OSDN Git Service

added white-space:nowrap to th/td tag
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php\r
2 /**\r
3   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
4   * Copyright (C) 2002-2005 The Nucleus Group\r
5   *\r
6   * This program is free software; you can redistribute it and/or\r
7   * modify it under the terms of the GNU General Public License\r
8   * as published by the Free Software Foundation; either version 2\r
9   * of the License, or (at your option) any later version.\r
10   * (see nucleus/documentation/index.html#license for more info)\r
11   *\r
12   * The code for the Nucleus admin area\r
13   *\r
14   * $Id: ADMIN.php,v 1.6 2005-08-13 07:28:38 kimitake Exp $\r
15   * $NucleusJP: ADMIN.php,v 1.5 2005/04/19 06:58:03 kimitake Exp $\r
16   */\r
17 \r
18 class ADMIN {\r
19 \r
20         // action currently being executed ($action=xxxx -> action_xxxx method)\r
21         var $action;\r
22 \r
23         function ADMIN() {\r
24 \r
25         }\r
26 \r
27         /**\r
28           * Executes an action\r
29           *\r
30           * @param $action\r
31           *             action to be performed\r
32           */\r
33         function action($action) {\r
34                 global $CONF, $manager;\r
35 \r
36                 // list of action aliases\r
37                 $alias = array(\r
38                         'login' => 'overview',\r
39                         '' => 'overview'\r
40                 );\r
41 \r
42                 if ($alias[$action])\r
43                         $action = $alias[$action];\r
44 \r
45                 $methodName = 'action_' . $action;\r
46 \r
47                 $this->action = strtolower($action);\r
48 \r
49                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
50                 // is an action that requires user interaction before something is actually done)\r
51                 // all safe actions are in this array:\r
52                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');\r
53 /*\r
54                 // the rest of the actions needs to be checked\r
55                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');\r
56 */\r
57                 if (!in_array($this->action, $aActionsNotToCheck))\r
58                 {\r
59                         if (!$manager->checkTicket())\r
60                                 $this->error(_ERROR_BADTICKET);\r
61                 }\r
62 \r
63                 if (method_exists($this, $methodName))\r
64                         call_user_func(array(&$this, $methodName));\r
65                 else\r
66                         $this->error(_BADACTION . " ($action)");\r
67 \r
68         }\r
69 \r
70 \r
71         function action_showlogin() {\r
72                 global $error;\r
73                 $this->action_login($error);\r
74         }\r
75 \r
76         function action_login($msg = '', $passvars = 1) {\r
77                 global $member;\r
78 \r
79                 // skip to overview when allowed\r
80                 if ($member->isLoggedIn() && $member->canLogin()) {\r
81                         $this->action_overview();\r
82                         exit;\r
83                 }\r
84 \r
85                 $this->pagehead();\r
86 \r
87                 echo '<h2>', _LOGIN ,'</h2>';\r
88                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
89                 ?>\r
90 \r
91                 <form action="index.php" method="post"><p>\r
92                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />\r
93                 <br />\r
94                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />\r
95                 <br />\r
96                 <input name="action" value="login" type="hidden" />\r
97                 <br />\r
98                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
99                 <br />\r
100                 <small>\r
101                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
102                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
103                 </small>\r
104                 <?php                   // pass through vars\r
105 \r
106                         $oldaction = postVar('oldaction');\r
107                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
108                                 passRequestVars();\r
109                         }\r
110 \r
111 \r
112                 ?>\r
113                 </p></form>\r
114                 <?php           $this->pagefoot();\r
115         }\r
116 \r
117 \r
118         /**\r
119           * provides a screen with the overview of the actions available\r
120           */\r
121         function action_overview($msg = '') {\r
122                 global $member;\r
123 \r
124                 $this->pagehead();\r
125 \r
126                 if ($msg)\r
127                         echo _MESSAGE , ': ', $msg;\r
128 \r
129                 /* ---- add items ---- */\r
130                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
131 \r
132                 $showAll = requestVar('showall');\r
133 \r
134                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
135                         // Super-Admins have access to all blogs! (no add item support though)\r
136                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
137                                    . ' FROM ' . sql_table('blog')\r
138                                    . ' ORDER BY bname';\r
139                 } else {\r
140                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
141                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
142                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
143                                    . ' ORDER BY bname';\r
144                 }\r
145                 $template['content'] = 'bloglist';\r
146                 $template['superadmin'] = $member->isAdmin();\r
147                 $amount = showlist($query,'table',$template);\r
148 \r
149                 if (($showAll != 'yes') && ($member->isAdmin())) {\r
150                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
151                         if ($total > $amount)\r
152                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';\r
153                 }\r
154 \r
155                 if ($amount == 0)\r
156                         echo _OVERVIEW_NOBLOGS;\r
157 \r
158                 if ($amount != 0) {\r
159                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
160                         $query =  'SELECT ititle, inumber, bshortname'\r
161                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
162                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
163                         $template['content'] = 'draftlist';\r
164                         $amountdrafts = showlist($query, 'table', $template);\r
165                         if ($amountdrafts == 0)\r
166                                 echo _OVERVIEW_NODRAFTS;\r
167                 }\r
168 \r
169                 /* ---- user settings ---- */\r
170                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
171                 echo '<ul>';\r
172                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
173                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
174                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
175                 echo '</ul>';\r
176 \r
177                 /* ---- general settings ---- */\r
178                 if ($member->isAdmin()) {\r
179                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
180                         echo '<ul>';\r
181                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
182                         echo '</ul>';\r
183                 }\r
184 \r
185 \r
186                 $this->pagefoot();\r
187         }\r
188 \r
189         // returns a link to a weblog (takes BLOG object as parameter)\r
190         function bloglink(&$blog) {\r
191                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';\r
192         }\r
193 \r
194         function action_manage($msg = '') {\r
195                 global $member;\r
196 \r
197                 $member->isAdmin() or $this->disallow();\r
198 \r
199                 $this->pagehead();\r
200 \r
201                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
202 \r
203                 if ($msg)\r
204                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
205 \r
206 \r
207                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
208 \r
209                 echo '<ul>';\r
210                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
211                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
212                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
213                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
214                 echo '</ul>';\r
215 \r
216                 echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
217                 echo '<ul>';\r
218                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
219                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
220                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
221                 echo '</ul>';\r
222 \r
223                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
224                 echo '<ul>';\r
225                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
226                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
227                 echo '</ul>';\r
228 \r
229                 $this->pagefoot();\r
230         }\r
231 \r
232         function action_itemlist($blogid = '') {\r
233                 global $member, $manager;\r
234 \r
235                 if ($blogid == '')\r
236                         $blogid = intRequestVar('blogid');\r
237 \r
238                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
239 \r
240                 $this->pagehead();\r
241                 $blog =& $manager->getBlog($blogid);\r
242 \r
243                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
244                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
245 \r
246                 // start index\r
247                 if (postVar('start'))\r
248                         $start = intPostVar('start');\r
249                 else\r
250                         $start = 0;\r
251 \r
252                 if ($start == 0)\r
253                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
254 \r
255                 // amount of items to show\r
256                 if (postVar('amount'))\r
257                         $amount = intPostVar('amount');\r
258                 else\r
259                         $amount = 10;\r
260 \r
261                 $search = postVar('search');    // search through items\r
262 \r
263                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'\r
264                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
265                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
266 \r
267                 if ($search)\r
268                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
269 \r
270                 // non-blog-admins can only edit/delete their own items\r
271                 if (!$member->blogAdminRights($blogid))\r
272                         $query .= ' and iauthor=' . $member->getID();\r
273 \r
274 \r
275                 $query .= ' ORDER BY itime DESC'\r
276                                 . " LIMIT $start,$amount";\r
277 \r
278                 $template['content'] = 'itemlist';\r
279                 $template['now'] = $blog->getCorrectTime(time());\r
280 \r
281 \r
282                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
283                 $navList->showBatchList('item',$query,'table',$template);\r
284 \r
285 \r
286                 $this->pagefoot();\r
287         }\r
288 \r
289 \r
290         function action_batchitem() {\r
291                 global $member, $manager;\r
292 \r
293                 // check if logged in\r
294                 $member->isLoggedIn() or $this->disallow();\r
295 \r
296                 // more precise check will be done for each performed operation\r
297 \r
298                 // get array of itemids from request\r
299                 $selected = requestIntArray('batch');\r
300                 $action = requestVar('batchaction');\r
301 \r
302                 // Show error when no items were selected\r
303                 if (!is_array($selected) || sizeof($selected) == 0)\r
304                         $this->error(_BATCH_NOSELECTION);\r
305 \r
306                 // On move: when no destination blog/category chosen, show choice now\r
307                 $destCatid = intRequestVar('destcatid');\r
308                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
309                         $this->batchMoveSelectDestination('item',$selected);\r
310 \r
311                 // On delete: check if confirmation has been given\r
312                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
313                         $this->batchAskDeleteConfirmation('item',$selected);\r
314 \r
315                 $this->pagehead();\r
316 \r
317                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
318                 echo '<h2>',_BATCH_ITEMS,'</h2>';\r
319                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
320                 echo '<ul>';\r
321 \r
322 \r
323                 // walk over all itemids and perform action\r
324                 foreach ($selected as $itemid) {\r
325                         $itemid = intval($itemid);\r
326                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
327 \r
328                         // perform action, display errors if needed\r
329                         switch($action) {\r
330                                 case 'delete':\r
331                                         $error = $this->deleteOneItem($itemid);\r
332                                         break;\r
333                                 case 'move':\r
334                                         $error = $this->moveOneItem($itemid, $destCatid);\r
335                                         break;\r
336                                 default:\r
337                                         $error = _BATCH_UNKNOWN . $action;\r
338                         }\r
339 \r
340                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
341                         echo '</li>';\r
342                 }\r
343 \r
344                 echo '</ul>';\r
345                 echo '<b>',_BATCH_DONE,'</b>';\r
346 \r
347                 $this->pagefoot();\r
348 \r
349 \r
350         }\r
351 \r
352         function action_batchcomment() {\r
353                 global $member;\r
354 \r
355                 // check if logged in\r
356                 $member->isLoggedIn() or $this->disallow();\r
357 \r
358                 // more precise check will be done for each performed operation\r
359 \r
360                 // get array of itemids from request\r
361                 $selected = requestIntArray('batch');\r
362                 $action = requestVar('batchaction');\r
363 \r
364                 // Show error when no items were selected\r
365                 if (!is_array($selected) || sizeof($selected) == 0)\r
366                         $this->error(_BATCH_NOSELECTION);\r
367 \r
368                 // On delete: check if confirmation has been given\r
369                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
370                         $this->batchAskDeleteConfirmation('comment',$selected);\r
371 \r
372                 $this->pagehead();\r
373 \r
374                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
375                 echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
376                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
377                 echo '<ul>';\r
378 \r
379                 // walk over all itemids and perform action\r
380                 foreach ($selected as $commentid) {\r
381                         $commentid = intval($commentid);\r
382                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
383 \r
384                         // perform action, display errors if needed\r
385                         switch($action) {\r
386                                 case 'delete':\r
387                                         $error = $this->deleteOneComment($commentid);\r
388                                         break;\r
389                                 default:\r
390                                         $error = _BATCH_UNKNOWN . $action;\r
391                         }\r
392 \r
393                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
394                         echo '</li>';\r
395                 }\r
396 \r
397                 echo '</ul>';\r
398                 echo '<b>',_BATCH_DONE,'</b>';\r
399 \r
400                 $this->pagefoot();\r
401 \r
402 \r
403         }\r
404 \r
405         function action_batchmember() {\r
406                 global $member;\r
407 \r
408                 // check if logged in and admin\r
409                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
410 \r
411                 // get array of itemids from request\r
412                 $selected = requestIntArray('batch');\r
413                 $action = requestVar('batchaction');\r
414 \r
415                 // Show error when no members selected\r
416                 if (!is_array($selected) || sizeof($selected) == 0)\r
417                         $this->error(_BATCH_NOSELECTION);\r
418 \r
419                 // On delete: check if confirmation has been given\r
420                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
421                         $this->batchAskDeleteConfirmation('member',$selected);\r
422 \r
423                 $this->pagehead();\r
424 \r
425                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
426                 echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
427                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
428                 echo '<ul>';\r
429 \r
430                 // walk over all itemids and perform action\r
431                 foreach ($selected as $memberid) {\r
432                         $memberid = intval($memberid);\r
433                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
434 \r
435                         // perform action, display errors if needed\r
436                         switch($action) {\r
437                                 case 'delete':\r
438                                         $error = $this->deleteOneMember($memberid);\r
439                                         break;\r
440                                 case 'setadmin':\r
441                                         // always succeeds\r
442                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
443                                         $error = '';\r
444                                         break;\r
445                                 case 'unsetadmin':\r
446                                         // there should always remain at least one super-admin\r
447                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
448                                         if (mysql_num_rows($r) < 2)\r
449                                                 $error = _ERROR_ATLEASTONEADMIN;\r
450                                         else\r
451                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
452                                         break;\r
453                                 default:\r
454                                         $error = _BATCH_UNKNOWN . $action;\r
455                         }\r
456 \r
457                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
458                         echo '</li>';\r
459                 }\r
460 \r
461                 echo '</ul>';\r
462                 echo '<b>',_BATCH_DONE,'</b>';\r
463 \r
464                 $this->pagefoot();\r
465 \r
466 \r
467         }\r
468 \r
469 \r
470         function action_batchteam() {\r
471                 global $member;\r
472 \r
473                 $blogid = intRequestVar('blogid');\r
474 \r
475                 // check if logged in and admin\r
476                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
477 \r
478                 // get array of itemids from request\r
479                 $selected = requestIntArray('batch');\r
480                 $action = requestVar('batchaction');\r
481 \r
482                 // Show error when no members selected\r
483                 if (!is_array($selected) || sizeof($selected) == 0)\r
484                         $this->error(_BATCH_NOSELECTION);\r
485 \r
486                 // On delete: check if confirmation has been given\r
487                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
488                         $this->batchAskDeleteConfirmation('team',$selected);\r
489 \r
490                 $this->pagehead();\r
491 \r
492                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
493 \r
494                 echo '<h2>',_BATCH_TEAM,'</h2>';\r
495                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
496                 echo '<ul>';\r
497 \r
498                 // walk over all itemids and perform action\r
499                 foreach ($selected as $memberid) {\r
500                         $memberid = intval($memberid);\r
501                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
502 \r
503                         // perform action, display errors if needed\r
504                         switch($action) {\r
505                                 case 'delete':\r
506                                         $error = $this->deleteOneTeamMember($blogid, $memberid);\r
507                                         break;\r
508                                 case 'setadmin':\r
509                                         // always succeeds\r
510                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
511                                         $error = '';\r
512                                         break;\r
513                                 case 'unsetadmin':\r
514                                         // there should always remain at least one admin\r
515                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
516                                         if (mysql_num_rows($r) < 2)\r
517                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;\r
518                                         else\r
519                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
520                                         break;\r
521                                 default:\r
522                                         $error = _BATCH_UNKNOWN . $action;\r
523                         }\r
524 \r
525                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
526                         echo '</li>';\r
527                 }\r
528 \r
529                 echo '</ul>';\r
530                 echo '<b>',_BATCH_DONE,'</b>';\r
531 \r
532                 $this->pagefoot();\r
533 \r
534 \r
535         }\r
536 \r
537 \r
538 \r
539         function action_batchcategory() {\r
540                 global $member, $manager;\r
541 \r
542                 // check if logged in\r
543                 $member->isLoggedIn() or $this->disallow();\r
544 \r
545                 // more precise check will be done for each performed operation\r
546 \r
547                 // get array of itemids from request\r
548                 $selected = requestIntArray('batch');\r
549                 $action = requestVar('batchaction');\r
550 \r
551                 // Show error when no items were selected\r
552                 if (!is_array($selected) || sizeof($selected) == 0)\r
553                         $this->error(_BATCH_NOSELECTION);\r
554 \r
555                 // On move: when no destination blog chosen, show choice now\r
556                 $destBlogId = intRequestVar('destblogid');\r
557                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
558                         $this->batchMoveCategorySelectDestination('category',$selected);\r
559 \r
560                 // On delete: check if confirmation has been given\r
561                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
562                         $this->batchAskDeleteConfirmation('category',$selected);\r
563 \r
564                 $this->pagehead();\r
565 \r
566                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
567                 echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
568                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
569                 echo '<ul>';\r
570 \r
571                 // walk over all itemids and perform action\r
572                 foreach ($selected as $catid) {\r
573                         $catid = intval($catid);\r
574                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
575 \r
576                         // perform action, display errors if needed\r
577                         switch($action) {\r
578                                 case 'delete':\r
579                                         $error = $this->deleteOneCategory($catid);\r
580                                         break;\r
581                                 case 'move':\r
582                                         $error = $this->moveOneCategory($catid, $destBlogId);\r
583                                         break;\r
584                                 default:\r
585                                         $error = _BATCH_UNKNOWN . $action;\r
586                         }\r
587 \r
588                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';\r
589                         echo '</li>';\r
590                 }\r
591 \r
592                 echo '</ul>';\r
593                 echo '<b>',_BATCH_DONE,'</b>';\r
594 \r
595                 $this->pagefoot();\r
596 \r
597         }\r
598 \r
599         function batchMoveSelectDestination($type, $ids) {\r
600                 global $manager;\r
601                 $this->pagehead();\r
602                 ?>\r
603                 <h2><?php echo _MOVE_TITLE?></h2>\r
604                 <form method="post" action="index.php"><div>\r
605 \r
606                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
607                         <input type="hidden" name="batchaction" value="move" />\r
608                         <?php\r
609                                 $manager->addTicketHidden();\r
610 \r
611                                 // insert selected item numbers\r
612                                 $idx = 0;\r
613                                 foreach ($ids as $id)\r
614                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
615 \r
616                                 // show blog/category selection list\r
617                                 $this->selectBlogCategory('destcatid');\r
618 \r
619                         ?>\r
620 \r
621 \r
622                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
623 \r
624                 </div></form>\r
625                 <?php           $this->pagefoot();\r
626                 exit;\r
627         }\r
628 \r
629         function batchMoveCategorySelectDestination($type, $ids) {\r
630                 global $manager;\r
631                 $this->pagehead();\r
632                 ?>\r
633                 <h2><?php echo _MOVECAT_TITLE?></h2>\r
634                 <form method="post" action="index.php"><div>\r
635 \r
636                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
637                         <input type="hidden" name="batchaction" value="move" />\r
638                         <?php\r
639                                 $manager->addTicketHidden();\r
640 \r
641                                 // insert selected item numbers\r
642                                 $idx = 0;\r
643                                 foreach ($ids as $id)\r
644                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
645 \r
646                                 // show blog/category selection list\r
647                                 $this->selectBlog('destblogid');\r
648 \r
649                         ?>\r
650 \r
651 \r
652                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
653 \r
654                 </div></form>\r
655                 <?php           $this->pagefoot();\r
656                 exit;\r
657         }\r
658 \r
659         function batchAskDeleteConfirmation($type, $ids) {\r
660                 global $manager;\r
661 \r
662                 $this->pagehead();\r
663                 ?>\r
664                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
665                 <form method="post" action="index.php"><div>\r
666 \r
667                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
668                         <?php $manager->addTicketHidden() ?>\r
669                         <input type="hidden" name="batchaction" value="delete" />\r
670                         <input type="hidden" name="confirmation" value="yes" />\r
671                         <?php                           // insert selected item numbers\r
672                                 $idx = 0;\r
673                                 foreach ($ids as $id)\r
674                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
675 \r
676                                 // add hidden vars for team & comment\r
677                                 if ($type == 'team')\r
678                                 {\r
679                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
680                                 }\r
681                                 if ($type == 'comment')\r
682                                 {\r
683                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
684                                 }\r
685 \r
686                         ?>\r
687 \r
688                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
689 \r
690                 </div></form>\r
691                 <?php           $this->pagefoot();\r
692                 exit;\r
693         }\r
694 \r
695 \r
696         /**\r
697           * Inserts a HTML select element with choices for all categories to which the current\r
698           * member has access\r
699           */\r
700         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
701                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
702         }\r
703 \r
704         /**\r
705           * Inserts a HTML select element with choices for all blogs to which the user has access\r
706           *             mode = 'blog' => shows blognames and values are blogids\r
707           *             mode = 'category' => show category names and values are catids\r
708           *\r
709           * @param $iForcedBlogInclude\r
710           *             ID of a blog that always needs to be included, without checking if the member is on the blog team (-1 = none)\r
711           */\r
712         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
713                 global $member, $CONF;\r
714 \r
715                 // 0. get IDs of blogs to which member can post items (+ forced blog)\r
716                 $aBlogIds = array();\r
717                 if ($iForcedBlogInclude != -1)\r
718                         $aBlogIds[] = intval($iForcedBlogInclude);\r
719 \r
720                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
721                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
722                 else\r
723                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
724                 $rblogids = sql_query($queryBlogs);\r
725                 while ($o = mysql_fetch_object($rblogids))\r
726                         if ($o->bnumber != $iForcedBlogInclude)\r
727                                 $aBlogIds[] = intval($o->bnumber);\r
728 \r
729                 if (count($aBlogIds) == 0)\r
730                         return;\r
731 \r
732                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
733 \r
734                 // 1. select blogs (we'll create optiongroups)\r
735                 // (only select those blogs that have the user on the team)\r
736                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
737                 $blogs = sql_query($queryBlogs);\r
738                 if ($mode == 'category') {\r
739                         if (mysql_num_rows($blogs) > 1)\r
740                                 $multipleBlogs = 1;\r
741 \r
742                         while ($oBlog = mysql_fetch_object($blogs)) {\r
743                                 if ($multipleBlogs)\r
744                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
745 \r
746                                 // show selection to create new category when allowed/wanted\r
747                                 if ($showNewCat) {\r
748                                         // check if allowed to do so\r
749                                         if ($member->blogAdminRights($oBlog->bnumber))\r
750                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
751                                 }\r
752 \r
753                                 // 2. for each category in that blog\r
754                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
755                                 while ($oCat = mysql_fetch_object($categories)) {\r
756                                         if ($oCat->catid == $selected)\r
757                                                 $selectText = ' selected="selected" ';\r
758                                         else\r
759                                                 $selectText = '';\r
760                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
761                                 }\r
762 \r
763                                 if ($multipleBlogs)\r
764                                         echo '</optgroup>';\r
765                         }\r
766                 } else {\r
767                         // blog mode\r
768                         while ($oBlog = mysql_fetch_object($blogs)) {\r
769                                 echo '<option value="',$oBlog->bnumber,'"';\r
770                                 if ($oBlog->bnumber == $selected)\r
771                                         echo ' selected="selected"';\r
772                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
773                         }\r
774                 }\r
775                 echo '</select>';\r
776 \r
777         }\r
778 \r
779         function action_browseownitems() {\r
780                 global $member;\r
781 \r
782                 $this->pagehead();\r
783 \r
784                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
785                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
786 \r
787                 // start index\r
788                 if (postVar('start'))\r
789                         $start = postVar('start');\r
790                 else\r
791                         $start = 0;\r
792 \r
793                 // amount of items to show\r
794                 if (postVar('amount'))\r
795                         $amount = postVar('amount');\r
796                 else\r
797                         $amount = 10;\r
798 \r
799                 $search = postVar('search');    // search through items\r
800 \r
801                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
802                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
803                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
804 \r
805                 if ($search)\r
806                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
807 \r
808                 $query .= ' ORDER BY itime DESC'\r
809                                 . " LIMIT $start,$amount";\r
810 \r
811                 $template['content'] = 'itemlist';\r
812                 $template['now'] = time();\r
813 \r
814                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);\r
815                 $navList->showBatchList('item',$query,'table',$template);\r
816 \r
817                 $this->pagefoot();\r
818 \r
819         }\r
820 \r
821         /**\r
822           * Show all the comments for a given item\r
823           */\r
824         function action_itemcommentlist($itemid = '') {\r
825                 global $member;\r
826 \r
827                 if ($itemid == '')\r
828                         $itemid = intRequestVar('itemid');\r
829 \r
830                 // only allow if user is allowed to alter item\r
831                 $member->canAlterItem($itemid) or $this->disallow();\r
832 \r
833                 $blogid = getBlogIdFromItemId($itemid);\r
834 \r
835                 $this->pagehead();\r
836 \r
837                 // start index\r
838                 if (postVar('start'))\r
839                         $start = postVar('start');\r
840                 else\r
841                         $start = 0;\r
842 \r
843                 // amount of items to show\r
844                 if (postVar('amount'))\r
845                         $amount = postVar('amount');\r
846                 else\r
847                         $amount = 10;\r
848 \r
849                 $search = postVar('search');\r
850 \r
851                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
852                 echo '<h2>',_COMMENTS,'</h2>';\r
853 \r
854                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;\r
855 \r
856                 if ($search)\r
857                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
858 \r
859                 $query .= ' ORDER BY ctime ASC'\r
860                                 . " LIMIT $start,$amount";\r
861 \r
862                 $template['content'] = 'commentlist';\r
863                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
864 \r
865                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
866                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
867 \r
868                 $this->pagefoot();\r
869         }\r
870 \r
871         /**\r
872           * Browse own comments\r
873           */\r
874         function action_browseowncomments() {\r
875                 global $member;\r
876 \r
877                 // start index\r
878                 if (postVar('start'))\r
879                         $start = postVar('start');\r
880                 else\r
881                         $start = 0;\r
882 \r
883                 // amount of items to show\r
884                 if (postVar('amount'))\r
885                         $amount = postVar('amount');\r
886                 else\r
887                         $amount = 10;\r
888 \r
889                 $search = postVar('search');\r
890 \r
891 \r
892                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
893 \r
894                 if ($search)\r
895                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
896 \r
897                 $query .= ' ORDER BY ctime DESC'\r
898                                 . " LIMIT $start,$amount";\r
899 \r
900                 $this->pagehead();\r
901 \r
902                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
903                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
904 \r
905                 $template['content'] = 'commentlist';\r
906                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself\r
907 \r
908                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
909                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
910 \r
911                 $this->pagefoot();\r
912         }\r
913 \r
914         /**\r
915           * Browse all comments for a weblog\r
916           */\r
917         function action_blogcommentlist($blogid = '')\r
918         {\r
919                 global $member, $manager;\r
920 \r
921                 if ($blogid == '')\r
922                         $blogid = intRequestVar('blogid');\r
923                 else\r
924                         $blogid = intval($blogid);\r
925 \r
926                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
927 \r
928                 // start index\r
929                 if (postVar('start'))\r
930                         $start = postVar('start');\r
931                 else\r
932                         $start = 0;\r
933 \r
934                 // amount of items to show\r
935                 if (postVar('amount'))\r
936                         $amount = postVar('amount');\r
937                 else\r
938                         $amount = 10;\r
939 \r
940                 $search = postVar('search');            // search through comments\r
941 \r
942 \r
943                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
944 \r
945                 if ($search != '')\r
946                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
947 \r
948 \r
949                 $query .= ' ORDER BY ctime DESC'\r
950                                 . " LIMIT $start,$amount";\r
951 \r
952 \r
953                 $blog =& $manager->getBlog($blogid);\r
954 \r
955                 $this->pagehead();\r
956 \r
957                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
958                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
959 \r
960                 $template['content'] = 'commentlist';\r
961                 $template['canAddBan'] = $member->blogAdminRights($blogid);\r
962 \r
963                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
964                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
965 \r
966                 $this->pagefoot();\r
967         }\r
968 \r
969         /**\r
970           * Provide a page to item a new item to the given blog\r
971           */\r
972         function action_createitem() {\r
973                 global $member, $manager;\r
974 \r
975                 $blogid = intRequestVar('blogid');\r
976 \r
977                 // check if allowed\r
978                 $member->teamRights($blogid) or $this->disallow();\r
979 \r
980                 $memberid = $member->getID();\r
981 \r
982                 $blog =& $manager->getBlog($blogid);\r
983 \r
984                 $this->pagehead();\r
985 \r
986                 // generate the add-item form\r
987                 $formfactory =& new PAGEFACTORY($blogid);\r
988                 $formfactory->createAddForm('admin');\r
989 \r
990                 $this->pagefoot();\r
991         }\r
992 \r
993         function action_itemedit() {\r
994                 global $member, $manager;\r
995 \r
996                 $itemid = intRequestVar('itemid');\r
997 \r
998                 // only allow if user is allowed to alter item\r
999                 $member->canAlterItem($itemid) or $this->disallow();\r
1000 \r
1001                 $item =& $manager->getItem($itemid,1,1);\r
1002                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
1003 \r
1004                 $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
1005 \r
1006                 if ($blog->convertBreaks()) {\r
1007                         $item['body'] = removeBreaks($item['body']);\r
1008                         $item['more'] = removeBreaks($item['more']);\r
1009                 }\r
1010 \r
1011                 // form to edit blog items\r
1012                 $this->pagehead();\r
1013                 $formfactory =& new PAGEFACTORY($blog->getID());\r
1014                 $formfactory->createEditForm('admin',$item);\r
1015                 $this->pagefoot();\r
1016         }\r
1017 \r
1018         function action_itemupdate() {\r
1019                 global $member, $manager, $CONF;\r
1020 \r
1021                 $itemid = intRequestVar('itemid');\r
1022                 $catid = postVar('catid');\r
1023 \r
1024                 // only allow if user is allowed to alter item\r
1025                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1026 \r
1027                 $actiontype = postVar('actiontype');\r
1028 \r
1029                 // delete actions are handled by itemdelete (which has confirmation)\r
1030                 if ($actiontype == 'delete') {\r
1031                         $this->action_itemdelete();\r
1032                         return;\r
1033                 }\r
1034 \r
1035                 $body   = postVar('body');\r
1036                 $title  = postVar('title');\r
1037                 $more   = postVar('more');\r
1038                 $closed = intPostVar('closed');\r
1039 \r
1040                 // default action = add now\r
1041                 if (!$actiontype)\r
1042                         $actiontype='addnow';\r
1043 \r
1044                 // create new category if needed\r
1045                 if (strstr($catid,'newcat')) {\r
1046                         // get blogid\r
1047                         list($blogid) = sscanf($catid,"newcat-%d");\r
1048 \r
1049                         // create\r
1050                         $blog =& $manager->getBlog($blogid);\r
1051                         $catid = $blog->createNewCategory();\r
1052 \r
1053                         // show error when sth goes wrong\r
1054                         if (!$catid)\r
1055                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1056                 }\r
1057 \r
1058                 /*\r
1059                         set some variables based on actiontype\r
1060 \r
1061                         actiontypes:\r
1062                                 draft items -> addnow, addfuture, adddraft, delete\r
1063                                 non-draft items -> edit, changedate, delete\r
1064 \r
1065                         variables set:\r
1066                                 $timestamp: set to a nonzero value for future dates or date changes\r
1067                                 $wasdraft: set to 1 when the item used to be a draft item\r
1068                                 $publish: set to 1 when the edited item is not a draft\r
1069                 */\r
1070                 switch ($actiontype) {\r
1071                         case 'adddraft':\r
1072                                 $publish = 0;\r
1073                                 $wasdraft = 1;\r
1074                                 $timestamp = 0;\r
1075                                 break;\r
1076                         case 'addfuture':\r
1077                                 $wasdraft = 1;\r
1078                                 $publish = 1;\r
1079                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
1080                                 break;\r
1081                         case 'addnow':\r
1082                                 $wasdraft = 1;\r
1083                                 $publish = 1;\r
1084                                 $timestamp = 0;\r
1085                                 break;\r
1086                         case 'changedate':\r
1087                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
1088                                 $publish = 1;\r
1089                                 $wasdraft = 0;\r
1090                                 break;\r
1091                         case 'edit':\r
1092                         default:\r
1093                                 $publish = 1;\r
1094                                 $wasdraft = 0;\r
1095                                 $timestamp = 0;\r
1096                 }\r
1097 \r
1098                 // edit the item for real\r
1099                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
1100 \r
1101                 $blogid = getBlogIDFromItemID($itemid);\r
1102                 $blog =& $manager->getBlog($blogid);\r
1103                 if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {\r
1104                         $this->action_sendping($blogid);\r
1105                         return;\r
1106                 }\r
1107 \r
1108                 // show category edit window when we created a new category\r
1109                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
1110                 if ($catid != intPostVar('catid')) {\r
1111                         $this->action_categoryedit(\r
1112                                 $catid,\r
1113                                 $blog->getID(),\r
1114                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
1115                         );\r
1116                 } else {\r
1117                         // TODO: set start item correctly for itemlist\r
1118                         $this->action_itemlist(getBlogIDFromItemID($itemid));\r
1119                 }\r
1120         }\r
1121 \r
1122         function action_itemdelete() {\r
1123                 global $member, $manager;\r
1124 \r
1125                 $itemid = intRequestVar('itemid');\r
1126 \r
1127                 // only allow if user is allowed to alter item\r
1128                 $member->canAlterItem($itemid) or $this->disallow();\r
1129 \r
1130                 if (!$manager->existsItem($itemid,1,1))\r
1131                         $this->error(_ERROR_NOSUCHITEM);\r
1132 \r
1133                 $item =& $manager->getItem($itemid,1,1);\r
1134                 $title = htmlspecialchars(strip_tags($item['title']));\r
1135                 $body = strip_tags($item['body']);\r
1136                 $body = htmlspecialchars(shorten($body,300,'...'));\r
1137 \r
1138                 $this->pagehead();\r
1139                 ?>\r
1140                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1141 \r
1142                         <p><?php echo _CONFIRMTXT_ITEM?></p>\r
1143 \r
1144                         <div class="note">\r
1145                                 <b>"<?php echo  $title ?>"</b>\r
1146                                 <br />\r
1147                                 <?php echo $body?>\r
1148                         </div>\r
1149 \r
1150                         <form method="post" action="index.php"><div>\r
1151                                 <input type="hidden" name="action" value="itemdeleteconfirm" />\r
1152                                 <?php $manager->addTicketHidden() ?>\r
1153                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1154                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
1155                         </div></form>\r
1156                 <?php\r
1157                 $this->pagefoot();\r
1158         }\r
1159 \r
1160         function action_itemdeleteconfirm() {\r
1161                 global $member;\r
1162 \r
1163                 $itemid = intRequestVar('itemid');\r
1164 \r
1165                 // only allow if user is allowed to alter item\r
1166                 $member->canAlterItem($itemid) or $this->disallow();\r
1167 \r
1168                 // get blogid first\r
1169                 $blogid = getBlogIdFromItemId($itemid);\r
1170 \r
1171                 // delete item (note: some checks will be performed twice)\r
1172                 $this->deleteOneItem($itemid);\r
1173 \r
1174                 $this->action_itemlist($blogid);\r
1175         }\r
1176 \r
1177         // deletes one item and returns error if something goes wrong\r
1178         function deleteOneItem($itemid) {\r
1179                 global $member, $manager;\r
1180 \r
1181                 // only allow if user is allowed to alter item (also checks if itemid exists)\r
1182                 if (!$member->canAlterItem($itemid))\r
1183                         return _ERROR_DISALLOWED;\r
1184 \r
1185                 $manager->loadClass('ITEM');\r
1186                 ITEM::delete($itemid);\r
1187         }\r
1188 \r
1189         function action_itemmove() {\r
1190                 global $member, $manager;\r
1191 \r
1192                 $itemid = intRequestVar('itemid');\r
1193 \r
1194                 // only allow if user is allowed to alter item\r
1195                 $member->canAlterItem($itemid) or $this->disallow();\r
1196 \r
1197                 $item =& $manager->getItem($itemid,1,1);\r
1198 \r
1199                 $this->pagehead();\r
1200                 ?>\r
1201                         <h2><?php echo _MOVE_TITLE?></h2>\r
1202                         <form method="post" action="index.php"><div>\r
1203                                 <input type="hidden" name="action" value="itemmoveto" />\r
1204                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1205 \r
1206                                 <?php\r
1207 \r
1208                                         $manager->addTicketHidden();\r
1209                                         $this->selectBlogCategory('catid',$item['catid'],10,1);\r
1210                                 ?>\r
1211 \r
1212                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
1213                         </div></form>\r
1214                 <?php\r
1215                 $this->pagefoot();\r
1216         }\r
1217 \r
1218         function action_itemmoveto() {\r
1219                 global $member, $manager;\r
1220 \r
1221                 $itemid = intRequestVar('itemid');\r
1222                 $catid = requestVar('catid');\r
1223 \r
1224                 // create new category if needed\r
1225                 if (strstr($catid,'newcat')) {\r
1226                         // get blogid\r
1227                         list($blogid) = sscanf($catid,'newcat-%d');\r
1228 \r
1229                         // create\r
1230                         $blog =& $manager->getBlog($blogid);\r
1231                         $catid = $blog->createNewCategory();\r
1232 \r
1233                         // show error when sth goes wrong\r
1234                         if (!$catid)\r
1235                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1236                 }\r
1237 \r
1238                 // only allow if user is allowed to alter item\r
1239                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1240 \r
1241                 ITEM::move($itemid, $catid);\r
1242 \r
1243                 if ($catid != intRequestVar('catid'))\r
1244                         $this->action_categoryedit($catid, $blog->getID());\r
1245                 else\r
1246                         $this->action_itemlist(getBlogIDFromCatID($catid));\r
1247         }\r
1248 \r
1249         /**\r
1250           * Moves one item to a given category (category existance should be checked by caller)\r
1251           * errors are returned\r
1252           */\r
1253         function moveOneItem($itemid, $destCatid) {\r
1254                 global $member;\r
1255 \r
1256                 // only allow if user is allowed to move item\r
1257                 if (!$member->canUpdateItem($itemid, $destCatid))\r
1258                         return _ERROR_DISALLOWED;\r
1259 \r
1260                 ITEM::move($itemid, $destCatid);\r
1261         }\r
1262 \r
1263         /**\r
1264           * Adds a item to the chosen blog\r
1265           */\r
1266         function action_additem() {\r
1267                 global $member, $manager, $CONF;\r
1268 \r
1269                 $manager->loadClass('ITEM');\r
1270 \r
1271                 $result = ITEM::createFromRequest();\r
1272 \r
1273                 if ($result['status'] == 'error')\r
1274                         $this->error($result['message']);\r
1275 \r
1276                 $blogid = getBlogIDFromItemID($result['itemid']);\r
1277                 $blog =& $manager->getBlog($blogid);\r
1278 \r
1279                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));\r
1280 \r
1281                 if ($result['status'] == 'newcategory')\r
1282                         $this->action_categoryedit(\r
1283                                 $result['catid'],\r
1284                                 $blogid,\r
1285                                 $blog->pingUserland() ? $pingUrl : ''\r
1286                         );\r
1287                 elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())\r
1288                         $this->action_sendping($blogid);\r
1289                 else\r
1290                         $this->action_itemlist($blogid);\r
1291         }\r
1292 \r
1293         /**\r
1294           * Shows a window that says we're about to ping weblogs.com.\r
1295           * immediately refresh to the real pinging page, which will\r
1296           * show an error, or redirect to the blog.\r
1297           *\r
1298           * @param $blogid ID of blog for which ping needs to be sent out\r
1299           */\r
1300         function action_sendping($blogid = -1) {\r
1301                 global $member, $manager;\r
1302 \r
1303                 if ($blogid == -1)\r
1304                         $blogid = intRequestVar('blogid');\r
1305 \r
1306                 $member->isLoggedIn() or $this->disallow();\r
1307 \r
1308                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));\r
1309 \r
1310                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');\r
1311                 ?>\r
1312                 <h2>Site Updated, Now pinging weblogs.com</h2>\r
1313 \r
1314                 <p>\r
1315                         Pinging weblogs.com! This can a while...\r
1316                         <br />\r
1317                         When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.\r
1318                 </p>\r
1319 \r
1320                 <p>\r
1321                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>\r
1322                 </p>\r
1323                 <?php           $this->pagefoot();\r
1324         }\r
1325 \r
1326         // ping to Weblogs.com\r
1327         // sends the real ping (can take up to 10 seconds!)\r
1328         function action_rawping() {\r
1329                 global $manager;\r
1330                 // TODO: checks?\r
1331 \r
1332                 $blogid = intRequestVar('blogid');\r
1333                 $blog =& $manager->getBlog($blogid);\r
1334 \r
1335                 $result = $blog->sendUserlandPing();\r
1336 \r
1337                 $this->pagehead();\r
1338 \r
1339                 ?>\r
1340 \r
1341                 <h2>Ping Results</h2>\r
1342 \r
1343                 <p>The following message was returned by weblogs.com:</p>\r
1344 \r
1345                 <div class='note'><?php echo  $result ?></div>\r
1346 \r
1347                 <ul>\r
1348                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>\r
1349                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>\r
1350                 </ul>\r
1351 \r
1352                 <?php           $this->pagefoot();\r
1353         }\r
1354 \r
1355         /**\r
1356           * Allows to edit previously made comments\r
1357           */\r
1358         function action_commentedit() {\r
1359                 global $member, $manager;\r
1360 \r
1361                 $commentid = intRequestVar('commentid');\r
1362 \r
1363                 $member->canAlterComment($commentid) or $this->disallow();\r
1364 \r
1365                 $comment = COMMENT::getComment($commentid);\r
1366 \r
1367                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
1368 \r
1369                 // change <br /> to \n\r
1370                 $comment['body'] = str_replace('<br />','',$comment['body']);\r
1371 \r
1372                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);\r
1373 \r
1374                 $this->pagehead();\r
1375 \r
1376                 ?>\r
1377                 <h2><?php echo _EDITC_TITLE?></h2>\r
1378 \r
1379                 <form action="index.php" method="post"><div>\r
1380 \r
1381                 <input type="hidden" name="action" value="commentupdate" />\r
1382                 <?php $manager->addTicketHidden(); ?>\r
1383                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1384                 <table><tr>\r
1385                         <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
1386                 </tr><tr>\r
1387                         <td><?php echo _EDITC_WHO?></td>\r
1388                         <td>\r
1389                         <?php                           if ($comment['member'])\r
1390                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
1391                                 else\r
1392                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
1393                         ?>\r
1394                         </td>\r
1395                 </tr><tr>\r
1396                         <td><?php echo _EDITC_WHEN?></td>\r
1397                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
1398                 </tr><tr>\r
1399                         <td><?php echo _EDITC_HOST?></td>\r
1400                         <td><?php echo  $comment['host']; ?></td>\r
1401                 </tr><tr>\r
1402                         <td><?php echo _EDITC_TEXT?></td>\r
1403                         <td>\r
1404                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)\r
1405                                         echo $comment['body'];\r
1406                                 ?></textarea>\r
1407                         </td>\r
1408                 </tr><tr>\r
1409                         <td><?php echo _EDITC_EDIT?></td>\r
1410                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
1411                 </tr></table>\r
1412 \r
1413                 </div></form>\r
1414                 <?php\r
1415                 $this->pagefoot();\r
1416         }\r
1417 \r
1418         function action_commentupdate() {\r
1419                 global $member, $manager;\r
1420 \r
1421                 $commentid = intRequestVar('commentid');\r
1422 \r
1423                 $member->canAlterComment($commentid) or $this->disallow();\r
1424 \r
1425                 $body = postVar('body');\r
1426 \r
1427                 // intercept words that are too long\r
1428                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)\r
1429                         $this->error(_ERROR_COMMENT_LONGWORD);\r
1430 \r
1431                 // check length\r
1432                 if (strlen($body)<3)\r
1433                         $this->error(_ERROR_COMMENT_NOCOMMENT);\r
1434                 if (strlen($body)>5000)\r
1435                         $this->error(_ERROR_COMMENT_TOOLONG);\r
1436 \r
1437 \r
1438                 // prepare body\r
1439                 $body = COMMENT::prepareBody($body);\r
1440 \r
1441                 // call plugins\r
1442                 $manager->notify('PreUpdateComment',array('body' => &$body));\r
1443 \r
1444                 $query =  'UPDATE '.sql_table('comment')\r
1445                            . " SET cbody='" .addslashes($body). "'"\r
1446                            . " WHERE cnumber=" . $commentid;\r
1447                 sql_query($query);\r
1448 \r
1449                 // get itemid\r
1450                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
1451                 $o = mysql_fetch_object($res);\r
1452                 $itemid = $o->citem;\r
1453 \r
1454                 if ($member->canAlterItem($itemid))\r
1455                         $this->action_itemcommentlist($itemid);\r
1456                 else\r
1457                         $this->action_browseowncomments();\r
1458 \r
1459         }\r
1460 \r
1461         function action_commentdelete() {\r
1462                 global $member, $manager;\r
1463 \r
1464                 $commentid = intRequestVar('commentid');\r
1465 \r
1466                 $member->canAlterComment($commentid) or $this->disallow();\r
1467 \r
1468                 $comment = COMMENT::getComment($commentid);\r
1469 \r
1470                 $body = strip_tags($comment['body']);\r
1471                 $body = htmlspecialchars(shorten($body, 300, '...'));\r
1472 \r
1473                 if ($comment['member'])\r
1474                         $author = $comment['member'];\r
1475                 else\r
1476                         $author = $comment['user'];\r
1477 \r
1478                 $this->pagehead();\r
1479                 ?>\r
1480 \r
1481                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1482 \r
1483                         <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
1484 \r
1485                         <div class="note">\r
1486                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
1487                         <br />\r
1488                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
1489                         </div>\r
1490 \r
1491                         <form method="post" action="index.php"><div>\r
1492                                 <input type="hidden" name="action" value="commentdeleteconfirm" />\r
1493                                 <?php $manager->addTicketHidden() ?>\r
1494                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1495                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
1496                         </div></form>\r
1497                 <?php\r
1498                 $this->pagefoot();\r
1499         }\r
1500 \r
1501         function action_commentdeleteconfirm() {\r
1502                 global $member;\r
1503 \r
1504                 $commentid = intRequestVar('commentid');\r
1505 \r
1506                 // get item id first\r
1507                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
1508                 $o = mysql_fetch_object($res);\r
1509                 $itemid = $o->citem;\r
1510 \r
1511                 $error = $this->deleteOneComment($commentid);\r
1512                 if ($error)\r
1513                         $this->doError($error);\r
1514 \r
1515                 if ($member->canAlterItem($itemid))\r
1516                         $this->action_itemcommentlist($itemid);\r
1517                 else\r
1518                         $this->action_browseowncomments();\r
1519         }\r
1520 \r
1521         function deleteOneComment($commentid) {\r
1522                 global $member, $manager;\r
1523 \r
1524                 $commentid = intval($commentid);\r
1525 \r
1526                 if (!$member->canAlterComment($commentid))\r
1527                         return _ERROR_DISALLOWED;\r
1528 \r
1529                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
1530 \r
1531                 // delete the comments associated with the item\r
1532                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
1533                 sql_query($query);\r
1534 \r
1535                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
1536 \r
1537                 return '';\r
1538         }\r
1539 \r
1540         /**\r
1541           * Usermanagement main\r
1542           */\r
1543         function action_usermanagement() {\r
1544                 global $member, $manager;\r
1545 \r
1546                 // check if allowed\r
1547                 $member->isAdmin() or $this->disallow();\r
1548 \r
1549                 $this->pagehead();\r
1550 \r
1551                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
1552 \r
1553                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
1554 \r
1555                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
1556 \r
1557                 // show list of members with actions\r
1558                 $query =  'SELECT *'\r
1559                            . ' FROM '.sql_table('member');\r
1560                 $template['content'] = 'memberlist';\r
1561                 $template['tabindex'] = 10;\r
1562 \r
1563                 $batch =& new BATCH('member');\r
1564                 $batch->showlist($query,'table',$template);\r
1565 \r
1566                 echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
1567                 ?>\r
1568                         <form method="post" action="index.php"><div>\r
1569 \r
1570                         <input type="hidden" name="action" value="memberadd" />\r
1571                         <?php $manager->addTicketHidden() ?>\r
1572 \r
1573                         <table>\r
1574                         <tr>\r
1575                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
1576                         </tr><tr>\r
1577                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1578                                         <br /><small>(This is the name used to logon)</small>\r
1579                                 </td>\r
1580                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>\r
1581                         </tr><tr>\r
1582                                 <td><?php echo _MEMBERS_REALNAME?></td>\r
1583                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
1584                         </tr><tr>\r
1585                                 <td><?php echo _MEMBERS_PWD?></td>\r
1586                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
1587                         </tr><tr>\r
1588                                 <td><?php echo _MEMBERS_REPPWD?></td>\r
1589                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
1590                         </tr><tr>\r
1591                                 <td><?php echo _MEMBERS_EMAIL?></td>\r
1592                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
1593                         </tr><tr>\r
1594                                 <td><?php echo _MEMBERS_URL?></td>\r
1595                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
1596                         </tr><tr>\r
1597                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1598                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
1599                         </tr><tr>\r
1600                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1601                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
1602                         </tr><tr>\r
1603                                 <td><?php echo _MEMBERS_NOTES?></td>\r
1604                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
1605                         </tr><tr>\r
1606                                 <td><?php echo _MEMBERS_NEW?></td>\r
1607                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
1608                         </tr></table>\r
1609 \r
1610                         </div></form>\r
1611                 <?php\r
1612                 $this->pagefoot();\r
1613         }\r
1614 \r
1615         /**\r
1616           * Edit member settings\r
1617           */\r
1618         function action_memberedit() {\r
1619                 $this->action_editmembersettings(intRequestVar('memberid'));\r
1620         }\r
1621         function action_editmembersettings($memberid = '') {\r
1622                 global $member, $manager, $CONF;\r
1623 \r
1624                 if ($memberid == '')\r
1625                         $memberid = $member->getID();\r
1626 \r
1627                 // check if allowed\r
1628                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1629 \r
1630                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
1631                 $this->pagehead($extrahead);\r
1632 \r
1633                 // show message to go back to member overview (only for admins)\r
1634                 if ($member->isAdmin())\r
1635                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
1636                 else\r
1637                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
1638 \r
1639                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
1640 \r
1641                 $mem = MEMBER::createFromID($memberid);\r
1642 \r
1643                 ?>\r
1644                 <form method="post" action="index.php"><div>\r
1645 \r
1646                 <input type="hidden" name="action" value="changemembersettings" />\r
1647                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
1648                 <?php $manager->addTicketHidden() ?>\r
1649 \r
1650                 <table><tr>\r
1651                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
1652                 </tr><tr>\r
1653                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1654                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1655                         </td>\r
1656                         <td>\r
1657                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1658                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
1659                         <?php } else {\r
1660                                 echo htmlspecialchars($member->getDisplayName());\r
1661                            }\r
1662                         ?>\r
1663                         </td>\r
1664                 </tr><tr>\r
1665                         <td><?php echo _MEMBERS_REALNAME?></td>\r
1666                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
1667                 </tr><tr>\r
1668                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1669                         <td><?php echo _MEMBERS_PWD?></td>\r
1670                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
1671                 </tr><tr>\r
1672                         <td><?php echo _MEMBERS_REPPWD?></td>\r
1673                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
1674                 <?php } ?>\r
1675                 </tr><tr>\r
1676                         <td><?php echo _MEMBERS_EMAIL?>\r
1677                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
1678                         </td>\r
1679                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
1680                 </tr><tr>\r
1681                         <td><?php echo _MEMBERS_URL?></td>\r
1682                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
1683                 <?php // only allow to change this by super-admins\r
1684                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
1685                    if ($member->isAdmin()) {\r
1686                 ?>\r
1687                         </tr><tr>\r
1688                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1689                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
1690                         </tr><tr>\r
1691                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1692                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70); ?></td>\r
1693                 <?php } ?>\r
1694                 </tr><tr>\r
1695                         <td><?php echo _MEMBERS_NOTES?></td>\r
1696                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
1697                 </tr><tr>\r
1698                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
1699                         </td>\r
1700                         <td>\r
1701 \r
1702                                 <select name="deflang" tabindex="85">\r
1703                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
1704                                 <?php                           // show a dropdown list of all available languages\r
1705                                 global $DIR_LANG;\r
1706                                 $dirhandle = opendir($DIR_LANG);\r
1707                                 while ($filename = readdir($dirhandle)) {\r
1708                                         if (ereg("^(.*)\.php$",$filename,$matches)) {\r
1709                                                 $name = $matches[1];\r
1710                                                 echo "<option value='$name'";\r
1711                                                 if ($name == $mem->getLanguage())\r
1712                                                         echo " selected='selected'";\r
1713                                                 echo ">$name</option>";\r
1714                                         }\r
1715                                 }\r
1716                                 closedir($dirhandle);\r
1717 \r
1718                                 ?>\r
1719                                 </select>\r
1720 \r
1721                         </td>\r
1722                 </tr>\r
1723                 <?php\r
1724                         // plugin options\r
1725                         $this->_insertPluginOptions('member',$memberid);\r
1726                 ?>\r
1727                 <tr>\r
1728                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
1729                 </tr><tr>\r
1730                         <td><?php echo _MEMBERS_EDIT?></td>\r
1731                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
1732                 </tr></table>\r
1733 \r
1734                 </div></form>\r
1735 \r
1736                 <?php\r
1737                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
1738 \r
1739                         $manager->notify(\r
1740                                 'MemberSettingsFormExtras',\r
1741                                 array(\r
1742                                         'member' => &$mem\r
1743                                 )\r
1744                         );\r
1745 \r
1746                 $this->pagefoot();\r
1747         }\r
1748 \r
1749 \r
1750         function action_changemembersettings() {\r
1751                 global $member, $CONF, $manager;\r
1752 \r
1753                 $memberid = intRequestVar('memberid');\r
1754 \r
1755                 // check if allowed\r
1756                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1757 \r
1758                 $name                   = trim(postVar('name'));\r
1759                 $realname               = trim(postVar('realname'));\r
1760                 $password               = postVar('password');\r
1761                 $repeatpassword = postVar('repeatpassword');\r
1762                 $email                  = postVar('email');\r
1763                 $url                    = postVar('url');\r
1764 \r
1765                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.\r
1766                 if (!eregi("^https?://", $url))\r
1767                         $url = "http://".$url;\r
1768 \r
1769                 $admin                  = postVar('admin');\r
1770                 $canlogin               = postVar('canlogin');\r
1771                 $notes                  = postVar('notes');\r
1772                 $deflang                = postVar('deflang');\r
1773 \r
1774                 $mem = MEMBER::createFromID($memberid);\r
1775 \r
1776                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1777 \r
1778                         if (!isValidDisplayName($name))\r
1779                                 $this->error(_ERROR_BADNAME);\r
1780 \r
1781                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
1782                                 $this->error(_ERROR_NICKNAMEINUSE);\r
1783 \r
1784                         if ($password != $repeatpassword)\r
1785                                 $this->error(_ERROR_PASSWORDMISMATCH);\r
1786 \r
1787                         if ($password && (strlen($password) < 6))\r
1788                                 $this->error(_ERROR_PASSWORDTOOSHORT);\r
1789                 }\r
1790 \r
1791                 if (!isValidMailAddress($email))\r
1792                         $this->error(_ERROR_BADMAILADDRESS);\r
1793 \r
1794 \r
1795                 if (!$realname)\r
1796                         $this->error(_ERROR_REALNAMEMISSING);\r
1797 \r
1798                 if (($deflang != '') && (!checkLanguage($deflang)))\r
1799                         $this->error(_ERROR_NOSUCHLANGUAGE);\r
1800 \r
1801                 // check if there will remain at least one site member with both the logon and admin rights\r
1802                 // (check occurs when taking away one of these rights from such a member)\r
1803                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
1804                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
1805                    )\r
1806                 {\r
1807                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
1808                         if (mysql_num_rows($r) < 2)\r
1809                                 $this->error(_ERROR_ATLEASTONEADMIN);\r
1810                 }\r
1811 \r
1812                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1813                         $mem->setDisplayName($name);\r
1814                         if ($password)\r
1815                                 $mem->setPassword($password);\r
1816                 }\r
1817 \r
1818                 if ($newpass)\r
1819                         $mem->setPassword($password);\r
1820 \r
1821                 $oldEmail = $mem->getEmail();\r
1822 \r
1823                 $mem->setRealName($realname);\r
1824                 $mem->setEmail($email);\r
1825                 $mem->setURL($url);\r
1826                 $mem->setNotes($notes);\r
1827                 $mem->setLanguage($deflang);\r
1828 \r
1829 \r
1830                 // only allow super-admins to make changes to the admin status\r
1831                 if ($member->isAdmin()) {\r
1832                         $mem->setAdmin($admin);\r
1833                         $mem->setCanLogin($canlogin);\r
1834                 }\r
1835 \r
1836 \r
1837                 $mem->write();\r
1838 \r
1839                 // if email changed, generate new password\r
1840                 if ($oldEmail != $mem->getEmail())\r
1841                 {\r
1842                         $mem->sendActivationLink('addresschange', $oldEmail);\r
1843                         // logout member\r
1844                         $mem->newCookieKey();\r
1845                         $member->logout();\r
1846                         $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
1847                         return;\r
1848                 }\r
1849 \r
1850 \r
1851                 // store plugin options\r
1852                 $aOptions = requestArray('plugoption');\r
1853                 NucleusPlugin::_applyPluginOptions($aOptions);\r
1854                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
1855 \r
1856                 if (  ( $mem->getID() == $member->getID() )\r
1857                    && ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) )\r
1858                    ) {\r
1859                         $mem->newCookieKey();\r
1860                         $member->logout();\r
1861                         $this->action_login(_MSG_LOGINAGAIN, 0);\r
1862                 } else {\r
1863                         $this->action_overview(_MSG_SETTINGSCHANGED);\r
1864                 }\r
1865         }\r
1866 \r
1867         function action_memberadd() {\r
1868                 global $member;\r
1869 \r
1870                 // check if allowed\r
1871                 $member->isAdmin() or $this->disallow();\r
1872 \r
1873                 if (postVar('password') != postVar('repeatpassword'))\r
1874                         $this->error(_ERROR_PASSWORDMISMATCH);\r
1875                 if (strlen(postVar('password')) < 6)\r
1876                         $this->error(_ERROR_PASSWORDTOOSHORT);\r
1877 \r
1878                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
1879                 if ($res != 1)\r
1880                         $this->error($res);\r
1881 \r
1882                 $this->action_usermanagement();\r
1883         }\r
1884 \r
1885         /**\r
1886          * Account activation\r
1887          *\r
1888          * @author dekarma\r
1889          */\r
1890         function action_activate() {\r
1891 \r
1892                 $key = getVar('key');\r
1893                 $this->_showActivationPage($key);\r
1894         }\r
1895 \r
1896         function _showActivationPage($key, $message = '')\r
1897         {\r
1898                 global $manager;\r
1899 \r
1900                 // clean up old activation keys\r
1901                 MEMBER::cleanupActivationTable();\r
1902 \r
1903                 // get activation info\r
1904                 $info = MEMBER::getActivationInfo($key);\r
1905 \r
1906                 if (!$info)\r
1907                         $this->error(_ERROR_ACTIVATE);\r
1908 \r
1909                 $mem = MEMBER::createFromId($info->vmember);\r
1910 \r
1911                 if (!$mem)\r
1912                         $this->error(_ERROR_ACTIVATE);\r
1913 \r
1914                 $text = '';\r
1915                 $title = '';\r
1916                 $bNeedsPasswordChange = true;\r
1917 \r
1918                 switch ($info->vtype)\r
1919                 {\r
1920                         case 'forgot':\r
1921                                 $title = _ACTIVATE_FORGOT_TITLE;\r
1922                                 $text = _ACTIVATE_FORGOT_TEXT;\r
1923                                 break;\r
1924                         case 'register':\r
1925                                 $title = _ACTIVATE_REGISTER_TITLE;\r
1926                                 $text = _ACTIVATE_REGISTER_TEXT;\r
1927                                 break;\r
1928                         case 'addresschange':\r
1929                                 $title = _ACTIVATE_CHANGE_TITLE;\r
1930                                 $text = _ACTIVATE_CHANGE_TEXT;\r
1931                                 $bNeedsPasswordChange = false;\r
1932                                 MEMBER::activate($key);\r
1933                                 break;\r
1934                 }\r
1935 \r
1936                 $aVars = array(\r
1937                         'memberName' => htmlspecialchars($mem->getDisplayName())\r
1938                 );\r
1939                 $title = TEMPLATE::fill($title, $aVars);\r
1940                 $text = TEMPLATE::fill($text, $aVars);\r
1941 \r
1942                 $this->pagehead();\r
1943 \r
1944                         echo '<h2>' , $title, '</h2>';\r
1945                         echo '<p>' , $text, '</p>';\r
1946 \r
1947                         if ($message != '')\r
1948                         {\r
1949                                 echo '<p class="error">',$message,'</p>';\r
1950                         }\r
1951 \r
1952                         if ($bNeedsPasswordChange)\r
1953                         {\r
1954                                 ?>\r
1955                                         <div><form action="index.php" method="post">\r
1956 \r
1957                                                 <input type="hidden" name="action" value="activatesetpwd" />\r
1958                                                 <?php $manager->addTicketHidden() ?>\r
1959                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
1960 \r
1961                                                 <table><tr>\r
1962                                                         <td><?php echo _MEMBERS_PWD?></td>\r
1963                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
1964                                                 </tr><tr>\r
1965                                                         <td><?php echo _MEMBERS_REPPWD?></td>\r
1966                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
1967                                                 <?php\r
1968 \r
1969                                                         global $manager;\r
1970                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));\r
1971 \r
1972                                                 ?>\r
1973                                                 </tr><tr>\r
1974                                                         <td><?php echo _MEMBERS_SETPWD ?></td>\r
1975                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
1976                                                 </tr></table>\r
1977 \r
1978 \r
1979                                         </form></div>\r
1980 \r
1981                                 <?php\r
1982 \r
1983                         }\r
1984 \r
1985                 $this->pagefoot();\r
1986 \r
1987         }\r
1988 \r
1989         /**\r
1990          * Account activation - set password part\r
1991          *\r
1992          * @author dekarma\r
1993          */\r
1994         function action_activatesetpwd() {\r
1995 \r
1996                 $key = postVar('key');\r
1997 \r
1998                 // clean up old activation keys\r
1999                 MEMBER::cleanupActivationTable();\r
2000 \r
2001                 // get activation info\r
2002                 $info = MEMBER::getActivationInfo($key);\r
2003 \r
2004                 if (!$info || ($info->type == 'addresschange'))\r
2005                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2006 \r
2007                 $mem = MEMBER::createFromId($info->vmember);\r
2008 \r
2009                 if (!$mem)\r
2010                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2011 \r
2012                 $password               = postVar('password');\r
2013                 $repeatpassword = postVar('repeatpassword');\r
2014 \r
2015                 if ($password != $repeatpassword)\r
2016                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
2017 \r
2018                 if ($password && (strlen($password) < 6))\r
2019                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
2020 \r
2021                 $error = '';\r
2022                 global $manager;\r
2023                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
2024                 if ($error != '')\r
2025                         return $this->_showActivationPage($key, $error);\r
2026 \r
2027 \r
2028                 // set password\r
2029                 $mem->setPassword($password);\r
2030                 $mem->write();\r
2031 \r
2032                 // do the activation\r
2033                 MEMBER::activate($key);\r
2034 \r
2035                 $this->pagehead();\r
2036                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
2037                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
2038                 $this->pagefoot();\r
2039         }\r
2040 \r
2041         /**\r
2042           * Manage team\r
2043           */\r
2044         function action_manageteam() {\r
2045                 global $member, $manager;\r
2046 \r
2047                 $blogid = intRequestVar('blogid');\r
2048 \r
2049                 // check if allowed\r
2050                 $member->blogAdminRights($blogid) or $this->disallow();\r
2051 \r
2052                 $this->pagehead();\r
2053 \r
2054                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2055 \r
2056                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
2057 \r
2058                 echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
2059 \r
2060 \r
2061 \r
2062                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
2063                            . ' FROM '.sql_table('member').', '.sql_table('team')\r
2064                            . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
2065 \r
2066                 $template['content'] = 'teamlist';\r
2067                 $template['tabindex'] = 10;\r
2068 \r
2069                 $batch =& new BATCH('team');\r
2070                 $batch->showlist($query, 'table', $template);\r
2071 \r
2072                 ?>\r
2073                         <h3><?php echo _TEAM_ADDNEW?></h3>\r
2074 \r
2075                         <form method='post' action='index.php'><div>\r
2076 \r
2077                         <input type='hidden' name='action' value='teamaddmember' />\r
2078                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
2079                         <?php $manager->addTicketHidden() ?>\r
2080 \r
2081                         <table><tr>\r
2082                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
2083                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed\r
2084                                         $query =  'SELECT mname as text, mnumber as value'\r
2085                                                    . ' FROM '.sql_table('member');\r
2086 \r
2087                                         $template['name'] = 'memberid';\r
2088                                         $template['tabindex'] = 10000;\r
2089                                         showlist($query,'select',$template);\r
2090                                 ?></td>\r
2091                         </tr><tr>\r
2092                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
2093                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
2094                         </tr><tr>\r
2095                                 <td><?php echo _TEAM_ADD?></td>\r
2096                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
2097                         </tr></table>\r
2098 \r
2099                         </div></form>\r
2100                 <?php\r
2101                 $this->pagefoot();\r
2102         }\r
2103 \r
2104         /**\r
2105           * Add member tot tram\r
2106           */\r
2107         function action_teamaddmember() {\r
2108                 global $member, $manager;\r
2109 \r
2110                 $memberid = intPostVar('memberid');\r
2111                 $blogid = intPostVar('blogid');\r
2112                 $admin = intPostVar('admin');\r
2113 \r
2114                 // check if allowed\r
2115                 $member->blogAdminRights($blogid) or $this->disallow();\r
2116 \r
2117                 $blog =& $manager->getBlog($blogid);\r
2118                 if (!$blog->addTeamMember($memberid, $admin))\r
2119                         $this->error(_ERROR_ALREADYONTEAM);\r
2120 \r
2121                 $this->action_manageteam();\r
2122 \r
2123         }\r
2124 \r
2125         function action_teamdelete() {\r
2126                 global $member, $manager;\r
2127 \r
2128                 $memberid = intRequestVar('memberid');\r
2129                 $blogid = intRequestVar('blogid');\r
2130 \r
2131                 // check if allowed\r
2132                 $member->blogAdminRights($blogid) or $this->disallow();\r
2133 \r
2134                 $teammem = MEMBER::createFromID($memberid);\r
2135                 $blog =& $manager->getBlog($blogid);\r
2136 \r
2137                 $this->pagehead();\r
2138                 ?>\r
2139                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2140 \r
2141                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
2142                         </p>\r
2143 \r
2144 \r
2145                         <form method="post" action="index.php"><div>\r
2146                         <input type="hidden" name="action" value="teamdeleteconfirm" />\r
2147                         <?php $manager->addTicketHidden() ?>\r
2148                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
2149                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2150                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2151                         </div></form>\r
2152                 <?php\r
2153                 $this->pagefoot();\r
2154         }\r
2155 \r
2156         function action_teamdeleteconfirm() {\r
2157                 global $member;\r
2158 \r
2159                 $memberid = intRequestVar('memberid');\r
2160                 $blogid = intRequestVar('blogid');\r
2161 \r
2162                 $error = $this->deleteOneTeamMember($blogid, $memberid);\r
2163                 if ($error)\r
2164                         $this->error($error);\r
2165 \r
2166 \r
2167                 $this->action_manageteam();\r
2168         }\r
2169 \r
2170         function deleteOneTeamMember($blogid, $memberid) {\r
2171                 global $member, $manager;\r
2172 \r
2173                 $blogid = intval($blogid);\r
2174                 $memberid = intval($memberid);\r
2175 \r
2176                 // check if allowed\r
2177                 if (!$member->blogAdminRights($blogid))\r
2178                         return _ERROR_DISALLOWED;\r
2179 \r
2180                 // check if: - there remains at least one blog admin\r
2181                 //           - (there remains at least one team member)\r
2182                 $tmem = MEMBER::createFromID($memberid);\r
2183 \r
2184                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
2185 \r
2186                 if ($tmem->isBlogAdmin($blogid)) {\r
2187                         // check if there are more blog members left and at least one admin\r
2188                         // (check for at least two admins before deletion)\r
2189                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
2190                         $r = sql_query($query);\r
2191                         if (mysql_num_rows($r) < 2)\r
2192                                 return _ERROR_ATLEASTONEBLOGADMIN;\r
2193                 }\r
2194 \r
2195                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
2196                 sql_query($query);\r
2197 \r
2198                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
2199 \r
2200                 return '';\r
2201         }\r
2202 \r
2203         function action_teamchangeadmin() {\r
2204                 global $member;\r
2205 \r
2206                 $blogid = intRequestVar('blogid');\r
2207                 $memberid = intRequestVar('memberid');\r
2208 \r
2209                 // check if allowed\r
2210                 $member->blogAdminRights($blogid) or $this->disallow();\r
2211 \r
2212                 $mem = MEMBER::createFromID($memberid);\r
2213 \r
2214                 // don't allow when there is only one admin at this moment\r
2215                 if ($mem->isBlogAdmin($blogid)) {\r
2216                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
2217                         if (mysql_num_rows($r) == 1)\r
2218                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
2219                 }\r
2220 \r
2221                 if ($mem->isBlogAdmin($blogid))\r
2222                         $newval = 0;\r
2223                 else\r
2224                         $newval = 1;\r
2225 \r
2226                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
2227                 sql_query($query);\r
2228 \r
2229                 // only show manageteam if member did not change its own admin privileges\r
2230                 if ($member->isBlogAdmin($blogid))\r
2231                         $this->action_manageteam();\r
2232                 else\r
2233                         $this->action_overview(_MSG_ADMINCHANGED);\r
2234         }\r
2235 \r
2236         function action_blogsettings() {\r
2237                 global $member, $manager;\r
2238 \r
2239                 $blogid = intRequestVar('blogid');\r
2240 \r
2241                 // check if allowed\r
2242                 $member->blogAdminRights($blogid) or $this->disallow();\r
2243 \r
2244                 $blog =& $manager->getBlog($blogid);\r
2245 \r
2246                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2247                 $this->pagehead($extrahead);\r
2248 \r
2249                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
2250                 ?>\r
2251                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
2252 \r
2253                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
2254 \r
2255                 <p>Members currently on your team:\r
2256                 <?php\r
2257                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
2258                         $aMemberNames = array();\r
2259                         while ($o = mysql_fetch_object($res))\r
2260                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
2261                         echo implode(',', $aMemberNames);\r
2262                 ?>\r
2263                 </p>\r
2264 \r
2265 \r
2266 \r
2267                 <p>\r
2268                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
2269                 </p>\r
2270 \r
2271                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
2272 \r
2273                 <form method="post" action="index.php"><div>\r
2274 \r
2275                 <input type="hidden" name="action" value="blogsettingsupdate" />\r
2276                 <?php $manager->addTicketHidden() ?>\r
2277                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2278                 <table><tr>\r
2279                         <td><?php echo _EBLOG_NAME?></td>\r
2280                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
2281                 </tr><tr>\r
2282                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
2283                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
2284                         </td>\r
2285                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
2286                 </tr><tr>\r
2287                         <td><?php echo _EBLOG_DESC?></td>\r
2288                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
2289                 </tr><tr>\r
2290                         <td><?php echo _EBLOG_URL?></td>\r
2291                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
2292                 </tr><tr>\r
2293                         <td><?php echo _EBLOG_DEFSKIN?>\r
2294                                 <?php help('blogdefaultskin'); ?>\r
2295                         </td>\r
2296                         <td>\r
2297                                 <?php\r
2298                                         $query =  'SELECT sdname as text, sdnumber as value'\r
2299                                                    . ' FROM '.sql_table('skin_desc');\r
2300                                         $template['name'] = 'defskin';\r
2301                                         $template['selected'] = $blog->getDefaultSkin();\r
2302                                         $template['tabindex'] = 50;\r
2303                                         showlist($query,'select',$template);\r
2304                                 ?>\r
2305 \r
2306                         </td>\r
2307                 </tr><tr>\r
2308                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
2309                         </td>\r
2310                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
2311                 </tr><tr>\r
2312                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
2313                         </td>\r
2314                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
2315                 </tr><tr>\r
2316                         <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
2317                         </td>\r
2318                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
2319                 </tr><tr>\r
2320                         <td><?php echo _EBLOG_ANONYMOUS?>\r
2321                         </td>\r
2322                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
2323                 </tr><tr>\r
2324                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
2325                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
2326                 </tr><tr>\r
2327                         <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
2328                         <td>\r
2329                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
2330                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
2331                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
2332                                 <br />\r
2333                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
2334                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
2335                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
2336                                 <br />\r
2337                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
2338                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
2339                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
2340                         </td>\r
2341                 </tr><tr>\r
2342                         <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>\r
2343                         <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>\r
2344                 </tr><tr>\r
2345                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
2346                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
2347                 </tr><tr>\r
2348                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
2349                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
2350                 </tr><tr>\r
2351                         <td><?php echo _EBLOG_DEFCAT?></td>\r
2352                         <td>\r
2353                                 <?php\r
2354                                         $query =  'SELECT cname as text, catid as value'\r
2355                                                    . ' FROM '.sql_table('category')\r
2356                                                    . ' WHERE cblog=' . $blog->getID();\r
2357                                         $template['name'] = 'defcat';\r
2358                                         $template['selected'] = $blog->getDefaultCategory();\r
2359                                         $template['tabindex'] = 110;\r
2360                                         showlist($query,'select',$template);\r
2361                                 ?>\r
2362                         </td>\r
2363                 </tr><tr>\r
2364                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
2365                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
2366                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
2367                                 </td>\r
2368                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
2369                 </tr><tr>\r
2370                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
2371                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
2372                 </tr>\r
2373                 <?php\r
2374                         // plugin options\r
2375                         $this->_insertPluginOptions('blog',$blogid);\r
2376                 ?>\r
2377                 <tr>\r
2378                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
2379                 </tr><tr>\r
2380                         <td><?php echo _EBLOG_CHANGE?></td>\r
2381                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
2382                 </tr></table>\r
2383 \r
2384                 </div></form>\r
2385 \r
2386                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
2387 \r
2388 \r
2389                 <?php\r
2390                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
2391                 $template['content'] = 'categorylist';\r
2392                 $template['tabindex'] = 200;\r
2393 \r
2394                 $batch =& new BATCH('category');\r
2395                 $batch->showlist($query,'table',$template);\r
2396 \r
2397                 ?>\r
2398 \r
2399 \r
2400                 <form action="index.php" method="post"><div>\r
2401                 <input name="action" value="categorynew" type="hidden" />\r
2402                 <?php $manager->addTicketHidden() ?>\r
2403                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
2404 \r
2405                 <table><tr>\r
2406                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
2407                 </tr><tr>\r
2408                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2409                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
2410                 </tr><tr>\r
2411                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2412                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
2413                 </tr><tr>\r
2414                         <td><?php echo _EBLOG_CAT_CREATE?></td>\r
2415                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
2416                 </tr></table>\r
2417 \r
2418                 </div></form>\r
2419 \r
2420                 <?php\r
2421 \r
2422                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
2423 \r
2424                         $manager->notify(\r
2425                                 'BlogSettingsFormExtras',\r
2426                                 array(\r
2427                                         'blog' => &$blog\r
2428                                 )\r
2429                         );\r
2430 \r
2431                 $this->pagefoot();\r
2432         }\r
2433 \r
2434         function action_categorynew() {\r
2435                 global $member, $manager;\r
2436 \r
2437                 $blogid = intRequestVar('blogid');\r
2438 \r
2439                 $member->blogAdminRights($blogid) or $this->disallow();\r
2440 \r
2441                 $cname = postVar('cname');\r
2442                 $cdesc = postVar('cdesc');\r
2443 \r
2444                 if (!isValidCategoryName($cname))\r
2445                         $this->error(_ERROR_BADCATEGORYNAME);\r
2446 \r
2447                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);\r
2448                 $res = sql_query($query);\r
2449                 if (mysql_num_rows($res) > 0)\r
2450                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2451 \r
2452                 $blog           =& $manager->getBlog($blogid);\r
2453                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);\r
2454 \r
2455                 $this->action_blogsettings();\r
2456         }\r
2457 \r
2458 \r
2459         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
2460                 global $member, $manager;\r
2461 \r
2462                 if ($blogid == '')\r
2463                         $blogid = intGetVar('blogid');\r
2464                 else\r
2465                         $blogid = intval($blogid);\r
2466                 if ($catid == '')\r
2467                         $catid = intGetVar('catid');\r
2468                 else\r
2469                         $catid = intval($catid);\r
2470 \r
2471                 $member->blogAdminRights($blogid) or $this->disallow();\r
2472 \r
2473                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
2474                 $obj = mysql_fetch_object($res);\r
2475 \r
2476                 $cname = $obj->cname;\r
2477                 $cdesc = $obj->cdesc;\r
2478 \r
2479                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2480                 $this->pagehead($extrahead);\r
2481 \r
2482                 ?>\r
2483                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
2484                 <form method='post' action='index.php'><div>\r
2485                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
2486                 <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
2487                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
2488                 <input name="action" type="hidden" value="categoryupdate" />\r
2489                 <?php $manager->addTicketHidden(); ?>\r
2490 \r
2491                 <table><tr>\r
2492                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2493                 </tr><tr>\r
2494                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2495                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
2496                 </tr><tr>\r
2497                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2498                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
2499                 </tr>\r
2500                 <?php\r
2501                         // insert plugin options\r
2502                         $this->_insertPluginOptions('category',$catid);\r
2503                 ?>\r
2504                 <tr>\r
2505                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2506                 </tr><tr>\r
2507                         <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
2508                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
2509                 </tr></table>\r
2510 \r
2511                 </div></form>\r
2512                 <?php\r
2513                 $this->pagefoot();\r
2514         }\r
2515 \r
2516 \r
2517         function action_categoryupdate() {\r
2518                 global $member, $manager;\r
2519 \r
2520                 $blogid = intPostVar('blogid');\r
2521                 $catid = intPostVar('catid');\r
2522                 $cname = postVar('cname');\r
2523                 $cdesc = postVar('cdesc');\r
2524                 $desturl = postVar('desturl');\r
2525 \r
2526                 $member->blogAdminRights($blogid) or $this->disallow();\r
2527 \r
2528                 if (!isValidCategoryName($cname))\r
2529                         $this->error(_ERROR_BADCATEGORYNAME);\r
2530 \r
2531                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
2532                 $res = sql_query($query);\r
2533                 if (mysql_num_rows($res) > 0)\r
2534                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2535 \r
2536                 $query =  'UPDATE '.sql_table('category').' SET'\r
2537                            . " cname='" . addslashes($cname) . "',"\r
2538                            . " cdesc='" . addslashes($cdesc) . "'"\r
2539                            . " WHERE catid=" . $catid;\r
2540 \r
2541                 sql_query($query);\r
2542 \r
2543                 // store plugin options\r
2544                 $aOptions = requestArray('plugoption');\r
2545                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2546                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));\r
2547 \r
2548 \r
2549                 if ($desturl) {\r
2550                         redirect($desturl);\r
2551                         exit;\r
2552                 } else {\r
2553                         $this->action_blogsettings();\r
2554                 }\r
2555         }\r
2556 \r
2557         function action_categorydelete() {\r
2558                 global $member, $manager;\r
2559 \r
2560                 $blogid = intRequestVar('blogid');\r
2561                 $catid = intRequestVar('catid');\r
2562 \r
2563                 $member->blogAdminRights($blogid) or $this->disallow();\r
2564 \r
2565                 $blog =& $manager->getBlog($blogid);\r
2566 \r
2567                 // check if the category is valid\r
2568                 if (!$blog->isValidCategory($catid))\r
2569                         $this->error(_ERROR_NOSUCHCATEGORY);\r
2570 \r
2571                 // don't allow deletion of default category\r
2572                 if ($blog->getDefaultCategory() == $catid)\r
2573                         $this->error(_ERROR_DELETEDEFCATEGORY);\r
2574 \r
2575                 // check if catid is the only category left for blogid\r
2576                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2577                 $res = sql_query($query);\r
2578                 if (mysql_num_rows($res) == 1)\r
2579                         $this->error(_ERROR_DELETELASTCATEGORY);\r
2580 \r
2581 \r
2582                 $this->pagehead();\r
2583                 ?>\r
2584                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2585 \r
2586                         <div>\r
2587                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  $blog->getCategoryName($catid)?></b>\r
2588                         </div>\r
2589 \r
2590                         <form method="post" action="index.php"><div>\r
2591                         <input type="hidden" name="action" value="categorydeleteconfirm" />\r
2592                         <?php $manager->addTicketHidden() ?>\r
2593                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
2594                         <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
2595                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2596                         </div></form>\r
2597                 <?php\r
2598                 $this->pagefoot();\r
2599         }\r
2600 \r
2601         function action_categorydeleteconfirm() {\r
2602                 global $member, $manager;\r
2603 \r
2604                 $blogid = intRequestVar('blogid');\r
2605                 $catid = intRequestVar('catid');\r
2606 \r
2607                 $member->blogAdminRights($blogid) or $this->disallow();\r
2608 \r
2609                 $error = $this->deleteOneCategory($catid);\r
2610                 if ($error)\r
2611                         $this->error($error);\r
2612 \r
2613                 $this->action_blogsettings();\r
2614         }\r
2615 \r
2616         function deleteOneCategory($catid) {\r
2617                 global $manager, $member;\r
2618 \r
2619                 $catid = intval($catid);\r
2620 \r
2621                 $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
2622 \r
2623                 $blogid = getBlogIDFromCatID($catid);\r
2624 \r
2625                 if (!$member->blogAdminRights($blogid))\r
2626                         return ERROR_DISALLOWED;\r
2627 \r
2628                 // get blog\r
2629                 $blog =& $manager->getBlog($blogid);\r
2630 \r
2631                 // check if the category is valid\r
2632                 if (!$blog || !$blog->isValidCategory($catid))\r
2633                         return _ERROR_NOSUCHCATEGORY;\r
2634 \r
2635                 $destcatid = $blog->getDefaultCategory();\r
2636 \r
2637                 // don't allow deletion of default category\r
2638                 if ($blog->getDefaultCategory() == $catid)\r
2639                         return _ERROR_DELETEDEFCATEGORY;\r
2640 \r
2641                 // check if catid is the only category left for blogid\r
2642                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2643                 $res = sql_query($query);\r
2644                 if (mysql_num_rows($res) == 1)\r
2645                         return _ERROR_DELETELASTCATEGORY;\r
2646 \r
2647                 // change category for all items to the default category\r
2648                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
2649                 sql_query($query);\r
2650 \r
2651                 // delete all associated plugin options\r
2652                 NucleusPlugin::_deleteOptionValues('category', $catid);\r
2653 \r
2654                 // delete category\r
2655                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
2656                 sql_query($query);\r
2657 \r
2658                 $manager->notify('PostDeleteCategory', array('catid' => $catid));\r
2659 \r
2660         }\r
2661 \r
2662         function moveOneCategory($catid, $destblogid) {\r
2663                 global $manager, $member;\r
2664 \r
2665                 $catid = intval($catid);\r
2666                 $destblogid = intval($destblogid);\r
2667 \r
2668                 $blogid = getBlogIDFromCatID($catid);\r
2669 \r
2670                 // mover should have admin rights on both blogs\r
2671                 if (!$member->blogAdminRights($blogid))\r
2672                         return _ERROR_DISALLOWED;\r
2673                 if (!$member->blogAdminRights($destblogid))\r
2674                         return _ERROR_DISALLOWED;\r
2675 \r
2676                 // cannot move to self\r
2677                 if ($blogid == $destblogid)\r
2678                         return _ERROR_MOVETOSELF;\r
2679 \r
2680                 // get blogs\r
2681                 $blog =& $manager->getBlog($blogid);\r
2682                 $destblog =& $manager->getBlog($destblogid);\r
2683 \r
2684                 // check if the category is valid\r
2685                 if (!$blog || !$blog->isValidCategory($catid))\r
2686                         return _ERROR_NOSUCHCATEGORY;\r
2687 \r
2688                 // don't allow default category to be moved\r
2689                 if ($blog->getDefaultCategory() == $catid)\r
2690                         return _ERROR_MOVEDEFCATEGORY;\r
2691 \r
2692                 $manager->notify(\r
2693                         'PreMoveCategory',\r
2694                         array(\r
2695                                 'catid' => &$catid,\r
2696                                 'sourceblog' => &$blog,\r
2697                                 'destblog' => &$destblog\r
2698                         )\r
2699                 );\r
2700 \r
2701                 // update comments table (cblog)\r
2702                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
2703                 $items = sql_query($query);\r
2704                 while ($oItem = mysql_fetch_object($items)) {\r
2705                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);\r
2706                 }\r
2707 \r
2708                 // update items (iblog)\r
2709                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;\r
2710                 sql_query($query);\r
2711 \r
2712                 // move category\r
2713                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;\r
2714                 sql_query($query);\r
2715 \r
2716                 $manager->notify(\r
2717                         'PostMoveCategory',\r
2718                         array(\r
2719                                 'catid' => &$catid,\r
2720                                 'sourceblog' => &$blog,\r
2721                                 'destblog' => $destblog\r
2722                         )\r
2723                 );\r
2724 \r
2725         }\r
2726 \r
2727         function action_blogsettingsupdate() {\r
2728                 global $member, $manager;\r
2729 \r
2730                 $blogid = intRequestVar('blogid');\r
2731 \r
2732                 $member->blogAdminRights($blogid) or $this->disallow();\r
2733 \r
2734                 $blog =& $manager->getBlog($blogid);\r
2735 \r
2736                 $notify                 = trim(postVar('notify'));\r
2737                 $shortname              = trim(postVar('shortname'));\r
2738                 $updatefile             = trim(postVar('update'));\r
2739 \r
2740                 $notifyComment  = intPostVar('notifyComment');\r
2741                 $notifyVote             = intPostVar('notifyVote');\r
2742                 $notifyNewItem  = intPostVar('notifyNewItem');\r
2743 \r
2744                 if ($notifyComment == 0)        $notifyComment = 1;\r
2745                 if ($notifyVote == 0)           $notifyVote = 1;\r
2746                 if ($notifyNewItem == 0)        $notifyNewItem = 1;\r
2747 \r
2748                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
2749 \r
2750 \r
2751                 if ($notify) {\r
2752                         $not =& new NOTIFICATION($notify);\r
2753                         if (!$not->validAddresses())\r
2754                                 $this->error(_ERROR_BADNOTIFY);\r
2755 \r
2756                 }\r
2757 \r
2758                 if (!isValidShortName($shortname))\r
2759                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
2760 \r
2761                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))\r
2762                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
2763 \r
2764                 // check if update file is writable\r
2765                 if ($updatefile && !is_writeable($updatefile))\r
2766                         $this->error(_ERROR_UPDATEFILE);\r
2767 \r
2768                 $blog->setName(trim(postVar('name')));\r
2769                 $blog->setShortName($shortname);\r
2770                 $blog->setNotifyAddress($notify);\r
2771                 $blog->setNotifyType($notifyType);\r
2772                 $blog->setMaxComments(postVar('maxcomments'));\r
2773                 $blog->setCommentsEnabled(postVar('comments'));\r
2774                 $blog->setTimeOffset(postVar('timeoffset'));\r
2775                 $blog->setUpdateFile($updatefile);\r
2776                 $blog->setURL(trim(postVar('url')));\r
2777                 $blog->setDefaultSkin(intPostVar('defskin'));\r
2778                 $blog->setDescription(trim(postVar('desc')));\r
2779                 $blog->setPublic(postVar('public'));\r
2780                 $blog->setPingUserland(postVar('pinguserland'));\r
2781                 $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
2782                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
2783                 $blog->setDefaultCategory(intPostVar('defcat'));\r
2784                 $blog->setSearchable(intPostVar('searchable'));\r
2785 \r
2786                 $blog->writeSettings();\r
2787 \r
2788                 // store plugin options\r
2789                 $aOptions = requestArray('plugoption');\r
2790                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2791                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));\r
2792 \r
2793 \r
2794                 $this->action_overview(_MSG_SETTINGSCHANGED);\r
2795         }\r
2796 \r
2797         function action_deleteblog() {\r
2798                 global $member, $CONF, $manager;\r
2799 \r
2800                 $blogid = intRequestVar('blogid');\r
2801 \r
2802                 $member->blogAdminRights($blogid) or $this->disallow();\r
2803 \r
2804                 // check if blog is default blog\r
2805                 if ($CONF['DefaultBlog'] == $blogid)\r
2806                         $this->error(_ERROR_DELDEFBLOG);\r
2807 \r
2808                 $blog =& $manager->getBlog($blogid);\r
2809 \r
2810                 $this->pagehead();\r
2811                 ?>\r
2812                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2813 \r
2814                         <p><?php echo _WARNINGTXT_BLOGDEL?>\r
2815                         </p>\r
2816 \r
2817                         <div>\r
2818                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>\r
2819                         </div>\r
2820 \r
2821                         <form method="post" action="index.php"><div>\r
2822                         <input type="hidden" name="action" value="deleteblogconfirm" />\r
2823                         <?php $manager->addTicketHidden() ?>\r
2824                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2825                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2826                         </div></form>\r
2827                 <?php\r
2828                 $this->pagefoot();\r
2829         }\r
2830 \r
2831         function action_deleteblogconfirm() {\r
2832                 global $member, $CONF, $manager;\r
2833 \r
2834                 $blogid = intRequestVar('blogid');\r
2835 \r
2836                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));\r
2837 \r
2838                 $member->blogAdminRights($blogid) or $this->disallow();\r
2839 \r
2840                 // check if blog is default blog\r
2841                 if ($CONF['DefaultBlog'] == $blogid)\r
2842                         $this->error(_ERROR_DELDEFBLOG);\r
2843 \r
2844                 // delete all comments\r
2845                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;\r
2846                 sql_query($query);\r
2847 \r
2848                 // delete all items\r
2849                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;\r
2850                 sql_query($query);\r
2851 \r
2852                 // delete all team members\r
2853                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;\r
2854                 sql_query($query);\r
2855 \r
2856                 // delete all bans\r
2857                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;\r
2858                 sql_query($query);\r
2859 \r
2860                 // delete all categories\r
2861                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;\r
2862                 sql_query($query);\r
2863 \r
2864                 // delete all associated plugin options\r
2865                 NucleusPlugin::_deleteOptionValues('blog', $blogid);\r