OSDN Git Service

Merged codes from sourceforge.net.
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php\r
2 /*\r
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
4  * Copyright (C) 2002-2007 The Nucleus Group\r
5  *\r
6  * This program is free software; you can redistribute it and/or\r
7  * modify it under the terms of the GNU General Public License\r
8  * as published by the Free Software Foundation; either version 2\r
9  * of the License, or (at your option) any later version.\r
10  * (see nucleus/documentation/index.html#license for more info)\r
11  */\r
12 /**\r
13  * The code for the Nucleus admin area\r
14  *\r
15  * @license http://nucleuscms.org/license.txt GNU General Public License\r
16  * @copyright Copyright (C) 2002-2007 The Nucleus Group\r
17  * @version $Id: ADMIN.php,v 1.24 2008-02-08 09:31:22 kimitake Exp $\r
18  * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $\r
19  */\r
20 \r
21 if ( !function_exists('requestVar') ) exit;\r
22 require_once dirname(__FILE__) . '/showlist.php';\r
23 \r
24 /**\r
25  * Builds the admin area and executes admin actions\r
26  */\r
27 class ADMIN {\r
28 \r
29         /**\r
30          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)\r
31          */\r
32         var $action;\r
33 \r
34         /**\r
35          * Class constructor\r
36          */\r
37         function ADMIN() {\r
38 \r
39         }\r
40 \r
41         /**\r
42          * Executes an action\r
43          *\r
44          * @param string $action action to be performed\r
45          */\r
46         function action($action) {\r
47                 global $CONF, $manager;\r
48 \r
49                 // list of action aliases\r
50                 $alias = array(\r
51                         'login' => 'overview',\r
52                         '' => 'overview'\r
53                 );\r
54 \r
55                 if (isset($alias[$action]))\r
56                         $action = $alias[$action];\r
57 \r
58                 $methodName = 'action_' . $action;\r
59 \r
60                 $this->action = strtolower($action);\r
61 \r
62                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
63                 // is an action that requires user interaction before something is actually done)\r
64                 // all safe actions are in this array:\r
65                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');\r
66 /*\r
67                 // the rest of the actions needs to be checked\r
68                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');\r
69 */\r
70                 if (!in_array($this->action, $aActionsNotToCheck))\r
71                 {\r
72                         if (!$manager->checkTicket())\r
73                                 $this->error(_ERROR_BADTICKET);\r
74                 }\r
75 \r
76                 if (method_exists($this, $methodName))\r
77                         call_user_func(array(&$this, $methodName));\r
78                 else\r
79                         $this->error(_BADACTION . htmlspecialchars(" ($action)"));\r
80 \r
81         }\r
82 \r
83         /**\r
84          * @todo document this\r
85          */\r
86         function action_showlogin() {\r
87                 global $error;\r
88                 $this->action_login($error);\r
89         }\r
90 \r
91         /**\r
92          * @todo document this\r
93          */\r
94         function action_login($msg = '', $passvars = 1) {\r
95                 global $member;\r
96 \r
97                 // skip to overview when allowed\r
98                 if ($member->isLoggedIn() && $member->canLogin()) {\r
99                         $this->action_overview();\r
100                         exit;\r
101                 }\r
102 \r
103                 $this->pagehead();\r
104 \r
105                 echo '<h2>', _LOGIN ,'</h2>';\r
106                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
107                 ?>\r
108 \r
109                 <form action="index.php" method="post"><p>\r
110                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />\r
111                 <br />\r
112                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />\r
113                 <br />\r
114                 <input name="action" value="login" type="hidden" />\r
115                 <br />\r
116                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
117                 <br />\r
118                 <small>\r
119                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
120                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
121                 </small>\r
122                 <?php                   // pass through vars\r
123 \r
124                         $oldaction = postVar('oldaction');\r
125                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
126                                 passRequestVars();\r
127                         }\r
128 \r
129 \r
130                 ?>\r
131                 </p></form>\r
132                 <?php           $this->pagefoot();\r
133         }\r
134 \r
135 \r
136         /**\r
137          * provides a screen with the overview of the actions available\r
138          * @todo document parameter\r
139          */\r
140         function action_overview($msg = '') {\r
141                 global $member;\r
142 \r
143                 $this->pagehead();\r
144 \r
145                 if ($msg)\r
146                         echo _MESSAGE , ': ', $msg;\r
147 \r
148                 /* ---- add items ---- */\r
149                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
150 \r
151                 $showAll = requestVar('showall');\r
152 \r
153                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
154                         // Super-Admins have access to all blogs! (no add item support though)\r
155                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
156                                    . ' FROM ' . sql_table('blog')\r
157                                    . ' ORDER BY bname';\r
158                 } else {\r
159                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
160                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
161                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
162                                    . ' ORDER BY bname';\r
163                 }\r
164                 $template['content'] = 'bloglist';\r
165                 $template['superadmin'] = $member->isAdmin();\r
166                 $amount = showlist($query,'table',$template);\r
167 \r
168                 if (($showAll != 'yes') && ($member->isAdmin())) {\r
169                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
170                         if ($total > $amount)\r
171                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';\r
172                 }\r
173 \r
174                 if ($amount == 0)\r
175                         echo _OVERVIEW_NOBLOGS;\r
176 \r
177                 if ($amount != 0) {\r
178                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
179                         $query =  'SELECT ititle, inumber, bshortname'\r
180                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
181                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
182                         $template['content'] = 'draftlist';\r
183                         $amountdrafts = showlist($query, 'table', $template);\r
184                         if ($amountdrafts == 0)\r
185                                 echo _OVERVIEW_NODRAFTS;\r
186                 }\r
187 \r
188                 /* ---- user settings ---- */\r
189                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
190                 echo '<ul>';\r
191                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
192                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
193                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
194                 echo '</ul>';\r
195 \r
196                 /* ---- general settings ---- */\r
197                 if ($member->isAdmin()) {\r
198                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
199                         echo '<ul>';\r
200                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
201                         echo '</ul>';\r
202                 }\r
203 \r
204 \r
205                 $this->pagefoot();\r
206         }\r
207 \r
208         /**\r
209          * Returns a link to a weblog\r
210          * @param object BLOG\r
211          */\r
212         function bloglink(&$blog) {\r
213                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';\r
214         }\r
215 \r
216         /**\r
217          * @todo document this\r
218          */\r
219         function action_manage($msg = '') {\r
220                 global $member;\r
221 \r
222                 $member->isAdmin() or $this->disallow();\r
223 \r
224                 $this->pagehead();\r
225 \r
226                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
227 \r
228                 if ($msg)\r
229                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
230 \r
231 \r
232                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
233 \r
234                 echo '<ul>';\r
235                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
236                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
237                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
238                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
239                 echo '</ul>';\r
240 \r
241                 echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
242                 echo '<ul>';\r
243                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
244                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
245                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
246                 echo '</ul>';\r
247 \r
248                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
249                 echo '<ul>';\r
250                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
251                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
252                 echo '</ul>';\r
253 \r
254                 $this->pagefoot();\r
255         }\r
256 \r
257         /**\r
258          * @todo document this\r
259          */\r
260         function action_itemlist($blogid = '') {\r
261                 global $member, $manager;\r
262 \r
263                 if ($blogid == '')\r
264                         $blogid = intRequestVar('blogid');\r
265 \r
266                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
267 \r
268                 $this->pagehead();\r
269                 $blog =& $manager->getBlog($blogid);\r
270 \r
271                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
272                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
273 \r
274                 // start index\r
275                 if (postVar('start'))\r
276                         $start = intPostVar('start');\r
277                 else\r
278                         $start = 0;\r
279 \r
280                 if ($start == 0)\r
281                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
282 \r
283                 // amount of items to show\r
284                 if (postVar('amount'))\r
285                         $amount = intPostVar('amount');\r
286                 else\r
287                         $amount = 10;\r
288 \r
289                 $search = postVar('search');    // search through items\r
290 \r
291                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'\r
292                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
293                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
294 \r
295                 if ($search)\r
296                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
297 \r
298                 // non-blog-admins can only edit/delete their own items\r
299                 if (!$member->blogAdminRights($blogid))\r
300                         $query .= ' and iauthor=' . $member->getID();\r
301 \r
302 \r
303                 $query .= ' ORDER BY itime DESC'\r
304                                 . " LIMIT $start,$amount";\r
305 \r
306                 $template['content'] = 'itemlist';\r
307                 $template['now'] = $blog->getCorrectTime(time());\r
308 \r
309                 $manager->loadClass("ENCAPSULATE");\r
310                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
311                 $navList->showBatchList('item',$query,'table',$template);\r
312 \r
313 \r
314                 $this->pagefoot();\r
315         }\r
316 \r
317         /**\r
318          * @todo document this\r
319          */\r
320         function action_batchitem() {\r
321                 global $member, $manager;\r
322 \r
323                 // check if logged in\r
324                 $member->isLoggedIn() or $this->disallow();\r
325 \r
326                 // more precise check will be done for each performed operation\r
327 \r
328                 // get array of itemids from request\r
329                 $selected = requestIntArray('batch');\r
330                 $action = requestVar('batchaction');\r
331 \r
332                 // Show error when no items were selected\r
333                 if (!is_array($selected) || sizeof($selected) == 0)\r
334                         $this->error(_BATCH_NOSELECTION);\r
335 \r
336                 // On move: when no destination blog/category chosen, show choice now\r
337                 $destCatid = intRequestVar('destcatid');\r
338                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
339                         $this->batchMoveSelectDestination('item',$selected);\r
340 \r
341                 // On delete: check if confirmation has been given\r
342                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
343                         $this->batchAskDeleteConfirmation('item',$selected);\r
344 \r
345                 $this->pagehead();\r
346 \r
347                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
348                 echo '<h2>',_BATCH_ITEMS,'</h2>';\r
349                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
350                 echo '<ul>';\r
351 \r
352 \r
353                 // walk over all itemids and perform action\r
354                 foreach ($selected as $itemid) {\r
355                         $itemid = intval($itemid);\r
356                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
357 \r
358                         // perform action, display errors if needed\r
359                         switch($action) {\r
360                                 case 'delete':\r
361                                         $error = $this->deleteOneItem($itemid);\r
362                                         break;\r
363                                 case 'move':\r
364                                         $error = $this->moveOneItem($itemid, $destCatid);\r
365                                         break;\r
366                                 default:\r
367                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
368                         }\r
369 \r
370                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
371                         echo '</li>';\r
372                 }\r
373 \r
374                 echo '</ul>';\r
375                 echo '<b>',_BATCH_DONE,'</b>';\r
376 \r
377                 $this->pagefoot();\r
378 \r
379 \r
380         }\r
381 \r
382         /**\r
383          * @todo document this\r
384          */\r
385         function action_batchcomment() {\r
386                 global $member;\r
387 \r
388                 // check if logged in\r
389                 $member->isLoggedIn() or $this->disallow();\r
390 \r
391                 // more precise check will be done for each performed operation\r
392 \r
393                 // get array of itemids from request\r
394                 $selected = requestIntArray('batch');\r
395                 $action = requestVar('batchaction');\r
396 \r
397                 // Show error when no items were selected\r
398                 if (!is_array($selected) || sizeof($selected) == 0)\r
399                         $this->error(_BATCH_NOSELECTION);\r
400 \r
401                 // On delete: check if confirmation has been given\r
402                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
403                         $this->batchAskDeleteConfirmation('comment',$selected);\r
404 \r
405                 $this->pagehead();\r
406 \r
407                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
408                 echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
409                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
410                 echo '<ul>';\r
411 \r
412                 // walk over all itemids and perform action\r
413                 foreach ($selected as $commentid) {\r
414                         $commentid = intval($commentid);\r
415                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
416 \r
417                         // perform action, display errors if needed\r
418                         switch($action) {\r
419                                 case 'delete':\r
420                                         $error = $this->deleteOneComment($commentid);\r
421                                         break;\r
422                                 default:\r
423                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
424                         }\r
425 \r
426                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
427                         echo '</li>';\r
428                 }\r
429 \r
430                 echo '</ul>';\r
431                 echo '<b>',_BATCH_DONE,'</b>';\r
432 \r
433                 $this->pagefoot();\r
434 \r
435 \r
436         }\r
437 \r
438         /**\r
439          * @todo document this\r
440          */\r
441         function action_batchmember() {\r
442                 global $member;\r
443 \r
444                 // check if logged in and admin\r
445                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
446 \r
447                 // get array of itemids from request\r
448                 $selected = requestIntArray('batch');\r
449                 $action = requestVar('batchaction');\r
450 \r
451                 // Show error when no members selected\r
452                 if (!is_array($selected) || sizeof($selected) == 0)\r
453                         $this->error(_BATCH_NOSELECTION);\r
454 \r
455                 // On delete: check if confirmation has been given\r
456                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
457                         $this->batchAskDeleteConfirmation('member',$selected);\r
458 \r
459                 $this->pagehead();\r
460 \r
461                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
462                 echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
463                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
464                 echo '<ul>';\r
465 \r
466                 // walk over all itemids and perform action\r
467                 foreach ($selected as $memberid) {\r
468                         $memberid = intval($memberid);\r
469                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
470 \r
471                         // perform action, display errors if needed\r
472                         switch($action) {\r
473                                 case 'delete':\r
474                                         $error = $this->deleteOneMember($memberid);\r
475                                         break;\r
476                                 case 'setadmin':\r
477                                         // always succeeds\r
478                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
479                                         $error = '';\r
480                                         break;\r
481                                 case 'unsetadmin':\r
482                                         // there should always remain at least one super-admin\r
483                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
484                                         if (mysql_num_rows($r) < 2)\r
485                                                 $error = _ERROR_ATLEASTONEADMIN;\r
486                                         else\r
487                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
488                                         break;\r
489                                 default:\r
490                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
491                         }\r
492 \r
493                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
494                         echo '</li>';\r
495                 }\r
496 \r
497                 echo '</ul>';\r
498                 echo '<b>',_BATCH_DONE,'</b>';\r
499 \r
500                 $this->pagefoot();\r
501 \r
502 \r
503         }\r
504 \r
505         /**\r
506          * @todo document this\r
507          */\r
508         function action_batchteam() {\r
509                 global $member;\r
510 \r
511                 $blogid = intRequestVar('blogid');\r
512 \r
513                 // check if logged in and admin\r
514                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
515 \r
516                 // get array of itemids from request\r
517                 $selected = requestIntArray('batch');\r
518                 $action = requestVar('batchaction');\r
519 \r
520                 // Show error when no members selected\r
521                 if (!is_array($selected) || sizeof($selected) == 0)\r
522                         $this->error(_BATCH_NOSELECTION);\r
523 \r
524                 // On delete: check if confirmation has been given\r
525                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
526                         $this->batchAskDeleteConfirmation('team',$selected);\r
527 \r
528                 $this->pagehead();\r
529 \r
530                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
531 \r
532                 echo '<h2>',_BATCH_TEAM,'</h2>';\r
533                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
534                 echo '<ul>';\r
535 \r
536                 // walk over all itemids and perform action\r
537                 foreach ($selected as $memberid) {\r
538                         $memberid = intval($memberid);\r
539                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
540 \r
541                         // perform action, display errors if needed\r
542                         switch($action) {\r
543                                 case 'delete':\r
544                                         $error = $this->deleteOneTeamMember($blogid, $memberid);\r
545                                         break;\r
546                                 case 'setadmin':\r
547                                         // always succeeds\r
548                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
549                                         $error = '';\r
550                                         break;\r
551                                 case 'unsetadmin':\r
552                                         // there should always remain at least one admin\r
553                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
554                                         if (mysql_num_rows($r) < 2)\r
555                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;\r
556                                         else\r
557                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
558                                         break;\r
559                                 default:\r
560                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
561                         }\r
562 \r
563                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
564                         echo '</li>';\r
565                 }\r
566 \r
567                 echo '</ul>';\r
568                 echo '<b>',_BATCH_DONE,'</b>';\r
569 \r
570                 $this->pagefoot();\r
571 \r
572 \r
573         }\r
574 \r
575         /**\r
576          * @todo document this\r
577          */\r
578         function action_batchcategory() {\r
579                 global $member, $manager;\r
580 \r
581                 // check if logged in\r
582                 $member->isLoggedIn() or $this->disallow();\r
583 \r
584                 // more precise check will be done for each performed operation\r
585 \r
586                 // get array of itemids from request\r
587                 $selected = requestIntArray('batch');\r
588                 $action = requestVar('batchaction');\r
589 \r
590                 // Show error when no items were selected\r
591                 if (!is_array($selected) || sizeof($selected) == 0)\r
592                         $this->error(_BATCH_NOSELECTION);\r
593 \r
594                 // On move: when no destination blog chosen, show choice now\r
595                 $destBlogId = intRequestVar('destblogid');\r
596                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
597                         $this->batchMoveCategorySelectDestination('category',$selected);\r
598 \r
599                 // On delete: check if confirmation has been given\r
600                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
601                         $this->batchAskDeleteConfirmation('category',$selected);\r
602 \r
603                 $this->pagehead();\r
604 \r
605                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
606                 echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
607                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
608                 echo '<ul>';\r
609 \r
610                 // walk over all itemids and perform action\r
611                 foreach ($selected as $catid) {\r
612                         $catid = intval($catid);\r
613                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
614 \r
615                         // perform action, display errors if needed\r
616                         switch($action) {\r
617                                 case 'delete':\r
618                                         $error = $this->deleteOneCategory($catid);\r
619                                         break;\r
620                                 case 'move':\r
621                                         $error = $this->moveOneCategory($catid, $destBlogId);\r
622                                         break;\r
623                                 default:\r
624                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
625                         }\r
626 \r
627                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';\r
628                         echo '</li>';\r
629                 }\r
630 \r
631                 echo '</ul>';\r
632                 echo '<b>',_BATCH_DONE,'</b>';\r
633 \r
634                 $this->pagefoot();\r
635 \r
636         }\r
637 \r
638         /**\r
639          * @todo document this\r
640          */\r
641         function batchMoveSelectDestination($type, $ids) {\r
642                 global $manager;\r
643                 $this->pagehead();\r
644                 ?>\r
645                 <h2><?php echo _MOVE_TITLE?></h2>\r
646                 <form method="post" action="index.php"><div>\r
647 \r
648                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
649                         <input type="hidden" name="batchaction" value="move" />\r
650                         <?php\r
651                                 $manager->addTicketHidden();\r
652 \r
653                                 // insert selected item numbers\r
654                                 $idx = 0;\r
655                                 foreach ($ids as $id)\r
656                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
657 \r
658                                 // show blog/category selection list\r
659                                 $this->selectBlogCategory('destcatid');\r
660 \r
661                         ?>\r
662 \r
663 \r
664                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
665 \r
666                 </div></form>\r
667                 <?php           $this->pagefoot();\r
668                 exit;\r
669         }\r
670 \r
671         /**\r
672          * @todo document this\r
673          */\r
674         function batchMoveCategorySelectDestination($type, $ids) {\r
675                 global $manager;\r
676                 $this->pagehead();\r
677                 ?>\r
678                 <h2><?php echo _MOVECAT_TITLE?></h2>\r
679                 <form method="post" action="index.php"><div>\r
680 \r
681                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
682                         <input type="hidden" name="batchaction" value="move" />\r
683                         <?php\r
684                                 $manager->addTicketHidden();\r
685 \r
686                                 // insert selected item numbers\r
687                                 $idx = 0;\r
688                                 foreach ($ids as $id)\r
689                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
690 \r
691                                 // show blog/category selection list\r
692                                 $this->selectBlog('destblogid');\r
693 \r
694                         ?>\r
695 \r
696 \r
697                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
698 \r
699                 </div></form>\r
700                 <?php           $this->pagefoot();\r
701                 exit;\r
702         }\r
703 \r
704         /**\r
705          * @todo document this\r
706          */\r
707         function batchAskDeleteConfirmation($type, $ids) {\r
708                 global $manager;\r
709 \r
710                 $this->pagehead();\r
711                 ?>\r
712                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
713                 <form method="post" action="index.php"><div>\r
714 \r
715                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
716                         <?php $manager->addTicketHidden() ?>\r
717                         <input type="hidden" name="batchaction" value="delete" />\r
718                         <input type="hidden" name="confirmation" value="yes" />\r
719                         <?php                           // insert selected item numbers\r
720                                 $idx = 0;\r
721                                 foreach ($ids as $id)\r
722                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
723 \r
724                                 // add hidden vars for team & comment\r
725                                 if ($type == 'team')\r
726                                 {\r
727                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
728                                 }\r
729                                 if ($type == 'comment')\r
730                                 {\r
731                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
732                                 }\r
733 \r
734                         ?>\r
735 \r
736                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
737 \r
738                 </div></form>\r
739                 <?php           $this->pagefoot();\r
740                 exit;\r
741         }\r
742 \r
743 \r
744         /**\r
745          * Inserts a HTML select element with choices for all categories to which the current\r
746          * member has access\r
747          * @see function selectBlog\r
748          */\r
749         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
750                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
751         }\r
752 \r
753         /**\r
754          * Inserts a HTML select element with choices for all blogs to which the user has access\r
755          *              mode = 'blog' => shows blognames and values are blogids\r
756          *              mode = 'category' => show category names and values are catids\r
757          *\r
758          * @param $iForcedBlogInclude\r
759          *              ID of a blog that always needs to be included, without checking if the\r
760          *              member is on the blog team (-1 = none)\r
761          * @todo document parameters\r
762          */\r
763         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
764                 global $member, $CONF;\r
765 \r
766                 // 0. get IDs of blogs to which member can post items (+ forced blog)\r
767                 $aBlogIds = array();\r
768                 if ($iForcedBlogInclude != -1)\r
769                         $aBlogIds[] = intval($iForcedBlogInclude);\r
770 \r
771                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
772                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
773                 else\r
774                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
775                 $rblogids = sql_query($queryBlogs);\r
776                 while ($o = mysql_fetch_object($rblogids))\r
777                         if ($o->bnumber != $iForcedBlogInclude)\r
778                                 $aBlogIds[] = intval($o->bnumber);\r
779 \r
780                 if (count($aBlogIds) == 0)\r
781                         return;\r
782 \r
783                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
784 \r
785                 // 1. select blogs (we'll create optiongroups)\r
786                 // (only select those blogs that have the user on the team)\r
787                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
788                 $blogs = sql_query($queryBlogs);\r
789                 if ($mode == 'category') {\r
790                         if (mysql_num_rows($blogs) > 1)\r
791                                 $multipleBlogs = 1;\r
792 \r
793                         while ($oBlog = mysql_fetch_object($blogs)) {\r
794                                 if ($multipleBlogs)\r
795                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
796 \r
797                                 // show selection to create new category when allowed/wanted\r
798                                 if ($showNewCat) {\r
799                                         // check if allowed to do so\r
800                                         if ($member->blogAdminRights($oBlog->bnumber))\r
801                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
802                                 }\r
803 \r
804                                 // 2. for each category in that blog\r
805                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
806                                 while ($oCat = mysql_fetch_object($categories)) {\r
807                                         if ($oCat->catid == $selected)\r
808                                                 $selectText = ' selected="selected" ';\r
809                                         else\r
810                                                 $selectText = '';\r
811                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
812                                 }\r
813 \r
814                                 if ($multipleBlogs)\r
815                                         echo '</optgroup>';\r
816                         }\r
817                 } else {\r
818                         // blog mode\r
819                         while ($oBlog = mysql_fetch_object($blogs)) {\r
820                                 echo '<option value="',$oBlog->bnumber,'"';\r
821                                 if ($oBlog->bnumber == $selected)\r
822                                         echo ' selected="selected"';\r
823                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
824                         }\r
825                 }\r
826                 echo '</select>';\r
827 \r
828         }\r
829 \r
830         /**\r
831          * @todo document this\r
832          */\r
833         function action_browseownitems() {\r
834                 global $member, $manager;\r
835 \r
836                 $this->pagehead();\r
837 \r
838                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
839                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
840 \r
841                 // start index\r
842                 if (postVar('start'))\r
843                         $start = intPostVar('start');\r
844                 else\r
845                         $start = 0;\r
846 \r
847                 // amount of items to show\r
848                 if (postVar('amount'))\r
849                         $amount = intPostVar('amount');\r
850                 else\r
851                         $amount = 10;\r
852 \r
853                 $search = postVar('search');    // search through items\r
854 \r
855                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
856                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
857                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
858 \r
859                 if ($search)\r
860                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
861 \r
862                 $query .= ' ORDER BY itime DESC'\r
863                                 . " LIMIT $start,$amount";\r
864 \r
865                 $template['content'] = 'itemlist';\r
866                 $template['now'] = time();\r
867 \r
868                 $manager->loadClass("ENCAPSULATE");\r
869                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);\r
870                 $navList->showBatchList('item',$query,'table',$template);\r
871 \r
872                 $this->pagefoot();\r
873 \r
874         }\r
875 \r
876         /**\r
877          * Show all the comments for a given item\r
878          * @param int $itemid\r
879          */\r
880         function action_itemcommentlist($itemid = '') {\r
881                 global $member, $manager;\r
882 \r
883                 if ($itemid == '')\r
884                         $itemid = intRequestVar('itemid');\r
885 \r
886                 // only allow if user is allowed to alter item\r
887                 $member->canAlterItem($itemid) or $this->disallow();\r
888 \r
889                 $blogid = getBlogIdFromItemId($itemid);\r
890 \r
891                 $this->pagehead();\r
892 \r
893                 // start index\r
894                 if (postVar('start'))\r
895                         $start = intPostVar('start');\r
896                 else\r
897                         $start = 0;\r
898 \r
899                 // amount of items to show\r
900                 if (postVar('amount'))\r
901                         $amount = intPostVar('amount');\r
902                 else\r
903                         $amount = 10;\r
904 \r
905                 $search = postVar('search');\r
906 \r
907                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
908                 echo '<h2>',_COMMENTS,'</h2>';\r
909 \r
910                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;\r
911 \r
912                 if ($search)\r
913                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
914 \r
915                 $query .= ' ORDER BY ctime ASC'\r
916                                 . " LIMIT $start,$amount";\r
917 \r
918                 $template['content'] = 'commentlist';\r
919                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
920 \r
921                 $manager->loadClass("ENCAPSULATE");\r
922                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
923                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
924 \r
925                 $this->pagefoot();\r
926         }\r
927 \r
928         /**\r
929          * Browse own comments\r
930          */\r
931         function action_browseowncomments() {\r
932                 global $member, $manager;\r
933 \r
934                 // start index\r
935                 if (postVar('start'))\r
936                         $start = intPostVar('start');\r
937                 else\r
938                         $start = 0;\r
939 \r
940                 // amount of items to show\r
941                 if (postVar('amount'))\r
942                         $amount = intPostVar('amount');\r
943                 else\r
944                         $amount = 10;\r
945 \r
946                 $search = postVar('search');\r
947 \r
948 \r
949                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
950 \r
951                 if ($search)\r
952                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
953 \r
954                 $query .= ' ORDER BY ctime DESC'\r
955                                 . " LIMIT $start,$amount";\r
956 \r
957                 $this->pagehead();\r
958 \r
959                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
960                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
961 \r
962                 $template['content'] = 'commentlist';\r
963                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself\r
964 \r
965                 $manager->loadClass("ENCAPSULATE");\r
966                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
967                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
968 \r
969                 $this->pagefoot();\r
970         }\r
971 \r
972         /**\r
973          * Browse all comments for a weblog\r
974          * @param int $blogid\r
975          */\r
976         function action_blogcommentlist($blogid = '')\r
977         {\r
978                 global $member, $manager;\r
979 \r
980                 if ($blogid == '')\r
981                         $blogid = intRequestVar('blogid');\r
982                 else\r
983                         $blogid = intval($blogid);\r
984 \r
985                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
986 \r
987                 // start index\r
988                 if (postVar('start'))\r
989                         $start = intPostVar('start');\r
990                 else\r
991                         $start = 0;\r
992 \r
993                 // amount of items to show\r
994                 if (postVar('amount'))\r
995                         $amount = intPostVar('amount');\r
996                 else\r
997                         $amount = 10;\r
998 \r
999                 $search = postVar('search');            // search through comments\r
1000 \r
1001 \r
1002                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
1003 \r
1004                 if ($search != '')\r
1005                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
1006 \r
1007 \r
1008                 $query .= ' ORDER BY ctime DESC'\r
1009                                 . " LIMIT $start,$amount";\r
1010 \r
1011 \r
1012                 $blog =& $manager->getBlog($blogid);\r
1013 \r
1014                 $this->pagehead();\r
1015 \r
1016                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
1017                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
1018 \r
1019                 $template['content'] = 'commentlist';\r
1020                 $template['canAddBan'] = $member->blogAdminRights($blogid);\r
1021 \r
1022                 $manager->loadClass("ENCAPSULATE");\r
1023                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
1024                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
1025 \r
1026                 $this->pagefoot();\r
1027         }\r
1028 \r
1029         /**\r
1030          * Provide a page to item a new item to the given blog\r
1031          */\r
1032         function action_createitem() {\r
1033                 global $member, $manager;\r
1034 \r
1035                 $blogid = intRequestVar('blogid');\r
1036 \r
1037                 // check if allowed\r
1038                 $member->teamRights($blogid) or $this->disallow();\r
1039 \r
1040                 $memberid = $member->getID();\r
1041 \r
1042                 $blog =& $manager->getBlog($blogid);\r
1043 \r
1044                 $this->pagehead();\r
1045 \r
1046                 // generate the add-item form\r
1047                 $formfactory =& new PAGEFACTORY($blogid);\r
1048                 $formfactory->createAddForm('admin');\r
1049 \r
1050                 $this->pagefoot();\r
1051         }\r
1052 \r
1053         /**\r
1054          * @todo document this\r
1055          */\r
1056         function action_itemedit() {\r
1057                 global $member, $manager;\r
1058 \r
1059                 $itemid = intRequestVar('itemid');\r
1060 \r
1061                 // only allow if user is allowed to alter item\r
1062                 $member->canAlterItem($itemid) or $this->disallow();\r
1063 \r
1064                 $item =& $manager->getItem($itemid,1,1);\r
1065                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
1066 \r
1067                 $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
1068 \r
1069                 if ($blog->convertBreaks()) {\r
1070                         $item['body'] = removeBreaks($item['body']);\r
1071                         $item['more'] = removeBreaks($item['more']);\r
1072                 }\r
1073 \r
1074                 // form to edit blog items\r
1075                 $this->pagehead();\r
1076                 $formfactory =& new PAGEFACTORY($blog->getID());\r
1077                 $formfactory->createEditForm('admin',$item);\r
1078                 $this->pagefoot();\r
1079         }\r
1080 \r
1081         /**\r
1082          * @todo document this\r
1083          */\r
1084         function action_itemupdate() {\r
1085                 global $member, $manager, $CONF;\r
1086 \r
1087                 $itemid = intRequestVar('itemid');\r
1088                 $catid = postVar('catid');\r
1089 \r
1090                 // only allow if user is allowed to alter item\r
1091                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1092 \r
1093                 $actiontype = postVar('actiontype');\r
1094 \r
1095                 // delete actions are handled by itemdelete (which has confirmation)\r
1096                 if ($actiontype == 'delete') {\r
1097                         $this->action_itemdelete();\r
1098                         return;\r
1099                 }\r
1100 \r
1101                 $body   = postVar('body');\r
1102                 $title  = postVar('title');\r
1103                 $more   = postVar('more');\r
1104                 $closed = intPostVar('closed');\r
1105                 $draftid = intPostVar('draftid');\r
1106 \r
1107                 // default action = add now\r
1108                 if (!$actiontype)\r
1109                         $actiontype='addnow';\r
1110 \r
1111                 // create new category if needed\r
1112                 if (strstr($catid,'newcat')) {\r
1113                         // get blogid\r
1114                         list($blogid) = sscanf($catid,"newcat-%d");\r
1115 \r
1116                         // create\r
1117                         $blog =& $manager->getBlog($blogid);\r
1118                         $catid = $blog->createNewCategory();\r
1119 \r
1120                         // show error when sth goes wrong\r
1121                         if (!$catid)\r
1122                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1123                 }\r
1124 \r
1125                 /*\r
1126                         set some variables based on actiontype\r
1127 \r
1128                         actiontypes:\r
1129                                 draft items -> addnow, addfuture, adddraft, delete\r
1130                                 non-draft items -> edit, changedate, delete\r
1131 \r
1132                         variables set:\r
1133                                 $timestamp: set to a nonzero value for future dates or date changes\r
1134                                 $wasdraft: set to 1 when the item used to be a draft item\r
1135                                 $publish: set to 1 when the edited item is not a draft\r
1136                 */\r
1137                 switch ($actiontype) {\r
1138                         case 'adddraft':\r
1139                                 $publish = 0;\r
1140                                 $wasdraft = 1;\r
1141                                 $timestamp = 0;\r
1142                                 break;\r
1143                         case 'addfuture':\r
1144                                 $wasdraft = 1;\r
1145                                 $publish = 1;\r
1146                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
1147                                 break;\r
1148                         case 'addnow':\r
1149                                 $wasdraft = 1;\r
1150                                 $publish = 1;\r
1151                                 $timestamp = 0;\r
1152                                 break;\r
1153                         case 'changedate':\r
1154                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
1155                                 $publish = 1;\r
1156                                 $wasdraft = 0;\r
1157                                 break;\r
1158                         case 'edit':\r
1159                         default:\r
1160                                 $publish = 1;\r
1161                                 $wasdraft = 0;\r
1162                                 $timestamp = 0;\r
1163                 }\r
1164 \r
1165                 // edit the item for real\r
1166                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
1167 \r
1168                 $blogid = getBlogIDFromItemID($itemid);\r
1169                 $blog =& $manager->getBlog($blogid);\r
1170 \r
1171                 $isFuture = 0;\r
1172                 if ($timestamp > $blog->getCorrectTime(time())) {\r
1173                         $isFuture = 1;\r
1174                 }\r
1175 \r
1176                 $this->updateFuturePosted($blogid);\r
1177 \r
1178                 if ($draftid > 0) {\r
1179                         // delete permission is checked inside ITEM::delete()\r
1180                         ITEM::delete($draftid);\r
1181                 }\r
1182 \r
1183                 if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) {\r
1184                         $this->action_sendping($blogid);\r
1185                         return;\r
1186                 }\r
1187 \r
1188                 // show category edit window when we created a new category\r
1189                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
1190                 if ($catid != intPostVar('catid')) {\r
1191                         $this->action_categoryedit(\r
1192                                 $catid,\r
1193                                 $blog->getID(),\r
1194                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
1195                         );\r
1196                 } else {\r
1197                         // TODO: set start item correctly for itemlist\r
1198                         $this->action_itemlist(getBlogIDFromItemID($itemid));\r
1199                 }\r
1200         }\r
1201 \r
1202         /**\r
1203          * @todo document this\r
1204          */\r
1205         function action_itemdelete() {\r
1206                 global $member, $manager;\r
1207 \r
1208                 $itemid = intRequestVar('itemid');\r
1209 \r
1210                 // only allow if user is allowed to alter item\r
1211                 $member->canAlterItem($itemid) or $this->disallow();\r
1212 \r
1213                 if (!$manager->existsItem($itemid,1,1))\r
1214                         $this->error(_ERROR_NOSUCHITEM);\r
1215 \r
1216                 $item =& $manager->getItem($itemid,1,1);\r
1217                 $title = htmlspecialchars(strip_tags($item['title']));\r
1218                 $body = strip_tags($item['body']);\r
1219                 $body = htmlspecialchars(shorten($body,300,'...'));\r
1220 \r
1221                 $this->pagehead();\r
1222                 ?>\r
1223                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1224 \r
1225                         <p><?php echo _CONFIRMTXT_ITEM?></p>\r
1226 \r
1227                         <div class="note">\r
1228                                 <b>"<?php echo  $title ?>"</b>\r
1229                                 <br />\r
1230                                 <?php echo $body?>\r
1231                         </div>\r
1232 \r
1233                         <form method="post" action="index.php"><div>\r
1234                                 <input type="hidden" name="action" value="itemdeleteconfirm" />\r
1235                                 <?php $manager->addTicketHidden() ?>\r
1236                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1237                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
1238                         </div></form>\r
1239                 <?php\r
1240                 $this->pagefoot();\r
1241         }\r
1242 \r
1243         /**\r
1244          * @todo document this\r
1245          */\r
1246         function action_itemdeleteconfirm() {\r
1247                 global $member;\r
1248 \r
1249                 $itemid = intRequestVar('itemid');\r
1250 \r
1251                 // only allow if user is allowed to alter item\r
1252                 $member->canAlterItem($itemid) or $this->disallow();\r
1253 \r
1254                 // get blogid first\r
1255                 $blogid = getBlogIdFromItemId($itemid);\r
1256 \r
1257                 // delete item (note: some checks will be performed twice)\r
1258                 $this->deleteOneItem($itemid);\r
1259 \r
1260                 $this->action_itemlist($blogid);\r
1261         }\r
1262 \r
1263         /**\r
1264          * Deletes one item and returns error if something goes wrong\r
1265          * @param int $itemid\r
1266          */\r
1267         function deleteOneItem($itemid) {\r
1268                 global $member, $manager;\r
1269 \r
1270                 // only allow if user is allowed to alter item (also checks if itemid exists)\r
1271                 if (!$member->canAlterItem($itemid))\r
1272                         return _ERROR_DISALLOWED;\r
1273 \r
1274                 // need to get blogid before the item is deleted\r
1275                 $blogid = getBlogIDFromItemId($itemid);\r
1276 \r
1277                 $manager->loadClass('ITEM');\r
1278                 ITEM::delete($itemid);\r
1279 \r
1280                 // update blog's futureposted\r
1281                 $this->updateFuturePosted($blogid);\r
1282         }\r
1283 \r
1284         /**\r
1285          * Update a blog's future posted flag\r
1286          * @param int $blogid\r
1287          */\r
1288         function updateFuturePosted($blogid) {\r
1289                 global $manager;\r
1290 \r
1291                 $blog =& $manager->getBlog($blogid);\r
1292                 $currenttime = $blog->getCorrectTime(time());\r
1293                 $result = sql_query("SELECT * FROM ".sql_table('item').\r
1294                         " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
1295                 if (mysql_num_rows($result) > 0) {\r
1296                                 $blog->setFuturePost();\r
1297                 }\r
1298                 else {\r
1299                                 $blog->clearFuturePost();\r
1300                 }\r
1301         }\r
1302 \r
1303         /**\r
1304          * @todo document this\r
1305          */\r
1306         function action_itemmove() {\r
1307                 global $member, $manager;\r
1308 \r
1309                 $itemid = intRequestVar('itemid');\r
1310 \r
1311                 // only allow if user is allowed to alter item\r
1312                 $member->canAlterItem($itemid) or $this->disallow();\r
1313 \r
1314                 $item =& $manager->getItem($itemid,1,1);\r
1315 \r
1316                 $this->pagehead();\r
1317                 ?>\r
1318                         <h2><?php echo _MOVE_TITLE?></h2>\r
1319                         <form method="post" action="index.php"><div>\r
1320                                 <input type="hidden" name="action" value="itemmoveto" />\r
1321                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1322 \r
1323                                 <?php\r
1324 \r
1325                                         $manager->addTicketHidden();\r
1326                                         $this->selectBlogCategory('catid',$item['catid'],10,1);\r
1327                                 ?>\r
1328 \r
1329                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
1330                         </div></form>\r
1331                 <?php\r
1332                 $this->pagefoot();\r
1333         }\r
1334 \r
1335         /**\r
1336          * @todo document this\r
1337          */\r
1338         function action_itemmoveto() {\r
1339                 global $member, $manager;\r
1340 \r
1341                 $itemid = intRequestVar('itemid');\r
1342                 $catid = requestVar('catid');\r
1343 \r
1344                 // create new category if needed\r
1345                 if (strstr($catid,'newcat')) {\r
1346                         // get blogid\r
1347                         list($blogid) = sscanf($catid,'newcat-%d');\r
1348 \r
1349                         // create\r
1350                         $blog =& $manager->getBlog($blogid);\r
1351                         $catid = $blog->createNewCategory();\r
1352 \r
1353                         // show error when sth goes wrong\r
1354                         if (!$catid)\r
1355                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1356                 }\r
1357 \r
1358                 // only allow if user is allowed to alter item\r
1359                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1360 \r
1361                 $old_blogid = getBlogIDFromItemId($itemid);\r
1362 \r
1363                 ITEM::move($itemid, $catid);\r
1364 \r
1365                 // set the futurePosted flag on the blog\r
1366                 $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
1367 \r
1368                 // reset the futurePosted in case the item is moved from one blog to another\r
1369                 $this->updateFuturePosted($old_blogid);\r
1370 \r
1371                 if ($catid != intRequestVar('catid'))\r
1372                         $this->action_categoryedit($catid, $blog->getID());\r
1373                 else\r
1374                         $this->action_itemlist(getBlogIDFromCatID($catid));\r
1375         }\r
1376 \r
1377         /**\r
1378          * Moves one item to a given category (category existance should be checked by caller)\r
1379          * errors are returned\r
1380          * @param int $itemid\r
1381          * @param int $destCatid category ID to which the item will be moved\r
1382          */\r
1383         function moveOneItem($itemid, $destCatid) {\r
1384                 global $member;\r
1385 \r
1386                 // only allow if user is allowed to move item\r
1387                 if (!$member->canUpdateItem($itemid, $destCatid))\r
1388                         return _ERROR_DISALLOWED;\r
1389 \r
1390                 ITEM::move($itemid, $destCatid);\r
1391         }\r
1392 \r
1393         /**\r
1394          * Adds a item to the chosen blog\r
1395          */\r
1396         function action_additem() {\r
1397                 global $member, $manager, $CONF;\r
1398 \r
1399                 $manager->loadClass('ITEM');\r
1400 \r
1401                 $result = ITEM::createFromRequest();\r
1402 \r
1403                 if ($result['status'] == 'error')\r
1404                         $this->error($result['message']);\r
1405 \r
1406                 $blogid = getBlogIDFromItemID($result['itemid']);\r
1407                 $blog =& $manager->getBlog($blogid);\r
1408 \r
1409                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));\r
1410 \r
1411                 if ($result['status'] == 'newcategory')\r
1412                         $this->action_categoryedit(\r
1413                                 $result['catid'],\r
1414                                 $blogid,\r
1415                                 $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : ''\r
1416                         );\r
1417                 elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0)\r
1418                         $this->action_sendping($blogid);\r
1419                 else\r
1420                         $this->action_itemlist($blogid);\r
1421         }\r
1422 \r
1423         /**\r
1424          * Shows a window that says we're about to ping.\r
1425          * immediately refresh to the real pinging page, which will\r
1426          * show an error, or redirect to the blog.\r
1427          *\r
1428          * @param int $blogid ID of blog for which ping needs to be sent out\r
1429          */\r
1430         function action_sendping($blogid = -1) {\r
1431                 global $member, $manager;\r
1432 \r
1433                 if ($blogid == -1)\r
1434                         $blogid = intRequestVar('blogid');\r
1435 \r
1436                 $member->isLoggedIn() or $this->disallow();\r
1437 \r
1438                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));\r
1439 \r
1440                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');\r
1441                 ?>\r
1442                 <h2>Site Updated, Now pinging various weblog listing services...</h2>\r
1443 \r
1444                 <p>\r
1445                         This can take a while...\r
1446                 </p>\r
1447 \r
1448                 <p>\r
1449                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>\r
1450                 </p>\r
1451                 <?php           $this->pagefoot();\r
1452         }\r
1453 \r
1454         /**\r
1455          * Sends the real ping (can take up to 10 seconds!)\r
1456          */\r
1457         function action_rawping() {\r
1458                 global $manager;\r
1459                 // TODO: checks?\r
1460 \r
1461                 $blogid = intRequestVar('blogid');\r
1462                 $blog =& $manager->getBlog($blogid);\r
1463 \r
1464                 $this->pagehead();\r
1465 \r
1466                 ?>\r
1467 \r
1468                 <h2>Pinging services, please wait...</h2>\r
1469                 <div class='note'>\r
1470                 <?php\r
1471 \r
1472                 // send sendPing event\r
1473                 $manager->notify('SendPing', array('blogid' => $blogid));\r
1474 \r
1475                 ?>\r
1476                 </div>\r
1477 \r
1478                 <ul>\r
1479                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>\r
1480                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>\r
1481                 </ul>\r
1482 \r
1483                 <?php           $this->pagefoot();\r
1484         }\r
1485 \r
1486         /**\r
1487          * Allows to edit previously made comments\r
1488          */\r
1489         function action_commentedit() {\r
1490                 global $member, $manager;\r
1491 \r
1492                 $commentid = intRequestVar('commentid');\r
1493 \r
1494                 $member->canAlterComment($commentid) or $this->disallow();\r
1495 \r
1496                 $comment = COMMENT::getComment($commentid);\r
1497 \r
1498                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
1499 \r
1500                 // change <br /> to \n\r
1501                 $comment['body'] = str_replace('<br />','',$comment['body']);\r
1502 \r
1503                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);\r
1504 \r
1505                 $this->pagehead();\r
1506 \r
1507                 ?>\r
1508                 <h2><?php echo _EDITC_TITLE?></h2>\r
1509 \r
1510                 <form action="index.php" method="post"><div>\r
1511 \r
1512                 <input type="hidden" name="action" value="commentupdate" />\r
1513                 <?php $manager->addTicketHidden(); ?>\r
1514                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1515                 <table><tr>\r
1516                         <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
1517                 </tr><tr>\r
1518                         <td><?php echo _EDITC_WHO?></td>\r
1519                         <td>\r
1520                         <?php                           if ($comment['member'])\r
1521                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
1522                                 else\r
1523                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
1524                         ?>\r
1525                         </td>\r
1526                 </tr><tr>\r
1527                         <td><?php echo _EDITC_WHEN?></td>\r
1528                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
1529                 </tr><tr>\r
1530                         <td><?php echo _EDITC_HOST?></td>\r
1531                         <td><?php echo  $comment['host']; ?></td>\r
1532                 </tr><tr>\r
1533                         <td><?php echo _EDITC_TEXT?></td>\r
1534                         <td>\r
1535                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)\r
1536                                         echo $comment['body'];\r
1537                                 ?></textarea>\r
1538                         </td>\r
1539                 </tr><tr>\r
1540                         <td><?php echo _EDITC_EDIT?></td>\r
1541                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
1542                 </tr></table>\r
1543 \r
1544                 </div></form>\r
1545                 <?php\r
1546                 $this->pagefoot();\r
1547         }\r
1548 \r
1549         /**\r
1550          * @todo document this\r
1551          */\r
1552         function action_commentupdate() {\r
1553                 global $member, $manager;\r
1554 \r
1555                 $commentid = intRequestVar('commentid');\r
1556 \r
1557                 $member->canAlterComment($commentid) or $this->disallow();\r
1558 \r
1559                 $body = postVar('body');\r
1560 \r
1561                 // intercept words that are too long\r
1562                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)\r
1563                         $this->error(_ERROR_COMMENT_LONGWORD);\r
1564 \r
1565                 // check length\r
1566                 if (strlen($body)<3)\r
1567                         $this->error(_ERROR_COMMENT_NOCOMMENT);\r
1568                 if (strlen($body)>5000)\r
1569                         $this->error(_ERROR_COMMENT_TOOLONG);\r
1570 \r
1571 \r
1572                 // prepare body\r
1573                 $body = COMMENT::prepareBody($body);\r
1574 \r
1575                 // call plugins\r
1576                 $manager->notify('PreUpdateComment',array('body' => &$body));\r
1577 \r
1578                 $query =  'UPDATE '.sql_table('comment')\r
1579                            . " SET cbody='" .addslashes($body). "'"\r
1580                            . " WHERE cnumber=" . $commentid;\r
1581                 sql_query($query);\r
1582 \r
1583                 // get itemid\r
1584                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
1585                 $o = mysql_fetch_object($res);\r
1586                 $itemid = $o->citem;\r
1587 \r
1588                 if ($member->canAlterItem($itemid))\r
1589                         $this->action_itemcommentlist($itemid);\r
1590                 else\r
1591                         $this->action_browseowncomments();\r
1592 \r
1593         }\r
1594 \r
1595         /**\r
1596          * @todo document this\r
1597          */\r
1598         function action_commentdelete() {\r
1599                 global $member, $manager;\r
1600 \r
1601                 $commentid = intRequestVar('commentid');\r
1602 \r
1603                 $member->canAlterComment($commentid) or $this->disallow();\r
1604 \r
1605                 $comment = COMMENT::getComment($commentid);\r
1606 \r
1607                 $body = strip_tags($comment['body']);\r
1608                 $body = htmlspecialchars(shorten($body, 300, '...'));\r
1609 \r
1610                 if ($comment['member'])\r
1611                         $author = $comment['member'];\r
1612                 else\r
1613                         $author = $comment['user'];\r
1614 \r
1615                 $this->pagehead();\r
1616                 ?>\r
1617 \r
1618                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1619 \r
1620                         <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
1621 \r
1622                         <div class="note">\r
1623                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
1624                         <br />\r
1625                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
1626                         </div>\r
1627 \r
1628                         <form method="post" action="index.php"><div>\r
1629                                 <input type="hidden" name="action" value="commentdeleteconfirm" />\r
1630                                 <?php $manager->addTicketHidden() ?>\r
1631                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1632                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
1633                         </div></form>\r
1634                 <?php\r
1635                 $this->pagefoot();\r
1636         }\r
1637 \r
1638         /**\r
1639          * @todo document this\r
1640          */\r
1641         function action_commentdeleteconfirm() {\r
1642                 global $member;\r
1643 \r
1644                 $commentid = intRequestVar('commentid');\r
1645 \r
1646                 // get item id first\r
1647                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
1648                 $o = mysql_fetch_object($res);\r
1649                 $itemid = $o->citem;\r
1650 \r
1651                 $error = $this->deleteOneComment($commentid);\r
1652                 if ($error)\r
1653                         $this->doError($error);\r
1654 \r
1655                 if ($member->canAlterItem($itemid))\r
1656                         $this->action_itemcommentlist($itemid);\r
1657                 else\r
1658                         $this->action_browseowncomments();\r
1659         }\r
1660 \r
1661         /**\r
1662          * @todo document this\r
1663          */\r
1664         function deleteOneComment($commentid) {\r
1665                 global $member, $manager;\r
1666 \r
1667                 $commentid = intval($commentid);\r
1668 \r
1669                 if (!$member->canAlterComment($commentid))\r
1670                         return _ERROR_DISALLOWED;\r
1671 \r
1672                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
1673 \r
1674                 // delete the comments associated with the item\r
1675                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
1676                 sql_query($query);\r
1677 \r
1678                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
1679 \r
1680                 return '';\r
1681         }\r
1682 \r
1683         /**\r
1684          * Usermanagement main\r
1685          */\r
1686         function action_usermanagement() {\r
1687                 global $member, $manager;\r
1688 \r
1689                 // check if allowed\r
1690                 $member->isAdmin() or $this->disallow();\r
1691 \r
1692                 $this->pagehead();\r
1693 \r
1694                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
1695 \r
1696                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
1697 \r
1698                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
1699 \r
1700                 // show list of members with actions\r
1701                 $query =  'SELECT *'\r
1702                            . ' FROM '.sql_table('member');\r
1703                 $template['content'] = 'memberlist';\r
1704                 $template['tabindex'] = 10;\r
1705 \r
1706                 $manager->loadClass("ENCAPSULATE");\r
1707                 $batch =& new BATCH('member');\r
1708                 $batch->showlist($query,'table',$template);\r
1709 \r
1710                 echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
1711                 ?>\r
1712                         <form method="post" action="index.php" name="memberedit"><div>\r
1713 \r
1714                         <input type="hidden" name="action" value="memberadd" />\r
1715                         <?php $manager->addTicketHidden() ?>\r
1716 \r
1717                         <table>\r
1718                         <tr>\r
1719                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
1720                         </tr><tr>\r
1721                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1722                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1723                                 </td>\r
1724                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>\r
1725                         </tr><tr>\r
1726                                 <td><?php echo _MEMBERS_REALNAME?></td>\r
1727                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
1728                         </tr><tr>\r
1729                                 <td><?php echo _MEMBERS_PWD?></td>\r
1730                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
1731                         </tr><tr>\r
1732                                 <td><?php echo _MEMBERS_REPPWD?></td>\r
1733                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
1734                         </tr><tr>\r
1735                                 <td><?php echo _MEMBERS_EMAIL?></td>\r
1736                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
1737                         </tr><tr>\r
1738                                 <td><?php echo _MEMBERS_URL?></td>\r
1739                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
1740                         </tr><tr>\r
1741                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1742                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
1743                         </tr><tr>\r
1744                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1745                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
1746                         </tr><tr>\r
1747                                 <td><?php echo _MEMBERS_NOTES?></td>\r
1748                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
1749                         </tr><tr>\r
1750                                 <td><?php echo _MEMBERS_NEW?></td>\r
1751                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
1752                         </tr></table>\r
1753 \r
1754                         </div></form>\r
1755                 <?php\r
1756                 $this->pagefoot();\r
1757         }\r
1758 \r
1759         /**\r
1760          * Edit member settings\r
1761          */\r
1762         function action_memberedit() {\r
1763                 $this->action_editmembersettings(intRequestVar('memberid'));\r
1764         }\r
1765 \r
1766         /**\r
1767          * @todo document this\r
1768          */\r
1769         function action_editmembersettings($memberid = '') {\r
1770                 global $member, $manager, $CONF;\r
1771 \r
1772                 if ($memberid == '')\r
1773                         $memberid = $member->getID();\r
1774 \r
1775                 // check if allowed\r
1776                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1777 \r
1778                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
1779                 $this->pagehead($extrahead);\r
1780 \r
1781                 // show message to go back to member overview (only for admins)\r
1782                 if ($member->isAdmin())\r
1783                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
1784                 else\r
1785                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
1786 \r
1787                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
1788 \r
1789                 $mem = MEMBER::createFromID($memberid);\r
1790 \r
1791                 ?>\r
1792                 <form method="post" action="index.php" name="memberedit"><div>\r
1793 \r
1794                 <input type="hidden" name="action" value="changemembersettings" />\r
1795                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
1796                 <?php $manager->addTicketHidden() ?>\r
1797 \r
1798                 <table><tr>\r
1799                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
1800                 </tr><tr>\r
1801                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1802                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1803                         </td>\r
1804                         <td>\r
1805                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1806                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
1807                         <?php } else {\r
1808                                 echo htmlspecialchars($member->getDisplayName());\r
1809                            }\r
1810                         ?>\r
1811                         </td>\r
1812                 </tr><tr>\r
1813                         <td><?php echo _MEMBERS_REALNAME?></td>\r
1814                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
1815                 </tr><tr>\r
1816                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1817                         <td><?php echo _MEMBERS_PWD?></td>\r
1818                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
1819                 </tr><tr>\r
1820                         <td><?php echo _MEMBERS_REPPWD?></td>\r
1821                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
1822                 <?php } ?>\r
1823                 </tr><tr>\r
1824                         <td><?php echo _MEMBERS_EMAIL?>\r
1825                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
1826                         </td>\r
1827                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
1828                 </tr><tr>\r
1829                         <td><?php echo _MEMBERS_URL?></td>\r
1830                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
1831                 <?php // only allow to change this by super-admins\r
1832                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
1833                    if ($member->isAdmin()) {\r
1834                 ?>\r
1835                         </tr><tr>\r
1836                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1837                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
1838                         </tr><tr>\r
1839                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1840                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>\r
1841                 <?php } ?>\r
1842                 </tr><tr>\r
1843                         <td><?php echo _MEMBERS_NOTES?></td>\r
1844                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
1845                 </tr><tr>\r
1846                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
1847                         </td>\r
1848                         <td>\r
1849 \r
1850                                 <select name="deflang" tabindex="85">\r
1851                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
1852                                 <?php                           // show a dropdown list of all available languages\r
1853                                 global $DIR_LANG;\r
1854                                 $dirhandle = opendir($DIR_LANG);\r
1855                                 while ($filename = readdir($dirhandle)) {\r
1856                                         if (ereg("^(.*)\.php$",$filename,$matches)) {\r
1857                                                 $name = $matches[1];\r
1858                                                 echo "<option value='$name'";\r
1859                                                 if ($name == $mem->getLanguage())\r
1860                                                         echo " selected='selected'";\r
1861                                                 echo ">$name</option>";\r
1862                                         }\r
1863                                 }\r
1864                                 closedir($dirhandle);\r
1865 \r
1866                                 ?>\r
1867                                 </select>\r
1868 \r
1869                         </td>\r
1870                 </tr>\r
1871                 <?php\r
1872                         // plugin options\r
1873                         $this->_insertPluginOptions('member',$memberid);\r
1874                 ?>\r
1875                 <tr>\r
1876                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
1877                 </tr><tr>\r
1878                         <td><?php echo _MEMBERS_EDIT?></td>\r
1879                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
1880                 </tr></table>\r
1881 \r
1882                 </div></form>\r
1883 \r
1884                 <?php\r
1885                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
1886 \r
1887                         $manager->notify(\r
1888                                 'MemberSettingsFormExtras',\r
1889                                 array(\r
1890                                         'member' => &$mem\r
1891                                 )\r
1892                         );\r
1893 \r
1894                 $this->pagefoot();\r
1895         }\r
1896 \r
1897         /**\r
1898          * @todo document this\r
1899          */\r
1900         function action_changemembersettings() {\r
1901                 global $member, $CONF, $manager;\r
1902 \r
1903                 $memberid = intRequestVar('memberid');\r
1904 \r
1905                 // check if allowed\r
1906                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1907 \r
1908                 $name                   = trim(strip_tags(postVar('name')));\r
1909                 $realname               = trim(strip_tags(postVar('realname')));\r
1910                 $password               = postVar('password');\r
1911                 $repeatpassword = postVar('repeatpassword');\r
1912                 $email                  = strip_tags(postVar('email'));\r
1913                 $url                    = strip_tags(postVar('url'));\r
1914 \r
1915                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.\r
1916                 if (!eregi("^https?://", $url))\r
1917                         $url = "http://".$url;\r
1918 \r
1919                 $admin                  = postVar('admin');\r
1920                 $canlogin               = postVar('canlogin');\r
1921                 $notes                  = strip_tags(postVar('notes'));\r
1922                 $deflang                = postVar('deflang');\r
1923 \r
1924                 $mem = MEMBER::createFromID($memberid);\r
1925 \r
1926                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1927 \r
1928                         if (!isValidDisplayName($name))\r
1929                                 $this->error(_ERROR_BADNAME);\r
1930 \r
1931                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
1932                                 $this->error(_ERROR_NICKNAMEINUSE);\r
1933 \r
1934                         if ($password != $repeatpassword)\r
1935                                 $this->error(_ERROR_PASSWORDMISMATCH);\r
1936 \r
1937                         if ($password && (strlen($password) < 6))\r
1938                                 $this->error(_ERROR_PASSWORDTOOSHORT);\r
1939                 }\r
1940 \r
1941                 if (!isValidMailAddress($email))\r
1942                         $this->error(_ERROR_BADMAILADDRESS);\r
1943 \r
1944 \r
1945                 if (!$realname)\r
1946                         $this->error(_ERROR_REALNAMEMISSING);\r
1947 \r
1948                 if (($deflang != '') && (!checkLanguage($deflang)))\r
1949                         $this->error(_ERROR_NOSUCHLANGUAGE);\r
1950 \r
1951                 // check if there will remain at least one site member with both the logon and admin rights\r
1952                 // (check occurs when taking away one of these rights from such a member)\r
1953                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
1954                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
1955                    )\r
1956                 {\r
1957                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
1958                         if (mysql_num_rows($r) < 2)\r
1959                                 $this->error(_ERROR_ATLEASTONEADMIN);\r
1960                 }\r
1961 \r
1962                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1963                         $mem->setDisplayName($name);\r
1964                         if ($password)\r
1965                                 $mem->setPassword($password);\r
1966                 }\r
1967 \r
1968                 $oldEmail = $mem->getEmail();\r
1969 \r
1970                 $mem->setRealName($realname);\r
1971                 $mem->setEmail($email);\r
1972                 $mem->setURL($url);\r
1973                 $mem->setNotes($notes);\r
1974                 $mem->setLanguage($deflang);\r
1975 \r
1976 \r
1977                 // only allow super-admins to make changes to the admin status\r
1978                 if ($member->isAdmin()) {\r
1979                         $mem->setAdmin($admin);\r
1980                         $mem->setCanLogin($canlogin);\r
1981                 }\r
1982 \r
1983 \r
1984                 $mem->write();\r
1985 \r
1986                 // store plugin options\r
1987                 $aOptions = requestArray('plugoption');\r
1988                 NucleusPlugin::_applyPluginOptions($aOptions);\r
1989                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
1990 \r
1991                 // if email changed, generate new password\r
1992                 if ($oldEmail != $mem->getEmail())\r
1993                 {\r
1994                         $mem->sendActivationLink('addresschange', $oldEmail);\r
1995                         // logout member\r
1996                         $mem->newCookieKey();\r
1997 \r
1998                         // only log out if the member being edited is the current member.\r
1999                         if ($member->getID() == $memberid)\r
2000                                 $member->logout();\r
2001                         $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
2002                         return;\r
2003                 }\r
2004 \r
2005 \r
2006                 if (  ( $mem->getID() == $member->getID() )\r
2007                    && ( $mem->getDisplayName() != $member->getDisplayName() )\r
2008                    ) {\r
2009                         $mem->newCookieKey();\r
2010                         $member->logout();\r
2011                         $this->action_login(_MSG_LOGINAGAIN, 0);\r
2012                 } else {\r
2013                         $this->action_overview(_MSG_SETTINGSCHANGED);\r
2014                 }\r
2015         }\r
2016 \r
2017         /**\r
2018          * @todo document this\r
2019          */\r
2020         function action_memberadd() {\r
2021                 global $member, $manager;\r
2022 \r
2023                 // check if allowed\r
2024                 $member->isAdmin() or $this->disallow();\r
2025 \r
2026                 if (postVar('password') != postVar('repeatpassword'))\r
2027                         $this->error(_ERROR_PASSWORDMISMATCH);\r
2028                 if (strlen(postVar('password')) < 6)\r
2029                         $this->error(_ERROR_PASSWORDTOOSHORT);\r
2030 \r
2031                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
2032                 if ($res != 1)\r
2033                         $this->error($res);\r
2034 \r
2035                 // fire PostRegister event\r
2036                 $newmem = new MEMBER();\r
2037                 $newmem->readFromName(postVar('name'));\r
2038                 $manager->notify('PostRegister',array('member' => &$newmem));\r
2039 \r
2040                 $this->action_usermanagement();\r
2041         }\r
2042 \r
2043         /**\r
2044          * Account activation\r
2045          *\r
2046          * @author dekarma\r
2047          */\r
2048         function action_activate() {\r
2049 \r
2050                 $key = getVar('key');\r
2051                 $this->_showActivationPage($key);\r
2052         }\r
2053 \r
2054         /**\r
2055          * @todo document this\r
2056          */\r
2057         function _showActivationPage($key, $message = '')\r
2058         {\r
2059                 global $manager;\r
2060 \r
2061                 // clean up old activation keys\r
2062                 MEMBER::cleanupActivationTable();\r
2063 \r
2064                 // get activation info\r
2065                 $info = MEMBER::getActivationInfo($key);\r
2066 \r
2067                 if (!$info)\r
2068                         $this->error(_ERROR_ACTIVATE);\r
2069 \r
2070                 $mem = MEMBER::createFromId($info->vmember);\r
2071 \r
2072                 if (!$mem)\r
2073                         $this->error(_ERROR_ACTIVATE);\r
2074 \r
2075                 $text = '';\r
2076                 $title = '';\r
2077                 $bNeedsPasswordChange = true;\r
2078 \r
2079                 switch ($info->vtype)\r
2080                 {\r
2081                         case 'forgot':\r
2082                                 $title = _ACTIVATE_FORGOT_TITLE;\r
2083                                 $text = _ACTIVATE_FORGOT_TEXT;\r
2084                                 break;\r
2085                         case 'register':\r
2086                                 $title = _ACTIVATE_REGISTER_TITLE;\r
2087                                 $text = _ACTIVATE_REGISTER_TEXT;\r
2088                                 break;\r
2089                         case 'addresschange':\r
2090                                 $title = _ACTIVATE_CHANGE_TITLE;\r
2091                                 $text = _ACTIVATE_CHANGE_TEXT;\r
2092                                 $bNeedsPasswordChange = false;\r
2093                                 MEMBER::activate($key);\r
2094                                 break;\r
2095                 }\r
2096 \r
2097                 $aVars = array(\r
2098                         'memberName' => htmlspecialchars($mem->getDisplayName())\r
2099                 );\r
2100                 $title = TEMPLATE::fill($title, $aVars);\r
2101                 $text = TEMPLATE::fill($text, $aVars);\r
2102 \r
2103                 $this->pagehead();\r
2104 \r
2105                         echo '<h2>' , $title, '</h2>';\r
2106                         echo '<p>' , $text, '</p>';\r
2107 \r
2108                         if ($message != '')\r
2109                         {\r
2110                                 echo '<p class="error">',$message,'</p>';\r
2111                         }\r
2112 \r
2113                         if ($bNeedsPasswordChange)\r
2114                         {\r
2115                                 ?>\r
2116                                         <div><form action="index.php" method="post">\r
2117 \r
2118                                                 <input type="hidden" name="action" value="activatesetpwd" />\r
2119                                                 <?php $manager->addTicketHidden() ?>\r
2120                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
2121 \r
2122                                                 <table><tr>\r
2123                                                         <td><?php echo _MEMBERS_PWD?></td>\r
2124                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
2125                                                 </tr><tr>\r
2126                                                         <td><?php echo _MEMBERS_REPPWD?></td>\r
2127                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
2128                                                 <?php\r
2129 \r
2130                                                         global $manager;\r
2131                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));\r
2132 \r
2133                                                 ?>\r
2134                                                 </tr><tr>\r
2135                                                         <td><?php echo _MEMBERS_SETPWD ?></td>\r
2136                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
2137                                                 </tr></table>\r
2138 \r
2139 \r
2140                                         </form></div>\r
2141 \r
2142                                 <?php\r
2143 \r
2144                         }\r
2145 \r
2146                 $this->pagefoot();\r
2147 \r
2148         }\r
2149 \r
2150         /**\r
2151          * Account activation - set password part\r
2152          *\r
2153          * @author dekarma\r
2154          */\r
2155         function action_activatesetpwd() {\r
2156 \r
2157                 $key = postVar('key');\r
2158 \r
2159                 // clean up old activation keys\r
2160                 MEMBER::cleanupActivationTable();\r
2161 \r
2162                 // get activation info\r
2163                 $info = MEMBER::getActivationInfo($key);\r
2164 \r
2165                 if (!$info || ($info->type == 'addresschange'))\r
2166                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2167 \r
2168                 $mem = MEMBER::createFromId($info->vmember);\r
2169 \r
2170                 if (!$mem)\r
2171                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2172 \r
2173                 $password               = postVar('password');\r
2174                 $repeatpassword = postVar('repeatpassword');\r
2175 \r
2176                 if ($password != $repeatpassword)\r
2177                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
2178 \r
2179                 if ($password && (strlen($password) < 6))\r
2180                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
2181 \r
2182                 $error = '';\r
2183                 global $manager;\r
2184                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
2185                 if ($error != '')\r
2186                         return $this->_showActivationPage($key, $error);\r
2187 \r
2188 \r
2189                 // set password\r
2190                 $mem->setPassword($password);\r
2191                 $mem->write();\r
2192 \r
2193                 // do the activation\r
2194                 MEMBER::activate($key);\r
2195 \r
2196                 $this->pagehead();\r
2197                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
2198                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
2199                 $this->pagefoot();\r
2200         }\r
2201 \r
2202         /**\r
2203          * Manage team\r
2204          */\r
2205         function action_manageteam() {\r
2206                 global $member, $manager;\r
2207 \r
2208                 $blogid = intRequestVar('blogid');\r
2209 \r
2210                 // check if allowed\r
2211                 $member->blogAdminRights($blogid) or $this->disallow();\r
2212 \r
2213                 $this->pagehead();\r
2214 \r
2215                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2216 \r
2217                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
2218 \r
2219                 echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
2220 \r
2221 \r
2222 \r
2223                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
2224                            . ' FROM '.sql_table('member').', '.sql_table('team')\r
2225                            . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
2226 \r
2227                 $template['content'] = 'teamlist';\r
2228                 $template['tabindex'] = 10;\r
2229 \r
2230                 $manager->loadClass("ENCAPSULATE");\r
2231                 $batch =& new BATCH('team');\r
2232                 $batch->showlist($query, 'table', $template);\r
2233 \r
2234                 ?>\r
2235                         <h3><?php echo _TEAM_ADDNEW?></h3>\r
2236 \r
2237                         <form method='post' action='index.php'><div>\r
2238 \r
2239                         <input type='hidden' name='action' value='teamaddmember' />\r
2240                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
2241                         <?php $manager->addTicketHidden() ?>\r
2242 \r
2243                         <table><tr>\r
2244                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
2245                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed\r
2246                                         $query =  'SELECT mname as text, mnumber as value'\r
2247                                                    . ' FROM '.sql_table('member');\r
2248 \r
2249                                         $template['name'] = 'memberid';\r
2250                                         $template['tabindex'] = 10000;\r
2251                                         showlist($query,'select',$template);\r
2252                                 ?></td>\r
2253                         </tr><tr>\r
2254                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
2255                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
2256                         </tr><tr>\r
2257                                 <td><?php echo _TEAM_ADD?></td>\r
2258                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
2259                         </tr></table>\r
2260 \r
2261                         </div></form>\r
2262                 <?php\r
2263                 $this->pagefoot();\r
2264         }\r
2265 \r
2266         /**\r
2267          * Add member to team\r
2268          */\r
2269         function action_teamaddmember() {\r
2270                 global $member, $manager;\r
2271 \r
2272                 $memberid = intPostVar('memberid');\r
2273                 $blogid = intPostVar('blogid');\r
2274                 $admin = intPostVar('admin');\r
2275 \r
2276                 // check if allowed\r
2277                 $member->blogAdminRights($blogid) or $this->disallow();\r
2278 \r
2279                 $blog =& $manager->getBlog($blogid);\r
2280                 if (!$blog->addTeamMember($memberid, $admin))\r
2281                         $this->error(_ERROR_ALREADYONTEAM);\r
2282 \r
2283                 $this->action_manageteam();\r
2284 \r
2285         }\r
2286 \r
2287         /**\r
2288          * @todo document this\r
2289          */\r
2290         function action_teamdelete() {\r
2291                 global $member, $manager;\r
2292 \r
2293                 $memberid = intRequestVar('memberid');\r
2294                 $blogid = intRequestVar('blogid');\r
2295 \r
2296                 // check if allowed\r
2297                 $member->blogAdminRights($blogid) or $this->disallow();\r
2298 \r
2299                 $teammem = MEMBER::createFromID($memberid);\r
2300                 $blog =& $manager->getBlog($blogid);\r
2301 \r
2302                 $this->pagehead();\r
2303                 ?>\r
2304                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2305 \r
2306                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
2307                         </p>\r
2308 \r
2309 \r
2310                         <form method="post" action="index.php"><div>\r
2311                         <input type="hidden" name="action" value="teamdeleteconfirm" />\r
2312                         <?php $manager->addTicketHidden() ?>\r
2313                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
2314                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2315                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2316                         </div></form>\r
2317                 <?php\r
2318                 $this->pagefoot();\r
2319         }\r
2320 \r
2321         /**\r
2322          * @todo document this\r
2323          */\r
2324         function action_teamdeleteconfirm() {\r
2325                 global $member;\r
2326 \r
2327                 $memberid = intRequestVar('memberid');\r
2328                 $blogid = intRequestVar('blogid');\r
2329 \r
2330                 $error = $this->deleteOneTeamMember($blogid, $memberid);\r
2331                 if ($error)\r
2332                         $this->error($error);\r
2333 \r
2334 \r
2335                 $this->action_manageteam();\r
2336         }\r
2337 \r
2338         /**\r
2339          * @todo document this\r
2340          */\r
2341         function deleteOneTeamMember($blogid, $memberid) {\r
2342                 global $member, $manager;\r
2343 \r
2344                 $blogid = intval($blogid);\r
2345                 $memberid = intval($memberid);\r
2346 \r
2347                 // check if allowed\r
2348                 if (!$member->blogAdminRights($blogid))\r
2349                         return _ERROR_DISALLOWED;\r
2350 \r
2351                 // check if: - there remains at least one blog admin\r
2352                 //           - (there remains at least one team member)\r
2353                 $mem = MEMBER::createFromID($memberid);\r
2354 \r
2355                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
2356 \r
2357                 if ($mem->isBlogAdmin($blogid)) {\r
2358                         // check if there are more blog members left and at least one admin\r
2359                         // (check for at least two admins before deletion)\r
2360                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
2361                         $r = sql_query($query);\r
2362                         if (mysql_num_rows($r) < 2)\r
2363                                 return _ERROR_ATLEASTONEBLOGADMIN;\r
2364                 }\r
2365 \r
2366                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
2367                 sql_query($query);\r
2368 \r
2369                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
2370 \r
2371                 return '';\r
2372         }\r
2373 \r
2374         /**\r
2375          * @todo document this\r
2376          */\r
2377         function action_teamchangeadmin() {\r
2378                 global $member;\r
2379 \r
2380                 $blogid = intRequestVar('blogid');\r
2381                 $memberid = intRequestVar('memberid');\r
2382 \r
2383                 // check if allowed\r
2384                 $member->blogAdminRights($blogid) or $this->disallow();\r
2385 \r
2386                 $mem = MEMBER::createFromID($memberid);\r
2387 \r
2388                 // don't allow when there is only one admin at this moment\r
2389                 if ($mem->isBlogAdmin($blogid)) {\r
2390                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
2391                         if (mysql_num_rows($r) == 1)\r
2392                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
2393                 }\r
2394 \r
2395                 if ($mem->isBlogAdmin($blogid))\r
2396                         $newval = 0;\r
2397                 else\r
2398                         $newval = 1;\r
2399 \r
2400                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
2401                 sql_query($query);\r
2402 \r
2403                 // only show manageteam if member did not change its own admin privileges\r
2404                 if ($member->isBlogAdmin($blogid))\r
2405                         $this->action_manageteam();\r
2406                 else\r
2407                         $this->action_overview(_MSG_ADMINCHANGED);\r
2408         }\r
2409 \r
2410         /**\r
2411          * @todo document this\r
2412          */\r
2413         function action_blogsettings() {\r
2414                 global $member, $manager;\r
2415 \r
2416                 $blogid = intRequestVar('blogid');\r
2417 \r
2418                 // check if allowed\r
2419                 $member->blogAdminRights($blogid) or $this->disallow();\r
2420 \r
2421                 $blog =& $manager->getBlog($blogid);\r
2422 \r
2423                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2424                 $this->pagehead($extrahead);\r
2425 \r
2426                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
2427                 ?>\r
2428                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
2429 \r
2430                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
2431 \r
2432                 <p>Members currently on your team:\r
2433                 <?php\r
2434                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
2435                         $aMemberNames = array();\r
2436                         while ($o = mysql_fetch_object($res))\r
2437                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
2438                         echo implode(',', $aMemberNames);\r
2439                 ?>\r
2440                 </p>\r
2441 \r
2442 \r
2443 \r
2444                 <p>\r
2445                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
2446                 </p>\r
2447 \r
2448                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
2449 \r
2450                 <form method="post" action="index.php"><div>\r
2451 \r
2452                 <input type="hidden" name="action" value="blogsettingsupdate" />\r
2453                 <?php $manager->addTicketHidden() ?>\r
2454                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2455                 <table><tr>\r
2456                         <td><?php echo _EBLOG_NAME?></td>\r
2457                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
2458                 </tr><tr>\r
2459                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
2460                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
2461                         </td>\r
2462                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
2463                 </tr><tr>\r
2464                         <td><?php echo _EBLOG_DESC?></td>\r
2465                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
2466                 </tr><tr>\r
2467                         <td><?php echo _EBLOG_URL?></td>\r
2468                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
2469                 </tr><tr>\r
2470                         <td><?php echo _EBLOG_DEFSKIN?>\r
2471                                 <?php help('blogdefaultskin'); ?>\r
2472                         </td>\r
2473                         <td>\r
2474                                 <?php\r
2475                                         $query =  'SELECT sdname as text, sdnumber as value'\r
2476                                                    . ' FROM '.sql_table('skin_desc');\r
2477                                         $template['name'] = 'defskin';\r
2478                                         $template['selected'] = $blog->getDefaultSkin();\r
2479                                         $template['tabindex'] = 50;\r
2480                                         showlist($query,'select',$template);\r
2481                                 ?>\r
2482 \r
2483                         </td>\r
2484                 </tr><tr>\r
2485                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
2486                         </td>\r
2487                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
2488                 </tr><tr>\r
2489                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
2490                         </td>\r
2491                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
2492                 </tr><tr>\r
2493                         <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
2494                         </td>\r
2495                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
2496                 </tr><tr>\r
2497                         <td><?php echo _EBLOG_ANONYMOUS?>\r
2498                         </td>\r
2499                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
2500                 </tr><tr>\r
2501         <td><?php echo _EBLOG_REQUIREDEMAIL?>\r
2502                  </td>\r
2503                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>\r
2504           </tr><tr>\r
2505                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
2506                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
2507                 </tr><tr>\r
2508                         <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
2509                         <td>\r
2510                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
2511                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
2512                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
2513                                 <br />\r
2514                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
2515                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
2516                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
2517                                 <br />\r
2518                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
2519                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
2520                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
2521                         </td>\r
2522                 </tr><tr>\r
2523                 <?php\r
2524                 if (numberOfEventSubscriber('SendPing') > 0) {\r
2525                 ?>\r
2526                         <td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td>\r
2527                         <td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td>\r
2528                 </tr><tr>\r
2529                 <?php\r
2530                 }\r
2531                 ?>\r
2532                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
2533                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
2534                 </tr><tr>\r
2535                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
2536                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
2537                 </tr><tr>\r
2538                         <td><?php echo _EBLOG_DEFCAT?></td>\r
2539                         <td>\r
2540                                 <?php\r
2541                                         $query =  'SELECT cname as text, catid as value'\r
2542                                                    . ' FROM '.sql_table('category')\r
2543                                                    . ' WHERE cblog=' . $blog->getID();\r
2544                                         $template['name'] = 'defcat';\r
2545                                         $template['selected'] = $blog->getDefaultCategory();\r
2546                                         $template['tabindex'] = 110;\r
2547                                         showlist($query,'select',$template);\r
2548                                 ?>\r
2549                         </td>\r
2550                 </tr><tr>\r
2551                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
2552                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
2553                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
2554                                 </td>\r
2555                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
2556                 </tr><tr>\r
2557                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
2558                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
2559                 </tr>\r
2560                 <?php\r
2561                         // plugin options\r
2562                         $this->_insertPluginOptions('blog',$blogid);\r
2563                 ?>\r
2564                 <tr>\r
2565                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
2566                 </tr><tr>\r
2567                         <td><?php echo _EBLOG_CHANGE?></td>\r
2568                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
2569                 </tr></table>\r
2570 \r
2571                 </div></form>\r
2572 \r
2573                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
2574 \r
2575 \r
2576                 <?php\r
2577                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
2578                 $template['content'] = 'categorylist';\r
2579                 $template['tabindex'] = 200;\r
2580 \r
2581                 $manager->loadClass("ENCAPSULATE");\r
2582                 $batch =& new BATCH('category');\r
2583                 $batch->showlist($query,'table',$template);\r
2584 \r
2585                 ?>\r
2586 \r
2587 \r
2588                 <form action="index.php" method="post"><div>\r
2589                 <input name="action" value="categorynew" type="hidden" />\r
2590                 <?php $manager->addTicketHidden() ?>\r
2591                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
2592 \r
2593                 <table><tr>\r
2594                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
2595                 </tr><tr>\r
2596                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2597                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
2598                 </tr><tr>\r
2599                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2600                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
2601                 </tr><tr>\r
2602                         <td><?php echo _EBLOG_CAT_CREATE?></td>\r
2603                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
2604                 </tr></table>\r
2605 \r
2606                 </div></form>\r
2607 \r
2608                 <?php\r
2609 \r
2610                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
2611 \r
2612                         $manager->notify(\r
2613                                 'BlogSettingsFormExtras',\r
2614                                 array(\r
2615                                         'blog' => &$blog\r
2616                                 )\r
2617                         );\r
2618 \r
2619                 $this->pagefoot();\r
2620         }\r
2621 \r
2622         /**\r
2623          * @todo document this\r
2624          */\r
2625         function action_categorynew() {\r
2626                 global $member, $manager;\r
2627 \r
2628                 $blogid = intRequestVar('blogid');\r
2629 \r
2630                 $member->blogAdminRights($blogid) or $this->disallow();\r
2631 \r
2632                 $cname = postVar('cname');\r
2633                 $cdesc = postVar('cdesc');\r
2634 \r
2635                 if (!isValidCategoryName($cname))\r
2636                         $this->error(_ERROR_BADCATEGORYNAME);\r
2637 \r
2638                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);\r
2639                 $res = sql_query($query);\r
2640                 if (mysql_num_rows($res) > 0)\r
2641                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2642 \r
2643                 $blog           =& $manager->getBlog($blogid);\r
2644                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);\r
2645 \r
2646                 $this->action_blogsettings();\r
2647         }\r
2648 \r
2649         /**\r
2650          * @todo document this\r
2651          */\r
2652         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
2653                 global $member, $manager;\r
2654 \r
2655                 if ($blogid == '')\r
2656                         $blogid = intGetVar('blogid');\r
2657                 else\r
2658                         $blogid = intval($blogid);\r
2659                 if ($catid == '')\r
2660                         $catid = intGetVar('catid');\r
2661                 else\r
2662                         $catid = intval($catid);\r
2663 \r
2664                 $member->blogAdminRights($blogid) or $this->disallow();\r
2665 \r
2666                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
2667                 $obj = mysql_fetch_object($res);\r
2668 \r
2669                 $cname = $obj->cname;\r
2670                 $cdesc = $obj->cdesc;\r
2671 \r
2672                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2673                 $this->pagehead($extrahead);\r
2674 \r
2675                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2676 \r
2677                 ?>\r
2678                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
2679                 <form method='post' action='index.php'><div>\r
2680                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
2681                 <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
2682                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
2683                 <input name="action" type="hidden" value="categoryupdate" />\r
2684                 <?php $manager->addTicketHidden(); ?>\r
2685 \r
2686                 <table><tr>\r
2687                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2688                 </tr><tr>\r
2689                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2690                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
2691                 </tr><tr>\r
2692                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2693                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
2694                 </tr>\r
2695                 <?php\r
2696                         // insert plugin options\r
2697                         $this->_insertPluginOptions('category',$catid);\r
2698                 ?>\r
2699                 <tr>\r
2700                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2701                 </tr><tr>\r
2702                         <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
2703                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
2704                 </tr></table>\r
2705 \r
2706                 </div></form>\r
2707                 <?php\r
2708                 $this->pagefoot();\r
2709         }\r
2710 \r
2711         /**\r
2712          * @todo document this\r
2713          */\r
2714         function action_categoryupdate() {\r
2715                 global $member, $manager;\r
2716 \r
2717                 $blogid = intPostVar('blogid');\r
2718                 $catid = intPostVar('catid');\r
2719                 $cname = postVar('cname');\r
2720                 $cdesc = postVar('cdesc');\r
2721                 $desturl = postVar('desturl');\r
2722 \r
2723                 $member->blogAdminRights($blogid) or $this->disallow();\r
2724 \r
2725                 if (!isValidCategoryName($cname))\r
2726                         $this->error(_ERROR_BADCATEGORYNAME);\r
2727 \r
2728                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
2729                 $res = sql_query($query);\r
2730                 if (mysql_num_rows($res) > 0)\r
2731                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2732 \r
2733                 $query =  'UPDATE '.sql_table('category').' SET'\r
2734                            . " cname='" . addslashes($cname) . "',"\r
2735                            . " cdesc='" . addslashes($cdesc) . "'"\r
2736                            . " WHERE catid=" . $catid;\r
2737 \r
2738                 sql_query($query);\r
2739 \r
2740                 // store plugin options\r
2741                 $aOptions = requestArray('plugoption');\r
2742                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2743                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));\r
2744 \r
2745 \r
2746                 if ($desturl) {\r
2747                         redirect($desturl);\r
2748                         exit;\r
2749                 } else {\r
2750                         $this->action_blogsettings();\r
2751                 }\r
2752         }\r
2753 \r
2754         /**\r
2755          * @todo document this\r
2756          */\r
2757         function action_categorydelete() {\r
2758                 global $member, $manager;\r
2759 \r
2760                 $blogid = intRequestVar('blogid');\r
2761                 $catid = intRequestVar('catid');\r
2762 \r
2763                 $member->blogAdminRights($blogid) or $this->disallow();\r
2764 \r
2765                 $blog =& $manager->getBlog($blogid);\r
2766 \r
2767                 // check if the category is valid\r
2768                 if (!$blog->isValidCategory($catid))\r
2769                         $this->error(_ERROR_NOSUCHCATEGORY);\r
2770 \r
2771                 // don't allow deletion of default category\r
2772                 if ($blog->getDefaultCategory() == $catid)\r
2773                         $this->error(_ERROR_DELETEDEFCATEGORY);\r
2774 \r
2775                 // check if catid is the only category left for blogid\r
2776                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2777                 $res = sql_query($query);\r
2778                 if (mysql_num_rows($res) == 1)\r
2779                         $this->error(_ERROR_DELETELASTCATEGORY);\r
2780 \r
2781 \r
2782                 $this->pagehead();\r
2783                 ?>\r
2784                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2785 \r
2786                         <div>\r
2787                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>\r
2788                         </div>\r
2789 \r
2790                         <form method="post" action="index.php"><div>\r
2791                         <input type="hidden" name="action" value="categorydeleteconfirm" />\r
2792                         <?php $manager->addTicketHidden() ?>\r
2793                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
2794                         <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
2795                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2796                         </div></form>\r
2797                 <?php\r
2798                 $this->pagefoot();\r
2799         }\r
2800 \r
2801         /**\r
2802          * @todo document this\r
2803          */\r
2804         function action_categorydeleteconfirm() {\r
2805                 global $member, $manager;\r
2806 \r
2807                 $blogid = intRequestVar('blogid');\r
2808                 $catid = intRequestVar('catid');\r
2809 \r
2810                 $member->blogAdminRights($blogid) or $this->disallow();\r
2811 \r
2812                 $error = $this->deleteOneCategory($catid);\r
2813                 if ($error)\r
2814                         $this->error($error);\r
2815 \r
2816                 $this->action_blogsettings();\r
2817         }\r
2818 \r
2819         /**\r
2820          * @todo document this\r
2821          */\r
2822         function deleteOneCategory($catid) {\r
2823                 global $manager, $member;\r
2824 \r
2825                 $catid = intval($catid);\r
2826 \r
2827                 $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
2828 \r
2829                 $blogid = getBlogIDFromCatID($catid);\r
2830 \r
2831                 if (!$member->blogAdminRights($blogid))\r
2832                         return ERROR_DISALLOWED;\r
2833 \r
2834                 // get blog\r
2835                 $blog =& $manager->getBlog($blogid);\r
2836 \r
2837                 // check if the category is valid\r
2838                 if (!$blog || !$blog->isValidCategory($catid))\r
2839                         return _ERROR_NOSUCHCATEGORY;\r
2840 \r
2841                 $destcatid = $blog->getDefaultCategory();\r
2842 \r
2843                 // don't allow deletion of default category\r
2844                 if ($blog->getDefaultCategory() == $catid)\r
2845                         return _ERROR_DELETEDEFCATEGORY;\r
2846 \r
2847                 // check if catid is the only category left for blogid\r
2848                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2849                 $res = sql_query($query);\r
2850                 if (mysql_num_rows($res) == 1)\r
2851                         return _ERROR_DELETELASTCATEGORY;\r
2852 \r
2853                 // change category for all items to the default category\r
2854                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
2855                 sql_query($query);\r
2856 \r
2857                 // delete all associated plugin options\r
2858                 NucleusPlugin::_deleteOptionValues('category', $catid);\r
2859 \r
2860                 // delete category\r
2861                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
2862                 sql_query($query);\r
2863 \r
2864                 $manager->notify('PostDeleteCategory', array('catid' => $catid));\r
2865 \r
2866         }\r
2867 \r
2868         /**\r
2869          * @todo document this\r
2870          */\r
2871         function moveOneCategory($catid, $destblogid) {\r
2872                 global $manager, $member;\r
2873 \r
2874                 $catid = intval($catid);\r
2875                 $destblogid = intval($destblogid);\r
2876 \r
2877                 $blogid = getBlogIDFromCatID($catid);\r
2878 \r
2879                 // mover should have admin rights on both blogs\r
2880                 if (!$member->blogAdminRights($blogid))\r
2881                         return _ERROR_DISALLOWED;\r
2882                 if (!$member->blogAdminRights($destblogid))\r
2883                         return _ERROR_DISALLOWED;\r
2884 \r
2885                 // cannot move to self\r
2886                 if ($blogid == $destblogid)\r