this->disallow();
390
391                 // more precise check will be done for each performed operation
392
393                 // get array of itemids from request
394                 $selected = requestIntArray('batch');
395                 $action = requestVar('batchaction');
396
397                 // Show error when no items were selected
398                 if (!is_array($selected) || sizeof($selected) == 0)
399                         $this->error(_BATCH_NOSELECTION);
400
401                 // On delete: check if confirmation has been given
402                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
403                         $this->batchAskDeleteConfirmation('comment',$selected);
404
405                 $this->pagehead();
406
407                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
408                 echo '<h2>',_BATCH_COMMENTS,'</h2>';
409                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
410                 echo '<ul>';
411
412                 // walk over all itemids and perform action
413                 foreach ($selected as $commentid) {
414                         $commentid = intval($commentid);
415                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';
416
417                         // perform action, display errors if needed
418                         switch($action) {
419                                 case 'delete':
420                                         $error = $this->deleteOneComment($commentid);
421                                         break;
422                                 default:
423                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
424                         }
425
426                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
427                         echo '</li>';
428                 }
429
430                 echo '</ul>';
431                 echo '<b>',_BATCH_DONE,'</b>';
432
433                 $this->pagefoot();
434
435
436         }
437
438         /**
439          * @todo document this
440          */
441         function action_batchmember() {
442                 global $member;
443
444                 // check if logged in and admin
445                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
446
447                 // get array of itemids from request
448                 $selected = requestIntArray('batch');
449                 $action = requestVar('batchaction');
450
451                 // Show error when no members selected
452                 if (!is_array($selected) || sizeof($selected) == 0)
453                         $this->error(_BATCH_NOSELECTION);
454
455                 // On delete: check if confirmation has been given
456                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
457                         $this->batchAskDeleteConfirmation('member',$selected);
458
459                 $this->pagehead();
460
461                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';
462                 echo '<h2>',_BATCH_MEMBERS,'</h2>';
463                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
464                 echo '<ul>';
465
466                 // walk over all itemids and perform action
467                 foreach ($selected as $memberid) {
468                         $memberid = intval($memberid);
469                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';
470
471                         // perform action, display errors if needed
472                         switch($action) {
473                                 case 'delete':
474                                         $error = $this->deleteOneMember($memberid);
475                                         break;
476                                 case 'setadmin':
477                                         // always succeeds
478                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
479                                         $error = '';
480                                         break;
481                                 case 'unsetadmin':
482                                         // there should always remain at least one super-admin
483                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
484                                         if (mysql_num_rows($r) < 2)
485                                                 $error = _ERROR_ATLEASTONEADMIN;
486                                         else
487                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
488                                         break;
489                                 default:
490                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
491                         }
492
493                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
494                         echo '</li>';
495                 }
496
497                 echo '</ul>';
498                 echo '<b>',_BATCH_DONE,'</b>';
499
500                 $this->pagefoot();
501
502
503         }
504
505         /**
506          * @todo document this
507          */
508         function action_batchteam() {
509                 global $member;
510
511                 $blogid = intRequestVar('blogid');
512
513                 // check if logged in and admin
514                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
515
516                 // get array of itemids from request
517                 $selected = requestIntArray('batch');
518                 $action = requestVar('batchaction');
519
520                 // Show error when no members selected
521                 if (!is_array($selected) || sizeof($selected) == 0)
522                         $this->error(_BATCH_NOSELECTION);
523
524                 // On delete: check if confirmation has been given
525                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
526                         $this->batchAskDeleteConfirmation('team',$selected);
527
528                 $this->pagehead();
529
530                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';
531
532                 echo '<h2>',_BATCH_TEAM,'</h2>';
533                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
534                 echo '<ul>';
535
536                 // walk over all itemids and perform action
537                 foreach ($selected as $memberid) {
538                         $memberid = intval($memberid);
539                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';
540
541                         // perform action, display errors if needed
542                         switch($action) {
543                                 case 'delete':
544                                         $error = $this->deleteOneTeamMember($blogid, $memberid);
545                                         break;
546                                 case 'setadmin':
547                                         // always succeeds
548                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
549                                         $error = '';
550                                         break;
551                                 case 'unsetadmin':
552                                         // there should always remain at least one admin
553                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
554                                         if (mysql_num_rows($r) < 2)
555                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;
556                                         else
557                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
558                                         break;
559                                 default:
560                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
561                         }
562
563                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
564                         echo '</li>';
565                 }
566
567                 echo '</ul>';
568                 echo '<b>',_BATCH_DONE,'</b>';
569
570                 $this->pagefoot();
571
572
573         }
574
575         /**
576          * @todo document this
577          */
578         function action_batchcategory() {
579                 global $member, $manager;
580
581                 // check if logged in
582                 $member->isLoggedIn() or $this->disallow();
583
584                 // more precise check will be done for each performed operation
585
586                 // get array of itemids from request
587                 $selected = requestIntArray('batch');
588                 $action = requestVar('batchaction');
589
590                 // Show error when no items were selected
591                 if (!is_array($selected) || sizeof($selected) == 0)
592                         $this->error(_BATCH_NOSELECTION);
593
594                 // On move: when no destination blog chosen, show choice now
595                 $destBlogId = intRequestVar('destblogid');
596                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
597                         $this->batchMoveCategorySelectDestination('category',$selected);
598
599                 // On delete: check if confirmation has been given
600                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
601                         $this->batchAskDeleteConfirmation('category',$selected);
602
603                 $this->pagehead();
604
605                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
606                 echo '<h2>',BATCH_CATEGORIES,'</h2>';
607                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
608                 echo '<ul>';
609
610                 // walk over all itemids and perform action
611                 foreach ($selected as $catid) {
612                         $catid = intval($catid);
613                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';
614
615                         // perform action, display errors if needed
616                         switch($action) {
617                                 case 'delete':
618                                         $error = $this->deleteOneCategory($catid);
619                                         break;
620                                 case 'move':
621                                         $error = $this->moveOneCategory($catid, $destBlogId);
622                                         break;
623                                 default:
624                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
625                         }
626
627                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
628                         echo '</li>';
629                 }
630
631                 echo '</ul>';
632                 echo '<b>',_BATCH_DONE,'</b>';
633
634                 $this->pagefoot();
635
636         }
637
638         /**
639          * @todo document this
640          */
641         function batchMoveSelectDestination($type, $ids) {
642                 global $manager;
643                 $this->pagehead();
644                 ?>
645                 <h2><?php echo _MOVE_TITLE?></h2>
646                 <form method="post" action="index.php"><div>
647
648                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
649                         <input type="hidden" name="batchaction" value="move" />
650                         <?php
651                                 $manager->addTicketHidden();
652
653                                 // insert selected item numbers
654                                 $idx = 0;
655                                 foreach ($ids as $id)
656                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
657
658                                 // show blog/category selection list
659                                 $this->selectBlogCategory('destcatid');
660
661                         ?>
662
663
664                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />
665
666                 </div></form>
667                 <?php           $this->pagefoot();
668                 exit;
669         }
670
671         /**
672          * @todo document this
673          */
674         function batchMoveCategorySelectDestination($type, $ids) {
675                 global $manager;
676                 $this->pagehead();
677                 ?>
678                 <h2><?php echo _MOVECAT_TITLE?></h2>
679                 <form method="post" action="index.php"><div>
680
681                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
682                         <input type="hidden" name="batchaction" value="move" />
683                         <?php
684                                 $manager->addTicketHidden();
685
686                                 // insert selected item numbers
687                                 $idx = 0;
688                                 foreach ($ids as $id)
689                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
690
691                                 // show blog/category selection list
692                                 $this->selectBlog('destblogid');
693
694                         ?>
695
696
697                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />
698
699                 </div></form>
700                 <?php           $this->pagefoot();
701                 exit;
702         }
703
704         /**
705          * @todo document this
706          */
707         function batchAskDeleteConfirmation($type, $ids) {
708                 global $manager;
709
710                 $this->pagehead();
711                 ?>
712                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>
713                 <form method="post" action="index.php"><div>
714
715                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
716                         <?php $manager->addTicketHidden() ?>
717                         <input type="hidden" name="batchaction" value="delete" />
718                         <input type="hidden" name="confirmation" value="yes" />
719                         <?php                           // insert selected item numbers
720                                 $idx = 0;
721                                 foreach ($ids as $id)
722                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
723
724                                 // add hidden vars for team & comment
725                                 if ($type == 'team')
726                                 {
727                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';
728                                 }
729                                 if ($type == 'comment')
730                                 {
731                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';
732                                 }
733
734                         ?>
735
736                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />
737
738                 </div></form>
739                 <?php           $this->pagefoot();
740                 exit;
741         }
742
743
744         /**
745          * Inserts a HTML select element with choices for all categories to which the current
746          * member has access
747          * @see function selectBlog
748          */
749         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
750                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
751         }
752
753         /**
754          * Inserts a HTML select element with choices for all blogs to which the user has access
755          *              mode = 'blog' => shows blognames and values are blogids
756          *              mode = 'category' => show category names and values are catids
757          *
758          * @param $iForcedBlogInclude
759          *              ID of a blog that always needs to be included, without checking if the
760          *              member is on the blog team (-1 = none)
761          * @todo document parameters
762          */
763         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
764                 global $member, $CONF;
765
766                 // 0. get IDs of blogs to which member can post items (+ forced blog)
767                 $aBlogIds = array();
768                 if ($iForcedBlogInclude != -1)
769                         $aBlogIds[] = intval($iForcedBlogInclude);
770
771                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))
772                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
773                 else
774                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
775                 $rblogids = sql_query($queryBlogs);
776                 while ($o = mysql_fetch_object($rblogids))
777                         if ($o->bnumber != $iForcedBlogInclude)
778                                 $aBlogIds[] = intval($o->bnumber);
779
780                 if (count($aBlogIds) == 0)
781                         return;
782
783                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';
784
785                 // 1. select blogs (we'll create optiongroups)
786                 // (only select those blogs that have the user on the team)
787                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';
788                 $blogs = sql_query($queryBlogs);
789                 if ($mode == 'category') {
790                         if (mysql_num_rows($blogs) > 1)
791                                 $multipleBlogs = 1;
792
793                         while ($oBlog = mysql_fetch_object($blogs)) {
794                                 if ($multipleBlogs)
795                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';
796
797                                 // show selection to create new category when allowed/wanted
798                                 if ($showNewCat) {
799                                         // check if allowed to do so
800                                         if ($member->blogAdminRights($oBlog->bnumber))
801                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';
802                                 }
803
804                                 // 2. for each category in that blog
805                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');
806                                 while ($oCat = mysql_fetch_object($categories)) {
807                                         if ($oCat->catid == $selected)
808                                                 $selectText = ' selected="selected" ';
809                                         else
810                                                 $selectText = '';
811                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';
812                                 }
813
814                                 if ($multipleBlogs)
815                                         echo '</optgroup>';
816                         }
817                 } else {
818                         // blog mode
819                         while ($oBlog = mysql_fetch_object($blogs)) {
820                                 echo '<option value="',$oBlog->bnumber,'"';
821                                 if ($oBlog->bnumber == $selected)
822                                         echo ' selected="selected"';
823                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';
824                         }
825                 }
826                 echo '</select>';
827
828         }
829
830         /**
831          * @todo document this
832          */
833         function action_browseownitems() {
834                 global $member, $manager;
835
836                 $this->pagehead();
837
838                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
839                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';
840
841                 // start index
842                 if (postVar('start'))
843                         $start = intPostVar('start');
844                 else
845                         $start = 0;
846
847                 // amount of items to show
848                 if (postVar('amount'))
849                         $amount = intPostVar('amount');
850                 else
851                         $amount = 10;
852
853                 $search = postVar('search');    // search through items
854
855                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
856                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
857                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
858
859                 if ($search)
860                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
861
862                 $query .= ' ORDER BY itime DESC'
863                                 . " LIMIT $start,$amount";
864
865                 $template['content'] = 'itemlist';
866                 $template['now'] = time();
867
868                 $manager->loadClass("ENCAPSULATE");
869                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);
870                 $navList->showBatchList('item',$query,'table',$template);
871
872                 $this->pagefoot();
873
874         }
875
876         /**
877          * Show all the comments for a given item
878          * @param int $itemid
879          */
880         function action_itemcommentlist($itemid = '') {
881                 global $member, $manager;
882
883                 if ($itemid == '')
884                         $itemid = intRequestVar('itemid');
885
886                 // only allow if user is allowed to alter item
887                 $member->canAlterItem($itemid) or $this->disallow();
888
889                 $blogid = getBlogIdFromItemId($itemid);
890
891                 $this->pagehead();
892
893                 // start index
894                 if (postVar('start'))
895                         $start = intPostVar('start');
896                 else
897                         $start = 0;
898
899                 // amount of items to show
900                 if (postVar('amount'))
901                         $amount = intPostVar('amount');
902                 else
903                         $amount = 10;
904
905                 $search = postVar('search');
906
907                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';
908                 echo '<h2>',_COMMENTS,'</h2>';
909
910                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;
911
912                 if ($search)
913                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
914
915                 $query .= ' ORDER BY ctime ASC'
916                                 . " LIMIT $start,$amount";
917
918                 $template['content'] = 'commentlist';
919                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
920
921                 $manager->loadClass("ENCAPSULATE");
922                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
923                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
924
925                 $this->pagefoot();
926         }
927
928         /**
929          * Browse own comments
930          */
931         function action_browseowncomments() {
932                 global $member, $manager;
933
934                 // start index
935                 if (postVar('start'))
936                         $start = intPostVar('start');
937                 else
938                         $start = 0;
939
940                 // amount of items to show
941                 if (postVar('amount'))
942                         $amount = intPostVar('amount');
943                 else
944                         $amount = 10;
945
946                 $search = postVar('search');
947
948
949                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
950
951                 if ($search)
952                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
953
954                 $query .= ' ORDER BY ctime DESC'
955                                 . " LIMIT $start,$amount";
956
957                 $this->pagehead();
958
959                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
960                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';
961
962                 $template['content'] = 'commentlist';
963                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself
964
965                 $manager->loadClass("ENCAPSULATE");
966                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
967                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
968
969                 $this->pagefoot();
970         }
971
972         /**
973          * Browse all comments for a weblog
974          * @param int $blogid
975          */
976         function action_blogcommentlist($blogid = '')
977         {
978                 global $member, $manager;
979
980                 if ($blogid == '')
981                         $blogid = intRequestVar('blogid');
982                 else
983                         $blogid = intval($blogid);
984
985                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
986
987                 // start index
988                 if (postVar('start'))
989                         $start = intPostVar('start');
990                 else
991                         $start = 0;
992
993                 // amount of items to show
994                 if (postVar('amount'))
995                         $amount = intPostVar('amount');
996                 else
997                         $amount = 10;
998
999                 $search = postVar('search');            // search through comments
1000
1001
1002                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
1003
1004                 if ($search != '')
1005                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
1006
1007
1008                 $query .= ' ORDER BY ctime DESC'
1009                                 . " LIMIT $start,$amount";
1010
1011
1012                 $blog =& $manager->getBlog($blogid);
1013
1014                 $this->pagehead();
1015
1016                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
1017                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';
1018
1019                 $template['content'] = 'commentlist';
1020                 $template['canAddBan'] = $member->blogAdminRights($blogid);
1021
1022                 $manager->loadClass("ENCAPSULATE");
1023                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
1024                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
1025
1026                 $this->pagefoot();
1027         }
1028
1029         /**
1030          * Provide a page to item a new item to the given blog
1031          */
1032         function action_createitem() {
1033                 global $member, $manager;
1034
1035                 $blogid = intRequestVar('blogid');
1036
1037                 // check if allowed
1038                 $member->teamRights($blogid) or $this->disallow();
1039
1040                 $memberid = $member->getID();
1041
1042                 $blog =& $manager->getBlog($blogid);
1043
1044                 $this->pagehead();
1045
1046                 // generate the add-item form
1047                 $formfactory =& new PAGEFACTORY($blogid);
1048                 $formfactory->createAddForm('admin');
1049
1050                 $this->pagefoot();
1051         }
1052
1053         /**
1054          * @todo document this
1055          */
1056         function action_itemedit() {
1057                 global $member, $manager;
1058
1059                 $itemid = intRequestVar('itemid');
1060
1061                 // only allow if user is allowed to alter item
1062                 $member->canAlterItem($itemid) or $this->disallow();
1063
1064                 $item =& $manager->getItem($itemid,1,1);
1065                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
1066
1067                 $manager->notify('PrepareItemForEdit', array('item' => &$item));
1068
1069                 if ($blog->convertBreaks()) {
1070                         $item['body'] = removeBreaks($item['body']);
1071                         $item['more'] = removeBreaks($item['more']);
1072                 }
1073
1074                 // form to edit blog items
1075                 $this->pagehead();
1076                 $formfactory =& new PAGEFACTORY($blog->getID());
1077                 $formfactory->createEditForm('admin',$item);
1078                 $this->pagefoot();
1079         }
1080
1081         /**
1082          * @todo document this
1083          */
1084         function action_itemupdate() {
1085                 global $member, $manager, $CONF;
1086
1087                 $itemid = intRequestVar('itemid');
1088                 $catid = postVar('catid');
1089
1090                 // only allow if user is allowed to alter item
1091                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1092
1093                 $actiontype = postVar('actiontype');
1094
1095                 // delete actions are handled by itemdelete (which has confirmation)
1096                 if ($actiontype == 'delete') {
1097                         $this->action_itemdelete();
1098                         return;
1099                 }
1100
1101                 $body   = postVar('body');
1102                 $title  = postVar('title');
1103                 $more   = postVar('more');
1104                 $closed = intPostVar('closed');
1105                 $draftid = intPostVar('draftid');
1106
1107                 // default action = add now
1108                 if (!$actiontype)
1109                         $actiontype='addnow';
1110
1111                 // create new category if needed
1112                 if (strstr($catid,'newcat')) {
1113                         // get blogid
1114                         list($blogid) = sscanf($catid,"newcat-%d");
1115
1116                         // create
1117                         $blog =& $manager->getBlog($blogid);
1118                         $catid = $blog->createNewCategory();
1119
1120                         // show error when sth goes wrong
1121                         if (!$catid)
1122                                 $this->doError(_ERROR_CATCREATEFAIL);
1123                 }
1124
1125                 /*
1126                         set some variables based on actiontype
1127
1128                         actiontypes:
1129                                 draft items -> addnow, addfuture, adddraft, delete
1130                                 non-draft items -> edit, changedate, delete
1131
1132                         variables set:
1133                                 $timestamp: set to a nonzero value for future dates or date changes
1134                                 $wasdraft: set to 1 when the item used to be a draft item
1135                                 $publish: set to 1 when the edited item is not a draft
1136                 */
1137                 switch ($actiontype) {
1138                         case 'adddraft':
1139                                 $publish = 0;
1140                                 $wasdraft = 1;
1141                                 $timestamp = 0;
1142                                 break;
1143                         case 'addfuture':
1144                                 $wasdraft = 1;
1145                                 $publish = 1;
1146                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1147                                 break;
1148                         case 'addnow':
1149                                 $wasdraft = 1;
1150                                 $publish = 1;
1151                                 $timestamp = 0;
1152                                 break;
1153                         case 'changedate':
1154                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1155                                 $publish = 1;
1156                                 $wasdraft = 0;
1157                                 break;
1158                         case 'edit':
1159                         default:
1160                                 $publish = 1;
1161                                 $wasdraft = 0;
1162                                 $timestamp = 0;
1163                 }
1164
1165                 // edit the item for real
1166                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
1167
1168                 $blogid = getBlogIDFromItemID($itemid);
1169                 $blog =& $manager->getBlog($blogid);
1170
1171                 $isFuture = 0;
1172                 if ($timestamp > $blog->getCorrectTime(time())) {
1173                         $isFuture = 1;
1174                 }
1175
1176                 $this->updateFuturePosted($blogid);
1177
1178                 if ($draftid > 0 && $member->canAlterItem($draftid)) {
1179                         ITEM::delete($draftid);
1180                 }
1181
1182                 if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) {
1183                         $this->action_sendping($blogid);
1184                         return;
1185                 }
1186
1187                 // show category edit window when we created a new category
1188                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
1189                 if ($catid != intPostVar('catid')) {
1190                         $this->action_categoryedit(
1191                                 $catid,
1192                                 $blog->getID(),
1193                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
1194                         );
1195                 } else {
1196                         // TODO: set start item correctly for itemlist
1197                         $this->action_itemlist(getBlogIDFromItemID($itemid));
1198                 }
1199         }
1200
1201         /**
1202          * @todo document this
1203          */
1204         function action_itemdelete() {
1205                 global $member, $manager;
1206
1207                 $itemid = intRequestVar('itemid');
1208
1209                 // only allow if user is allowed to alter item
1210                 $member->canAlterItem($itemid) or $this->disallow();
1211
1212                 if (!$manager->existsItem($itemid,1,1))
1213                         $this->error(_ERROR_NOSUCHITEM);
1214
1215                 $item =& $manager->getItem($itemid,1,1);
1216                 $title = htmlspecialchars(strip_tags($item['title']));
1217                 $body = strip_tags($item['body']);
1218                 $body = htmlspecialchars(shorten($body,300,'...'));
1219
1220                 $this->pagehead();
1221                 ?>
1222                         <h2><?php echo _DELETE_CONFIRM?></h2>
1223
1224                         <p><?php echo _CONFIRMTXT_ITEM?></p>
1225
1226                         <div class="note">
1227                                 <b>"<?php echo  $title ?>"</b>
1228                                 <br />
1229                                 <?php echo $body?>
1230                         </div>
1231
1232                         <form method="post" action="index.php"><div>
1233                                 <input type="hidden" name="action" value="itemdeleteconfirm" />
1234                                 <?php $manager->addTicketHidden() ?>
1235                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1236                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />
1237                         </div></form>
1238                 <?php
1239                 $this->pagefoot();
1240         }
1241
1242         /**
1243          * @todo document this
1244          */
1245         function action_itemdeleteconfirm() {
1246                 global $member;
1247
1248                 $itemid = intRequestVar('itemid');
1249
1250                 // only allow if user is allowed to alter item
1251                 $member->canAlterItem($itemid) or $this->disallow();
1252
1253                 // get blogid first
1254                 $blogid = getBlogIdFromItemId($itemid);
1255
1256                 // delete item (note: some checks will be performed twice)
1257                 $this->deleteOneItem($itemid);
1258
1259                 $this->action_itemlist($blogid);
1260         }
1261
1262         /**
1263          * Deletes one item and returns error if something goes wrong
1264          * @param int $itemid
1265          */
1266         function deleteOneItem($itemid) {
1267                 global $member, $manager;
1268
1269                 // only allow if user is allowed to alter item (also checks if itemid exists)
1270                 if (!$member->canAlterItem($itemid))
1271                         return _ERROR_DISALLOWED;
1272
1273                 // need to get blogid before the item is deleted
1274                 $blogid = getBlogIDFromItemId($itemid);
1275
1276                 $manager->loadClass('ITEM');
1277                 ITEM::delete($itemid);
1278
1279                 // update blog's futureposted
1280                 $this->updateFuturePosted($blogid);
1281         }
1282
1283         /**
1284          * Update a blog's future posted flag
1285          * @param int $blogid
1286          */
1287         function updateFuturePosted($blogid) {
1288                 global $manager;
1289
1290                 $blog =& $manager->getBlog($blogid);
1291                 $currenttime = $blog->getCorrectTime(time());
1292                 $result = sql_query("SELECT * FROM ".sql_table('item').
1293                         " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));
1294                 if (mysql_num_rows($result) > 0) {
1295                                 $blog->setFuturePost();
1296                 }
1297                 else {
1298                                 $blog->clearFuturePost();
1299                 }
1300         }
1301
1302         /**
1303          * @todo document this
1304          */
1305         function action_itemmove() {
1306                 global $member, $manager;
1307
1308                 $itemid = intRequestVar('itemid');
1309
1310                 // only allow if user is allowed to alter item
1311                 $member->canAlterItem($itemid) or $this->disallow();
1312
1313                 $item =& $manager->getItem($itemid,1,1);
1314
1315                 $this->pagehead();
1316                 ?>
1317                         <h2><?php echo _MOVE_TITLE?></h2>
1318                         <form method="post" action="index.php"><div>
1319                                 <input type="hidden" name="action" value="itemmoveto" />
1320                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1321
1322                                 <?php
1323
1324                                         $manager->addTicketHidden();
1325                                         $this->selectBlogCategory('catid',$item['catid'],10,1);
1326                                 ?>
1327
1328                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />
1329                         </div></form>
1330                 <?php
1331                 $this->pagefoot();
1332         }
1333
1334         /**
1335          * @todo document this
1336          */
1337         function action_itemmoveto() {
1338                 global $member, $manager;
1339
1340                 $itemid = intRequestVar('itemid');
1341                 $catid = requestVar('catid');
1342
1343                 // create new category if needed
1344                 if (strstr($catid,'newcat')) {
1345                         // get blogid
1346                         list($blogid) = sscanf($catid,'newcat-%d');
1347
1348                         // create
1349                         $blog =& $manager->getBlog($blogid);
1350                         $catid = $blog->createNewCategory();
1351
1352                         // show error when sth goes wrong
1353                         if (!$catid)
1354                                 $this->doError(_ERROR_CATCREATEFAIL);
1355                 }
1356
1357                 // only allow if user is allowed to alter item
1358                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1359
1360                 $old_blogid = getBlogIDFromItemId($itemid);
1361
1362                 ITEM::move($itemid, $catid);
1363
1364                 // set the futurePosted flag on the blog
1365                 $this->updateFuturePosted(getBlogIDFromItemId($itemid));
1366
1367                 // reset the futurePosted in case the item is moved from one blog to another
1368                 $this->updateFuturePosted($old_blogid);
1369
1370                 if ($catid != intRequestVar('catid'))
1371                         $this->action_categoryedit($catid, $blog->getID());
1372                 else
1373                         $this->action_itemlist(getBlogIDFromCatID($catid));
1374         }
1375
1376         /**
1377          * Moves one item to a given category (category existance should be checked by caller)
1378          * errors are returned
1379          * @param int $itemid
1380          * @param int $destCatid category ID to which the item will be moved
1381          */
1382         function moveOneItem($itemid, $destCatid) {
1383                 global $member;
1384
1385                 // only allow if user is allowed to move item
1386                 if (!$member->canUpdateItem($itemid, $destCatid))
1387                         return _ERROR_DISALLOWED;
1388
1389                 ITEM::move($itemid, $destCatid);
1390         }
1391
1392         /**
1393          * Adds a item to the chosen blog
1394          */
1395         function action_additem() {
1396                 global $member, $manager, $CONF;
1397
1398                 $manager->loadClass('ITEM');
1399
1400                 $result = ITEM::createFromRequest();
1401
1402                 if ($result['status'] == 'error')
1403                         $this->error($result['message']);
1404
1405                 $blogid = getBlogIDFromItemID($result['itemid']);
1406                 $blog =& $manager->getBlog($blogid);
1407
1408                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
1409
1410                 if ($result['status'] == 'newcategory')
1411                         $this->action_categoryedit(
1412                                 $result['catid'],
1413                                 $blogid,
1414                                 $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : ''
1415                         );
1416                 elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0)
1417                         $this->action_sendping($blogid);
1418                 else
1419                         $this->action_itemlist($blogid);
1420         }
1421
1422         /**
1423          * Shows a window that says we're about to ping.
1424          * immediately refresh to the real pinging page, which will
1425          * show an error, or redirect to the blog.
1426          *
1427          * @param int $blogid ID of blog for which ping needs to be sent out
1428          */
1429         function action_sendping($blogid = -1) {
1430                 global $member, $manager;
1431
1432                 if ($blogid == -1)
1433                         $blogid = intRequestVar('blogid');
1434
1435                 $member->isLoggedIn() or $this->disallow();
1436
1437                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
1438
1439                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
1440                 ?>
1441                 <h2>Site Updated, Now pinging various weblog listing services...</h2>
1442
1443                 <p>
1444                         This can take a while...
1445                 </p>
1446
1447                 <p>
1448                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>
1449                 </p>
1450                 <?php           $this->pagefoot();
1451         }
1452
1453         /**
1454          * Sends the real ping (can take up to 10 seconds!)
1455          */
1456         function action_rawping() {
1457                 global $manager;
1458                 // TODO: checks?
1459
1460                 $blogid = intRequestVar('blogid');
1461                 $blog =& $manager->getBlog($blogid);
1462
1463                 $this->pagehead();
1464
1465                 ?>
1466
1467                 <h2>Pinging services, please wait...</h2>
1468                 <div class='note'>
1469                 <?php
1470
1471                 // send sendPing event
1472                 $manager->notify('SendPing', array('blogid' => $blogid));
1473
1474                 ?>
1475                 </div>
1476
1477                 <ul>
1478                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>
1479                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>
1480                 </ul>
1481
1482                 <?php           $this->pagefoot();
1483         }
1484
1485         /**
1486          * Allows to edit previously made comments
1487          */
1488         function action_commentedit() {
1489                 global $member, $manager;
1490
1491                 $commentid = intRequestVar('commentid');
1492
1493                 $member->canAlterComment($commentid) or $this->disallow();
1494
1495                 $comment = COMMENT::getComment($commentid);
1496
1497                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
1498
1499                 // change <br /> to \n
1500                 $comment['body'] = str_replace('<br />','',$comment['body']);
1501
1502                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);
1503
1504                 $this->pagehead();
1505
1506                 ?>
1507                 <h2><?php echo _EDITC_TITLE?></h2>
1508
1509                 <form action="index.php" method="post"><div>
1510
1511                 <input type="hidden" name="action" value="commentupdate" />
1512                 <?php $manager->addTicketHidden(); ?>
1513                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1514                 <table><tr>
1515                         <th colspan="2"><?php echo _EDITC_TITLE?></th>
1516                 </tr><tr>
1517                         <td><?php echo _EDITC_WHO?></td>
1518                         <td>
1519                         <?php                           if ($comment['member'])
1520                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";
1521                                 else
1522                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";
1523                         ?>
1524                         </td>
1525                 </tr><tr>
1526                         <td><?php echo _EDITC_WHEN?></td>
1527                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>
1528                 </tr><tr>
1529                         <td><?php echo _EDITC_HOST?></td>
1530                         <td><?php echo  $comment['host']; ?></td>
1531                 </tr><tr>
1532                         <td><?php echo _EDITC_TEXT?></td>
1533                         <td>
1534                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)
1535                                         echo $comment['body'];
1536                                 ?></textarea>
1537                         </td>
1538                 </tr><tr>
1539                         <td><?php echo _EDITC_EDIT?></td>
1540                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>
1541                 </tr></table>
1542
1543                 </div></form>
1544                 <?php
1545                 $this->pagefoot();
1546         }
1547
1548         /**
1549          * @todo document this
1550          */
1551         function action_commentupdate() {
1552                 global $member, $manager;
1553
1554                 $commentid = intRequestVar('commentid');
1555
1556                 $member->canAlterComment($commentid) or $this->disallow();
1557
1558                 $body = postVar('body');
1559
1560                 // intercept words that are too long
1561                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
1562                         $this->error(_ERROR_COMMENT_LONGWORD);
1563
1564                 // check length
1565                 if (strlen($body)<3)
1566                         $this->error(_ERROR_COMMENT_NOCOMMENT);
1567                 if (strlen($body)>5000)
1568                         $this->error(_ERROR_COMMENT_TOOLONG);
1569
1570
1571                 // prepare body
1572                 $body = COMMENT::prepareBody($body);
1573
1574                 // call plugins
1575                 $manager->notify('PreUpdateComment',array('body' => &$body));
1576
1577                 $query =  'UPDATE '.sql_table('comment')
1578                            . " SET cbody='" .addslashes($body). "'"
1579                            . " WHERE cnumber=" . $commentid;
1580                 sql_query($query);
1581
1582                 // get itemid
1583                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
1584                 $o = mysql_fetch_object($res);
1585                 $itemid = $o->citem;
1586
1587                 if ($member->canAlterItem($itemid))
1588                         $this->action_itemcommentlist($itemid);
1589                 else
1590                         $this->action_browseowncomments();
1591
1592         }
1593
1594         /**
1595          * @todo document this
1596          */
1597         function action_commentdelete() {
1598                 global $member, $manager;
1599
1600                 $commentid = intRequestVar('commentid');
1601
1602                 $member->canAlterComment($commentid) or $this->disallow();
1603
1604                 $comment = COMMENT::getComment($commentid);
1605
1606                 $body = strip_tags($comment['body']);
1607                 $body = htmlspecialchars(shorten($body, 300, '...'));
1608
1609                 if ($comment['member'])
1610                         $author = $comment['member'];
1611                 else
1612                         $author = $comment['user'];
1613
1614                 $this->pagehead();
1615                 ?>
1616
1617                         <h2><?php echo _DELETE_CONFIRM?></h2>
1618
1619                         <p><?php echo _CONFIRMTXT_COMMENT?></p>
1620
1621                         <div class="note">
1622                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>
1623                         <br />
1624                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>
1625                         </div>
1626
1627                         <form method="post" action="index.php"><div>
1628                                 <input type="hidden" name="action" value="commentdeleteconfirm" />
1629                                 <?php $manager->addTicketHidden() ?>
1630                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1631                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
1632                         </div></form>
1633                 <?php
1634                 $this->pagefoot();
1635         }
1636
1637         /**
1638          * @todo document this
1639          */
1640         function action_commentdeleteconfirm() {
1641                 global $member;
1642
1643                 $commentid = intRequestVar('commentid');
1644
1645                 // get item id first
1646                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
1647                 $o = mysql_fetch_object($res);
1648                 $itemid = $o->citem;
1649
1650                 $error = $this->deleteOneComment($commentid);
1651                 if ($error)
1652                         $this->doError($error);
1653
1654                 if ($member->canAlterItem($itemid))
1655                         $this->action_itemcommentlist($itemid);
1656                 else
1657                         $this->action_browseowncomments();
1658         }
1659
1660         /**
1661          * @todo document this
1662          */
1663         function deleteOneComment($commentid) {
1664                 global $member, $manager;
1665
1666                 $commentid = intval($commentid);
1667
1668                 if (!$member->canAlterComment($commentid))
1669                         return _ERROR_DISALLOWED;
1670
1671                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));
1672
1673                 // delete the comments associated with the item
1674                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
1675                 sql_query($query);
1676
1677                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));
1678
1679                 return '';
1680         }
1681
1682         /**
1683          * Usermanagement main
1684          */
1685         function action_usermanagement() {
1686                 global $member, $manager;
1687
1688                 // check if allowed
1689                 $member->isAdmin() or $this->disallow();
1690
1691                 $this->pagehead();
1692
1693                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
1694
1695                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';
1696
1697                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';
1698
1699                 // show list of members with actions
1700                 $query =  'SELECT *'
1701                            . ' FROM '.sql_table('member');
1702                 $template['content'] = 'memberlist';
1703                 $template['tabindex'] = 10;
1704
1705                 $manager->loadClass("ENCAPSULATE");
1706                 $batch =& new BATCH('member');
1707                 $batch->showlist($query,'table',$template);
1708
1709                 echo '<h3>' . _MEMBERS_NEW .'</h3>';
1710                 ?>
1711                         <form method="post" action="index.php" name="memberedit"><div>
1712
1713                         <input type="hidden" name="action" value="memberadd" />
1714                         <?php $manager->addTicketHidden() ?>
1715
1716                         <table>
1717                         <tr>
1718                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>
1719                         </tr><tr>
1720                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1721                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1722                                 </td>
1723                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
1724                         </tr><tr>
1725                                 <td><?php echo _MEMBERS_REALNAME?></td>
1726                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>
1727                         </tr><tr>
1728                                 <td><?php echo _MEMBERS_PWD?></td>
1729                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>
1730                         </tr><tr>
1731                                 <td><?php echo _MEMBERS_REPPWD?></td>
1732                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>
1733                         </tr><tr>
1734                                 <td><?php echo _MEMBERS_EMAIL?></td>
1735                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>
1736                         </tr><tr>
1737                                 <td><?php echo _MEMBERS_URL?></td>
1738                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>
1739                         </tr><tr>
1740                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1741                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>
1742                         </tr><tr>
1743                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1744                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>
1745                         </tr><tr>
1746                                 <td><?php echo _MEMBERS_NOTES?></td>
1747                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>
1748                         </tr><tr>
1749                                 <td><?php echo _MEMBERS_NEW?></td>
1750                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>
1751                         </tr></table>
1752
1753                         </div></form>
1754                 <?php
1755                 $this->pagefoot();
1756         }
1757
1758         /**
1759          * Edit member settings
1760          */
1761         function action_memberedit() {
1762                 $this->action_editmembersettings(intRequestVar('memberid'));
1763         }
1764
1765         /**
1766          * @todo document this
1767          */
1768         function action_editmembersettings($memberid = '') {
1769                 global $member, $manager, $CONF;
1770
1771                 if ($memberid == '')
1772                         $memberid = $member->getID();
1773
1774                 // check if allowed
1775                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1776
1777                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
1778                 $this->pagehead($extrahead);
1779
1780                 // show message to go back to member overview (only for admins)
1781                 if ($member->isAdmin())
1782                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';
1783                 else
1784                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';
1785
1786                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';
1787
1788                 $mem = MEMBER::createFromID($memberid);
1789
1790                 ?>
1791                 <form method="post" action="index.php" name="memberedit"><div>
1792
1793                 <input type="hidden" name="action" value="changemembersettings" />
1794                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
1795                 <?php $manager->addTicketHidden() ?>
1796
1797                 <table><tr>
1798                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>
1799                 </tr><tr>
1800                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1801                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1802                         </td>
1803                         <td>
1804                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1805                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
1806                         <?php } else {
1807                                 echo htmlspecialchars($member->getDisplayName());
1808                            }
1809                         ?>
1810                         </td>
1811                 </tr><tr>
1812                         <td><?php echo _MEMBERS_REALNAME?></td>
1813                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>
1814                 </tr><tr>
1815                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1816                         <td><?php echo _MEMBERS_PWD?></td>
1817                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>
1818                 </tr><tr>
1819                         <td><?php echo _MEMBERS_REPPWD?></td>
1820                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>
1821                 <?php } ?>
1822                 </tr><tr>
1823                         <td><?php echo _MEMBERS_EMAIL?>
1824                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>
1825                         </td>
1826                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>
1827                 </tr><tr>
1828                         <td><?php echo _MEMBERS_URL?></td>
1829                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>
1830                 <?php // only allow to change this by super-admins
1831                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)
1832                    if ($member->isAdmin()) {
1833                 ?>
1834                         </tr><tr>
1835                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1836                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>
1837                         </tr><tr>
1838                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1839                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>
1840                 <?php } ?>
1841                 </tr><tr>
1842                         <td><?php echo _MEMBERS_NOTES?></td>
1843                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>
1844                 </tr><tr>
1845                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>
1846                         </td>
1847                         <td>
1848
1849                                 <select name="deflang" tabindex="85">
1850                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>
1851                                 <?php                           // show a dropdown list of all available languages
1852                                 global $DIR_LANG;
1853                                 $dirhandle = opendir($DIR_LANG);
1854                                 while ($filename = readdir($dirhandle)) {
1855                                         if (ereg("^(.*)\.php$",$filename,$matches)) {
1856                                                 $name = $matches[1];
1857                                                 echo "<option value='$name'";
1858                                                 if ($name == $mem->getLanguage())
1859                                                         echo " selected='selected'";
1860                                                 echo ">$name</option>";
1861                                         }
1862                                 }
1863                                 closedir($dirhandle);
1864
1865                                 ?>
1866                                 </select>
1867
1868                         </td>
1869                 </tr>
1870                 <?php
1871                         // plugin options
1872                         $this->_insertPluginOptions('member',$memberid);
1873                 ?>
1874                 <tr>
1875                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>
1876                 </tr><tr>
1877                         <td><?php echo _MEMBERS_EDIT?></td>
1878                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>
1879                 </tr></table>
1880
1881                 </div></form>
1882
1883                 <?php
1884                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
1885
1886                         $manager->notify(
1887                                 'MemberSettingsFormExtras',
1888                                 array(
1889                                         'member' => &$mem
1890                                 )
1891                         );
1892
1893                 $this->pagefoot();
1894         }
1895
1896         /**
1897          * @todo document this
1898          */
1899         function action_changemembersettings() {
1900                 global $member, $CONF, $manager;
1901
1902                 $memberid = intRequestVar('memberid');
1903
1904                 // check if allowed
1905                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1906
1907                 $name                   = trim(strip_tags(postVar('name')));
1908                 $realname               = trim(strip_tags(postVar('realname')));
1909                 $password               = postVar('password');
1910                 $repeatpassword = postVar('repeatpassword');
1911                 $email                  = strip_tags(postVar('email'));
1912                 $url                    = strip_tags(postVar('url'));
1913
1914                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
1915                 if (!eregi("^https?://", $url))
1916                         $url = "http://".$url;
1917
1918                 $admin                  = postVar('admin');
1919                 $canlogin               = postVar('canlogin');
1920                 $notes                  = strip_tags(postVar('notes'));
1921                 $deflang                = postVar('deflang');
1922
1923                 $mem = MEMBER::createFromID($memberid);
1924
1925                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1926
1927                         if (!isValidDisplayName($name))
1928                                 $this->error(_ERROR_BADNAME);
1929
1930                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
1931                                 $this->error(_ERROR_NICKNAMEINUSE);
1932
1933                         if ($password != $repeatpassword)
1934                                 $this->error(_ERROR_PASSWORDMISMATCH);
1935
1936                         if ($password && (strlen($password) < 6))
1937                                 $this->error(_ERROR_PASSWORDTOOSHORT);
1938                 }
1939
1940                 if (!isValidMailAddress($email))
1941                         $this->error(_ERROR_BADMAILADDRESS);
1942
1943
1944                 if (!$realname)
1945                         $this->error(_ERROR_REALNAMEMISSING);
1946
1947                 if (($deflang != '') && (!checkLanguage($deflang)))
1948                         $this->error(_ERROR_NOSUCHLANGUAGE);
1949
1950                 // check if there will remain at least one site member with both the logon and admin rights
1951                 // (check occurs when taking away one of these rights from such a member)
1952                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())
1953                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1954                    )
1955                 {
1956                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1957                         if (mysql_num_rows($r) < 2)
1958                                 $this->error(_ERROR_ATLEASTONEADMIN);
1959                 }
1960
1961                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1962                         $mem->setDisplayName($name);
1963                         if ($password)
1964                                 $mem->setPassword($password);
1965                 }
1966
1967                 $oldEmail = $mem->getEmail();
1968
1969                 $mem->setRealName($realname);
1970                 $mem->setEmail($email);
1971                 $mem->setURL($url);
1972                 $mem->setNotes($notes);
1973                 $mem->setLanguage($deflang);
1974
1975
1976                 // only allow super-admins to make changes to the admin status
1977                 if ($member->isAdmin()) {
1978                         $mem->setAdmin($admin);
1979                         $mem->setCanLogin($canlogin);
1980                 }
1981
1982
1983                 $mem->write();
1984
1985                 // store plugin options
1986                 $aOptions = requestArray('plugoption');
1987                 NucleusPlugin::_applyPluginOptions($aOptions);
1988                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
1989
1990                 // if email changed, generate new password
1991                 if ($oldEmail != $mem->getEmail())
1992                 {
1993                         $mem->sendActivationLink('addresschange', $oldEmail);
1994                         // logout member
1995                         $mem->newCookieKey();
1996
1997                         // only log out if the member being edited is the current member.
1998                         if ($member->getID() == $memberid)
1999                                 $member->logout();
2000                         $this->action_login(_MSG_ACTIVATION_SENT, 0);
2001                         return;
2002                 }
2003
2004
2005                 if (  ( $mem->getID() == $member->getID() )
2006                    && ( $mem->getDisplayName() != $member->getDisplayName() )
2007                    ) {
2008                         $mem->newCookieKey();
2009                         $member->logout();
2010                         $this->action_login(_MSG_LOGINAGAIN, 0);
2011                 } else {
2012                         $this->action_overview(_MSG_SETTINGSCHANGED);
2013                 }
2014         }
2015
2016         /**
2017          * @todo document this
2018          */
2019         function action_memberadd() {
2020                 global $member, $manager;
2021
2022                 // check if allowed
2023                 $member->isAdmin() or $this->disallow();
2024
2025                 if (postVar('password') != postVar('repeatpassword'))
2026                         $this->error(_ERROR_PASSWORDMISMATCH);
2027                 if (strlen(postVar('password')) < 6)
2028                         $this->error(_ERROR_PASSWORDTOOSHORT);
2029
2030                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
2031                 if ($res != 1)
2032                         $this->error($res);
2033
2034                 // fire PostRegister event
2035                 $newmem = new MEMBER();
2036                 $newmem->readFromName(postVar('name'));
2037                 $manager->notify('PostRegister',array('member' => &$newmem));
2038
2039                 $this->action_usermanagement();
2040         }
2041
2042         /**
2043          * Account activation
2044          *
2045          * @author dekarma
2046          */
2047         function action_activate() {
2048
2049                 $key = getVar('key');
2050                 $this->_showActivationPage($key);
2051         }
2052
2053         /**
2054          * @todo document this
2055          */
2056         function _showActivationPage($key, $message = '')
2057         {
2058                 global $manager;
2059
2060                 // clean up old activation keys
2061                 MEMBER::cleanupActivationTable();
2062
2063                 // get activation info
2064                 $info = MEMBER::getActivationInfo($key);
2065
2066                 if (!$info)
2067                         $this->error(_ERROR_ACTIVATE);
2068
2069                 $mem = MEMBER::createFromId($info->vmember);
2070
2071                 if (!$mem)
2072                         $this->error(_ERROR_ACTIVATE);
2073
2074                 $text = '';
2075                 $title = '';
2076                 $bNeedsPasswordChange = true;
2077
2078                 switch ($info->vtype)
2079                 {
2080                         case 'forgot':
2081                                 $title = _ACTIVATE_FORGOT_TITLE;
2082                                 $text = _ACTIVATE_FORGOT_TEXT;
2083                                 break;
2084                         case 'register':
2085                                 $title = _ACTIVATE_REGISTER_TITLE;
2086                                 $text = _ACTIVATE_REGISTER_TEXT;
2087                                 break;
2088                         case 'addresschange':
2089                                 $title = _ACTIVATE_CHANGE_TITLE;
2090                                 $text = _ACTIVATE_CHANGE_TEXT;
2091                                 $bNeedsPasswordChange = false;
2092                                 MEMBER::activate($key);
2093                                 break;
2094                 }
2095
2096                 $aVars = array(
2097                         'memberName' => htmlspecialchars($mem->getDisplayName())
2098                 );
2099                 $title = TEMPLATE::fill($title, $aVars);
2100                 $text = TEMPLATE::fill($text, $aVars);
2101
2102                 $this->pagehead();
2103
2104                         echo '<h2>' , $title, '</h2>';
2105                         echo '<p>' , $text, '</p>';
2106
2107                         if ($message != '')
2108                         {
2109                                 echo '<p class="error">',$message,'</p>';
2110                         }
2111
2112                         if ($bNeedsPasswordChange)
2113                         {
2114                                 ?>
2115                                         <div><form action="index.php" method="post">
2116
2117                                                 <input type="hidden" name="action" value="activatesetpwd" />
2118                                                 <?php $manager->addTicketHidden() ?>
2119                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />
2120
2121                                                 <table><tr>
2122                                                         <td><?php echo _MEMBERS_PWD?></td>
2123                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>
2124                                                 </tr><tr>
2125                                                         <td><?php echo _MEMBERS_REPPWD?></td>
2126                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>
2127                                                 <?php
2128
2129                                                         global $manager;
2130                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));
2131
2132                                                 ?>
2133                                                 </tr><tr>
2134                                                         <td><?php echo _MEMBERS_SETPWD ?></td>
2135                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>
2136                                                 </tr></table>
2137
2138
2139                                         </form></div>
2140
2141                                 <?php
2142
2143                         }
2144
2145                 $this->pagefoot();
2146
2147         }
2148
2149         /**
2150          * Account activation - set password part
2151          *
2152          * @author dekarma
2153          */
2154         function action_activatesetpwd() {
2155
2156                 $key = postVar('key');
2157
2158                 // clean up old activation keys
2159                 MEMBER::cleanupActivationTable();
2160
2161                 // get activation info
2162                 $info = MEMBER::getActivationInfo($key);
2163
2164                 if (!$info || ($info->type == 'addresschange'))
2165                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2166
2167                 $mem = MEMBER::createFromId($info->vmember);
2168
2169                 if (!$mem)
2170                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2171
2172                 $password               = postVar('password');
2173                 $repeatpassword = postVar('repeatpassword');
2174
2175                 if ($password != $repeatpassword)
2176                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
2177
2178                 if ($password && (strlen($password) < 6))
2179                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
2180
2181                 $error = '';
2182                 global $manager;
2183                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
2184                 if ($error != '')
2185                         return $this->_showActivationPage($key, $error);
2186
2187
2188                 // set password
2189                 $mem->setPassword($password);
2190                 $mem->write();
2191
2192                 // do the activation
2193                 MEMBER::activate($key);
2194
2195                 $this->pagehead();
2196                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';
2197                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';
2198                 $this->pagefoot();
2199         }
2200
2201         /**
2202          * Manage team
2203          */
2204         function action_manageteam() {
2205                 global $member, $manager;
2206
2207                 $blogid = intRequestVar('blogid');
2208
2209                 // check if allowed
2210                 $member->blogAdminRights($blogid) or $this->disallow();
2211
2212                 $this->pagehead();
2213
2214                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2215
2216                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';
2217
2218                 echo '<h3>' . _TEAM_CURRENT . '</h3>';
2219
2220
2221
2222                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
2223                            . ' FROM '.sql_table('member').', '.sql_table('team')
2224                            . ' WHERE tmember=mnumber and tblog=' . $blogid;
2225
2226                 $template['content'] = 'teamlist';
2227                 $template['tabindex'] = 10;
2228
2229                 $manager->loadClass("ENCAPSULATE");
2230                 $batch =& new BATCH('team');
2231                 $batch->showlist($query, 'table', $template);
2232
2233                 ?>
2234                         <h3><?php echo _TEAM_ADDNEW?></h3>
2235
2236                         <form method='post' action='index.php'><div>
2237
2238                         <input type='hidden' name='action' value='teamaddmember' />
2239                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />
2240                         <?php $manager->addTicketHidden() ?>
2241
2242                         <table><tr>
2243                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>
2244                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed
2245                                         $query =  'SELECT mname as text, mnumber as value'
2246                                                    . ' FROM '.sql_table('member');
2247
2248                                         $template['name'] = 'memberid';
2249                                         $template['tabindex'] = 10000;
2250                                         showlist($query,'select',$template);
2251                                 ?></td>
2252                         </tr><tr>
2253                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>
2254                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>
2255                         </tr><tr>
2256                                 <td><?php echo _TEAM_ADD?></td>
2257                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>
2258                         </tr></table>
2259
2260                         </div></form>
2261                 <?php
2262                 $this->pagefoot();
2263         }
2264
2265         /**
2266          * Add member to team
2267          */
2268         function action_teamaddmember() {
2269                 global $member, $manager;
2270
2271                 $memberid = intPostVar('memberid');
2272                 $blogid = intPostVar('blogid');
2273                 $admin = intPostVar('admin');
2274
2275                 // check if allowed
2276                 $member->blogAdminRights($blogid) or $this->disallow();
2277
2278                 $blog =& $manager->getBlog($blogid);
2279                 if (!$blog->addTeamMember($memberid, $admin))
2280                         $this->error(_ERROR_ALREADYONTEAM);
2281
2282                 $this->action_manageteam();
2283
2284         }
2285
2286         /**
2287          * @todo document this
2288          */
2289         function action_teamdelete() {
2290                 global $member, $manager;
2291
2292                 $memberid = intRequestVar('memberid');
2293                 $blogid = intRequestVar('blogid');
2294
2295                 // check if allowed
2296                 $member->blogAdminRights($blogid) or $this->disallow();
2297
2298                 $teammem = MEMBER::createFromID($memberid);
2299                 $blog =& $manager->getBlog($blogid);
2300
2301                 $this->pagehead();
2302                 ?>
2303                         <h2><?php echo _DELETE_CONFIRM?></h2>
2304
2305                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>
2306                         </p>
2307
2308
2309                         <form method="post" action="index.php"><div>
2310                         <input type="hidden" name="action" value="teamdeleteconfirm" />
2311                         <?php $manager->addTicketHidden() ?>
2312                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2313                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2314                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2315                         </div></form>
2316                 <?php
2317                 $this->pagefoot();
2318         }
2319
2320         /**
2321          * @todo document this
2322          */
2323         function action_teamdeleteconfirm() {
2324                 global $member;
2325
2326                 $memberid = intRequestVar('memberid');
2327                 $blogid = intRequestVar('blogid');
2328
2329                 $error = $this->deleteOneTeamMember($blogid, $memberid);
2330                 if ($error)
2331                         $this->error($error);
2332
2333
2334                 $this->action_manageteam();
2335         }
2336
2337         /**
2338          * @todo document this
2339          */
2340         function deleteOneTeamMember($blogid, $memberid) {
2341                 global $member, $manager;
2342
2343                 $blogid = intval($blogid);
2344                 $memberid = intval($memberid);
2345
2346                 // check if allowed
2347                 if (!$member->blogAdminRights($blogid))
2348                         return _ERROR_DISALLOWED;
2349
2350                 // check if: - there remains at least one blog admin
2351                 //           - (there remains at least one team member)
2352                 $mem = MEMBER::createFromID($memberid);
2353
2354                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2355
2356                 if ($mem->isBlogAdmin($blogid)) {
2357                         // check if there are more blog members left and at least one admin
2358                         // (check for at least two admins before deletion)
2359                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
2360                         $r = sql_query($query);
2361                         if (mysql_num_rows($r) < 2)
2362                                 return _ERROR_ATLEASTONEBLOGADMIN;
2363                 }
2364
2365                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
2366                 sql_query($query);
2367
2368                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2369
2370                 return '';
2371         }
2372
2373         /**
2374          * @todo document this
2375          */
2376         function action_teamchangeadmin() {
2377                 global $member;
2378
2379                 $blogid = intRequestVar('blogid');
2380                 $memberid = intRequestVar('memberid');
2381
2382                 // check if allowed
2383                 $member->blogAdminRights($blogid) or $this->disallow();
2384
2385                 $mem = MEMBER::createFromID($memberid);
2386
2387                 // don't allow when there is only one admin at this moment
2388                 if ($mem->isBlogAdmin($blogid)) {
2389                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
2390                         if (mysql_num_rows($r) == 1)
2391                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
2392                 }
2393
2394                 if ($mem->isBlogAdmin($blogid))
2395                         $newval = 0;
2396                 else
2397                         $newval = 1;
2398
2399                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
2400                 sql_query($query);
2401
2402                 // only show manageteam if member did not change its own admin privileges
2403                 if ($member->isBlogAdmin($blogid))
2404                         $this->action_manageteam();
2405                 else
2406                         $this->action_overview(_MSG_ADMINCHANGED);
2407         }
2408
2409         /**
2410          * @todo document this
2411          */
2412         function action_blogsettings() {
2413                 global $member, $manager;
2414
2415                 $blogid = intRequestVar('blogid');
2416
2417                 // check if allowed
2418                 $member->blogAdminRights($blogid) or $this->disallow();
2419
2420                 $blog =& $manager->getBlog($blogid);
2421
2422                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2423                 $this->pagehead($extrahead);
2424
2425                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
2426                 ?>
2427                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>
2428
2429                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>
2430
2431                 <p>Members currently on your team:
2432                 <?php
2433                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));
2434                         $aMemberNames = array();
2435                         while ($o = mysql_fetch_object($res))
2436                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');
2437                         echo implode(',', $aMemberNames);
2438                 ?>
2439                 </p>
2440
2441
2442
2443                 <p>
2444                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>
2445                 </p>
2446
2447                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>
2448
2449                 <form method="post" action="index.php"><div>
2450
2451                 <input type="hidden" name="action" value="blogsettingsupdate" />
2452                 <?php $manager->addTicketHidden() ?>
2453                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2454                 <table><tr>
2455                         <td><?php echo _EBLOG_NAME?></td>
2456                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>
2457                 </tr><tr>
2458                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>
2459                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>
2460                         </td>
2461                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>
2462                 </tr><tr>
2463                         <td><?php echo _EBLOG_DESC?></td>
2464                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>
2465                 </tr><tr>
2466                         <td><?php echo _EBLOG_URL?></td>
2467                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>
2468                 </tr><tr>
2469                         <td><?php echo _EBLOG_DEFSKIN?>
2470                                 <?php help('blogdefaultskin'); ?>
2471                         </td>
2472                         <td>
2473                                 <?php
2474                                         $query =  'SELECT sdname as text, sdnumber as value'
2475                                                    . ' FROM '.sql_table('skin_desc');
2476                                         $template['name'] = 'defskin';
2477                                         $template['selected'] = $blog->getDefaultSkin();
2478                                         $template['tabindex'] = 50;
2479                                         showlist($query,'select',$template);
2480                                 ?>
2481
2482                         </td>
2483                 </tr><tr>
2484                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>
2485                         </td>
2486                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>
2487                 </tr><tr>
2488                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>
2489                         </td>
2490                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>
2491                 </tr><tr>
2492                         <td><?php echo _EBLOG_DISABLECOMMENTS?>
2493                         </td>
2494                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>
2495                 </tr><tr>
2496                         <td><?php echo _EBLOG_ANONYMOUS?>
2497                         </td>
2498                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>
2499                 </tr><tr>
2500         <td><?php echo _EBLOG_REQUIREDEMAIL?>
2501                  </td>
2502                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>
2503           </tr><tr>
2504                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>
2505                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
2506                 </tr><tr>
2507                         <td><?php echo _EBLOG_NOTIFY_ON?></td>
2508                         <td>
2509                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"
2510                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>
2511                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>
2512                                 <br />
2513                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"
2514                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>
2515                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>
2516                                 <br />
2517                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"
2518                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>
2519                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
2520                         </td>
2521                 </tr><tr>
2522                 <?php
2523                 if (numberOfEventSubscriber('SendPing') > 0) {
2524                 ?>
2525                         <td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td>
2526                         <td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td>
2527                 </tr><tr>
2528                 <?php
2529                 }
2530                 ?>
2531                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
2532                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>
2533                 </tr><tr>
2534                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>
2535                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>
2536                 </tr><tr>
2537                         <td><?php echo _EBLOG_DEFCAT?></td>
2538                         <td>
2539                                 <?php
2540                                         $query =  'SELECT cname as text, catid as value'
2541                                                    . ' FROM '.sql_table('category')
2542                                                    . ' WHERE cblog=' . $blog->getID();
2543                                         $template['name'] = 'defcat';
2544                                         $template['selected'] = $blog->getDefaultCategory();
2545                                         $template['tabindex'] = 110;
2546                                         showlist($query,'select',$template);
2547                                 ?>
2548                         </td>
2549                 </tr><tr>
2550                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>
2551                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>
2552                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>
2553                                 </td>
2554                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>
2555                 </tr><tr>
2556                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>
2557                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>
2558                 </tr>
2559                 <?php
2560                         // plugin options
2561                         $this->_insertPluginOptions('blog',$blogid);
2562                 ?>
2563                 <tr>
2564                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>
2565                 </tr><tr>
2566                         <td><?php echo _EBLOG_CHANGE?></td>
2567                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>
2568                 </tr></table>
2569
2570                 </div></form>
2571
2572                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>
2573
2574
2575                 <?php
2576                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';
2577                 $template['content'] = 'categorylist';
2578                 $template['tabindex'] = 200;
2579
2580                 $manager->loadClass("ENCAPSULATE");
2581                 $batch =& new BATCH('category');
2582                 $batch->showlist($query,'table',$template);
2583
2584                 ?>
2585
2586
2587                 <form action="index.php" method="post"><div>
2588                 <input name="action" value="categorynew" type="hidden" />
2589                 <?php $manager->addTicketHidden() ?>
2590                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />
2591
2592                 <table><tr>
2593                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>
2594                 </tr><tr>
2595                         <td><?php echo _EBLOG_CAT_NAME?></td>
2596                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>
2597                 </tr><tr>
2598                         <td><?php echo _EBLOG_CAT_DESC?></td>
2599                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>
2600                 </tr><tr>
2601                         <td><?php echo _EBLOG_CAT_CREATE?></td>
2602                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>
2603                 </tr></table>
2604
2605                 </div></form>
2606
2607                 <?php
2608
2609                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
2610
2611                         $manager->notify(
2612                                 'BlogSettingsFormExtras',
2613                                 array(
2614                                         'blog' => &$blog
2615                                 )
2616                         );
2617
2618                 $this->pagefoot();
2619         }
2620
2621         /**
2622          * @todo document this
2623          */
2624         function action_categorynew() {
2625                 global $member, $manager;
2626
2627                 $blogid = intRequestVar('blogid');
2628
2629                 $member->blogAdminRights($blogid) or $this->disallow();
2630
2631                 $cname = postVar('cname');
2632                 $cdesc = postVar('cdesc');
2633
2634                 if (!isValidCategoryName($cname))
2635                         $this->error(_ERROR_BADCATEGORYNAME);
2636
2637                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
2638                 $res = sql_query($query);
2639                 if (mysql_num_rows($res) > 0)
2640                         $this->error(_ERROR_DUPCATEGORYNAME);
2641
2642                 $blog           =& $manager->getBlog($blogid);
2643                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);
2644
2645                 $this->action_blogsettings();
2646         }
2647
2648         /**
2649          * @todo document this
2650          */
2651         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
2652                 global $member, $manager;
2653
2654                 if ($blogid == '')
2655                         $blogid = intGetVar('blogid');
2656                 else
2657                         $blogid = intval($blogid);
2658                 if ($catid == '')
2659                         $catid = intGetVar('catid');
2660                 else
2661                         $catid = intval($catid);
2662
2663                 $member->blogAdminRights($blogid) or $this->disallow();
2664
2665                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
2666                 $obj = mysql_fetch_object($res);
2667
2668                 $cname = $obj->cname;
2669                 $cdesc = $obj->cdesc;
2670
2671                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2672                 $this->pagehead($extrahead);
2673
2674                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2675
2676                 ?>
2677                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>
2678                 <form method='post' action='index.php'><div>
2679                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />
2680                 <input name="catid" type="hidden" value="<?php echo $catid?>" />
2681                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />
2682                 <input name="action" type="hidden" value="categoryupdate" />
2683                 <?php $manager->addTicketHidden(); ?>
2684
2685                 <table><tr>
2686                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2687                 </tr><tr>
2688                         <td><?php echo _EBLOG_CAT_NAME?></td>
2689                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>
2690                 </tr><tr>
2691                         <td><?php echo _EBLOG_CAT_DESC?></td>
2692                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>
2693                 </tr>
2694                 <?php
2695                         // insert plugin options
2696                         $this->_insertPluginOptions('category',$catid);
2697                 ?>
2698                 <tr>
2699                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2700                 </tr><tr>
2701                         <td><?php echo _EBLOG_CAT_UPDATE?></td>
2702                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>
2703                 </tr></table>
2704
2705                 </div></form>
2706                 <?php
2707                 $this->pagefoot();
2708         }
2709
2710         /**
2711          * @todo document this
2712          */
2713         function action_categoryupdate() {
2714                 global $member, $manager;
2715
2716                 $blogid = intPostVar('blogid');
2717                 $catid = intPostVar('catid');
2718                 $cname = postVar('cname');
2719                 $cdesc = postVar('cdesc');
2720                 $desturl = postVar('desturl');
2721
2722                 $member->blogAdminRights($blogid) or $this->disallow();
2723
2724                 if (!isValidCategoryName($cname))
2725                         $this->error(_ERROR_BADCATEGORYNAME);
2726
2727                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
2728                 $res = sql_query($query);
2729                 if (mysql_num_rows($res) > 0)
2730                         $this->error(_ERROR_DUPCATEGORYNAME);
2731
2732                 $query =  'UPDATE '.sql_table('category').' SET'
2733                            . " cname='" . addslashes($cname) . "',"
2734                            . " cdesc='" . addslashes($cdesc) . "'"
2735                            . " WHERE catid=" . $catid;
2736
2737                 sql_query($query);
2738
2739                 // store plugin options
2740                 $aOptions = requestArray('plugoption');
2741                 NucleusPlugin::_applyPluginOptions($aOptions);
2742                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
2743
2744
2745                 if ($desturl) {
2746                         redirect($desturl);
2747                         exit;
2748                 } else {
2749                         $this->action_blogsettings();
2750                 }
2751         }
2752
2753         /**
2754          * @todo document this
2755          */
2756         function action_categorydelete() {
2757                 global $member, $manager;
2758
2759                 $blogid = intRequestVar('blogid');
2760                 $catid = intRequestVar('catid');
2761
2762                 $member->blogAdminRights($blogid) or $this->disallow();
2763
2764                 $blog =& $manager->getBlog($blogid);
2765
2766                 // check if the category is valid
2767                 if (!$blog->isValidCategory($catid))
2768                         $this->error(_ERROR_NOSUCHCATEGORY);
2769
2770                 // don't allow deletion of default category
2771                 if ($blog->getDefaultCategory() == $catid)