OSDN Git Service

# FIXED: atom.phpとxml-rss2.phpで_CHARSETをチェックして文字コード変換(Nicleus3.41 へアップグレード後 xml-rss2...
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php\r
2 /*\r
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
4  * Copyright (C) 2002-2009 The Nucleus Group\r
5  *\r
6  * This program is free software; you can redistribute it and/or\r
7  * modify it under the terms of the GNU General Public License\r
8  * as published by the Free Software Foundation; either version 2\r
9  * of the License, or (at your option) any later version.\r
10  * (see nucleus/documentation/index.html#license for more info)\r
11  */\r
12 /**\r
13  * The code for the Nucleus admin area\r
14  *\r
15  * @license http://nucleuscms.org/license.txt GNU General Public License\r
16  * @copyright Copyright (C) 2002-2009 The Nucleus Group\r
17  * @version $Id$\r
18  * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $\r
19  */\r
20 \r
21 if ( !function_exists('requestVar') ) exit;\r
22 require_once dirname(__FILE__) . '/showlist.php';\r
23 \r
24 /**\r
25  * Builds the admin area and executes admin actions\r
26  */\r
27 class ADMIN {\r
28 \r
29         /**\r
30          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)\r
31          */\r
32         var $action;\r
33 \r
34         /**\r
35          * Class constructor\r
36          */\r
37         function ADMIN() {\r
38 \r
39         }\r
40 \r
41         /**\r
42          * Executes an action\r
43          *\r
44          * @param string $action action to be performed\r
45          */\r
46         function action($action) {\r
47                 global $CONF, $manager;\r
48 \r
49                 // list of action aliases\r
50                 $alias = array(\r
51                         'login' => 'overview',\r
52                         '' => 'overview'\r
53                 );\r
54 \r
55                 if (isset($alias[$action]))\r
56                         $action = $alias[$action];\r
57 \r
58                 $methodName = 'action_' . $action;\r
59 \r
60                 $this->action = strtolower($action);\r
61 \r
62                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
63                 // is an action that requires user interaction before something is actually done)\r
64                 // all safe actions are in this array:\r
65                 $aActionsNotToCheck = array(\r
66                         'showlogin',\r
67                         'login',\r
68                         'overview',\r
69                         'itemlist',\r
70                         'blogcommentlist',\r
71                         'bookmarklet',\r
72                         'blogsettings',\r
73                         'banlist',\r
74                         'deleteblog',\r
75                         'editmembersettings',\r
76                         'browseownitems',\r
77                         'browseowncomments',\r
78                         'createitem',\r
79                         'itemedit',\r
80                         'itemmove',\r
81                         'categoryedit',\r
82                         'categorydelete',\r
83                         'manage',\r
84                         'actionlog',\r
85                         'settingsedit',\r
86                         'backupoverview',\r
87                         'pluginlist',\r
88                         'createnewlog',\r
89                         'usermanagement',\r
90                         'skinoverview',\r
91                         'templateoverview',\r
92                         'skinieoverview',\r
93                         'itemcommentlist',\r
94                         'commentedit',\r
95                         'commentdelete',\r
96                         'banlistnewfromitem',\r
97                         'banlistdelete',\r
98                         'itemdelete',\r
99                         'manageteam',\r
100                         'teamdelete',\r
101                         'banlistnew',\r
102                         'memberedit',\r
103                         'memberdelete',\r
104                         'pluginhelp',\r
105                         'pluginoptions',\r
106                         'plugindelete',\r
107                         'skinedittype',\r
108                         'skinremovetype',\r
109                         'skindelete',\r
110                         'skinedit',\r
111                         'templateedit',\r
112                         'templatedelete',\r
113                         'activate',\r
114                         'systemoverview'\r
115                 );\r
116 /*\r
117                 // the rest of the actions needs to be checked\r
118                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');\r
119 */\r
120                 if (!in_array($this->action, $aActionsNotToCheck))\r
121                 {\r
122                         if (!$manager->checkTicket())\r
123                                 $this->error(_ERROR_BADTICKET);\r
124                 }\r
125 \r
126                 if (method_exists($this, $methodName))\r
127                         call_user_func(array(&$this, $methodName));\r
128                 else\r
129                         $this->error(_BADACTION . htmlspecialchars(" ($action)"));\r
130 \r
131         }\r
132 \r
133         /**\r
134          * @todo document this\r
135          */\r
136         function action_showlogin() {\r
137                 global $error;\r
138                 $this->action_login($error);\r
139         }\r
140 \r
141         /**\r
142          * @todo document this\r
143          */\r
144         function action_login($msg = '', $passvars = 1) {\r
145                 global $member;\r
146 \r
147                 // skip to overview when allowed\r
148                 if ($member->isLoggedIn() && $member->canLogin()) {\r
149                         $this->action_overview();\r
150                         exit;\r
151                 }\r
152 \r
153                 $this->pagehead();\r
154 \r
155                 echo '<h2>', _LOGIN ,'</h2>';\r
156                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
157                 ?>\r
158 \r
159                 <form action="index.php" method="post"><p>\r
160                 <?php echo _LOGIN_NAME; ?> <br /><input name="login"  tabindex="10" />\r
161                 <br />\r
162                 <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password"  tabindex="20" type="password" />\r
163                 <br />\r
164                 <input name="action" value="login" type="hidden" />\r
165                 <br />\r
166                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
167                 <br />\r
168                 <small>\r
169                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
170                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
171                 </small>\r
172                 <?php                   // pass through vars\r
173 \r
174                         $oldaction = postVar('oldaction');\r
175                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
176                                 passRequestVars();\r
177                         }\r
178 \r
179 \r
180                 ?>\r
181                 </p></form>\r
182                 <?php           $this->pagefoot();\r
183         }\r
184 \r
185 \r
186         /**\r
187          * provides a screen with the overview of the actions available\r
188          * @todo document parameter\r
189          */\r
190         function action_overview($msg = '') {\r
191                 global $member;\r
192 \r
193                 $this->pagehead();\r
194 \r
195                 if ($msg)\r
196                         echo _MESSAGE , ': ', $msg;\r
197 \r
198                 /* ---- add items ---- */\r
199                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
200 \r
201                 $showAll = requestVar('showall');\r
202 \r
203                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
204                         // Super-Admins have access to all blogs! (no add item support though)\r
205                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
206                                    . ' FROM ' . sql_table('blog')\r
207                                    . ' ORDER BY bname';\r
208                 } else {\r
209                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
210                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
211                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
212                                    . ' ORDER BY bname';\r
213                 }\r
214                 $template['content'] = 'bloglist';\r
215                 $template['superadmin'] = $member->isAdmin();\r
216                 $amount = showlist($query,'table',$template);\r
217 \r
218                 if (($showAll != 'yes') && ($member->isAdmin())) {\r
219                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
220                         if ($total > $amount)\r
221                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>';\r
222                 }\r
223 \r
224                 if ($amount == 0)\r
225                         echo _OVERVIEW_NOBLOGS;\r
226 \r
227                 if ($amount != 0) {\r
228                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
229                         $query =  'SELECT ititle, inumber, bshortname'\r
230                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
231                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
232                         $template['content'] = 'draftlist';\r
233                         $amountdrafts = showlist($query, 'table', $template);\r
234                         if ($amountdrafts == 0)\r
235                                 echo _OVERVIEW_NODRAFTS;\r
236                 }\r
237 \r
238                 /* ---- user settings ---- */\r
239                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
240                 echo '<ul>';\r
241                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
242                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
243                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
244                 echo '</ul>';\r
245 \r
246                 /* ---- general settings ---- */\r
247                 if ($member->isAdmin()) {\r
248                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
249                         echo '<ul>';\r
250                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
251                         echo '</ul>';\r
252                 }\r
253 \r
254 \r
255                 $this->pagefoot();\r
256         }\r
257 \r
258         /**\r
259          * Returns a link to a weblog\r
260          * @param object BLOG\r
261          */\r
262         function bloglink(&$blog) {\r
263                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';\r
264         }\r
265 \r
266         /**\r
267          * @todo document this\r
268          */\r
269         function action_manage($msg = '') {\r
270                 global $member;\r
271 \r
272                 $member->isAdmin() or $this->disallow();\r
273 \r
274                 $this->pagehead();\r
275 \r
276                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
277 \r
278                 if ($msg)\r
279                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
280 \r
281 \r
282                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
283 \r
284                 echo '<ul>';\r
285                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
286                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
287                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
288                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
289                 echo '</ul>';\r
290 \r
291                 echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
292                 echo '<ul>';\r
293                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
294                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
295                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
296                 echo '</ul>';\r
297 \r
298                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
299                 echo '<ul>';\r
300                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
301                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
302                 echo '</ul>';\r
303 \r
304                 $this->pagefoot();\r
305         }\r
306 \r
307         /**\r
308          * @todo document this\r
309          */\r
310         function action_itemlist($blogid = '') {\r
311                 global $member, $manager, $CONF;\r
312 \r
313                 if ($blogid == '')\r
314                         $blogid = intRequestVar('blogid');\r
315 \r
316                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
317 \r
318                 $this->pagehead();\r
319                 $blog =& $manager->getBlog($blogid);\r
320 \r
321                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
322                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
323 \r
324                 // start index\r
325                 if (postVar('start'))\r
326                         $start = intPostVar('start');\r
327                 else\r
328                         $start = 0;\r
329 \r
330                 if ($start == 0)\r
331                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
332 \r
333                 // amount of items to show\r
334                 if (postVar('amount'))\r
335                         $amount = intPostVar('amount');\r
336                 else {\r
337                         $amount = intval($CONF['DefaultListSize']);\r
338                         if ($amount < 1)\r
339                                 $amount = 10;\r
340                 }\r
341 \r
342                 $search = postVar('search');    // search through items\r
343 \r
344                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'\r
345                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
346                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
347 \r
348                 if ($search)\r
349                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
350 \r
351                 // non-blog-admins can only edit/delete their own items\r
352                 if (!$member->blogAdminRights($blogid))\r
353                         $query .= ' and iauthor=' . $member->getID();\r
354 \r
355 \r
356                 $query .= ' ORDER BY itime DESC'\r
357                                 . " LIMIT $start,$amount";\r
358 \r
359                 $template['content'] = 'itemlist';\r
360                 $template['now'] = $blog->getCorrectTime(time());\r
361 \r
362                 $manager->loadClass("ENCAPSULATE");\r
363                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
364                 $navList->showBatchList('item',$query,'table',$template);\r
365 \r
366 \r
367                 $this->pagefoot();\r
368         }\r
369 \r
370         /**\r
371          * @todo document this\r
372          */\r
373         function action_batchitem() {\r
374                 global $member, $manager;\r
375 \r
376                 // check if logged in\r
377                 $member->isLoggedIn() or $this->disallow();\r
378 \r
379                 // more precise check will be done for each performed operation\r
380 \r
381                 // get array of itemids from request\r
382                 $selected = requestIntArray('batch');\r
383                 $action = requestVar('batchaction');\r
384 \r
385                 // Show error when no items were selected\r
386                 if (!is_array($selected) || sizeof($selected) == 0)\r
387                         $this->error(_BATCH_NOSELECTION);\r
388 \r
389                 // On move: when no destination blog/category chosen, show choice now\r
390                 $destCatid = intRequestVar('destcatid');\r
391                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
392                         $this->batchMoveSelectDestination('item',$selected);\r
393 \r
394                 // On delete: check if confirmation has been given\r
395                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
396                         $this->batchAskDeleteConfirmation('item',$selected);\r
397 \r
398                 $this->pagehead();\r
399 \r
400                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
401                 echo '<h2>',_BATCH_ITEMS,'</h2>';\r
402                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
403                 echo '<ul>';\r
404 \r
405 \r
406                 // walk over all itemids and perform action\r
407                 foreach ($selected as $itemid) {\r
408                         $itemid = intval($itemid);\r
409                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
410 \r
411                         // perform action, display errors if needed\r
412                         switch($action) {\r
413                                 case 'delete':\r
414                                         $error = $this->deleteOneItem($itemid);\r
415                                         break;\r
416                                 case 'move':\r
417                                         $error = $this->moveOneItem($itemid, $destCatid);\r
418                                         break;\r
419                                 default:\r
420                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
421                         }\r
422 \r
423                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
424                         echo '</li>';\r
425                 }\r
426 \r
427                 echo '</ul>';\r
428                 echo '<b>',_BATCH_DONE,'</b>';\r
429 \r
430                 $this->pagefoot();\r
431 \r
432 \r
433         }\r
434 \r
435         /**\r
436          * @todo document this\r
437          */\r
438         function action_batchcomment() {\r
439                 global $member;\r
440 \r
441                 // check if logged in\r
442                 $member->isLoggedIn() or $this->disallow();\r
443 \r
444                 // more precise check will be done for each performed operation\r
445 \r
446                 // get array of itemids from request\r
447                 $selected = requestIntArray('batch');\r
448                 $action = requestVar('batchaction');\r
449 \r
450                 // Show error when no items were selected\r
451                 if (!is_array($selected) || sizeof($selected) == 0)\r
452                         $this->error(_BATCH_NOSELECTION);\r
453 \r
454                 // On delete: check if confirmation has been given\r
455                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
456                         $this->batchAskDeleteConfirmation('comment',$selected);\r
457 \r
458                 $this->pagehead();\r
459 \r
460                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
461                 echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
462                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
463                 echo '<ul>';\r
464 \r
465                 // walk over all itemids and perform action\r
466                 foreach ($selected as $commentid) {\r
467                         $commentid = intval($commentid);\r
468                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
469 \r
470                         // perform action, display errors if needed\r
471                         switch($action) {\r
472                                 case 'delete':\r
473                                         $error = $this->deleteOneComment($commentid);\r
474                                         break;\r
475                                 default:\r
476                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
477                         }\r
478 \r
479                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
480                         echo '</li>';\r
481                 }\r
482 \r
483                 echo '</ul>';\r
484                 echo '<b>',_BATCH_DONE,'</b>';\r
485 \r
486                 $this->pagefoot();\r
487 \r
488 \r
489         }\r
490 \r
491         /**\r
492          * @todo document this\r
493          */\r
494         function action_batchmember() {\r
495                 global $member;\r
496 \r
497                 // check if logged in and admin\r
498                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
499 \r
500                 // get array of itemids from request\r
501                 $selected = requestIntArray('batch');\r
502                 $action = requestVar('batchaction');\r
503 \r
504                 // Show error when no members selected\r
505                 if (!is_array($selected) || sizeof($selected) == 0)\r
506                         $this->error(_BATCH_NOSELECTION);\r
507 \r
508                 // On delete: check if confirmation has been given\r
509                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
510                         $this->batchAskDeleteConfirmation('member',$selected);\r
511 \r
512                 $this->pagehead();\r
513 \r
514                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
515                 echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
516                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
517                 echo '<ul>';\r
518 \r
519                 // walk over all itemids and perform action\r
520                 foreach ($selected as $memberid) {\r
521                         $memberid = intval($memberid);\r
522                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
523 \r
524                         // perform action, display errors if needed\r
525                         switch($action) {\r
526                                 case 'delete':\r
527                                         $error = $this->deleteOneMember($memberid);\r
528                                         break;\r
529                                 case 'setadmin':\r
530                                         // always succeeds\r
531                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
532                                         $error = '';\r
533                                         break;\r
534                                 case 'unsetadmin':\r
535                                         // there should always remain at least one super-admin\r
536                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
537                                         if (mysql_num_rows($r) < 2)\r
538                                                 $error = _ERROR_ATLEASTONEADMIN;\r
539                                         else\r
540                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
541                                         break;\r
542                                 default:\r
543                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
544                         }\r
545 \r
546                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
547                         echo '</li>';\r
548                 }\r
549 \r
550                 echo '</ul>';\r
551                 echo '<b>',_BATCH_DONE,'</b>';\r
552 \r
553                 $this->pagefoot();\r
554 \r
555 \r
556         }\r
557 \r
558         /**\r
559          * @todo document this\r
560          */\r
561         function action_batchteam() {\r
562                 global $member;\r
563 \r
564                 $blogid = intRequestVar('blogid');\r
565 \r
566                 // check if logged in and admin\r
567                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
568 \r
569                 // get array of itemids from request\r
570                 $selected = requestIntArray('batch');\r
571                 $action = requestVar('batchaction');\r
572 \r
573                 // Show error when no members selected\r
574                 if (!is_array($selected) || sizeof($selected) == 0)\r
575                         $this->error(_BATCH_NOSELECTION);\r
576 \r
577                 // On delete: check if confirmation has been given\r
578                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
579                         $this->batchAskDeleteConfirmation('team',$selected);\r
580 \r
581                 $this->pagehead();\r
582 \r
583                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
584 \r
585                 echo '<h2>',_BATCH_TEAM,'</h2>';\r
586                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
587                 echo '<ul>';\r
588 \r
589                 // walk over all itemids and perform action\r
590                 foreach ($selected as $memberid) {\r
591                         $memberid = intval($memberid);\r
592                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
593 \r
594                         // perform action, display errors if needed\r
595                         switch($action) {\r
596                                 case 'delete':\r
597                                         $error = $this->deleteOneTeamMember($blogid, $memberid);\r
598                                         break;\r
599                                 case 'setadmin':\r
600                                         // always succeeds\r
601                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
602                                         $error = '';\r
603                                         break;\r
604                                 case 'unsetadmin':\r
605                                         // there should always remain at least one admin\r
606                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
607                                         if (mysql_num_rows($r) < 2)\r
608                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;\r
609                                         else\r
610                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
611                                         break;\r
612                                 default:\r
613                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
614                         }\r
615 \r
616                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
617                         echo '</li>';\r
618                 }\r
619 \r
620                 echo '</ul>';\r
621                 echo '<b>',_BATCH_DONE,'</b>';\r
622 \r
623                 $this->pagefoot();\r
624 \r
625 \r
626         }\r
627 \r
628         /**\r
629          * @todo document this\r
630          */\r
631         function action_batchcategory() {\r
632                 global $member, $manager;\r
633 \r
634                 // check if logged in\r
635                 $member->isLoggedIn() or $this->disallow();\r
636 \r
637                 // more precise check will be done for each performed operation\r
638 \r
639                 // get array of itemids from request\r
640                 $selected = requestIntArray('batch');\r
641                 $action = requestVar('batchaction');\r
642 \r
643                 // Show error when no items were selected\r
644                 if (!is_array($selected) || sizeof($selected) == 0)\r
645                         $this->error(_BATCH_NOSELECTION);\r
646 \r
647                 // On move: when no destination blog chosen, show choice now\r
648                 $destBlogId = intRequestVar('destblogid');\r
649                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
650                         $this->batchMoveCategorySelectDestination('category',$selected);\r
651 \r
652                 // On delete: check if confirmation has been given\r
653                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
654                         $this->batchAskDeleteConfirmation('category',$selected);\r
655 \r
656                 $this->pagehead();\r
657 \r
658                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
659                 echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
660                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
661                 echo '<ul>';\r
662 \r
663                 // walk over all itemids and perform action\r
664                 foreach ($selected as $catid) {\r
665                         $catid = intval($catid);\r
666                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
667 \r
668                         // perform action, display errors if needed\r
669                         switch($action) {\r
670                                 case 'delete':\r
671                                         $error = $this->deleteOneCategory($catid);\r
672                                         break;\r
673                                 case 'move':\r
674                                         $error = $this->moveOneCategory($catid, $destBlogId);\r
675                                         break;\r
676                                 default:\r
677                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
678                         }\r
679 \r
680                         echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>';\r
681                         echo '</li>';\r
682                 }\r
683 \r
684                 echo '</ul>';\r
685                 echo '<b>',_BATCH_DONE,'</b>';\r
686 \r
687                 $this->pagefoot();\r
688 \r
689         }\r
690 \r
691         /**\r
692          * @todo document this\r
693          */\r
694         function batchMoveSelectDestination($type, $ids) {\r
695                 global $manager;\r
696                 $this->pagehead();\r
697                 ?>\r
698                 <h2><?php echo _MOVE_TITLE?></h2>\r
699                 <form method="post" action="index.php"><div>\r
700 \r
701                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
702                         <input type="hidden" name="batchaction" value="move" />\r
703                         <?php\r
704                                 $manager->addTicketHidden();\r
705 \r
706                                 // insert selected item numbers\r
707                                 $idx = 0;\r
708                                 foreach ($ids as $id)\r
709                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
710 \r
711                                 // show blog/category selection list\r
712                                 $this->selectBlogCategory('destcatid');\r
713 \r
714                         ?>\r
715 \r
716 \r
717                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
718 \r
719                 </div></form>\r
720                 <?php           $this->pagefoot();\r
721                 exit;\r
722         }\r
723 \r
724         /**\r
725          * @todo document this\r
726          */\r
727         function batchMoveCategorySelectDestination($type, $ids) {\r
728                 global $manager;\r
729                 $this->pagehead();\r
730                 ?>\r
731                 <h2><?php echo _MOVECAT_TITLE?></h2>\r
732                 <form method="post" action="index.php"><div>\r
733 \r
734                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
735                         <input type="hidden" name="batchaction" value="move" />\r
736                         <?php\r
737                                 $manager->addTicketHidden();\r
738 \r
739                                 // insert selected item numbers\r
740                                 $idx = 0;\r
741                                 foreach ($ids as $id)\r
742                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
743 \r
744                                 // show blog/category selection list\r
745                                 $this->selectBlog('destblogid');\r
746 \r
747                         ?>\r
748 \r
749 \r
750                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
751 \r
752                 </div></form>\r
753                 <?php           $this->pagefoot();\r
754                 exit;\r
755         }\r
756 \r
757         /**\r
758          * @todo document this\r
759          */\r
760         function batchAskDeleteConfirmation($type, $ids) {\r
761                 global $manager;\r
762 \r
763                 $this->pagehead();\r
764                 ?>\r
765                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
766                 <form method="post" action="index.php"><div>\r
767 \r
768                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
769                         <?php $manager->addTicketHidden() ?>\r
770                         <input type="hidden" name="batchaction" value="delete" />\r
771                         <input type="hidden" name="confirmation" value="yes" />\r
772                         <?php                           // insert selected item numbers\r
773                                 $idx = 0;\r
774                                 foreach ($ids as $id)\r
775                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
776 \r
777                                 // add hidden vars for team & comment\r
778                                 if ($type == 'team')\r
779                                 {\r
780                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
781                                 }\r
782                                 if ($type == 'comment')\r
783                                 {\r
784                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
785                                 }\r
786 \r
787                         ?>\r
788 \r
789                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
790 \r
791                 </div></form>\r
792                 <?php           $this->pagefoot();\r
793                 exit;\r
794         }\r
795 \r
796 \r
797         /**\r
798          * Inserts a HTML select element with choices for all categories to which the current\r
799          * member has access\r
800          * @see function selectBlog\r
801          */\r
802         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
803                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
804         }\r
805 \r
806         /**\r
807          * Inserts a HTML select element with choices for all blogs to which the user has access\r
808          *              mode = 'blog' => shows blognames and values are blogids\r
809          *              mode = 'category' => show category names and values are catids\r
810          *\r
811          * @param $iForcedBlogInclude\r
812          *              ID of a blog that always needs to be included, without checking if the\r
813          *              member is on the blog team (-1 = none)\r
814          * @todo document parameters\r
815          */\r
816         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
817                 global $member, $CONF;\r
818 \r
819                 // 0. get IDs of blogs to which member can post items (+ forced blog)\r
820                 $aBlogIds = array();\r
821                 if ($iForcedBlogInclude != -1)\r
822                         $aBlogIds[] = intval($iForcedBlogInclude);\r
823 \r
824                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
825                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
826                 else\r
827                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
828                 $rblogids = sql_query($queryBlogs);\r
829                 while ($o = mysql_fetch_object($rblogids))\r
830                         if ($o->bnumber != $iForcedBlogInclude)\r
831                                 $aBlogIds[] = intval($o->bnumber);\r
832 \r
833                 if (count($aBlogIds) == 0)\r
834                         return;\r
835 \r
836                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
837 \r
838                 // 1. select blogs (we'll create optiongroups)\r
839                 // (only select those blogs that have the user on the team)\r
840                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
841                 $blogs = sql_query($queryBlogs);\r
842                 if ($mode == 'category') {\r
843                         if (mysql_num_rows($blogs) > 1)\r
844                                 $multipleBlogs = 1;\r
845 \r
846                         while ($oBlog = mysql_fetch_object($blogs)) {\r
847                                 if ($multipleBlogs)\r
848                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
849 \r
850                                 // show selection to create new category when allowed/wanted\r
851                                 if ($showNewCat) {\r
852                                         // check if allowed to do so\r
853                                         if ($member->blogAdminRights($oBlog->bnumber))\r
854                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
855                                 }\r
856 \r
857                                 // 2. for each category in that blog\r
858                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
859                                 while ($oCat = mysql_fetch_object($categories)) {\r
860                                         if ($oCat->catid == $selected)\r
861                                                 $selectText = ' selected="selected" ';\r
862                                         else\r
863                                                 $selectText = '';\r
864                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
865                                 }\r
866 \r
867                                 if ($multipleBlogs)\r
868                                         echo '</optgroup>';\r
869                         }\r
870                 } else {\r
871                         // blog mode\r
872                         while ($oBlog = mysql_fetch_object($blogs)) {\r
873                                 echo '<option value="',$oBlog->bnumber,'"';\r
874                                 if ($oBlog->bnumber == $selected)\r
875                                         echo ' selected="selected"';\r
876                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
877                         }\r
878                 }\r
879                 echo '</select>';\r
880 \r
881         }\r
882 \r
883         /**\r
884          * @todo document this\r
885          */\r
886         function action_browseownitems() {\r
887                 global $member, $manager, $CONF;\r
888 \r
889                 $this->pagehead();\r
890 \r
891                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
892                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
893 \r
894                 // start index\r
895                 if (postVar('start'))\r
896                         $start = intPostVar('start');\r
897                 else\r
898                         $start = 0;\r
899 \r
900                 // amount of items to show\r
901                 if (postVar('amount'))\r
902                         $amount = intPostVar('amount');\r
903                 else {\r
904                         $amount = intval($CONF['DefaultListSize']);\r
905                         if ($amount < 1)\r
906                                 $amount = 10;\r
907                 }\r
908 \r
909                 $search = postVar('search');    // search through items\r
910 \r
911                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
912                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
913                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
914 \r
915                 if ($search)\r
916                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
917 \r
918                 $query .= ' ORDER BY itime DESC'\r
919                                 . " LIMIT $start,$amount";\r
920 \r
921                 $template['content'] = 'itemlist';\r
922                 $template['now'] = time();\r
923 \r
924                 $manager->loadClass("ENCAPSULATE");\r
925                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);\r
926                 $navList->showBatchList('item',$query,'table',$template);\r
927 \r
928                 $this->pagefoot();\r
929 \r
930         }\r
931 \r
932         /**\r
933          * Show all the comments for a given item\r
934          * @param int $itemid\r
935          */\r
936         function action_itemcommentlist($itemid = '') {\r
937                 global $member, $manager, $CONF;\r
938 \r
939                 if ($itemid == '')\r
940                         $itemid = intRequestVar('itemid');\r
941 \r
942                 // only allow if user is allowed to alter item\r
943                 $member->canAlterItem($itemid) or $this->disallow();\r
944 \r
945                 $blogid = getBlogIdFromItemId($itemid);\r
946 \r
947                 $this->pagehead();\r
948 \r
949                 // start index\r
950                 if (postVar('start'))\r
951                         $start = intPostVar('start');\r
952                 else\r
953                         $start = 0;\r
954 \r
955                 // amount of items to show\r
956                 if (postVar('amount'))\r
957                         $amount = intPostVar('amount');\r
958                 else {\r
959                         $amount = intval($CONF['DefaultListSize']);\r
960                         if ($amount < 1)\r
961                                 $amount = 10;\r
962                 }\r
963 \r
964                 $search = postVar('search');\r
965 \r
966                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
967                 echo '<h2>',_COMMENTS,'</h2>';\r
968 \r
969                 $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;\r
970 \r
971                 if ($search)\r
972                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
973 \r
974                 $query .= ' ORDER BY ctime ASC'\r
975                                 . " LIMIT $start,$amount";\r
976 \r
977                 $template['content'] = 'commentlist';\r
978                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
979 \r
980                 $manager->loadClass("ENCAPSULATE");\r
981                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
982                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
983 \r
984                 $this->pagefoot();\r
985         }\r
986 \r
987         /**\r
988          * Browse own comments\r
989          */\r
990         function action_browseowncomments() {\r
991                 global $member, $manager, $CONF;\r
992 \r
993                 // start index\r
994                 if (postVar('start'))\r
995                         $start = intPostVar('start');\r
996                 else\r
997                         $start = 0;\r
998 \r
999                 // amount of items to show\r
1000                 if (postVar('amount'))\r
1001                         $amount = intPostVar('amount');\r
1002                 else {\r
1003                         $amount = intval($CONF['DefaultListSize']);\r
1004                         if ($amount < 1)\r
1005                                 $amount = 10;\r
1006                 }\r
1007 \r
1008                 $search = postVar('search');\r
1009 \r
1010 \r
1011                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
1012 \r
1013                 if ($search)\r
1014                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
1015 \r
1016                 $query .= ' ORDER BY ctime DESC'\r
1017                                 . " LIMIT $start,$amount";\r
1018 \r
1019                 $this->pagehead();\r
1020 \r
1021                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
1022                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
1023 \r
1024                 $template['content'] = 'commentlist';\r
1025                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself\r
1026 \r
1027                 $manager->loadClass("ENCAPSULATE");\r
1028                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
1029                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
1030 \r
1031                 $this->pagefoot();\r
1032         }\r
1033 \r
1034         /**\r
1035          * Browse all comments for a weblog\r
1036          * @param int $blogid\r
1037          */\r
1038         function action_blogcommentlist($blogid = '')\r
1039         {\r
1040                 global $member, $manager, $CONF;\r
1041 \r
1042                 if ($blogid == '')\r
1043                         $blogid = intRequestVar('blogid');\r
1044                 else\r
1045                         $blogid = intval($blogid);\r
1046 \r
1047                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
1048 \r
1049                 // start index\r
1050                 if (postVar('start'))\r
1051                         $start = intPostVar('start');\r
1052                 else\r
1053                         $start = 0;\r
1054 \r
1055                 // amount of items to show\r
1056                 if (postVar('amount'))\r
1057                         $amount = intPostVar('amount');\r
1058                 else {\r
1059                         $amount = intval($CONF['DefaultListSize']);\r
1060                         if ($amount < 1)\r
1061                                 $amount = 10;\r
1062                 }\r
1063 \r
1064                 $search = postVar('search');            // search through comments\r
1065 \r
1066 \r
1067                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
1068 \r
1069                 if ($search != '')\r
1070                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
1071 \r
1072 \r
1073                 $query .= ' ORDER BY ctime DESC'\r
1074                                 . " LIMIT $start,$amount";\r
1075 \r
1076 \r
1077                 $blog =& $manager->getBlog($blogid);\r
1078 \r
1079                 $this->pagehead();\r
1080 \r
1081                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
1082                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
1083 \r
1084                 $template['content'] = 'commentlist';\r
1085                 $template['canAddBan'] = $member->blogAdminRights($blogid);\r
1086 \r
1087                 $manager->loadClass("ENCAPSULATE");\r
1088                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
1089                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
1090 \r
1091                 $this->pagefoot();\r
1092         }\r
1093 \r
1094         /**\r
1095          * Provide a page to item a new item to the given blog\r
1096          */\r
1097         function action_createitem() {\r
1098                 global $member, $manager;\r
1099 \r
1100                 $blogid = intRequestVar('blogid');\r
1101 \r
1102                 // check if allowed\r
1103                 $member->teamRights($blogid) or $this->disallow();\r
1104 \r
1105                 $memberid = $member->getID();\r
1106 \r
1107                 $blog =& $manager->getBlog($blogid);\r
1108 \r
1109                 $this->pagehead();\r
1110 \r
1111                 // generate the add-item form\r
1112                 $formfactory =& new PAGEFACTORY($blogid);\r
1113                 $formfactory->createAddForm('admin');\r
1114 \r
1115                 $this->pagefoot();\r
1116         }\r
1117 \r
1118         /**\r
1119          * @todo document this\r
1120          */\r
1121         function action_itemedit() {\r
1122                 global $member, $manager;\r
1123 \r
1124                 $itemid = intRequestVar('itemid');\r
1125 \r
1126                 // only allow if user is allowed to alter item\r
1127                 $member->canAlterItem($itemid) or $this->disallow();\r
1128 \r
1129                 $item =& $manager->getItem($itemid,1,1);\r
1130                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
1131 \r
1132                 $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
1133 \r
1134                 if ($blog->convertBreaks()) {\r
1135                         $item['body'] = removeBreaks($item['body']);\r
1136                         $item['more'] = removeBreaks($item['more']);\r
1137                 }\r
1138 \r
1139                 // form to edit blog items\r
1140                 $this->pagehead();\r
1141                 $formfactory =& new PAGEFACTORY($blog->getID());\r
1142                 $formfactory->createEditForm('admin',$item);\r
1143                 $this->pagefoot();\r
1144         }\r
1145 \r
1146         /**\r
1147          * @todo document this\r
1148          */\r
1149         function action_itemupdate() {\r
1150                 global $member, $manager, $CONF;\r
1151 \r
1152                 $itemid = intRequestVar('itemid');\r
1153                 $catid = postVar('catid');\r
1154 \r
1155                 // only allow if user is allowed to alter item\r
1156                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1157 \r
1158                 $actiontype = postVar('actiontype');\r
1159 \r
1160                 // delete actions are handled by itemdelete (which has confirmation)\r
1161                 if ($actiontype == 'delete') {\r
1162                         $this->action_itemdelete();\r
1163                         return;\r
1164                 }\r
1165 \r
1166                 $body   = postVar('body');\r
1167                 $title  = postVar('title');\r
1168                 $more   = postVar('more');\r
1169                 $closed = intPostVar('closed');\r
1170                 $draftid = intPostVar('draftid');\r
1171 \r
1172                 // default action = add now\r
1173                 if (!$actiontype)\r
1174                         $actiontype='addnow';\r
1175 \r
1176                 // create new category if needed\r
1177                 if (strstr($catid,'newcat')) {\r
1178                         // get blogid\r
1179                         list($blogid) = sscanf($catid,"newcat-%d");\r
1180 \r
1181                         // create\r
1182                         $blog =& $manager->getBlog($blogid);\r
1183                         $catid = $blog->createNewCategory();\r
1184 \r
1185                         // show error when sth goes wrong\r
1186                         if (!$catid)\r
1187                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1188                 }\r
1189 \r
1190                 /*\r
1191                         set some variables based on actiontype\r
1192 \r
1193                         actiontypes:\r
1194                                 draft items -> addnow, addfuture, adddraft, delete\r
1195                                 non-draft items -> edit, changedate, delete\r
1196 \r
1197                         variables set:\r
1198                                 $timestamp: set to a nonzero value for future dates or date changes\r
1199                                 $wasdraft: set to 1 when the item used to be a draft item\r
1200                                 $publish: set to 1 when the edited item is not a draft\r
1201                 */\r
1202                 $blogid =  getBlogIDFromItemID($itemid);\r
1203                 $blog   =& $manager->getBlog($blogid);\r
1204 \r
1205                 $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
1206                 $wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
1207                 $publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
1208                 if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
1209                         $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
1210                 } else {\r
1211                         $timestamp =0;\r
1212                 }\r
1213                 $doping = ($publish && $timestamp < $blog->getCorrectTime() && postVar('dosendping')) ? 1 : 0;\r
1214 \r
1215                 // edit the item for real\r
1216                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
1217 \r
1218                 $this->updateFuturePosted($blogid);\r
1219 \r
1220                 if ($draftid > 0) {\r
1221                         // delete permission is checked inside ITEM::delete()\r
1222                         ITEM::delete($draftid);\r
1223                 }\r
1224 \r
1225                 if (!$closed && $doping && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0) {              //<mod by shizuki />\r
1226                         $this->action_sendping($blogid);\r
1227                         return;\r
1228                 }\r
1229 \r
1230                 // show category edit window when we created a new category\r
1231                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
1232                 if ($catid != intPostVar('catid')) {\r
1233                         $this->action_categoryedit(\r
1234                                 $catid,\r
1235                                 $blog->getID(),\r
1236                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
1237                         );\r
1238                 } else {\r
1239                         // TODO: set start item correctly for itemlist\r
1240                         $this->action_itemlist(getBlogIDFromItemID($itemid));\r
1241                 }\r
1242         }\r
1243 \r
1244         /**\r
1245          * @todo document this\r
1246          */\r
1247         function action_itemdelete() {\r
1248                 global $member, $manager;\r
1249 \r
1250                 $itemid = intRequestVar('itemid');\r
1251 \r
1252                 // only allow if user is allowed to alter item\r
1253                 $member->canAlterItem($itemid) or $this->disallow();\r
1254 \r
1255                 if (!$manager->existsItem($itemid,1,1))\r
1256                         $this->error(_ERROR_NOSUCHITEM);\r
1257 \r
1258                 $item =& $manager->getItem($itemid,1,1);\r
1259                 $title = htmlspecialchars(strip_tags($item['title']));\r
1260                 $body = strip_tags($item['body']);\r
1261                 $body = htmlspecialchars(shorten($body,300,'...'));\r
1262 \r
1263                 $this->pagehead();\r
1264                 ?>\r
1265                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1266 \r
1267                         <p><?php echo _CONFIRMTXT_ITEM?></p>\r
1268 \r
1269                         <div class="note">\r
1270                                 <b>"<?php echo  $title ?>"</b>\r
1271                                 <br />\r
1272                                 <?php echo $body?>\r
1273                         </div>\r
1274 \r
1275                         <form method="post" action="index.php"><div>\r
1276                                 <input type="hidden" name="action" value="itemdeleteconfirm" />\r
1277                                 <?php $manager->addTicketHidden() ?>\r
1278                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1279                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
1280                         </div></form>\r
1281                 <?php\r
1282                 $this->pagefoot();\r
1283         }\r
1284 \r
1285         /**\r
1286          * @todo document this\r
1287          */\r
1288         function action_itemdeleteconfirm() {\r
1289                 global $member;\r
1290 \r
1291                 $itemid = intRequestVar('itemid');\r
1292 \r
1293                 // only allow if user is allowed to alter item\r
1294                 $member->canAlterItem($itemid) or $this->disallow();\r
1295 \r
1296                 // get blogid first\r
1297                 $blogid = getBlogIdFromItemId($itemid);\r
1298 \r
1299                 // delete item (note: some checks will be performed twice)\r
1300                 $this->deleteOneItem($itemid);\r
1301 \r
1302                 $this->action_itemlist($blogid);\r
1303         }\r
1304 \r
1305         /**\r
1306          * Deletes one item and returns error if something goes wrong\r
1307          * @param int $itemid\r
1308          */\r
1309         function deleteOneItem($itemid) {\r
1310                 global $member, $manager;\r
1311 \r
1312                 // only allow if user is allowed to alter item (also checks if itemid exists)\r
1313                 if (!$member->canAlterItem($itemid))\r
1314                         return _ERROR_DISALLOWED;\r
1315 \r
1316                 // need to get blogid before the item is deleted\r
1317                 $blogid = getBlogIDFromItemId($itemid);\r
1318 \r
1319                 $manager->loadClass('ITEM');\r
1320                 ITEM::delete($itemid);\r
1321 \r
1322                 // update blog's futureposted\r
1323                 $this->updateFuturePosted($blogid);\r
1324         }\r
1325 \r
1326         /**\r
1327          * Update a blog's future posted flag\r
1328          * @param int $blogid\r
1329          */\r
1330         function updateFuturePosted($blogid) {\r
1331                 global $manager;\r
1332 \r
1333                 $blog =& $manager->getBlog($blogid);\r
1334                 $currenttime = $blog->getCorrectTime(time());\r
1335                 $result = sql_query("SELECT * FROM ".sql_table('item').\r
1336                         " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
1337                 if (mysql_num_rows($result) > 0) {\r
1338                                 $blog->setFuturePost();\r
1339                 }\r
1340                 else {\r
1341                                 $blog->clearFuturePost();\r
1342                 }\r
1343         }\r
1344 \r
1345         /**\r
1346          * @todo document this\r
1347          */\r
1348         function action_itemmove() {\r
1349                 global $member, $manager;\r
1350 \r
1351                 $itemid = intRequestVar('itemid');\r
1352 \r
1353                 // only allow if user is allowed to alter item\r
1354                 $member->canAlterItem($itemid) or $this->disallow();\r
1355 \r
1356                 $item =& $manager->getItem($itemid,1,1);\r
1357 \r
1358                 $this->pagehead();\r
1359                 ?>\r
1360                         <h2><?php echo _MOVE_TITLE?></h2>\r
1361                         <form method="post" action="index.php"><div>\r
1362                                 <input type="hidden" name="action" value="itemmoveto" />\r
1363                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1364 \r
1365                                 <?php\r
1366 \r
1367                                         $manager->addTicketHidden();\r
1368                                         $this->selectBlogCategory('catid',$item['catid'],10,1);\r
1369                                 ?>\r
1370 \r
1371                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
1372                         </div></form>\r
1373                 <?php\r
1374                 $this->pagefoot();\r
1375         }\r
1376 \r
1377         /**\r
1378          * @todo document this\r
1379          */\r
1380         function action_itemmoveto() {\r
1381                 global $member, $manager;\r
1382 \r
1383                 $itemid = intRequestVar('itemid');\r
1384                 $catid = requestVar('catid');\r
1385 \r
1386                 // create new category if needed\r
1387                 if (strstr($catid,'newcat')) {\r
1388                         // get blogid\r
1389                         list($blogid) = sscanf($catid,'newcat-%d');\r
1390 \r
1391                         // create\r
1392                         $blog =& $manager->getBlog($blogid);\r
1393                         $catid = $blog->createNewCategory();\r
1394 \r
1395                         // show error when sth goes wrong\r
1396                         if (!$catid)\r
1397                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1398                 }\r
1399 \r
1400                 // only allow if user is allowed to alter item\r
1401                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1402 \r
1403                 $old_blogid = getBlogIDFromItemId($itemid);\r
1404 \r
1405                 ITEM::move($itemid, $catid);\r
1406 \r
1407                 // set the futurePosted flag on the blog\r
1408                 $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
1409 \r
1410                 // reset the futurePosted in case the item is moved from one blog to another\r
1411                 $this->updateFuturePosted($old_blogid);\r
1412 \r
1413                 if ($catid != intRequestVar('catid'))\r
1414                         $this->action_categoryedit($catid, $blog->getID());\r
1415                 else\r
1416                         $this->action_itemlist(getBlogIDFromCatID($catid));\r
1417         }\r
1418 \r
1419         /**\r
1420          * Moves one item to a given category (category existance should be checked by caller)\r
1421          * errors are returned\r
1422          * @param int $itemid\r
1423          * @param int $destCatid category ID to which the item will be moved\r
1424          */\r
1425         function moveOneItem($itemid, $destCatid) {\r
1426                 global $member;\r
1427 \r
1428                 // only allow if user is allowed to move item\r
1429                 if (!$member->canUpdateItem($itemid, $destCatid))\r
1430                         return _ERROR_DISALLOWED;\r
1431 \r
1432                 ITEM::move($itemid, $destCatid);\r
1433         }\r
1434 \r
1435         /**\r
1436          * Adds a item to the chosen blog\r
1437          */\r
1438         function action_additem() {\r
1439                 global $member, $manager, $CONF;\r
1440 \r
1441                 $manager->loadClass('ITEM');\r
1442 \r
1443                 $result = ITEM::createFromRequest();\r
1444 \r
1445                 if ($result['status'] == 'error')\r
1446                         $this->error($result['message']);\r
1447 \r
1448                 $blogid = getBlogIDFromItemID($result['itemid']);\r
1449                 $blog =& $manager->getBlog($blogid);\r
1450                 $btimestamp = $blog->getCorrectTime();\r
1451                 $item       = $manager->getItem(intval($result['itemid']), 1, 1);\r
1452                 if (!$item['draft'] && postVar('dosendping') && $item['timestamp'] <= $btimestamp) {\r
1453                         $nextAction = 'sendping';\r
1454                 } else {\r
1455                         $nextAction = 'itemlist';\r
1456                 }\r
1457                 if ($result['status'] == 'newcategory') {\r
1458                         $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=' . $nextAction . '&blogid=' . intval($blogid));\r
1459                         $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
1460                 } else {\r
1461                         $methodName = 'action_' . $nextAction;\r
1462                         call_user_func(array(&$this, $methodName), $blogid);\r
1463                 }\r
1464         }\r
1465 \r
1466         /**\r
1467          * Shows a window that says we're about to ping.\r
1468          * immediately refresh to the real pinging page, which will\r
1469          * show an error, or redirect to the blog.\r
1470          *\r
1471          * @param int $blogid ID of blog for which ping needs to be sent out\r
1472          */\r
1473         function action_sendping($blogid = -1) {\r
1474                 global $member, $manager;\r
1475 \r
1476                 if ($blogid == -1)\r
1477                         $blogid = intRequestVar('blogid');\r
1478 \r
1479                 $member->isLoggedIn() or $this->disallow();\r
1480 \r
1481                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));\r
1482 \r
1483                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');\r
1484                 echo _UPDATEDPING_MESSAGE;\r
1485                 ?>\r
1486                 <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>"><?php echo _UPDATEDPING_GOPINGPAGE ?></a>\r
1487                 </p>\r
1488                 <?php\r
1489                 $this->pagefoot();\r
1490         }\r
1491 \r
1492         /**\r
1493          * Sends the real ping (can take up to 10 seconds!)\r
1494          */\r
1495         function action_rawping() {\r
1496                 global $manager;\r
1497                 // TODO: checks?\r
1498 \r
1499                 $blogid = intRequestVar('blogid');\r
1500                 $blog =& $manager->getBlog($blogid);\r
1501 \r
1502                 $this->pagehead();\r
1503 \r
1504                 ?>\r
1505 \r
1506                 <h2><?php echo _UPDATEDPING_PINGING ?></h2>\r
1507                 <div class='note'>\r
1508                 <?php\r
1509 \r
1510                 // send sendPing event\r
1511                 $manager->notify('SendPing', array('blogid' => $blogid));\r
1512 \r
1513                 ?>\r
1514                 </div>\r
1515 \r
1516                 <ul>\r
1517                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>"><?php echo _UPDATEDPING_VIEWITEM . htmlspecialchars($blog->getName())?></a></li>\r
1518                         <li><a href="<?php echo $blog->getURL()?>"><?php echo _UPDATEDPING_VISITOWNSITE ?></a></li>\r
1519                 </ul>\r
1520 \r
1521                 <?php           $this->pagefoot();\r
1522         }\r
1523 \r
1524         /**\r
1525          * Allows to edit previously made comments\r
1526          */\r
1527         function action_commentedit() {\r
1528                 global $member, $manager;\r
1529 \r
1530                 $commentid = intRequestVar('commentid');\r
1531 \r
1532                 $member->canAlterComment($commentid) or $this->disallow();\r
1533 \r
1534                 $comment = COMMENT::getComment($commentid);\r
1535 \r
1536                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
1537 \r
1538                 // change <br /> to \n\r
1539                 $comment['body'] = str_replace('<br />','',$comment['body']);\r
1540 \r
1541                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);\r
1542 \r
1543                 $this->pagehead();\r
1544 \r
1545                 ?>\r
1546                 <h2><?php echo _EDITC_TITLE?></h2>\r
1547 \r
1548                 <form action="index.php" method="post"><div>\r
1549 \r
1550                 <input type="hidden" name="action" value="commentupdate" />\r
1551                 <?php $manager->addTicketHidden(); ?>\r
1552                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1553                 <table><tr>\r
1554                         <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
1555                 </tr><tr>\r
1556                         <td><?php echo _EDITC_WHO?></td>\r
1557                         <td>\r
1558                         <?php                           if ($comment['member'])\r
1559                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
1560                                 else\r
1561                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
1562                         ?>\r
1563                         </td>\r
1564                 </tr><tr>\r
1565                         <td><?php echo _EDITC_WHEN?></td>\r
1566                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
1567                 </tr><tr>\r
1568                         <td><?php echo _EDITC_HOST?></td>\r
1569                         <td><?php echo  $comment['host']; ?></td>\r
1570                 </tr>\r
1571                 <tr>\r
1572                         <td><?php echo _EDITC_URL; ?></td>\r
1573                         <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td>\r
1574                 </tr>\r
1575                 <tr>\r
1576                         <td><?php echo _EDITC_EMAIL; ?></td>\r
1577                         <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td>\r
1578                 </tr>\r
1579                 <tr>\r
1580                         <td><?php echo _EDITC_TEXT?></td>\r
1581                         <td>\r
1582                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)\r
1583                                         echo $comment['body'];\r
1584                                 ?></textarea>\r
1585                         </td>\r
1586                 </tr><tr>\r
1587                         <td><?php echo _EDITC_EDIT?></td>\r
1588                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
1589                 </tr></table>\r
1590 \r
1591                 </div></form>\r
1592                 <?php\r
1593                 $this->pagefoot();\r
1594         }\r
1595 \r
1596         /**\r
1597          * @todo document this\r
1598          */\r
1599         function action_commentupdate() {\r
1600                 global $member, $manager;\r
1601 \r
1602                 $commentid = intRequestVar('commentid');\r
1603 \r
1604                 $member->canAlterComment($commentid) or $this->disallow();\r
1605 \r
1606                 $url = postVar('url');\r
1607                 $email = postVar('email');\r
1608                 $body = postVar('body');\r
1609 \r
1610                 // intercept words that are too long\r
1611                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)\r
1612                         $this->error(_ERROR_COMMENT_LONGWORD);\r
1613 \r
1614                 // check length\r
1615                 if (strlen($body)<3)\r
1616                         $this->error(_ERROR_COMMENT_NOCOMMENT);\r
1617                 if (strlen($body)>5000)\r
1618                         $this->error(_ERROR_COMMENT_TOOLONG);\r
1619 \r
1620 \r
1621                 // prepare body\r
1622                 $body = COMMENT::prepareBody($body);\r
1623 \r
1624                 // call plugins\r
1625                 $manager->notify('PreUpdateComment',array('body' => &$body));\r
1626 \r
1627                 $query =  'UPDATE '.sql_table('comment')\r
1628                            . " SET cmail = '" . addslashes($url) . "', cemail = '" . addslashes($email) . "', cbody = '" . addslashes($body) . "'"\r
1629                            . " WHERE cnumber=" . $commentid;\r
1630                 sql_query($query);\r
1631 \r
1632                 // get itemid\r
1633                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
1634                 $o = mysql_fetch_object($res);\r
1635                 $itemid = $o->citem;\r
1636 \r
1637                 if ($member->canAlterItem($itemid))\r
1638                         $this->action_itemcommentlist($itemid);\r
1639                 else\r
1640                         $this->action_browseowncomments();\r
1641 \r
1642         }\r
1643 \r
1644         /**\r
1645          * @todo document this\r
1646          */\r
1647         function action_commentdelete() {\r
1648                 global $member, $manager;\r
1649 \r
1650                 $commentid = intRequestVar('commentid');\r
1651 \r
1652                 $member->canAlterComment($commentid) or $this->disallow();\r
1653 \r
1654                 $comment = COMMENT::getComment($commentid);\r
1655 \r
1656                 $body = strip_tags($comment['body']);\r
1657                 $body = htmlspecialchars(shorten($body, 300, '...'));\r
1658 \r
1659                 if ($comment['member'])\r
1660                         $author = $comment['member'];\r
1661                 else\r
1662                         $author = $comment['user'];\r
1663 \r
1664                 $this->pagehead();\r
1665                 ?>\r
1666 \r
1667                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1668 \r
1669                         <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
1670 \r
1671                         <div class="note">\r
1672                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
1673                         <br />\r
1674                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
1675                         </div>\r
1676 \r
1677                         <form method="post" action="index.php"><div>\r
1678                                 <input type="hidden" name="action" value="commentdeleteconfirm" />\r
1679                                 <?php $manager->addTicketHidden() ?>\r
1680                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1681                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
1682                         </div></form>\r
1683                 <?php\r
1684                 $this->pagefoot();\r
1685         }\r
1686 \r
1687         /**\r
1688          * @todo document this\r
1689          */\r
1690         function action_commentdeleteconfirm() {\r
1691                 global $member;\r
1692 \r
1693                 $commentid = intRequestVar('commentid');\r
1694 \r
1695                 // get item id first\r
1696                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
1697                 $o = mysql_fetch_object($res);\r
1698                 $itemid = $o->citem;\r
1699 \r
1700                 $error = $this->deleteOneComment($commentid);\r
1701                 if ($error)\r
1702                         $this->doError($error);\r
1703 \r
1704                 if ($member->canAlterItem($itemid))\r
1705                         $this->action_itemcommentlist($itemid);\r
1706                 else\r
1707                         $this->action_browseowncomments();\r
1708         }\r
1709 \r
1710         /**\r
1711          * @todo document this\r
1712          */\r
1713         function deleteOneComment($commentid) {\r
1714                 global $member, $manager;\r
1715 \r
1716                 $commentid = intval($commentid);\r
1717 \r
1718                 if (!$member->canAlterComment($commentid))\r
1719                         return _ERROR_DISALLOWED;\r
1720 \r
1721                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
1722 \r
1723                 // delete the comments associated with the item\r
1724                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
1725                 sql_query($query);\r
1726 \r
1727                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
1728 \r
1729                 return '';\r
1730         }\r
1731 \r
1732         /**\r
1733          * Usermanagement main\r
1734          */\r
1735         function action_usermanagement() {\r
1736                 global $member, $manager;\r
1737 \r
1738                 // check if allowed\r
1739                 $member->isAdmin() or $this->disallow();\r
1740 \r
1741                 $this->pagehead();\r
1742 \r
1743                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
1744 \r
1745                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
1746 \r
1747                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
1748 \r
1749                 // show list of members with actions\r
1750                 $query =  'SELECT *'\r
1751                            . ' FROM '.sql_table('member');\r
1752                 $template['content'] = 'memberlist';\r
1753                 $template['tabindex'] = 10;\r
1754 \r
1755                 $manager->loadClass("ENCAPSULATE");\r
1756                 $batch =& new BATCH('member');\r
1757                 $batch->showlist($query,'table',$template);\r
1758 \r
1759                 echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
1760                 ?>\r
1761                         <form method="post" action="index.php" name="memberedit"><div>\r
1762 \r
1763                         <input type="hidden" name="action" value="memberadd" />\r
1764                         <?php $manager->addTicketHidden() ?>\r
1765 \r
1766                         <table>\r
1767                         <tr>\r
1768                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
1769                         </tr><tr>\r
1770                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1771                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1772                                 </td>\r
1773                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>\r
1774                         </tr><tr>\r
1775                                 <td><?php echo _MEMBERS_REALNAME?></td>\r
1776                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
1777                         </tr><tr>\r
1778                                 <td><?php echo _MEMBERS_PWD?></td>\r
1779                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
1780                         </tr><tr>\r
1781                                 <td><?php echo _MEMBERS_REPPWD?></td>\r
1782                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
1783                         </tr><tr>\r
1784                                 <td><?php echo _MEMBERS_EMAIL?></td>\r
1785                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
1786                         </tr><tr>\r
1787                                 <td><?php echo _MEMBERS_URL?></td>\r
1788                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
1789                         </tr><tr>\r
1790                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1791                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
1792                         </tr><tr>\r
1793                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1794                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
1795                         </tr><tr>\r
1796                                 <td><?php echo _MEMBERS_NOTES?></td>\r
1797                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
1798                         </tr><tr>\r
1799                                 <td><?php echo _MEMBERS_NEW?></td>\r
1800                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
1801                         </tr></table>\r
1802 \r
1803                         </div></form>\r
1804                 <?php\r
1805                 $this->pagefoot();\r
1806         }\r
1807 \r
1808         /**\r
1809          * Edit member settings\r
1810          */\r
1811         function action_memberedit() {\r
1812                 $this->action_editmembersettings(intRequestVar('memberid'));\r
1813         }\r
1814 \r
1815         /**\r
1816          * @todo document this\r
1817          */\r
1818         function action_editmembersettings($memberid = '') {\r
1819                 global $member, $manager, $CONF;\r
1820 \r
1821                 if ($memberid == '')\r
1822                         $memberid = $member->getID();\r
1823 \r
1824                 // check if allowed\r
1825                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1826 \r
1827                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
1828                 $this->pagehead($extrahead);\r
1829 \r
1830                 // show message to go back to member overview (only for admins)\r
1831                 if ($member->isAdmin())\r
1832                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
1833                 else\r
1834                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
1835 \r
1836                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
1837 \r
1838                 $mem = MEMBER::createFromID($memberid);\r
1839 \r
1840                 ?>\r
1841                 <form method="post" action="index.php" name="memberedit"><div>\r
1842 \r
1843                 <input type="hidden" name="action" value="changemembersettings" />\r
1844                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
1845                 <?php $manager->addTicketHidden() ?>\r
1846 \r
1847                 <table><tr>\r
1848                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
1849                 </tr><tr>\r
1850                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1851                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1852                         </td>\r
1853                         <td>\r
1854                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1855                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
1856                         <?php } else {\r
1857                                 echo htmlspecialchars($member->getDisplayName());\r
1858                            }\r
1859                         ?>\r
1860                         </td>\r
1861                 </tr><tr>\r
1862                         <td><?php echo _MEMBERS_REALNAME?></td>\r
1863                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
1864                 </tr><tr>\r
1865                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1866                         <td><?php echo _MEMBERS_PWD?></td>\r
1867                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
1868                 </tr><tr>\r
1869                         <td><?php echo _MEMBERS_REPPWD?></td>\r
1870                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
1871                 <?php } ?>\r
1872                 </tr><tr>\r
1873                         <td><?php echo _MEMBERS_EMAIL?>\r
1874                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
1875                         </td>\r
1876                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
1877                 </tr><tr>\r
1878                         <td><?php echo _MEMBERS_URL?></td>\r
1879                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
1880                 <?php // only allow to change this by super-admins\r
1881                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
1882                    if ($member->isAdmin()) {\r
1883                 ?>\r
1884                         </tr><tr>\r
1885                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1886                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
1887                         </tr><tr>\r
1888                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1889                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>\r
1890                 <?php } ?>\r
1891                 </tr><tr>\r
1892                         <td><?php echo _MEMBERS_NOTES?></td>\r
1893                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
1894                 </tr><tr>\r
1895                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
1896                         </td>\r
1897                         <td>\r
1898 \r
1899                                 <select name="deflang" tabindex="85">\r
1900                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
1901                                 <?php                           // show a dropdown list of all available languages\r
1902                                 global $DIR_LANG;\r
1903                                 $dirhandle = opendir($DIR_LANG);\r
1904                                 while ($filename = readdir($dirhandle)) {\r
1905                                         if (ereg("^(.*)\.php$",$filename,$matches)) {\r
1906                                                 $name = $matches[1];\r
1907                                                 echo "<option value='$name'";\r
1908                                                 if ($name == $mem->getLanguage())\r
1909                                                         echo " selected='selected'";\r
1910                                                 echo ">$name</option>";\r
1911                                         }\r
1912                                 }\r
1913                                 closedir($dirhandle);\r
1914 \r
1915                                 ?>\r
1916                                 </select>\r
1917 \r
1918                         </td>\r
1919                 </tr>\r
1920                 <tr>\r
1921                         <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td>\r
1922                         <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td>\r
1923                 </tr>\r
1924                 <?php\r
1925                         // plugin options\r
1926                         $this->_insertPluginOptions('member',$memberid);\r
1927                 ?>\r
1928                 <tr>\r
1929                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
1930                 </tr><tr>\r
1931                         <td><?php echo _MEMBERS_EDIT?></td>\r
1932                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
1933                 </tr></table>\r
1934 \r
1935                 </div></form>\r
1936 \r
1937                 <?php\r
1938                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
1939 \r
1940                         $manager->notify(\r
1941                                 'MemberSettingsFormExtras',\r
1942                                 array(\r
1943                                         'member' => &$mem\r
1944                                 )\r
1945                         );\r
1946 \r
1947                 $this->pagefoot();\r
1948         }\r
1949 \r
1950         /**\r
1951          * @todo document this\r
1952          */\r
1953         function action_changemembersettings() {\r
1954                 global $member, $CONF, $manager;\r
1955 \r
1956                 $memberid = intRequestVar('memberid');\r
1957 \r
1958                 // check if allowed\r
1959                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1960 \r
1961                 $name                   = trim(strip_tags(postVar('name')));\r
1962                 $realname               = trim(strip_tags(postVar('realname')));\r
1963                 $password               = postVar('password');\r
1964                 $repeatpassword = postVar('repeatpassword');\r
1965                 $email                  = strip_tags(postVar('email'));\r
1966                 $url                    = strip_tags(postVar('url'));\r
1967 \r
1968                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.\r
1969                 if (!eregi("^https?://", $url))\r
1970                         $url = "http://".$url;\r
1971 \r
1972                 $admin                  = postVar('admin');\r
1973                 $canlogin               = postVar('canlogin');\r
1974                 $notes                  = strip_tags(postVar('notes'));\r
1975                 $deflang                = postVar('deflang');\r
1976 \r
1977                 $mem = MEMBER::createFromID($memberid);\r
1978 \r
1979                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1980 \r
1981                         if (!isValidDisplayName($name))\r
1982                                 $this->error(_ERROR_BADNAME);\r
1983 \r
1984                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
1985                                 $this->error(_ERROR_NICKNAMEINUSE);\r
1986 \r
1987                         if ($password != $repeatpassword)\r
1988                                 $this->error(_ERROR_PASSWORDMISMATCH);\r
1989 \r
1990                         if ($password && (strlen($password) < 6))\r
1991                                 $this->error(_ERROR_PASSWORDTOOSHORT);\r
1992 \r
1993                         $pwdvalid = true;\r
1994                         $pwderror = '';\r
1995                         $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
1996                         if (!pwdvalid) {\r
1997                                 $this->error($pwderror);\r
1998                         }\r
1999                 }\r
2000 \r
2001                 if (!isValidMailAddress($email))\r
2002                         $this->error(_ERROR_BADMAILADDRESS);\r
2003 \r
2004 \r
2005                 if (!$realname)\r
2006                         $this->error(_ERROR_REALNAMEMISSING);\r
2007 \r
2008                 if (($deflang != '') && (!checkLanguage($deflang)))\r
2009                         $this->error(_ERROR_NOSUCHLANGUAGE);\r
2010 \r
2011                 // check if there will remain at least one site member with both the logon and admin rights\r
2012                 // (check occurs when taking away one of these rights from such a member)\r
2013                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
2014                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
2015                    )\r
2016                 {\r
2017                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
2018                         if (mysql_num_rows($r) < 2)\r
2019                                 $this->error(_ERROR_ATLEASTONEADMIN);\r
2020                 }\r
2021 \r
2022                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
2023                         $mem->setDisplayName($name);\r
2024                         if ($password)\r
2025                                 $mem->setPassword($password);\r
2026                 }\r
2027 \r
2028                 $oldEmail = $mem->getEmail();\r
2029 \r
2030                 $mem->setRealName($realname);\r
2031                 $mem->setEmail($email);\r
2032                 $mem->setURL($url);\r
2033                 $mem->setNotes($notes);\r
2034                 $mem->setLanguage($deflang);\r
2035 \r
2036 \r
2037                 // only allow super-admins to make changes to the admin status\r
2038                 if ($member->isAdmin()) {\r
2039                         $mem->setAdmin($admin);\r
2040                         $mem->setCanLogin($canlogin);\r
2041                 }\r
2042 \r
2043                 $autosave = postVar ('autosave');\r
2044                 $mem->setAutosave($autosave);\r
2045 \r
2046                 $mem->write();\r
2047 \r
2048                 // store plugin options\r
2049                 $aOptions = requestArray('plugoption');\r
2050                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2051                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
2052 \r
2053                 // if email changed, generate new password\r
2054                 if ($oldEmail != $mem->getEmail())\r
2055                 {\r
2056                         $mem->sendActivationLink('addresschange', $oldEmail);\r
2057                         // logout member\r
2058                         $mem->newCookieKey();\r
2059 \r
2060                         // only log out if the member being edited is the current member.\r
2061                         if ($member->getID() == $memberid)\r
2062                                 $member->logout();\r
2063                         $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
2064                         return;\r
2065                 }\r
2066 \r
2067 \r
2068                 if (  ( $mem->getID() == $member->getID() )\r
2069                    && ( $mem->getDisplayName() != $member->getDisplayName() )\r
2070                    ) {\r
2071                         $mem->newCookieKey();\r
2072                         $member->logout();\r
2073                         $this->action_login(_MSG_LOGINAGAIN, 0);\r
2074                 } else {\r
2075                         $this->action_overview(_MSG_SETTINGSCHANGED);\r
2076                 }\r
2077         }\r
2078 \r
2079         /**\r
2080          * @todo document this\r
2081          */\r
2082         function action_memberadd() {\r
2083                 global $member, $manager;\r
2084 \r
2085                 // check if allowed\r
2086                 $member->isAdmin() or $this->disallow();\r
2087 \r
2088                 if (postVar('password') != postVar('repeatpassword'))\r
2089                         $this->error(_ERROR_PASSWORDMISMATCH);\r
2090                 if (strlen(postVar('password')) < 6)\r
2091                         $this->error(_ERROR_PASSWORDTOOSHORT);\r
2092 \r
2093                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
2094                 if ($res != 1)\r
2095                         $this->error($res);\r
2096 \r
2097                 // fire PostRegister event\r
2098                 $newmem = new MEMBER();\r
2099                 $newmem->readFromName(postVar('name'));\r
2100                 $manager->notify('PostRegister',array('member' => &$newmem));\r
2101 \r
2102                 $this->action_usermanagement();\r
2103         }\r
2104 \r
2105         /**\r
2106          * Account activation\r
2107          *\r
2108          * @author dekarma\r
2109          */\r
2110         function action_activate() {\r
2111 \r
2112                 $key = getVar('key');\r
2113                 $this->_showActivationPage($key);\r
2114         }\r
2115 \r
2116         /**\r
2117          * @todo document this\r
2118          */\r
2119         function _showActivationPage($key, $message = '')\r
2120         {\r
2121                 global $manager;\r
2122 \r
2123                 // clean up old activation keys\r
2124                 MEMBER::cleanupActivationTable();\r
2125 \r
2126                 // get activation info\r
2127                 $info = MEMBER::getActivationInfo($key);\r
2128 \r
2129                 if (!$info)\r
2130                         $this->error(_ERROR_ACTIVATE);\r
2131 \r
2132                 $mem = MEMBER::createFromId($info->vmember);\r
2133 \r
2134                 if (!$mem)\r
2135                         $this->error(_ERROR_ACTIVATE);\r
2136 \r
2137                 $text = '';\r
2138                 $title = '';\r
2139                 $bNeedsPasswordChange = true;\r
2140 \r
2141                 switch ($info->vtype)\r
2142                 {\r
2143                         case 'forgot':\r
2144                                 $title = _ACTIVATE_FORGOT_TITLE;\r
2145                                 $text = _ACTIVATE_FORGOT_TEXT;\r
2146                                 break;\r
2147                         case 'register':\r
2148                                 $title = _ACTIVATE_REGISTER_TITLE;\r
2149                                 $text = _ACTIVATE_REGISTER_TEXT;\r
2150                                 break;\r
2151                         case 'addresschange':\r
2152                                 $title = _ACTIVATE_CHANGE_TITLE;\r
2153                                 $text = _ACTIVATE_CHANGE_TEXT;\r
2154                                 $bNeedsPasswordChange = false;\r
2155                                 MEMBER::activate($key);\r
2156                                 break;\r
2157                 }\r
2158 \r
2159                 $aVars = array(\r
2160                         'memberName' => htmlspecialchars($mem->getDisplayName())\r
2161                 );\r
2162                 $title = TEMPLATE::fill($title, $aVars);\r
2163                 $text = TEMPLATE::fill($text, $aVars);\r
2164 \r
2165                 $this->pagehead();\r
2166 \r
2167                         echo '<h2>' , $title, '</h2>';\r
2168                         echo '<p>' , $text, '</p>';\r
2169 \r
2170                         if ($message != '')\r
2171                         {\r
2172                                 echo '<p class="error">',$message,'</p>';\r
2173                         }\r
2174 \r
2175                         if ($bNeedsPasswordChange)\r
2176                         {\r
2177                                 ?>\r
2178                                         <div><form action="index.php" method="post">\r
2179 \r
2180                                                 <input type="hidden" name="action" value="activatesetpwd" />\r
2181                                                 <?php $manager->addTicketHidden() ?>\r
2182                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
2183 \r
2184                                                 <table><tr>\r
2185                                                         <td><?php echo _MEMBERS_PWD?></td>\r
2186                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
2187                                                 </tr><tr>\r
2188                                                         <td><?php echo _MEMBERS_REPPWD?></td>\r
2189                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
2190                                                 <?php\r
2191 \r
2192                                                         global $manager;\r
2193                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));\r
2194 \r
2195                                                 ?>\r
2196                                                 </tr><tr>\r
2197                                                         <td><?php echo _MEMBERS_SETPWD ?></td>\r
2198                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
2199                                                 </tr></table>\r
2200 \r
2201 \r
2202                                         </form></div>\r
2203 \r
2204                                 <?php\r
2205 \r
2206                         }\r
2207 \r
2208                 $this->pagefoot();\r
2209 \r
2210         }\r
2211 \r
2212         /**\r
2213          * Account activation - set password part\r
2214          *\r
2215          * @author dekarma\r
2216          */\r
2217         function action_activatesetpwd() {\r
2218 \r
2219                 $key = postVar('key');\r
2220 \r
2221                 // clean up old activation keys\r
2222                 MEMBER::cleanupActivationTable();\r
2223 \r
2224                 // get activation info\r
2225                 $info = MEMBER::getActivationInfo($key);\r
2226 \r
2227                 if (!$info || ($info->type == 'addresschange'))\r
2228                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2229 \r
2230                 $mem = MEMBER::createFromId($info->vmember);\r
2231 \r
2232                 if (!$mem)\r
2233                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2234 \r
2235                 $password               = postVar('password');\r
2236                 $repeatpassword = postVar('repeatpassword');\r
2237 \r
2238                 if ($password != $repeatpassword)\r
2239                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
2240 \r
2241                 if ($password && (strlen($password) < 6))\r
2242                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
2243 \r
2244                 $pwdvalid = true;\r
2245                 $pwderror = '';\r
2246                 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
2247                 if (!pwdvalid) {\r
2248                         return $this->_showActivationPage($key,$pwderror);\r
2249                 }\r
2250 \r
2251                 $error = '';\r
2252                 global $manager;\r
2253                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
2254                 if ($error != '')\r
2255                         return $this->_showActivationPage($key, $error);\r
2256 \r
2257 \r
2258                 // set password\r
2259                 $mem->setPassword($password);\r
2260                 $mem->write();\r
2261 \r
2262                 // do the activation\r
2263                 MEMBER::activate($key);\r
2264 \r
2265                 $this->pagehead();\r
2266                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
2267                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
2268                 $this->pagefoot();\r
2269         }\r
2270 \r
2271         /**\r
2272          * Manage team\r
2273          */\r
2274         function action_manageteam() {\r
2275                 global $member, $manager;\r
2276 \r
2277                 $blogid = intRequestVar('blogid');\r
2278 \r
2279                 // check if allowed\r
2280                 $member->blogAdminRights($blogid) or $this->disallow();\r
2281 \r
2282                 $this->pagehead();\r
2283 \r
2284                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2285 \r
2286                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
2287 \r
2288                 echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
2289 \r
2290 \r
2291 \r
2292                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
2293                            . ' FROM '.sql_table('member').', '.sql_table('team')\r
2294                            . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
2295 \r
2296                 $template['content'] = 'teamlist';\r
2297                 $template['tabindex'] = 10;\r
2298 \r
2299                 $manager->loadClass("ENCAPSULATE");\r
2300                 $batch =& new BATCH('team');\r
2301                 $batch->showlist($query, 'table', $template);\r
2302 \r
2303                 ?>\r
2304                         <h3><?php echo _TEAM_ADDNEW?></h3>\r
2305 \r
2306                         <form method='post' action='index.php'><div>\r
2307 \r
2308                         <input type='hidden' name='action' value='teamaddmember' />\r
2309                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
2310                         <?php $manager->addTicketHidden() ?>\r
2311 \r
2312                         <table><tr>\r
2313                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
2314                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed\r
2315                                         $query =  'SELECT mname as text, mnumber as value'\r
2316                                                    . ' FROM '.sql_table('member');\r
2317 \r
2318                                         $template['name'] = 'memberid';\r
2319                                         $template['tabindex'] = 10000;\r
2320                                         showlist($query,'select',$template);\r
2321                                 ?></td>\r
2322                         </tr><tr>\r
2323                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
2324                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
2325                         </tr><tr>\r
2326                                 <td><?php echo _TEAM_ADD?></td>\r
2327                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
2328                         </tr></table>\r
2329 \r
2330                         </div></form>\r
2331                 <?php\r
2332                 $this->pagefoot();\r
2333         }\r
2334 \r
2335         /**\r
2336          * Add member to team\r
2337          */\r
2338         function action_teamaddmember() {\r
2339                 global $member, $manager;\r
2340 \r
2341                 $memberid = intPostVar('memberid');\r
2342                 $blogid = intPostVar('blogid');\r
2343                 $admin = intPostVar('admin');\r
2344 \r
2345                 // check if allowed\r
2346                 $member->blogAdminRights($blogid) or $this->disallow();\r
2347 \r
2348                 $blog =& $manager->getBlog($blogid);\r
2349                 if (!$blog->addTeamMember($memberid, $admin))\r
2350                         $this->error(_ERROR_ALREADYONTEAM);\r
2351 \r
2352                 $this->action_manageteam();\r
2353 \r
2354         }\r
2355 \r
2356         /**\r
2357          * @todo document this\r
2358          */\r
2359         function action_teamdelete() {\r
2360                 global $member, $manager;\r
2361 \r
2362                 $memberid = intRequestVar('memberid');\r
2363                 $blogid = intRequestVar('blogid');\r
2364 \r
2365                 // check if allowed\r
2366                 $member->blogAdminRights($blogid) or $this->disallow();\r
2367 \r
2368                 $teammem = MEMBER::createFromID($memberid);\r
2369                 $blog =& $manager->getBlog($blogid);\r
2370 \r
2371                 $this->pagehead();\r
2372                 ?>\r
2373                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2374 \r
2375                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
2376                         </p>\r
2377 \r
2378 \r
2379                         <form method="post" action="index.php"><div>\r
2380                         <input type="hidden" name="action" value="teamdeleteconfirm" />\r
2381                         <?php $manager->addTicketHidden() ?>\r
2382                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
2383                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2384                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2385                         </div></form>\r
2386                 <?php\r
2387                 $this->pagefoot();\r
2388         }\r
2389 \r
2390         /**\r
2391          * @todo document this\r
2392          */\r
2393         function action_teamdeleteconfirm() {\r
2394                 global $member;\r
2395 \r
2396                 $memberid = intRequestVar('memberid');\r
2397                 $blogid = intRequestVar('blogid');\r
2398 \r
2399                 $error = $this->deleteOneTeamMember($blogid, $memberid);\r
2400                 if ($error)\r
2401                         $this->error($error);\r
2402 \r
2403 \r
2404                 $this->action_manageteam();\r
2405         }\r
2406 \r
2407         /**\r
2408          * @todo document this\r
2409          */\r
2410         function deleteOneTeamMember($blogid, $memberid) {\r
2411                 global $member, $manager;\r
2412 \r
2413                 $blogid = intval($blogid);\r
2414                 $memberid = intval($memberid);\r
2415 \r
2416                 // check if allowed\r
2417                 if (!$member->blogAdminRights($blogid))\r
2418                         return _ERROR_DISALLOWED;\r
2419 \r
2420                 // check if: - there remains at least one blog admin\r
2421                 //           - (there remains at least one team member)\r
2422                 $tmem = MEMBER::createFromID($memberid);\r
2423 \r
2424                 $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
2425 \r
2426                 if ($tmem->isBlogAdmin($blogid)) {\r
2427                         // check if there are more blog members left and at least one admin\r
2428                         // (check for at least two admins before deletion)\r
2429                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
2430                         $r = sql_query($query);\r
2431                         if (mysql_num_rows($r) < 2)\r
2432                                 return _ERROR_ATLEASTONEBLOGADMIN;\r
2433                 }\r
2434 \r
2435                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
2436                 sql_query($query);\r
2437 \r
2438                 $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
2439 \r
2440                 return '';\r
2441         }\r
2442 \r
2443         /**\r
2444          * @todo document this\r
2445          */\r
2446         function action_teamchangeadmin() {\r
2447                 global $member;\r
2448 \r
2449                 $blogid = intRequestVar('blogid');\r
2450                 $memberid = intRequestVar('memberid');\r
2451 \r
2452                 // check if allowed\r
2453                 $member->blogAdminRights($blogid) or $this->disallow();\r
2454 \r
2455                 $mem = MEMBER::createFromID($memberid);\r
2456 \r
2457                 // don't allow when there is only one admin at this moment\r
2458                 if ($mem->isBlogAdmin($blogid)) {\r
2459                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
2460                         if (mysql_num_rows($r) == 1)\r
2461                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
2462                 }\r
2463 \r
2464                 if ($mem->isBlogAdmin($blogid))\r
2465                         $newval = 0;\r
2466                 else\r
2467                         $newval = 1;\r
2468 \r
2469                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
2470                 sql_query($query);\r
2471 \r
2472                 // only show manageteam if member did not change its own admin privileges\r
2473                 if ($member->isBlogAdmin($blogid))\r
2474                         $this->action_manageteam();\r
2475                 else\r
2476                         $this->action_overview(_MSG_ADMINCHANGED);\r
2477         }\r
2478 \r
2479         /**\r
2480          * @todo document this\r
2481          */\r
2482         function action_blogsettings() {\r
2483                 global $member, $manager;\r
2484 \r
2485                 $blogid = intRequestVar('blogid');\r
2486 \r
2487                 // check if allowed\r
2488                 $member->blogAdminRights($blogid) or $this->disallow();\r
2489 \r
2490                 $blog =& $manager->getBlog($blogid);\r
2491 \r
2492                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2493                 $this->pagehead($extrahead);\r
2494 \r
2495                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
2496                 ?>\r
2497                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
2498 \r
2499                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
2500 \r
2501                 <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?>\r
2502                 <?php\r
2503                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
2504                         $aMemberNames = array();\r
2505                         while ($o = mysql_fetch_object($res))\r
2506                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
2507                         echo implode(',', $aMemberNames);\r
2508                 ?>\r
2509                 </p>\r
2510 \r
2511 \r
2512 \r
2513                 <p>\r
2514                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
2515                 </p>\r
2516 \r
2517                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
2518 \r
2519                 <form method="post" action="index.php"><div>\r
2520 \r
2521                 <input type="hidden" name="action" value="blogsettingsupdate" />\r
2522                 <?php $manager->addTicketHidden() ?>\r
2523                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2524                 <table><tr>\r
2525                         <td><?php echo _EBLOG_NAME?></td>\r
2526                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
2527                 </tr><tr>\r
2528                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
2529                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
2530                         </td>\r
2531                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
2532                 </tr><tr>\r
2533                         <td><?php echo _EBLOG_DESC?></td>\r
2534                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
2535                 </tr><tr>\r
2536                         <td><?php echo _EBLOG_URL?></td>\r
2537                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
2538                 </tr><tr>\r
2539                         <td><?php echo _EBLOG_DEFSKIN?>\r
2540                                 <?php help('blogdefaultskin'); ?>\r
2541                         </td>\r
2542                         <td>\r
2543                                 <?php\r
2544                                         $query =  'SELECT sdname as text, sdnumber as value'\r
2545                                                    . ' FROM '.sql_table('skin_desc');\r
2546                                         $template['name'] = 'defskin';\r
2547                                         $template['selected'] = $blog->getDefaultSkin();\r
2548                                         $template['tabindex'] = 50;\r
2549                                         showlist($query,'select',$template);\r
2550                                 ?>\r
2551 \r
2552                         </td>\r
2553                 </tr><tr>\r
2554                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
2555                         </td>\r
2556                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
2557                 </tr><tr>\r
2558                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
2559                         </td>\r
2560                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
2561                 </tr><tr>\r
2562                         <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
2563                         </td>\r
2564                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
2565                 </tr><tr>\r
2566                         <td><?php echo _EBLOG_ANONYMOUS?>\r
2567                         </td>\r
2568                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
2569                 </tr><tr>\r
2570         <td><?php echo _EBLOG_REQUIREDEMAIL?>\r
2571                  </td>\r
2572                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>\r
2573           </tr><tr>\r
2574                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
2575                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
2576                 </tr><tr>\r
2577                         <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
2578                         <td>\r
2579                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
2580                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
2581                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
2582                                 <br />\r
2583                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
2584                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
2585                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
2586                                 <br />\r
2587                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
2588                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
2589                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
2590                         </td>\r
2591                 </tr><tr>\r
2592                 <?php\r
2593                 if (numberOfEventSubscriber('SendPing') > 0) {\r
2594                 ?>\r
2595                         <td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td>\r
2596                         <td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td>\r
2597                 </tr><tr>\r
2598                 <?php\r
2599                 }\r
2600                 ?>\r
2601                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
2602                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
2603                 </tr><tr>\r
2604                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
2605                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
2606                 </tr><tr>\r
2607                         <td><?php echo _EBLOG_DEFCAT?></td>\r
2608                         <td>\r
2609                                 <?php\r
2610                                         $query =  'SELECT cname as text, catid as value'\r
2611                                                    . ' FROM '.sql_table('category')\r
2612                                                    . ' WHERE cblog=' . $blog->getID();\r
2613                                         $template['name'] = 'defcat';\r
2614                                         $template['selected'] = $blog->getDefaultCategory();\r
2615                                         $template['tabindex'] = 110;\r
2616                                         showlist($query,'select',$template);\r
2617                                 ?>\r
2618                         </td>\r
2619                 </tr><tr>\r
2620                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
2621                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
2622                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
2623                                 </td>\r
2624                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
2625                 </tr><tr>\r
2626                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
2627                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
2628                 </tr>\r
2629                 <?php\r
2630                         // plugin options\r
2631                         $this->_insertPluginOptions('blog',$blogid);\r
2632                 ?>\r
2633                 <tr>\r
2634                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
2635                 </tr><tr>\r
2636                         <td><?php echo _EBLOG_CHANGE?></td>\r
2637                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
2638                 </tr></table>\r
2639 \r
2640                 </div></form>\r
2641 \r
2642                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
2643 \r
2644 \r
2645                 <?php\r
2646                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
2647                 $template['content'] = 'categorylist';\r
2648                 $template['tabindex'] = 200;\r
2649 \r
2650                 $manager->loadClass("ENCAPSULATE");\r
2651                 $batch =& new BATCH('category');\r
2652                 $batch->showlist($query,'table',$template);\r
2653 \r
2654                 ?>\r
2655 \r
2656 \r
2657                 <form action="index.php" method="post"><div>\r
2658                 <input name="action" value="categorynew" type="hidden" />\r
2659                 <?php $manager->addTicketHidden() ?>\r
2660                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
2661 \r
2662                 <table><tr>\r
2663                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
2664                 </tr><tr>\r
2665                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2666                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
2667                 </tr><tr>\r
2668                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2669                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
2670                 </tr><tr>\r
2671                         <td><?php echo _EBLOG_CAT_CREATE?></td>\r
2672                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
2673                 </tr></table>\r
2674 \r
2675                 </div></form>\r
2676 \r
2677                 <?php\r
2678 \r
2679                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
2680 \r
2681                         $manager->notify(\r
2682                                 'BlogSettingsFormExtras',\r
2683                                 array(\r
2684                                         'blog' => &$blog\r
2685                                 )\r
2686                         );\r
2687 \r
2688                 $this->pagefoot();\r
2689         }\r
2690 \r
2691         /**\r
2692          * @todo document this\r
2693          */\r
2694         function action_categorynew() {\r
2695                 global $member, $manager;\r
2696 \r
2697                 $blogid = intRequestVar('blogid');\r
2698 \r
2699                 $member->blogAdminRights($blogid) or $this->disallow();\r
2700 \r
2701                 $cname = postVar('cname');\r
2702                 $cdesc = postVar('cdesc');\r
2703 \r
2704                 if (!isValidCategoryName($cname))\r
2705                         $this->error(_ERROR_BADCATEGORYNAME);\r
2706 \r
2707                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);\r
2708                 $res = sql_query($query);\r
2709                 if (mysql_num_rows($res) > 0)\r
2710                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2711 \r
2712                 $blog           =& $manager->getBlog($blogid);\r
2713                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);\r
2714 \r
2715                 $this->action_blogsettings();\r
2716         }\r
2717 \r
2718         /**\r
2719          * @todo document this\r
2720          */\r
2721         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
2722                 global $member, $manager;\r
2723 \r
2724                 if ($blogid == '')\r
2725                         $blogid = intGetVar('blogid');\r
2726                 else\r
2727                         $blogid = intval($blogid);\r
2728                 if ($catid == '')\r
2729                         $catid = intGetVar('catid');\r
2730                 else\r
2731                         $catid = intval($catid);\r
2732 \r
2733                 $member->blogAdminRights($blogid) or $this->disallow();\r
2734 \r
2735                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
2736                 $obj = mysql_fetch_object($res);\r
2737 \r
2738                 $cname = $obj->cname;\r
2739                 $cdesc = $obj->cdesc;\r
2740 \r
2741                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2742                 $this->pagehead($extrahead);\r
2743 \r
2744                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2745 \r
2746                 ?>\r
2747                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
2748                 <form method='post' action='index.php'><div>\r
2749                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
2750                 <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
2751                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
2752                 <input name="action" type="hidden" value="categoryupdate" />\r
2753                 <?php $manager->addTicketHidden(); ?>\r
2754 \r
2755                 <table><tr>\r
2756                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2757                 </tr><tr>\r
2758                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2759                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
2760                 </tr><tr>\r
2761                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2762                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
2763                 </tr>\r
2764                 <?php\r
2765                         // insert plugin options\r
2766                         $this->_insertPluginOptions('category',$catid);\r
2767                 ?>\r
2768                 <tr>\r
2769                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2770                 </tr><tr>\r
2771                         <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
2772                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
2773                 </tr></table>\r
2774 \r
2775                 </div></form>\r
2776                 <?php\r
2777                 $this->pagefoot();\r
2778         }\r
2779 \r
2780         /**\r
2781          * @todo document this\r
2782          */\r
2783         function action_categoryupdate() {\r
2784                 global $member, $manager;\r
2785 \r
2786                 $blogid = intPostVar('blogid');\r
2787                 $catid = intPostVar('catid');\r
2788                 $cname = postVar('cname');\r
2789                 $cdesc = postVar('cdesc');\r
2790                 $desturl = postVar('desturl');\r
2791 \r
2792                 $member->blogAdminRights($blogid) or $this->disallow();\r
2793 \r
2794                 if (!isValidCategoryName($cname))\r
2795                         $this->error(_ERROR_BADCATEGORYNAME);\r
2796 \r
2797                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
2798                 $res = sql_query($query);\r
2799                 if (mysql_num_rows($res) > 0)\r
2800                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2801 \r
2802                 $query =  'UPDATE '.sql_table('category').' SET'\r
2803                            . " cname='" . addslashes($cname) . "',"\r
2804                            . " cdesc='" . addslashes($cdesc) . "'"\r
2805                            . " WHERE catid=" . $catid;\r
2806 \r
2807                 sql_query($query);\r
2808 \r
2809                 // store plugin options\r
2810                 $aOptions = requestArray('plugoption');\r
2811                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2812                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));\r
2813 \r
2814 \r
2815                 if ($desturl) {\r
2816                         redirect($desturl);\r
2817                         exit;\r
2818                 } else {\r
2819                         $this->action_blogsettings();\r
2820                 }\r
2821         }\r
2822 \r
2823         /**\r
2824          * @todo document this\r
2825          */\r
2826         function action_categorydelete() {\r
2827                 global $member, $manager;\r
2828 \r
2829                 $blogid = intRequestVar('blogid');\r
2830                 $catid = intRequestVar('catid');\r
2831 \r
2832                 $member->blogAdminRights($blogid) or $this->disallow();\r
2833 \r
2834                 $blog =& $manager->getBlog($blogid);\r
2835 \r
2836                 // check if the category is valid\r
2837                 if (!$blog->isValidCategory($catid))\r
2838                         $this->error(_ERROR_NOSUCHCATEGORY);\r
2839 \r
2840                 // don't allow deletion of default category\r
2841                 if ($blog->getDefaultCategory() == $catid)\r
2842                         $this->error(_ERROR_DELETEDEFCATEGORY);\r
2843 \r
2844                 // check if catid is the only category left for blogid\r
2845                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2846                 $res = sql_query($query);\r
2847                 if (mysql_num_rows($res) == 1)\r
2848                         $this->error(_ERROR_DELETELASTCATEGORY);\r
2849 \r
2850 \r
2851                 $this->pagehead();\r
2852                 ?>\r
2853                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2854 \r
2855                         <div>\r
2856                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>\r
2857                         </div>\r
2858 \r
2859                         <form method="post" action="index.php"><div>\r
2860                         <input type="hidden" name="action" value="categorydeleteconfirm" />\r
2861                         <?php $manager->addTicketHidden() ?>\r
2862                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
2863                         <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
2864                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2865                         </div></form>\r
2866                 <?php\r
2867                 $this->pagefoot();\r
2868         }\r
2869 \r
2870         /**\r
2871          * @todo document this\r
2872          */\r
2873         function action_categorydeleteconfirm() {\r
2874                 global $member, $manager;\r
2875 \r