OSDN Git Service

replaced postVar to intPostVar to fix security issue
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php
2 /*
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4  * Copyright (C) 2002-2007 The Nucleus Group
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2
9  * of the License, or (at your option) any later version.
10  * (see nucleus/documentation/index.html#license for more info)
11  */
12 /**
13  * The code for the Nucleus admin area
14  *
15  * @license http://nucleuscms.org/license.txt GNU General Public License
16  * @copyright Copyright (C) 2002-2007 The Nucleus Group
17  * @version $Id: ADMIN.php,v 1.21 2007-04-27 19:05:53 kimitake Exp $
18  * @version $NucleusJP: ADMIN.php,v 1.20 2007/03/22 03:30:14 kmorimatsu Exp $
19  */
20
21 if ( !function_exists('requestVar') ) exit;
22 require_once dirname(__FILE__) . '/showlist.php';
23
24 /**
25  * Builds the admin area and executes admin actions
26  */
27 class ADMIN {
28
29         /**
30          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)
31          */
32         var $action;
33
34         /**
35          * Class constructor
36          */
37         function ADMIN() {
38
39         }
40
41         /**
42          * Executes an action
43          *
44          * @param string $action action to be performed
45          */
46         function action($action) {
47                 global $CONF, $manager;
48
49                 // list of action aliases
50                 $alias = array(
51                         'login' => 'overview',
52                         '' => 'overview'
53                 );
54
55                 if (isset($alias[$action]))
56                         $action = $alias[$action];
57
58                 $methodName = 'action_' . $action;
59
60                 $this->action = strtolower($action);
61
62                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
63                 // is an action that requires user interaction before something is actually done)
64                 // all safe actions are in this array:
65                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');
66 /*
67                 // the rest of the actions needs to be checked
68                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
69 */
70                 if (!in_array($this->action, $aActionsNotToCheck))
71                 {
72                         if (!$manager->checkTicket())
73                                 $this->error(_ERROR_BADTICKET);
74                 }
75
76                 if (method_exists($this, $methodName))
77                         call_user_func(array(&$this, $methodName));
78                 else
79                         $this->error(_BADACTION . htmlspecialchars(" ($action)"));
80
81         }
82
83         /**
84          * @todo document this
85          */
86         function action_showlogin() {
87                 global $error;
88                 $this->action_login($error);
89         }
90
91         /**
92          * @todo document this
93          */
94         function action_login($msg = '', $passvars = 1) {
95                 global $member;
96
97                 // skip to overview when allowed
98                 if ($member->isLoggedIn() && $member->canLogin()) {
99                         $this->action_overview();
100                         exit;
101                 }
102
103                 $this->pagehead();
104
105                 echo '<h2>', _LOGIN ,'</h2>';
106                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);
107                 ?>
108
109                 <form action="index.php" method="post"><p>
110                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />
111                 <br />
112                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />
113                 <br />
114                 <input name="action" value="login" type="hidden" />
115                 <br />
116                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />
117                 <br />
118                 <small>
119                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>
120                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>
121                 </small>
122                 <?php                   // pass through vars
123
124                         $oldaction = postVar('oldaction');
125                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {
126                                 passRequestVars();
127                         }
128
129
130                 ?>
131                 </p></form>
132                 <?php           $this->pagefoot();
133         }
134
135
136         /**
137          * provides a screen with the overview of the actions available
138          * @todo document parameter
139          */
140         function action_overview($msg = '') {
141                 global $member;
142
143                 $this->pagehead();
144
145                 if ($msg)
146                         echo _MESSAGE , ': ', $msg;
147
148                 /* ---- add items ---- */
149                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';
150
151                 $showAll = requestVar('showall');
152
153                 if (($member->isAdmin()) && ($showAll == 'yes')) {
154                         // Super-Admins have access to all blogs! (no add item support though)
155                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'
156                                    . ' FROM ' . sql_table('blog')
157                                    . ' ORDER BY bname';
158                 } else {
159                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'
160                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
161                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()
162                                    . ' ORDER BY bname';
163                 }
164                 $template['content'] = 'bloglist';
165                 $template['superadmin'] = $member->isAdmin();
166                 $amount = showlist($query,'table',$template);
167
168                 if (($showAll != 'yes') && ($member->isAdmin())) {
169                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));
170                         if ($total > $amount)
171                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';
172                 }
173
174                 if ($amount == 0)
175                         echo _OVERVIEW_NOBLOGS;
176
177                 if ($amount != 0) {
178                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';
179                         $query =  'SELECT ititle, inumber, bshortname'
180                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')
181                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';
182                         $template['content'] = 'draftlist';
183                         $amountdrafts = showlist($query, 'table', $template);
184                         if ($amountdrafts == 0)
185                                 echo _OVERVIEW_NODRAFTS;
186                 }
187
188                 /* ---- user settings ---- */
189                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';
190                 echo '<ul>';
191                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';
192                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';
193                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';
194                 echo '</ul>';
195
196                 /* ---- general settings ---- */
197                 if ($member->isAdmin()) {
198                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';
199                         echo '<ul>';
200                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';
201                         echo '</ul>';
202                 }
203
204
205                 $this->pagefoot();
206         }
207
208         /**
209          * Returns a link to a weblog
210          * @param object BLOG
211          */
212         function bloglink(&$blog) {
213                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';
214         }
215
216         /**
217          * @todo document this
218          */
219         function action_manage($msg = '') {
220                 global $member;
221
222                 $member->isAdmin() or $this->disallow();
223
224                 $this->pagehead();
225
226                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
227
228                 if ($msg)
229                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';
230
231
232                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';
233
234                 echo '<ul>';
235                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';
236                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';
237                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';
238                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';
239                 echo '</ul>';
240
241                 echo '<h2>' . _MANAGE_SKINS . '</h2>';
242                 echo '<ul>';
243                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';
244                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';
245                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';
246                 echo '</ul>';
247
248                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';
249                 echo '<ul>';
250                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';
251                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';
252                 echo '</ul>';
253
254                 $this->pagefoot();
255         }
256
257         /**
258          * @todo document this
259          */
260         function action_itemlist($blogid = '') {
261                 global $member, $manager;
262
263                 if ($blogid == '')
264                         $blogid = intRequestVar('blogid');
265
266                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
267
268                 $this->pagehead();
269                 $blog =& $manager->getBlog($blogid);
270
271                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
272                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';
273
274                 // start index
275                 if (postVar('start'))
276                         $start = intPostVar('start');
277                 else
278                         $start = 0;
279
280                 if ($start == 0)
281                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';
282
283                 // amount of items to show
284                 if (postVar('amount'))
285                         $amount = intPostVar('amount');
286                 else
287                         $amount = 10;
288
289                 $search = postVar('search');    // search through items
290
291                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
292                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
293                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
294
295                 if ($search)
296                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
297
298                 // non-blog-admins can only edit/delete their own items
299                 if (!$member->blogAdminRights($blogid))
300                         $query .= ' and iauthor=' . $member->getID();
301
302
303                 $query .= ' ORDER BY itime DESC'
304                                 . " LIMIT $start,$amount";
305
306                 $template['content'] = 'itemlist';
307                 $template['now'] = $blog->getCorrectTime(time());
308
309                 $manager->loadClass("ENCAPSULATE");
310                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
311                 $navList->showBatchList('item',$query,'table',$template);
312
313
314                 $this->pagefoot();
315         }
316
317         /**
318          * @todo document this
319          */
320         function action_batchitem() {
321                 global $member, $manager;
322
323                 // check if logged in
324                 $member->isLoggedIn() or $this->disallow();
325
326                 // more precise check will be done for each performed operation
327
328                 // get array of itemids from request
329                 $selected = requestIntArray('batch');
330                 $action = requestVar('batchaction');
331
332                 // Show error when no items were selected
333                 if (!is_array($selected) || sizeof($selected) == 0)
334                         $this->error(_BATCH_NOSELECTION);
335
336                 // On move: when no destination blog/category chosen, show choice now
337                 $destCatid = intRequestVar('destcatid');
338                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))
339                         $this->batchMoveSelectDestination('item',$selected);
340
341                 // On delete: check if confirmation has been given
342                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
343                         $this->batchAskDeleteConfirmation('item',$selected);
344
345                 $this->pagehead();
346
347                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
348                 echo '<h2>',_BATCH_ITEMS,'</h2>';
349                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
350                 echo '<ul>';
351
352
353                 // walk over all itemids and perform action
354                 foreach ($selected as $itemid) {
355                         $itemid = intval($itemid);
356                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';
357
358                         // perform action, display errors if needed
359                         switch($action) {
360                                 case 'delete':
361                                         $error = $this->deleteOneItem($itemid);
362                                         break;
363                                 case 'move':
364                                         $error = $this->moveOneItem($itemid, $destCatid);
365                                         break;
366                                 default:
367                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
368                         }
369
370                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
371                         echo '</li>';
372                 }
373
374                 echo '</ul>';
375                 echo '<b>',_BATCH_DONE,'</b>';
376
377                 $this->pagefoot();
378
379
380         }
381
382         /**
383          * @todo document this
384          */
385         function action_batchcomment() {
386                 global $member;
387
388                 // check if logged in
389                 $member->isLoggedIn() or $this->disallow();
390
391                 // more precise check will be done for each performed operation
392
393                 // get array of itemids from request
394                 $selected = requestIntArray('batch');
395                 $action = requestVar('batchaction');
396
397                 // Show error when no items were selected
398                 if (!is_array($selected) || sizeof($selected) == 0)
399                         $this->error(_BATCH_NOSELECTION);
400
401                 // On delete: check if confirmation has been given
402                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
403                         $this->batchAskDeleteConfirmation('comment',$selected);
404
405                 $this->pagehead();
406
407                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
408                 echo '<h2>',_BATCH_COMMENTS,'</h2>';
409                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
410                 echo '<ul>';
411
412                 // walk over all itemids and perform action
413                 foreach ($selected as $commentid) {
414                         $commentid = intval($commentid);
415                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';
416
417                         // perform action, display errors if needed
418                         switch($action) {
419                                 case 'delete':
420                                         $error = $this->deleteOneComment($commentid);
421                                         break;
422                                 default:
423                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
424                         }
425
426                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
427                         echo '</li>';
428                 }
429
430                 echo '</ul>';
431                 echo '<b>',_BATCH_DONE,'</b>';
432
433                 $this->pagefoot();
434
435
436         }
437
438         /**
439          * @todo document this
440          */
441         function action_batchmember() {
442                 global $member;
443
444                 // check if logged in and admin
445                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
446
447                 // get array of itemids from request
448                 $selected = requestIntArray('batch');
449                 $action = requestVar('batchaction');
450
451                 // Show error when no members selected
452                 if (!is_array($selected) || sizeof($selected) == 0)
453                         $this->error(_BATCH_NOSELECTION);
454
455                 // On delete: check if confirmation has been given
456                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
457                         $this->batchAskDeleteConfirmation('member',$selected);
458
459                 $this->pagehead();
460
461                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';
462                 echo '<h2>',_BATCH_MEMBERS,'</h2>';
463                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
464                 echo '<ul>';
465
466                 // walk over all itemids and perform action
467                 foreach ($selected as $memberid) {
468                         $memberid = intval($memberid);
469                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';
470
471                         // perform action, display errors if needed
472                         switch($action) {
473                                 case 'delete':
474                                         $error = $this->deleteOneMember($memberid);
475                                         break;
476                                 case 'setadmin':
477                                         // always succeeds
478                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
479                                         $error = '';
480                                         break;
481                                 case 'unsetadmin':
482                                         // there should always remain at least one super-admin
483                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
484                                         if (mysql_num_rows($r) < 2)
485                                                 $error = _ERROR_ATLEASTONEADMIN;
486                                         else
487                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
488                                         break;
489                                 default:
490                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
491                         }
492
493                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
494                         echo '</li>';
495                 }
496
497                 echo '</ul>';
498                 echo '<b>',_BATCH_DONE,'</b>';
499
500                 $this->pagefoot();
501
502
503         }
504
505         /**
506          * @todo document this
507          */
508         function action_batchteam() {
509                 global $member;
510
511                 $blogid = intRequestVar('blogid');
512
513                 // check if logged in and admin
514                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
515
516                 // get array of itemids from request
517                 $selected = requestIntArray('batch');
518                 $action = requestVar('batchaction');
519
520                 // Show error when no members selected
521                 if (!is_array($selected) || sizeof($selected) == 0)
522                         $this->error(_BATCH_NOSELECTION);
523
524                 // On delete: check if confirmation has been given
525                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
526                         $this->batchAskDeleteConfirmation('team',$selected);
527
528                 $this->pagehead();
529
530                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';
531
532                 echo '<h2>',_BATCH_TEAM,'</h2>';
533                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
534                 echo '<ul>';
535
536                 // walk over all itemids and perform action
537                 foreach ($selected as $memberid) {
538                         $memberid = intval($memberid);
539                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';
540
541                         // perform action, display errors if needed
542                         switch($action) {
543                                 case 'delete':
544                                         $error = $this->deleteOneTeamMember($blogid, $memberid);
545                                         break;
546                                 case 'setadmin':
547                                         // always succeeds
548                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
549                                         $error = '';
550                                         break;
551                                 case 'unsetadmin':
552                                         // there should always remain at least one admin
553                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
554                                         if (mysql_num_rows($r) < 2)
555                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;
556                                         else
557                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
558                                         break;
559                                 default:
560                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
561                         }
562
563                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
564                         echo '</li>';
565                 }
566
567                 echo '</ul>';
568                 echo '<b>',_BATCH_DONE,'</b>';
569
570                 $this->pagefoot();
571
572
573         }
574
575         /**
576          * @todo document this
577          */
578         function action_batchcategory() {
579                 global $member, $manager;
580
581                 // check if logged in
582                 $member->isLoggedIn() or $this->disallow();
583
584                 // more precise check will be done for each performed operation
585
586                 // get array of itemids from request
587                 $selected = requestIntArray('batch');
588                 $action = requestVar('batchaction');
589
590                 // Show error when no items were selected
591                 if (!is_array($selected) || sizeof($selected) == 0)
592                         $this->error(_BATCH_NOSELECTION);
593
594                 // On move: when no destination blog chosen, show choice now
595                 $destBlogId = intRequestVar('destblogid');
596                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
597                         $this->batchMoveCategorySelectDestination('category',$selected);
598
599                 // On delete: check if confirmation has been given
600                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
601                         $this->batchAskDeleteConfirmation('category',$selected);
602
603                 $this->pagehead();
604
605                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
606                 echo '<h2>',BATCH_CATEGORIES,'</h2>';
607                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
608                 echo '<ul>';
609
610                 // walk over all itemids and perform action
611                 foreach ($selected as $catid) {
612                         $catid = intval($catid);
613                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';
614
615                         // perform action, display errors if needed
616                         switch($action) {
617                                 case 'delete':
618                                         $error = $this->deleteOneCategory($catid);
619                                         break;
620                                 case 'move':
621                                         $error = $this->moveOneCategory($catid, $destBlogId);
622                                         break;
623                                 default:
624                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);
625                         }
626
627                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
628                         echo '</li>';
629                 }
630
631                 echo '</ul>';
632                 echo '<b>',_BATCH_DONE,'</b>';
633
634                 $this->pagefoot();
635
636         }
637
638         /**
639          * @todo document this
640          */
641         function batchMoveSelectDestination($type, $ids) {
642                 global $manager;
643                 $this->pagehead();
644                 ?>
645                 <h2><?php echo _MOVE_TITLE?></h2>
646                 <form method="post" action="index.php"><div>
647
648                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
649                         <input type="hidden" name="batchaction" value="move" />
650                         <?php
651                                 $manager->addTicketHidden();
652
653                                 // insert selected item numbers
654                                 $idx = 0;
655                                 foreach ($ids as $id)
656                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
657
658                                 // show blog/category selection list
659                                 $this->selectBlogCategory('destcatid');
660
661                         ?>
662
663
664                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />
665
666                 </div></form>
667                 <?php           $this->pagefoot();
668                 exit;
669         }
670
671         /**
672          * @todo document this
673          */
674         function batchMoveCategorySelectDestination($type, $ids) {
675                 global $manager;
676                 $this->pagehead();
677                 ?>
678                 <h2><?php echo _MOVECAT_TITLE?></h2>
679                 <form method="post" action="index.php"><div>
680
681                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
682                         <input type="hidden" name="batchaction" value="move" />
683                         <?php
684                                 $manager->addTicketHidden();
685
686                                 // insert selected item numbers
687                                 $idx = 0;
688                                 foreach ($ids as $id)
689                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
690
691                                 // show blog/category selection list
692                                 $this->selectBlog('destblogid');
693
694                         ?>
695
696
697                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />
698
699                 </div></form>
700                 <?php           $this->pagefoot();
701                 exit;
702         }
703
704         /**
705          * @todo document this
706          */
707         function batchAskDeleteConfirmation($type, $ids) {
708                 global $manager;
709
710                 $this->pagehead();
711                 ?>
712                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>
713                 <form method="post" action="index.php"><div>
714
715                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
716                         <?php $manager->addTicketHidden() ?>
717                         <input type="hidden" name="batchaction" value="delete" />
718                         <input type="hidden" name="confirmation" value="yes" />
719                         <?php                           // insert selected item numbers
720                                 $idx = 0;
721                                 foreach ($ids as $id)
722                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
723
724                                 // add hidden vars for team & comment
725                                 if ($type == 'team')
726                                 {
727                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';
728                                 }
729                                 if ($type == 'comment')
730                                 {
731                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';
732                                 }
733
734                         ?>
735
736                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />
737
738                 </div></form>
739                 <?php           $this->pagefoot();
740                 exit;
741         }
742
743
744         /**
745          * Inserts a HTML select element with choices for all categories to which the current
746          * member has access
747          * @see function selectBlog
748          */
749         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
750                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
751         }
752
753         /**
754          * Inserts a HTML select element with choices for all blogs to which the user has access
755          *              mode = 'blog' => shows blognames and values are blogids
756          *              mode = 'category' => show category names and values are catids
757          *
758          * @param $iForcedBlogInclude
759          *              ID of a blog that always needs to be included, without checking if the
760          *              member is on the blog team (-1 = none)
761          * @todo document parameters
762          */
763         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
764                 global $member, $CONF;
765
766                 // 0. get IDs of blogs to which member can post items (+ forced blog)
767                 $aBlogIds = array();
768                 if ($iForcedBlogInclude != -1)
769                         $aBlogIds[] = intval($iForcedBlogInclude);
770
771                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))
772                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
773                 else
774                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
775                 $rblogids = sql_query($queryBlogs);
776                 while ($o = mysql_fetch_object($rblogids))
777                         if ($o->bnumber != $iForcedBlogInclude)
778                                 $aBlogIds[] = intval($o->bnumber);
779
780                 if (count($aBlogIds) == 0)
781                         return;
782
783                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';
784
785                 // 1. select blogs (we'll create optiongroups)
786                 // (only select those blogs that have the user on the team)
787                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';
788                 $blogs = sql_query($queryBlogs);
789                 if ($mode == 'category') {
790                         if (mysql_num_rows($blogs) > 1)
791                                 $multipleBlogs = 1;
792
793                         while ($oBlog = mysql_fetch_object($blogs)) {
794                                 if ($multipleBlogs)
795                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';
796
797                                 // show selection to create new category when allowed/wanted
798                                 if ($showNewCat) {
799                                         // check if allowed to do so
800                                         if ($member->blogAdminRights($oBlog->bnumber))
801                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';
802                                 }
803
804                                 // 2. for each category in that blog
805                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');
806                                 while ($oCat = mysql_fetch_object($categories)) {
807                                         if ($oCat->catid == $selected)
808                                                 $selectText = ' selected="selected" ';
809                                         else
810                                                 $selectText = '';
811                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';
812                                 }
813
814                                 if ($multipleBlogs)
815                                         echo '</optgroup>';
816                         }
817                 } else {
818                         // blog mode
819                         while ($oBlog = mysql_fetch_object($blogs)) {
820                                 echo '<option value="',$oBlog->bnumber,'"';
821                                 if ($oBlog->bnumber == $selected)
822                                         echo ' selected="selected"';
823                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';
824                         }
825                 }
826                 echo '</select>';
827
828         }
829
830         /**
831          * @todo document this
832          */
833         function action_browseownitems() {
834                 global $member, $manager;
835
836                 $this->pagehead();
837
838                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
839                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';
840
841                 // start index
842                 if (postVar('start'))
843                         $start = intPostVar('start');
844                 else
845                         $start = 0;
846
847                 // amount of items to show
848                 if (postVar('amount'))
849                         $amount = intPostVar('amount');
850                 else
851                         $amount = 10;
852
853                 $search = postVar('search');    // search through items
854
855                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
856                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
857                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
858
859                 if ($search)
860                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
861
862                 $query .= ' ORDER BY itime DESC'
863                                 . " LIMIT $start,$amount";
864
865                 $template['content'] = 'itemlist';
866                 $template['now'] = time();
867
868                 $manager->loadClass("ENCAPSULATE");
869                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);
870                 $navList->showBatchList('item',$query,'table',$template);
871
872                 $this->pagefoot();
873
874         }
875
876         /**
877          * Show all the comments for a given item
878          * @param int $itemid
879          */
880         function action_itemcommentlist($itemid = '') {
881                 global $member, $manager;
882
883                 if ($itemid == '')
884                         $itemid = intRequestVar('itemid');
885
886                 // only allow if user is allowed to alter item
887                 $member->canAlterItem($itemid) or $this->disallow();
888
889                 $blogid = getBlogIdFromItemId($itemid);
890
891                 $this->pagehead();
892
893                 // start index
894                 if (postVar('start'))
895                         $start = intPostVar('start');
896                 else
897                         $start = 0;
898
899                 // amount of items to show
900                 if (postVar('amount'))
901                         $amount = intPostVar('amount');
902                 else
903                         $amount = 10;
904
905                 $search = postVar('search');
906
907                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';
908                 echo '<h2>',_COMMENTS,'</h2>';
909
910                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;
911
912                 if ($search)
913                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
914
915                 $query .= ' ORDER BY ctime ASC'
916                                 . " LIMIT $start,$amount";
917
918                 $template['content'] = 'commentlist';
919                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
920
921                 $manager->loadClass("ENCAPSULATE");
922                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
923                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
924
925                 $this->pagefoot();
926         }
927
928         /**
929          * Browse own comments
930          */
931         function action_browseowncomments() {
932                 global $member, $manager;
933
934                 // start index
935                 if (postVar('start'))
936                         $start = intPostVar('start');
937                 else
938                         $start = 0;
939
940                 // amount of items to show
941                 if (postVar('amount'))
942                         $amount = intPostVar('amount');
943                 else
944                         $amount = 10;
945
946                 $search = postVar('search');
947
948
949                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
950
951                 if ($search)
952                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
953
954                 $query .= ' ORDER BY ctime DESC'
955                                 . " LIMIT $start,$amount";
956
957                 $this->pagehead();
958
959                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
960                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';
961
962                 $template['content'] = 'commentlist';
963                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself
964
965                 $manager->loadClass("ENCAPSULATE");
966                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
967                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
968
969                 $this->pagefoot();
970         }
971
972         /**
973          * Browse all comments for a weblog
974          * @param int $blogid
975          */
976         function action_blogcommentlist($blogid = '')
977         {
978                 global $member, $manager;
979
980                 if ($blogid == '')
981                         $blogid = intRequestVar('blogid');
982                 else
983                         $blogid = intval($blogid);
984
985                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
986
987                 // start index
988                 if (postVar('start'))
989                         $start = intPostVar('start');
990                 else
991                         $start = 0;
992
993                 // amount of items to show
994                 if (postVar('amount'))
995                         $amount = intPostVar('amount');
996                 else
997                         $amount = 10;
998
999                 $search = postVar('search');            // search through comments
1000
1001
1002                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
1003
1004                 if ($search != '')
1005                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
1006
1007
1008                 $query .= ' ORDER BY ctime DESC'
1009                                 . " LIMIT $start,$amount";
1010
1011
1012                 $blog =& $manager->getBlog($blogid);
1013
1014                 $this->pagehead();
1015
1016                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
1017                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';
1018
1019                 $template['content'] = 'commentlist';
1020                 $template['canAddBan'] = $member->blogAdminRights($blogid);
1021
1022                 $manager->loadClass("ENCAPSULATE");
1023                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
1024                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
1025
1026                 $this->pagefoot();
1027         }
1028
1029         /**
1030          * Provide a page to item a new item to the given blog
1031          */
1032         function action_createitem() {
1033                 global $member, $manager;
1034
1035                 $blogid = intRequestVar('blogid');
1036
1037                 // check if allowed
1038                 $member->teamRights($blogid) or $this->disallow();
1039
1040                 $memberid = $member->getID();
1041
1042                 $blog =& $manager->getBlog($blogid);
1043
1044                 $this->pagehead();
1045
1046                 // generate the add-item form
1047                 $formfactory =& new PAGEFACTORY($blogid);
1048                 $formfactory->createAddForm('admin');
1049
1050                 $this->pagefoot();
1051         }
1052
1053         /**
1054          * @todo document this
1055          */
1056         function action_itemedit() {
1057                 global $member, $manager;
1058
1059                 $itemid = intRequestVar('itemid');
1060
1061                 // only allow if user is allowed to alter item
1062                 $member->canAlterItem($itemid) or $this->disallow();
1063
1064                 $item =& $manager->getItem($itemid,1,1);
1065                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
1066
1067                 $manager->notify('PrepareItemForEdit', array('item' => &$item));
1068
1069                 if ($blog->convertBreaks()) {
1070                         $item['body'] = removeBreaks($item['body']);
1071                         $item['more'] = removeBreaks($item['more']);
1072                 }
1073
1074                 // form to edit blog items
1075                 $this->pagehead();
1076                 $formfactory =& new PAGEFACTORY($blog->getID());
1077                 $formfactory->createEditForm('admin',$item);
1078                 $this->pagefoot();
1079         }
1080
1081         /**
1082          * @todo document this
1083          */
1084         function action_itemupdate() {
1085                 global $member, $manager, $CONF;
1086
1087                 $itemid = intRequestVar('itemid');
1088                 $catid = postVar('catid');
1089
1090                 // only allow if user is allowed to alter item
1091                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1092
1093                 $actiontype = postVar('actiontype');
1094
1095                 // delete actions are handled by itemdelete (which has confirmation)
1096                 if ($actiontype == 'delete') {
1097                         $this->action_itemdelete();
1098                         return;
1099                 }
1100
1101                 $body   = postVar('body');
1102                 $title  = postVar('title');
1103                 $more   = postVar('more');
1104                 $closed = intPostVar('closed');
1105                 $draftid = intPostVar('draftid');
1106
1107                 // default action = add now
1108                 if (!$actiontype)
1109                         $actiontype='addnow';
1110
1111                 // create new category if needed
1112                 if (strstr($catid,'newcat')) {
1113                         // get blogid
1114                         list($blogid) = sscanf($catid,"newcat-%d");
1115
1116                         // create
1117                         $blog =& $manager->getBlog($blogid);
1118                         $catid = $blog->createNewCategory();
1119
1120                         // show error when sth goes wrong
1121                         if (!$catid)
1122                                 $this->doError(_ERROR_CATCREATEFAIL);
1123                 }
1124
1125                 /*
1126                         set some variables based on actiontype
1127
1128                         actiontypes:
1129                                 draft items -> addnow, addfuture, adddraft, delete
1130                                 non-draft items -> edit, changedate, delete
1131
1132                         variables set:
1133                                 $timestamp: set to a nonzero value for future dates or date changes
1134                                 $wasdraft: set to 1 when the item used to be a draft item
1135                                 $publish: set to 1 when the edited item is not a draft
1136                 */
1137                 switch ($actiontype) {
1138                         case 'adddraft':
1139                                 $publish = 0;
1140                                 $wasdraft = 1;
1141                                 $timestamp = 0;
1142                                 break;
1143                         case 'addfuture':
1144                                 $wasdraft = 1;
1145                                 $publish = 1;
1146                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1147                                 break;
1148                         case 'addnow':
1149                                 $wasdraft = 1;
1150                                 $publish = 1;
1151                                 $timestamp = 0;
1152                                 break;
1153                         case 'changedate':
1154                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1155                                 $publish = 1;
1156                                 $wasdraft = 0;
1157                                 break;
1158                         case 'edit':
1159                         default:
1160                                 $publish = 1;
1161                                 $wasdraft = 0;
1162                                 $timestamp = 0;
1163                 }
1164
1165                 // edit the item for real
1166                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
1167
1168                 if ($draftid > 0) {
1169                         ITEM::delete($draftid);
1170                 }
1171
1172                 $blogid = getBlogIDFromItemID($itemid);
1173                 $blog =& $manager->getBlog($blogid);
1174                 if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {
1175                         $this->action_sendping($blogid);
1176                         return;
1177                 }
1178
1179                 // show category edit window when we created a new category
1180                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
1181                 if ($catid != intPostVar('catid')) {
1182                         $this->action_categoryedit(
1183                                 $catid,
1184                                 $blog->getID(),
1185                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
1186                         );
1187                 } else {
1188                         // TODO: set start item correctly for itemlist
1189                         $this->action_itemlist(getBlogIDFromItemID($itemid));
1190                 }
1191         }
1192
1193         /**
1194          * @todo document this
1195          */
1196         function action_itemdelete() {
1197                 global $member, $manager;
1198
1199                 $itemid = intRequestVar('itemid');
1200
1201                 // only allow if user is allowed to alter item
1202                 $member->canAlterItem($itemid) or $this->disallow();
1203
1204                 if (!$manager->existsItem($itemid,1,1))
1205                         $this->error(_ERROR_NOSUCHITEM);
1206
1207                 $item =& $manager->getItem($itemid,1,1);
1208                 $title = htmlspecialchars(strip_tags($item['title']));
1209                 $body = strip_tags($item['body']);
1210                 $body = htmlspecialchars(shorten($body,300,'...'));
1211
1212                 $this->pagehead();
1213                 ?>
1214                         <h2><?php echo _DELETE_CONFIRM?></h2>
1215
1216                         <p><?php echo _CONFIRMTXT_ITEM?></p>
1217
1218                         <div class="note">
1219                                 <b>"<?php echo  $title ?>"</b>
1220                                 <br />
1221                                 <?php echo $body?>
1222                         </div>
1223
1224                         <form method="post" action="index.php"><div>
1225                                 <input type="hidden" name="action" value="itemdeleteconfirm" />
1226                                 <?php $manager->addTicketHidden() ?>
1227                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1228                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />
1229                         </div></form>
1230                 <?php
1231                 $this->pagefoot();
1232         }
1233
1234         /**
1235          * @todo document this
1236          */
1237         function action_itemdeleteconfirm() {
1238                 global $member;
1239
1240                 $itemid = intRequestVar('itemid');
1241
1242                 // only allow if user is allowed to alter item
1243                 $member->canAlterItem($itemid) or $this->disallow();
1244
1245                 // get blogid first
1246                 $blogid = getBlogIdFromItemId($itemid);
1247
1248                 // delete item (note: some checks will be performed twice)
1249                 $this->deleteOneItem($itemid);
1250
1251                 $this->action_itemlist($blogid);
1252         }
1253
1254         /**
1255          * Deletes one item and returns error if something goes wrong
1256          * @param int $itemid
1257          */
1258         function deleteOneItem($itemid) {
1259                 global $member, $manager;
1260
1261                 // only allow if user is allowed to alter item (also checks if itemid exists)
1262                 if (!$member->canAlterItem($itemid))
1263                         return _ERROR_DISALLOWED;
1264
1265                 $manager->loadClass('ITEM');
1266                 ITEM::delete($itemid);
1267         }
1268
1269         /**
1270          * @todo document this
1271          */
1272         function action_itemmove() {
1273                 global $member, $manager;
1274
1275                 $itemid = intRequestVar('itemid');
1276
1277                 // only allow if user is allowed to alter item
1278                 $member->canAlterItem($itemid) or $this->disallow();
1279
1280                 $item =& $manager->getItem($itemid,1,1);
1281
1282                 $this->pagehead();
1283                 ?>
1284                         <h2><?php echo _MOVE_TITLE?></h2>
1285                         <form method="post" action="index.php"><div>
1286                                 <input type="hidden" name="action" value="itemmoveto" />
1287                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1288
1289                                 <?php
1290
1291                                         $manager->addTicketHidden();
1292                                         $this->selectBlogCategory('catid',$item['catid'],10,1);
1293                                 ?>
1294
1295                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />
1296                         </div></form>
1297                 <?php
1298                 $this->pagefoot();
1299         }
1300
1301         /**
1302          * @todo document this
1303          */
1304         function action_itemmoveto() {
1305                 global $member, $manager;
1306
1307                 $itemid = intRequestVar('itemid');
1308                 $catid = requestVar('catid');
1309
1310                 // create new category if needed
1311                 if (strstr($catid,'newcat')) {
1312                         // get blogid
1313                         list($blogid) = sscanf($catid,'newcat-%d');
1314
1315                         // create
1316                         $blog =& $manager->getBlog($blogid);
1317                         $catid = $blog->createNewCategory();
1318
1319                         // show error when sth goes wrong
1320                         if (!$catid)
1321                                 $this->doError(_ERROR_CATCREATEFAIL);
1322                 }
1323
1324                 // only allow if user is allowed to alter item
1325                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1326
1327                 ITEM::move($itemid, $catid);
1328
1329                 if ($catid != intRequestVar('catid'))
1330                         $this->action_categoryedit($catid, $blog->getID());
1331                 else
1332                         $this->action_itemlist(getBlogIDFromCatID($catid));
1333         }
1334
1335         /**
1336          * Moves one item to a given category (category existance should be checked by caller)
1337          * errors are returned
1338          * @param int $itemid
1339          * @param int $destCatid category ID to which the item will be moved
1340          */
1341         function moveOneItem($itemid, $destCatid) {
1342                 global $member;
1343
1344                 // only allow if user is allowed to move item
1345                 if (!$member->canUpdateItem($itemid, $destCatid))
1346                         return _ERROR_DISALLOWED;
1347
1348                 ITEM::move($itemid, $destCatid);
1349         }
1350
1351         /**
1352          * Adds a item to the chosen blog
1353          */
1354         function action_additem() {
1355                 global $member, $manager, $CONF;
1356
1357                 $manager->loadClass('ITEM');
1358
1359                 $result = ITEM::createFromRequest();
1360
1361                 if ($result['status'] == 'error')
1362                         $this->error($result['message']);
1363
1364                 $blogid = getBlogIDFromItemID($result['itemid']);
1365                 $blog =& $manager->getBlog($blogid);
1366
1367                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
1368
1369                 if ($result['status'] == 'newcategory')
1370                         $this->action_categoryedit(
1371                                 $result['catid'],
1372                                 $blogid,
1373                                 $blog->pingUserland() ? $pingUrl : ''
1374                         );
1375                 elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())
1376                         $this->action_sendping($blogid);
1377                 else
1378                         $this->action_itemlist($blogid);
1379         }
1380
1381         /**
1382          * Shows a window that says we're about to ping weblogs.com.
1383          * immediately refresh to the real pinging page, which will
1384          * show an error, or redirect to the blog.
1385          *
1386          * @param int $blogid ID of blog for which ping needs to be sent out
1387          */
1388         function action_sendping($blogid = -1) {
1389                 global $member, $manager;
1390
1391                 if ($blogid == -1)
1392                         $blogid = intRequestVar('blogid');
1393
1394                 $member->isLoggedIn() or $this->disallow();
1395
1396                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
1397
1398                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
1399                 ?>
1400                 <h2>Site Updated, Now pinging weblogs.com</h2>
1401
1402                 <p>
1403                         Pinging weblogs.com! This can a while...
1404                         <br />
1405                         When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.
1406                 </p>
1407
1408                 <p>
1409                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>
1410                 </p>
1411                 <?php           $this->pagefoot();
1412         }
1413
1414         /**
1415          * Ping to Weblogs.com
1416          * Sends the real ping (can take up to 10 seconds!)
1417          */
1418         function action_rawping() {
1419                 global $manager;
1420                 // TODO: checks?
1421
1422                 $blogid = intRequestVar('blogid');
1423                 $blog =& $manager->getBlog($blogid);
1424
1425                 $result = $blog->sendUserlandPing();
1426
1427                 $this->pagehead();
1428
1429                 ?>
1430
1431                 <h2>Ping Results</h2>
1432
1433                 <p>The following message was returned by weblogs.com:</p>
1434
1435                 <div class='note'><?php echo  $result ?></div>
1436
1437                 <ul>
1438                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>
1439                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>
1440                 </ul>
1441
1442                 <?php           $this->pagefoot();
1443         }
1444
1445         /**
1446          * Allows to edit previously made comments
1447          */
1448         function action_commentedit() {
1449                 global $member, $manager;
1450
1451                 $commentid = intRequestVar('commentid');
1452
1453                 $member->canAlterComment($commentid) or $this->disallow();
1454
1455                 $comment = COMMENT::getComment($commentid);
1456
1457                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
1458
1459                 // change <br /> to \n
1460                 $comment['body'] = str_replace('<br />','',$comment['body']);
1461
1462                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);
1463
1464                 $this->pagehead();
1465
1466                 ?>
1467                 <h2><?php echo _EDITC_TITLE?></h2>
1468
1469                 <form action="index.php" method="post"><div>
1470
1471                 <input type="hidden" name="action" value="commentupdate" />
1472                 <?php $manager->addTicketHidden(); ?>
1473                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1474                 <table><tr>
1475                         <th colspan="2"><?php echo _EDITC_TITLE?></th>
1476                 </tr><tr>
1477                         <td><?php echo _EDITC_WHO?></td>
1478                         <td>
1479                         <?php                           if ($comment['member'])
1480                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";
1481                                 else
1482                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";
1483                         ?>
1484                         </td>
1485                 </tr><tr>
1486                         <td><?php echo _EDITC_WHEN?></td>
1487                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>
1488                 </tr><tr>
1489                         <td><?php echo _EDITC_HOST?></td>
1490                         <td><?php echo  $comment['host']; ?></td>
1491                 </tr><tr>
1492                         <td><?php echo _EDITC_TEXT?></td>
1493                         <td>
1494                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)
1495                                         echo $comment['body'];
1496                                 ?></textarea>
1497                         </td>
1498                 </tr><tr>
1499                         <td><?php echo _EDITC_EDIT?></td>
1500                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>
1501                 </tr></table>
1502
1503                 </div></form>
1504                 <?php
1505                 $this->pagefoot();
1506         }
1507
1508         /**
1509          * @todo document this
1510          */
1511         function action_commentupdate() {
1512                 global $member, $manager;
1513
1514                 $commentid = intRequestVar('commentid');
1515
1516                 $member->canAlterComment($commentid) or $this->disallow();
1517
1518                 $body = postVar('body');
1519
1520                 // intercept words that are too long
1521                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
1522                         $this->error(_ERROR_COMMENT_LONGWORD);
1523
1524                 // check length
1525                 if (strlen($body)<3)
1526                         $this->error(_ERROR_COMMENT_NOCOMMENT);
1527                 if (strlen($body)>5000)
1528                         $this->error(_ERROR_COMMENT_TOOLONG);
1529
1530
1531                 // prepare body
1532                 $body = COMMENT::prepareBody($body);
1533
1534                 // call plugins
1535                 $manager->notify('PreUpdateComment',array('body' => &$body));
1536
1537                 $query =  'UPDATE '.sql_table('comment')
1538                            . " SET cbody='" .addslashes($body). "'"
1539                            . " WHERE cnumber=" . $commentid;
1540                 sql_query($query);
1541
1542                 // get itemid
1543                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
1544                 $o = mysql_fetch_object($res);
1545                 $itemid = $o->citem;
1546
1547                 if ($member->canAlterItem($itemid))
1548                         $this->action_itemcommentlist($itemid);
1549                 else
1550                         $this->action_browseowncomments();
1551
1552         }
1553
1554         /**
1555          * @todo document this
1556          */
1557         function action_commentdelete() {
1558                 global $member, $manager;
1559
1560                 $commentid = intRequestVar('commentid');
1561
1562                 $member->canAlterComment($commentid) or $this->disallow();
1563
1564                 $comment = COMMENT::getComment($commentid);
1565
1566                 $body = strip_tags($comment['body']);
1567                 $body = htmlspecialchars(shorten($body, 300, '...'));
1568
1569                 if ($comment['member'])
1570                         $author = $comment['member'];
1571                 else
1572                         $author = $comment['user'];
1573
1574                 $this->pagehead();
1575                 ?>
1576
1577                         <h2><?php echo _DELETE_CONFIRM?></h2>
1578
1579                         <p><?php echo _CONFIRMTXT_COMMENT?></p>
1580
1581                         <div class="note">
1582                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>
1583                         <br />
1584                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>
1585                         </div>
1586
1587                         <form method="post" action="index.php"><div>
1588                                 <input type="hidden" name="action" value="commentdeleteconfirm" />
1589                                 <?php $manager->addTicketHidden() ?>
1590                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1591                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
1592                         </div></form>
1593                 <?php
1594                 $this->pagefoot();
1595         }
1596
1597         /**
1598          * @todo document this
1599          */
1600         function action_commentdeleteconfirm() {
1601                 global $member;
1602
1603                 $commentid = intRequestVar('commentid');
1604
1605                 // get item id first
1606                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
1607                 $o = mysql_fetch_object($res);
1608                 $itemid = $o->citem;
1609
1610                 $error = $this->deleteOneComment($commentid);
1611                 if ($error)
1612                         $this->doError($error);
1613
1614                 if ($member->canAlterItem($itemid))
1615                         $this->action_itemcommentlist($itemid);
1616                 else
1617                         $this->action_browseowncomments();
1618         }
1619
1620         /**
1621          * @todo document this
1622          */
1623         function deleteOneComment($commentid) {
1624                 global $member, $manager;
1625
1626                 $commentid = intval($commentid);
1627
1628                 if (!$member->canAlterComment($commentid))
1629                         return _ERROR_DISALLOWED;
1630
1631                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));
1632
1633                 // delete the comments associated with the item
1634                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
1635                 sql_query($query);
1636
1637                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));
1638
1639                 return '';
1640         }
1641
1642         /**
1643          * Usermanagement main
1644          */
1645         function action_usermanagement() {
1646                 global $member, $manager;
1647
1648                 // check if allowed
1649                 $member->isAdmin() or $this->disallow();
1650
1651                 $this->pagehead();
1652
1653                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
1654
1655                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';
1656
1657                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';
1658
1659                 // show list of members with actions
1660                 $query =  'SELECT *'
1661                            . ' FROM '.sql_table('member');
1662                 $template['content'] = 'memberlist';
1663                 $template['tabindex'] = 10;
1664
1665                 $manager->loadClass("ENCAPSULATE");
1666                 $batch =& new BATCH('member');
1667                 $batch->showlist($query,'table',$template);
1668
1669                 echo '<h3>' . _MEMBERS_NEW .'</h3>';
1670                 ?>
1671                         <form method="post" action="index.php" name="memberedit"><div>
1672
1673                         <input type="hidden" name="action" value="memberadd" />
1674                         <?php $manager->addTicketHidden() ?>
1675
1676                         <table>
1677                         <tr>
1678                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>
1679                         </tr><tr>
1680                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1681                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1682                                 </td>
1683                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
1684                         </tr><tr>
1685                                 <td><?php echo _MEMBERS_REALNAME?></td>
1686                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>
1687                         </tr><tr>
1688                                 <td><?php echo _MEMBERS_PWD?></td>
1689                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>
1690                         </tr><tr>
1691                                 <td><?php echo _MEMBERS_REPPWD?></td>
1692                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>
1693                         </tr><tr>
1694                                 <td><?php echo _MEMBERS_EMAIL?></td>
1695                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>
1696                         </tr><tr>
1697                                 <td><?php echo _MEMBERS_URL?></td>
1698                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>
1699                         </tr><tr>
1700                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1701                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>
1702                         </tr><tr>
1703                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1704                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>
1705                         </tr><tr>
1706                                 <td><?php echo _MEMBERS_NOTES?></td>
1707                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>
1708                         </tr><tr>
1709                                 <td><?php echo _MEMBERS_NEW?></td>
1710                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>
1711                         </tr></table>
1712
1713                         </div></form>
1714                 <?php
1715                 $this->pagefoot();
1716         }
1717
1718         /**
1719          * Edit member settings
1720          */
1721         function action_memberedit() {
1722                 $this->action_editmembersettings(intRequestVar('memberid'));
1723         }
1724
1725         /**
1726          * @todo document this
1727          */
1728         function action_editmembersettings($memberid = '') {
1729                 global $member, $manager, $CONF;
1730
1731                 if ($memberid == '')
1732                         $memberid = $member->getID();
1733
1734                 // check if allowed
1735                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1736
1737                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
1738                 $this->pagehead($extrahead);
1739
1740                 // show message to go back to member overview (only for admins)
1741                 if ($member->isAdmin())
1742                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';
1743                 else
1744                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';
1745
1746                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';
1747
1748                 $mem = MEMBER::createFromID($memberid);
1749
1750                 ?>
1751                 <form method="post" action="index.php" name="memberedit"><div>
1752
1753                 <input type="hidden" name="action" value="changemembersettings" />
1754                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
1755                 <?php $manager->addTicketHidden() ?>
1756
1757                 <table><tr>
1758                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>
1759                 </tr><tr>
1760                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1761                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1762                         </td>
1763                         <td>
1764                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1765                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
1766                         <?php } else {
1767                                 echo htmlspecialchars($member->getDisplayName());
1768                            }
1769                         ?>
1770                         </td>
1771                 </tr><tr>
1772                         <td><?php echo _MEMBERS_REALNAME?></td>
1773                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>
1774                 </tr><tr>
1775                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1776                         <td><?php echo _MEMBERS_PWD?></td>
1777                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>
1778                 </tr><tr>
1779                         <td><?php echo _MEMBERS_REPPWD?></td>
1780                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>
1781                 <?php } ?>
1782                 </tr><tr>
1783                         <td><?php echo _MEMBERS_EMAIL?>
1784                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>
1785                         </td>
1786                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>
1787                 </tr><tr>
1788                         <td><?php echo _MEMBERS_URL?></td>
1789                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>
1790                 <?php // only allow to change this by super-admins
1791                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)
1792                    if ($member->isAdmin()) {
1793                 ?>
1794                         </tr><tr>
1795                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1796                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>
1797                         </tr><tr>
1798                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1799                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>
1800                 <?php } ?>
1801                 </tr><tr>
1802                         <td><?php echo _MEMBERS_NOTES?></td>
1803                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>
1804                 </tr><tr>
1805                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>
1806                         </td>
1807                         <td>
1808
1809                                 <select name="deflang" tabindex="85">
1810                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>
1811                                 <?php                           // show a dropdown list of all available languages
1812                                 global $DIR_LANG;
1813                                 $dirhandle = opendir($DIR_LANG);
1814                                 while ($filename = readdir($dirhandle)) {
1815                                         if (ereg("^(.*)\.php$",$filename,$matches)) {
1816                                                 $name = $matches[1];
1817                                                 echo "<option value='$name'";
1818                                                 if ($name == $mem->getLanguage())
1819                                                         echo " selected='selected'";
1820                                                 echo ">$name</option>";
1821                                         }
1822                                 }
1823                                 closedir($dirhandle);
1824
1825                                 ?>
1826                                 </select>
1827
1828                         </td>
1829                 </tr>
1830                 <?php
1831                         // plugin options
1832                         $this->_insertPluginOptions('member',$memberid);
1833                 ?>
1834                 <tr>
1835                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>
1836                 </tr><tr>
1837                         <td><?php echo _MEMBERS_EDIT?></td>
1838                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>
1839                 </tr></table>
1840
1841                 </div></form>
1842
1843                 <?php
1844                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
1845
1846                         $manager->notify(
1847                                 'MemberSettingsFormExtras',
1848                                 array(
1849                                         'member' => &$mem
1850                                 )
1851                         );
1852
1853                 $this->pagefoot();
1854         }
1855
1856         /**
1857          * @todo document this
1858          */
1859         function action_changemembersettings() {
1860                 global $member, $CONF, $manager;
1861
1862                 $memberid = intRequestVar('memberid');
1863
1864                 // check if allowed
1865                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1866
1867                 $name                   = trim(strip_tags(postVar('name')));
1868                 $realname               = trim(strip_tags(postVar('realname')));
1869                 $password               = postVar('password');
1870                 $repeatpassword = postVar('repeatpassword');
1871                 $email                  = strip_tags(postVar('email'));
1872                 $url                    = strip_tags(postVar('url'));
1873
1874                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
1875                 if (!eregi("^https?://", $url))
1876                         $url = "http://".$url;
1877
1878                 $admin                  = postVar('admin');
1879                 $canlogin               = postVar('canlogin');
1880                 $notes                  = strip_tags(postVar('notes'));
1881                 $deflang                = postVar('deflang');
1882
1883                 $mem = MEMBER::createFromID($memberid);
1884
1885                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1886
1887                         if (!isValidDisplayName($name))
1888                                 $this->error(_ERROR_BADNAME);
1889
1890                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
1891                                 $this->error(_ERROR_NICKNAMEINUSE);
1892
1893                         if ($password != $repeatpassword)
1894                                 $this->error(_ERROR_PASSWORDMISMATCH);
1895
1896                         if ($password && (strlen($password) < 6))
1897                                 $this->error(_ERROR_PASSWORDTOOSHORT);
1898                 }
1899
1900                 if (!isValidMailAddress($email))
1901                         $this->error(_ERROR_BADMAILADDRESS);
1902
1903
1904                 if (!$realname)
1905                         $this->error(_ERROR_REALNAMEMISSING);
1906
1907                 if (($deflang != '') && (!checkLanguage($deflang)))
1908                         $this->error(_ERROR_NOSUCHLANGUAGE);
1909
1910                 // check if there will remain at least one site member with both the logon and admin rights
1911                 // (check occurs when taking away one of these rights from such a member)
1912                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())
1913                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1914                    )
1915                 {
1916                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1917                         if (mysql_num_rows($r) < 2)
1918                                 $this->error(_ERROR_ATLEASTONEADMIN);
1919                 }
1920
1921                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1922                         $mem->setDisplayName($name);
1923                         if ($password)
1924                                 $mem->setPassword($password);
1925                 }
1926
1927                 $oldEmail = $mem->getEmail();
1928
1929                 $mem->setRealName($realname);
1930                 $mem->setEmail($email);
1931                 $mem->setURL($url);
1932                 $mem->setNotes($notes);
1933                 $mem->setLanguage($deflang);
1934
1935
1936                 // only allow super-admins to make changes to the admin status
1937                 if ($member->isAdmin()) {
1938                         $mem->setAdmin($admin);
1939                         $mem->setCanLogin($canlogin);
1940                 }
1941
1942
1943                 $mem->write();
1944
1945                 // store plugin options
1946                 $aOptions = requestArray('plugoption');
1947                 NucleusPlugin::_applyPluginOptions($aOptions);
1948                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
1949
1950                 // if email changed, generate new password
1951                 if ($oldEmail != $mem->getEmail())
1952                 {
1953                         $mem->sendActivationLink('addresschange', $oldEmail);
1954                         // logout member
1955                         $mem->newCookieKey();
1956
1957                         // only log out if the member being edited is the current member.
1958                         if ($member->getID() == $memberid)
1959                                 $member->logout();
1960                         $this->action_login(_MSG_ACTIVATION_SENT, 0);
1961                         return;
1962                 }
1963
1964
1965                 if (  ( $mem->getID() == $member->getID() )
1966                    && ( $mem->getDisplayName() != $member->getDisplayName() )
1967                    ) {
1968                         $mem->newCookieKey();
1969                         $member->logout();
1970                         $this->action_login(_MSG_LOGINAGAIN, 0);
1971                 } else {
1972                         $this->action_overview(_MSG_SETTINGSCHANGED);
1973                 }
1974         }
1975
1976         /**
1977          * @todo document this
1978          */
1979         function action_memberadd() {
1980                 global $member, $manager;
1981
1982                 // check if allowed
1983                 $member->isAdmin() or $this->disallow();
1984
1985                 if (postVar('password') != postVar('repeatpassword'))
1986                         $this->error(_ERROR_PASSWORDMISMATCH);
1987                 if (strlen(postVar('password')) < 6)
1988                         $this->error(_ERROR_PASSWORDTOOSHORT);
1989
1990                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
1991                 if ($res != 1)
1992                         $this->error($res);
1993
1994                 // fire PostRegister event
1995                 $newmem = new MEMBER();
1996                 $newmem->readFromName(postVar('name'));
1997                 $manager->notify('PostRegister',array('member' => &$newmem));
1998
1999                 $this->action_usermanagement();
2000         }
2001
2002         /**
2003          * Account activation
2004          *
2005          * @author dekarma
2006          */
2007         function action_activate() {
2008
2009                 $key = getVar('key');
2010                 $this->_showActivationPage($key);
2011         }
2012
2013         /**
2014          * @todo document this
2015          */
2016         function _showActivationPage($key, $message = '')
2017         {
2018                 global $manager;
2019
2020                 // clean up old activation keys
2021                 MEMBER::cleanupActivationTable();
2022
2023                 // get activation info
2024                 $info = MEMBER::getActivationInfo($key);
2025
2026                 if (!$info)
2027                         $this->error(_ERROR_ACTIVATE);
2028
2029                 $mem = MEMBER::createFromId($info->vmember);
2030
2031                 if (!$mem)
2032                         $this->error(_ERROR_ACTIVATE);
2033
2034                 $text = '';
2035                 $title = '';
2036                 $bNeedsPasswordChange = true;
2037
2038                 switch ($info->vtype)
2039                 {
2040                         case 'forgot':
2041                                 $title = _ACTIVATE_FORGOT_TITLE;
2042                                 $text = _ACTIVATE_FORGOT_TEXT;
2043                                 break;
2044                         case 'register':
2045                                 $title = _ACTIVATE_REGISTER_TITLE;
2046                                 $text = _ACTIVATE_REGISTER_TEXT;
2047                                 break;
2048                         case 'addresschange':
2049                                 $title = _ACTIVATE_CHANGE_TITLE;
2050                                 $text = _ACTIVATE_CHANGE_TEXT;
2051                                 $bNeedsPasswordChange = false;
2052                                 MEMBER::activate($key);
2053                                 break;
2054                 }
2055
2056                 $aVars = array(
2057                         'memberName' => htmlspecialchars($mem->getDisplayName())
2058                 );
2059                 $title = TEMPLATE::fill($title, $aVars);
2060                 $text = TEMPLATE::fill($text, $aVars);
2061
2062                 $this->pagehead();
2063
2064                         echo '<h2>' , $title, '</h2>';
2065                         echo '<p>' , $text, '</p>';
2066
2067                         if ($message != '')
2068                         {
2069                                 echo '<p class="error">',$message,'</p>';
2070                         }
2071
2072                         if ($bNeedsPasswordChange)
2073                         {
2074                                 ?>
2075                                         <div><form action="index.php" method="post">
2076
2077                                                 <input type="hidden" name="action" value="activatesetpwd" />
2078                                                 <?php $manager->addTicketHidden() ?>
2079                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />
2080
2081                                                 <table><tr>
2082                                                         <td><?php echo _MEMBERS_PWD?></td>
2083                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>
2084                                                 </tr><tr>
2085                                                         <td><?php echo _MEMBERS_REPPWD?></td>
2086                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>
2087                                                 <?php
2088
2089                                                         global $manager;
2090                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));
2091
2092                                                 ?>
2093                                                 </tr><tr>
2094                                                         <td><?php echo _MEMBERS_SETPWD ?></td>
2095                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>
2096                                                 </tr></table>
2097
2098
2099                                         </form></div>
2100
2101                                 <?php
2102
2103                         }
2104
2105                 $this->pagefoot();
2106
2107         }
2108
2109         /**
2110          * Account activation - set password part
2111          *
2112          * @author dekarma
2113          */
2114         function action_activatesetpwd() {
2115
2116                 $key = postVar('key');
2117
2118                 // clean up old activation keys
2119                 MEMBER::cleanupActivationTable();
2120
2121                 // get activation info
2122                 $info = MEMBER::getActivationInfo($key);
2123
2124                 if (!$info || ($info->type == 'addresschange'))
2125                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2126
2127                 $mem = MEMBER::createFromId($info->vmember);
2128
2129                 if (!$mem)
2130                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2131
2132                 $password               = postVar('password');
2133                 $repeatpassword = postVar('repeatpassword');
2134
2135                 if ($password != $repeatpassword)
2136                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
2137
2138                 if ($password && (strlen($password) < 6))
2139                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
2140
2141                 $error = '';
2142                 global $manager;
2143                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
2144                 if ($error != '')
2145                         return $this->_showActivationPage($key, $error);
2146
2147
2148                 // set password
2149                 $mem->setPassword($password);
2150                 $mem->write();
2151
2152                 // do the activation
2153                 MEMBER::activate($key);
2154
2155                 $this->pagehead();
2156                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';
2157                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';
2158                 $this->pagefoot();
2159         }
2160
2161         /**
2162          * Manage team
2163          */
2164         function action_manageteam() {
2165                 global $member, $manager;
2166
2167                 $blogid = intRequestVar('blogid');
2168
2169                 // check if allowed
2170                 $member->blogAdminRights($blogid) or $this->disallow();
2171
2172                 $this->pagehead();
2173
2174                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2175
2176                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';
2177
2178                 echo '<h3>' . _TEAM_CURRENT . '</h3>';
2179
2180
2181
2182                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
2183                            . ' FROM '.sql_table('member').', '.sql_table('team')
2184                            . ' WHERE tmember=mnumber and tblog=' . $blogid;
2185
2186                 $template['content'] = 'teamlist';
2187                 $template['tabindex'] = 10;
2188
2189                 $manager->loadClass("ENCAPSULATE");
2190                 $batch =& new BATCH('team');
2191                 $batch->showlist($query, 'table', $template);
2192
2193                 ?>
2194                         <h3><?php echo _TEAM_ADDNEW?></h3>
2195
2196                         <form method='post' action='index.php'><div>
2197
2198                         <input type='hidden' name='action' value='teamaddmember' />
2199                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />
2200                         <?php $manager->addTicketHidden() ?>
2201
2202                         <table><tr>
2203                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>
2204                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed
2205                                         $query =  'SELECT mname as text, mnumber as value'
2206                                                    . ' FROM '.sql_table('member');
2207
2208                                         $template['name'] = 'memberid';
2209                                         $template['tabindex'] = 10000;
2210                                         showlist($query,'select',$template);
2211                                 ?></td>
2212                         </tr><tr>
2213                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>
2214                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>
2215                         </tr><tr>
2216                                 <td><?php echo _TEAM_ADD?></td>
2217                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>
2218                         </tr></table>
2219
2220                         </div></form>
2221                 <?php
2222                 $this->pagefoot();
2223         }
2224
2225         /**
2226          * Add member to team
2227          */
2228         function action_teamaddmember() {
2229                 global $member, $manager;
2230
2231                 $memberid = intPostVar('memberid');
2232                 $blogid = intPostVar('blogid');
2233                 $admin = intPostVar('admin');
2234
2235                 // check if allowed
2236                 $member->blogAdminRights($blogid) or $this->disallow();
2237
2238                 $blog =& $manager->getBlog($blogid);
2239                 if (!$blog->addTeamMember($memberid, $admin))
2240                         $this->error(_ERROR_ALREADYONTEAM);
2241
2242                 $this->action_manageteam();
2243
2244         }
2245
2246         /**
2247          * @todo document this
2248          */
2249         function action_teamdelete() {
2250                 global $member, $manager;
2251
2252                 $memberid = intRequestVar('memberid');
2253                 $blogid = intRequestVar('blogid');
2254
2255                 // check if allowed
2256                 $member->blogAdminRights($blogid) or $this->disallow();
2257
2258                 $teammem = MEMBER::createFromID($memberid);
2259                 $blog =& $manager->getBlog($blogid);
2260
2261                 $this->pagehead();
2262                 ?>
2263                         <h2><?php echo _DELETE_CONFIRM?></h2>
2264
2265                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>
2266                         </p>
2267
2268
2269                         <form method="post" action="index.php"><div>
2270                         <input type="hidden" name="action" value="teamdeleteconfirm" />
2271                         <?php $manager->addTicketHidden() ?>
2272                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2273                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2274                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2275                         </div></form>
2276                 <?php
2277                 $this->pagefoot();
2278         }
2279
2280         /**
2281          * @todo document this
2282          */
2283         function action_teamdeleteconfirm() {
2284                 global $member;
2285
2286                 $memberid = intRequestVar('memberid');
2287                 $blogid = intRequestVar('blogid');
2288
2289                 $error = $this->deleteOneTeamMember($blogid, $memberid);
2290                 if ($error)
2291                         $this->error($error);
2292
2293
2294                 $this->action_manageteam();
2295         }
2296
2297         /**
2298          * @todo document this
2299          */
2300         function deleteOneTeamMember($blogid, $memberid) {
2301                 global $member, $manager;
2302
2303                 $blogid = intval($blogid);
2304                 $memberid = intval($memberid);
2305
2306                 // check if allowed
2307                 if (!$member->blogAdminRights($blogid))
2308                         return _ERROR_DISALLOWED;
2309
2310                 // check if: - there remains at least one blog admin
2311                 //           - (there remains at least one team member)
2312                 $tmem = MEMBER::createFromID($memberid);
2313
2314                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2315
2316                 if ($tmem->isBlogAdmin($blogid)) {
2317                         // check if there are more blog members left and at least one admin
2318                         // (check for at least two admins before deletion)
2319                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
2320                         $r = sql_query($query);
2321                         if (mysql_num_rows($r) < 2)
2322                                 return _ERROR_ATLEASTONEBLOGADMIN;
2323                 }
2324
2325                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
2326                 sql_query($query);
2327
2328                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2329
2330                 return '';
2331         }
2332
2333         /**
2334          * @todo document this
2335          */
2336         function action_teamchangeadmin() {
2337                 global $member;
2338
2339                 $blogid = intRequestVar('blogid');
2340                 $memberid = intRequestVar('memberid');
2341
2342                 // check if allowed
2343                 $member->blogAdminRights($blogid) or $this->disallow();
2344
2345                 $mem = MEMBER::createFromID($memberid);
2346
2347                 // don't allow when there is only one admin at this moment
2348                 if ($mem->isBlogAdmin($blogid)) {
2349                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
2350                         if (mysql_num_rows($r) == 1)
2351                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
2352                 }
2353
2354                 if ($mem->isBlogAdmin($blogid))
2355                         $newval = 0;
2356                 else
2357                         $newval = 1;
2358
2359                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
2360                 sql_query($query);
2361
2362                 // only show manageteam if member did not change its own admin privileges
2363                 if ($member->isBlogAdmin($blogid))
2364                         $this->action_manageteam();
2365                 else
2366                         $this->action_overview(_MSG_ADMINCHANGED);
2367         }
2368
2369         /**
2370          * @todo document this
2371          */
2372         function action_blogsettings() {
2373                 global $member, $manager;
2374
2375                 $blogid = intRequestVar('blogid');
2376
2377                 // check if allowed
2378                 $member->blogAdminRights($blogid) or $this->disallow();
2379
2380                 $blog =& $manager->getBlog($blogid);
2381
2382                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2383                 $this->pagehead($extrahead);
2384
2385                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
2386                 ?>
2387                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>
2388
2389                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>
2390
2391                 <p>Members currently on your team:
2392                 <?php
2393                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));
2394                         $aMemberNames = array();
2395                         while ($o = mysql_fetch_object($res))
2396                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');
2397                         echo implode(',', $aMemberNames);
2398                 ?>
2399                 </p>
2400
2401
2402
2403                 <p>
2404                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>
2405                 </p>
2406
2407                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>
2408
2409                 <form method="post" action="index.php"><div>
2410
2411                 <input type="hidden" name="action" value="blogsettingsupdate" />
2412                 <?php $manager->addTicketHidden() ?>
2413                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2414                 <table><tr>
2415                         <td><?php echo _EBLOG_NAME?></td>
2416                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>
2417                 </tr><tr>
2418                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>
2419                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>
2420                         </td>
2421                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>
2422                 </tr><tr>
2423                         <td><?php echo _EBLOG_DESC?></td>
2424                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>
2425                 </tr><tr>
2426                         <td><?php echo _EBLOG_URL?></td>
2427                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>
2428                 </tr><tr>
2429                         <td><?php echo _EBLOG_DEFSKIN?>
2430                                 <?php help('blogdefaultskin'); ?>
2431                         </td>
2432                         <td>
2433                                 <?php
2434                                         $query =  'SELECT sdname as text, sdnumber as value'
2435                                                    . ' FROM '.sql_table('skin_desc');
2436                                         $template['name'] = 'defskin';
2437                                         $template['selected'] = $blog->getDefaultSkin();
2438                                         $template['tabindex'] = 50;
2439                                         showlist($query,'select',$template);
2440                                 ?>
2441
2442                         </td>
2443                 </tr><tr>
2444                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>
2445                         </td>
2446                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>
2447                 </tr><tr>
2448                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>
2449                         </td>
2450                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>
2451                 </tr><tr>
2452                         <td><?php echo _EBLOG_DISABLECOMMENTS?>
2453                         </td>
2454                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>
2455                 </tr><tr>
2456                         <td><?php echo _EBLOG_ANONYMOUS?>
2457                         </td>
2458                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>
2459                 </tr><tr>
2460         <td><?php echo _EBLOG_REQUIREDEMAIL?>
2461                  </td>
2462                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>
2463           </tr><tr>
2464                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>
2465                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
2466                 </tr><tr>
2467                         <td><?php echo _EBLOG_NOTIFY_ON?></td>
2468                         <td>
2469                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"
2470                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>
2471                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>
2472                                 <br />
2473                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"
2474                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>
2475                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>
2476                                 <br />
2477                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"
2478                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>
2479                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
2480                         </td>
2481                 </tr><tr>
2482                         <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>
2483                         <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>
2484                 </tr><tr>
2485                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
2486                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>
2487                 </tr><tr>
2488                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>
2489                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>
2490                 </tr><tr>
2491                         <td><?php echo _EBLOG_DEFCAT?></td>
2492                         <td>
2493                                 <?php
2494                                         $query =  'SELECT cname as text, catid as value'
2495                                                    . ' FROM '.sql_table('category')
2496                                                    . ' WHERE cblog=' . $blog->getID();
2497                                         $template['name'] = 'defcat';
2498                                         $template['selected'] = $blog->getDefaultCategory();
2499                                         $template['tabindex'] = 110;
2500                                         showlist($query,'select',$template);
2501                                 ?>
2502                         </td>
2503                 </tr><tr>
2504                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>
2505                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>
2506                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>
2507                                 </td>
2508                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>
2509                 </tr><tr>
2510                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>
2511                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>
2512                 </tr>
2513                 <?php
2514                         // plugin options
2515                         $this->_insertPluginOptions('blog',$blogid);
2516                 ?>
2517                 <tr>
2518                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>
2519                 </tr><tr>
2520                         <td><?php echo _EBLOG_CHANGE?></td>
2521                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>
2522                 </tr></table>
2523
2524                 </div></form>
2525
2526                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>
2527
2528
2529                 <?php
2530                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';
2531                 $template['content'] = 'categorylist';
2532                 $template['tabindex'] = 200;
2533
2534                 $manager->loadClass("ENCAPSULATE");
2535                 $batch =& new BATCH('category');
2536                 $batch->showlist($query,'table',$template);
2537
2538                 ?>
2539
2540
2541                 <form action="index.php" method="post"><div>
2542                 <input name="action" value="categorynew" type="hidden" />
2543                 <?php $manager->addTicketHidden() ?>
2544                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />
2545
2546                 <table><tr>
2547                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>
2548                 </tr><tr>
2549                         <td><?php echo _EBLOG_CAT_NAME?></td>
2550                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>
2551                 </tr><tr>
2552                         <td><?php echo _EBLOG_CAT_DESC?></td>
2553                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>
2554                 </tr><tr>
2555                         <td><?php echo _EBLOG_CAT_CREATE?></td>
2556                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>
2557                 </tr></table>
2558
2559                 </div></form>
2560
2561                 <?php
2562
2563                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
2564
2565                         $manager->notify(
2566                                 'BlogSettingsFormExtras',
2567                                 array(
2568                                         'blog' => &$blog
2569                                 )
2570                         );
2571
2572                 $this->pagefoot();
2573         }
2574
2575         /**
2576          * @todo document this
2577          */
2578         function action_categorynew() {
2579                 global $member, $manager;
2580
2581                 $blogid = intRequestVar('blogid');
2582
2583                 $member->blogAdminRights($blogid) or $this->disallow();
2584
2585                 $cname = postVar('cname');
2586                 $cdesc = postVar('cdesc');
2587
2588                 if (!isValidCategoryName($cname))
2589                         $this->error(_ERROR_BADCATEGORYNAME);
2590
2591                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
2592                 $res = sql_query($query);
2593                 if (mysql_num_rows($res) > 0)
2594                         $this->error(_ERROR_DUPCATEGORYNAME);
2595
2596                 $blog           =& $manager->getBlog($blogid);
2597                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);
2598
2599                 $this->action_blogsettings();
2600         }
2601
2602         /**
2603          * @todo document this
2604          */
2605         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
2606                 global $member, $manager;
2607
2608                 if ($blogid == '')
2609                         $blogid = intGetVar('blogid');
2610                 else
2611                         $blogid = intval($blogid);
2612                 if ($catid == '')
2613                         $catid = intGetVar('catid');
2614                 else
2615                         $catid = intval($catid);
2616
2617                 $member->blogAdminRights($blogid) or $this->disallow();
2618
2619                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
2620                 $obj = mysql_fetch_object($res);
2621
2622                 $cname = $obj->cname;
2623                 $cdesc = $obj->cdesc;
2624
2625                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2626                 $this->pagehead($extrahead);
2627
2628                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2629
2630                 ?>
2631                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>
2632                 <form method='post' action='index.php'><div>
2633                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />
2634                 <input name="catid" type="hidden" value="<?php echo $catid?>" />
2635                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />
2636                 <input name="action" type="hidden" value="categoryupdate" />
2637                 <?php $manager->addTicketHidden(); ?>
2638
2639                 <table><tr>
2640                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2641                 </tr><tr>
2642                         <td><?php echo _EBLOG_CAT_NAME?></td>
2643                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>
2644                 </tr><tr>
2645                         <td><?php echo _EBLOG_CAT_DESC?></td>
2646                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>
2647                 </tr>
2648                 <?php
2649                         // insert plugin options
2650                         $this->_insertPluginOptions('category',$catid);
2651                 ?>
2652                 <tr>
2653                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2654                 </tr><tr>
2655                         <td><?php echo _EBLOG_CAT_UPDATE?></td>
2656                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>
2657                 </tr></table>
2658
2659                 </div></form>
2660                 <?php
2661                 $this->pagefoot();
2662         }
2663
2664         /**
2665          * @todo document this
2666          */
2667         function action_categoryupdate() {
2668                 global $member, $manager;
2669
2670                 $blogid = intPostVar('blogid');
2671                 $catid = intPostVar('catid');
2672                 $cname = postVar('cname');
2673                 $cdesc = postVar('cdesc');
2674                 $desturl = postVar('desturl');
2675
2676                 $member->blogAdminRights($blogid) or $this->disallow();
2677
2678                 if (!isValidCategoryName($cname))
2679                         $this->error(_ERROR_BADCATEGORYNAME);
2680
2681                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
2682                 $res = sql_query($query);
2683                 if (mysql_num_rows($res) > 0)
2684                         $this->error(_ERROR_DUPCATEGORYNAME);
2685
2686                 $query =  'UPDATE '.sql_table('category').' SET'
2687                            . " cname='" . addslashes($cname) . "',"
2688                            . " cdesc='" . addslashes($cdesc) . "'"
2689                            . " WHERE catid=" . $catid;
2690
2691                 sql_query($query);
2692
2693                 // store plugin options
2694                 $aOptions = requestArray('plugoption');
2695                 NucleusPlugin::_applyPluginOptions($aOptions);
2696                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
2697
2698
2699                 if ($desturl) {
2700                         redirect($desturl);
2701                         exit;
2702                 } else {
2703                         $this->action_blogsettings();
2704                 }
2705         }
2706
2707         /**
2708          * @todo document this
2709          */
2710         function action_categorydelete() {
2711                 global $member, $manager;
2712
2713                 $blogid = intRequestVar('blogid');
2714                 $catid = intRequestVar('catid');
2715
2716                 $member->blogAdminRights($blogid) or $this->disallow();
2717
2718                 $blog =& $manager->getBlog($blogid);
2719
2720                 // check if the category is valid
2721                 if (!$blog->isValidCategory($catid))
2722                         $this->error(_ERROR_NOSUCHCATEGORY);
2723
2724                 // don't allow deletion of default category
2725                 if ($blog->getDefaultCategory() == $catid)
2726                         $this->error(_ERROR_DELETEDEFCATEGORY);
2727
2728                 // check if catid is the only category left for blogid
2729                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2730                 $res = sql_query($query);
2731                 if (mysql_num_rows($res) == 1)
2732                         $this->error(_ERROR_DELETELASTCATEGORY);
2733
2734
2735                 $this->pagehead();
2736                 ?>
2737                         <h2><?php echo _DELETE_CONFIRM?></h2>
2738
2739                         <div>
2740                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>
2741                         </div>
2742
2743                         <form method="post" action="index.php"><div>
2744                         <input type="hidden" name="action" value="categorydeleteconfirm" />
2745                         <?php $manager->addTicketHidden() ?>
2746                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />
2747                         <input type="hidden" name="catid" value="<?php echo $catid?>" />
2748                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2749                         </div></form>
2750                 <?php
2751                 $this->pagefoot();
2752         }
2753
2754         /**
2755          * @todo document this
2756          */
2757         function action_categorydeleteconfirm() {
2758                 global $member, $manager;
2759
2760                 $blogid = intRequestVar('blogid');
2761                 $catid = intRequestVar('catid');
2762
2763                 $member->blogAdminRights($blogid) or $this->disallow();
2764
2765                 $error = $this->deleteOneCategory($catid);
2766                 if ($error)
2767                         $this->error($error);
2768
2769                 $this->action_blogsettings();
2770         }
2771
2772         /**
2773          * @todo document this
2774          */
2775         function deleteOneCategory($catid) {
2776                 global $manager, $member;
2777
2778                 $catid = intval($catid);
2779
2780                 $manager->notify('PreDeleteCategory', array('catid' => $catid));
2781
2782                 $blogid = getBlogIDFromCatID($catid);
2783
2784                 if (!$member->blogAdminRights($blogid))
2785                         return ERROR_DISALLOWED;
2786
2787                 // get blog
2788                 $blog =& $manager->getBlog($blogid);
2789
2790                 // check if the category is valid
2791                 if (!$blog || !$blog->isValidCategory($catid))
2792                         return _ERROR_NOSUCHCATEGORY;
2793
2794                 $destcatid = $blog->getDefaultCategory();
2795
2796                 // don't allow deletion of default category
2797                 if ($blog->getDefaultCategory() == $catid)
2798                         return _ERROR_DELETEDEFCATEGORY;
2799
2800                 // check if catid is the only category left for blogid
2801                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2802                 $res = sql_query($query);
2803                 if (mysql_num_rows($res) == 1)
2804                         return _ERROR_DELETELASTCATEGORY;
2805
2806                 // change category for all items to the default category
2807                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
2808                 sql_query($query);
2809
2810                 // delete all associated plugin options
2811                 NucleusPlugin::_deleteOptionValues('category', $catid);
2812
2813                 // delete category
2814                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
2815                 sql_query($query);
2816
2817                 $manager->notify('PostDeleteCategory', array('catid' => $catid));
2818
2819         }
2820
2821         /**
2822          * @todo document this
2823          */
2824         function moveOneCategory($catid, $destblogid) {
2825                 global $manager, $member;
2826
2827                 $catid = intval($catid);
2828                 $destblogid = intval($destblogid);
2829
2830                 $blogid = getBlogIDFromCatID($catid);
2831
2832                 // mover should have admin rights on both blogs
2833                 if (!$member->blogAdminRights($blogid))
2834                         return _ERROR_DISALLOWED;
2835                 if (!$member->blogAdminRights($destblogid))
2836                         return _ERROR_DISALLOWED;
2837
2838                 // cannot move to self
2839                 if ($blogid == $destblogid)
2840                         return _ERROR_MOVETOSELF;
2841
2842                 // get blogs
2843                 $blog =& $manager->getBlog($blogid);
2844                 $destblog =& $manager->getBlog($destblogid);
2845
2846                 // check if the category is valid
2847                 if (!$blog || !$blog->isValidCategory($catid))
2848                         return _ERROR_NOSUCHCATEGORY;
2849
2850                 // don't allow default category to be moved
2851                 if ($blog->getDefaultCategory() == $catid)
2852                         return _ERROR_MOVEDEFCATEGORY;
2853
2854                 $manager->notify(
2855                         'PreMoveCategory',
2856                         array(
2857                                 'catid' => &$catid,
2858                                 'sourceblog' => &$blog,
2859                                 'destblog' => &$destblog
2860                         )
2861                 );
2862
2863                 // update comments table (cblog)
2864                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
2865                 $items = sql_query($query);
2866                 while ($oItem = mysql_fetch_object($items)) {
2867                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
2868                 }
2869
2870                 // update items (iblog)
2871                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;
2872                 sql_query($query);
2873
2874                 // move category
2875                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;
2876                 sql_query($query);
2877
2878                 $manager->notify(
2879                         'PostMoveCategory',
2880                         array(
2881                                 'catid' => &$catid,
2882                                 'sourceblog' => &$blog,
2883                                 'destblog' => $destblog
2884                         )
2885                 );
2886
2887         }
2888
2889         /**
2890          * @todo document this
2891          */
2892         function action_blogsettingsupdate() {
2893                 global $member, $manager;
2894
2895                 $blogid = intRequestVar('blogid');
2896
2897                 $member->blogAdminRights($blogid) or $this->disallow();
2898
2899                 $blog =& $manager->getBlog($blogid);
2900
2901                 $notify                 = trim(postVar('notify'));
2902                 $shortname              = trim(postVar('shortname'));
2903                 $updatefile             = trim(postVar('update'));
2904
2905                 $notifyComment  = intPostVar('notifyComment');
2906                 $notifyVote             = intPostVar('notifyVote');
2907                 $notifyNewItem  = intPostVar('notifyNewItem');
2908
2909                 if ($notifyComment == 0)        $notifyComment = 1;
2910                 if ($notifyVote == 0)           $notifyVote = 1;
2911                 if ($notifyNewItem == 0)        $notifyNewItem = 1;
2912
2913                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2914
2915
2916                 if ($notify) {
2917                         $not =& new NOTIFICATION($notify);
2918                         if (!$not->validAddresses())
2919                                 $this->error(_ERROR_BADNOTIFY);
2920
2921                 }
2922
2923                 if (!isValidShortName($shortname))
2924                         $this->error(_ERROR_BADSHORTBLOGNAME);
2925
2926                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))
2927                         $this->error(_ERROR_DUPSHORTBLOGNAME);
2928
2929                 // check if update file is writable
2930                 if ($updatefile && !is_writeable($updatefile))
2931                         $this->error(_ERROR_UPDATEFILE);
2932
2933                 $blog->setName(trim(postVar('name')));
2934                 $blog->setShortName($shortname);
2935                 $blog->setNotifyAddress($notify);
2936                 $blog->setNotifyType($notifyType);
2937                 $blog->setMaxComments(postVar('maxcomments'));
2938                 $blog->setCommentsEnabled(postVar('comments'));
2939                 $blog->setTimeOffset(postVar('timeoffset'));
2940                 $blog->setUpdateFile($updatefile);
2941                 $blog->setURL(trim(postVar('url')));
2942                 $blog->setDefaultSkin(intPostVar('defskin'));
2943                 $blog->setDescription(trim(postVar('desc')));
2944                 $blog->setPublic(postVar('public'));
2945                 $blog->setPingUserland(postVar('pinguserland'));
2946                 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2947                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
2948                 $blog->setDefaultCategory(intPostVar('defcat'));
2949                 $blog->setSearchable(intPostVar('searchable'));
2950                 $blog->setEmailRequired(intPostVar('reqemail'));
2951
2952                 $blog->writeSettings();
2953
2954                 // store plugin options
2955                 $aOptions = requestArray('plugoption');
2956                 NucleusPlugin::_applyPluginOptions($aOptions);
2957                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));
2958
2959
2960                 $this->action_overview(_MSG_SETTINGSCHANGED);
2961         }
2962
2963         /**
2964          * @todo document this
2965          */
2966         function action_deleteblog() {
2967                 global $member, $CONF, $manager;
2968
2969                 $blogid = intRequestVar('blogid');
2970
2971                 $member->blogAdminRights($blogid) or $this->disallow();
2972
2973                 // check if blog is default blog
2974                 if ($CONF['DefaultBlog'] == $blogid)
2975                         $this->error(_ERROR_DELDEFBLOG);
2976
2977                 $blog =& $manager->getBlog($blogid);
2978
2979                 $this->pagehead();
2980                 ?>
2981                         <h2><?php echo _DELETE_CONFIRM?></h2>
2982
2983                         <p><?php echo _WARNINGTXT_BLOGDEL?>
2984                         </p>
2985
2986                         <div>
2987                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>
2988                         </div>
2989
2990                         <form method="post" action="index.php"><div>
2991                         <input type="hidden" name="action" value="deleteblogconfirm" />
2992                         <?php $manager->addTicketHidden() ?>
2993                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2994                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2995                         </div></form>
2996                 <?php
2997                 $this->pagefoot();
2998         }
2999
3000         /**
3001          * @todo document this
3002          */
3003         function action_deleteblogconfirm() {
3004                 global $member, $CONF, $manager;
3005
3006                 $blogid = intRequestVar('blogid');
3007
3008                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));
3009
3010                 $member->blogAdminRights($blogid) or $this->disallow();
3011
3012                 // check if blog is default blog
3013                 if ($CONF['DefaultBlog'] == $blogid)
3014                         $this->error(_ERROR_DELDEFBLOG);
3015
3016                 // delete all comments
3017                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
3018                 sql_query($query);
3019
3020                 // delete all items
3021                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
3022                 sql_query($query);
3023
3024                 // delete all team members
3025                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
3026                 sql_query($query);
3027
3028                 // delete all bans
3029                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
3030                 sql_query($query);
3031
3032                 // delete all categories
3033                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
3034                 sql_query($query);
3035
3036                 // delete all associated plugin options
3037                 NucleusPlugin::_deleteOptionValues('blog', $blogid);
3038
3039                 // delete the blog itself
3040                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
3041                 sql_query($query);
3042
3043                 $manager->notify('PostDeleteBlog', array('blogid' => $blogid));
3044
3045                 $this->action_overview(_DELETED_BLOG);
3046         }
3047
3048         /**
3049          * @todo document this
3050          */
3051         function action_memberdelete() {
3052                 global $member, $manager;
3053
3054                 $memberid = intRequestVar('memberid');
3055
3056                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
3057
3058                 $mem = MEMBER::createFromID($memberid);
3059
3060                 $this->pagehead();
3061                 ?>
3062                         <h2><?php echo _DELETE_CONFIRM?></h2>
3063
3064                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b>
3065                         </p>
3066
3067                         <p>
3068                         Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)
3069                         </p>
3070
3071                         <form method="post" action="index.php"><div>
3072                         <input type="hidden" name="action" value="memberdeleteconfirm" />
3073                         <?php $manager->addTicketHidden() ?>
3074                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
3075                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
3076                         </div></form>
3077                 <?php
3078                 $this->pagefoot();
3079         }
3080
3081         /**
3082          * @todo document this
3083          */
3084         function action_memberdeleteconfirm() {
3085                 global $member;
3086
3087                 $memberid = intRequestVar('memberid');
3088
3089                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
3090
3091                 $error = $this->deleteOneMember($memberid);
3092                 if ($error)
3093                         $this->error($error);
3094
3095                 if ($member->isAdmin())
3096                         $this->action_usermanagement();
3097                 else
3098                         $this->action_overview(_DELETED_MEMBER);
3099         }
3100
3101         /**
3102          * @static
3103          * @todo document this
3104          */
3105         function deleteOneMember($memberid) {
3106                 global $manager;
3107
3108                 $memberid = intval($memberid);
3109                 $mem = MEMBER::createFromID($memberid);
3110
3111                 if (!$mem->canBeDeleted())
3112                         return _ERROR_DELETEMEMBER;
3113
3114                 $manager->notify('PreDeleteMember', array('member' => &$mem));
3115
3116                 /* unlink comments from memberid */
3117                 $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. addslashes($mem->getDisplayName())
3118                                         .'" WHERE cmember='.$memberid;
3119                 sql_query($query);
3120
3121                 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;
3122                 sql_query($query);
3123
3124                 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;
3125                 sql_query($query);
3126
3127                 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;
3128                 sql_query($query);
3129
3130                 // delete all associated plugin options
3131                 NucleusPlugin::_deleteOptionValues('member', $memberid);
3132
3133                 $manager->notify('PostDeleteMember', array('member' => &$mem));
3134
3135                 return '';
3136         }
3137
3138         /**
3139          * @todo document this
3140          */
3141         function action_createnewlog() {
3142                 global $member, $CONF, $manager;
3143
3144                 // Only Super-Admins can do this
3145                 $member->isAdmin() or $this->disallow();
3146
3147                 $this->pagehead();
3148
3149                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
3150                 ?>
3151                 <h2><?php echo _EBLOG_CREATE_TITLE?></h2>
3152
3153                 <h3>注意事項</h3>
3154