OSDN Git Service

sync with v3.24
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php
2 /*
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4  * Copyright (C) 2002-2006 The Nucleus Group
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2
9  * of the License, or (at your option) any later version.
10  * (see nucleus/documentation/index.html#license for more info)
11  */
12 /**
13  * The code for the Nucleus admin area
14  *
15  * @license http://nucleuscms.org/license.txt GNU General Public License
16  * @copyright Copyright (C) 2002-2006 The Nucleus Group
17  * @version $Id: ADMIN.php,v 1.12 2007-01-31 10:02:58 kimitake Exp $
18  * @version $NucleusJP: ADMIN.php,v 1.11 2006/11/13 00:43:07 kimitake Exp $
19  */
20
21 require_once "showlist.php";
22
23 /**
24  * Builds the admin area and executes admin actions
25  */
26 class ADMIN {
27
28         /**
29          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)
30          */
31         var $action;
32
33         /**
34          * Class constructor
35          */
36         function ADMIN() {
37
38         }
39
40         /**
41          * Executes an action
42          *
43          * @param string $action action to be performed
44          */
45         function action($action) {
46                 global $CONF, $manager;
47
48                 // list of action aliases
49                 $alias = array(
50                         'login' => 'overview',
51                         '' => 'overview'
52                 );
53
54                 if (isset($alias[$action]))
55                         $action = $alias[$action];
56
57                 $methodName = 'action_' . $action;
58
59                 $this->action = strtolower($action);
60
61                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
62                 // is an action that requires user interaction before something is actually done)
63                 // all safe actions are in this array:
64                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');
65 /*
66                 // the rest of the actions needs to be checked
67                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
68 */
69                 if (!in_array($this->action, $aActionsNotToCheck))
70                 {
71                         if (!$manager->checkTicket())
72                                 $this->error(_ERROR_BADTICKET);
73                 }
74
75                 if (method_exists($this, $methodName))
76                         call_user_func(array(&$this, $methodName));
77                 else
78                         $this->error(_BADACTION . " ($action)");
79
80         }
81
82         /**
83          * @todo document this
84          */
85         function action_showlogin() {
86                 global $error;
87                 $this->action_login($error);
88         }
89
90         /**
91          * @todo document this
92          */
93         function action_login($msg = '', $passvars = 1) {
94                 global $member;
95
96                 // skip to overview when allowed
97                 if ($member->isLoggedIn() && $member->canLogin()) {
98                         $this->action_overview();
99                         exit;
100                 }
101
102                 $this->pagehead();
103
104                 echo '<h2>', _LOGIN ,'</h2>';
105                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);
106                 ?>
107
108                 <form action="index.php" method="post"><p>
109                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />
110                 <br />
111                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />
112                 <br />
113                 <input name="action" value="login" type="hidden" />
114                 <br />
115                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />
116                 <br />
117                 <small>
118                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>
119                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>
120                 </small>
121                 <?php                   // pass through vars
122
123                         $oldaction = postVar('oldaction');
124                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {
125                                 passRequestVars();
126                         }
127
128
129                 ?>
130                 </p></form>
131                 <?php           $this->pagefoot();
132         }
133
134
135         /**
136          * provides a screen with the overview of the actions available
137          * @todo document parameter
138          */
139         function action_overview($msg = '') {
140                 global $member;
141
142                 $this->pagehead();
143
144                 if ($msg)
145                         echo _MESSAGE , ': ', $msg;
146
147                 /* ---- add items ---- */
148                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';
149
150                 $showAll = requestVar('showall');
151
152                 if (($member->isAdmin()) && ($showAll == 'yes')) {
153                         // Super-Admins have access to all blogs! (no add item support though)
154                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'
155                                    . ' FROM ' . sql_table('blog')
156                                    . ' ORDER BY bname';
157                 } else {
158                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'
159                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
160                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()
161                                    . ' ORDER BY bname';
162                 }
163                 $template['content'] = 'bloglist';
164                 $template['superadmin'] = $member->isAdmin();
165                 $amount = showlist($query,'table',$template);
166
167                 if (($showAll != 'yes') && ($member->isAdmin())) {
168                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));
169                         if ($total > $amount)
170                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';
171                 }
172
173                 if ($amount == 0)
174                         echo _OVERVIEW_NOBLOGS;
175
176                 if ($amount != 0) {
177                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';
178                         $query =  'SELECT ititle, inumber, bshortname'
179                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')
180                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';
181                         $template['content'] = 'draftlist';
182                         $amountdrafts = showlist($query, 'table', $template);
183                         if ($amountdrafts == 0)
184                                 echo _OVERVIEW_NODRAFTS;
185                 }
186
187                 /* ---- user settings ---- */
188                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';
189                 echo '<ul>';
190                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';
191                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';
192                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';
193                 echo '</ul>';
194
195                 /* ---- general settings ---- */
196                 if ($member->isAdmin()) {
197                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';
198                         echo '<ul>';
199                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';
200                         echo '</ul>';
201                 }
202
203
204                 $this->pagefoot();
205         }
206
207         /**
208          * Returns a link to a weblog
209          * @param object BLOG
210          */
211         function bloglink(&$blog) {
212                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';
213         }
214
215         /**
216          * @todo document this
217          */
218         function action_manage($msg = '') {
219                 global $member;
220
221                 $member->isAdmin() or $this->disallow();
222
223                 $this->pagehead();
224
225                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
226
227                 if ($msg)
228                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';
229
230
231                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';
232
233                 echo '<ul>';
234                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';
235                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';
236                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';
237                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';
238                 echo '</ul>';
239
240                 echo '<h2>' . _MANAGE_SKINS . '</h2>';
241                 echo '<ul>';
242                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';
243                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';
244                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';
245                 echo '</ul>';
246
247                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';
248                 echo '<ul>';
249                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';
250                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';
251                 echo '</ul>';
252
253                 $this->pagefoot();
254         }
255
256         /**
257          * @todo document this
258          */
259         function action_itemlist($blogid = '') {
260                 global $member, $manager;
261
262                 if ($blogid == '')
263                         $blogid = intRequestVar('blogid');
264
265                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
266
267                 $this->pagehead();
268                 $blog =& $manager->getBlog($blogid);
269
270                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
271                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';
272
273                 // start index
274                 if (postVar('start'))
275                         $start = intPostVar('start');
276                 else
277                         $start = 0;
278
279                 if ($start == 0)
280                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';
281
282                 // amount of items to show
283                 if (postVar('amount'))
284                         $amount = intPostVar('amount');
285                 else
286                         $amount = 10;
287
288                 $search = postVar('search');    // search through items
289
290                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
291                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
292                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
293
294                 if ($search)
295                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
296
297                 // non-blog-admins can only edit/delete their own items
298                 if (!$member->blogAdminRights($blogid))
299                         $query .= ' and iauthor=' . $member->getID();
300
301
302                 $query .= ' ORDER BY itime DESC'
303                                 . " LIMIT $start,$amount";
304
305                 $template['content'] = 'itemlist';
306                 $template['now'] = $blog->getCorrectTime(time());
307
308                 $manager->loadClass("ENCAPSULATE");
309                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
310                 $navList->showBatchList('item',$query,'table',$template);
311
312
313                 $this->pagefoot();
314         }
315
316         /**
317          * @todo document this
318          */
319         function action_batchitem() {
320                 global $member, $manager;
321
322                 // check if logged in
323                 $member->isLoggedIn() or $this->disallow();
324
325                 // more precise check will be done for each performed operation
326
327                 // get array of itemids from request
328                 $selected = requestIntArray('batch');
329                 $action = requestVar('batchaction');
330
331                 // Show error when no items were selected
332                 if (!is_array($selected) || sizeof($selected) == 0)
333                         $this->error(_BATCH_NOSELECTION);
334
335                 // On move: when no destination blog/category chosen, show choice now
336                 $destCatid = intRequestVar('destcatid');
337                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))
338                         $this->batchMoveSelectDestination('item',$selected);
339
340                 // On delete: check if confirmation has been given
341                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
342                         $this->batchAskDeleteConfirmation('item',$selected);
343
344                 $this->pagehead();
345
346                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
347                 echo '<h2>',_BATCH_ITEMS,'</h2>';
348                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
349                 echo '<ul>';
350
351
352                 // walk over all itemids and perform action
353                 foreach ($selected as $itemid) {
354                         $itemid = intval($itemid);
355                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';
356
357                         // perform action, display errors if needed
358                         switch($action) {
359                                 case 'delete':
360                                         $error = $this->deleteOneItem($itemid);
361                                         break;
362                                 case 'move':
363                                         $error = $this->moveOneItem($itemid, $destCatid);
364                                         break;
365                                 default:
366                                         $error = _BATCH_UNKNOWN . $action;
367                         }
368
369                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
370                         echo '</li>';
371                 }
372
373                 echo '</ul>';
374                 echo '<b>',_BATCH_DONE,'</b>';
375
376                 $this->pagefoot();
377
378
379         }
380
381         /**
382          * @todo document this
383          */
384         function action_batchcomment() {
385                 global $member;
386
387                 // check if logged in
388                 $member->isLoggedIn() or $this->disallow();
389
390                 // more precise check will be done for each performed operation
391
392                 // get array of itemids from request
393                 $selected = requestIntArray('batch');
394                 $action = requestVar('batchaction');
395
396                 // Show error when no items were selected
397                 if (!is_array($selected) || sizeof($selected) == 0)
398                         $this->error(_BATCH_NOSELECTION);
399
400                 // On delete: check if confirmation has been given
401                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
402                         $this->batchAskDeleteConfirmation('comment',$selected);
403
404                 $this->pagehead();
405
406                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
407                 echo '<h2>',_BATCH_COMMENTS,'</h2>';
408                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
409                 echo '<ul>';
410
411                 // walk over all itemids and perform action
412                 foreach ($selected as $commentid) {
413                         $commentid = intval($commentid);
414                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';
415
416                         // perform action, display errors if needed
417                         switch($action) {
418                                 case 'delete':
419                                         $error = $this->deleteOneComment($commentid);
420                                         break;
421                                 default:
422                                         $error = _BATCH_UNKNOWN . $action;
423                         }
424
425                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
426                         echo '</li>';
427                 }
428
429                 echo '</ul>';
430                 echo '<b>',_BATCH_DONE,'</b>';
431
432                 $this->pagefoot();
433
434
435         }
436
437         /**
438          * @todo document this
439          */
440         function action_batchmember() {
441                 global $member;
442
443                 // check if logged in and admin
444                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
445
446                 // get array of itemids from request
447                 $selected = requestIntArray('batch');
448                 $action = requestVar('batchaction');
449
450                 // Show error when no members selected
451                 if (!is_array($selected) || sizeof($selected) == 0)
452                         $this->error(_BATCH_NOSELECTION);
453
454                 // On delete: check if confirmation has been given
455                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
456                         $this->batchAskDeleteConfirmation('member',$selected);
457
458                 $this->pagehead();
459
460                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';
461                 echo '<h2>',_BATCH_MEMBERS,'</h2>';
462                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
463                 echo '<ul>';
464
465                 // walk over all itemids and perform action
466                 foreach ($selected as $memberid) {
467                         $memberid = intval($memberid);
468                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';
469
470                         // perform action, display errors if needed
471                         switch($action) {
472                                 case 'delete':
473                                         $error = $this->deleteOneMember($memberid);
474                                         break;
475                                 case 'setadmin':
476                                         // always succeeds
477                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
478                                         $error = '';
479                                         break;
480                                 case 'unsetadmin':
481                                         // there should always remain at least one super-admin
482                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
483                                         if (mysql_num_rows($r) < 2)
484                                                 $error = _ERROR_ATLEASTONEADMIN;
485                                         else
486                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
487                                         break;
488                                 default:
489                                         $error = _BATCH_UNKNOWN . $action;
490                         }
491
492                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
493                         echo '</li>';
494                 }
495
496                 echo '</ul>';
497                 echo '<b>',_BATCH_DONE,'</b>';
498
499                 $this->pagefoot();
500
501
502         }
503
504         /**
505          * @todo document this
506          */
507         function action_batchteam() {
508                 global $member;
509
510                 $blogid = intRequestVar('blogid');
511
512                 // check if logged in and admin
513                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
514
515                 // get array of itemids from request
516                 $selected = requestIntArray('batch');
517                 $action = requestVar('batchaction');
518
519                 // Show error when no members selected
520                 if (!is_array($selected) || sizeof($selected) == 0)
521                         $this->error(_BATCH_NOSELECTION);
522
523                 // On delete: check if confirmation has been given
524                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
525                         $this->batchAskDeleteConfirmation('team',$selected);
526
527                 $this->pagehead();
528
529                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';
530
531                 echo '<h2>',_BATCH_TEAM,'</h2>';
532                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
533                 echo '<ul>';
534
535                 // walk over all itemids and perform action
536                 foreach ($selected as $memberid) {
537                         $memberid = intval($memberid);
538                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';
539
540                         // perform action, display errors if needed
541                         switch($action) {
542                                 case 'delete':
543                                         $error = $this->deleteOneTeamMember($blogid, $memberid);
544                                         break;
545                                 case 'setadmin':
546                                         // always succeeds
547                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
548                                         $error = '';
549                                         break;
550                                 case 'unsetadmin':
551                                         // there should always remain at least one admin
552                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
553                                         if (mysql_num_rows($r) < 2)
554                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;
555                                         else
556                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
557                                         break;
558                                 default:
559                                         $error = _BATCH_UNKNOWN . $action;
560                         }
561
562                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
563                         echo '</li>';
564                 }
565
566                 echo '</ul>';
567                 echo '<b>',_BATCH_DONE,'</b>';
568
569                 $this->pagefoot();
570
571
572         }
573
574         /**
575          * @todo document this
576          */
577         function action_batchcategory() {
578                 global $member, $manager;
579
580                 // check if logged in
581                 $member->isLoggedIn() or $this->disallow();
582
583                 // more precise check will be done for each performed operation
584
585                 // get array of itemids from request
586                 $selected = requestIntArray('batch');
587                 $action = requestVar('batchaction');
588
589                 // Show error when no items were selected
590                 if (!is_array($selected) || sizeof($selected) == 0)
591                         $this->error(_BATCH_NOSELECTION);
592
593                 // On move: when no destination blog chosen, show choice now
594                 $destBlogId = intRequestVar('destblogid');
595                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
596                         $this->batchMoveCategorySelectDestination('category',$selected);
597
598                 // On delete: check if confirmation has been given
599                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
600                         $this->batchAskDeleteConfirmation('category',$selected);
601
602                 $this->pagehead();
603
604                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
605                 echo '<h2>',BATCH_CATEGORIES,'</h2>';
606                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
607                 echo '<ul>';
608
609                 // walk over all itemids and perform action
610                 foreach ($selected as $catid) {
611                         $catid = intval($catid);
612                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';
613
614                         // perform action, display errors if needed
615                         switch($action) {
616                                 case 'delete':
617                                         $error = $this->deleteOneCategory($catid);
618                                         break;
619                                 case 'move':
620                                         $error = $this->moveOneCategory($catid, $destBlogId);
621                                         break;
622                                 default:
623                                         $error = _BATCH_UNKNOWN . $action;
624                         }
625
626                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
627                         echo '</li>';
628                 }
629
630                 echo '</ul>';
631                 echo '<b>',_BATCH_DONE,'</b>';
632
633                 $this->pagefoot();
634
635         }
636
637         /**
638          * @todo document this
639          */
640         function batchMoveSelectDestination($type, $ids) {
641                 global $manager;
642                 $this->pagehead();
643                 ?>
644                 <h2><?php echo _MOVE_TITLE?></h2>
645                 <form method="post" action="index.php"><div>
646
647                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
648                         <input type="hidden" name="batchaction" value="move" />
649                         <?php
650                                 $manager->addTicketHidden();
651
652                                 // insert selected item numbers
653                                 $idx = 0;
654                                 foreach ($ids as $id)
655                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
656
657                                 // show blog/category selection list
658                                 $this->selectBlogCategory('destcatid');
659
660                         ?>
661
662
663                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />
664
665                 </div></form>
666                 <?php           $this->pagefoot();
667                 exit;
668         }
669
670         /**
671          * @todo document this
672          */
673         function batchMoveCategorySelectDestination($type, $ids) {
674                 global $manager;
675                 $this->pagehead();
676                 ?>
677                 <h2><?php echo _MOVECAT_TITLE?></h2>
678                 <form method="post" action="index.php"><div>
679
680                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
681                         <input type="hidden" name="batchaction" value="move" />
682                         <?php
683                                 $manager->addTicketHidden();
684
685                                 // insert selected item numbers
686                                 $idx = 0;
687                                 foreach ($ids as $id)
688                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
689
690                                 // show blog/category selection list
691                                 $this->selectBlog('destblogid');
692
693                         ?>
694
695
696                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />
697
698                 </div></form>
699                 <?php           $this->pagefoot();
700                 exit;
701         }
702
703         /**
704          * @todo document this
705          */
706         function batchAskDeleteConfirmation($type, $ids) {
707                 global $manager;
708
709                 $this->pagehead();
710                 ?>
711                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>
712                 <form method="post" action="index.php"><div>
713
714                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
715                         <?php $manager->addTicketHidden() ?>
716                         <input type="hidden" name="batchaction" value="delete" />
717                         <input type="hidden" name="confirmation" value="yes" />
718                         <?php                           // insert selected item numbers
719                                 $idx = 0;
720                                 foreach ($ids as $id)
721                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
722
723                                 // add hidden vars for team & comment
724                                 if ($type == 'team')
725                                 {
726                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';
727                                 }
728                                 if ($type == 'comment')
729                                 {
730                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';
731                                 }
732
733                         ?>
734
735                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />
736
737                 </div></form>
738                 <?php           $this->pagefoot();
739                 exit;
740         }
741
742
743         /**
744          * Inserts a HTML select element with choices for all categories to which the current
745          * member has access
746          * @see function selectBlog
747          */
748         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
749                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
750         }
751
752         /**
753          * Inserts a HTML select element with choices for all blogs to which the user has access
754          *              mode = 'blog' => shows blognames and values are blogids
755          *              mode = 'category' => show category names and values are catids
756          *
757          * @param $iForcedBlogInclude
758          *              ID of a blog that always needs to be included, without checking if the
759          *              member is on the blog team (-1 = none)
760          * @todo document parameters
761          */
762         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
763                 global $member, $CONF;
764
765                 // 0. get IDs of blogs to which member can post items (+ forced blog)
766                 $aBlogIds = array();
767                 if ($iForcedBlogInclude != -1)
768                         $aBlogIds[] = intval($iForcedBlogInclude);
769
770                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))
771                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
772                 else
773                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
774                 $rblogids = sql_query($queryBlogs);
775                 while ($o = mysql_fetch_object($rblogids))
776                         if ($o->bnumber != $iForcedBlogInclude)
777                                 $aBlogIds[] = intval($o->bnumber);
778
779                 if (count($aBlogIds) == 0)
780                         return;
781
782                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';
783
784                 // 1. select blogs (we'll create optiongroups)
785                 // (only select those blogs that have the user on the team)
786                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';
787                 $blogs = sql_query($queryBlogs);
788                 if ($mode == 'category') {
789                         if (mysql_num_rows($blogs) > 1)
790                                 $multipleBlogs = 1;
791
792                         while ($oBlog = mysql_fetch_object($blogs)) {
793                                 if ($multipleBlogs)
794                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';
795
796                                 // show selection to create new category when allowed/wanted
797                                 if ($showNewCat) {
798                                         // check if allowed to do so
799                                         if ($member->blogAdminRights($oBlog->bnumber))
800                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';
801                                 }
802
803                                 // 2. for each category in that blog
804                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');
805                                 while ($oCat = mysql_fetch_object($categories)) {
806                                         if ($oCat->catid == $selected)
807                                                 $selectText = ' selected="selected" ';
808                                         else
809                                                 $selectText = '';
810                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';
811                                 }
812
813                                 if ($multipleBlogs)
814                                         echo '</optgroup>';
815                         }
816                 } else {
817                         // blog mode
818                         while ($oBlog = mysql_fetch_object($blogs)) {
819                                 echo '<option value="',$oBlog->bnumber,'"';
820                                 if ($oBlog->bnumber == $selected)
821                                         echo ' selected="selected"';
822                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';
823                         }
824                 }
825                 echo '</select>';
826
827         }
828
829         /**
830          * @todo document this
831          */
832         function action_browseownitems() {
833                 global $member, $manager;
834
835                 $this->pagehead();
836
837                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
838                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';
839
840                 // start index
841                 if (postVar('start'))
842                         $start = postVar('start');
843                 else
844                         $start = 0;
845
846                 // amount of items to show
847                 if (postVar('amount'))
848                         $amount = postVar('amount');
849                 else
850                         $amount = 10;
851
852                 $search = postVar('search');    // search through items
853
854                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
855                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
856                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
857
858                 if ($search)
859                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
860
861                 $query .= ' ORDER BY itime DESC'
862                                 . " LIMIT $start,$amount";
863
864                 $template['content'] = 'itemlist';
865                 $template['now'] = time();
866
867                 $manager->loadClass("ENCAPSULATE");
868                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);
869                 $navList->showBatchList('item',$query,'table',$template);
870
871                 $this->pagefoot();
872
873         }
874
875         /**
876          * Show all the comments for a given item
877          * @param int $itemid
878          */
879         function action_itemcommentlist($itemid = '') {
880                 global $member, $manager;
881
882                 if ($itemid == '')
883                         $itemid = intRequestVar('itemid');
884
885                 // only allow if user is allowed to alter item
886                 $member->canAlterItem($itemid) or $this->disallow();
887
888                 $blogid = getBlogIdFromItemId($itemid);
889
890                 $this->pagehead();
891
892                 // start index
893                 if (postVar('start'))
894                         $start = postVar('start');
895                 else
896                         $start = 0;
897
898                 // amount of items to show
899                 if (postVar('amount'))
900                         $amount = postVar('amount');
901                 else
902                         $amount = 10;
903
904                 $search = postVar('search');
905
906                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';
907                 echo '<h2>',_COMMENTS,'</h2>';
908
909                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;
910
911                 if ($search)
912                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
913
914                 $query .= ' ORDER BY ctime ASC'
915                                 . " LIMIT $start,$amount";
916
917                 $template['content'] = 'commentlist';
918                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
919
920                 $manager->loadClass("ENCAPSULATE");
921                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
922                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
923
924                 $this->pagefoot();
925         }
926
927         /**
928          * Browse own comments
929          */
930         function action_browseowncomments() {
931                 global $member, $manager;
932
933                 // start index
934                 if (postVar('start'))
935                         $start = postVar('start');
936                 else
937                         $start = 0;
938
939                 // amount of items to show
940                 if (postVar('amount'))
941                         $amount = postVar('amount');
942                 else
943                         $amount = 10;
944
945                 $search = postVar('search');
946
947
948                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
949
950                 if ($search)
951                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
952
953                 $query .= ' ORDER BY ctime DESC'
954                                 . " LIMIT $start,$amount";
955
956                 $this->pagehead();
957
958                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
959                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';
960
961                 $template['content'] = 'commentlist';
962                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself
963
964                 $manager->loadClass("ENCAPSULATE");
965                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
966                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
967
968                 $this->pagefoot();
969         }
970
971         /**
972          * Browse all comments for a weblog
973          * @param int $blogid
974          */
975         function action_blogcommentlist($blogid = '')
976         {
977                 global $member, $manager;
978
979                 if ($blogid == '')
980                         $blogid = intRequestVar('blogid');
981                 else
982                         $blogid = intval($blogid);
983
984                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
985
986                 // start index
987                 if (postVar('start'))
988                         $start = postVar('start');
989                 else
990                         $start = 0;
991
992                 // amount of items to show
993                 if (postVar('amount'))
994                         $amount = postVar('amount');
995                 else
996                         $amount = 10;
997
998                 $search = postVar('search');            // search through comments
999
1000
1001                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
1002
1003                 if ($search != '')
1004                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
1005
1006
1007                 $query .= ' ORDER BY ctime DESC'
1008                                 . " LIMIT $start,$amount";
1009
1010
1011                 $blog =& $manager->getBlog($blogid);
1012
1013                 $this->pagehead();
1014
1015                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
1016                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';
1017
1018                 $template['content'] = 'commentlist';
1019                 $template['canAddBan'] = $member->blogAdminRights($blogid);
1020
1021                 $manager->loadClass("ENCAPSULATE");
1022                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
1023                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
1024
1025                 $this->pagefoot();
1026         }
1027
1028         /**
1029          * Provide a page to item a new item to the given blog
1030          */
1031         function action_createitem() {
1032                 global $member, $manager;
1033
1034                 $blogid = intRequestVar('blogid');
1035
1036                 // check if allowed
1037                 $member->teamRights($blogid) or $this->disallow();
1038
1039                 $memberid = $member->getID();
1040
1041                 $blog =& $manager->getBlog($blogid);
1042
1043                 $this->pagehead();
1044
1045                 // generate the add-item form
1046                 $formfactory =& new PAGEFACTORY($blogid);
1047                 $formfactory->createAddForm('admin');
1048
1049                 $this->pagefoot();
1050         }
1051
1052         /**
1053          * @todo document this
1054          */
1055         function action_itemedit() {
1056                 global $member, $manager;
1057
1058                 $itemid = intRequestVar('itemid');
1059
1060                 // only allow if user is allowed to alter item
1061                 $member->canAlterItem($itemid) or $this->disallow();
1062
1063                 $item =& $manager->getItem($itemid,1,1);
1064                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
1065
1066                 $manager->notify('PrepareItemForEdit', array('item' => &$item));
1067
1068                 if ($blog->convertBreaks()) {
1069                         $item['body'] = removeBreaks($item['body']);
1070                         $item['more'] = removeBreaks($item['more']);
1071                 }
1072
1073                 // form to edit blog items
1074                 $this->pagehead();
1075                 $formfactory =& new PAGEFACTORY($blog->getID());
1076                 $formfactory->createEditForm('admin',$item);
1077                 $this->pagefoot();
1078         }
1079
1080         /**
1081          * @todo document this
1082          */
1083         function action_itemupdate() {
1084                 global $member, $manager, $CONF;
1085
1086                 $itemid = intRequestVar('itemid');
1087                 $catid = postVar('catid');
1088
1089                 // only allow if user is allowed to alter item
1090                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1091
1092                 $actiontype = postVar('actiontype');
1093
1094                 // delete actions are handled by itemdelete (which has confirmation)
1095                 if ($actiontype == 'delete') {
1096                         $this->action_itemdelete();
1097                         return;
1098                 }
1099
1100                 $body   = postVar('body');
1101                 $title  = postVar('title');
1102                 $more   = postVar('more');
1103                 $closed = intPostVar('closed');
1104                 $draftid = intPostVar('draftid');
1105
1106                 // default action = add now
1107                 if (!$actiontype)
1108                         $actiontype='addnow';
1109
1110                 // create new category if needed
1111                 if (strstr($catid,'newcat')) {
1112                         // get blogid
1113                         list($blogid) = sscanf($catid,"newcat-%d");
1114
1115                         // create
1116                         $blog =& $manager->getBlog($blogid);
1117                         $catid = $blog->createNewCategory();
1118
1119                         // show error when sth goes wrong
1120                         if (!$catid)
1121                                 $this->doError(_ERROR_CATCREATEFAIL);
1122                 }
1123
1124                 /*
1125                         set some variables based on actiontype
1126
1127                         actiontypes:
1128                                 draft items -> addnow, addfuture, adddraft, delete
1129                                 non-draft items -> edit, changedate, delete
1130
1131                         variables set:
1132                                 $timestamp: set to a nonzero value for future dates or date changes
1133                                 $wasdraft: set to 1 when the item used to be a draft item
1134                                 $publish: set to 1 when the edited item is not a draft
1135                 */
1136                 switch ($actiontype) {
1137                         case 'adddraft':
1138                                 $publish = 0;
1139                                 $wasdraft = 1;
1140                                 $timestamp = 0;
1141                                 break;
1142                         case 'addfuture':
1143                                 $wasdraft = 1;
1144                                 $publish = 1;
1145                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1146                                 break;
1147                         case 'addnow':
1148                                 $wasdraft = 1;
1149                                 $publish = 1;
1150                                 $timestamp = 0;
1151                                 break;
1152                         case 'changedate':
1153                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1154                                 $publish = 1;
1155                                 $wasdraft = 0;
1156                                 break;
1157                         case 'edit':
1158                         default:
1159                                 $publish = 1;
1160                                 $wasdraft = 0;
1161                                 $timestamp = 0;
1162                 }
1163
1164                 // edit the item for real
1165                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
1166
1167                 if ($draftid > 0) {
1168                         ITEM::delete($draftid);
1169                 }
1170
1171                 $blogid = getBlogIDFromItemID($itemid);
1172                 $blog =& $manager->getBlog($blogid);
1173                 if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {
1174                         $this->action_sendping($blogid);
1175                         return;
1176                 }
1177
1178                 // show category edit window when we created a new category
1179                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
1180                 if ($catid != intPostVar('catid')) {
1181                         $this->action_categoryedit(
1182                                 $catid,
1183                                 $blog->getID(),
1184                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
1185                         );
1186                 } else {
1187                         // TODO: set start item correctly for itemlist
1188                         $this->action_itemlist(getBlogIDFromItemID($itemid));
1189                 }
1190         }
1191
1192         /**
1193          * @todo document this
1194          */
1195         function action_itemdelete() {
1196                 global $member, $manager;
1197
1198                 $itemid = intRequestVar('itemid');
1199
1200                 // only allow if user is allowed to alter item
1201                 $member->canAlterItem($itemid) or $this->disallow();
1202
1203                 if (!$manager->existsItem($itemid,1,1))
1204                         $this->error(_ERROR_NOSUCHITEM);
1205
1206                 $item =& $manager->getItem($itemid,1,1);
1207                 $title = htmlspecialchars(strip_tags($item['title']));
1208                 $body = strip_tags($item['body']);
1209                 $body = htmlspecialchars(shorten($body,300,'...'));
1210
1211                 $this->pagehead();
1212                 ?>
1213                         <h2><?php echo _DELETE_CONFIRM?></h2>
1214
1215                         <p><?php echo _CONFIRMTXT_ITEM?></p>
1216
1217                         <div class="note">
1218                                 <b>"<?php echo  $title ?>"</b>
1219                                 <br />
1220                                 <?php echo $body?>
1221                         </div>
1222
1223                         <form method="post" action="index.php"><div>
1224                                 <input type="hidden" name="action" value="itemdeleteconfirm" />
1225                                 <?php $manager->addTicketHidden() ?>
1226                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1227                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />
1228                         </div></form>
1229                 <?php
1230                 $this->pagefoot();
1231         }
1232
1233         /**
1234          * @todo document this
1235          */
1236         function action_itemdeleteconfirm() {
1237                 global $member;
1238
1239                 $itemid = intRequestVar('itemid');
1240
1241                 // only allow if user is allowed to alter item
1242                 $member->canAlterItem($itemid) or $this->disallow();
1243
1244                 // get blogid first
1245                 $blogid = getBlogIdFromItemId($itemid);
1246
1247                 // delete item (note: some checks will be performed twice)
1248                 $this->deleteOneItem($itemid);
1249
1250                 $this->action_itemlist($blogid);
1251         }
1252
1253         /**
1254          * Deletes one item and returns error if something goes wrong
1255          * @param int $itemid
1256          */
1257         function deleteOneItem($itemid) {
1258                 global $member, $manager;
1259
1260                 // only allow if user is allowed to alter item (also checks if itemid exists)
1261                 if (!$member->canAlterItem($itemid))
1262                         return _ERROR_DISALLOWED;
1263
1264                 $manager->loadClass('ITEM');
1265                 ITEM::delete($itemid);
1266         }
1267
1268         /**
1269          * @todo document this
1270          */
1271         function action_itemmove() {
1272                 global $member, $manager;
1273
1274                 $itemid = intRequestVar('itemid');
1275
1276                 // only allow if user is allowed to alter item
1277                 $member->canAlterItem($itemid) or $this->disallow();
1278
1279                 $item =& $manager->getItem($itemid,1,1);
1280
1281                 $this->pagehead();
1282                 ?>
1283                         <h2><?php echo _MOVE_TITLE?></h2>
1284                         <form method="post" action="index.php"><div>
1285                                 <input type="hidden" name="action" value="itemmoveto" />
1286                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1287
1288                                 <?php
1289
1290                                         $manager->addTicketHidden();
1291                                         $this->selectBlogCategory('catid',$item['catid'],10,1);
1292                                 ?>
1293
1294                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />
1295                         </div></form>
1296                 <?php
1297                 $this->pagefoot();
1298         }
1299
1300         /**
1301          * @todo document this
1302          */
1303         function action_itemmoveto() {
1304                 global $member, $manager;
1305
1306                 $itemid = intRequestVar('itemid');
1307                 $catid = requestVar('catid');
1308
1309                 // create new category if needed
1310                 if (strstr($catid,'newcat')) {
1311                         // get blogid
1312                         list($blogid) = sscanf($catid,'newcat-%d');
1313
1314                         // create
1315                         $blog =& $manager->getBlog($blogid);
1316                         $catid = $blog->createNewCategory();
1317
1318                         // show error when sth goes wrong
1319                         if (!$catid)
1320                                 $this->doError(_ERROR_CATCREATEFAIL);
1321                 }
1322
1323                 // only allow if user is allowed to alter item
1324                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1325
1326                 ITEM::move($itemid, $catid);
1327
1328                 if ($catid != intRequestVar('catid'))
1329                         $this->action_categoryedit($catid, $blog->getID());
1330                 else
1331                         $this->action_itemlist(getBlogIDFromCatID($catid));
1332         }
1333
1334         /**
1335          * Moves one item to a given category (category existance should be checked by caller)
1336          * errors are returned
1337          * @param int $itemid
1338          * @param int $destCatid category ID to which the item will be moved
1339          */
1340         function moveOneItem($itemid, $destCatid) {
1341                 global $member;
1342
1343                 // only allow if user is allowed to move item
1344                 if (!$member->canUpdateItem($itemid, $destCatid))
1345                         return _ERROR_DISALLOWED;
1346
1347                 ITEM::move($itemid, $destCatid);
1348         }
1349
1350         /**
1351          * Adds a item to the chosen blog
1352          */
1353         function action_additem() {
1354                 global $member, $manager, $CONF;
1355
1356                 $manager->loadClass('ITEM');
1357
1358                 $result = ITEM::createFromRequest();
1359
1360                 if ($result['status'] == 'error')
1361                         $this->error($result['message']);
1362
1363                 $blogid = getBlogIDFromItemID($result['itemid']);
1364                 $blog =& $manager->getBlog($blogid);
1365
1366                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
1367
1368                 if ($result['status'] == 'newcategory')
1369                         $this->action_categoryedit(
1370                                 $result['catid'],
1371                                 $blogid,
1372                                 $blog->pingUserland() ? $pingUrl : ''
1373                         );
1374                 elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())
1375                         $this->action_sendping($blogid);
1376                 else
1377                         $this->action_itemlist($blogid);
1378         }
1379
1380         /**
1381          * Shows a window that says we're about to ping weblogs.com.
1382          * immediately refresh to the real pinging page, which will
1383          * show an error, or redirect to the blog.
1384          *
1385          * @param int $blogid ID of blog for which ping needs to be sent out
1386          */
1387         function action_sendping($blogid = -1) {
1388                 global $member, $manager;
1389
1390                 if ($blogid == -1)
1391                         $blogid = intRequestVar('blogid');
1392
1393                 $member->isLoggedIn() or $this->disallow();
1394
1395                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
1396
1397                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
1398                 ?>
1399                 <h2>Site Updated, Now pinging weblogs.com</h2>
1400
1401                 <p>
1402                         Pinging weblogs.com! This can a while...
1403                         <br />
1404                         When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.
1405                 </p>
1406
1407                 <p>
1408                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>
1409                 </p>
1410                 <?php           $this->pagefoot();
1411         }
1412
1413         /**
1414          * Ping to Weblogs.com
1415          * Sends the real ping (can take up to 10 seconds!)
1416          */
1417         function action_rawping() {
1418                 global $manager;
1419                 // TODO: checks?
1420
1421                 $blogid = intRequestVar('blogid');
1422                 $blog =& $manager->getBlog($blogid);
1423
1424                 $result = $blog->sendUserlandPing();
1425
1426                 $this->pagehead();
1427
1428                 ?>
1429
1430                 <h2>Ping Results</h2>
1431
1432                 <p>The following message was returned by weblogs.com:</p>
1433
1434                 <div class='note'><?php echo  $result ?></div>
1435
1436                 <ul>
1437                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>
1438                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>
1439                 </ul>
1440
1441                 <?php           $this->pagefoot();
1442         }
1443
1444         /**
1445          * Allows to edit previously made comments
1446          */
1447         function action_commentedit() {
1448                 global $member, $manager;
1449
1450                 $commentid = intRequestVar('commentid');
1451
1452                 $member->canAlterComment($commentid) or $this->disallow();
1453
1454                 $comment = COMMENT::getComment($commentid);
1455
1456                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
1457
1458                 // change <br /> to \n
1459                 $comment['body'] = str_replace('<br />','',$comment['body']);
1460
1461                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);
1462
1463                 $this->pagehead();
1464
1465                 ?>
1466                 <h2><?php echo _EDITC_TITLE?></h2>
1467
1468                 <form action="index.php" method="post"><div>
1469
1470                 <input type="hidden" name="action" value="commentupdate" />
1471                 <?php $manager->addTicketHidden(); ?>
1472                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1473                 <table><tr>
1474                         <th colspan="2"><?php echo _EDITC_TITLE?></th>
1475                 </tr><tr>
1476                         <td><?php echo _EDITC_WHO?></td>
1477                         <td>
1478                         <?php                           if ($comment['member'])
1479                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";
1480                                 else
1481                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";
1482                         ?>
1483                         </td>
1484                 </tr><tr>
1485                         <td><?php echo _EDITC_WHEN?></td>
1486                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>
1487                 </tr><tr>
1488                         <td><?php echo _EDITC_HOST?></td>
1489                         <td><?php echo  $comment['host']; ?></td>
1490                 </tr><tr>
1491                         <td><?php echo _EDITC_TEXT?></td>
1492                         <td>
1493                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)
1494                                         echo $comment['body'];
1495                                 ?></textarea>
1496                         </td>
1497                 </tr><tr>
1498                         <td><?php echo _EDITC_EDIT?></td>
1499                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>
1500                 </tr></table>
1501
1502                 </div></form>
1503                 <?php
1504                 $this->pagefoot();
1505         }
1506
1507         /**
1508          * @todo document this
1509          */
1510         function action_commentupdate() {
1511                 global $member, $manager;
1512
1513                 $commentid = intRequestVar('commentid');
1514
1515                 $member->canAlterComment($commentid) or $this->disallow();
1516
1517                 $body = postVar('body');
1518
1519                 // intercept words that are too long
1520                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
1521                         $this->error(_ERROR_COMMENT_LONGWORD);
1522
1523                 // check length
1524                 if (strlen($body)<3)
1525                         $this->error(_ERROR_COMMENT_NOCOMMENT);
1526                 if (strlen($body)>5000)
1527                         $this->error(_ERROR_COMMENT_TOOLONG);
1528
1529
1530                 // prepare body
1531                 $body = COMMENT::prepareBody($body);
1532
1533                 // call plugins
1534                 $manager->notify('PreUpdateComment',array('body' => &$body));
1535
1536                 $query =  'UPDATE '.sql_table('comment')
1537                            . " SET cbody='" .addslashes($body). "'"
1538                            . " WHERE cnumber=" . $commentid;
1539                 sql_query($query);
1540
1541                 // get itemid
1542                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
1543                 $o = mysql_fetch_object($res);
1544                 $itemid = $o->citem;
1545
1546                 if ($member->canAlterItem($itemid))
1547                         $this->action_itemcommentlist($itemid);
1548                 else
1549                         $this->action_browseowncomments();
1550
1551         }
1552
1553         /**
1554          * @todo document this
1555          */
1556         function action_commentdelete() {
1557                 global $member, $manager;
1558
1559                 $commentid = intRequestVar('commentid');
1560
1561                 $member->canAlterComment($commentid) or $this->disallow();
1562
1563                 $comment = COMMENT::getComment($commentid);
1564
1565                 $body = strip_tags($comment['body']);
1566                 $body = htmlspecialchars(shorten($body, 300, '...'));
1567
1568                 if ($comment['member'])
1569                         $author = $comment['member'];
1570                 else
1571                         $author = $comment['user'];
1572
1573                 $this->pagehead();
1574                 ?>
1575
1576                         <h2><?php echo _DELETE_CONFIRM?></h2>
1577
1578                         <p><?php echo _CONFIRMTXT_COMMENT?></p>
1579
1580                         <div class="note">
1581                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>
1582                         <br />
1583                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>
1584                         </div>
1585
1586                         <form method="post" action="index.php"><div>
1587                                 <input type="hidden" name="action" value="commentdeleteconfirm" />
1588                                 <?php $manager->addTicketHidden() ?>
1589                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1590                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
1591                         </div></form>
1592                 <?php
1593                 $this->pagefoot();
1594         }
1595
1596         /**
1597          * @todo document this
1598          */
1599         function action_commentdeleteconfirm() {
1600                 global $member;
1601
1602                 $commentid = intRequestVar('commentid');
1603
1604                 // get item id first
1605                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
1606                 $o = mysql_fetch_object($res);
1607                 $itemid = $o->citem;
1608
1609                 $error = $this->deleteOneComment($commentid);
1610                 if ($error)
1611                         $this->doError($error);
1612
1613                 if ($member->canAlterItem($itemid))
1614                         $this->action_itemcommentlist($itemid);
1615                 else
1616                         $this->action_browseowncomments();
1617         }
1618
1619         /**
1620          * @todo document this
1621          */
1622         function deleteOneComment($commentid) {
1623                 global $member, $manager;
1624
1625                 $commentid = intval($commentid);
1626
1627                 if (!$member->canAlterComment($commentid))
1628                         return _ERROR_DISALLOWED;
1629
1630                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));
1631
1632                 // delete the comments associated with the item
1633                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
1634                 sql_query($query);
1635
1636                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));
1637
1638                 return '';
1639         }
1640
1641         /**
1642          * Usermanagement main
1643          */
1644         function action_usermanagement() {
1645                 global $member, $manager;
1646
1647                 // check if allowed
1648                 $member->isAdmin() or $this->disallow();
1649
1650                 $this->pagehead();
1651
1652                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
1653
1654                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';
1655
1656                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';
1657
1658                 // show list of members with actions
1659                 $query =  'SELECT *'
1660                            . ' FROM '.sql_table('member');
1661                 $template['content'] = 'memberlist';
1662                 $template['tabindex'] = 10;
1663
1664                 $manager->loadClass("ENCAPSULATE");
1665                 $batch =& new BATCH('member');
1666                 $batch->showlist($query,'table',$template);
1667
1668                 echo '<h3>' . _MEMBERS_NEW .'</h3>';
1669                 ?>
1670                         <form method="post" action="index.php"><div>
1671
1672                         <input type="hidden" name="action" value="memberadd" />
1673                         <?php $manager->addTicketHidden() ?>
1674
1675                         <table>
1676                         <tr>
1677                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>
1678                         </tr><tr>
1679                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1680                                         <br /><small>(This is the name used to logon)</small>
1681                                 </td>
1682                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
1683                         </tr><tr>
1684                                 <td><?php echo _MEMBERS_REALNAME?></td>
1685                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>
1686                         </tr><tr>
1687                                 <td><?php echo _MEMBERS_PWD?></td>
1688                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>
1689                         </tr><tr>
1690                                 <td><?php echo _MEMBERS_REPPWD?></td>
1691                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>
1692                         </tr><tr>
1693                                 <td><?php echo _MEMBERS_EMAIL?></td>
1694                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>
1695                         </tr><tr>
1696                                 <td><?php echo _MEMBERS_URL?></td>
1697                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>
1698                         </tr><tr>
1699                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1700                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>
1701                         </tr><tr>
1702                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1703                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>
1704                         </tr><tr>
1705                                 <td><?php echo _MEMBERS_NOTES?></td>
1706                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>
1707                         </tr><tr>
1708                                 <td><?php echo _MEMBERS_NEW?></td>
1709                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>
1710                         </tr></table>
1711
1712                         </div></form>
1713                 <?php
1714                 $this->pagefoot();
1715         }
1716
1717         /**
1718          * Edit member settings
1719          */
1720         function action_memberedit() {
1721                 $this->action_editmembersettings(intRequestVar('memberid'));
1722         }
1723
1724         /**
1725          * @todo document this
1726          */
1727         function action_editmembersettings($memberid = '') {
1728                 global $member, $manager, $CONF;
1729
1730                 if ($memberid == '')
1731                         $memberid = $member->getID();
1732
1733                 // check if allowed
1734                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1735
1736                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
1737                 $this->pagehead($extrahead);
1738
1739                 // show message to go back to member overview (only for admins)
1740                 if ($member->isAdmin())
1741                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';
1742                 else
1743                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';
1744
1745                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';
1746
1747                 $mem = MEMBER::createFromID($memberid);
1748
1749                 ?>
1750                 <form method="post" action="index.php"><div>
1751
1752                 <input type="hidden" name="action" value="changemembersettings" />
1753                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
1754                 <?php $manager->addTicketHidden() ?>
1755
1756                 <table><tr>
1757                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>
1758                 </tr><tr>
1759                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1760                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1761                         </td>
1762                         <td>
1763                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1764                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
1765                         <?php } else {
1766                                 echo htmlspecialchars($member->getDisplayName());
1767                            }
1768                         ?>
1769                         </td>
1770                 </tr><tr>
1771                         <td><?php echo _MEMBERS_REALNAME?></td>
1772                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>
1773                 </tr><tr>
1774                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1775                         <td><?php echo _MEMBERS_PWD?></td>
1776                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>
1777                 </tr><tr>
1778                         <td><?php echo _MEMBERS_REPPWD?></td>
1779                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>
1780                 <?php } ?>
1781                 </tr><tr>
1782                         <td><?php echo _MEMBERS_EMAIL?>
1783                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>
1784                         </td>
1785                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>
1786                 </tr><tr>
1787                         <td><?php echo _MEMBERS_URL?></td>
1788                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>
1789                 <?php // only allow to change this by super-admins
1790                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)
1791                    if ($member->isAdmin()) {
1792                 ?>
1793                         </tr><tr>
1794                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1795                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>
1796                         </tr><tr>
1797                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1798                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70); ?></td>
1799                 <?php } ?>
1800                 </tr><tr>
1801                         <td><?php echo _MEMBERS_NOTES?></td>
1802                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>
1803                 </tr><tr>
1804                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>
1805                         </td>
1806                         <td>
1807
1808                                 <select name="deflang" tabindex="85">
1809                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>
1810                                 <?php                           // show a dropdown list of all available languages
1811                                 global $DIR_LANG;
1812                                 $dirhandle = opendir($DIR_LANG);
1813                                 while ($filename = readdir($dirhandle)) {
1814                                         if (ereg("^(.*)\.php$",$filename,$matches)) {
1815                                                 $name = $matches[1];
1816                                                 echo "<option value='$name'";
1817                                                 if ($name == $mem->getLanguage())
1818                                                         echo " selected='selected'";
1819                                                 echo ">$name</option>";
1820                                         }
1821                                 }
1822                                 closedir($dirhandle);
1823
1824                                 ?>
1825                                 </select>
1826
1827                         </td>
1828                 </tr>
1829                 <?php
1830                         // plugin options
1831                         $this->_insertPluginOptions('member',$memberid);
1832                 ?>
1833                 <tr>
1834                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>
1835                 </tr><tr>
1836                         <td><?php echo _MEMBERS_EDIT?></td>
1837                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>
1838                 </tr></table>
1839
1840                 </div></form>
1841
1842                 <?php
1843                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
1844
1845                         $manager->notify(
1846                                 'MemberSettingsFormExtras',
1847                                 array(
1848                                         'member' => &$mem
1849                                 )
1850                         );
1851
1852                 $this->pagefoot();
1853         }
1854
1855         /**
1856          * @todo document this
1857          */
1858         function action_changemembersettings() {
1859                 global $member, $CONF, $manager;
1860
1861                 $memberid = intRequestVar('memberid');
1862
1863                 // check if allowed
1864                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1865
1866                 $name                   = trim(strip_tags(postVar('name')));
1867                 $realname               = trim(strip_tags(postVar('realname')));
1868                 $password               = postVar('password');
1869                 $repeatpassword = postVar('repeatpassword');
1870                 $email                  = strip_tags(postVar('email'));
1871                 $url                    = strip_tags(postVar('url'));
1872
1873                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
1874                 if (!eregi("^https?://", $url))
1875                         $url = "http://".$url;
1876
1877                 $admin                  = postVar('admin');
1878                 $canlogin               = postVar('canlogin');
1879                 $notes                  = strip_tags(postVar('notes'));
1880                 $deflang                = postVar('deflang');
1881
1882                 $mem = MEMBER::createFromID($memberid);
1883
1884                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1885
1886                         if (!isValidDisplayName($name))
1887                                 $this->error(_ERROR_BADNAME);
1888
1889                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
1890                                 $this->error(_ERROR_NICKNAMEINUSE);
1891
1892                         if ($password != $repeatpassword)
1893                                 $this->error(_ERROR_PASSWORDMISMATCH);
1894
1895                         if ($password && (strlen($password) < 6))
1896                                 $this->error(_ERROR_PASSWORDTOOSHORT);
1897                 }
1898
1899                 if (!isValidMailAddress($email))
1900                         $this->error(_ERROR_BADMAILADDRESS);
1901
1902
1903                 if (!$realname)
1904                         $this->error(_ERROR_REALNAMEMISSING);
1905
1906                 if (($deflang != '') && (!checkLanguage($deflang)))
1907                         $this->error(_ERROR_NOSUCHLANGUAGE);
1908
1909                 // check if there will remain at least one site member with both the logon and admin rights
1910                 // (check occurs when taking away one of these rights from such a member)
1911                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())
1912                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1913                    )
1914                 {
1915                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1916                         if (mysql_num_rows($r) < 2)
1917                                 $this->error(_ERROR_ATLEASTONEADMIN);
1918                 }
1919
1920                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1921                         $mem->setDisplayName($name);
1922                         if ($password)
1923                                 $mem->setPassword($password);
1924                 }
1925
1926                 $oldEmail = $mem->getEmail();
1927
1928                 $mem->setRealName($realname);
1929                 $mem->setEmail($email);
1930                 $mem->setURL($url);
1931                 $mem->setNotes($notes);
1932                 $mem->setLanguage($deflang);
1933
1934
1935                 // only allow super-admins to make changes to the admin status
1936                 if ($member->isAdmin()) {
1937                         $mem->setAdmin($admin);
1938                         $mem->setCanLogin($canlogin);
1939                 }
1940
1941
1942                 $mem->write();
1943
1944                 // store plugin options
1945                 $aOptions = requestArray('plugoption');
1946                 NucleusPlugin::_applyPluginOptions($aOptions);
1947                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
1948
1949                 // if email changed, generate new password
1950                 if ($oldEmail != $mem->getEmail())
1951                 {
1952                         $mem->sendActivationLink('addresschange', $oldEmail);
1953                         // logout member
1954                         $mem->newCookieKey();
1955
1956                         // only log out if the member being edited is the current member.
1957                         if ($member->getID() == $memberid)
1958                                 $member->logout();
1959                         $this->action_login(_MSG_ACTIVATION_SENT, 0);
1960                         return;
1961                 }
1962
1963
1964                 if (  ( $mem->getID() == $member->getID() )
1965                    && ( $mem->getDisplayName() != $member->getDisplayName() )
1966                    ) {
1967                         $mem->newCookieKey();
1968                         $member->logout();
1969                         $this->action_login(_MSG_LOGINAGAIN, 0);
1970                 } else {
1971                         $this->action_overview(_MSG_SETTINGSCHANGED);
1972                 }
1973         }
1974
1975         /**
1976          * @todo document this
1977          */
1978         function action_memberadd() {
1979                 global $member, $manager;
1980
1981                 // check if allowed
1982                 $member->isAdmin() or $this->disallow();
1983
1984                 if (postVar('password') != postVar('repeatpassword'))
1985                         $this->error(_ERROR_PASSWORDMISMATCH);
1986                 if (strlen(postVar('password')) < 6)
1987                         $this->error(_ERROR_PASSWORDTOOSHORT);
1988
1989                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
1990                 if ($res != 1)
1991                         $this->error($res);
1992
1993                 // fire PostRegister event
1994                 $newmem = new MEMBER();
1995                 $newmem->readFromName(postVar('name'));
1996                 $manager->notify('PostRegister',array('member' => &$newmem));
1997
1998                 $this->action_usermanagement();
1999         }
2000
2001         /**
2002          * Account activation
2003          *
2004          * @author dekarma
2005          */
2006         function action_activate() {
2007
2008                 $key = getVar('key');
2009                 $this->_showActivationPage($key);
2010         }
2011
2012         /**
2013          * @todo document this
2014          */
2015         function _showActivationPage($key, $message = '')
2016         {
2017                 global $manager;
2018
2019                 // clean up old activation keys
2020                 MEMBER::cleanupActivationTable();
2021
2022                 // get activation info
2023                 $info = MEMBER::getActivationInfo($key);
2024
2025                 if (!$info)
2026                         $this->error(_ERROR_ACTIVATE);
2027
2028                 $mem = MEMBER::createFromId($info->vmember);
2029
2030                 if (!$mem)
2031                         $this->error(_ERROR_ACTIVATE);
2032
2033                 $text = '';
2034                 $title = '';
2035                 $bNeedsPasswordChange = true;
2036
2037                 switch ($info->vtype)
2038                 {
2039                         case 'forgot':
2040                                 $title = _ACTIVATE_FORGOT_TITLE;
2041                                 $text = _ACTIVATE_FORGOT_TEXT;
2042                                 break;
2043                         case 'register':
2044                                 $title = _ACTIVATE_REGISTER_TITLE;
2045                                 $text = _ACTIVATE_REGISTER_TEXT;
2046                                 break;
2047                         case 'addresschange':
2048                                 $title = _ACTIVATE_CHANGE_TITLE;
2049                                 $text = _ACTIVATE_CHANGE_TEXT;
2050                                 $bNeedsPasswordChange = false;
2051                                 MEMBER::activate($key);
2052                                 break;
2053                 }
2054
2055                 $aVars = array(
2056                         'memberName' => htmlspecialchars($mem->getDisplayName())
2057                 );
2058                 $title = TEMPLATE::fill($title, $aVars);
2059                 $text = TEMPLATE::fill($text, $aVars);
2060
2061                 $this->pagehead();
2062
2063                         echo '<h2>' , $title, '</h2>';
2064                         echo '<p>' , $text, '</p>';
2065
2066                         if ($message != '')
2067                         {
2068                                 echo '<p class="error">',$message,'</p>';
2069                         }
2070
2071                         if ($bNeedsPasswordChange)
2072                         {
2073                                 ?>
2074                                         <div><form action="index.php" method="post">
2075
2076                                                 <input type="hidden" name="action" value="activatesetpwd" />
2077                                                 <?php $manager->addTicketHidden() ?>
2078                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />
2079
2080                                                 <table><tr>
2081                                                         <td><?php echo _MEMBERS_PWD?></td>
2082                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>
2083                                                 </tr><tr>
2084                                                         <td><?php echo _MEMBERS_REPPWD?></td>
2085                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>
2086                                                 <?php
2087
2088                                                         global $manager;
2089                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));
2090
2091                                                 ?>
2092                                                 </tr><tr>
2093                                                         <td><?php echo _MEMBERS_SETPWD ?></td>
2094                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>
2095                                                 </tr></table>
2096
2097
2098                                         </form></div>
2099
2100                                 <?php
2101
2102                         }
2103
2104                 $this->pagefoot();
2105
2106         }
2107
2108         /**
2109          * Account activation - set password part
2110          *
2111          * @author dekarma
2112          */
2113         function action_activatesetpwd() {
2114
2115                 $key = postVar('key');
2116
2117                 // clean up old activation keys
2118                 MEMBER::cleanupActivationTable();
2119
2120                 // get activation info
2121                 $info = MEMBER::getActivationInfo($key);
2122
2123                 if (!$info || ($info->type == 'addresschange'))
2124                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2125
2126                 $mem = MEMBER::createFromId($info->vmember);
2127
2128                 if (!$mem)
2129                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2130
2131                 $password               = postVar('password');
2132                 $repeatpassword = postVar('repeatpassword');
2133
2134                 if ($password != $repeatpassword)
2135                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
2136
2137                 if ($password && (strlen($password) < 6))
2138                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
2139
2140                 $error = '';
2141                 global $manager;
2142                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
2143                 if ($error != '')
2144                         return $this->_showActivationPage($key, $error);
2145
2146
2147                 // set password
2148                 $mem->setPassword($password);
2149                 $mem->write();
2150
2151                 // do the activation
2152                 MEMBER::activate($key);
2153
2154                 $this->pagehead();
2155                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';
2156                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';
2157                 $this->pagefoot();
2158         }
2159
2160         /**
2161          * Manage team
2162          */
2163         function action_manageteam() {
2164                 global $member, $manager;
2165
2166                 $blogid = intRequestVar('blogid');
2167
2168                 // check if allowed
2169                 $member->blogAdminRights($blogid) or $this->disallow();
2170
2171                 $this->pagehead();
2172
2173                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2174
2175                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';
2176
2177                 echo '<h3>' . _TEAM_CURRENT . '</h3>';
2178
2179
2180
2181                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
2182                            . ' FROM '.sql_table('member').', '.sql_table('team')
2183                            . ' WHERE tmember=mnumber and tblog=' . $blogid;
2184
2185                 $template['content'] = 'teamlist';
2186                 $template['tabindex'] = 10;
2187
2188                 $manager->loadClass("ENCAPSULATE");
2189                 $batch =& new BATCH('team');
2190                 $batch->showlist($query, 'table', $template);
2191
2192                 ?>
2193                         <h3><?php echo _TEAM_ADDNEW?></h3>
2194
2195                         <form method='post' action='index.php'><div>
2196
2197                         <input type='hidden' name='action' value='teamaddmember' />
2198                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />
2199                         <?php $manager->addTicketHidden() ?>
2200
2201                         <table><tr>
2202                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>
2203                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed
2204                                         $query =  'SELECT mname as text, mnumber as value'
2205                                                    . ' FROM '.sql_table('member');
2206
2207                                         $template['name'] = 'memberid';
2208                                         $template['tabindex'] = 10000;
2209                                         showlist($query,'select',$template);
2210                                 ?></td>
2211                         </tr><tr>
2212                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>
2213                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>
2214                         </tr><tr>
2215                                 <td><?php echo _TEAM_ADD?></td>
2216                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>
2217                         </tr></table>
2218
2219                         </div></form>
2220                 <?php
2221                 $this->pagefoot();
2222         }
2223
2224         /**
2225          * Add member to team
2226          */
2227         function action_teamaddmember() {
2228                 global $member, $manager;
2229
2230                 $memberid = intPostVar('memberid');
2231                 $blogid = intPostVar('blogid');
2232                 $admin = intPostVar('admin');
2233
2234                 // check if allowed
2235                 $member->blogAdminRights($blogid) or $this->disallow();
2236
2237                 $blog =& $manager->getBlog($blogid);
2238                 if (!$blog->addTeamMember($memberid, $admin))
2239                         $this->error(_ERROR_ALREADYONTEAM);
2240
2241                 $this->action_manageteam();
2242
2243         }
2244
2245         /**
2246          * @todo document this
2247          */
2248         function action_teamdelete() {
2249                 global $member, $manager;
2250
2251                 $memberid = intRequestVar('memberid');
2252                 $blogid = intRequestVar('blogid');
2253
2254                 // check if allowed
2255                 $member->blogAdminRights($blogid) or $this->disallow();
2256
2257                 $teammem = MEMBER::createFromID($memberid);
2258                 $blog =& $manager->getBlog($blogid);
2259
2260                 $this->pagehead();
2261                 ?>
2262                         <h2><?php echo _DELETE_CONFIRM?></h2>
2263
2264                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>
2265                         </p>
2266
2267
2268                         <form method="post" action="index.php"><div>
2269                         <input type="hidden" name="action" value="teamdeleteconfirm" />
2270                         <?php $manager->addTicketHidden() ?>
2271                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2272                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2273                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2274                         </div></form>
2275                 <?php
2276                 $this->pagefoot();
2277         }
2278
2279         /**
2280          * @todo document this
2281          */
2282         function action_teamdeleteconfirm() {
2283                 global $member;
2284
2285                 $memberid = intRequestVar('memberid');
2286                 $blogid = intRequestVar('blogid');
2287
2288                 $error = $this->deleteOneTeamMember($blogid, $memberid);
2289                 if ($error)
2290                         $this->error($error);
2291
2292
2293                 $this->action_manageteam();
2294         }
2295
2296         /**
2297          * @todo document this
2298          */
2299         function deleteOneTeamMember($blogid, $memberid) {
2300                 global $member, $manager;
2301
2302                 $blogid = intval($blogid);
2303                 $memberid = intval($memberid);
2304
2305                 // check if allowed
2306                 if (!$member->blogAdminRights($blogid))
2307                         return _ERROR_DISALLOWED;
2308
2309                 // check if: - there remains at least one blog admin
2310                 //           - (there remains at least one team member)
2311                 $tmem = MEMBER::createFromID($memberid);
2312
2313                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2314
2315                 if ($tmem->isBlogAdmin($blogid)) {
2316                         // check if there are more blog members left and at least one admin
2317                         // (check for at least two admins before deletion)
2318                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
2319                         $r = sql_query($query);
2320                         if (mysql_num_rows($r) < 2)
2321                                 return _ERROR_ATLEASTONEBLOGADMIN;
2322                 }
2323
2324                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
2325                 sql_query($query);
2326
2327                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2328
2329                 return '';
2330         }
2331
2332         /**
2333          * @todo document this
2334          */
2335         function action_teamchangeadmin() {
2336                 global $member;
2337
2338                 $blogid = intRequestVar('blogid');
2339                 $memberid = intRequestVar('memberid');
2340
2341                 // check if allowed
2342                 $member->blogAdminRights($blogid) or $this->disallow();
2343
2344                 $mem = MEMBER::createFromID($memberid);
2345
2346                 // don't allow when there is only one admin at this moment
2347                 if ($mem->isBlogAdmin($blogid)) {
2348                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
2349                         if (mysql_num_rows($r) == 1)
2350                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
2351                 }
2352
2353                 if ($mem->isBlogAdmin($blogid))
2354                         $newval = 0;
2355                 else
2356                         $newval = 1;
2357
2358                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
2359                 sql_query($query);
2360
2361                 // only show manageteam if member did not change its own admin privileges
2362                 if ($member->isBlogAdmin($blogid))
2363                         $this->action_manageteam();
2364                 else
2365                         $this->action_overview(_MSG_ADMINCHANGED);
2366         }
2367
2368         /**
2369          * @todo document this
2370          */
2371         function action_blogsettings() {
2372                 global $member, $manager;
2373
2374                 $blogid = intRequestVar('blogid');
2375
2376                 // check if allowed
2377                 $member->blogAdminRights($blogid) or $this->disallow();
2378
2379                 $blog =& $manager->getBlog($blogid);
2380
2381                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2382                 $this->pagehead($extrahead);
2383
2384                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
2385                 ?>
2386                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>
2387
2388                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>
2389
2390                 <p>Members currently on your team:
2391                 <?php
2392                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));
2393                         $aMemberNames = array();
2394                         while ($o = mysql_fetch_object($res))
2395                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');
2396                         echo implode(',', $aMemberNames);
2397                 ?>
2398                 </p>
2399
2400
2401
2402                 <p>
2403                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>
2404                 </p>
2405
2406                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>
2407
2408                 <form method="post" action="index.php"><div>
2409
2410                 <input type="hidden" name="action" value="blogsettingsupdate" />
2411                 <?php $manager->addTicketHidden() ?>
2412                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2413                 <table><tr>
2414                         <td><?php echo _EBLOG_NAME?></td>
2415                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>
2416                 </tr><tr>
2417                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>
2418                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>
2419                         </td>
2420                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>
2421                 </tr><tr>
2422                         <td><?php echo _EBLOG_DESC?></td>
2423                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>
2424                 </tr><tr>
2425                         <td><?php echo _EBLOG_URL?></td>
2426                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>
2427                 </tr><tr>
2428                         <td><?php echo _EBLOG_DEFSKIN?>
2429                                 <?php help('blogdefaultskin'); ?>
2430                         </td>
2431                         <td>
2432                                 <?php
2433                                         $query =  'SELECT sdname as text, sdnumber as value'
2434                                                    . ' FROM '.sql_table('skin_desc');
2435                                         $template['name'] = 'defskin';
2436                                         $template['selected'] = $blog->getDefaultSkin();
2437                                         $template['tabindex'] = 50;
2438                                         showlist($query,'select',$template);
2439                                 ?>
2440
2441                         </td>
2442                 </tr><tr>
2443                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>
2444                         </td>
2445                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>
2446                 </tr><tr>
2447                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>
2448                         </td>
2449                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>
2450                 </tr><tr>
2451                         <td><?php echo _EBLOG_DISABLECOMMENTS?>
2452                         </td>
2453                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>
2454                 </tr><tr>
2455                         <td><?php echo _EBLOG_ANONYMOUS?>
2456                         </td>
2457                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>
2458                 </tr><tr>
2459         <td><?php echo _EBLOG_REQUIREDEMAIL?>
2460                  </td>
2461                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>
2462           </tr><tr>
2463                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>
2464                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
2465                 </tr><tr>
2466                         <td><?php echo _EBLOG_NOTIFY_ON?></td>
2467                         <td>
2468                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"
2469                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>
2470                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>
2471                                 <br />
2472                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"
2473                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>
2474                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>
2475                                 <br />
2476                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"
2477                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>
2478                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
2479                         </td>
2480                 </tr><tr>
2481                         <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>
2482                         <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>
2483                 </tr><tr>
2484                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
2485                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>
2486                 </tr><tr>
2487                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>
2488                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>
2489                 </tr><tr>
2490                         <td><?php echo _EBLOG_DEFCAT?></td>
2491                         <td>
2492                                 <?php
2493                                         $query =  'SELECT cname as text, catid as value'
2494                                                    . ' FROM '.sql_table('category')
2495                                                    . ' WHERE cblog=' . $blog->getID();
2496                                         $template['name'] = 'defcat';
2497                                         $template['selected'] = $blog->getDefaultCategory();
2498                                         $template['tabindex'] = 110;
2499                                         showlist($query,'select',$template);
2500                                 ?>
2501                         </td>
2502                 </tr><tr>
2503                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>
2504                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>
2505                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>
2506                                 </td>
2507                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>
2508                 </tr><tr>
2509                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>
2510                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>
2511                 </tr>
2512                 <?php
2513                         // plugin options
2514                         $this->_insertPluginOptions('blog',$blogid);
2515                 ?>
2516                 <tr>
2517                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>
2518                 </tr><tr>
2519                         <td><?php echo _EBLOG_CHANGE?></td>
2520                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>
2521                 </tr></table>
2522
2523                 </div></form>
2524
2525                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>
2526
2527
2528                 <?php
2529                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';
2530                 $template['content'] = 'categorylist';
2531                 $template['tabindex'] = 200;
2532
2533                 $manager->loadClass("ENCAPSULATE");
2534                 $batch =& new BATCH('category');
2535                 $batch->showlist($query,'table',$template);
2536
2537                 ?>
2538
2539
2540                 <form action="index.php" method="post"><div>
2541                 <input name="action" value="categorynew" type="hidden" />
2542                 <?php $manager->addTicketHidden() ?>
2543                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />
2544
2545                 <table><tr>
2546                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>
2547                 </tr><tr>
2548                         <td><?php echo _EBLOG_CAT_NAME?></td>
2549                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>
2550                 </tr><tr>
2551                         <td><?php echo _EBLOG_CAT_DESC?></td>
2552                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>
2553                 </tr><tr>
2554                         <td><?php echo _EBLOG_CAT_CREATE?></td>
2555                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>
2556                 </tr></table>
2557
2558                 </div></form>
2559
2560                 <?php
2561
2562                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
2563
2564                         $manager->notify(
2565                                 'BlogSettingsFormExtras',
2566                                 array(
2567                                         'blog' => &$blog
2568                                 )
2569                         );
2570
2571                 $this->pagefoot();
2572         }
2573
2574         /**
2575          * @todo document this
2576          */
2577         function action_categorynew() {
2578                 global $member, $manager;
2579
2580                 $blogid = intRequestVar('blogid');
2581
2582                 $member->blogAdminRights($blogid) or $this->disallow();
2583
2584                 $cname = postVar('cname');
2585                 $cdesc = postVar('cdesc');
2586
2587                 if (!isValidCategoryName($cname))
2588                         $this->error(_ERROR_BADCATEGORYNAME);
2589
2590                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
2591                 $res = sql_query($query);
2592                 if (mysql_num_rows($res) > 0)
2593                         $this->error(_ERROR_DUPCATEGORYNAME);
2594
2595                 $blog           =& $manager->getBlog($blogid);
2596                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);
2597
2598                 $this->action_blogsettings();
2599         }
2600
2601         /**
2602          * @todo document this
2603          */
2604         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
2605                 global $member, $manager;
2606
2607                 if ($blogid == '')
2608                         $blogid = intGetVar('blogid');
2609                 else
2610                         $blogid = intval($blogid);
2611                 if ($catid == '')
2612                         $catid = intGetVar('catid');
2613                 else
2614                         $catid = intval($catid);
2615
2616                 $member->blogAdminRights($blogid) or $this->disallow();
2617
2618                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
2619                 $obj = mysql_fetch_object($res);
2620
2621                 $cname = $obj->cname;
2622                 $cdesc = $obj->cdesc;
2623
2624                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2625                 $this->pagehead($extrahead);
2626
2627                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2628
2629                 ?>
2630                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>
2631                 <form method='post' action='index.php'><div>
2632                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />
2633                 <input name="catid" type="hidden" value="<?php echo $catid?>" />
2634                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />
2635                 <input name="action" type="hidden" value="categoryupdate" />
2636                 <?php $manager->addTicketHidden(); ?>
2637
2638                 <table><tr>
2639                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2640                 </tr><tr>
2641                         <td><?php echo _EBLOG_CAT_NAME?></td>
2642                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>
2643                 </tr><tr>
2644                         <td><?php echo _EBLOG_CAT_DESC?></td>
2645                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>
2646                 </tr>
2647                 <?php
2648                         // insert plugin options
2649                         $this->_insertPluginOptions('category',$catid);
2650                 ?>
2651                 <tr>
2652                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2653                 </tr><tr>
2654                         <td><?php echo _EBLOG_CAT_UPDATE?></td>
2655                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>
2656                 </tr></table>
2657
2658                 </div></form>
2659                 <?php
2660                 $this->pagefoot();
2661         }
2662
2663         /**
2664          * @todo document this
2665          */
2666         function action_categoryupdate() {
2667                 global $member, $manager;
2668
2669                 $blogid = intPostVar('blogid');
2670                 $catid = intPostVar('catid');
2671                 $cname = postVar('cname');
2672                 $cdesc = postVar('cdesc');
2673                 $desturl = postVar('desturl');
2674
2675                 $member->blogAdminRights($blogid) or $this->disallow();
2676
2677                 if (!isValidCategoryName($cname))
2678                         $this->error(_ERROR_BADCATEGORYNAME);
2679
2680                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
2681                 $res = sql_query($query);
2682                 if (mysql_num_rows($res) > 0)
2683                         $this->error(_ERROR_DUPCATEGORYNAME);
2684
2685                 $query =  'UPDATE '.sql_table('category').' SET'
2686                            . " cname='" . addslashes($cname) . "',"
2687                            . " cdesc='" . addslashes($cdesc) . "'"
2688                            . " WHERE catid=" . $catid;
2689
2690                 sql_query($query);
2691
2692                 // store plugin options
2693                 $aOptions = requestArray('plugoption');
2694                 NucleusPlugin::_applyPluginOptions($aOptions);
2695                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
2696
2697
2698                 if ($desturl) {
2699                         redirect($desturl);
2700                         exit;
2701                 } else {
2702                         $this->action_blogsettings();
2703                 }
2704         }
2705
2706         /**
2707          * @todo document this
2708          */
2709         function action_categorydelete() {
2710                 global $member, $manager;
2711
2712                 $blogid = intRequestVar('blogid');
2713                 $catid = intRequestVar('catid');
2714
2715                 $member->blogAdminRights($blogid) or $this->disallow();
2716
2717                 $blog =& $manager->getBlog($blogid);
2718
2719                 // check if the category is valid
2720                 if (!$blog->isValidCategory($catid))
2721                         $this->error(_ERROR_NOSUCHCATEGORY);
2722
2723                 // don't allow deletion of default category
2724                 if ($blog->getDefaultCategory() == $catid)
2725                         $this->error(_ERROR_DELETEDEFCATEGORY);
2726
2727                 // check if catid is the only category left for blogid
2728                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2729                 $res = sql_query($query);
2730                 if (mysql_num_rows($res) == 1)
2731                         $this->error(_ERROR_DELETELASTCATEGORY);
2732
2733
2734                 $this->pagehead();
2735                 ?>
2736                         <h2><?php echo _DELETE_CONFIRM?></h2>
2737
2738                         <div>
2739                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  $blog->getCategoryName($catid)?></b>
2740                         </div>
2741
2742                         <form method="post" action="index.php"><div>
2743                         <input type="hidden" name="action" value="categorydeleteconfirm" />
2744                         <?php $manager->addTicketHidden() ?>
2745                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />
2746                         <input type="hidden" name="catid" value="<?php echo $catid?>" />
2747                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2748                         </div></form>
2749                 <?php
2750                 $this->pagefoot();
2751         }
2752
2753         /**
2754          * @todo document this
2755          */
2756         function action_categorydeleteconfirm() {
2757                 global $member, $manager;
2758
2759                 $blogid = intRequestVar('blogid');
2760                 $catid = intRequestVar('catid');
2761
2762                 $member->blogAdminRights($blogid) or $this->disallow();
2763
2764                 $error = $this->deleteOneCategory($catid);
2765                 if ($error)
2766                         $this->error($error);
2767
2768                 $this->action_blogsettings();
2769         }
2770
2771         /**
2772          * @todo document this
2773          */
2774         function deleteOneCategory($catid) {
2775                 global $manager, $member;
2776
2777                 $catid = intval($catid);
2778
2779                 $manager->notify('PreDeleteCategory', array('catid' => $catid));
2780
2781                 $blogid = getBlogIDFromCatID($catid);
2782
2783                 if (!$member->blogAdminRights($blogid))
2784                         return ERROR_DISALLOWED;
2785
2786                 // get blog
2787                 $blog =& $manager->getBlog($blogid);
2788
2789                 // check if the category is valid
2790                 if (!$blog || !$blog->isValidCategory($catid))
2791                         return _ERROR_NOSUCHCATEGORY;
2792
2793                 $destcatid = $blog->getDefaultCategory();
2794
2795                 // don't allow deletion of default category
2796                 if ($blog->getDefaultCategory() == $catid)
2797                         return _ERROR_DELETEDEFCATEGORY;
2798
2799                 // check if catid is the only category left for blogid
2800                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2801                 $res = sql_query($query);
2802                 if (mysql_num_rows($res) == 1)
2803                         return _ERROR_DELETELASTCATEGORY;
2804
2805                 // change category for all items to the default category
2806                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
2807                 sql_query($query);
2808
2809                 // delete all associated plugin options
2810                 NucleusPlugin::_deleteOptionValues('category', $catid);
2811
2812                 // delete category
2813                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
2814                 sql_query($query);
2815
2816                 $manager->notify('PostDeleteCategory', array('catid' => $catid));
2817
2818         }
2819
2820         /**
2821          * @todo document this
2822          */
2823         function moveOneCategory($catid, $destblogid) {
2824                 global $manager, $member;
2825
2826                 $catid = intval($catid);
2827                 $destblogid = intval($destblogid);
2828
2829                 $blogid = getBlogIDFromCatID($catid);
2830
2831                 // mover should have admin rights on both blogs
2832                 if (!$member->blogAdminRights($blogid))
2833                         return _ERROR_DISALLOWED;
2834                 if (!$member->blogAdminRights($destblogid))
2835                         return _ERROR_DISALLOWED;
2836
2837                 // cannot move to self
2838                 if ($blogid == $destblogid)
2839                         return _ERROR_MOVETOSELF;
2840
2841                 // get blogs
2842                 $blog =& $manager->getBlog($blogid);
2843                 $destblog =& $manager->getBlog($destblogid);
2844
2845                 // check if the category is valid
2846                 if (!$blog || !$blog->isValidCategory($catid))
2847                         return _ERROR_NOSUCHCATEGORY;
2848
2849                 // don't allow default category to be moved
2850                 if ($blog->getDefaultCategory() == $catid)
2851                         return _ERROR_MOVEDEFCATEGORY;
2852
2853                 $manager->notify(
2854                         'PreMoveCategory',
2855                         array(
2856                                 'catid' => &$catid,
2857                                 'sourceblog' => &$blog,
2858                                 'destblog' => &$destblog
2859                         )
2860                 );
2861
2862                 // update comments table (cblog)
2863                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
2864                 $items = sql_query($query);
2865                 while ($oItem = mysql_fetch_object($items)) {
2866                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
2867                 }
2868
2869                 // update items (iblog)
2870                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;
2871                 sql_query($query);
2872
2873                 // move category
2874                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;
2875                 sql_query($query);
2876
2877                 $manager->notify(
2878                         'PostMoveCategory',
2879                         array(
2880                                 'catid' => &$catid,
2881                                 'sourceblog' => &$blog,
2882                                 'destblog' => $destblog
2883                         )
2884                 );
2885
2886         }
2887
2888         /**
2889          * @todo document this
2890          */
2891         function action_blogsettingsupdate() {
2892                 global $member, $manager;
2893
2894                 $blogid = intRequestVar('blogid');
2895
2896                 $member->blogAdminRights($blogid) or $this->disallow();
2897
2898                 $blog =& $manager->getBlog($blogid);
2899
2900                 $notify                 = trim(postVar('notify'));
2901                 $shortname              = trim(postVar('shortname'));
2902                 $updatefile             = trim(postVar('update'));
2903
2904                 $notifyComment  = intPostVar('notifyComment');
2905                 $notifyVote             = intPostVar('notifyVote');
2906                 $notifyNewItem  = intPostVar('notifyNewItem');
2907
2908                 if ($notifyComment == 0)        $notifyComment = 1;
2909                 if ($notifyVote == 0)           $notifyVote = 1;
2910                 if ($notifyNewItem == 0)        $notifyNewItem = 1;
2911
2912                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2913
2914
2915                 if ($notify) {
2916                         $not =& new NOTIFICATION($notify);
2917                         if (!$not->validAddresses())
2918                                 $this->error(_ERROR_BADNOTIFY);
2919
2920                 }
2921
2922                 if (!isValidShortName($shortname))
2923                         $this->error(_ERROR_BADSHORTBLOGNAME);
2924
2925                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))
2926                         $this->error(_ERROR_DUPSHORTBLOGNAME);
2927
2928                 // check if update file is writable
2929                 if ($updatefile && !is_writeable($updatefile))
2930                         $this->error(_ERROR_UPDATEFILE);
2931
2932                 $blog->setName(trim(postVar('name')));
2933                 $blog->setShortName($shortname);
2934                 $blog->setNotifyAddress($notify);
2935                 $blog->setNotifyType($notifyType);
2936                 $blog->setMaxComments(postVar('maxcomments'));
2937                 $blog->setCommentsEnabled(postVar('comments'));
2938                 $blog->setTimeOffset(postVar('timeoffset'));
2939                 $blog->setUpdateFile($updatefile);
2940                 $blog->setURL(trim(postVar('url')));
2941                 $blog->setDefaultSkin(intPostVar('defskin'));
2942                 $blog->setDescription(trim(postVar('desc')));
2943                 $blog->setPublic(postVar('public'));
2944                 $blog->setPingUserland(postVar('pinguserland'));
2945                 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2946                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
2947                 $blog->setDefaultCategory(intPostVar('defcat'));
2948                 $blog->setSearchable(intPostVar('searchable'));
2949                 $blog->setEmailRequired(intPostVar('reqemail'));
2950
2951                 $blog->writeSettings();
2952
2953                 // store plugin options
2954                 $aOptions = requestArray('plugoption');
2955                 NucleusPlugin::_applyPluginOptions($aOptions);
2956                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));
2957
2958
2959                 $this->action_overview(_MSG_SETTINGSCHANGED);
2960         }
2961
2962         /**
2963          * @todo document this
2964          */
2965         function action_deleteblog() {
2966                 global $member, $CONF, $manager;
2967
2968                 $blogid = intRequestVar('blogid');
2969
2970                 $member->blogAdminRights($blogid) or $this->disallow();
2971
2972                 // check if blog is default blog
2973                 if ($CONF['DefaultBlog'] == $blogid)
2974                         $this->error(_ERROR_DELDEFBLOG);
2975
2976                 $blog =& $manager->getBlog($blogid);
2977
2978                 $this->pagehead();
2979                 ?>
2980                         <h2><?php echo _DELETE_CONFIRM?></h2>
2981
2982                         <p><?php echo _WARNINGTXT_BLOGDEL?>
2983                         </p>
2984
2985                         <div>
2986                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>
2987                         </div>
2988
2989                         <form method="post" action="index.php"><div>
2990                         <input type="hidden" name="action" value="deleteblogconfirm" />
2991                         <?php $manager->addTicketHidden() ?>
2992                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2993                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2994                         </div></form>
2995                 <?php
2996                 $this->pagefoot();
2997         }
2998
2999         /**
3000          * @todo document this
3001          */
3002         function action_deleteblogconfirm() {
3003                 global $member, $CONF, $manager;
3004
3005                 $blogid = intRequestVar('blogid');
3006
3007                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));
3008
3009                 $member->blogAdminRights($blogid) or $this->disallow();
3010
3011                 // check if blog is default blog
3012                 if ($CONF['DefaultBlog'] == $blogid)
3013                         $this->error(_ERROR_DELDEFBLOG);
3014
3015                 // delete all comments
3016                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
3017                 sql_query($query);
3018
3019                 // delete all items
3020                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
3021                 sql_query($query);
3022
3023                 // delete all team members
3024                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
3025                 sql_query($query);
3026
3027                 // delete all bans
3028                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
3029                 sql_query($query);
3030
3031                 // delete all categories
3032                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
3033                 sql_query($query);
3034
3035                 // delete all associated plugin options
3036                 NucleusPlugin::_deleteOptionValues('blog', $blogid);
3037
3038                 // delete the blog itself
3039                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
3040                 sql_query($query);
3041
3042                 $manager->notify('PostDeleteBlog', array('blogid' => $blogid));
3043
3044                 $this->action_overview(_DELETED_BLOG);
3045         }
3046
3047         /**
3048          * @todo document this
3049          */
3050         function action_memberdelete() {
3051                 global $member, $manager;
3052
3053                 $memberid = intRequestVar('memberid');
3054
3055                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
3056
3057                 $mem = MEMBER::createFromID($memberid);
3058
3059                 $this->pagehead();
3060                 ?>
3061                         <h2><?php echo _DELETE_CONFIRM?></h2>
3062
3063                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo  $mem->getDisplayName() ?></b>
3064                         </p>
3065
3066                         <p>
3067                         Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)
3068                         </p>
3069
3070                         <form method="post" action="index.php"><div>
3071                         <input type="hidden" name="action" value="memberdeleteconfirm" />
3072                         <?php $manager->addTicketHidden() ?>
3073                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
3074                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
3075                         </div></form>
3076                 <?php
3077                 $this->pagefoot();
3078         }
3079
3080         /**
3081          * @todo document this
3082          */
3083         function action_memberdeleteconfirm() {
3084                 global $member;
3085
3086                 $memberid = intRequestVar('memberid');
3087
3088                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
3089
3090                 $error = $this->deleteOneMember($memberid);
3091                 if ($error)
3092                         $this->error($error);
3093
3094                 if ($member->isAdmin())
3095                         $this->action_usermanagement();
3096                 else
3097                         $this->action_overview(_DELETED_MEMBER);
3098         }
3099
3100         /**
3101          * @static
3102          * @todo document this
3103          */
3104         function deleteOneMember($memberid) {
3105                 global $manager;
3106
3107                 $memberid = intval($memberid);
3108                 $mem = MEMBER::createFromID($memberid);
3109
3110                 if (!$mem->canBeDeleted())
3111                         return _ERROR_DELETEMEMBER;
3112
3113                 $manager->notify('PreDeleteMember', array('member' => &$mem));
3114
3115                 /* unlink comments from memberid */
3116                 $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. addslashes($mem->getDisplayName())
3117                                         .'" WHERE cmember='.$memberid;
3118                 sql_query($query);
3119
3120                 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;
3121                 sql_query($query);
3122
3123                 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;
3124                 sql_query($query);
3125
3126                 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;
3127                 sql_query($query);
3128
3129                 // delete all associated plugin options
3130                 NucleusPlugin::_deleteOptionValues('member', $memberid);
3131
3132                 $manager->notify('PostDeleteMember', array('member' => &$mem));
3133
3134                 return '';
3135         }
3136
3137         /**
3138          * @todo document this
3139          */
3140         function action_createnewlog() {
3141                 global $member, $CONF, $manager;
3142
3143                 // Only Super-Admins can do this
3144                 $member->isAdmin() or $this->disallow();
3145
3146                 $this->pagehead();
3147
3148                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
3149                 ?>
3150                 <h2><?php echo _EBLOG_CREATE_TITLE?></h2>
3151
3152                 <h3>注意事項</h3>
3153
3154                 <p>作成にあたって、下記の<strong>注意事項</strong> をまずお読み下さい</p>
3155