OSDN Git Service

merged 3.3 beta1
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php
2 /*
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4  * Copyright (C) 2002-2006 The Nucleus Group
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2
9  * of the License, or (at your option) any later version.
10  * (see nucleus/documentation/index.html#license for more info)
11  */
12 /**
13  * The code for the Nucleus admin area
14  *
15  * @license http://nucleuscms.org/license.txt GNU General Public License
16  * @copyright Copyright (C) 2002-2006 The Nucleus Group
17  * @version $Id: ADMIN.php,v 1.7 2006-07-12 07:11:47 kimitake Exp $
18  */
19
20 class ADMIN {
21
22         // action currently being executed ($action=xxxx -> action_xxxx method)
23         var $action;
24
25         function ADMIN() {
26
27         }
28
29         /**
30           * Executes an action
31           *
32           * @param $action
33           *             action to be performed
34           */
35         function action($action) {
36                 global $CONF, $manager;
37
38                 // list of action aliases
39                 $alias = array(
40                         'login' => 'overview',
41                         '' => 'overview'
42                 );
43
44                 if ($alias[$action])
45                         $action = $alias[$action];
46
47                 $methodName = 'action_' . $action;
48
49                 $this->action = strtolower($action);
50
51                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
52                 // is an action that requires user interaction before something is actually done)
53                 // all safe actions are in this array:
54                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');
55 /*
56                 // the rest of the actions needs to be checked
57                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
58 */
59                 if (!in_array($this->action, $aActionsNotToCheck))
60                 {
61                         if (!$manager->checkTicket())
62                                 $this->error(_ERROR_BADTICKET);
63                 }
64
65                 if (method_exists($this, $methodName))
66                         call_user_func(array(&$this, $methodName));
67                 else
68                         $this->error(_BADACTION . " ($action)");
69
70         }
71
72
73         function action_showlogin() {
74                 global $error;
75                 $this->action_login($error);
76         }
77
78         function action_login($msg = '', $passvars = 1) {
79                 global $member;
80
81                 // skip to overview when allowed
82                 if ($member->isLoggedIn() && $member->canLogin()) {
83                         $this->action_overview();
84                         exit;
85                 }
86
87                 $this->pagehead();
88
89                 echo '<h2>', _LOGIN ,'</h2>';
90                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);
91                 ?>
92
93                 <form action="index.php" method="post"><p>
94                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />
95                 <br />
96                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />
97                 <br />
98                 <input name="action" value="login" type="hidden" />
99                 <br />
100                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />
101                 <br />
102                 <small>
103                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>
104                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>
105                 </small>
106                 <?php                   // pass through vars
107
108                         $oldaction = postVar('oldaction');
109                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {
110                                 passRequestVars();
111                         }
112
113
114                 ?>
115                 </p></form>
116                 <?php           $this->pagefoot();
117         }
118
119
120         /**
121           * provides a screen with the overview of the actions available
122           */
123         function action_overview($msg = '') {
124                 global $member;
125
126                 $this->pagehead();
127
128                 if ($msg)
129                         echo _MESSAGE , ': ', $msg;
130
131                 /* ---- add items ---- */
132                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';
133
134                 $showAll = requestVar('showall');
135
136                 if (($member->isAdmin()) && ($showAll == 'yes')) {
137                         // Super-Admins have access to all blogs! (no add item support though)
138                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'
139                                    . ' FROM ' . sql_table('blog')
140                                    . ' ORDER BY bname';
141                 } else {
142                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'
143                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
144                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()
145                                    . ' ORDER BY bname';
146                 }
147                 $template['content'] = 'bloglist';
148                 $template['superadmin'] = $member->isAdmin();
149                 $amount = showlist($query,'table',$template);
150
151                 if (($showAll != 'yes') && ($member->isAdmin())) {
152                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));
153                         if ($total > $amount)
154                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';
155                 }
156
157                 if ($amount == 0)
158                         echo _OVERVIEW_NOBLOGS;
159
160                 if ($amount != 0) {
161                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';
162                         $query =  'SELECT ititle, inumber, bshortname'
163                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')
164                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';
165                         $template['content'] = 'draftlist';
166                         $amountdrafts = showlist($query, 'table', $template);
167                         if ($amountdrafts == 0)
168                                 echo _OVERVIEW_NODRAFTS;
169                 }
170
171                 /* ---- user settings ---- */
172                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';
173                 echo '<ul>';
174                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';
175                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';
176                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';
177                 echo '</ul>';
178
179                 /* ---- general settings ---- */
180                 if ($member->isAdmin()) {
181                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';
182                         echo '<ul>';
183                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';
184                         echo '</ul>';
185                 }
186
187
188                 $this->pagefoot();
189         }
190
191         // returns a link to a weblog (takes BLOG object as parameter)
192         function bloglink(&$blog) {
193                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';
194         }
195
196         function action_manage($msg = '') {
197                 global $member;
198
199                 $member->isAdmin() or $this->disallow();
200
201                 $this->pagehead();
202
203                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
204
205                 if ($msg)
206                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';
207
208
209                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';
210
211                 echo '<ul>';
212                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';
213                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';
214                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';
215                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';
216                 echo '</ul>';
217
218                 echo '<h2>' . _MANAGE_SKINS . '</h2>';
219                 echo '<ul>';
220                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';
221                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';
222                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';
223                 echo '</ul>';
224
225                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';
226                 echo '<ul>';
227                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';
228                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';
229                 echo '</ul>';
230
231                 $this->pagefoot();
232         }
233
234         function action_itemlist($blogid = '') {
235                 global $member, $manager;
236
237                 if ($blogid == '')
238                         $blogid = intRequestVar('blogid');
239
240                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
241
242                 $this->pagehead();
243                 $blog =& $manager->getBlog($blogid);
244
245                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
246                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';
247
248                 // start index
249                 if (postVar('start'))
250                         $start = intPostVar('start');
251                 else
252                         $start = 0;
253
254                 if ($start == 0)
255                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';
256
257                 // amount of items to show
258                 if (postVar('amount'))
259                         $amount = intPostVar('amount');
260                 else
261                         $amount = 10;
262
263                 $search = postVar('search');    // search through items
264
265                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
266                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
267                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
268
269                 if ($search)
270                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
271
272                 // non-blog-admins can only edit/delete their own items
273                 if (!$member->blogAdminRights($blogid))
274                         $query .= ' and iauthor=' . $member->getID();
275
276
277                 $query .= ' ORDER BY itime DESC'
278                                 . " LIMIT $start,$amount";
279
280                 $template['content'] = 'itemlist';
281                 $template['now'] = $blog->getCorrectTime(time());
282
283
284                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
285                 $navList->showBatchList('item',$query,'table',$template);
286
287
288                 $this->pagefoot();
289         }
290
291
292         function action_batchitem() {
293                 global $member, $manager;
294
295                 // check if logged in
296                 $member->isLoggedIn() or $this->disallow();
297
298                 // more precise check will be done for each performed operation
299
300                 // get array of itemids from request
301                 $selected = requestIntArray('batch');
302                 $action = requestVar('batchaction');
303
304                 // Show error when no items were selected
305                 if (!is_array($selected) || sizeof($selected) == 0)
306                         $this->error(_BATCH_NOSELECTION);
307
308                 // On move: when no destination blog/category chosen, show choice now
309                 $destCatid = intRequestVar('destcatid');
310                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))
311                         $this->batchMoveSelectDestination('item',$selected);
312
313                 // On delete: check if confirmation has been given
314                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
315                         $this->batchAskDeleteConfirmation('item',$selected);
316
317                 $this->pagehead();
318
319                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
320                 echo '<h2>',_BATCH_ITEMS,'</h2>';
321                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
322                 echo '<ul>';
323
324
325                 // walk over all itemids and perform action
326                 foreach ($selected as $itemid) {
327                         $itemid = intval($itemid);
328                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';
329
330                         // perform action, display errors if needed
331                         switch($action) {
332                                 case 'delete':
333                                         $error = $this->deleteOneItem($itemid);
334                                         break;
335                                 case 'move':
336                                         $error = $this->moveOneItem($itemid, $destCatid);
337                                         break;
338                                 default:
339                                         $error = _BATCH_UNKNOWN . $action;
340                         }
341
342                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
343                         echo '</li>';
344                 }
345
346                 echo '</ul>';
347                 echo '<b>',_BATCH_DONE,'</b>';
348
349                 $this->pagefoot();
350
351
352         }
353
354         function action_batchcomment() {
355                 global $member;
356
357                 // check if logged in
358                 $member->isLoggedIn() or $this->disallow();
359
360                 // more precise check will be done for each performed operation
361
362                 // get array of itemids from request
363                 $selected = requestIntArray('batch');
364                 $action = requestVar('batchaction');
365
366                 // Show error when no items were selected
367                 if (!is_array($selected) || sizeof($selected) == 0)
368                         $this->error(_BATCH_NOSELECTION);
369
370                 // On delete: check if confirmation has been given
371                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
372                         $this->batchAskDeleteConfirmation('comment',$selected);
373
374                 $this->pagehead();
375
376                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
377                 echo '<h2>',_BATCH_COMMENTS,'</h2>';
378                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
379                 echo '<ul>';
380
381                 // walk over all itemids and perform action
382                 foreach ($selected as $commentid) {
383                         $commentid = intval($commentid);
384                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';
385
386                         // perform action, display errors if needed
387                         switch($action) {
388                                 case 'delete':
389                                         $error = $this->deleteOneComment($commentid);
390                                         break;
391                                 default:
392                                         $error = _BATCH_UNKNOWN . $action;
393                         }
394
395                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
396                         echo '</li>';
397                 }
398
399                 echo '</ul>';
400                 echo '<b>',_BATCH_DONE,'</b>';
401
402                 $this->pagefoot();
403
404
405         }
406
407         function action_batchmember() {
408                 global $member;
409
410                 // check if logged in and admin
411                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
412
413                 // get array of itemids from request
414                 $selected = requestIntArray('batch');
415                 $action = requestVar('batchaction');
416
417                 // Show error when no members selected
418                 if (!is_array($selected) || sizeof($selected) == 0)
419                         $this->error(_BATCH_NOSELECTION);
420
421                 // On delete: check if confirmation has been given
422                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
423                         $this->batchAskDeleteConfirmation('member',$selected);
424
425                 $this->pagehead();
426
427                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';
428                 echo '<h2>',_BATCH_MEMBERS,'</h2>';
429                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
430                 echo '<ul>';
431
432                 // walk over all itemids and perform action
433                 foreach ($selected as $memberid) {
434                         $memberid = intval($memberid);
435                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';
436
437                         // perform action, display errors if needed
438                         switch($action) {
439                                 case 'delete':
440                                         $error = $this->deleteOneMember($memberid);
441                                         break;
442                                 case 'setadmin':
443                                         // always succeeds
444                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
445                                         $error = '';
446                                         break;
447                                 case 'unsetadmin':
448                                         // there should always remain at least one super-admin
449                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
450                                         if (mysql_num_rows($r) < 2)
451                                                 $error = _ERROR_ATLEASTONEADMIN;
452                                         else
453                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
454                                         break;
455                                 default:
456                                         $error = _BATCH_UNKNOWN . $action;
457                         }
458
459                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
460                         echo '</li>';
461                 }
462
463                 echo '</ul>';
464                 echo '<b>',_BATCH_DONE,'</b>';
465
466                 $this->pagefoot();
467
468
469         }
470
471
472         function action_batchteam() {
473                 global $member;
474
475                 $blogid = intRequestVar('blogid');
476
477                 // check if logged in and admin
478                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
479
480                 // get array of itemids from request
481                 $selected = requestIntArray('batch');
482                 $action = requestVar('batchaction');
483
484                 // Show error when no members selected
485                 if (!is_array($selected) || sizeof($selected) == 0)
486                         $this->error(_BATCH_NOSELECTION);
487
488                 // On delete: check if confirmation has been given
489                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
490                         $this->batchAskDeleteConfirmation('team',$selected);
491
492                 $this->pagehead();
493
494                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';
495
496                 echo '<h2>',_BATCH_TEAM,'</h2>';
497                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
498                 echo '<ul>';
499
500                 // walk over all itemids and perform action
501                 foreach ($selected as $memberid) {
502                         $memberid = intval($memberid);
503                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';
504
505                         // perform action, display errors if needed
506                         switch($action) {
507                                 case 'delete':
508                                         $error = $this->deleteOneTeamMember($blogid, $memberid);
509                                         break;
510                                 case 'setadmin':
511                                         // always succeeds
512                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
513                                         $error = '';
514                                         break;
515                                 case 'unsetadmin':
516                                         // there should always remain at least one admin
517                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
518                                         if (mysql_num_rows($r) < 2)
519                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;
520                                         else
521                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
522                                         break;
523                                 default:
524                                         $error = _BATCH_UNKNOWN . $action;
525                         }
526
527                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
528                         echo '</li>';
529                 }
530
531                 echo '</ul>';
532                 echo '<b>',_BATCH_DONE,'</b>';
533
534                 $this->pagefoot();
535
536
537         }
538
539
540
541         function action_batchcategory() {
542                 global $member, $manager;
543
544                 // check if logged in
545                 $member->isLoggedIn() or $this->disallow();
546
547                 // more precise check will be done for each performed operation
548
549                 // get array of itemids from request
550                 $selected = requestIntArray('batch');
551                 $action = requestVar('batchaction');
552
553                 // Show error when no items were selected
554                 if (!is_array($selected) || sizeof($selected) == 0)
555                         $this->error(_BATCH_NOSELECTION);
556
557                 // On move: when no destination blog chosen, show choice now
558                 $destBlogId = intRequestVar('destblogid');
559                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
560                         $this->batchMoveCategorySelectDestination('category',$selected);
561
562                 // On delete: check if confirmation has been given
563                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
564                         $this->batchAskDeleteConfirmation('category',$selected);
565
566                 $this->pagehead();
567
568                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';
569                 echo '<h2>',BATCH_CATEGORIES,'</h2>';
570                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
571                 echo '<ul>';
572
573                 // walk over all itemids and perform action
574                 foreach ($selected as $catid) {
575                         $catid = intval($catid);
576                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';
577
578                         // perform action, display errors if needed
579                         switch($action) {
580                                 case 'delete':
581                                         $error = $this->deleteOneCategory($catid);
582                                         break;
583                                 case 'move':
584                                         $error = $this->moveOneCategory($catid, $destBlogId);
585                                         break;
586                                 default:
587                                         $error = _BATCH_UNKNOWN . $action;
588                         }
589
590                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
591                         echo '</li>';
592                 }
593
594                 echo '</ul>';
595                 echo '<b>',_BATCH_DONE,'</b>';
596
597                 $this->pagefoot();
598
599         }
600
601         function batchMoveSelectDestination($type, $ids) {
602                 global $manager;
603                 $this->pagehead();
604                 ?>
605                 <h2><?php echo _MOVE_TITLE?></h2>
606                 <form method="post" action="index.php"><div>
607
608                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
609                         <input type="hidden" name="batchaction" value="move" />
610                         <?php
611                                 $manager->addTicketHidden();
612
613                                 // insert selected item numbers
614                                 $idx = 0;
615                                 foreach ($ids as $id)
616                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
617
618                                 // show blog/category selection list
619                                 $this->selectBlogCategory('destcatid');
620
621                         ?>
622
623
624                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />
625
626                 </div></form>
627                 <?php           $this->pagefoot();
628                 exit;
629         }
630
631         function batchMoveCategorySelectDestination($type, $ids) {
632                 global $manager;
633                 $this->pagehead();
634                 ?>
635                 <h2><?php echo _MOVECAT_TITLE?></h2>
636                 <form method="post" action="index.php"><div>
637
638                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
639                         <input type="hidden" name="batchaction" value="move" />
640                         <?php
641                                 $manager->addTicketHidden();
642
643                                 // insert selected item numbers
644                                 $idx = 0;
645                                 foreach ($ids as $id)
646                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
647
648                                 // show blog/category selection list
649                                 $this->selectBlog('destblogid');
650
651                         ?>
652
653
654                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />
655
656                 </div></form>
657                 <?php           $this->pagefoot();
658                 exit;
659         }
660
661         function batchAskDeleteConfirmation($type, $ids) {
662                 global $manager;
663
664                 $this->pagehead();
665                 ?>
666                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>
667                 <form method="post" action="index.php"><div>
668
669                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
670                         <?php $manager->addTicketHidden() ?>
671                         <input type="hidden" name="batchaction" value="delete" />
672                         <input type="hidden" name="confirmation" value="yes" />
673                         <?php                           // insert selected item numbers
674                                 $idx = 0;
675                                 foreach ($ids as $id)
676                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
677
678                                 // add hidden vars for team & comment
679                                 if ($type == 'team')
680                                 {
681                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';
682                                 }
683                                 if ($type == 'comment')
684                                 {
685                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';
686                                 }
687
688                         ?>
689
690                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />
691
692                 </div></form>
693                 <?php           $this->pagefoot();
694                 exit;
695         }
696
697
698         /**
699           * Inserts a HTML select element with choices for all categories to which the current
700           * member has access
701           */
702         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
703                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
704         }
705
706         /**
707           * Inserts a HTML select element with choices for all blogs to which the user has access
708           *             mode = 'blog' => shows blognames and values are blogids
709           *             mode = 'category' => show category names and values are catids
710           *
711           * @param $iForcedBlogInclude
712           *             ID of a blog that always needs to be included, without checking if the member is on the blog team (-1 = none)
713           */
714         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
715                 global $member, $CONF;
716
717                 // 0. get IDs of blogs to which member can post items (+ forced blog)
718                 $aBlogIds = array();
719                 if ($iForcedBlogInclude != -1)
720                         $aBlogIds[] = intval($iForcedBlogInclude);
721
722                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))
723                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
724                 else
725                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
726                 $rblogids = sql_query($queryBlogs);
727                 while ($o = mysql_fetch_object($rblogids))
728                         if ($o->bnumber != $iForcedBlogInclude)
729                                 $aBlogIds[] = intval($o->bnumber);
730
731                 if (count($aBlogIds) == 0)
732                         return;
733
734                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';
735
736                 // 1. select blogs (we'll create optiongroups)
737                 // (only select those blogs that have the user on the team)
738                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';
739                 $blogs = sql_query($queryBlogs);
740                 if ($mode == 'category') {
741                         if (mysql_num_rows($blogs) > 1)
742                                 $multipleBlogs = 1;
743
744                         while ($oBlog = mysql_fetch_object($blogs)) {
745                                 if ($multipleBlogs)
746                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';
747
748                                 // show selection to create new category when allowed/wanted
749                                 if ($showNewCat) {
750                                         // check if allowed to do so
751                                         if ($member->blogAdminRights($oBlog->bnumber))
752                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';
753                                 }
754
755                                 // 2. for each category in that blog
756                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');
757                                 while ($oCat = mysql_fetch_object($categories)) {
758                                         if ($oCat->catid == $selected)
759                                                 $selectText = ' selected="selected" ';
760                                         else
761                                                 $selectText = '';
762                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';
763                                 }
764
765                                 if ($multipleBlogs)
766                                         echo '</optgroup>';
767                         }
768                 } else {
769                         // blog mode
770                         while ($oBlog = mysql_fetch_object($blogs)) {
771                                 echo '<option value="',$oBlog->bnumber,'"';
772                                 if ($oBlog->bnumber == $selected)
773                                         echo ' selected="selected"';
774                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';
775                         }
776                 }
777                 echo '</select>';
778
779         }
780
781         function action_browseownitems() {
782                 global $member;
783
784                 $this->pagehead();
785
786                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
787                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';
788
789                 // start index
790                 if (postVar('start'))
791                         $start = postVar('start');
792                 else
793                         $start = 0;
794
795                 // amount of items to show
796                 if (postVar('amount'))
797                         $amount = postVar('amount');
798                 else
799                         $amount = 10;
800
801                 $search = postVar('search');    // search through items
802
803                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
804                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
805                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
806
807                 if ($search)
808                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
809
810                 $query .= ' ORDER BY itime DESC'
811                                 . " LIMIT $start,$amount";
812
813                 $template['content'] = 'itemlist';
814                 $template['now'] = time();
815
816                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);
817                 $navList->showBatchList('item',$query,'table',$template);
818
819                 $this->pagefoot();
820
821         }
822
823         /**
824           * Show all the comments for a given item
825           */
826         function action_itemcommentlist($itemid = '') {
827                 global $member;
828
829                 if ($itemid == '')
830                         $itemid = intRequestVar('itemid');
831
832                 // only allow if user is allowed to alter item
833                 $member->canAlterItem($itemid) or $this->disallow();
834
835                 $blogid = getBlogIdFromItemId($itemid);
836
837                 $this->pagehead();
838
839                 // start index
840                 if (postVar('start'))
841                         $start = postVar('start');
842                 else
843                         $start = 0;
844
845                 // amount of items to show
846                 if (postVar('amount'))
847                         $amount = postVar('amount');
848                 else
849                         $amount = 10;
850
851                 $search = postVar('search');
852
853                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';
854                 echo '<h2>',_COMMENTS,'</h2>';
855
856                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;
857
858                 if ($search)
859                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
860
861                 $query .= ' ORDER BY ctime ASC'
862                                 . " LIMIT $start,$amount";
863
864                 $template['content'] = 'commentlist';
865                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
866
867                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
868                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
869
870                 $this->pagefoot();
871         }
872
873         /**
874           * Browse own comments
875           */
876         function action_browseowncomments() {
877                 global $member;
878
879                 // start index
880                 if (postVar('start'))
881                         $start = postVar('start');
882                 else
883                         $start = 0;
884
885                 // amount of items to show
886                 if (postVar('amount'))
887                         $amount = postVar('amount');
888                 else
889                         $amount = 10;
890
891                 $search = postVar('search');
892
893
894                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
895
896                 if ($search)
897                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
898
899                 $query .= ' ORDER BY ctime DESC'
900                                 . " LIMIT $start,$amount";
901
902                 $this->pagehead();
903
904                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
905                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';
906
907                 $template['content'] = 'commentlist';
908                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself
909
910                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
911                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
912
913                 $this->pagefoot();
914         }
915
916         /**
917           * Browse all comments for a weblog
918           */
919         function action_blogcommentlist($blogid = '')
920         {
921                 global $member, $manager;
922
923                 if ($blogid == '')
924                         $blogid = intRequestVar('blogid');
925                 else
926                         $blogid = intval($blogid);
927
928                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
929
930                 // start index
931                 if (postVar('start'))
932                         $start = postVar('start');
933                 else
934                         $start = 0;
935
936                 // amount of items to show
937                 if (postVar('amount'))
938                         $amount = postVar('amount');
939                 else
940                         $amount = 10;
941
942                 $search = postVar('search');            // search through comments
943
944
945                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
946
947                 if ($search != '')
948                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
949
950
951                 $query .= ' ORDER BY ctime DESC'
952                                 . " LIMIT $start,$amount";
953
954
955                 $blog =& $manager->getBlog($blogid);
956
957                 $this->pagehead();
958
959                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
960                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';
961
962                 $template['content'] = 'commentlist';
963                 $template['canAddBan'] = $member->blogAdminRights($blogid);
964
965                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
966                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
967
968                 $this->pagefoot();
969         }
970
971         /**
972           * Provide a page to item a new item to the given blog
973           */
974         function action_createitem() {
975                 global $member, $manager;
976
977                 $blogid = intRequestVar('blogid');
978
979                 // check if allowed
980                 $member->teamRights($blogid) or $this->disallow();
981
982                 $memberid = $member->getID();
983
984                 $blog =& $manager->getBlog($blogid);
985
986                 $this->pagehead();
987
988                 // generate the add-item form
989                 $formfactory =& new PAGEFACTORY($blogid);
990                 $formfactory->createAddForm('admin');
991
992                 $this->pagefoot();
993         }
994
995         function action_itemedit() {
996                 global $member, $manager;
997
998                 $itemid = intRequestVar('itemid');
999
1000                 // only allow if user is allowed to alter item
1001                 $member->canAlterItem($itemid) or $this->disallow();
1002
1003                 $item =& $manager->getItem($itemid,1,1);
1004                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
1005
1006                 $manager->notify('PrepareItemForEdit', array('item' => &$item));
1007
1008                 if ($blog->convertBreaks()) {
1009                         $item['body'] = removeBreaks($item['body']);
1010                         $item['more'] = removeBreaks($item['more']);
1011                 }
1012
1013                 // form to edit blog items
1014                 $this->pagehead();
1015                 $formfactory =& new PAGEFACTORY($blog->getID());
1016                 $formfactory->createEditForm('admin',$item);
1017                 $this->pagefoot();
1018         }
1019
1020         function action_itemupdate() {
1021                 global $member, $manager, $CONF;
1022
1023                 $itemid = intRequestVar('itemid');
1024                 $catid = postVar('catid');
1025
1026                 // only allow if user is allowed to alter item
1027                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1028
1029                 $actiontype = postVar('actiontype');
1030
1031                 // delete actions are handled by itemdelete (which has confirmation)
1032                 if ($actiontype == 'delete') {
1033                         $this->action_itemdelete();
1034                         return;
1035                 }
1036
1037                 $body   = postVar('body');
1038                 $title  = postVar('title');
1039                 $more   = postVar('more');
1040                 $closed = intPostVar('closed');
1041
1042                 // default action = add now
1043                 if (!$actiontype)
1044                         $actiontype='addnow';
1045
1046                 // create new category if needed
1047                 if (strstr($catid,'newcat')) {
1048                         // get blogid
1049                         list($blogid) = sscanf($catid,"newcat-%d");
1050
1051                         // create
1052                         $blog =& $manager->getBlog($blogid);
1053                         $catid = $blog->createNewCategory();
1054
1055                         // show error when sth goes wrong
1056                         if (!$catid)
1057                                 $this->doError(_ERROR_CATCREATEFAIL);
1058                 }
1059
1060                 /*
1061                         set some variables based on actiontype
1062
1063                         actiontypes:
1064                                 draft items -> addnow, addfuture, adddraft, delete
1065                                 non-draft items -> edit, changedate, delete
1066
1067                         variables set:
1068                                 $timestamp: set to a nonzero value for future dates or date changes
1069                                 $wasdraft: set to 1 when the item used to be a draft item
1070                                 $publish: set to 1 when the edited item is not a draft
1071                 */
1072                 switch ($actiontype) {
1073                         case 'adddraft':
1074                                 $publish = 0;
1075                                 $wasdraft = 1;
1076                                 $timestamp = 0;
1077                                 break;
1078                         case 'addfuture':
1079                                 $wasdraft = 1;
1080                                 $publish = 1;
1081                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1082                                 break;
1083                         case 'addnow':
1084                                 $wasdraft = 1;
1085                                 $publish = 1;
1086                                 $timestamp = 0;
1087                                 break;
1088                         case 'changedate':
1089                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1090                                 $publish = 1;
1091                                 $wasdraft = 0;
1092                                 break;
1093                         case 'edit':
1094                         default:
1095                                 $publish = 1;
1096                                 $wasdraft = 0;
1097                                 $timestamp = 0;
1098                 }
1099
1100                 // edit the item for real
1101                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
1102
1103                 $blogid = getBlogIDFromItemID($itemid);
1104                 $blog =& $manager->getBlog($blogid);
1105                 if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {
1106                         $this->action_sendping($blogid);
1107                         return;
1108                 }
1109
1110                 // show category edit window when we created a new category
1111                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
1112                 if ($catid != intPostVar('catid')) {
1113                         $this->action_categoryedit(
1114                                 $catid,
1115                                 $blog->getID(),
1116                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
1117                         );
1118                 } else {
1119                         // TODO: set start item correctly for itemlist
1120                         $this->action_itemlist(getBlogIDFromItemID($itemid));
1121                 }
1122         }
1123
1124         function action_itemdelete() {
1125                 global $member, $manager;
1126
1127                 $itemid = intRequestVar('itemid');
1128
1129                 // only allow if user is allowed to alter item
1130                 $member->canAlterItem($itemid) or $this->disallow();
1131
1132                 if (!$manager->existsItem($itemid,1,1))
1133                         $this->error(_ERROR_NOSUCHITEM);
1134
1135                 $item =& $manager->getItem($itemid,1,1);
1136                 $title = htmlspecialchars(strip_tags($item['title']));
1137                 $body = strip_tags($item['body']);
1138                 $body = htmlspecialchars(shorten($body,300,'...'));
1139
1140                 $this->pagehead();
1141                 ?>
1142                         <h2><?php echo _DELETE_CONFIRM?></h2>
1143
1144                         <p><?php echo _CONFIRMTXT_ITEM?></p>
1145
1146                         <div class="note">
1147                                 <b>"<?php echo  $title ?>"</b>
1148                                 <br />
1149                                 <?php echo $body?>
1150                         </div>
1151
1152                         <form method="post" action="index.php"><div>
1153                                 <input type="hidden" name="action" value="itemdeleteconfirm" />
1154                                 <?php $manager->addTicketHidden() ?>
1155                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1156                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />
1157                         </div></form>
1158                 <?php
1159                 $this->pagefoot();
1160         }
1161
1162         function action_itemdeleteconfirm() {
1163                 global $member;
1164
1165                 $itemid = intRequestVar('itemid');
1166
1167                 // only allow if user is allowed to alter item
1168                 $member->canAlterItem($itemid) or $this->disallow();
1169
1170                 // get blogid first
1171                 $blogid = getBlogIdFromItemId($itemid);
1172
1173                 // delete item (note: some checks will be performed twice)
1174                 $this->deleteOneItem($itemid);
1175
1176                 $this->action_itemlist($blogid);
1177         }
1178
1179         // deletes one item and returns error if something goes wrong
1180         function deleteOneItem($itemid) {
1181                 global $member, $manager;
1182
1183                 // only allow if user is allowed to alter item (also checks if itemid exists)
1184                 if (!$member->canAlterItem($itemid))
1185                         return _ERROR_DISALLOWED;
1186
1187                 $manager->loadClass('ITEM');
1188                 ITEM::delete($itemid);
1189         }
1190
1191         function action_itemmove() {
1192                 global $member, $manager;
1193
1194                 $itemid = intRequestVar('itemid');
1195
1196                 // only allow if user is allowed to alter item
1197                 $member->canAlterItem($itemid) or $this->disallow();
1198
1199                 $item =& $manager->getItem($itemid,1,1);
1200
1201                 $this->pagehead();
1202                 ?>
1203                         <h2><?php echo _MOVE_TITLE?></h2>
1204                         <form method="post" action="index.php"><div>
1205                                 <input type="hidden" name="action" value="itemmoveto" />
1206                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1207
1208                                 <?php
1209
1210                                         $manager->addTicketHidden();
1211                                         $this->selectBlogCategory('catid',$item['catid'],10,1);
1212                                 ?>
1213
1214                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />
1215                         </div></form>
1216                 <?php
1217                 $this->pagefoot();
1218         }
1219
1220         function action_itemmoveto() {
1221                 global $member, $manager;
1222
1223                 $itemid = intRequestVar('itemid');
1224                 $catid = requestVar('catid');
1225
1226                 // create new category if needed
1227                 if (strstr($catid,'newcat')) {
1228                         // get blogid
1229                         list($blogid) = sscanf($catid,'newcat-%d');
1230
1231                         // create
1232                         $blog =& $manager->getBlog($blogid);
1233                         $catid = $blog->createNewCategory();
1234
1235                         // show error when sth goes wrong
1236                         if (!$catid)
1237                                 $this->doError(_ERROR_CATCREATEFAIL);
1238                 }
1239
1240                 // only allow if user is allowed to alter item
1241                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1242
1243                 ITEM::move($itemid, $catid);
1244
1245                 if ($catid != intRequestVar('catid'))
1246                         $this->action_categoryedit($catid, $blog->getID());
1247                 else
1248                         $this->action_itemlist(getBlogIDFromCatID($catid));
1249         }
1250
1251         /**
1252           * Moves one item to a given category (category existance should be checked by caller)
1253           * errors are returned
1254           */
1255         function moveOneItem($itemid, $destCatid) {
1256                 global $member;
1257
1258                 // only allow if user is allowed to move item
1259                 if (!$member->canUpdateItem($itemid, $destCatid))
1260                         return _ERROR_DISALLOWED;
1261
1262                 ITEM::move($itemid, $destCatid);
1263         }
1264
1265         /**
1266           * Adds a item to the chosen blog
1267           */
1268         function action_additem() {
1269                 global $member, $manager, $CONF;
1270
1271                 $manager->loadClass('ITEM');
1272
1273                 $result = ITEM::createFromRequest();
1274
1275                 if ($result['status'] == 'error')
1276                         $this->error($result['message']);
1277
1278                 $blogid = getBlogIDFromItemID($result['itemid']);
1279                 $blog =& $manager->getBlog($blogid);
1280
1281                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
1282
1283                 if ($result['status'] == 'newcategory')
1284                         $this->action_categoryedit(
1285                                 $result['catid'],
1286                                 $blogid,
1287                                 $blog->pingUserland() ? $pingUrl : ''
1288                         );
1289                 elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())
1290                         $this->action_sendping($blogid);
1291                 else
1292                         $this->action_itemlist($blogid);
1293         }
1294
1295         /**
1296           * Shows a window that says we're about to ping weblogs.com.
1297           * immediately refresh to the real pinging page, which will
1298           * show an error, or redirect to the blog.
1299           *
1300           * @param $blogid ID of blog for which ping needs to be sent out
1301           */
1302         function action_sendping($blogid = -1) {
1303                 global $member, $manager;
1304
1305                 if ($blogid == -1)
1306                         $blogid = intRequestVar('blogid');
1307
1308                 $member->isLoggedIn() or $this->disallow();
1309
1310                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
1311
1312                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
1313                 ?>
1314                 <h2>Site Updated, Now pinging weblogs.com</h2>
1315
1316                 <p>
1317                         Pinging weblogs.com! This can a while...
1318                         <br />
1319                         When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.
1320                 </p>
1321
1322                 <p>
1323                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>
1324                 </p>
1325                 <?php           $this->pagefoot();
1326         }
1327
1328         // ping to Weblogs.com
1329         // sends the real ping (can take up to 10 seconds!)
1330         function action_rawping() {
1331                 global $manager;
1332                 // TODO: checks?
1333
1334                 $blogid = intRequestVar('blogid');
1335                 $blog =& $manager->getBlog($blogid);
1336
1337                 $result = $blog->sendUserlandPing();
1338
1339                 $this->pagehead();
1340
1341                 ?>
1342
1343                 <h2>Ping Results</h2>
1344
1345                 <p>The following message was returned by weblogs.com:</p>
1346
1347                 <div class='note'><?php echo  $result ?></div>
1348
1349                 <ul>
1350                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>
1351                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>
1352                 </ul>
1353
1354                 <?php           $this->pagefoot();
1355         }
1356
1357         /**
1358           * Allows to edit previously made comments
1359           */
1360         function action_commentedit() {
1361                 global $member, $manager;
1362
1363                 $commentid = intRequestVar('commentid');
1364
1365                 $member->canAlterComment($commentid) or $this->disallow();
1366
1367                 $comment = COMMENT::getComment($commentid);
1368
1369                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
1370
1371                 // change <br /> to \n
1372                 $comment['body'] = str_replace('<br />','',$comment['body']);
1373
1374                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);
1375
1376                 $this->pagehead();
1377
1378                 ?>
1379                 <h2><?php echo _EDITC_TITLE?></h2>
1380
1381                 <form action="index.php" method="post"><div>
1382
1383                 <input type="hidden" name="action" value="commentupdate" />
1384                 <?php $manager->addTicketHidden(); ?>
1385                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1386                 <table><tr>
1387                         <th colspan="2"><?php echo _EDITC_TITLE?></th>
1388                 </tr><tr>
1389                         <td><?php echo _EDITC_WHO?></td>
1390                         <td>
1391                         <?php                           if ($comment['member'])
1392                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";
1393                                 else
1394                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";
1395                         ?>
1396                         </td>
1397                 </tr><tr>
1398                         <td><?php echo _EDITC_WHEN?></td>
1399                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>
1400                 </tr><tr>
1401                         <td><?php echo _EDITC_HOST?></td>
1402                         <td><?php echo  $comment['host']; ?></td>
1403                 </tr><tr>
1404                         <td><?php echo _EDITC_TEXT?></td>
1405                         <td>
1406                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)
1407                                         echo $comment['body'];
1408                                 ?></textarea>
1409                         </td>
1410                 </tr><tr>
1411                         <td><?php echo _EDITC_EDIT?></td>
1412                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>
1413                 </tr></table>
1414
1415                 </div></form>
1416                 <?php
1417                 $this->pagefoot();
1418         }
1419
1420         function action_commentupdate() {
1421                 global $member, $manager;
1422
1423                 $commentid = intRequestVar('commentid');
1424
1425                 $member->canAlterComment($commentid) or $this->disallow();
1426
1427                 $body = postVar('body');
1428
1429                 // intercept words that are too long
1430                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
1431                         $this->error(_ERROR_COMMENT_LONGWORD);
1432
1433                 // check length
1434                 if (strlen($body)<3)
1435                         $this->error(_ERROR_COMMENT_NOCOMMENT);
1436                 if (strlen($body)>5000)
1437                         $this->error(_ERROR_COMMENT_TOOLONG);
1438
1439
1440                 // prepare body
1441                 $body = COMMENT::prepareBody($body);
1442
1443                 // call plugins
1444                 $manager->notify('PreUpdateComment',array('body' => &$body));
1445
1446                 $query =  'UPDATE '.sql_table('comment')
1447                            . " SET cbody='" .addslashes($body). "'"
1448                            . " WHERE cnumber=" . $commentid;
1449                 sql_query($query);
1450
1451                 // get itemid
1452                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
1453                 $o = mysql_fetch_object($res);
1454                 $itemid = $o->citem;
1455
1456                 if ($member->canAlterItem($itemid))
1457                         $this->action_itemcommentlist($itemid);
1458                 else
1459                         $this->action_browseowncomments();
1460
1461         }
1462
1463         function action_commentdelete() {
1464                 global $member, $manager;
1465
1466                 $commentid = intRequestVar('commentid');
1467
1468                 $member->canAlterComment($commentid) or $this->disallow();
1469
1470                 $comment = COMMENT::getComment($commentid);
1471
1472                 $body = strip_tags($comment['body']);
1473                 $body = htmlspecialchars(shorten($body, 300, '...'));
1474
1475                 if ($comment['member'])
1476                         $author = $comment['member'];
1477                 else
1478                         $author = $comment['user'];
1479
1480                 $this->pagehead();
1481                 ?>
1482
1483                         <h2><?php echo _DELETE_CONFIRM?></h2>
1484
1485                         <p><?php echo _CONFIRMTXT_COMMENT?></p>
1486
1487                         <div class="note">
1488                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>
1489                         <br />
1490                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>
1491                         </div>
1492
1493                         <form method="post" action="index.php"><div>
1494                                 <input type="hidden" name="action" value="commentdeleteconfirm" />
1495                                 <?php $manager->addTicketHidden() ?>
1496                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1497                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
1498                         </div></form>
1499                 <?php
1500                 $this->pagefoot();
1501         }
1502
1503         function action_commentdeleteconfirm() {
1504                 global $member;
1505
1506                 $commentid = intRequestVar('commentid');
1507
1508                 // get item id first
1509                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
1510                 $o = mysql_fetch_object($res);
1511                 $itemid = $o->citem;
1512
1513                 $error = $this->deleteOneComment($commentid);
1514                 if ($error)
1515                         $this->doError($error);
1516
1517                 if ($member->canAlterItem($itemid))
1518                         $this->action_itemcommentlist($itemid);
1519                 else
1520                         $this->action_browseowncomments();
1521         }
1522
1523         function deleteOneComment($commentid) {
1524                 global $member, $manager;
1525
1526                 $commentid = intval($commentid);
1527
1528                 if (!$member->canAlterComment($commentid))
1529                         return _ERROR_DISALLOWED;
1530
1531                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));
1532
1533                 // delete the comments associated with the item
1534                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
1535                 sql_query($query);
1536
1537                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));
1538
1539                 return '';
1540         }
1541
1542         /**
1543           * Usermanagement main
1544           */
1545         function action_usermanagement() {
1546                 global $member, $manager;
1547
1548                 // check if allowed
1549                 $member->isAdmin() or $this->disallow();
1550
1551                 $this->pagehead();
1552
1553                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
1554
1555                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';
1556
1557                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';
1558
1559                 // show list of members with actions
1560                 $query =  'SELECT *'
1561                            . ' FROM '.sql_table('member');
1562                 $template['content'] = 'memberlist';
1563                 $template['tabindex'] = 10;
1564
1565                 $batch =& new BATCH('member');
1566                 $batch->showlist($query,'table',$template);
1567
1568                 echo '<h3>' . _MEMBERS_NEW .'</h3>';
1569                 ?>
1570                         <form method="post" action="index.php"><div>
1571
1572                         <input type="hidden" name="action" value="memberadd" />
1573                         <?php $manager->addTicketHidden() ?>
1574
1575                         <table>
1576                         <tr>
1577                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>
1578                         </tr><tr>
1579                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1580                                         <br /><small>(This is the name used to logon)</small>
1581                                 </td>
1582                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
1583                         </tr><tr>
1584                                 <td><?php echo _MEMBERS_REALNAME?></td>
1585                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>
1586                         </tr><tr>
1587                                 <td><?php echo _MEMBERS_PWD?></td>
1588                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>
1589                         </tr><tr>
1590                                 <td><?php echo _MEMBERS_REPPWD?></td>
1591                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>
1592                         </tr><tr>
1593                                 <td><?php echo _MEMBERS_EMAIL?></td>
1594                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>
1595                         </tr><tr>
1596                                 <td><?php echo _MEMBERS_URL?></td>
1597                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>
1598                         </tr><tr>
1599                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1600                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>
1601                         </tr><tr>
1602                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1603                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>
1604                         </tr><tr>
1605                                 <td><?php echo _MEMBERS_NOTES?></td>
1606                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>
1607                         </tr><tr>
1608                                 <td><?php echo _MEMBERS_NEW?></td>
1609                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>
1610                         </tr></table>
1611
1612                         </div></form>
1613                 <?php
1614                 $this->pagefoot();
1615         }
1616
1617         /**
1618           * Edit member settings
1619           */
1620         function action_memberedit() {
1621                 $this->action_editmembersettings(intRequestVar('memberid'));
1622         }
1623         function action_editmembersettings($memberid = '') {
1624                 global $member, $manager, $CONF;
1625
1626                 if ($memberid == '')
1627                         $memberid = $member->getID();
1628
1629                 // check if allowed
1630                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1631
1632                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
1633                 $this->pagehead($extrahead);
1634
1635                 // show message to go back to member overview (only for admins)
1636                 if ($member->isAdmin())
1637                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';
1638                 else
1639                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';
1640
1641                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';
1642
1643                 $mem = MEMBER::createFromID($memberid);
1644
1645                 ?>
1646                 <form method="post" action="index.php"><div>
1647
1648                 <input type="hidden" name="action" value="changemembersettings" />
1649                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
1650                 <?php $manager->addTicketHidden() ?>
1651
1652                 <table><tr>
1653                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>
1654                 </tr><tr>
1655                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1656                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1657                         </td>
1658                         <td>
1659                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1660                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
1661                         <?php } else {
1662                                 echo htmlspecialchars($member->getDisplayName());
1663                            }
1664                         ?>
1665                         </td>
1666                 </tr><tr>
1667                         <td><?php echo _MEMBERS_REALNAME?></td>
1668                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>
1669                 </tr><tr>
1670                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1671                         <td><?php echo _MEMBERS_PWD?></td>
1672                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>
1673                 </tr><tr>
1674                         <td><?php echo _MEMBERS_REPPWD?></td>
1675                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>
1676                 <?php } ?>
1677                 </tr><tr>
1678                         <td><?php echo _MEMBERS_EMAIL?>
1679                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>
1680                         </td>
1681                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>
1682                 </tr><tr>
1683                         <td><?php echo _MEMBERS_URL?></td>
1684                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>
1685                 <?php // only allow to change this by super-admins
1686                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)
1687                    if ($member->isAdmin()) {
1688                 ?>
1689                         </tr><tr>
1690                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1691                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>
1692                         </tr><tr>
1693                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1694                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70); ?></td>
1695                 <?php } ?>
1696                 </tr><tr>
1697                         <td><?php echo _MEMBERS_NOTES?></td>
1698                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>
1699                 </tr><tr>
1700                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>
1701                         </td>
1702                         <td>
1703
1704                                 <select name="deflang" tabindex="85">
1705                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>
1706                                 <?php                           // show a dropdown list of all available languages
1707                                 global $DIR_LANG;
1708                                 $dirhandle = opendir($DIR_LANG);
1709                                 while ($filename = readdir($dirhandle)) {
1710                                         if (ereg("^(.*)\.php$",$filename,$matches)) {
1711                                                 $name = $matches[1];
1712                                                 echo "<option value='$name'";
1713                                                 if ($name == $mem->getLanguage())
1714                                                         echo " selected='selected'";
1715                                                 echo ">$name</option>";
1716                                         }
1717                                 }
1718                                 closedir($dirhandle);
1719
1720                                 ?>
1721                                 </select>
1722
1723                         </td>
1724                 </tr>
1725                 <?php
1726                         // plugin options
1727                         $this->_insertPluginOptions('member',$memberid);
1728                 ?>
1729                 <tr>
1730                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>
1731                 </tr><tr>
1732                         <td><?php echo _MEMBERS_EDIT?></td>
1733                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>
1734                 </tr></table>
1735
1736                 </div></form>
1737
1738                 <?php
1739                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
1740
1741                         $manager->notify(
1742                                 'MemberSettingsFormExtras',
1743                                 array(
1744                                         'member' => &$mem
1745                                 )
1746                         );
1747
1748                 $this->pagefoot();
1749         }
1750
1751
1752         function action_changemembersettings() {
1753                 global $member, $CONF, $manager;
1754
1755                 $memberid = intRequestVar('memberid');
1756
1757                 // check if allowed
1758                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1759
1760                 $name                   = trim(postVar('name'));
1761                 $realname               = trim(postVar('realname'));
1762                 $password               = postVar('password');
1763                 $repeatpassword = postVar('repeatpassword');
1764                 $email                  = postVar('email');
1765                 $url                    = postVar('url');
1766
1767                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
1768                 if (!eregi("^https?://", $url))
1769                         $url = "http://".$url;
1770
1771                 $admin                  = postVar('admin');
1772                 $canlogin               = postVar('canlogin');
1773                 $notes                  = postVar('notes');
1774                 $deflang                = postVar('deflang');
1775
1776                 $mem = MEMBER::createFromID($memberid);
1777
1778                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1779
1780                         if (!isValidDisplayName($name))
1781                                 $this->error(_ERROR_BADNAME);
1782
1783                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
1784                                 $this->error(_ERROR_NICKNAMEINUSE);
1785
1786                         if ($password != $repeatpassword)
1787                                 $this->error(_ERROR_PASSWORDMISMATCH);
1788
1789                         if ($password && (strlen($password) < 6))
1790                                 $this->error(_ERROR_PASSWORDTOOSHORT);
1791                 }
1792
1793                 if (!isValidMailAddress($email))
1794                         $this->error(_ERROR_BADMAILADDRESS);
1795
1796
1797                 if (!$realname)
1798                         $this->error(_ERROR_REALNAMEMISSING);
1799
1800                 if (($deflang != '') && (!checkLanguage($deflang)))
1801                         $this->error(_ERROR_NOSUCHLANGUAGE);
1802
1803                 // check if there will remain at least one site member with both the logon and admin rights
1804                 // (check occurs when taking away one of these rights from such a member)
1805                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())
1806                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1807                    )
1808                 {
1809                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1810                         if (mysql_num_rows($r) < 2)
1811                                 $this->error(_ERROR_ATLEASTONEADMIN);
1812                 }
1813
1814                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1815                         $mem->setDisplayName($name);
1816                         if ($password)
1817                                 $mem->setPassword($password);
1818                 }
1819
1820                 if ($newpass)
1821                         $mem->setPassword($password);
1822
1823                 $oldEmail = $mem->getEmail();
1824
1825                 $mem->setRealName($realname);
1826                 $mem->setEmail($email);
1827                 $mem->setURL($url);
1828                 $mem->setNotes($notes);
1829                 $mem->setLanguage($deflang);
1830
1831
1832                 // only allow super-admins to make changes to the admin status
1833                 if ($member->isAdmin()) {
1834                         $mem->setAdmin($admin);
1835                         $mem->setCanLogin($canlogin);
1836                 }
1837
1838
1839                 $mem->write();
1840
1841                 // if email changed, generate new password
1842                 if ($oldEmail != $mem->getEmail())
1843                 {
1844                         $mem->sendActivationLink('addresschange', $oldEmail);
1845                         // logout member
1846                         $mem->newCookieKey();
1847                         $member->logout();
1848                         $this->action_login(_MSG_ACTIVATION_SENT, 0);
1849                         return;
1850                 }
1851
1852
1853                 // store plugin options
1854                 $aOptions = requestArray('plugoption');
1855                 NucleusPlugin::_applyPluginOptions($aOptions);
1856                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
1857
1858                 if (  ( $mem->getID() == $member->getID() )
1859                    && ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) )
1860                    ) {
1861                         $mem->newCookieKey();
1862                         $member->logout();
1863                         $this->action_login(_MSG_LOGINAGAIN, 0);
1864                 } else {
1865                         $this->action_overview(_MSG_SETTINGSCHANGED);
1866                 }
1867         }
1868
1869         function action_memberadd() {
1870                 global $member;
1871
1872                 // check if allowed
1873                 $member->isAdmin() or $this->disallow();
1874
1875                 if (postVar('password') != postVar('repeatpassword'))
1876                         $this->error(_ERROR_PASSWORDMISMATCH);
1877                 if (strlen(postVar('password')) < 6)
1878                         $this->error(_ERROR_PASSWORDTOOSHORT);
1879
1880                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
1881                 if ($res != 1)
1882                         $this->error($res);
1883
1884                 $this->action_usermanagement();
1885         }
1886
1887         /**
1888          * Account activation
1889          *
1890          * @author dekarma
1891          */
1892         function action_activate() {
1893
1894                 $key = getVar('key');
1895                 $this->_showActivationPage($key);
1896         }
1897
1898         function _showActivationPage($key, $message = '')
1899         {
1900                 global $manager;
1901
1902                 // clean up old activation keys
1903                 MEMBER::cleanupActivationTable();
1904
1905                 // get activation info
1906                 $info = MEMBER::getActivationInfo($key);
1907
1908                 if (!$info)
1909                         $this->error(_ERROR_ACTIVATE);
1910
1911                 $mem = MEMBER::createFromId($info->vmember);
1912
1913                 if (!$mem)
1914                         $this->error(_ERROR_ACTIVATE);
1915
1916                 $text = '';
1917                 $title = '';
1918                 $bNeedsPasswordChange = true;
1919
1920                 switch ($info->vtype)
1921                 {
1922                         case 'forgot':
1923                                 $title = _ACTIVATE_FORGOT_TITLE;
1924                                 $text = _ACTIVATE_FORGOT_TEXT;
1925                                 break;
1926                         case 'register':
1927                                 $title = _ACTIVATE_REGISTER_TITLE;
1928                                 $text = _ACTIVATE_REGISTER_TEXT;
1929                                 break;
1930                         case 'addresschange':
1931                                 $title = _ACTIVATE_CHANGE_TITLE;
1932                                 $text = _ACTIVATE_CHANGE_TEXT;
1933                                 $bNeedsPasswordChange = false;
1934                                 MEMBER::activate($key);
1935                                 break;
1936                 }
1937
1938                 $aVars = array(
1939                         'memberName' => htmlspecialchars($mem->getDisplayName())
1940                 );
1941                 $title = TEMPLATE::fill($title, $aVars);
1942                 $text = TEMPLATE::fill($text, $aVars);
1943
1944                 $this->pagehead();
1945
1946                         echo '<h2>' , $title, '</h2>';
1947                         echo '<p>' , $text, '</p>';
1948
1949                         if ($message != '')
1950                         {
1951                                 echo '<p class="error">',$message,'</p>';
1952                         }
1953
1954                         if ($bNeedsPasswordChange)
1955                         {
1956                                 ?>
1957                                         <div><form action="index.php" method="post">
1958
1959                                                 <input type="hidden" name="action" value="activatesetpwd" />
1960                                                 <?php $manager->addTicketHidden() ?>
1961                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />
1962
1963                                                 <table><tr>
1964                                                         <td><?php echo _MEMBERS_PWD?></td>
1965                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>
1966                                                 </tr><tr>
1967                                                         <td><?php echo _MEMBERS_REPPWD?></td>
1968                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>
1969                                                 <?php
1970
1971                                                         global $manager;
1972                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));
1973
1974                                                 ?>
1975                                                 </tr><tr>
1976                                                         <td><?php echo _MEMBERS_SETPWD ?></td>
1977                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>
1978                                                 </tr></table>
1979
1980
1981                                         </form></div>
1982
1983                                 <?php
1984
1985                         }
1986
1987                 $this->pagefoot();
1988
1989         }
1990
1991         /**
1992          * Account activation - set password part
1993          *
1994          * @author dekarma
1995          */
1996         function action_activatesetpwd() {
1997
1998                 $key = postVar('key');
1999
2000                 // clean up old activation keys
2001                 MEMBER::cleanupActivationTable();
2002
2003                 // get activation info
2004                 $info = MEMBER::getActivationInfo($key);
2005
2006                 if (!$info || ($info->type == 'addresschange'))
2007                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2008
2009                 $mem = MEMBER::createFromId($info->vmember);
2010
2011                 if (!$mem)
2012                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2013
2014                 $password               = postVar('password');
2015                 $repeatpassword = postVar('repeatpassword');
2016
2017                 if ($password != $repeatpassword)
2018                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
2019
2020                 if ($password && (strlen($password) < 6))
2021                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
2022
2023                 $error = '';
2024                 global $manager;
2025                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
2026                 if ($error != '')
2027                         return $this->_showActivationPage($key, $error);
2028
2029
2030                 // set password
2031                 $mem->setPassword($password);
2032                 $mem->write();
2033
2034                 // do the activation
2035                 MEMBER::activate($key);
2036
2037                 $this->pagehead();
2038                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';
2039                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';
2040                 $this->pagefoot();
2041         }
2042
2043         /**
2044           * Manage team
2045           */
2046         function action_manageteam() {
2047                 global $member, $manager;
2048
2049                 $blogid = intRequestVar('blogid');
2050
2051                 // check if allowed
2052                 $member->blogAdminRights($blogid) or $this->disallow();
2053
2054                 $this->pagehead();
2055
2056                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2057
2058                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';
2059
2060                 echo '<h3>' . _TEAM_CURRENT . '</h3>';
2061
2062
2063
2064                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
2065                            . ' FROM '.sql_table('member').', '.sql_table('team')
2066                            . ' WHERE tmember=mnumber and tblog=' . $blogid;
2067
2068                 $template['content'] = 'teamlist';
2069                 $template['tabindex'] = 10;
2070
2071                 $batch =& new BATCH('team');
2072                 $batch->showlist($query, 'table', $template);
2073
2074                 ?>
2075                         <h3><?php echo _TEAM_ADDNEW?></h3>
2076
2077                         <form method='post' action='index.php'><div>
2078
2079                         <input type='hidden' name='action' value='teamaddmember' />
2080                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />
2081                         <?php $manager->addTicketHidden() ?>
2082
2083                         <table><tr>
2084                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>
2085                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed
2086                                         $query =  'SELECT mname as text, mnumber as value'
2087                                                    . ' FROM '.sql_table('member');
2088
2089                                         $template['name'] = 'memberid';
2090                                         $template['tabindex'] = 10000;
2091                                         showlist($query,'select',$template);
2092                                 ?></td>
2093                         </tr><tr>
2094                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>
2095                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>
2096                         </tr><tr>
2097                                 <td><?php echo _TEAM_ADD?></td>
2098                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>
2099                         </tr></table>
2100
2101                         </div></form>
2102                 <?php
2103                 $this->pagefoot();
2104         }
2105
2106         /**
2107           * Add member tot tram
2108           */
2109         function action_teamaddmember() {
2110                 global $member, $manager;
2111
2112                 $memberid = intPostVar('memberid');
2113                 $blogid = intPostVar('blogid');
2114                 $admin = intPostVar('admin');
2115
2116                 // check if allowed
2117                 $member->blogAdminRights($blogid) or $this->disallow();
2118
2119                 $blog =& $manager->getBlog($blogid);
2120                 if (!$blog->addTeamMember($memberid, $admin))
2121                         $this->error(_ERROR_ALREADYONTEAM);
2122
2123                 $this->action_manageteam();
2124
2125         }
2126
2127         function action_teamdelete() {
2128                 global $member, $manager;
2129
2130                 $memberid = intRequestVar('memberid');
2131                 $blogid = intRequestVar('blogid');
2132
2133                 // check if allowed
2134                 $member->blogAdminRights($blogid) or $this->disallow();
2135
2136                 $teammem = MEMBER::createFromID($memberid);
2137                 $blog =& $manager->getBlog($blogid);
2138
2139                 $this->pagehead();
2140                 ?>
2141                         <h2><?php echo _DELETE_CONFIRM?></h2>
2142
2143                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>
2144                         </p>
2145
2146
2147                         <form method="post" action="index.php"><div>
2148                         <input type="hidden" name="action" value="teamdeleteconfirm" />
2149                         <?php $manager->addTicketHidden() ?>
2150                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2151                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2152                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2153                         </div></form>
2154                 <?php
2155                 $this->pagefoot();
2156         }
2157
2158         function action_teamdeleteconfirm() {
2159                 global $member;
2160
2161                 $memberid = intRequestVar('memberid');
2162                 $blogid = intRequestVar('blogid');
2163
2164                 $error = $this->deleteOneTeamMember($blogid, $memberid);
2165                 if ($error)
2166                         $this->error($error);
2167
2168
2169                 $this->action_manageteam();
2170         }
2171
2172         function deleteOneTeamMember($blogid, $memberid) {
2173                 global $member, $manager;
2174
2175                 $blogid = intval($blogid);
2176                 $memberid = intval($memberid);
2177
2178                 // check if allowed
2179                 if (!$member->blogAdminRights($blogid))
2180                         return _ERROR_DISALLOWED;
2181
2182                 // check if: - there remains at least one blog admin
2183                 //           - (there remains at least one team member)
2184                 $tmem = MEMBER::createFromID($memberid);
2185
2186                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2187
2188                 if ($tmem->isBlogAdmin($blogid)) {
2189                         // check if there are more blog members left and at least one admin
2190                         // (check for at least two admins before deletion)
2191                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
2192                         $r = sql_query($query);
2193                         if (mysql_num_rows($r) < 2)
2194                                 return _ERROR_ATLEASTONEBLOGADMIN;
2195                 }
2196
2197                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
2198                 sql_query($query);
2199
2200                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
2201
2202                 return '';
2203         }
2204
2205         function action_teamchangeadmin() {
2206                 global $member;
2207
2208                 $blogid = intRequestVar('blogid');
2209                 $memberid = intRequestVar('memberid');
2210
2211                 // check if allowed
2212                 $member->blogAdminRights($blogid) or $this->disallow();
2213
2214                 $mem = MEMBER::createFromID($memberid);
2215
2216                 // don't allow when there is only one admin at this moment
2217                 if ($mem->isBlogAdmin($blogid)) {
2218                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
2219                         if (mysql_num_rows($r) == 1)
2220                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
2221                 }
2222
2223                 if ($mem->isBlogAdmin($blogid))
2224                         $newval = 0;
2225                 else
2226                         $newval = 1;
2227
2228                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
2229                 sql_query($query);
2230
2231                 // only show manageteam if member did not change its own admin privileges
2232                 if ($member->isBlogAdmin($blogid))
2233                         $this->action_manageteam();
2234                 else
2235                         $this->action_overview(_MSG_ADMINCHANGED);
2236         }
2237
2238         function action_blogsettings() {
2239                 global $member, $manager;
2240
2241                 $blogid = intRequestVar('blogid');
2242
2243                 // check if allowed
2244                 $member->blogAdminRights($blogid) or $this->disallow();
2245
2246                 $blog =& $manager->getBlog($blogid);
2247
2248                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2249                 $this->pagehead($extrahead);
2250
2251                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
2252                 ?>
2253                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>
2254
2255                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>
2256
2257                 <p>Members currently on your team:
2258                 <?php
2259                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));
2260                         $aMemberNames = array();
2261                         while ($o = mysql_fetch_object($res))
2262                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');
2263                         echo implode(',', $aMemberNames);
2264                 ?>
2265                 </p>
2266
2267
2268
2269                 <p>
2270                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>
2271                 </p>
2272
2273                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>
2274
2275                 <form method="post" action="index.php"><div>
2276
2277                 <input type="hidden" name="action" value="blogsettingsupdate" />
2278                 <?php $manager->addTicketHidden() ?>
2279                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2280                 <table><tr>
2281                         <td><?php echo _EBLOG_NAME?></td>
2282                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>
2283                 </tr><tr>
2284                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>
2285                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>
2286                         </td>
2287                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>
2288                 </tr><tr>
2289                         <td><?php echo _EBLOG_DESC?></td>
2290                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>
2291                 </tr><tr>
2292                         <td><?php echo _EBLOG_URL?></td>
2293                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>
2294                 </tr><tr>
2295                         <td><?php echo _EBLOG_DEFSKIN?>
2296                                 <?php help('blogdefaultskin'); ?>
2297                         </td>
2298                         <td>
2299                                 <?php
2300                                         $query =  'SELECT sdname as text, sdnumber as value'
2301                                                    . ' FROM '.sql_table('skin_desc');
2302                                         $template['name'] = 'defskin';
2303                                         $template['selected'] = $blog->getDefaultSkin();
2304                                         $template['tabindex'] = 50;
2305                                         showlist($query,'select',$template);
2306                                 ?>
2307
2308                         </td>
2309                 </tr><tr>
2310                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>
2311                         </td>
2312                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>
2313                 </tr><tr>
2314                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>
2315                         </td>
2316                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>
2317                 </tr><tr>
2318                         <td><?php echo _EBLOG_DISABLECOMMENTS?>
2319                         </td>
2320                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>
2321                 </tr><tr>
2322                         <td><?php echo _EBLOG_ANONYMOUS?>
2323                         </td>
2324                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>
2325                 </tr><tr>
2326                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>
2327                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
2328                 </tr><tr>
2329                         <td><?php echo _EBLOG_NOTIFY_ON?></td>
2330                         <td>
2331                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"
2332                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>
2333                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>
2334                                 <br />
2335                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"
2336                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>
2337                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>
2338                                 <br />
2339                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"
2340                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>
2341                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
2342                         </td>
2343                 </tr><tr>
2344                         <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>
2345                         <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>
2346                 </tr><tr>
2347                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
2348                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>
2349                 </tr><tr>
2350                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>
2351                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>
2352                 </tr><tr>
2353                         <td><?php echo _EBLOG_DEFCAT?></td>
2354                         <td>
2355                                 <?php
2356                                         $query =  'SELECT cname as text, catid as value'
2357                                                    . ' FROM '.sql_table('category')
2358                                                    . ' WHERE cblog=' . $blog->getID();
2359                                         $template['name'] = 'defcat';
2360                                         $template['selected'] = $blog->getDefaultCategory();
2361                                         $template['tabindex'] = 110;
2362                                         showlist($query,'select',$template);
2363                                 ?>
2364                         </td>
2365                 </tr><tr>
2366                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>
2367                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>
2368                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>
2369                                 </td>
2370                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>
2371                 </tr><tr>
2372                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>
2373                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>
2374                 </tr>
2375                 <?php
2376                         // plugin options
2377                         $this->_insertPluginOptions('blog',$blogid);
2378                 ?>
2379                 <tr>
2380                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>
2381                 </tr><tr>
2382                         <td><?php echo _EBLOG_CHANGE?></td>
2383                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>
2384                 </tr></table>
2385
2386                 </div></form>
2387
2388                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>
2389
2390
2391                 <?php
2392                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';
2393                 $template['content'] = 'categorylist';
2394                 $template['tabindex'] = 200;
2395
2396                 $batch =& new BATCH('category');
2397                 $batch->showlist($query,'table',$template);
2398
2399                 ?>
2400
2401
2402                 <form action="index.php" method="post"><div>
2403                 <input name="action" value="categorynew" type="hidden" />
2404                 <?php $manager->addTicketHidden() ?>
2405                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />
2406
2407                 <table><tr>
2408                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>
2409                 </tr><tr>
2410                         <td><?php echo _EBLOG_CAT_NAME?></td>
2411                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>
2412                 </tr><tr>
2413                         <td><?php echo _EBLOG_CAT_DESC?></td>
2414                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>
2415                 </tr><tr>
2416                         <td><?php echo _EBLOG_CAT_CREATE?></td>
2417                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>
2418                 </tr></table>
2419
2420                 </div></form>
2421
2422                 <?php
2423
2424                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
2425
2426                         $manager->notify(
2427                                 'BlogSettingsFormExtras',
2428                                 array(
2429                                         'blog' => &$blog
2430                                 )
2431                         );
2432
2433                 $this->pagefoot();
2434         }
2435
2436         function action_categorynew() {
2437                 global $member, $manager;
2438
2439                 $blogid = intRequestVar('blogid');
2440
2441                 $member->blogAdminRights($blogid) or $this->disallow();
2442
2443                 $cname = postVar('cname');
2444                 $cdesc = postVar('cdesc');
2445
2446                 if (!isValidCategoryName($cname))
2447                         $this->error(_ERROR_BADCATEGORYNAME);
2448
2449                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
2450                 $res = sql_query($query);
2451                 if (mysql_num_rows($res) > 0)
2452                         $this->error(_ERROR_DUPCATEGORYNAME);
2453
2454                 $blog           =& $manager->getBlog($blogid);
2455                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);
2456
2457                 $this->action_blogsettings();
2458         }
2459
2460
2461         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
2462                 global $member, $manager;
2463
2464                 if ($blogid == '')
2465                         $blogid = intGetVar('blogid');
2466                 else
2467                         $blogid = intval($blogid);
2468                 if ($catid == '')
2469                         $catid = intGetVar('catid');
2470                 else
2471                         $catid = intval($catid);
2472
2473                 $member->blogAdminRights($blogid) or $this->disallow();
2474
2475                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
2476                 $obj = mysql_fetch_object($res);
2477
2478                 $cname = $obj->cname;
2479                 $cdesc = $obj->cdesc;
2480
2481                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2482                 $this->pagehead($extrahead);
2483
2484                 ?>
2485                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>
2486                 <form method='post' action='index.php'><div>
2487                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />
2488                 <input name="catid" type="hidden" value="<?php echo $catid?>" />
2489                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />
2490                 <input name="action" type="hidden" value="categoryupdate" />
2491                 <?php $manager->addTicketHidden(); ?>
2492
2493                 <table><tr>
2494                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2495                 </tr><tr>
2496                         <td><?php echo _EBLOG_CAT_NAME?></td>
2497                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>
2498                 </tr><tr>
2499                         <td><?php echo _EBLOG_CAT_DESC?></td>
2500                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>
2501                 </tr>
2502                 <?php
2503                         // insert plugin options
2504                         $this->_insertPluginOptions('category',$catid);
2505                 ?>
2506                 <tr>
2507                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2508                 </tr><tr>
2509                         <td><?php echo _EBLOG_CAT_UPDATE?></td>
2510                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>
2511                 </tr></table>
2512
2513                 </div></form>
2514                 <?php
2515                 $this->pagefoot();
2516         }
2517
2518
2519         function action_categoryupdate() {
2520                 global $member, $manager;
2521
2522                 $blogid = intPostVar('blogid');
2523                 $catid = intPostVar('catid');
2524                 $cname = postVar('cname');
2525                 $cdesc = postVar('cdesc');
2526                 $desturl = postVar('desturl');
2527
2528                 $member->blogAdminRights($blogid) or $this->disallow();
2529
2530                 if (!isValidCategoryName($cname))
2531                         $this->error(_ERROR_BADCATEGORYNAME);
2532
2533                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
2534                 $res = sql_query($query);
2535                 if (mysql_num_rows($res) > 0)
2536                         $this->error(_ERROR_DUPCATEGORYNAME);
2537
2538                 $query =  'UPDATE '.sql_table('category').' SET'
2539                            . " cname='" . addslashes($cname) . "',"
2540                            . " cdesc='" . addslashes($cdesc) . "'"
2541                            . " WHERE catid=" . $catid;
2542
2543                 sql_query($query);
2544
2545                 // store plugin options
2546                 $aOptions = requestArray('plugoption');
2547                 NucleusPlugin::_applyPluginOptions($aOptions);
2548                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
2549
2550
2551                 if ($desturl) {
2552                         redirect($desturl);
2553                         exit;
2554                 } else {
2555                         $this->action_blogsettings();
2556                 }
2557         }
2558
2559         function action_categorydelete() {
2560                 global $member, $manager;
2561
2562                 $blogid = intRequestVar('blogid');
2563                 $catid = intRequestVar('catid');
2564
2565                 $member->blogAdminRights($blogid) or $this->disallow();
2566
2567                 $blog =& $manager->getBlog($blogid);
2568
2569                 // check if the category is valid
2570                 if (!$blog->isValidCategory($catid))
2571                         $this->error(_ERROR_NOSUCHCATEGORY);
2572
2573                 // don't allow deletion of default category
2574                 if ($blog->getDefaultCategory() == $catid)
2575                         $this->error(_ERROR_DELETEDEFCATEGORY);
2576
2577                 // check if catid is the only category left for blogid
2578                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2579                 $res = sql_query($query);
2580                 if (mysql_num_rows($res) == 1)
2581                         $this->error(_ERROR_DELETELASTCATEGORY);
2582
2583
2584                 $this->pagehead();
2585                 ?>
2586                         <h2><?php echo _DELETE_CONFIRM?></h2>
2587
2588                         <div>
2589                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  $blog->getCategoryName($catid)?></b>
2590                         </div>
2591
2592                         <form method="post" action="index.php"><div>
2593                         <input type="hidden" name="action" value="categorydeleteconfirm" />
2594                         <?php $manager->addTicketHidden() ?>
2595                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />
2596                         <input type="hidden" name="catid" value="<?php echo $catid?>" />
2597                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2598                         </div></form>
2599                 <?php
2600                 $this->pagefoot();
2601         }
2602
2603         function action_categorydeleteconfirm() {
2604                 global $member, $manager;
2605
2606                 $blogid = intRequestVar('blogid');
2607                 $catid = intRequestVar('catid');
2608
2609                 $member->blogAdminRights($blogid) or $this->disallow();
2610
2611                 $error = $this->deleteOneCategory($catid);
2612                 if ($error)
2613                         $this->error($error);
2614
2615                 $this->action_blogsettings();
2616         }
2617
2618         function deleteOneCategory($catid) {
2619                 global $manager, $member;
2620
2621                 $catid = intval($catid);
2622
2623                 $manager->notify('PreDeleteCategory', array('catid' => $catid));
2624
2625                 $blogid = getBlogIDFromCatID($catid);
2626
2627                 if (!$member->blogAdminRights($blogid))
2628                         return ERROR_DISALLOWED;
2629
2630                 // get blog
2631                 $blog =& $manager->getBlog($blogid);
2632
2633                 // check if the category is valid
2634                 if (!$blog || !$blog->isValidCategory($catid))
2635                         return _ERROR_NOSUCHCATEGORY;
2636
2637                 $destcatid = $blog->getDefaultCategory();
2638
2639                 // don't allow deletion of default category
2640                 if ($blog->getDefaultCategory() == $catid)
2641                         return _ERROR_DELETEDEFCATEGORY;
2642
2643                 // check if catid is the only category left for blogid
2644                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2645                 $res = sql_query($query);
2646                 if (mysql_num_rows($res) == 1)
2647                         return _ERROR_DELETELASTCATEGORY;
2648
2649                 // change category for all items to the default category
2650                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
2651                 sql_query($query);
2652
2653                 // delete all associated plugin options
2654                 NucleusPlugin::_deleteOptionValues('category', $catid);
2655
2656                 // delete category
2657                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
2658                 sql_query($query);
2659
2660                 $manager->notify('PostDeleteCategory', array('catid' => $catid));
2661
2662         }
2663
2664         function moveOneCategory($catid, $destblogid) {
2665                 global $manager, $member;
2666
2667                 $catid = intval($catid);
2668                 $destblogid = intval($destblogid);
2669
2670                 $blogid = getBlogIDFromCatID($catid);
2671
2672                 // mover should have admin rights on both blogs
2673                 if (!$member->blogAdminRights($blogid))
2674                         return _ERROR_DISALLOWED;
2675                 if (!$member->blogAdminRights($destblogid))
2676                         return _ERROR_DISALLOWED;
2677
2678                 // cannot move to self
2679                 if ($blogid == $destblogid)
2680                         return _ERROR_MOVETOSELF;
2681
2682                 // get blogs
2683                 $blog =& $manager->getBlog($blogid);
2684                 $destblog =& $manager->getBlog($destblogid);
2685
2686                 // check if the category is valid
2687                 if (!$blog || !$blog->isValidCategory($catid))
2688                         return _ERROR_NOSUCHCATEGORY;
2689
2690                 // don't allow default category to be moved
2691                 if ($blog->getDefaultCategory() == $catid)
2692                         return _ERROR_MOVEDEFCATEGORY;
2693
2694                 $manager->notify(
2695                         'PreMoveCategory',
2696                         array(
2697                                 'catid' => &$catid,
2698                                 'sourceblog' => &$blog,
2699                                 'destblog' => &$destblog
2700                         )
2701                 );
2702
2703                 // update comments table (cblog)
2704                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
2705                 $items = sql_query($query);
2706                 while ($oItem = mysql_fetch_object($items)) {
2707                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
2708                 }
2709
2710                 // update items (iblog)
2711                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;
2712                 sql_query($query);
2713
2714                 // move category
2715                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;
2716                 sql_query($query);
2717
2718                 $manager->notify(
2719                         'PostMoveCategory',
2720                         array(
2721                                 'catid' => &$catid,
2722                                 'sourceblog' => &$blog,
2723                                 'destblog' => $destblog
2724                         )
2725                 );
2726
2727         }
2728
2729         function action_blogsettingsupdate() {
2730                 global $member, $manager;
2731
2732                 $blogid = intRequestVar('blogid');
2733
2734                 $member->blogAdminRights($blogid) or $this->disallow();
2735
2736                 $blog =& $manager->getBlog($blogid);
2737
2738                 $notify                 = trim(postVar('notify'));
2739                 $shortname              = trim(postVar('shortname'));
2740                 $updatefile             = trim(postVar('update'));
2741
2742                 $notifyComment  = intPostVar('notifyComment');
2743                 $notifyVote             = intPostVar('notifyVote');
2744                 $notifyNewItem  = intPostVar('notifyNewItem');
2745
2746                 if ($notifyComment == 0)        $notifyComment = 1;
2747                 if ($notifyVote == 0)           $notifyVote = 1;
2748                 if ($notifyNewItem == 0)        $notifyNewItem = 1;
2749
2750                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2751
2752
2753                 if ($notify) {
2754                         $not =& new NOTIFICATION($notify);
2755                         if (!$not->validAddresses())
2756                                 $this->error(_ERROR_BADNOTIFY);
2757
2758                 }
2759
2760                 if (!isValidShortName($shortname))
2761                         $this->error(_ERROR_BADSHORTBLOGNAME);
2762
2763                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))
2764                         $this->error(_ERROR_DUPSHORTBLOGNAME);
2765
2766                 // check if update file is writable
2767                 if ($updatefile && !is_writeable($updatefile))
2768                         $this->error(_ERROR_UPDATEFILE);
2769
2770                 $blog->setName(trim(postVar('name')));
2771                 $blog->setShortName($shortname);
2772                 $blog->setNotifyAddress($notify);
2773                 $blog->setNotifyType($notifyType);
2774                 $blog->setMaxComments(postVar('maxcomments'));
2775                 $blog->setCommentsEnabled(postVar('comments'));
2776                 $blog->setTimeOffset(postVar('timeoffset'));
2777                 $blog->setUpdateFile($updatefile);
2778                 $blog->setURL(trim(postVar('url')));
2779                 $blog->setDefaultSkin(intPostVar('defskin'));
2780                 $blog->setDescription(trim(postVar('desc')));
2781                 $blog->setPublic(postVar('public'));
2782                 $blog->setPingUserland(postVar('pinguserland'));
2783                 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2784                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
2785                 $blog->setDefaultCategory(intPostVar('defcat'));
2786                 $blog->setSearchable(intPostVar('searchable'));
2787
2788                 $blog->writeSettings();
2789
2790                 // store plugin options
2791                 $aOptions = requestArray('plugoption');
2792                 NucleusPlugin::_applyPluginOptions($aOptions);
2793                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));
2794
2795
2796                 $this->action_overview(_MSG_SETTINGSCHANGED);
2797         }
2798
2799         function action_deleteblog() {
2800                 global $member, $CONF, $manager;
2801
2802                 $blogid = intRequestVar('blogid');
2803
2804                 $member->blogAdminRights($blogid) or $this->disallow();
2805
2806                 // check if blog is default blog
2807                 if ($CONF['DefaultBlog'] == $blogid)
2808                         $this->error(_ERROR_DELDEFBLOG);
2809
2810                 $blog =& $manager->getBlog($blogid);
2811
2812                 $this->pagehead();
2813                 ?>
2814                         <h2><?php echo _DELETE_CONFIRM?></h2>
2815
2816                         <p><?php echo _WARNINGTXT_BLOGDEL?>
2817                         </p>
2818
2819                         <div>
2820                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>
2821                         </div>
2822
2823                         <form method="post" action="index.php"><div>
2824                         <input type="hidden" name="action" value="deleteblogconfirm" />
2825                         <?php $manager->addTicketHidden() ?>
2826                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2827                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2828                         </div></form>
2829                 <?php
2830                 $this->pagefoot();
2831         }
2832
2833         function action_deleteblogconfirm() {
2834                 global $member, $CONF, $manager;
2835
2836                 $blogid = intRequestVar('blogid');
2837
2838                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));
2839
2840                 $member->blogAdminRights($blogid) or $this->disallow();
2841
2842                 // check if blog is default blog
2843                 if ($CONF['DefaultBlog'] == $blogid)
2844                         $this->error(_ERROR_DELDEFBLOG);
2845
2846                 // delete all comments
2847                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
2848                 sql_query($query);
2849
2850                 // delete all items
2851                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
2852                 sql_query($query);
2853
2854                 // delete all team members
2855                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
2856                 sql_query($query);
2857
2858                 // delete all bans
2859                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
2860                 sql_query($query);
2861
2862                 // delete all categories
2863                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
2864                 sql_query($query);
2865
2866                 // delete all associated plugin options
2867                 NucleusPlugin::_deleteOptionValues('blog', $blogid);
2868
2869                 // delete the blog itself
2870                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
2871                 sql_query($query);
2872
2873                 $manager->notify('PostDeleteBlog', array('blogid' => $blogid));
2874
2875                 $this->action_overview(_DELETED_BLOG);
2876         }
2877
2878         function action_memberdelete() {
2879                 global $member, $manager;
2880
2881                 $memberid = intRequestVar('memberid');
2882
2883                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
2884
2885                 $mem = MEMBER::createFromID($memberid);
2886
2887                 $this->pagehead();
2888                 ?>
2889                         <h2><?php echo _DELETE_CONFIRM?></h2>
2890
2891                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo  $mem->getDisplayName() ?></b>
2892                         </p>
2893
2894                         <p>
2895                         Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)
2896                         </p>
2897
2898                         <form method="post" action="index.php"><div>
2899                         <input type="hidden" name="action" value="memberdeleteconfirm" />
2900                         <?php $manager->addTicketHidden() ?>
2901                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2902                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2903                         </div></form>
2904                 <?php
2905                 $this->pagefoot();
2906         }
2907
2908         function action_memberdeleteconfirm() {
2909                 global $member;
2910
2911                 $memberid = intRequestVar('memberid');
2912
2913                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
2914
2915                 $error = $this->deleteOneMember($memberid);
2916                 if ($error)
2917                         $this->error($error);
2918
2919                 if ($member->isAdmin())
2920                         $this->action_usermanagement();
2921                 else
2922                         $this->action_overview(_DELETED_MEMBER);
2923         }
2924
2925         // (static)
2926         function deleteOneMember($memberid) {
2927                 global $manager;
2928
2929                 $memberid = intval($memberid);
2930                 $mem = MEMBER::createFromID($memberid);
2931
2932                 if (!$mem->canBeDeleted())
2933                         return _ERROR_DELETEMEMBER;
2934
2935                 $manager->notify('PreDeleteMember', array('member' => &$mem));
2936
2937                 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;
2938                 sql_query($query);
2939
2940                 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;
2941                 sql_query($query);
2942
2943                 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;
2944                 sql_query($query);
2945
2946                 // delete all associated plugin options
2947                 NucleusPlugin::_deleteOptionValues('member', $memberid);
2948
2949                 $manager->notify('PostDeleteMember', array('member' => &$mem));
2950
2951                 return '';
2952         }
2953
2954         function action_createnewlog() {
2955                 global $member, $CONF, $manager;
2956
2957                 // Only Super-Admins can do this
2958                 $member->isAdmin() or $this->disallow();
2959
2960                 $this->pagehead();
2961
2962                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
2963                 ?>
2964                 <h2><?php echo _EBLOG_CREATE_TITLE?></h2>
2965
2966                 <h3>_ADMIN_NOTABILIA</h3>
2967
2968                 <p>_ADMIN_PLEASE_READ</p>
2969
2970                 <p>_ADMIN_HOW_TO_ACCESS</p>
2971
2972                 <ol>
2973                         <li>_ADMIN_SIMPLE_WAY</li>
2974                         <li>_ADMIN_DIFFICULT_WAY</li>
2975                 </ol>
2976
2977                 <h3>_ADMIN_HOW_TO_CREATE</h3>
2978
2979                 <p>
2980                 <?php echo _EBLOG_CREATE_TEXT?>
2981                 </p>
2982
2983                 <form method="post" action="index.php"><div>
2984
2985                 <input type="hidden" name="action" value="addnewlog" />
2986                 <?php $manager->addTicketHidden() ?>
2987
2988
2989                 <table><tr>
2990                         <td><?php echo _EBLOG_NAME?></td>
2991                         <td><input name="name" tabindex="10" size="40" maxlength="60" /></td>
2992                 </tr><tr>
2993                         <td><?php echo _EBLOG_SHORTNAME?>
2994                                 <?php help('shortblogname'); ?>
2995                         </td>
2996                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" /></td>
2997                 </tr><tr>
2998                         <td><?php echo _EBLOG_DESC?></td>
2999                         <td><input name="desc" tabindex="30" maxlength="200" size="40" /></td>
3000                 </tr><tr>
3001                         <td><?php echo _EBLOG_DEFSKIN?>
3002                                 <?php help('blogdefaultskin'); ?>
3003                         </td>
3004                         <td>
3005                                 <?php
3006                                         $query =  'SELECT sdname as text, sdnumber as value'
3007                                                    . ' FROM '.sql_table('skin_desc');
3008                                         $template['name'] = 'defskin';
3009                                         $template['tabindex'] = 50;
3010                                         $template['selected'] = $CONF['BaseSkin'];      // set default selected skin to be globally defined base skin
3011                                         showlist($query,'select',$template);
3012                                 ?>
3013                         </td>
3014                 </tr><tr>
3015                         <td><?php echo _EBLOG_OFFSET?>
3016                                 <?php help('blogtimeoffset'); ?>
3017                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>
3018                         </td>
3019                         <td><input name="timeoffset" tabindex="110" size="3" value="0" /></td>
3020                 </tr><tr>
3021                         <td><?php echo _EBLOG_ADMIN?>
3022                                 <?php help('blogadmin'); ?>
3023                         </td>
3024                         <td><?php echo _EBLOG_ADMIN_MSG?></td>
3025                 </tr><tr>
3026                         <td><?php echo _EBLOG_CREATE?></td>
3027                         <td><input type="submit" tabindex="120" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td>
3028                 </tr></table>
3029
3030                 </div></form>
3031                 <?php
3032                 $this->pagefoot();
3033         }
3034
3035         function action_addnewlog() {
3036                 global $member, $manager, $CONF;
3037
3038                 // Only Super-Admins can do this
3039                 $member->isAdmin() or $this->disallow();
3040
3041                 $bname                  = trim(postVar('name'));
3042                 $bshortname             = trim(postVar('shortname'));
3043                 $btimeoffset    = postVar('timeoffset');
3044                 $bdesc                  = trim(postVar('desc'));
3045                 $bdefskin               = postVar('defskin');
3046
3047                 if (!isValidShortName($bshortname))
3048                         $this->error(_ERROR_BADSHORTBLOGNAME);
3049
3050                 if ($manager->existsBlog($bshortname))
3051                         $this->error(_ERROR_DUPSHORTBLOGNAME);
3052
3053                 $manager->notify(
3054                         'PreAddBlog',
3055                         array(
3056                                 'name' => &$bname,
3057                                 'shortname' => &$bshortname,
3058                                 'timeoffset' => &$btimeoffset,
3059                                 'description' => &$bdescription,
3060                                 'defaultskin' => &$bdefskin
3061                         )
3062                 );
3063
3064
3065                 // add slashes for sql queries
3066                 $bname =                addslashes($bname);
3067                 $bshortname =   addslashes($bshortname);
3068                 $btimeoffset =  addslashes($btimeoffset);
3069                 $bdesc =                addslashes($bdesc);
3070                 $bdefskin =     addslashes($bdefskin);
3071
3072                 // create blog
3073                 $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')";
3074                 sql_query($query);
3075                 $blogid = mysql_insert_id();
3076                 $blog   =& $manager->getBlog($blogid);
3077
3078                 // create new category
3079                 sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, 'General','Items that do not fit in other categories')");
3080                 $catid = mysql_insert_id();
3081
3082                 // set as default category
3083                 $blog->setDefaultCategory($catid);
3084                 $blog->writeSettings();
3085
3086                 // create team member
3087                 $memberid = $member->getID();
3088                 $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)";
3089                 sql_query($query);
3090
3091
3092                 $blog->additem($blog->getDefaultCategory(),'First Item','ã\81\93ã\82\8cã\81¯ã\81\82ã\81ªã\81\9fã\81Eweblogã\81«ã\81\8aã\81\91ã\82\8bæ\9c\80å\88\9dã\81\82¢ã\82¤ã\83\81E\83 ã\81§ã\81\99ã\80\82è\81\94±ã\81«å\89\8aé\99¤ã\81\97ã\81¦ã\81\81E\81\9fã\81 ã\81\81E\81¦ã\81\8bã\81¾ã\81\81E\81¾ã\81\9bã\82\93ã\80\81E,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);
3093
3094                 $manager->notify(
3095                         'PostAddBlog',
3096                         array(
3097                                 'blog' => &$blog
3098                         )
3099                 );
3100
3101                 $manager->notify(
3102                         'PostAddCategory',
3103                         array(
3104                                 'catid' => $catid
3105                         )
3106                 );
3107
3108                 $this->pagehead();
3109                 ?>
3110                 <h2>æ\96°ã\81\97ã\81\84weblogã\81\8cä½\9cæ\81\81\95ã\82\8cã\81¾ã\81\97ã\81\9f</h2>
3111