OSDN Git Service

sync with trunk
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php
2 /*
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4  * Copyright (C) 2002-2007 The Nucleus Group
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2
9  * of the License, or (at your option) any later version.
10  * (see nucleus/documentation/index.html#license for more info)
11  */
12 /**
13  * The code for the Nucleus admin area
14  *
15  * @license http://nucleuscms.org/license.txt GNU General Public License
16  * @copyright Copyright (C) 2002-2007 The Nucleus Group
17  * @version $Id: ADMIN.php,v 1.22 2007-05-10 08:38:33 kimitake Exp $
18  * @version $NucleusJP: ADMIN.php,v 1.21 2007/04/27 19:05:53 kimitake Exp $
19  */
20
21 if ( !function_exists('requestVar') ) exit;
22 require_once dirname(__FILE__) . '/showlist.php';
23
24 /**
25  * Builds the admin area and executes admin actions
26  */
27 class ADMIN {
28
29         /**
30          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)
31          */
32         var $action;
33
34         /**
35          * Class constructor
36          */
37         function ADMIN() {
38
39         }
40
41         /**
42          * Executes an action
43          *
44          * @param string $action action to be performed
45          */
46         function action($action) {
47                 global $CONF, $manager;
48
49                 // list of action aliases
50                 $alias = array(
51                         'login' => 'overview',
52                         '' => 'overview'
53                 );
54
55                 if (isset($alias[$action]))
56                         $action = $alias[$action];
57
58                 $methodName = 'action_' . $action;
59
60                 $this->action = strtolower($action);
61
62                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
63                 // is an action that requires user interaction before something is actually done)
64                 // all safe actions are in this array:
65                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');
66 /*
67                 // the rest of the actions needs to be checked
68                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
69 */
70                 if (!in_array($this->action, $aActionsNotToCheck))
71                 {
72                         if (!$manager->checkTicket())
73                                 $this->error(_ERROR_BADTICKET);
74                 }
75
76                 if (method_exists($this, $methodName))
77                         call_user_func(array(&$this, $methodName));
78                 else
79                         $this->error(_BADACTION . htmlspecialchars(" ($action)"));
80
81         }
82
83         /**
84          * @todo document this
85          */
86         function action_showlogin() {
87                 global $error;
88                 $this->action_login($error);
89         }
90
91         /**
92          * @todo document this
93          */
94         function action_login($msg = '', $passvars = 1) {
95                 global $member;
96
97                 // skip to overview when allowed
98                 if ($member->isLoggedIn() && $member->canLogin()) {
99                         $this->action_overview();
100                         exit;
101                 }
102
103                 $this->pagehead();
104
105                 echo '<h2>', _LOGIN ,'</h2>';
106                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);
107                 ?>
108
109                 <form action="index.php" method="post"><p>
110                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />
111                 <br />
112                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />
113                 <br />
114                 <input name="action" value="login" type="hidden" />
115                 <br />
116                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />
117                 <br />
118                 <small>
119                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>
120                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>
121                 </small>
122                 <?php                   // pass through vars
123
124                         $oldaction = postVar('oldaction');
125                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {
126                                 passRequestVars();
127                         }
128
129
130                 ?>
131                 </p></form>
132                 <?php           $this->pagefoot();
133         }
134
135
136         /**
137          * provides a screen with the overview of the actions available
138          * @todo document parameter
139          */
140         function action_overview($msg = '') {
141                 global $member;
142
143                 $this->pagehead();
144
145                 if ($msg)
146                         echo _MESSAGE , ': ', $msg;
147
148                 /* ---- add items ---- */
149                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';
150
151                 $showAll = requestVar('showall');
152
153                 if (($member->isAdmin()) && ($showAll == 'yes')) {
154                         // Super-Admins have access to all blogs! (no add item support though)
155                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'
156                                    . ' FROM ' . sql_table('blog')
157                                    . ' ORDER BY bname';
158                 } else {
159                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'
160                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
161                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()
162                                    . ' ORDER BY bname';
163                 }
164                 $template['content'] = 'bloglist';
165                 $template['superadmin'] = $member->isAdmin();
166                 $amount = showlist($query,'table',$template);
167
168                 if (($showAll != 'yes') && ($member->isAdmin())) {
169                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));
170                         if ($total > $amount)
171                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';
172                 }
173
174                 if ($amount == 0)
175                         echo _OVERVIEW_NOBLOGS;
176
177                 if ($amount != 0) {
178                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';
179                         $query =  'SELECT ititle, inumber, bshortname'
180                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')
181                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';
182                         $template['content'] = 'draftlist';
183                         $amountdrafts = showlist($query, 'table', $template);
184                         if ($amountdrafts == 0)
185                                 echo _OVERVIEW_NODRAFTS;
186                 }
187
188                 /* ---- user settings ---- */
189                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';
190                 echo '<ul>';
191                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';
192                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';
193                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';
194                 echo '</ul>';
195
196                 /* ---- general settings ---- */
197                 if ($member->isAdmin()) {
198                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';
199                         echo '<ul>';
200                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';
201                         echo '</ul>';
202                 }
203
204
205                 $this->pagefoot();
206         }
207
208         /**
209          * Returns a link to a weblog
210          * @param object BLOG
211          */
212         function bloglink(&$blog) {
213                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';
214         }
215
216         /**
217          * @todo document this
218          */
219         function action_manage($msg = '') {
220                 global $member;
221
222                 $member->isAdmin() or $this->disallow();
223
224                 $this->pagehead();
225
226                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
227
228                 if ($msg)
229                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';
230
231
232                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';
233
234                 echo '<ul>';
235                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';
236                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';
237                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';
238                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';
239                 echo '</ul>';
240
241                 echo '<h2>' . _MANAGE_SKINS . '</h2>';
242                 echo '<ul>';
243                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';
244                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';
245                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';
246                 echo '</ul>';
247
248                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';
249                 echo '<ul>';
250                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';
251                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';
252                 echo '</ul>';
253
254                 $this->pagefoot();
255         }
256
257         /**
258          * @todo document this
259          */
260         function action_itemlist($blogid = '') {
261                 global $member, $manager;
262
263                 if ($blogid == '')
264                         $blogid = intRequestVar('blogid');
265
266                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
267
268                 $this->pagehead();
269                 $blog =& $manager->getBlog($blogid);
270
271                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
272                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';
273
274                 // start index
275                 if (postVar('start'))
276                         $start = intPostVar('start');
277                 else
278                         $start = 0;
279
280                 if ($start == 0)
281                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';
282
283                 // amount of items to show
284                 if (postVar('amount'))
285                         $amount = intPostVar('amount');
286                 else
287                         $amount = 10;
288
289                 $search = postVar('search');    // search through items
290
291                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
292                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
293                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
294
295                 if ($search)
296                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
297
298                 // non-blog-admins can only edit/delete their own items
299                 if (!$member->blogAdminRights($blogid))
300                         $query .= ' and iauthor=' . $member->getID();
301
302
303                 $query .= ' ORDER BY itime DESC'
304                                 . " LIMIT $start,$amount";
305
306                 $template['content'] = 'itemlist';
307                 $template['now'] = $blog->getCorrectTime(time());
308
309                 $manager->loadClass("ENCAPSULATE");
310                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
311                 $navList->showBatchList('item',$query,'table',$template);
312
313
314                 $this->pagefoot();
315         }
316
317         /**
318          * @todo document this
319          */
320         function action_batchitem() {
321                 global $member, $manager;
322
323                 // check if logged in
324                 $member->isLoggedIn() or $this->disallow();
325
326                 // more precise check will be done for each performed operation
327
328                 // get array of itemids from request
329                 $selected = requestIntArray('batch');
330                 $action = requestVar('batchaction');
331
332                 // Show error when no items were selected
333                 if (!is_array($selected) || sizeof($selected) == 0)
334                         $this->error(_BATCH_NOSELECTION);
335
336                 // On move: when no destination blog/category chosen, show choice now
337                 $destCatid = intRequestVar('destcatid');
338                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))
339                         $this->batchMoveSelectDestination('item',$selected);
340
341                 // On delete: check if confirmation has been given
342                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
343                         $this->batchAskDeleteConfirmation('item',$selected);
344
345                 $this->pagehead();
346
347                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
348                 echo '<h2>',_BATCH_ITEMS,'</h2>';
349                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
350                 echo '<ul>';
351
352
353                 // walk over all itemids and perform action
354                 foreach ($selected as $itemid) {
355                         $itemid = intval($itemid);
356                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';
357
358                         // perform action, display errors if needed
359                         switch($action) {
360                                 case 'delete':
361                                         $error = $this->deleteOneItem($itemid);
362                                         break;
363                                 case 'move':
364                                         $error = $this->moveOneItem($itemid, $destCatid);
365                                         break;
366                                 default:
367                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
368                         }
369
370                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
371                         echo '</li>';
372                 }
373
374                 echo '</ul>';
375                 echo '<b>',_BATCH_DONE,'</b>';
376
377                 $this->pagefoot();
378
379
380         }
381
382         /**
383          * @todo document this
384          */
385         function action_batchcomment() {
386                 global $member;
387
388                 // check if logged in
389                 $member->isLoggedIn() or $this->disallow();
390
391                 // more precise check will be done for each performed operation
392
393                 // get array of itemids from request
394                 $selected = requestIntArray('batch');
395                 $action = requestVar('batchaction');
396
397                 // Show error when no items were selected
398                 if (!is_array($selected) || sizeof($selected) == 0)
399                         $this->error(_BATCH_NOSELECTION);
400
401                 // On delete: check if confirmation has been given
402                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
403                         $this->batchAskDeleteConfirmation('comment',$selected);
404
405                 $this->pagehead();
406
407                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
408                 echo '<h2>',_BATCH_COMMENTS,'</h2>';
409                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
410                 echo '<ul>';
411
412                 // walk over all itemids and perform action
413                 foreach ($selected as $commentid) {
414                         $commentid = intval($commentid);
415                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';
416
417                         // perform action, display errors if needed
418                         switch($action) {
419                                 case 'delete':
420                                         $error = $this->deleteOneComment($commentid);
421                                         break;
422                                 default:
423                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
424                         }
425
426                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
427                         echo '</li>';
428                 }
429
430                 echo '</ul>';
431                 echo '<b>',_BATCH_DONE,'</b>';
432
433                 $this->pagefoot();
434
435
436         }
437
438         /**
439          * @todo document this
440          */
441         function action_batchmember() {
442                 global $member;
443
444                 // check if logged in and admin
445                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
446
447                 // get array of itemids from request
448                 $selected = requestIntArray('batch');
449                 $action = requestVar('batchaction');
450
451                 // Show error when no members selected
452                 if (!is_array($selected) || sizeof($selected) == 0)
453                         $this->error(_BATCH_NOSELECTION);
454
455                 // On delete: check if confirmation has been given
456                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
457                         $this->batchAskDeleteConfirmation('member',$selected);
458
459                 $this->pagehead();
460
461                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';
462                 echo '<h2>',_BATCH_MEMBERS,'</h2>';
463                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
464                 echo '<ul>';
465
466                 // walk over all itemids and perform action
467                 foreach ($selected as $memberid) {
468                         $memberid = intval($memberid);
469                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';
470
471                         // perform action, display errors if needed
472                         switch($action) {
473                                 case 'delete':
474                                         $error = $this->deleteOneMember($memberid);
475                                         break;
476                                 case 'setadmin':
477                                         // always succeeds
478                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
479                                         $error = '';
480                                         break;
481                                 case 'unsetadmin':
482                                         // there should always remain at least one super-admin
483                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
484                                         if (mysql_num_rows($r) < 2)
485                                                 $error = _ERROR_ATLEASTONEADMIN;
486                                         else
487                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
488                                         break;
489                                 default:
490                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
491                         }
492
493                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
494                         echo '</li>';
495                 }
496
497                 echo '</ul>';
498                 echo '<b>',_BATCH_DONE,'</b>';
499
500                 $this->pagefoot();
501
502
503         }
504
505         /**
506          * @todo document this
507          */
508         function action_batchteam() {
509                 global $member;
510
511                 $blogid = intRequestVar('blogid');
512
513                 // check if logged in and admin
514                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
515
516                 // get array of itemids from request
517                 $selected = requestIntArray('batch');
518                 $action = requestVar('batchaction');
519
520                 // Show error when no members selected
521                 if (!is_array($selected) || sizeof($selected) == 0)
522                         $this->error(_BATCH_NOSELECTION);
523
524                 // On delete: check if confirmation has been given
525                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
526                         $this->batchAskDeleteConfirmation('team',$selected);
527
528                 $this->pagehead();
529
530                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';
531
532                 echo '<h2>',_BATCH_TEAM,'</h2>';
533                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
534                 echo '<ul>';
535
536                 // walk over all itemids and perform action
537                 foreach ($selected as $memberid) {
538                         $memberid = intval($memberid);
539                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';
540
541                         // perform action, display errors if needed
542                         switch($action) {
543                                 case 'delete':
544                                         $error = $this->deleteOneTeamMember($blogid, $memberid);
545                                         break;
546                                 case 'setadmin':
547                                         // always succeeds
548                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
549                                         $error = '';
550                                         break;
551                                 case 'unsetadmin':
552                                         // there should always remain at least one admin
553                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
554                                         if (mysql_num_rows($r) < 2)
555                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;
556                                         else
557                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
558                                         break;
559                                 default:
560                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
561                         }
562
563                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
564                         echo '</li>';
565                 }
566
567                 echo '</ul>';
568                 echo '<b>',_BATCH_DONE,'</b>';
569
570                 $this->pagefoot();
571
572
573         }
574
575         /**
576          * @todo document this
577          */
578         function action_batchcategory() {
579                 global $member, $manager;
580
581                 // check if logged in
582                 $member->isLoggedIn() or $this->disallow();
583
584                 // more precise check will be done for each performed operation
585
586                 // get array of itemids from request
587                 $selected = requestIntArray('batch');
588                 $action = requestVar('batchaction');
589
590                 // Show error when no items were selected
591                 if (!is_array($selected) || sizeof($selected) == 0)
592                         $this->error(_BATCH_NOSELECTION);
593
594                 // On move: when no destination blog chosen, show choice now
595                 $destBlogId = intRequestVar('destblogid');
596                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
597                         $this->batchMoveCategorySelectDestination('category',$selected);
598
599                 // On delete: check if confirmation has been given
600                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
601                         $this->batchAskDeleteConfirmation('category',$selected);
602
603                 $this->pagehead();
604
605                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
606                 echo '<h2>',BATCH_CATEGORIES,'</h2>';
607                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
608                 echo '<ul>';
609
610                 // walk over all itemids and perform action
611                 foreach ($selected as $catid) {
612                         $catid = intval($catid);
613                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';
614
615                         // perform action, display errors if needed
616                         switch($action) {
617                                 case 'delete':
618                                         $error = $this->deleteOneCategory($catid);
619                                         break;
620                                 case 'move':
621                                         $error = $this->moveOneCategory($catid, $destBlogId);
622                                         break;
623                                 default:
624                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
625                         }
626
627                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
628                         echo '</li>';
629                 }
630
631                 echo '</ul>';
632                 echo '<b>',_BATCH_DONE,'</b>';
633
634                 $this->pagefoot();
635
636         }
637
638         /**
639          * @todo document this
640          */
641         function batchMoveSelectDestination($type, $ids) {
642                 global $manager;
643                 $this->pagehead();
644                 ?>
645                 <h2><?php echo _MOVE_TITLE?></h2>
646                 <form method="post" action="index.php"><div>
647
648                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
649                         <input type="hidden" name="batchaction" value="move" />
650                         <?php
651                                 $manager->addTicketHidden();
652
653                                 // insert selected item numbers
654                                 $idx = 0;
655                                 foreach ($ids as $id)
656                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
657
658                                 // show blog/category selection list
659                                 $this->selectBlogCategory('destcatid');
660
661                         ?>
662
663
664                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />
665
666                 </div></form>
667                 <?php           $this->pagefoot();
668                 exit;
669         }
670
671         /**
672          * @todo document this
673          */
674         function batchMoveCategorySelectDestination($type, $ids) {
675                 global $manager;
676                 $this->pagehead();
677                 ?>
678                 <h2><?php echo _MOVECAT_TITLE?></h2>
679                 <form method="post" action="index.php"><div>
680
681                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
682                         <input type="hidden" name="batchaction" value="move" />
683                         <?php
684                                 $manager->addTicketHidden();
685
686                                 // insert selected item numbers
687                                 $idx = 0;
688                                 foreach ($ids as $id)
689                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
690
691                                 // show blog/category selection list
692                                 $this->selectBlog('destblogid');
693
694                         ?>
695
696
697                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />
698
699                 </div></form>
700                 <?php           $this->pagefoot();
701                 exit;
702         }
703
704         /**
705          * @todo document this
706          */
707         function batchAskDeleteConfirmation($type, $ids) {
708                 global $manager;
709
710                 $this->pagehead();
711                 ?>
712                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>
713                 <form method="post" action="index.php"><div>
714
715                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
716                         <?php $manager->addTicketHidden() ?>
717                         <input type="hidden" name="batchaction" value="delete" />
718                         <input type="hidden" name="confirmation" value="yes" />
719                         <?php                           // insert selected item numbers
720                                 $idx = 0;
721                                 foreach ($ids as $id)
722                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
723
724                                 // add hidden vars for team & comment
725                                 if ($type == 'team')
726                                 {
727                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';
728                                 }
729                                 if ($type == 'comment')
730                                 {
731                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';
732                                 }
733
734                         ?>
735
736                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />
737
738                 </div></form>
739                 <?php           $this->pagefoot();
740                 exit;
741         }
742
743
744         /**
745          * Inserts a HTML select element with choices for all categories to which the current
746          * member has access
747          * @see function selectBlog
748          */
749         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
750                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
751         }
752
753         /**
754          * Inserts a HTML select element with choices for all blogs to which the user has access
755          *              mode = 'blog' => shows blognames and values are blogids
756          *              mode = 'category' => show category names and values are catids
757          *
758          * @param $iForcedBlogInclude
759          *              ID of a blog that always needs to be included, without checking if the
760          *              member is on the blog team (-1 = none)
761          * @todo document parameters
762          */
763         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
764                 global $member, $CONF;
765
766                 // 0. get IDs of blogs to which member can post items (+ forced blog)
767                 $aBlogIds = array();
768                 if ($iForcedBlogInclude != -1)
769                         $aBlogIds[] = intval($iForcedBlogInclude);
770
771                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))
772                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
773                 else
774                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
775                 $rblogids = sql_query($queryBlogs);
776                 while ($o = mysql_fetch_object($rblogids))
777                         if ($o->bnumber != $iForcedBlogInclude)
778                                 $aBlogIds[] = intval($o->bnumber);
779
780                 if (count($aBlogIds) == 0)
781                         return;
782
783                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';
784
785                 // 1. select blogs (we'll create optiongroups)
786                 // (only select those blogs that have the user on the team)
787                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';
788                 $blogs = sql_query($queryBlogs);
789                 if ($mode == 'category') {
790                         if (mysql_num_rows($blogs) > 1)
791                                 $multipleBlogs = 1;
792
793                         while ($oBlog = mysql_fetch_object($blogs)) {
794                                 if ($multipleBlogs)
795                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';
796
797                                 // show selection to create new category when allowed/wanted
798                                 if ($showNewCat) {
799                                         // check if allowed to do so
800                                         if ($member->blogAdminRights($oBlog->bnumber))
801                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';
802                                 }
803
804                                 // 2. for each category in that blog
805                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');
806                                 while ($oCat = mysql_fetch_object($categories)) {
807                                         if ($oCat->catid == $selected)
808                                                 $selectText = ' selected="selected" ';
809                                         else
810                                                 $selectText = '';
811                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';
812                                 }
813
814                                 if ($multipleBlogs)
815                                         echo '</optgroup>';
816                         }
817                 } else {
818                         // blog mode
819                         while ($oBlog = mysql_fetch_object($blogs)) {
820                                 echo '<option value="',$oBlog->bnumber,'"';
821                                 if ($oBlog->bnumber == $selected)
822                                         echo ' selected="selected"';
823                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';
824                         }
825                 }
826                 echo '</select>';
827
828         }
829
830         /**
831          * @todo document this
832          */
833         function action_browseownitems() {
834                 global $member, $manager;
835
836                 $this->pagehead();
837
838                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
839                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';
840
841                 // start index
842                 if (postVar('start'))
843                         $start = intPostVar('start');
844                 else
845                         $start = 0;
846
847                 // amount of items to show
848                 if (postVar('amount'))
849                         $amount = intPostVar('amount');
850                 else
851                         $amount = 10;
852
853                 $search = postVar('search');    // search through items
854
855                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
856                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
857                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
858
859                 if ($search)
860                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
861
862                 $query .= ' ORDER BY itime DESC'
863                                 . " LIMIT $start,$amount";
864
865                 $template['content'] = 'itemlist';
866                 $template['now'] = time();
867
868                 $manager->loadClass("ENCAPSULATE");
869                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);
870                 $navList->showBatchList('item',$query,'table',$template);
871
872                 $this->pagefoot();
873
874         }
875
876         /**
877          * Show all the comments for a given item
878          * @param int $itemid
879          */
880         function action_itemcommentlist($itemid = '') {
881                 global $member, $manager;
882
883                 if ($itemid == '')
884                         $itemid = intRequestVar('itemid');
885
886                 // only allow if user is allowed to alter item
887                 $member->canAlterItem($itemid) or $this->disallow();
888
889                 // ED$ what is this??? getBlogIDFromItemId()??
890                 $blogid = getBlogIdFromItemId($itemid);
891
892                 $this->pagehead();
893
894                 // start index
895                 if (postVar('start'))
896                         $start = intPostVar('start');
897                 else
898                         $start = 0;
899
900                 // amount of items to show
901                 if (postVar('amount'))
902                         $amount = intPostVar('amount');
903                 else
904                         $amount = 10;
905
906                 $search = postVar('search');
907
908                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';
909                 echo '<h2>',_COMMENTS,'</h2>';
910
911                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;
912
913                 if ($search)
914                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
915
916                 $query .= ' ORDER BY ctime ASC'
917                                 . " LIMIT $start,$amount";
918
919                 $template['content'] = 'commentlist';
920                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
921
922                 $manager->loadClass("ENCAPSULATE");
923                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
924                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
925
926                 $this->pagefoot();
927         }
928
929         /**
930          * Browse own comments
931          */
932         function action_browseowncomments() {
933                 global $member, $manager;
934
935                 // start index
936                 if (postVar('start'))
937                         $start = intPostVar('start');
938                 else
939                         $start = 0;
940
941                 // amount of items to show
942                 if (postVar('amount'))
943                         $amount = intPostVar('amount');
944                 else
945                         $amount = 10;
946
947                 $search = postVar('search');
948
949
950                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
951
952                 if ($search)
953                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
954
955                 $query .= ' ORDER BY ctime DESC'
956                                 . " LIMIT $start,$amount";
957
958                 $this->pagehead();
959
960                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
961                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';
962
963                 $template['content'] = 'commentlist';
964                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself
965
966                 $manager->loadClass("ENCAPSULATE");
967                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
968                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
969
970                 $this->pagefoot();
971         }
972
973         /**
974          * Browse all comments for a weblog
975          * @param int $blogid
976          */
977         function action_blogcommentlist($blogid = '')
978         {
979                 global $member, $manager;
980
981                 if ($blogid == '')
982                         $blogid = intRequestVar('blogid');
983                 else
984                         $blogid = intval($blogid);
985
986                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
987
988                 // start index
989                 if (postVar('start'))
990                         $start = intPostVar('start');
991                 else
992                         $start = 0;
993
994                 // amount of items to show
995                 if (postVar('amount'))
996                         $amount = intPostVar('amount');
997                 else
998                         $amount = 10;
999
1000                 $search = postVar('search');            // search through comments
1001
1002
1003                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
1004
1005                 if ($search != '')
1006                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
1007
1008
1009                 $query .= ' ORDER BY ctime DESC'
1010                                 . " LIMIT $start,$amount";
1011
1012
1013                 $blog =& $manager->getBlog($blogid);
1014
1015                 $this->pagehead();
1016
1017                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
1018                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';
1019
1020                 $template['content'] = 'commentlist';
1021                 $template['canAddBan'] = $member->blogAdminRights($blogid);
1022
1023                 $manager->loadClass("ENCAPSULATE");
1024                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
1025                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
1026
1027                 $this->pagefoot();
1028         }
1029
1030         /**
1031          * Provide a page to item a new item to the given blog
1032          */
1033         function action_createitem() {
1034                 global $member, $manager;
1035
1036                 $blogid = intRequestVar('blogid');
1037
1038                 // check if allowed
1039                 $member->teamRights($blogid) or $this->disallow();
1040
1041                 $memberid = $member->getID();
1042
1043                 $blog =& $manager->getBlog($blogid);
1044
1045                 $this->pagehead();
1046
1047                 // generate the add-item form
1048                 $formfactory =& new PAGEFACTORY($blogid);
1049                 $formfactory->createAddForm('admin');
1050
1051                 $this->pagefoot();
1052         }
1053
1054         /**
1055          * @todo document this
1056          */
1057         function action_itemedit() {
1058                 global $member, $manager;
1059
1060                 $itemid = intRequestVar('itemid');
1061
1062                 // only allow if user is allowed to alter item
1063                 $member->canAlterItem($itemid) or $this->disallow();
1064
1065                 $item =& $manager->getItem($itemid,1,1);
1066                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
1067
1068                 $manager->notify('PrepareItemForEdit', array('item' => &$item));
1069
1070                 if ($blog->convertBreaks()) {
1071                         $item['body'] = removeBreaks($item['body']);
1072                         $item['more'] = removeBreaks($item['more']);
1073                 }
1074
1075                 // form to edit blog items
1076                 $this->pagehead();
1077                 $formfactory =& new PAGEFACTORY($blog->getID());
1078                 $formfactory->createEditForm('admin',$item);
1079                 $this->pagefoot();
1080         }
1081
1082         /**
1083          * @todo document this
1084          */
1085         function action_itemupdate() {
1086                 global $member, $manager, $CONF;
1087
1088                 $itemid = intRequestVar('itemid');
1089                 $catid = postVar('catid');
1090
1091                 // only allow if user is allowed to alter item
1092                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1093
1094                 $actiontype = postVar('actiontype');
1095
1096                 // delete actions are handled by itemdelete (which has confirmation)
1097                 if ($actiontype == 'delete') {
1098                         $this->action_itemdelete();
1099                         return;
1100                 }
1101
1102                 $body   = postVar('body');
1103                 $title  = postVar('title');
1104                 $more   = postVar('more');
1105                 $closed = intPostVar('closed');
1106                 $draftid = intPostVar('draftid');
1107
1108                 // default action = add now
1109                 if (!$actiontype)
1110                         $actiontype='addnow';
1111
1112                 // create new category if needed
1113                 if (strstr($catid,'newcat')) {
1114                         // get blogid
1115                         list($blogid) = sscanf($catid,"newcat-%d");
1116
1117                         // create
1118                         $blog =& $manager->getBlog($blogid);
1119                         $catid = $blog->createNewCategory();
1120
1121                         // show error when sth goes wrong
1122                         if (!$catid)
1123                                 $this->doError(_ERROR_CATCREATEFAIL);
1124                 }
1125
1126                 /*
1127                         set some variables based on actiontype
1128
1129                         actiontypes:
1130                                 draft items -> addnow, addfuture, adddraft, delete
1131                                 non-draft items -> edit, changedate, delete
1132
1133                         variables set:
1134                                 $timestamp: set to a nonzero value for future dates or date changes
1135                                 $wasdraft: set to 1 when the item used to be a draft item
1136                                 $publish: set to 1 when the edited item is not a draft
1137                 */
1138                 switch ($actiontype) {
1139                         case 'adddraft':
1140                                 $publish = 0;
1141                                 $wasdraft = 1;
1142                                 $timestamp = 0;
1143                                 break;
1144                         case 'addfuture':
1145                                 $wasdraft = 1;
1146                                 $publish = 1;
1147                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1148                                 break;
1149                         case 'addnow':
1150                                 $wasdraft = 1;
1151                                 $publish = 1;
1152                                 $timestamp = 0;
1153                                 break;
1154                         case 'changedate':
1155                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1156                                 $publish = 1;
1157                                 $wasdraft = 0;
1158                                 break;
1159                         case 'edit':
1160                         default:
1161                                 $publish = 1;
1162                                 $wasdraft = 0;
1163                                 $timestamp = 0;
1164                 }
1165
1166                 // edit the item for real
1167                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
1168
1169                 $blogid = getBlogIDFromItemID($itemid);
1170                 $blog =& $manager->getBlog($blogid);
1171
1172                 $isFuture = 0;
1173                 if ($timestamp > $blog->getCorrectTime(time())) {
1174                         $isFuture = 1;
1175                 }
1176
1177                 $this->updateFuturePosted($blogid);
1178
1179                 if ($draftid > 0) {
1180                         ITEM::delete($draftid);
1181                 }
1182
1183                 if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) {
1184                         $this->action_sendping($blogid);
1185                         return;
1186                 }
1187
1188                 // show category edit window when we created a new category
1189                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
1190                 if ($catid != intPostVar('catid')) {
1191                         $this->action_categoryedit(
1192                                 $catid,
1193                                 $blog->getID(),
1194                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
1195                         );
1196                 } else {
1197                         // TODO: set start item correctly for itemlist
1198                         $this->action_itemlist(getBlogIDFromItemID($itemid));
1199                 }
1200         }
1201
1202         /**
1203          * @todo document this
1204          */
1205         function action_itemdelete() {
1206                 global $member, $manager;
1207
1208                 $itemid = intRequestVar('itemid');
1209
1210                 // only allow if user is allowed to alter item
1211                 $member->canAlterItem($itemid) or $this->disallow();
1212
1213                 if (!$manager->existsItem($itemid,1,1))
1214                         $this->error(_ERROR_NOSUCHITEM);
1215
1216                 $item =& $manager->getItem($itemid,1,1);
1217                 $title = htmlspecialchars(strip_tags($item['title']));
1218                 $body = strip_tags($item['body']);
1219                 $body = htmlspecialchars(shorten($body,300,'...'));
1220
1221                 $this->pagehead();
1222                 ?>
1223                         <h2><?php echo _DELETE_CONFIRM?></h2>
1224
1225                         <p><?php echo _CONFIRMTXT_ITEM?></p>
1226
1227                         <div class="note">
1228                                 <b>"<?php echo  $title ?>"</b>
1229                                 <br />
1230                                 <?php echo $body?>
1231                         </div>
1232
1233                         <form method="post" action="index.php"><div>
1234                                 <input type="hidden" name="action" value="itemdeleteconfirm" />
1235                                 <?php $manager->addTicketHidden() ?>
1236                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1237                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />
1238                         </div></form>
1239                 <?php
1240                 $this->pagefoot();
1241         }
1242
1243         /**
1244          * @todo document this
1245          */
1246         function action_itemdeleteconfirm() {
1247                 global $member;
1248
1249                 $itemid = intRequestVar('itemid');
1250
1251                 // only allow if user is allowed to alter item
1252                 $member->canAlterItem($itemid) or $this->disallow();
1253
1254                 // get blogid first ED$ What is this? getBlogIDFromItemId()???
1255                 $blogid = getBlogIdFromItemId($itemid);
1256
1257                 // delete item (note: some checks will be performed twice)
1258                 $this->deleteOneItem($itemid);
1259
1260                 $this->action_itemlist($blogid);
1261         }
1262
1263         /**
1264          * Deletes one item and returns error if something goes wrong
1265          * @param int $itemid
1266          */
1267         function deleteOneItem($itemid) {
1268                 global $member, $manager;
1269
1270                 // only allow if user is allowed to alter item (also checks if itemid exists)
1271                 if (!$member->canAlterItem($itemid))
1272                         return _ERROR_DISALLOWED;
1273
1274                 // need to get blogid before the item is deleted
1275                 $blogid = getBlogIDFromItemId($itemid);
1276
1277                 $manager->loadClass('ITEM');
1278                 ITEM::delete($itemid);
1279
1280                 // update blog's futureposted
1281                 $this->updateFuturePosted($blogid);
1282         }
1283
1284         /**
1285          * Update a blog's future posted flag
1286          * @param int $blogid
1287          */
1288         function updateFuturePosted($blogid) {
1289                 global $manager;
1290
1291                 $blog =& $manager->getBlog($blogid);
1292                 $currenttime = $blog->getCorrectTime(time());
1293                 $result = sql_query("SELECT * FROM ".sql_table('item').
1294                         " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));
1295                 if (mysql_num_rows($result) > 0) {
1296                                 $blog->setFuturePost();
1297                 }
1298                 else {
1299                                 $blog->clearFuturePost();
1300                 }
1301         }
1302
1303         /**
1304          * @todo document this
1305          */
1306         function action_itemmove() {
1307                 global $member, $manager;
1308
1309                 $itemid = intRequestVar('itemid');
1310
1311                 // only allow if user is allowed to alter item
1312                 $member->canAlterItem($itemid) or $this->disallow();
1313
1314                 $item =& $manager->getItem($itemid,1,1);
1315
1316                 $this->pagehead();
1317                 ?>
1318                         <h2><?php echo _MOVE_TITLE?></h2>
1319                         <form method="post" action="index.php"><div>
1320                                 <input type="hidden" name="action" value="itemmoveto" />
1321                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1322
1323                                 <?php
1324
1325                                         $manager->addTicketHidden();
1326                                         $this->selectBlogCategory('catid',$item['catid'],10,1);
1327                                 ?>
1328
1329                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />
1330                         </div></form>
1331                 <?php
1332                 $this->pagefoot();
1333         }
1334
1335         /**
1336          * @todo document this
1337          */
1338         function action_itemmoveto() {
1339                 global $member, $manager;
1340
1341                 $itemid = intRequestVar('itemid');
1342                 $catid = requestVar('catid');
1343
1344                 // create new category if needed
1345                 if (strstr($catid,'newcat')) {
1346                         // get blogid
1347                         list($blogid) = sscanf($catid,'newcat-%d');
1348
1349                         // create
1350                         $blog =& $manager->getBlog($blogid);
1351                         $catid = $blog->createNewCategory();
1352
1353                         // show error when sth goes wrong
1354                         if (!$catid)
1355                                 $this->doError(_ERROR_CATCREATEFAIL);
1356                 }
1357
1358                 // only allow if user is allowed to alter item
1359                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1360
1361                 $old_blogid = getBlogIDFromItemId($itemid);
1362
1363                 ITEM::move($itemid, $catid);
1364
1365                 // set the futurePosted flag on the blog
1366                 $this->updateFuturePosted(getBlogIDFromItemId($itemid));
1367
1368                 // reset the futurePosted in case the item is moved from one blog to another
1369                 $this->updateFuturePosted($old_blogid);
1370
1371                 if ($catid != intRequestVar('catid'))
1372                         $this->action_categoryedit($catid, $blog->getID());
1373                 else
1374                         $this->action_itemlist(getBlogIDFromCatID($catid));
1375         }
1376
1377         /**
1378          * Moves one item to a given category (category existance should be checked by caller)
1379          * errors are returned
1380          * @param int $itemid
1381          * @param int $destCatid category ID to which the item will be moved
1382          */
1383         function moveOneItem($itemid, $destCatid) {
1384                 global $member;
1385
1386                 // only allow if user is allowed to move item
1387                 if (!$member->canUpdateItem($itemid, $destCatid))
1388                         return _ERROR_DISALLOWED;
1389
1390                 ITEM::move($itemid, $destCatid);
1391         }
1392
1393         /**
1394          * Adds a item to the chosen blog
1395          */
1396         function action_additem() {
1397                 global $member, $manager, $CONF;
1398
1399                 $manager->loadClass('ITEM');
1400
1401                 $result = ITEM::createFromRequest();
1402
1403                 if ($result['status'] == 'error')
1404                         $this->error($result['message']);
1405
1406                 $blogid = getBlogIDFromItemID($result['itemid']);
1407                 $blog =& $manager->getBlog($blogid);
1408
1409                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
1410
1411                 if ($result['status'] == 'newcategory')
1412                         $this->action_categoryedit(
1413                                 $result['catid'],
1414                                 $blogid,
1415                                 $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : ''
1416                         );
1417                 elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0)
1418                         $this->action_sendping($blogid);
1419                 else
1420                         $this->action_itemlist($blogid);
1421         }
1422
1423         /**
1424          * Shows a window that says we're about to ping.
1425          * immediately refresh to the real pinging page, which will
1426          * show an error, or redirect to the blog.
1427          *
1428          * @param int $blogid ID of blog for which ping needs to be sent out
1429          */
1430         function action_sendping($blogid = -1) {
1431                 global $member, $manager;
1432
1433                 if ($blogid == -1)
1434                         $blogid = intRequestVar('blogid');
1435
1436                 $member->isLoggedIn() or $this->disallow();
1437
1438                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
1439
1440                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
1441                 ?>
1442                 <h2>Site Updated, Now pinging various weblog listing services...</h2>
1443
1444                 <p>
1445                         This can take a while...
1446                 </p>
1447
1448                 <p>
1449                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>
1450                 </p>
1451                 <?php           $this->pagefoot();
1452         }
1453
1454         /**
1455          * Sends the real ping (can take up to 10 seconds!)
1456          */
1457         function action_rawping() {
1458                 global $manager;
1459                 // TODO: checks?
1460
1461                 $blogid = intRequestVar('blogid');
1462                 $blog =& $manager->getBlog($blogid);
1463
1464                 $this->pagehead();
1465
1466                 ?>
1467
1468                 <h2>Pinging services, please wait...</h2>
1469                 <div class='note'>
1470                 <?
1471
1472                 // send sendPing event
1473                 $manager->notify('SendPing', array('blogid' => $blogid));
1474
1475                 ?>
1476                 </div>
1477
1478                 <ul>
1479                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>
1480                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>
1481                 </ul>
1482
1483                 <?php           $this->pagefoot();
1484         }
1485
1486         /**
1487          * Allows to edit previously made comments
1488          */
1489         function action_commentedit() {
1490                 global $member, $manager;
1491
1492                 $commentid = intRequestVar('commentid');
1493
1494                 $member->canAlterComment($commentid) or $this->disallow();
1495
1496                 $comment = COMMENT::getComment($commentid);
1497
1498                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
1499
1500                 // change <br /> to \n
1501                 $comment['body'] = str_replace('<br />','',$comment['body']);
1502
1503                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);
1504
1505                 $this->pagehead();
1506
1507                 ?>
1508                 <h2><?php echo _EDITC_TITLE?></h2>
1509
1510                 <form action="index.php" method="post"><div>
1511
1512                 <input type="hidden" name="action" value="commentupdate" />
1513                 <?php $manager->addTicketHidden(); ?>
1514                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1515                 <table><tr>
1516                         <th colspan="2"><?php echo _EDITC_TITLE?></th>
1517                 </tr><tr>
1518                         <td><?php echo _EDITC_WHO?></td>
1519                         <td>
1520                         <?php                           if ($comment['member'])
1521                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";
1522                                 else
1523                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";
1524                         ?>
1525                         </td>
1526                 </tr><tr>
1527                         <td><?php echo _EDITC_WHEN?></td>
1528                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>
1529                 </tr><tr>
1530                         <td><?php echo _EDITC_HOST?></td>
1531                         <td><?php echo  $comment['host']; ?></td>
1532                 </tr><tr>
1533                         <td><?php echo _EDITC_TEXT?></td>
1534                         <td>
1535                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)
1536                                         echo $comment['body'];
1537                                 ?></textarea>
1538                         </td>
1539                 </tr><tr>
1540                         <td><?php echo _EDITC_EDIT?></td>
1541                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>
1542                 </tr></table>
1543
1544                 </div></form>
1545                 <?php
1546                 $this->pagefoot();
1547         }
1548
1549         /**
1550          * @todo document this
1551          */
1552         function action_commentupdate() {
1553                 global $member, $manager;
1554
1555                 $commentid = intRequestVar('commentid');
1556
1557                 $member->canAlterComment($commentid) or $this->disallow();
1558
1559                 $body = postVar('body');
1560
1561                 // intercept words that are too long
1562                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
1563                         $this->error(_ERROR_COMMENT_LONGWORD);
1564
1565                 // check length
1566                 if (strlen($body)<3)
1567                         $this->error(_ERROR_COMMENT_NOCOMMENT);
1568                 if (strlen($body)>5000)
1569                         $this->error(_ERROR_COMMENT_TOOLONG);
1570
1571
1572                 // prepare body
1573                 $body = COMMENT::prepareBody($body);
1574
1575                 // call plugins
1576                 $manager->notify('PreUpdateComment',array('body' => &$body));
1577
1578                 $query =  'UPDATE '.sql_table('comment')
1579                            . " SET cbody='" .addslashes($body). "'"
1580                            . " WHERE cnumber=" . $commentid;
1581                 sql_query($query);
1582
1583                 // get itemid
1584                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
1585                 $o = mysql_fetch_object($res);
1586                 $itemid = $o->citem;
1587
1588                 if ($member->canAlterItem($itemid))
1589                         $this->action_itemcommentlist($itemid);
1590                 else
1591                         $this->action_browseowncomments();
1592
1593         }
1594
1595         /**
1596          * @todo document this
1597          */
1598         function action_commentdelete() {
1599                 global $member, $manager;
1600
1601                 $commentid = intRequestVar('commentid');
1602
1603                 $member->canAlterComment($commentid) or $this->disallow();
1604
1605                 $comment = COMMENT::getComment($commentid);
1606
1607                 $body = strip_tags($comment['body']);
1608                 $body = htmlspecialchars(shorten($body, 300, '...'));
1609
1610                 if ($comment['member'])
1611                         $author = $comment['member'];
1612                 else
1613                         $author = $comment['user'];
1614
1615                 $this->pagehead();
1616                 ?>
1617
1618                         <h2><?php echo _DELETE_CONFIRM?></h2>
1619
1620                         <p><?php echo _CONFIRMTXT_COMMENT?></p>
1621
1622                         <div class="note">
1623                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>
1624                         <br />
1625                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>
1626                         </div>
1627
1628                         <form method="post" action="index.php"><div>
1629                                 <input type="hidden" name="action" value="commentdeleteconfirm" />
1630                                 <?php $manager->addTicketHidden() ?>
1631                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1632                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
1633                         </div></form>
1634                 <?php
1635                 $this->pagefoot();
1636         }
1637
1638         /**
1639          * @todo document this
1640          */
1641         function action_commentdeleteconfirm() {
1642                 global $member;
1643
1644                 $commentid = intRequestVar('commentid');
1645
1646                 // get item id first
1647                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
1648                 $o = mysql_fetch_object($res);
1649                 $itemid = $o->citem;
1650
1651                 $error = $this->deleteOneComment($commentid);
1652                 if ($error)
1653                         $this->doError($error);
1654
1655                 if ($member->canAlterItem($itemid))
1656                         $this->action_itemcommentlist($itemid);
1657                 else
1658                         $this->action_browseowncomments();
1659         }
1660
1661         /**
1662          * @todo document this
1663          */
1664         function deleteOneComment($commentid) {
1665                 global $member, $manager;
1666
1667                 $commentid = intval($commentid);
1668
1669                 if (!$member->canAlterComment($commentid))
1670                         return _ERROR_DISALLOWED;
1671
1672                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));
1673
1674                 // delete the comments associated with the item
1675                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
1676                 sql_query($query);
1677
1678                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));
1679
1680                 return '';
1681         }
1682
1683         /**
1684          * Usermanagement main
1685          */
1686         function action_usermanagement() {
1687                 global $member, $manager;
1688
1689                 // check if allowed
1690                 $member->isAdmin() or $this->disallow();
1691
1692                 $this->pagehead();
1693
1694                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
1695
1696                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';
1697
1698                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';
1699
1700                 // show list of members with actions
1701                 $query =  'SELECT *'
1702                            . ' FROM '.sql_table('member');
1703                 $template['content'] = 'memberlist';
1704                 $template['tabindex'] = 10;
1705
1706                 $manager->loadClass("ENCAPSULATE");
1707                 $batch =& new BATCH('member');
1708                 $batch->showlist($query,'table',$template);
1709
1710                 echo '<h3>' . _MEMBERS_NEW .'</h3>';
1711                 ?>
1712                         <form method="post" action="index.php" name="memberedit"><div>
1713
1714                         <input type="hidden" name="action" value="memberadd" />
1715                         <?php $manager->addTicketHidden() ?>
1716
1717                         <table>
1718                         <tr>
1719                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>
1720                         </tr><tr>
1721                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1722                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1723                                 </td>
1724                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
1725                         </tr><tr>
1726                                 <td><?php echo _MEMBERS_REALNAME?></td>
1727                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>
1728                         </tr><tr>
1729                                 <td><?php echo _MEMBERS_PWD?></td>
1730                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>
1731                         </tr><tr>
1732                                 <td><?php echo _MEMBERS_REPPWD?></td>
1733                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>
1734                         </tr><tr>
1735                                 <td><?php echo _MEMBERS_EMAIL?></td>
1736                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>
1737                         </tr><tr>
1738                                 <td><?php echo _MEMBERS_URL?></td>
1739                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>
1740                         </tr><tr>
1741                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1742                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>
1743                         </tr><tr>
1744                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1745                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>
1746                         </tr><tr>
1747                                 <td><?php echo _MEMBERS_NOTES?></td>
1748                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>
1749                         </tr><tr>
1750                                 <td><?php echo _MEMBERS_NEW?></td>
1751                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>
1752                         </tr></table>
1753
1754                         </div></form>
1755                 <?php
1756                 $this->pagefoot();
1757         }
1758
1759         /**
1760          * Edit member settings
1761          */
1762         function action_memberedit() {
1763                 $this->action_editmembersettings(intRequestVar('memberid'));
1764         }
1765
1766         /**
1767          * @todo document this
1768          */
1769         function action_editmembersettings($memberid = '') {
1770                 global $member, $manager, $CONF;
1771
1772                 if ($memberid == '')
1773                         $memberid = $member->getID();
1774
1775                 // check if allowed
1776                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1777
1778                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
1779                 $this->pagehead($extrahead);
1780
1781                 // show message to go back to member overview (only for admins)
1782                 if ($member->isAdmin())
1783                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';
1784                 else
1785                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';
1786
1787                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';
1788
1789                 $mem = MEMBER::createFromID($memberid);
1790
1791                 ?>
1792                 <form method="post" action="index.php" name="memberedit"><div>
1793
1794                 <input type="hidden" name="action" value="changemembersettings" />
1795                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
1796                 <?php $manager->addTicketHidden() ?>
1797
1798                 <table><tr>
1799                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>
1800                 </tr><tr>
1801                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1802                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1803                         </td>
1804                         <td>
1805                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1806                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
1807                         <?php } else {
1808                                 echo htmlspecialchars($member->getDisplayName());
1809                            }
1810                         ?>
1811                         </td>
1812                 </tr><tr>
1813                         <td><?php echo _MEMBERS_REALNAME?></td>
1814                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>
1815                 </tr><tr>
1816                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1817                         <td><?php echo _MEMBERS_PWD?></td>
1818                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>
1819                 </tr><tr>
1820                         <td><?php echo _MEMBERS_REPPWD?></td>
1821                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>
1822                 <?php } ?>
1823                 </tr><tr>
1824                         <td><?php echo _MEMBERS_EMAIL?>
1825                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>
1826                         </td>
1827                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>
1828                 </tr><tr>
1829                         <td><?php echo _MEMBERS_URL?></td>
1830                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>
1831                 <?php // only allow to change this by super-admins
1832                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)
1833                    if ($member->isAdmin()) {
1834                 ?>
1835                         </tr><tr>
1836                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1837                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>
1838                         </tr><tr>
1839                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1840                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>
1841                 <?php } ?>
1842                 </tr><tr>
1843                         <td><?php echo _MEMBERS_NOTES?></td>
1844                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>
1845                 </tr><tr>
1846                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>
1847                         </td>
1848                         <td>
1849
1850                                 <select name="deflang" tabindex="85">
1851                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>
1852                                 <?php                           // show a dropdown list of all available languages
1853                                 global $DIR_LANG;
1854                                 $dirhandle = opendir($DIR_LANG);
1855                                 while ($filename = readdir($dirhandle)) {
1856                                         if (ereg("^(.*)\.php$",$filename,$matches)) {
1857                                                 $name = $matches[1];
1858                                                 echo "<option value='$name'";
1859                                                 if ($name == $mem->getLanguage())
1860                                                         echo " selected='selected'";
1861                                                 echo ">$name</option>";
1862                                         }
1863                                 }
1864                                 closedir($dirhandle);
1865
1866                                 ?>
1867                                 </select>
1868
1869                         </td>
1870                 </tr>
1871                 <?php
1872                         // plugin options
1873                         $this->_insertPluginOptions('member',$memberid);
1874                 ?>
1875                 <tr>
1876                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>
1877                 </tr><tr>
1878                         <td><?php echo _MEMBERS_EDIT?></td>
1879                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>
1880                 </tr></table>
1881
1882                 </div></form>
1883
1884                 <?php
1885                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
1886
1887                         $manager->notify(
1888                                 'MemberSettingsFormExtras',
1889                                 array(
1890                                         'member' => &$mem
1891                                 )
1892                         );
1893
1894                 $this->pagefoot();
1895         }
1896
1897         /**
1898          * @todo document this
1899          */
1900         function action_changemembersettings() {
1901                 global $member, $CONF, $manager;
1902
1903                 $memberid = intRequestVar('memberid');
1904
1905                 // check if allowed
1906                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1907
1908                 $name                   = trim(strip_tags(postVar('name')));
1909                 $realname               = trim(strip_tags(postVar('realname')));
1910                 $password               = postVar('password');
1911                 $repeatpassword = postVar('repeatpassword');
1912                 $email                  = strip_tags(postVar('email'));
1913                 $url                    = strip_tags(postVar('url'));
1914
1915                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
1916                 if (!eregi("^https?://", $url))
1917                         $url = "http://".$url;
1918
1919                 $admin                  = postVar('admin');
1920                 $canlogin               = postVar('canlogin');
1921                 $notes                  = strip_tags(postVar('notes'));
1922                 $deflang                = postVar('deflang');
1923
1924                 $mem = MEMBER::createFromID($memberid);
1925
1926                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1927
1928                         if (!isValidDisplayName($name))
1929                                 $this->error(_ERROR_BADNAME);
1930
1931                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
1932                                 $this->error(_ERROR_NICKNAMEINUSE);
1933
1934                         if ($password != $repeatpassword)
1935                                 $this->error(_ERROR_PASSWORDMISMATCH);
1936
1937                         if ($password && (strlen($password) < 6))
1938                                 $this->error(_ERROR_PASSWORDTOOSHORT);
1939                 }
1940
1941                 if (!isValidMailAddress($email))
1942                         $this->error(_ERROR_BADMAILADDRESS);
1943
1944
1945                 if (!$realname)
1946                         $this->error(_ERROR_REALNAMEMISSING);
1947
1948                 if (($deflang != '') && (!checkLanguage($deflang)))
1949                         $this->error(_ERROR_NOSUCHLANGUAGE);
1950
1951                 // check if there will remain at least one site member with both the logon and admin rights
1952                 // (check occurs when taking away one of these rights from such a member)
1953                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())
1954                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1955                    )
1956                 {
1957                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1958                         if (mysql_num_rows($r) < 2)
1959                                 $this->error(_ERROR_ATLEASTONEADMIN);
1960                 }
1961
1962                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1963                         $mem->setDisplayName($name);
1964                         if ($password)
1965                                 $mem->setPassword($password);
1966                 }
1967
1968                 $oldEmail = $mem->getEmail();
1969
1970                 $mem->setRealName($realname);
1971                 $mem->setEmail($email);
1972                 $mem->setURL($url);
1973                 $mem->setNotes($notes);
1974                 $mem->setLanguage($deflang);
1975
1976
1977                 // only allow super-admins to make changes to the admin status
1978                 if ($member->isAdmin()) {
1979                         $mem->setAdmin($admin);
1980                         $mem->setCanLogin($canlogin);
1981                 }
1982
1983
1984                 $mem->write();
1985
1986                 // store plugin options
1987                 $aOptions = requestArray('plugoption');
1988                 NucleusPlugin::_applyPluginOptions($aOptions);
1989                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
1990
1991                 // if email changed, generate new password
1992                 if ($oldEmail != $mem->getEmail())
1993                 {
1994                         $mem->sendActivationLink('addresschange', $oldEmail);
1995                         // logout member
1996                         $mem->newCookieKey();
1997
1998                         // only log out if the member being edited is the current member.
1999                         if ($member->getID() == $memberid)
2000                                 $member->logout();
2001                         $this->action_login(_MSG_ACTIVATION_SENT, 0);
2002                         return;
2003                 }
2004
2005
2006                 if (  ( $mem->getID() == $member->getID() )
2007                    && ( $mem->getDisplayName() != $member->getDisplayName() )
2008                    ) {
2009                         $mem->newCookieKey();
2010                         $member->logout();
2011                         $this->action_login(_MSG_LOGINAGAIN, 0);
2012                 } else {
2013                         $this->action_overview(_MSG_SETTINGSCHANGED);
2014                 }
2015         }
2016
2017         /**
2018          * @todo document this
2019          */
2020         function action_memberadd() {
2021                 global $member, $manager;
2022
2023                 // check if allowed
2024                 $member->isAdmin() or $this->disallow();
2025
2026                 if (postVar('password') != postVar('repeatpassword'))
2027                         $this->error(_ERROR_PASSWORDMISMATCH);
2028                 if (strlen(postVar('password')) < 6)
2029                         $this->error(_ERROR_PASSWORDTOOSHORT);
2030
2031                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
2032                 if ($res != 1)
2033                         $this->error($res);
2034
2035                 // fire PostRegister event
2036                 $newmem = new MEMBER();
2037                 $newmem->readFromName(postVar('name'));
2038                 $manager->notify('PostRegister',array('member' => &$newmem));
2039
2040                 $this->action_usermanagement();
2041         }
2042
2043         /**
2044          * Account activation
2045          *
2046          * @author dekarma
2047          */
2048         function action_activate() {
2049
2050                 $key = getVar('key');
2051                 $this->_showActivationPage($key);
2052         }
2053
2054         /**
2055          * @todo document this
2056          */
2057         function _showActivationPage($key, $message = '')
2058         {
2059                 global $manager;
2060
2061                 // clean up old activation keys
2062                 MEMBER::cleanupActivationTable();
2063
2064                 // get activation info
2065                 $info = MEMBER::getActivationInfo($key);
2066
2067                 if (!$info)
2068                         $this->error(_ERROR_ACTIVATE);
2069
2070                 $mem = MEMBER::createFromId($info->vmember);
2071
2072                 if (!$mem)
2073                         $this->error(_ERROR_ACTIVATE);
2074
2075                 $text = '';
2076                 $title = '';
2077                 $bNeedsPasswordChange = true;
2078
2079                 switch ($info->vtype)
2080                 {
2081                         case 'forgot':
2082                                 $title = _ACTIVATE_FORGOT_TITLE;
2083                                 $text = _ACTIVATE_FORGOT_TEXT;
2084                                 break;
2085                         case 'register':
2086                                 $title = _ACTIVATE_REGISTER_TITLE;
2087                                 $text = _ACTIVATE_REGISTER_TEXT;
2088                                 break;
2089                         case 'addresschange':
2090                                 $title = _ACTIVATE_CHANGE_TITLE;
2091                                 $text = _ACTIVATE_CHANGE_TEXT;
2092                                 $bNeedsPasswordChange = false;
2093                                 MEMBER::activate($key);
2094                                 break;
2095                 }
2096
2097                 $aVars = array(
2098                         'memberName' => htmlspecialchars($mem->getDisplayName())
2099                 );
2100                 $title = TEMPLATE::fill($title, $aVars);
2101                 $text = TEMPLATE::fill($text, $aVars);
2102
2103                 $this->pagehead();
2104
2105                         echo '<h2>' , $title, '</h2>';
2106                         echo '<p>' , $text, '</p>';
2107
2108                         if ($message != '')
2109                         {
2110                                 echo '<p class="error">',$message,'</p>';
2111                         }
2112
2113                         if ($bNeedsPasswordChange)
2114                         {
2115                                 ?>
2116                                         <div><form action="index.php" method="post">
2117
2118                                                 <input type="hidden" name="action" value="activatesetpwd" />
2119                                                 <?php $manager->addTicketHidden() ?>
2120                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />
2121
2122                                                 <table><tr>
2123                                                         <td><?php echo _MEMBERS_PWD?></td>
2124                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>
2125                                                 </tr><tr>
2126                                                         <td><?php echo _MEMBERS_REPPWD?></td>
2127                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>
2128                                                 <?php
2129
2130                                                         global $manager;
2131                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));
2132
2133                                                 ?>
2134                                                 </tr><tr>
2135                                                         <td><?php echo _MEMBERS_SETPWD ?></td>
2136                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>
2137                                                 </tr></table>
2138
2139
2140                                         </form></div>
2141
2142                                 <?php
2143
2144                         }
2145
2146                 $this->pagefoot();
2147
2148         }
2149
2150         /**
2151          * Account activation - set password part
2152          *
2153          * @author dekarma
2154          */
2155         function action_activatesetpwd() {
2156
2157                 $key = postVar('key');
2158
2159                 // clean up old activation keys
2160                 MEMBER::cleanupActivationTable();
2161
2162                 // get activation info
2163                 $info = MEMBER::getActivationInfo($key);
2164
2165                 if (!$info || ($info->type == 'addresschange'))
2166                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2167
2168                 $mem = MEMBER::createFromId($info->vmember);
2169
2170                 if (!$mem)
2171                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2172
2173                 $password               = postVar('password');
2174                 $repeatpassword = postVar('repeatpassword');
2175
2176                 if ($password != $repeatpassword)
2177                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
2178
2179                 if ($password && (strlen($password) < 6))
2180                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
2181
2182                 $error = '';
2183                 global $manager;
2184                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
2185                 if ($error != '')
2186                         return $this->_showActivationPage($key, $error);
2187
2188
2189                 // set password
2190                 $mem->setPassword($password);
2191                 $mem->write();
2192
2193                 // do the activation
2194                 MEMBER::activate($key);
2195
2196                 $this->pagehead();
2197                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';
2198                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';
2199                 $this->pagefoot();
2200         }
2201
2202         /**
2203          * Manage team
2204          */
2205         function action_manageteam() {
2206                 global $member, $manager;
2207
2208                 $blogid = intRequestVar('blogid');
2209
2210                 // check if allowed
2211                 $member->blogAdminRights($blogid) or $this->disallow();
2212
2213                 $this->pagehead();
2214
2215                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2216
2217                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';
2218
2219                 echo '<h3>' . _TEAM_CURRENT . '</h3>';
2220
2221
2222
2223                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
2224                            . ' FROM '.sql_table('member').', '.sql_table('team')
2225                            . ' WHERE tmember=mnumber and tblog=' . $blogid;
2226
2227                 $template['content'] = 'teamlist';
2228                 $template['tabindex'] = 10;
2229
2230                 $manager->loadClass("ENCAPSULATE");
2231                 $batch =& new BATCH('team');
2232                 $batch->showlist($query, 'table', $template);
2233
2234                 ?>
2235                         <h3><?php echo _TEAM_ADDNEW?></h3>
2236
2237                         <form method='post' action='index.php'><div>
2238
2239                         <input type='hidden' name='action' value='teamaddmember' />
2240                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />
2241                         <?php $manager->addTicketHidden() ?>
2242
2243                         <table><tr>
2244                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>
2245                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed
2246                                         $query =  'SELECT mname as text, mnumber as value'
2247                                                    . ' FROM '.sql_table('member');
2248
2249                                         $template['name'] = 'memberid';
2250                                         $template['tabindex'] = 10000;
2251                                         showlist($query,'select',$template);
2252                                 ?></td>
2253                         </tr><tr>
2254                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>
2255                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>
2256                         </tr><tr>
2257                                 <td><?php echo _TEAM_ADD?></td>
2258                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>
2259                         </tr></table>
2260
2261                         </div></form>
2262                 <?php
2263                 $this->pagefoot();
2264         }
2265
2266         /**
2267          * Add member to team
2268          */
2269         function action_teamaddmember() {
2270                 global $member, $manager;
2271
2272                 $memberid = intPostVar('memberid');
2273                 $blogid = intPostVar('blogid');
2274                 $admin = intPostVar('admin');
2275
2276                 // check if allowed
2277                 $member->blogAdminRights($blogid) or $this->disallow();
2278
2279                 $blog =& $manager->getBlog($blogid);
2280                 if (!$blog->addTeamMember($memberid, $admin))
2281                         $this->error(_ERROR_ALREADYONTEAM);
2282
2283                 $this->action_manageteam();
2284
2285         }
2286
2287         /**
2288          * @todo document this
2289          */
2290         function action_teamdelete() {
2291                 global $member, $manager;
2292
2293                 $memberid = intRequestVar('memberid');
2294                 $blogid = intRequestVar('blogid');
2295
2296                 // check if allowed
2297                 $member->blogAdminRights($blogid) or $this->disallow();
2298
2299                 $teammem = MEMBER::createFromID($memberid);
2300                 $blog =& $manager->getBlog($blogid);
2301
2302                 $this->pagehead();
2303                 ?>
2304                         <h2><?php echo _DELETE_CONFIRM?></h2>
2305
2306                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>
2307                         </p>
2308
2309
2310                         <form method="post" action="index.php"><div>
2311                         <input type="hidden" name="action" value="teamdeleteconfirm" />
2312                         <?php $manager->addTicketHidden() ?>
2313                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2314                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2315                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2316                         </div></form>
2317                 <?php
2318                 $this->pagefoot();
2319         }
2320
2321         /**
2322          * @todo document this
2323          */
2324         function action_teamdeleteconfirm() {
2325                 global $member;
2326
2327                 $memberid = intRequestVar('memberid');
2328                 $blogid = intRequestVar('blogid');
2329
2330                 $error = $this->deleteOneTeamMember($blogid, $memberid);
2331                 if ($error)
2332                         $this->error($error);
2333
2334
2335                 $this->action_manageteam();
2336         }
2337
2338         /**
2339          * @todo document this
2340          */
2341         function deleteOneTeamMember($blogid, $memberid) {
2342                 global $member, $manager;
2343
2344                 $blogid = intval($blogid);
2345                 $memberid = intval($memberid);
2346
2347                 // check if allowed
2348                 if (!$member->blogAdminRights($blogid))
2349                         return _ERROR_DISALLOWED;
2350
2351                 // check if: - there remains at least one blog admin
2352                 //           - (there remains at least one team member)
2353                 $tmem = MEMBER::createFromID($memberid);
2354
2355                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2356
2357                 if ($tmem->isBlogAdmin($blogid)) {
2358                         // check if there are more blog members left and at least one admin
2359                         // (check for at least two admins before deletion)
2360                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
2361                         $r = sql_query($query);
2362                         if (mysql_num_rows($r) < 2)
2363                                 return _ERROR_ATLEASTONEBLOGADMIN;
2364                 }
2365
2366                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
2367                 sql_query($query);
2368
2369                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2370
2371                 return '';
2372         }
2373
2374         /**
2375          * @todo document this
2376          */
2377         function action_teamchangeadmin() {
2378                 global $member;
2379
2380                 $blogid = intRequestVar('blogid');
2381                 $memberid = intRequestVar('memberid');
2382
2383                 // check if allowed
2384                 $member->blogAdminRights($blogid) or $this->disallow();
2385
2386                 $mem = MEMBER::createFromID($memberid);
2387
2388                 // don't allow when there is only one admin at this moment
2389                 if ($mem->isBlogAdmin($blogid)) {
2390                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
2391                         if (mysql_num_rows($r) == 1)
2392                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
2393                 }
2394
2395                 if ($mem->isBlogAdmin($blogid))
2396                         $newval = 0;
2397                 else
2398                         $newval = 1;
2399
2400                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
2401                 sql_query($query);
2402
2403                 // only show manageteam if member did not change its own admin privileges
2404                 if ($member->isBlogAdmin($blogid))
2405                         $this->action_manageteam();
2406                 else
2407                         $this->action_overview(_MSG_ADMINCHANGED);
2408         }
2409
2410         /**
2411          * @todo document this
2412          */
2413         function action_blogsettings() {
2414                 global $member, $manager;
2415
2416                 $blogid = intRequestVar('blogid');
2417
2418                 // check if allowed
2419                 $member->blogAdminRights($blogid) or $this->disallow();
2420
2421                 $blog =& $manager->getBlog($blogid);
2422
2423                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2424                 $this->pagehead($extrahead);
2425
2426                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
2427                 ?>
2428                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>
2429
2430                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>
2431
2432                 <p>Members currently on your team:
2433                 <?php
2434                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));
2435                         $aMemberNames = array();
2436                         while ($o = mysql_fetch_object($res))
2437                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');
2438                         echo implode(',', $aMemberNames);
2439                 ?>
2440                 </p>
2441
2442
2443
2444                 <p>
2445                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>
2446                 </p>
2447
2448                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>
2449
2450                 <form method="post" action="index.php"><div>
2451
2452                 <input type="hidden" name="action" value="blogsettingsupdate" />
2453                 <?php $manager->addTicketHidden() ?>
2454                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2455                 <table><tr>
2456                         <td><?php echo _EBLOG_NAME?></td>
2457                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>
2458                 </tr><tr>
2459                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>
2460                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>
2461                         </td>
2462                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>
2463                 </tr><tr>
2464                         <td><?php echo _EBLOG_DESC?></td>
2465                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>
2466                 </tr><tr>
2467                         <td><?php echo _EBLOG_URL?></td>
2468                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>
2469                 </tr><tr>
2470                         <td><?php echo _EBLOG_DEFSKIN?>
2471                                 <?php help('blogdefaultskin'); ?>
2472                         </td>
2473                         <td>
2474                                 <?php
2475                                         $query =  'SELECT sdname as text, sdnumber as value'
2476                                                    . ' FROM '.sql_table('skin_desc');
2477                                         $template['name'] = 'defskin';
2478                                         $template['selected'] = $blog->getDefaultSkin();
2479                                         $template['tabindex'] = 50;
2480                                         showlist($query,'select',$template);
2481                                 ?>
2482
2483                         </td>
2484                 </tr><tr>
2485                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>
2486                         </td>
2487                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>
2488                 </tr><tr>
2489                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>
2490                         </td>
2491                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>
2492                 </tr><tr>
2493                         <td><?php echo _EBLOG_DISABLECOMMENTS?>
2494                         </td>
2495                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>
2496                 </tr><tr>
2497                         <td><?php echo _EBLOG_ANONYMOUS?>
2498                         </td>
2499                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>
2500                 </tr><tr>
2501         <td><?php echo _EBLOG_REQUIREDEMAIL?>
2502                  </td>
2503                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>
2504           </tr><tr>
2505                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>
2506                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
2507                 </tr><tr>
2508                         <td><?php echo _EBLOG_NOTIFY_ON?></td>
2509                         <td>
2510                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"
2511                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>
2512                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>
2513                                 <br />
2514                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"
2515                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>
2516                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>
2517                                 <br />
2518                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"
2519                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>
2520                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
2521                         </td>
2522                 </tr><tr>
2523                 <? 
2524                 if (numberOfEventSubscriber('SendPing') > 0) {
2525                 ?>
2526                         <td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td>
2527                         <td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td>
2528                 </tr><tr>
2529                 <?
2530                 }
2531                 ?>
2532                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
2533                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>
2534                 </tr><tr>
2535                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>
2536                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>
2537                 </tr><tr>
2538                         <td><?php echo _EBLOG_DEFCAT?></td>
2539                         <td>
2540                                 <?php
2541                                         $query =  'SELECT cname as text, catid as value'
2542                                                    . ' FROM '.sql_table('category')
2543                                                    . ' WHERE cblog=' . $blog->getID();
2544                                         $template['name'] = 'defcat';
2545                                         $template['selected'] = $blog->getDefaultCategory();
2546                                         $template['tabindex'] = 110;
2547                                         showlist($query,'select',$template);
2548                                 ?>
2549                         </td>
2550                 </tr><tr>
2551                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>
2552                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>
2553                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>
2554                                 </td>
2555                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>
2556                 </tr><tr>
2557                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>
2558                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>
2559                 </tr>
2560                 <?php
2561                         // plugin options
2562                         $this->_insertPluginOptions('blog',$blogid);
2563                 ?>
2564                 <tr>
2565                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>
2566                 </tr><tr>
2567                         <td><?php echo _EBLOG_CHANGE?></td>
2568                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>
2569                 </tr></table>
2570
2571                 </div></form>
2572
2573                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>
2574
2575
2576                 <?php
2577                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';
2578                 $template['content'] = 'categorylist';
2579                 $template['tabindex'] = 200;
2580
2581                 $manager->loadClass("ENCAPSULATE");
2582                 $batch =& new BATCH('category');
2583                 $batch->showlist($query,'table',$template);
2584
2585                 ?>
2586
2587
2588                 <form action="index.php" method="post"><div>
2589                 <input name="action" value="categorynew" type="hidden" />
2590                 <?php $manager->addTicketHidden() ?>
2591                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />
2592
2593                 <table><tr>
2594                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>
2595                 </tr><tr>
2596                         <td><?php echo _EBLOG_CAT_NAME?></td>
2597                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>
2598                 </tr><tr>
2599                         <td><?php echo _EBLOG_CAT_DESC?></td>
2600                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>
2601                 </tr><tr>
2602                         <td><?php echo _EBLOG_CAT_CREATE?></td>
2603                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>
2604                 </tr></table>
2605
2606                 </div></form>
2607
2608                 <?php
2609
2610                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
2611
2612                         $manager->notify(
2613                                 'BlogSettingsFormExtras',
2614                                 array(
2615                                         'blog' => &$blog
2616                                 )
2617                         );
2618
2619                 $this->pagefoot();
2620         }
2621
2622         /**
2623          * @todo document this
2624          */
2625         function action_categorynew() {
2626                 global $member, $manager;
2627
2628                 $blogid = intRequestVar('blogid');
2629
2630                 $member->blogAdminRights($blogid) or $this->disallow();
2631
2632                 $cname = postVar('cname');
2633                 $cdesc = postVar('cdesc');
2634
2635                 if (!isValidCategoryName($cname))
2636                         $this->error(_ERROR_BADCATEGORYNAME);
2637
2638                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
2639                 $res = sql_query($query);
2640                 if (mysql_num_rows($res) > 0)
2641                         $this->error(_ERROR_DUPCATEGORYNAME);
2642
2643                 $blog           =& $manager->getBlog($blogid);
2644                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);
2645
2646                 $this->action_blogsettings();
2647         }
2648
2649         /**
2650          * @todo document this
2651          */
2652         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
2653                 global $member, $manager;
2654
2655                 if ($blogid == '')
2656                         $blogid = intGetVar('blogid');
2657                 else
2658                         $blogid = intval($blogid);
2659                 if ($catid == '')
2660                         $catid = intGetVar('catid');
2661                 else
2662                         $catid = intval($catid);
2663
2664                 $member->blogAdminRights($blogid) or $this->disallow();
2665
2666                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
2667                 $obj = mysql_fetch_object($res);
2668
2669                 $cname = $obj->cname;
2670                 $cdesc = $obj->cdesc;
2671
2672                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2673                 $this->pagehead($extrahead);
2674
2675                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2676
2677                 ?>
2678                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>
2679                 <form method='post' action='index.php'><div>
2680                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />
2681                 <input name="catid" type="hidden" value="<?php echo $catid?>" />
2682                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />
2683                 <input name="action" type="hidden" value="categoryupdate" />
2684                 <?php $manager->addTicketHidden(); ?>
2685
2686                 <table><tr>
2687                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2688                 </tr><tr>
2689                         <td><?php echo _EBLOG_CAT_NAME?></td>
2690                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>
2691                 </tr><tr>
2692                         <td><?php echo _EBLOG_CAT_DESC?></td>
2693                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>
2694                 </tr>
2695                 <?php
2696                         // insert plugin options
2697                         $this->_insertPluginOptions('category',$catid);
2698                 ?>
2699                 <tr>
2700                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2701                 </tr><tr>
2702                         <td><?php echo _EBLOG_CAT_UPDATE?></td>
2703                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>
2704                 </tr></table>
2705
2706                 </div></form>
2707                 <?php
2708                 $this->pagefoot();
2709         }
2710
2711         /**
2712          * @todo document this
2713          */
2714         function action_categoryupdate() {
2715                 global $member, $manager;
2716
2717                 $blogid = intPostVar('blogid');
2718                 $catid = intPostVar('catid');
2719                 $cname = postVar('cname');
2720                 $cdesc = postVar('cdesc');
2721                 $desturl = postVar('desturl');
2722
2723                 $member->blogAdminRights($blogid) or $this->disallow();
2724
2725                 if (!isValidCategoryName($cname))
2726                         $this->error(_ERROR_BADCATEGORYNAME);
2727
2728                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
2729                 $res = sql_query($query);
2730                 if (mysql_num_rows($res) > 0)
2731                         $this->error(_ERROR_DUPCATEGORYNAME);
2732
2733                 $query =  'UPDATE '.sql_table('category').' SET'
2734                            . " cname='" . addslashes($cname) . "',"
2735                            . " cdesc='" . addslashes($cdesc) . "'"
2736                            . " WHERE catid=" . $catid;
2737
2738                 sql_query($query);
2739
2740                 // store plugin options
2741                 $aOptions = requestArray('plugoption');
2742                 NucleusPlugin::_applyPluginOptions($aOptions);
2743                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
2744
2745
2746                 if ($desturl) {
2747                         redirect($desturl);
2748                         exit;
2749                 } else {
2750                         $this->action_blogsettings();
2751                 }
2752         }
2753
2754         /**
2755          * @todo document this
2756          */
2757         function action_categorydelete() {
2758                 global $member, $manager;
2759
2760                 $blogid = intRequestVar('blogid');
2761                 $catid = intRequestVar('catid');
2762
2763                 $member->blogAdminRights($blogid) or $this->disallow();
2764
2765                 $blog =& $manager->getBlog($blogid);
2766
2767                 // check if the category is valid
2768                 if (!$blog->isValidCategory($catid))
2769                         $this->error(_ERROR_NOSUCHCATEGORY);
2770
2771                 // don't allow deletion of default category
2772                 if ($blog->getDefaultCategory() == $catid)
2773                         $this->error(_ERROR_DELETEDEFCATEGORY);
2774
2775                 // check if catid is the only category left for blogid
2776                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2777                 $res = sql_query($query);
2778                 if (mysql_num_rows($res) == 1)
2779                         $this->error(_ERROR_DELETELASTCATEGORY);
2780
2781
2782                 $this->pagehead();
2783                 ?>
2784                         <h2><?php echo _DELETE_CONFIRM?></h2>
2785
2786                         <div>
2787                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>
2788                         </div>
2789
2790                         <form method="post" action="index.php"><div>
2791                         <input type="hidden" name="action" value="categorydeleteconfirm" />
2792                         <?php $manager->addTicketHidden() ?>
2793                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />
2794                         <input type="hidden" name="catid" value="<?php echo $catid?>" />
2795                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2796                         </div></form>
2797                 <?php
2798                 $this->pagefoot();
2799         }
2800
2801         /**
2802          * @todo document this
2803          */
2804         function action_categorydeleteconfirm() {
2805                 global $member, $manager;
2806
2807                 $blogid = intRequestVar('blogid');
2808                 $catid = intRequestVar('catid');
2809
2810                 $member->blogAdminRights($blogid) or $this->disallow();
2811
2812                 $error = $this->deleteOneCategory($catid);
2813                 if ($error)
2814                         $this->error($error);
2815
2816                 $this->action_blogsettings();
2817         }
2818
2819         /**
2820          * @todo document this
2821          */
2822         function deleteOneCategory($catid) {
2823                 global $manager, $member;
2824
2825                 $catid = intval($catid);
2826
2827                 $manager->notify('PreDeleteCategory', array('catid' => $catid));
2828
2829                 $blogid = getBlogIDFromCatID($catid);
2830
2831                 if (!$member->blogAdminRights($blogid))
2832                         return ERROR_DISALLOWED;
2833
2834                 // get blog
2835                 $blog =& $manager->getBlog($blogid);
2836
2837                 // check if the category is valid
2838                 if (!$blog || !$blog->isValidCategory($catid))
2839                         return _ERROR_NOSUCHCATEGORY;
2840
2841                 $destcatid = $blog->getDefaultCategory();
2842
2843                 // don't allow deletion of default category
2844                 if ($blog->getDefaultCategory() == $catid)
2845                         return _ERROR_DELETEDEFCATEGORY;
2846
2847                 // check if catid is the only category left for blogid
2848                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2849                 $res = sql_query($query);
2850                 if (mysql_num_rows($res) == 1)
2851                         return _ERROR_DELETELASTCATEGORY;
2852
2853                 // change category for all items to the default category
2854                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
2855                 sql_query($query);
2856
2857                 // delete all associated plugin options
2858                 NucleusPlugin::_deleteOptionValues('category', $catid);
2859
2860                 // delete category
2861                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
2862                 sql_query($query);
2863
2864                 $manager->notify('PostDeleteCategory', array('catid' => $catid));
2865
2866         }
2867
2868         /**
2869          * @todo document this
2870          */
2871         function moveOneCategory($catid, $destblogid) {
2872                 global $manager, $member;
2873
2874                 $catid = intval($catid);
2875                 $destblogid = intval($destblogid);
2876
2877                 $blogid = getBlogIDFromCatID($catid);
2878
2879                 // mover should have admin rights on both blogs
2880                 if (!$member->blogAdminRights($blogid))
2881                         return _ERROR_DISALLOWED;
2882                 if (!$member->blogAdminRights($destblogid))
2883                         return _ERROR_DISALLOWED;
2884
2885                 // cannot move to self
2886                 if ($blogid == $destblogid)
2887                         return _ERROR_MOVETOSELF;
2888
2889                 // get blogs
2890                 $blog =& $manager->getBlog($blogid);
2891                 $destblog =& $manager->getBlog($destblogid);
2892
2893                 // check if the category is valid
2894                 if (!$blog || !$blog->isValidCategory($catid))
2895                         return _ERROR_NOSUCHCATEGORY;
2896
2897                 // don't allow default category to be moved
2898                 if ($blog->getDefaultCategory() == $catid)
2899                         return _ERROR_MOVEDEFCATEGORY;
2900
2901                 $manager->notify(
2902                         'PreMoveCategory',
2903                         array(
2904                                 'catid' => &$catid,
2905                                 'sourceblog' => &$blog,
2906                                 'destblog' => &$destblog
2907                         )
2908                 );
2909
2910                 // update comments table (cblog)
2911                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
2912                 $items = sql_query($query);
2913                 while ($oItem = mysql_fetch_object($items)) {
2914                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
2915                 }
2916
2917                 // update items (iblog)
2918                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;
2919                 sql_query($query);
2920
2921                 // move category
2922                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;
2923                 sql_query($query);
2924
2925                 $manager->notify(
2926                         'PostMoveCategory',
2927                         array(
2928                                 'catid' => &$catid,
2929                                 'sourceblog' => &$blog,
2930                                 'destblog' => $destblog
2931                         )
2932                 );
2933
2934         }
2935
2936         /**
2937          * @todo document this
2938          */
2939         function action_blogsettingsupdate() {
2940                 global $member, $manager;
2941
2942                 $blogid = intRequestVar('blogid');
2943
2944                 $member->blogAdminRights($blogid) or $this->disallow();
2945
2946                 $blog =& $manager->getBlog($blogid);
2947
2948                 $notify                 = trim(postVar('notify'));
2949                 $shortname              = trim(postVar('shortname'));
2950                 $updatefile             = trim(postVar('update'));
2951
2952                 $notifyComment  = intPostVar('notifyComment');
2953                 $notifyVote             = intPostVar('notifyVote');
2954                 $notifyNewItem  = intPostVar('notifyNewItem');
2955
2956                 if ($notifyComment == 0)        $notifyComment = 1;
2957                 if ($notifyVote == 0)           $notifyVote = 1;
2958                 if ($notifyNewItem == 0)        $notifyNewItem = 1;
2959
2960                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2961
2962
2963                 if ($notify) {
2964                         $not =& new NOTIFICATION($notify);
2965                         if (!$not->validAddresses())
2966                                 $this->error(_ERROR_BADNOTIFY);
2967
2968                 }
2969
2970                 if (!isValidShortName($shortname))
2971                         $this->error(_ERROR_BADSHORTBLOGNAME);
2972
2973                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))
2974                         $this->error(_ERROR_DUPSHORTBLOGNAME);
2975
2976                 // check if update file is writable
2977                 if ($updatefile && !is_writeable($updatefile))
2978                         $this->error(_ERROR_UPDATEFILE);
2979
2980                 $blog->setName(trim(postVar('name')));
2981                 $blog->setShortName($shortname);
2982                 $blog->setNotifyAddress($notify);
2983                 $blog->setNotifyType($notifyType);
2984                 $blog->setMaxComments(postVar('maxcomments'));
2985                 $blog->setCommentsEnabled(postVar('comments'));
2986                 $blog->setTimeOffset(postVar('timeoffset'));
2987                 $blog->setUpdateFile($updatefile);
2988                 $blog->setURL(trim(postVar('url')));
2989                 $blog->setDefaultSkin(intPostVar('defskin'));
2990                 $blog->setDescription(trim(postVar('desc')));
2991                 $blog->setPublic(postVar('public'));
2992                 $blog->setPingUserland(postVar('sendping'));
2993                 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2994                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
2995                 $blog->setDefaultCategory(intPostVar('defcat'));
2996                 $blog->setSearchable(intPostVar('searchable'));
2997                 $blog->setEmailRequired(intPostVar('reqemail'));
2998
2999                 $blog->writeSettings();
3000
3001                 // store plugin options
3002                 $aOptions = requestArray('plugoption');
3003                 NucleusPlugin::_applyPluginOptions($aOptions);
3004                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));
3005
3006
3007                 $this->action_overview(_MSG_SETTINGSCHANGED);
3008         }
3009
3010         /**
3011          * @todo document this
3012          */
3013         function action_deleteblog() {
3014                 global $member, $CONF, $manager;
3015
3016                 $blogid = intRequestVar('blogid');
3017
3018                 $member->blogAdminRights($blogid) or $this->disallow();
3019
3020                 // check if blog is default blog
3021                 if ($CONF['DefaultBlog'] == $blogid)
3022                         $this->error(_ERROR_DELDEFBLOG);
3023
3024                 $blog =& $manager->getBlog($blogid);
3025
3026                 $this->pagehead();
3027                 ?>
3028                         <h2><?php echo _DELETE_CONFIRM?></h2>
3029
3030                         <p><?php echo _WARNINGTXT_BLOGDEL?>
3031                         </p>
3032
3033                         <div>
3034                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>
3035                         </div>
3036
3037                         <form method="post" action="index.php"><div>
3038                         <input type="hidden" name="action" value="deleteblogconfirm" />
3039                         <?php $manager->addTicketHidden() ?>
3040                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
3041                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
3042                         </div></form>
3043                 <?php
3044                 $this->pagefoot();
3045         }
3046
3047         /**
3048          * @todo document this
3049          */
3050         function action_deleteblogconfirm() {
3051                 global $member, $CONF, $manager;
3052
3053                 $blogid = intRequestVar('blogid');
3054
3055                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));
3056
3057                 $member->blogAdminRights($blogid) or $this->disallow();
3058
3059                 // check if blog is default blog
3060                 if ($CONF['DefaultBlog'] == $blogid)
3061                         $this->error(_ERROR_DELDEFBLOG);
3062
3063                 // delete all comments
3064                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
3065                 sql_query($query);
3066
3067                 // delete all items
3068                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
3069                 sql_query($query);
3070
3071                 // delete all team members
3072                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
3073                 sql_query($query);
3074
3075                 // delete all bans
3076                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
3077                 sql_query($query);
3078
3079                 // delete all categories
3080                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
3081                 sql_query($query);
3082
3083                 // delete all associated plugin options
3084                 NucleusPlugin::_deleteOptionValues('blog', $blogid);
3085
3086                 // delete the blog itself
3087                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
3088                 sql_query($query);
3089
3090                 $manager->notify('PostDeleteBlog', array('blogid' => $blogid));
3091
3092                 $this->action_overview(_DELETED_BLOG);
3093         }
3094
3095         /**
3096          * @todo document this
3097          */
3098         function action_memberdelete() {
3099                 global $member, $manager;
3100
3101                 $memberid = intRequestVar('memberid');
3102
3103                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
3104
3105                 $mem = MEMBER::createFromID($memberid);
3106
3107                 $this->pagehead();
3108                 ?>
3109                         <h2><?php echo _DELETE_CONFIRM?></h2>
3110
3111                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b>
3112                         </p>
3113
3114                         <p>
3115                         Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)
3116                         </p>
3117
3118                         <form method="post" action="index.php"><div>
3119                         <input type="hidden" name="action" value="memberdeleteconfirm" />
3120                         <?php $manager->addTicketHidden() ?>
3121                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
3122                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
3123                         </div></form>
3124                 <?php
3125                 $this->pagefoot();
3126         }
3127
3128         /**
3129          * @todo document this
3130          */
3131         function action_memberdeleteconfirm() {
3132                 global $member;
3133
3134                 $memberid = intRequestVar('memberid');
3135
3136                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
3137
3138                 $error = $this->deleteOneMember($memberid);
3139                 if ($error)
3140                         $this->error($error);
3141
3142                 if ($member->isAdmin())
3143                         $this->action_usermanagement();
3144                 else
3145                         $this->action_overview(_DELETED_MEMBER);
3146         }
3147
3148         /**
3149          * @static
3150          * @todo document this
3151          */
3152         function deleteOneMember($memberid) {