OSDN Git Service

3.15 taka-san version
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php\r
2 /**\r
3   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
4   * Copyright (C) 2002-2004 The Nucleus Group\r
5   *\r
6   * This program is free software; you can redistribute it and/or\r
7   * modify it under the terms of the GNU General Public License\r
8   * as published by the Free Software Foundation; either version 2\r
9   * of the License, or (at your option) any later version.\r
10   * (see nucleus/documentation/index.html#license for more info)\r
11   *\r
12   * The code for the Nucleus admin area   \r
13   */\r
14  \r
15 class ADMIN {\r
16 \r
17         // action currently being executed ($action=xxxx -> action_xxxx method)\r
18         var $action;\r
19 \r
20         function ADMIN() {\r
21 \r
22         }\r
23         \r
24         /**\r
25           * Executes an action\r
26           *\r
27           * @param $action\r
28           *             action to be performed\r
29           */\r
30         function action($action) {\r
31                 // list of action aliases\r
32                 $alias = array(\r
33                         'login' => 'overview',\r
34                         '' => 'overview'\r
35                 );\r
36 \r
37                 if ($alias[$action])\r
38                         $action = $alias[$action];\r
39 \r
40                 $methodName = 'action_' . $action;\r
41                 \r
42                 $this->action = $action;\r
43 \r
44                 if (method_exists($this, $methodName))\r
45                         call_user_func(array(&$this, $methodName));\r
46                 else\r
47                         $this->error(_BADACTION . " ($action)");\r
48                 \r
49         }\r
50 \r
51 \r
52         function action_showlogin() {\r
53                 global $error;\r
54                 $this->action_login($error);\r
55         }\r
56 \r
57         function action_login($msg = '', $passvars = 1) {\r
58                 global $member;\r
59                 \r
60                 // skip to overview when allowed\r
61                 if ($member->isLoggedIn() && $member->canLogin()) {\r
62                         $this->action_overview();\r
63                         exit;\r
64                 }\r
65                         \r
66                 $this->pagehead();\r
67                 \r
68                 echo '<h2>', _LOGIN ,'</h2>';\r
69                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
70                 ?>\r
71                 \r
72                 <form action="index.php" method="post"><p>\r
73                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />\r
74                 <br />\r
75                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />\r
76                 <br />\r
77                 <input name="action" value="login" type="hidden" />\r
78                 <br />\r
79                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
80                 <br />\r
81                 <small>\r
82                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
83                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
84                 </small>\r
85                 <?php                   // pass through vars\r
86                         \r
87                         $oldaction = postVar('oldaction');\r
88                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
89                                 passRequestVars();\r
90                         }\r
91 \r
92                         \r
93                 ?>\r
94                 </p></form>\r
95                 <?php           $this->pagefoot();\r
96         }\r
97 \r
98 \r
99         /**\r
100           * provides a screen with the overview of the actions available\r
101           */\r
102         function action_overview($msg = '') {\r
103                 global $member;\r
104                 \r
105                 $this->pagehead();\r
106                 \r
107                 if ($msg)\r
108                         echo _MESSAGE , ': ', $msg;\r
109                 \r
110                 /* ---- add items ---- */\r
111                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
112                 \r
113                 $showAll = requestVar('showall');\r
114                 \r
115                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
116                         // Super-Admins have access to all blogs! (no add item support though)\r
117                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
118                                . ' FROM ' . sql_table('blog')\r
119                                . ' ORDER BY bname';\r
120                 } else {\r
121                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
122                                . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
123                                . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
124                                . ' ORDER BY bname';             \r
125                 }\r
126                 $template['content'] = 'bloglist';\r
127                 $template['superadmin'] = $member->isAdmin();\r
128                 $amount = showlist($query,'table',$template);\r
129                 \r
130                 if (($showAll != 'yes') && ($member->isAdmin())) {\r
131                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
132                         if ($total > $amount) \r
133                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';\r
134                 }\r
135 \r
136                 if ($amount == 0)\r
137                         echo _OVERVIEW_NOBLOGS;\r
138                         \r
139                 if ($amount != 0) {\r
140                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
141                         $query =  'SELECT ititle, inumber, bshortname'\r
142                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
143                                . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
144                         $template['content'] = 'draftlist';\r
145                         $amountdrafts = showlist($query, 'table', $template);\r
146                         if ($amountdrafts == 0) \r
147                                 echo _OVERVIEW_NODRAFTS;\r
148                 }\r
149                 \r
150                 /* ---- user settings ---- */\r
151                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
152                 echo '<ul>';\r
153                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
154                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
155                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
156                 echo '</ul>';\r
157                 \r
158                 /* ---- general settings ---- */\r
159                 if ($member->isAdmin()) {\r
160                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
161                         echo '<ul>';\r
162                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
163                         echo '</ul>';\r
164                 }\r
165                 \r
166                 \r
167                 $this->pagefoot();\r
168         }\r
169         \r
170         // returns a link to a weblog (takes BLOG object as parameter)\r
171         function bloglink(&$blog) {\r
172                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';\r
173         }\r
174         \r
175         function action_manage($msg = '') {\r
176                 global $member;\r
177                 \r
178                 $member->isAdmin() or $this->disallow();\r
179                 \r
180                 $this->pagehead();\r
181                 \r
182                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
183                 \r
184                 if ($msg)\r
185                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
186 \r
187 \r
188                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
189                 \r
190                 echo '<ul>';\r
191                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
192                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
193                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';            \r
194                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';         \r
195                 echo '</ul>';\r
196                 \r
197                 echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
198                 echo '<ul>';\r
199                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
200                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
201                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';         \r
202                 echo '</ul>';\r
203                 \r
204                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';          \r
205                 echo '<ul>';\r
206                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';                     \r
207                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';                        \r
208                 echo '</ul>';   \r
209                 \r
210                 $this->pagefoot();      \r
211         }\r
212         \r
213         function action_itemlist($blogid = '') {\r
214                 global $member, $manager;\r
215                 \r
216                 if ($blogid == '')\r
217                         $blogid = intRequestVar('blogid');\r
218                 \r
219                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();                \r
220                 \r
221                 $this->pagehead();\r
222                 $blog =& $manager->getBlog($blogid);\r
223                 \r
224                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
225                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
226                 \r
227                 // start index\r
228                 if (postVar('start'))\r
229                         $start = intPostVar('start');\r
230                 else\r
231                         $start = 0;     \r
232                         \r
233                 if ($start == 0)\r
234                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';            \r
235                         \r
236                 // amount of items to show\r
237                 if (postVar('amount'))\r
238                         $amount = intPostVar('amount');\r
239                 else\r
240                         $amount = 10;   \r
241                 \r
242                 $search = postVar('search');    // search through items\r
243                         \r
244                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'\r
245                        . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
246                        . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
247                 \r
248                 if ($search) \r
249                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';                       \r
250                         \r
251                 // non-blog-admins can only edit/delete their own items\r
252                 if (!$member->blogAdminRights($blogid)) \r
253                         $query .= ' and iauthor=' . $member->getID();\r
254 \r
255                                 \r
256                 $query .= ' ORDER BY itime DESC'\r
257                         . " LIMIT $start,$amount";\r
258                 \r
259                 $template['content'] = 'itemlist';\r
260                 $template['now'] = $blog->getCorrectTime(time());\r
261 \r
262 \r
263                 $navList = new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
264                 $navList->showBatchList('item',$query,'table',$template);\r
265 \r
266                 \r
267                 $this->pagefoot();\r
268         }\r
269         \r
270         \r
271         function action_batchitem() {\r
272                 global $member, $manager;\r
273                 \r
274                 // check if logged in\r
275                 $member->isLoggedIn() or $this->disallow();\r
276                 \r
277                 // more precise check will be done for each performed operation \r
278         \r
279                 // get array of itemids from request\r
280                 $selected = requestIntArray('batch');\r
281                 $action = requestVar('batchaction');\r
282                 \r
283                 // Show error when no items were selected\r
284                 if (!is_array($selected) || sizeof($selected) == 0)\r
285                         $this->error(_BATCH_NOSELECTION);\r
286                         \r
287                 // On move: when no destination blog/category chosen, show choice now\r
288                 $destCatid = intRequestVar('destcatid');\r
289                 if (($action == 'move') && (!$manager->existsCategory($destCatid))) \r
290                         $this->batchMoveSelectDestination('item',$selected);\r
291                 \r
292                 // On delete: check if confirmation has been given\r
293                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
294                         $this->batchAskDeleteConfirmation('item',$selected);\r
295 \r
296                 $this->pagehead();\r
297                 \r
298                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         \r
299                 echo '<h2>',_BATCH_ITEMS,'</h2>';\r
300                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
301                 echo '<ul>';\r
302                 \r
303 \r
304                 // walk over all itemids and perform action\r
305                 foreach ($selected as $itemid) {\r
306                         $itemid = intval($itemid);\r
307                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
308 \r
309                         // perform action, display errors if needed\r
310                         switch($action) {\r
311                                 case 'delete':\r
312                                         $error = $this->deleteOneItem($itemid);\r
313                                         break;\r
314                                 case 'move':\r
315                                         $error = $this->moveOneItem($itemid, $destCatid);\r
316                                         break;\r
317                                 default:\r
318                                         $error = _BATCH_UNKNOWN . $action;\r
319                         }\r
320 \r
321                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
322                         echo '</li>';\r
323                 }\r
324                 \r
325                 echo '</ul>';\r
326                 echo '<b>',_BATCH_DONE,'</b>';\r
327                 \r
328                 $this->pagefoot();\r
329 \r
330                 \r
331         }\r
332         \r
333         function action_batchcomment() {\r
334                 global $member;\r
335                 \r
336                 // check if logged in\r
337                 $member->isLoggedIn() or $this->disallow();\r
338                 \r
339                 // more precise check will be done for each performed operation \r
340         \r
341                 // get array of itemids from request\r
342                 $selected = requestIntArray('batch');\r
343                 $action = requestVar('batchaction');\r
344                 \r
345                 // Show error when no items were selected\r
346                 if (!is_array($selected) || sizeof($selected) == 0)\r
347                         $this->error(_BATCH_NOSELECTION);\r
348                         \r
349                 // On delete: check if confirmation has been given\r
350                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
351                         $this->batchAskDeleteConfirmation('comment',$selected);\r
352 \r
353                 $this->pagehead();\r
354                 \r
355                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         \r
356                 echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
357                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
358                 echo '<ul>';\r
359                 \r
360                 // walk over all itemids and perform action\r
361                 foreach ($selected as $commentid) {\r
362                         $commentid = intval($commentid);\r
363                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
364 \r
365                         // perform action, display errors if needed\r
366                         switch($action) {\r
367                                 case 'delete':\r
368                                         $error = $this->deleteOneComment($commentid);\r
369                                         break;\r
370                                 default:\r
371                                         $error = _BATCH_UNKNOWN . $action;\r
372                         }\r
373 \r
374                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
375                         echo '</li>';\r
376                 }\r
377                 \r
378                 echo '</ul>';\r
379                 echo '<b>',_BATCH_DONE,'</b>';\r
380                 \r
381                 $this->pagefoot();\r
382 \r
383                 \r
384         }\r
385 \r
386         function action_batchmember() {\r
387                 global $member;\r
388                 \r
389                 // check if logged in and admin\r
390                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
391                 \r
392                 // get array of itemids from request\r
393                 $selected = requestIntArray('batch');\r
394                 $action = requestVar('batchaction');\r
395                 \r
396                 // Show error when no members selected\r
397                 if (!is_array($selected) || sizeof($selected) == 0)\r
398                         $this->error(_BATCH_NOSELECTION);\r
399                         \r
400                 // On delete: check if confirmation has been given\r
401                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
402                         $this->batchAskDeleteConfirmation('member',$selected);\r
403 \r
404                 $this->pagehead();\r
405                 \r
406                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';             \r
407                 echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
408                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
409                 echo '<ul>';\r
410                 \r
411                 // walk over all itemids and perform action\r
412                 foreach ($selected as $memberid) {\r
413                         $memberid = intval($memberid);\r
414                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
415 \r
416                         // perform action, display errors if needed\r
417                         switch($action) {\r
418                                 case 'delete':\r
419                                         $error = $this->deleteOneMember($memberid);\r
420                                         break;\r
421                                 case 'setadmin':\r
422                                         // always succeeds\r
423                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
424                                         $error = '';\r
425                                         break;\r
426                                 case 'unsetadmin':\r
427                                         // there should always remain at least one super-admin\r
428                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
429                                         if (mysql_num_rows($r) < 2)\r
430                                                 $error = _ERROR_ATLEASTONEADMIN;\r
431                                         else\r
432                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
433                                         break;\r
434                                 default:\r
435                                         $error = _BATCH_UNKNOWN . $action;\r
436                         }\r
437 \r
438                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
439                         echo '</li>';\r
440                 }\r
441                 \r
442                 echo '</ul>';\r
443                 echo '<b>',_BATCH_DONE,'</b>';\r
444                 \r
445                 $this->pagefoot();\r
446 \r
447                 \r
448         }       \r
449         \r
450 \r
451         function action_batchteam() {\r
452                 global $member;\r
453                 \r
454                 $blogid = intRequestVar('blogid');\r
455                 \r
456                 // check if logged in and admin\r
457                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
458                 \r
459                 // get array of itemids from request\r
460                 $selected = requestIntArray('batch');\r
461                 $action = requestVar('batchaction');\r
462                 \r
463                 // Show error when no members selected\r
464                 if (!is_array($selected) || sizeof($selected) == 0)\r
465                         $this->error(_BATCH_NOSELECTION);\r
466                         \r
467                 // On delete: check if confirmation has been given\r
468                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
469                         $this->batchAskDeleteConfirmation('team',$selected);\r
470 \r
471                 $this->pagehead();\r
472                 \r
473                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
474 \r
475                 echo '<h2>',_BATCH_TEAM,'</h2>';\r
476                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
477                 echo '<ul>';\r
478                 \r
479                 // walk over all itemids and perform action\r
480                 foreach ($selected as $memberid) {\r
481                         $memberid = intval($memberid);\r
482                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
483 \r
484                         // perform action, display errors if needed\r
485                         switch($action) {\r
486                                 case 'delete':\r
487                                         $error = $this->deleteOneTeamMember($blogid, $memberid);\r
488                                         break;\r
489                                 case 'setadmin':\r
490                                         // always succeeds\r
491                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
492                                         $error = '';\r
493                                         break;\r
494                                 case 'unsetadmin':\r
495                                         // there should always remain at least one admin\r
496                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
497                                         if (mysql_num_rows($r) < 2)\r
498                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;\r
499                                         else\r
500                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
501                                         break;\r
502                                 default:\r
503                                         $error = _BATCH_UNKNOWN . $action;\r
504                         }\r
505 \r
506                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
507                         echo '</li>';\r
508                 }\r
509                 \r
510                 echo '</ul>';\r
511                 echo '<b>',_BATCH_DONE,'</b>';\r
512                 \r
513                 $this->pagefoot();\r
514 \r
515                 \r
516         }       \r
517 \r
518 \r
519         \r
520         function action_batchcategory() {\r
521                 global $member, $manager;\r
522                 \r
523                 // check if logged in\r
524                 $member->isLoggedIn() or $this->disallow();\r
525                 \r
526                 // more precise check will be done for each performed operation \r
527         \r
528                 // get array of itemids from request\r
529                 $selected = requestIntArray('batch');\r
530                 $action = requestVar('batchaction');\r
531                 \r
532                 // Show error when no items were selected\r
533                 if (!is_array($selected) || sizeof($selected) == 0)\r
534                         $this->error(_BATCH_NOSELECTION);\r
535                         \r
536                 // On move: when no destination blog chosen, show choice now\r
537                 $destBlogId = intRequestVar('destblogid');\r
538                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) \r
539                         $this->batchMoveCategorySelectDestination('category',$selected);\r
540                 \r
541                 // On delete: check if confirmation has been given\r
542                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
543                         $this->batchAskDeleteConfirmation('category',$selected);\r
544 \r
545                 $this->pagehead();\r
546                 \r
547                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         \r
548                 echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
549                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
550                 echo '<ul>';\r
551                 \r
552                 // walk over all itemids and perform action\r
553                 foreach ($selected as $catid) {\r
554                         $catid = intval($catid);\r
555                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
556 \r
557                         // perform action, display errors if needed\r
558                         switch($action) {\r
559                                 case 'delete':\r
560                                         $error = $this->deleteOneCategory($catid);\r
561                                         break;\r
562                                 case 'move':\r
563                                         $error = $this->moveOneCategory($catid, $destBlogId);\r
564                                         break;\r
565                                 default:\r
566                                         $error = _BATCH_UNKNOWN . $action;\r
567                         }\r
568 \r
569                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';\r
570                         echo '</li>';\r
571                 }\r
572                 \r
573                 echo '</ul>';\r
574                 echo '<b>',_BATCH_DONE,'</b>';\r
575                 \r
576                 $this->pagefoot();\r
577                 \r
578         }\r
579         \r
580         function batchMoveSelectDestination($type, $ids) {\r
581                 $this->pagehead();\r
582                 ?>\r
583                 <h2><?php echo _MOVE_TITLE?></h2>\r
584                 <form method="post" action="index.php"><div>\r
585 \r
586                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
587                         <input type="hidden" name="batchaction" value="move" />\r
588                         <?php                           // insert selected item numbers\r
589                                 $idx = 0;\r
590                                 foreach ($ids as $id)\r
591                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
592                         \r
593                                 // show blog/category selection list\r
594                                 $this->selectBlogCategory('destcatid');\r
595                         \r
596                         ?>\r
597                         \r
598                         \r
599                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
600 \r
601                 </div></form>\r
602                 <?php           $this->pagefoot();\r
603                 exit;\r
604         }\r
605         \r
606         function batchMoveCategorySelectDestination($type, $ids) {\r
607                 $this->pagehead();\r
608                 ?>\r
609                 <h2><?php echo _MOVECAT_TITLE?></h2>\r
610                 <form method="post" action="index.php"><div>\r
611 \r
612                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
613                         <input type="hidden" name="batchaction" value="move" />\r
614                         <?php                           // insert selected item numbers\r
615                                 $idx = 0;\r
616                                 foreach ($ids as $id)\r
617                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
618                         \r
619                                 // show blog/category selection list\r
620                                 $this->selectBlog('destblogid');\r
621                         \r
622                         ?>\r
623                         \r
624                         \r
625                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
626 \r
627                 </div></form>\r
628                 <?php           $this->pagefoot();\r
629                 exit;\r
630         }\r
631         \r
632         function batchAskDeleteConfirmation($type, $ids) {\r
633                 $this->pagehead();\r
634                 ?>\r
635                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
636                 <form method="post" action="index.php"><div>\r
637 \r
638                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
639                         <input type="hidden" name="batchaction" value="delete" />\r
640                         <input type="hidden" name="confirmation" value="yes" />                 \r
641                         <?php                           // insert selected item numbers\r
642                                 $idx = 0;\r
643                                 foreach ($ids as $id)\r
644                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
645                                         \r
646                                 // add hidden vars for team & comment\r
647                                 if ($type == 'team') \r
648                                 {\r
649                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
650                                 }\r
651                                 if ($type == 'comment') \r
652                                 {\r
653                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
654                                 }\r
655                                         \r
656                         ?>\r
657                         \r
658                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
659 \r
660                 </div></form>\r
661                 <?php           $this->pagefoot();\r
662                 exit;\r
663         }\r
664         \r
665         \r
666         /**\r
667           * Inserts a HTML select element with choices for all categories to which the current\r
668           * member has access\r
669           */\r
670         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
671                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
672         }\r
673         \r
674         /**\r
675           * Inserts a HTML select element with choices for all blogs to which the user has access\r
676           *             mode = 'blog' => shows blognames and values are blogids\r
677           *             mode = 'category' => show category names and values are catids\r
678           *\r
679           * @param $iForcedBlogInclude\r
680           *             ID of a blog that always needs to be included, without checking if the member is on the blog team (-1 = none)\r
681           */\r
682         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
683                 global $member, $CONF;\r
684                 \r
685                 // 0. get IDs of blogs to which member can post items (+ forced blog)\r
686                 $aBlogIds = array();\r
687                 if ($iForcedBlogInclude != -1)\r
688                         $aBlogIds[] = intval($iForcedBlogInclude);\r
689 \r
690                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) \r
691                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
692                 else\r
693                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();          \r
694                 $rblogids = sql_query($queryBlogs);\r
695                 while ($o = mysql_fetch_object($rblogids))\r
696                         if ($o->bnumber != $iForcedBlogInclude)\r
697                                 $aBlogIds[] = intval($o->bnumber);\r
698                                 \r
699                 if (count($aBlogIds) == 0)\r
700                         return;\r
701                 \r
702                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
703 \r
704                 // 1. select blogs (we'll create optiongroups)\r
705                 // (only select those blogs that have the user on the team)\r
706                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
707                 $blogs = sql_query($queryBlogs);\r
708                 if ($mode == 'category') {\r
709                         if (mysql_num_rows($blogs) > 1)\r
710                                 $multipleBlogs = 1;\r
711 \r
712                         while ($oBlog = mysql_fetch_object($blogs)) {\r
713                                 if ($multipleBlogs)\r
714                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
715 \r
716                                 // show selection to create new category when allowed/wanted\r
717                                 if ($showNewCat) {\r
718                                         // check if allowed to do so\r
719                                         if ($member->blogAdminRights($oBlog->bnumber))\r
720                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
721                                 }\r
722 \r
723                                 // 2. for each category in that blog\r
724                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
725                                 while ($oCat = mysql_fetch_object($categories)) {\r
726                                         if ($oCat->catid == $selected)\r
727                                                 $selectText = ' selected="selected" ';\r
728                                         else\r
729                                                 $selectText = '';\r
730                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
731                                 }\r
732 \r
733                                 if ($multipleBlogs)\r
734                                         echo '</optgroup>';\r
735                         }\r
736                 } else {\r
737                         // blog mode\r
738                         while ($oBlog = mysql_fetch_object($blogs)) {\r
739                                 echo '<option value="',$oBlog->bnumber,'"';\r
740                                 if ($oBlog->bnumber == $selected)\r
741                                         echo ' selected="selected"';\r
742                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';                    \r
743                         }\r
744                 }\r
745                 echo '</select>';\r
746                 \r
747         }\r
748         \r
749         function action_browseownitems() {\r
750                 global $member;\r
751                 \r
752                 $this->pagehead();\r
753                 \r
754                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
755                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
756                 \r
757                 // start index\r
758                 if (postVar('start'))\r
759                         $start = postVar('start');\r
760                 else\r
761                         $start = 0;     \r
762                         \r
763                 // amount of items to show\r
764                 if (postVar('amount'))\r
765                         $amount = postVar('amount');\r
766                 else\r
767                         $amount = 10;   \r
768                 \r
769                 $search = postVar('search');    // search through items\r
770                         \r
771                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
772                        . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
773                        . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
774                 \r
775                 if ($search) \r
776                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
777                         \r
778                 $query .= ' ORDER BY itime DESC'\r
779                         . " LIMIT $start,$amount";\r
780                 \r
781                 $template['content'] = 'itemlist';\r
782                 $template['now'] = time();\r
783 \r
784                 $navList = new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);\r
785                 $navList->showBatchList('item',$query,'table',$template);\r
786 \r
787                 $this->pagefoot();              \r
788                 \r
789         }\r
790         \r
791         /**\r
792           * Show all the comments for a given item\r
793           */\r
794         function action_itemcommentlist($itemid = '') {\r
795                 global $member;\r
796                 \r
797                 if ($itemid == '')\r
798                         $itemid = intRequestVar('itemid');\r
799                 \r
800                 // only allow if user is allowed to alter item\r
801                 $member->canAlterItem($itemid) or $this->disallow();\r
802                 \r
803                 $blogid = getBlogIdFromItemId($itemid);\r
804         \r
805                 $this->pagehead();\r
806                 \r
807                 // start index\r
808                 if (postVar('start'))\r
809                         $start = postVar('start');\r
810                 else\r
811                         $start = 0;     \r
812                         \r
813                 // amount of items to show\r
814                 if (postVar('amount'))\r
815                         $amount = postVar('amount');\r
816                 else\r
817                         $amount = 10;   \r
818                 \r
819                 $search = postVar('search');    \r
820                 \r
821                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
822                 echo '<h2>',_COMMENTS,'</h2>';\r
823                 \r
824                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;\r
825 \r
826                 if ($search) \r
827                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
828 \r
829                 $query .= ' ORDER BY ctime ASC'\r
830                         . " LIMIT $start,$amount";\r
831 \r
832                 $template['content'] = 'commentlist';\r
833                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
834 \r
835                 $navList = new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
836                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
837                 \r
838                 $this->pagefoot();\r
839         }\r
840         \r
841         /**\r
842           * Browse own comments\r
843           */\r
844         function action_browseowncomments() {\r
845                 global $member;\r
846                 \r
847                 // start index\r
848                 if (postVar('start'))\r
849                         $start = postVar('start');\r
850                 else\r
851                         $start = 0;     \r
852                         \r
853                 // amount of items to show\r
854                 if (postVar('amount'))\r
855                         $amount = postVar('amount');\r
856                 else\r
857                         $amount = 10;   \r
858                 \r
859                 $search = postVar('search');                    \r
860 \r
861 \r
862                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
863 \r
864                 if ($search) \r
865                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
866 \r
867                 $query .= ' ORDER BY ctime DESC'\r
868                         . " LIMIT $start,$amount";\r
869                 \r
870                 $this->pagehead();\r
871                 \r
872                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
873                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
874         \r
875                 $template['content'] = 'commentlist';\r
876                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself\r
877                 \r
878                 $navList = new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
879                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
880         \r
881                 $this->pagefoot();\r
882         }\r
883         \r
884         /**\r
885           * Browse all comments for a weblog\r
886           */\r
887         function action_blogcommentlist($blogid = '') \r
888         {\r
889                 global $member, $manager;\r
890                 \r
891                 if ($blogid == '')\r
892                         $blogid = intRequestVar('blogid');\r
893                 else\r
894                         $blogid = intval($blogid);\r
895                         \r
896                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();                \r
897                 \r
898                 // start index\r
899                 if (postVar('start'))\r
900                         $start = postVar('start');\r
901                 else\r
902                         $start = 0;     \r
903                         \r
904                 // amount of items to show\r
905                 if (postVar('amount'))\r
906                         $amount = postVar('amount');\r
907                 else\r
908                         $amount = 10;   \r
909                 \r
910                 $search = postVar('search');            // search through comments\r
911 \r
912 \r
913                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
914 \r
915                 if ($search != '') \r
916                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
917                         \r
918                                 \r
919                 $query .= ' ORDER BY ctime DESC'\r
920                         . " LIMIT $start,$amount";\r
921 \r
922 \r
923                 $blog =& $manager->getBlog($blogid);\r
924 \r
925                 $this->pagehead();\r
926                                 \r
927                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
928                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
929                 \r
930                 $template['content'] = 'commentlist';\r
931                 $template['canAddBan'] = $member->blogAdminRights($blogid);\r
932                 \r
933                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
934                 $navList->showBatchList('comment',$query,'table',$template, 'No comments were made on items of this blog');\r
935         \r
936                 $this->pagefoot();\r
937         }\r
938 \r
939         /**\r
940           * Provide a page to item a new item to the given blog\r
941           */\r
942         function action_createitem() {\r
943                 global $member, $manager;\r
944                 \r
945                 $blogid = intRequestVar('blogid');\r
946                 \r
947                 // check if allowed\r
948                 $member->teamRights($blogid) or $this->disallow();              \r
949                 \r
950                 $memberid = $member->getID();\r
951                 \r
952                 $blog =& $manager->getBlog($blogid);\r
953                                 \r
954                 $this->pagehead();\r
955         \r
956                 // generate the add-item form\r
957                 $formfactory = new PAGEFACTORY($blogid);\r
958                 $formfactory->createAddForm('admin');\r
959 \r
960                 $this->pagefoot();      \r
961         }\r
962         \r
963         function action_itemedit() {\r
964                 global $member, $manager;\r
965                 \r
966                 $itemid = intRequestVar('itemid');\r
967                 \r
968                 // only allow if user is allowed to alter item\r
969                 $member->canAlterItem($itemid) or $this->disallow();\r
970                 \r
971                 $item =& $manager->getItem($itemid,1,1);\r
972                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
973                 \r
974                 $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
975                 \r
976                 if ($blog->convertBreaks()) {\r
977                         $item['body'] = removeBreaks($item['body']);\r
978                         $item['more'] = removeBreaks($item['more']);\r
979                 }\r
980         \r
981                 // form to edit blog items\r
982                 $this->pagehead();\r
983                 $formfactory = new PAGEFACTORY($blog->getID());\r
984                 $formfactory->createEditForm('admin',$item);            \r
985                 $this->pagefoot();      \r
986         }\r
987         \r
988         function action_itemupdate() {\r
989                 global $member, $manager, $CONF;\r
990                 \r
991                 $itemid = intRequestVar('itemid');\r
992                 $catid = postVar('catid');\r
993                 \r
994                 // only allow if user is allowed to alter item\r
995                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
996 \r
997                 $actiontype = postVar('actiontype');\r
998                 \r
999                 // delete actions are handled by itemdelete (which has confirmation)\r
1000                 if ($actiontype == 'delete') {\r
1001                         $this->action_itemdelete();\r
1002                         return; \r
1003                 }\r
1004                                 \r
1005                 $body   = postVar('body');\r
1006                 $title  = postVar('title');\r
1007                 $more   = postVar('more');\r
1008                 $closed = intPostVar('closed');\r
1009 \r
1010                 // default action = add now\r
1011                 if (!$actiontype) \r
1012                         $actiontype='addnow';\r
1013                         \r
1014                 // create new category if needed \r
1015                 if (strstr($catid,'newcat')) {\r
1016                         // get blogid \r
1017                         list($blogid) = sscanf($catid,"newcat-%d");\r
1018                         \r
1019                         // create\r
1020                         $blog =& $manager->getBlog($blogid);\r
1021                         $catid = $blog->createNewCategory();\r
1022 \r
1023                         // show error when sth goes wrong\r
1024                         if (!$catid) \r
1025                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1026                 } \r
1027 \r
1028                 /*\r
1029                         set some variables based on actiontype\r
1030                         \r
1031                         actiontypes:\r
1032                                 draft items -> addnow, addfuture, adddraft, delete\r
1033                                 non-draft items -> edit, changedate, delete\r
1034                         \r
1035                         variables set:\r
1036                                 $timestamp: set to a nonzero value for future dates or date changes\r
1037                                 $wasdraft: set to 1 when the item used to be a draft item\r
1038                                 $publish: set to 1 when the edited item is not a draft\r
1039                 */\r
1040                 switch ($actiontype) {\r
1041                         case 'adddraft':\r
1042                                 $publish = 0;\r
1043                                 $wasdraft = 1;\r
1044                                 $timestamp = 0;\r
1045                                 break;\r
1046                         case 'addfuture':\r
1047                                 $wasdraft = 1;\r
1048                                 $publish = 1;\r
1049                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
1050                                 break;\r
1051                         case 'addnow':\r
1052                                 $wasdraft = 1;\r
1053                                 $publish = 1;\r
1054                                 $timestamp = 0;\r
1055                                 break;\r
1056                         case 'changedate':\r
1057                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
1058                                 $publish = 1;\r
1059                                 $wasdraft = 0;\r
1060                                 break;\r
1061                         case 'edit':\r
1062                         default:\r
1063                                 $publish = 1;\r
1064                                 $wasdraft = 0;\r
1065                                 $timestamp = 0;\r
1066                 }\r
1067                 \r
1068                 // edit the item for real\r
1069                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
1070                 \r
1071                 // show category edit window when we created a new category\r
1072                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
1073                 if ($catid != intPostVar('catid')) {\r
1074                         $this->action_categoryedit(\r
1075                                 $catid, \r
1076                                 $blog->getID(),\r
1077                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
1078                         );\r
1079                 } else {\r
1080                         // TODO: set start item correctly for itemlist\r
1081                         $this->action_itemlist(getBlogIDFromItemID($itemid));\r
1082                 }\r
1083         }\r
1084         \r
1085         function action_itemdelete() {\r
1086                 global $member, $manager;\r
1087                 \r
1088                 $itemid = intRequestVar('itemid');\r
1089                 \r
1090                 // only allow if user is allowed to alter item\r
1091                 $member->canAlterItem($itemid) or $this->disallow();\r
1092                 \r
1093                 if (!$manager->existsItem($itemid,1,1))\r
1094                         $this->error(_ERROR_NOSUCHITEM);\r
1095                         \r
1096                 $item =& $manager->getItem($itemid,1,1);\r
1097                 $title = htmlspecialchars(strip_tags($item['title']));\r
1098                 $body = strip_tags($item['body']);\r
1099                 $body = htmlspecialchars(shorten($body,300,'...'));\r
1100                 \r
1101                 $this->pagehead();\r
1102                 ?>\r
1103                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1104                         \r
1105                         <p><?php echo _CONFIRMTXT_ITEM?></p>\r
1106                         \r
1107                         <div class="note">\r
1108                                 <b>"<?php echo  $title ?>"</b>\r
1109                                 <br />\r
1110                                 <?php echo $body?>\r
1111                         </div>\r
1112                         \r
1113                         <form method="post" action="index.php"><div>\r
1114                                 <input type="hidden" name="action" value="itemdeleteconfirm" />\r
1115                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1116                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
1117                         </div></form>\r
1118                 <?php           \r
1119                 $this->pagefoot();\r
1120         }\r
1121         \r
1122         function action_itemdeleteconfirm() {\r
1123                 global $member;\r
1124                 \r
1125                 $itemid = intRequestVar('itemid');\r
1126                 \r
1127                 // only allow if user is allowed to alter item\r
1128                 $member->canAlterItem($itemid) or $this->disallow();\r
1129 \r
1130                 // get blogid first\r
1131                 $blogid = getBlogIdFromItemId($itemid);\r
1132                 \r
1133                 // delete item (note: some checks will be performed twice)\r
1134                 $this->deleteOneItem($itemid);\r
1135                 \r
1136                 $this->action_itemlist($blogid);\r
1137         }\r
1138         \r
1139         // deletes one item and returns error if something goes wrong\r
1140         function deleteOneItem($itemid) {\r
1141                 global $member, $manager;\r
1142                 \r
1143                 // only allow if user is allowed to alter item (also checks if itemid exists)\r
1144                 if (!$member->canAlterItem($itemid))\r
1145                         return _ERROR_DISALLOWED;\r
1146                 \r
1147                 $manager->loadClass('ITEM');\r
1148                 ITEM::delete($itemid);\r
1149         }\r
1150 \r
1151         function action_itemmove() {\r
1152                 global $member, $manager;\r
1153                 \r
1154                 $itemid = intRequestVar('itemid');              \r
1155                 \r
1156                 // only allow if user is allowed to alter item\r
1157                 $member->canAlterItem($itemid) or $this->disallow();\r
1158 \r
1159                 $item =& $manager->getItem($itemid,1,1);\r
1160                 \r
1161                 $this->pagehead();\r
1162                 ?>\r
1163                         <h2><?php echo _MOVE_TITLE?></h2>\r
1164                         <form method="post" action="index.php"><div>\r
1165                                 <input type="hidden" name="action" value="itemmoveto" />\r
1166                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1167                                 \r
1168                                 <?php $this->selectBlogCategory('catid',$item['catid'],10,1);?>\r
1169                                 \r
1170                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
1171                         </div></form>\r
1172                 <?php           \r
1173                 $this->pagefoot();\r
1174         }\r
1175 \r
1176         function action_itemmoveto() {\r
1177                 global $member, $manager;\r
1178                 \r
1179                 $itemid = intRequestVar('itemid');\r
1180                 $catid = requestVar('catid');\r
1181                 \r
1182                 // create new category if needed \r
1183                 if (strstr($catid,'newcat')) {\r
1184                         // get blogid \r
1185                         list($blogid) = sscanf($catid,'newcat-%d');\r
1186                         \r
1187                         // create\r
1188                         $blog =& $manager->getBlog($blogid);\r
1189                         $catid = $blog->createNewCategory();\r
1190 \r
1191                         // show error when sth goes wrong\r
1192                         if (!$catid) \r
1193                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1194                 } \r
1195                 \r
1196                 // only allow if user is allowed to alter item\r
1197                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1198 \r
1199                 ITEM::move($itemid, $catid);            \r
1200                 \r
1201                 if ($catid != intRequestVar('catid'))\r
1202                         $this->action_categoryedit($catid, $blog->getID());\r
1203                 else\r
1204                         $this->action_itemlist(getBlogIDFromCatID($catid));             \r
1205         }\r
1206         \r
1207         /**\r
1208           * Moves one item to a given category (category existance should be checked by caller)\r
1209           * errors are returned\r
1210           */\r
1211         function moveOneItem($itemid, $destCatid) {\r
1212                 global $member;\r
1213                 \r
1214                 // only allow if user is allowed to move item\r
1215                 if (!$member->canUpdateItem($itemid, $destCatid))\r
1216                         return _ERROR_DISALLOWED;\r
1217 \r
1218                 ITEM::move($itemid, $destCatid);\r
1219         }\r
1220 \r
1221         /**\r
1222           * Adds a item to the chosen blog\r
1223           */\r
1224         function action_additem() {\r
1225                 global $member, $manager, $CONF;\r
1226                  \r
1227                 $manager->loadClass('ITEM');\r
1228 \r
1229                 $result = ITEM::createFromRequest();\r
1230                 \r
1231                 if ($result['status'] == 'error')\r
1232                         $this->error($result['message']);\r
1233                 \r
1234                 $blogid = getBlogIDFromItemID($result['itemid']);\r
1235                 $blog =& $manager->getBlog($blogid);\r
1236 \r
1237                 if ($result['status'] == 'newcategory')\r
1238                         $this->action_categoryedit(\r
1239                                 $result['catid'],\r
1240                                 $blogid, \r
1241                                 $blog->pingUserland() ? $CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid) : ''\r
1242                         );\r
1243                 elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())\r
1244                         $this->action_sendping($blogid);\r
1245                 else\r
1246                         $this->action_itemlist($blogid);\r
1247         }\r
1248         \r
1249         /**\r
1250           * Shows a window that says we're about to ping weblogs.com.\r
1251           * immediately refresh to the real pinging page, which will \r
1252           * show an error, or redirect to the blog.\r
1253           *\r
1254           * @param $blogid ID of blog for which ping needs to be sent out\r
1255           */\r
1256         function action_sendping($blogid = -1) {\r
1257                 global $member;\r
1258                 \r
1259                 if ($blogid == -1)\r
1260                         $blogid = intRequestVar('blogid');\r
1261                 \r
1262                 $member->isLoggedIn() or $this->disallow();\r
1263                 \r
1264                 $this->pagehead('<meta http-equiv="refresh" content="1; url=index.php?action=rawping&amp;blogid=' . $blogid . '" />');\r
1265                 ?>              \r
1266                 <h2>Site Updated, Now pinging weblogs.com</h2>\r
1267 \r
1268                 <p>\r
1269                         Pinging weblogs.com! This can a while...\r
1270                         <br />\r
1271                         When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.\r
1272                 </p>\r
1273                 \r
1274                 <p>\r
1275                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>\r
1276                 </p>\r
1277                 <?php           $this->pagefoot();\r
1278         }\r
1279         \r
1280         // ping to Weblogs.com\r
1281         // sends the real ping (can take up to 10 seconds!)\r
1282         function action_rawping() {\r
1283                 global $manager;\r
1284                 // TODO: checks?\r
1285                                 \r
1286                 $blogid = intRequestVar('blogid');\r
1287                 $blog =& $manager->getBlog($blogid);\r
1288                 \r
1289                 $result = $blog->sendUserlandPing();\r
1290                 \r
1291                 $this->pagehead();\r
1292                 \r
1293                 ?>\r
1294                 \r
1295                 <h2>Ping Results</h2>\r
1296                 \r
1297                 <p>The following message was returned by weblogs.com:</p>\r
1298                 \r
1299                 <div class='note'><?php echo  $result ?></div>\r
1300                 \r
1301                 <ul>\r
1302                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>\r
1303                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>\r
1304                 </ul>\r
1305                 \r
1306                 <?php           $this->pagefoot();\r
1307         }\r
1308         \r
1309         /** \r
1310           * Allows to edit previously made comments\r
1311           */\r
1312         function action_commentedit() {\r
1313                 global $member, $manager;\r
1314                 \r
1315                 $commentid = intRequestVar('commentid');\r
1316                 \r
1317                 $member->canAlterComment($commentid) or $this->disallow();\r
1318 \r
1319                 $comment = COMMENT::getComment($commentid);\r
1320                 \r
1321                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
1322 \r
1323                 // change <br /> to \n\r
1324                 $comment['body'] = str_replace('<br />','',$comment['body']);\r
1325                 \r
1326                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]>[^<]*</a>","\\1",$comment['body']);\r
1327                 \r
1328                 $this->pagehead();\r
1329                 \r
1330                 ?>\r
1331                 <h2><?php echo _EDITC_TITLE?></h2>\r
1332                 \r
1333                 <form action="index.php" method="post"><div>\r
1334                 \r
1335                 <input type="hidden" name="action" value="commentupdate" />\r
1336                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1337                 <table><tr>\r
1338                         <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
1339                 </tr><tr>\r
1340                         <td><?php echo _EDITC_WHO?></td>\r
1341                         <td>\r
1342                         <?php                           if ($comment['member']) \r
1343                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
1344                                 else \r
1345                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
1346                         ?>\r
1347                         </td>\r
1348                 </tr><tr>\r
1349                         <td><?php echo _EDITC_WHEN?></td>\r
1350                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
1351                 </tr><tr>\r
1352                         <td><?php echo _EDITC_HOST?></td>\r
1353                         <td><?php echo  $comment['host']; ?></td>\r
1354                 </tr><tr>\r
1355                         <td><?php echo _EDITC_TEXT?></td>\r
1356                         <td>\r
1357                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)\r
1358                                         echo $comment['body'];\r
1359                                 ?></textarea>\r
1360                         </td>\r
1361                 </tr><tr>\r
1362                         <td><?php echo _EDITC_EDIT?></td>\r
1363                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
1364                 </tr></table>\r
1365                 \r
1366                 </div></form>\r
1367                 <?php           \r
1368                 $this->pagefoot();\r
1369         }\r
1370         \r
1371         function action_commentupdate() {\r
1372                 global $member, $manager;\r
1373                 \r
1374                 $commentid = intRequestVar('commentid');\r
1375                 \r
1376                 $member->canAlterComment($commentid) or $this->disallow();\r
1377                 \r
1378                 $body = postVar('body');\r
1379                 \r
1380                 // intercept words that are too long\r
1381                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) \r
1382                         $this->error(_ERROR_COMMENT_LONGWORD);\r
1383 \r
1384                 // check length\r
1385                 if (strlen($body)<3)\r
1386                         $this->error(_ERROR_COMMENT_NOCOMMENT);\r
1387                 if (strlen($body)>5000)\r
1388                         $this->error(_ERROR_COMMENT_TOOLONG);\r
1389                 \r
1390                 \r
1391                 // prepare body\r
1392                 $body = COMMENT::prepareBody($body);\r
1393                 \r
1394                 // call plugins\r
1395                 $manager->notify('PreUpdateComment',array('body' => &$body));\r
1396                 \r
1397                 $query =  'UPDATE '.sql_table('comment')\r
1398                        . " SET cbody='" .addslashes($body). "'"\r
1399                        . " WHERE cnumber=" . $commentid;\r
1400                 sql_query($query);\r
1401                 \r
1402                 // get itemid\r
1403                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
1404                 $o = mysql_fetch_object($res);\r
1405                 $itemid = $o->citem;\r
1406                 \r
1407                 if ($member->canAlterItem($itemid))\r
1408                         $this->action_itemcommentlist($itemid); \r
1409                 else\r
1410                         $this->action_browseowncomments();\r
1411         \r
1412         }\r
1413         \r
1414         function action_commentdelete() {\r
1415                 global $member;\r
1416                 \r
1417                 $commentid = intRequestVar('commentid');\r
1418                 \r
1419                 $member->canAlterComment($commentid) or $this->disallow();\r
1420 \r
1421                 $comment = COMMENT::getComment($commentid);\r
1422 \r
1423                 $body = strip_tags($comment['body']);\r
1424                 $body = htmlspecialchars(shorten($body, 300, '...'));\r
1425                 \r
1426                 if ($comment['member'])\r
1427                         $author = $comment['member'];\r
1428                 else\r
1429                         $author = $comment['user'];\r
1430                 \r
1431                 $this->pagehead();\r
1432                 ?>\r
1433                 \r
1434                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1435                         \r
1436                         <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
1437                         \r
1438                         <div class="note">\r
1439                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
1440                         <br />\r
1441                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
1442                         </div>\r
1443                         \r
1444                         <form method="post" action="index.php"><div>\r
1445                                 <input type="hidden" name="action" value="commentdeleteconfirm" />\r
1446                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1447                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
1448                         </div></form>\r
1449                 <?php           \r
1450                 $this->pagefoot();\r
1451         }\r
1452         \r
1453         function action_commentdeleteconfirm() {\r
1454                 global $member;\r
1455                 \r
1456                 $commentid = intRequestVar('commentid');\r
1457                 \r
1458                 // get item id first\r
1459                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
1460                 $o = mysql_fetch_object($res);\r
1461                 $itemid = $o->citem;\r
1462 \r
1463                 $error = $this->deleteOneComment($commentid);\r
1464                 if ($error)\r
1465                         $this->doError($error);\r
1466                         \r
1467                 if ($member->canAlterItem($itemid))\r
1468                         $this->action_itemcommentlist($itemid); \r
1469                 else\r
1470                         $this->action_browseowncomments();\r
1471         }\r
1472         \r
1473         function deleteOneComment($commentid) {\r
1474                 global $member, $manager;\r
1475                 \r
1476                 $commentid = intval($commentid);\r
1477                 \r
1478                 if (!$member->canAlterComment($commentid))\r
1479                         return _ERROR_DISALLOWED;\r
1480                         \r
1481                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
1482                                 \r
1483                 // delete the comments associated with the item\r
1484                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
1485                 sql_query($query);\r
1486                 \r
1487                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));                \r
1488                 \r
1489                 return '';\r
1490         }\r
1491         \r
1492         /**\r
1493           * Usermanagement main\r
1494           */\r
1495         function action_usermanagement() {\r
1496                 global $member;\r
1497                 \r
1498                 // check if allowed\r
1499                 $member->isAdmin() or $this->disallow();\r
1500 \r
1501                 $this->pagehead();\r
1502         \r
1503                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
1504                 \r
1505                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
1506                 \r
1507                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
1508                 \r
1509                 // show list of members with actions\r
1510                 $query =  'SELECT *'\r
1511                        . ' FROM '.sql_table('member');\r
1512                 $template['content'] = 'memberlist';\r
1513                 $template['tabindex'] = 10;\r
1514                 \r
1515                 $batch = new BATCH('member');\r
1516                 $batch->showlist($query,'table',$template);\r
1517 \r
1518                 echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
1519                 ?>\r
1520                         <form method="post" action="index.php"><div>\r
1521                         \r
1522                         <input type="hidden" name="action" value="memberadd" />\r
1523                         \r
1524                         <table>\r
1525                         <tr>\r
1526                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
1527                         </tr><tr>\r
1528                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1529                                     <br /><small>(This is the name used to logon)</small>\r
1530                                 </td>\r
1531                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>\r
1532                         </tr><tr>\r
1533                                 <td><?php echo _MEMBERS_REALNAME?></td>\r
1534                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
1535                         </tr><tr>\r
1536                                 <td><?php echo _MEMBERS_PWD?></td>\r
1537                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
1538                         </tr><tr>\r
1539                                 <td><?php echo _MEMBERS_REPPWD?></td>\r
1540                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
1541                         </tr><tr>\r
1542                                 <td><?php echo _MEMBERS_EMAIL?></td>\r
1543                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
1544                         </tr><tr>\r
1545                                 <td><?php echo _MEMBERS_URL?></td>\r
1546                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
1547                         </tr><tr>\r
1548                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1549                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
1550                         </tr><tr>\r
1551                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1552                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
1553                         </tr><tr>\r
1554                                 <td><?php echo _MEMBERS_NOTES?></td>\r
1555                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
1556                         </tr><tr>\r
1557                                 <td><?php echo _MEMBERS_NEW?></td>\r
1558                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
1559                         </tr></table>\r
1560                         \r
1561                         </div></form>           \r
1562                 <?php           \r
1563                 $this->pagefoot();\r
1564         }\r
1565         \r
1566         /**\r
1567           * Edit member settings\r
1568           */\r
1569         function action_memberedit() {\r
1570                 $this->action_editmembersettings(intRequestVar('memberid'));\r
1571         }\r
1572         function action_editmembersettings($memberid = '') {\r
1573                 global $member, $manager, $CONF;\r
1574                 \r
1575                 if ($memberid == '')\r
1576                         $memberid = $member->getID();\r
1577                 \r
1578                 // check if allowed\r
1579                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1580         \r
1581                 $this->pagehead();\r
1582 \r
1583                 // show message to go back to member overview (only for admins)\r
1584                 if ($member->isAdmin())\r
1585                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
1586                 else\r
1587                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
1588 \r
1589                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
1590                 \r
1591                 $mem = MEMBER::createFromID($memberid);\r
1592                 \r
1593                 ?>\r
1594                 <form method="post" action="index.php"><div>\r
1595                 \r
1596                 <input type="hidden" name="action" value="changemembersettings" />\r
1597                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
1598                 <table><tr>\r
1599                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
1600                 </tr><tr>\r
1601                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1602                             <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1603                         </td>\r
1604                         <td>\r
1605                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1606                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
1607                         <?php } else {\r
1608                                 echo htmlspecialchars($member->getDisplayName());\r
1609                            }\r
1610                         ?>\r
1611                         </td>\r
1612                 </tr><tr>\r
1613                         <td><?php echo _MEMBERS_REALNAME?></td>\r
1614                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
1615                 </tr><tr>               \r
1616                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1617                         <td><?php echo _MEMBERS_PWD?></td>\r
1618                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
1619                 </tr><tr>\r
1620                         <td><?php echo _MEMBERS_REPPWD?></td>\r
1621                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
1622                 <?php } ?>\r
1623                 </tr><tr>\r
1624                         <td><?php echo _MEMBERS_EMAIL?>\r
1625                             <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
1626                         </td>\r
1627                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
1628                 </tr><tr>\r
1629                         <td><?php echo _MEMBERS_URL?></td>\r
1630                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>                  \r
1631                 <?php // only allow to change this by super-admins\r
1632                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
1633                    if ($member->isAdmin()) {\r
1634                 ?>\r
1635                         </tr><tr>\r
1636                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1637                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>       \r
1638                         </tr><tr>\r
1639                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1640                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70); ?></td>\r
1641                 <?php } ?>\r
1642                 </tr><tr>\r
1643                         <td><?php echo _MEMBERS_NOTES?></td>\r
1644                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>                      \r
1645                 </tr><tr>               \r
1646                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
1647                         </td>\r
1648                         <td>\r
1649                         \r
1650                                 <select name="deflang" tabindex="85">\r
1651                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
1652                                 <?php                           // show a dropdown list of all available languages\r
1653                                 global $DIR_LANG;\r
1654                                 $dirhandle = opendir($DIR_LANG);\r
1655                                 while ($filename = readdir($dirhandle)) {\r
1656                                         if (ereg("^(.*)\.php$",$filename,$matches)) {\r
1657                                                 $name = $matches[1];\r
1658                                                 echo "<option value='$name'";\r
1659                                                 if ($name == $mem->getLanguage())\r
1660                                                         echo " selected='selected'";\r
1661                                                 echo ">$name</option>";\r
1662                                         }\r
1663                                 }\r
1664                                 closedir($dirhandle);\r
1665 \r
1666                                 ?>\r
1667                                 </select>                       \r
1668                         \r
1669                         </td>\r
1670                 </tr>\r
1671                 <?php\r
1672                         // plugin options\r
1673                         $this->_insertPluginOptions('member',$memberid);                        \r
1674                 ?>\r
1675                 <tr>\r
1676                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
1677                 </tr><tr>\r
1678                         <td><?php echo _MEMBERS_EDIT?></td>\r
1679                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
1680                 </tr></table>\r
1681                 \r
1682                 </div></form>\r
1683                 \r
1684                 \r
1685                 <?php           \r
1686                         echo '<h3>', _PLUGINS_EXTRA , '</h3>';\r
1687                         $manager->notify(\r
1688                                 'MemberSettingsFormExtras',     \r
1689                                 array(\r
1690                                         'member' => &$mem\r
1691                                 )\r
1692                         );\r
1693                         \r
1694                 $this->pagefoot();\r
1695         }\r
1696         \r
1697         \r
1698         function action_changemembersettings() {\r
1699                 global $member, $CONF, $manager;\r
1700                 \r
1701                 $memberid = intRequestVar('memberid');\r
1702                 \r
1703                 // check if allowed\r
1704                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1705                 \r
1706                 $name                   = trim(postVar('name'));\r
1707                 $realname               = trim(postVar('realname'));\r
1708                 $password               = postVar('password');\r
1709                 $repeatpassword = postVar('repeatpassword');            \r
1710                 $email                  = postVar('email');\r
1711                 $url                    = postVar('url');\r
1712 \r
1713                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.\r
1714                 if (!eregi("^https?://", $url))\r
1715                         $url = "http://".$url;\r
1716 \r
1717                 $admin                  = postVar('admin');\r
1718                 $canlogin               = postVar('canlogin');\r
1719                 $notes                  = postVar('notes');\r
1720                 $deflang                = postVar('deflang');\r
1721                 \r
1722                 $mem = MEMBER::createFromID($memberid);\r
1723 \r
1724                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1725 \r
1726                         if (!isValidDisplayName($name))\r
1727                                 $this->error(_ERROR_BADNAME);\r
1728 \r
1729                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
1730                                 $this->error(_ERROR_NICKNAMEINUSE);\r
1731                                 \r
1732                         if ($password != $repeatpassword)\r
1733                                 $this->error(_ERROR_PASSWORDMISMATCH);\r
1734                                 \r
1735                         if ($password && (strlen($password) < 6))\r
1736                                 $this->error(_ERROR_PASSWORDTOOSHORT);\r
1737                 }\r
1738                 \r
1739                 if (!isValidMailAddress($email))\r
1740                         $this->error(_ERROR_BADMAILADDRESS);\r
1741 \r
1742         \r
1743                 if (!$realname)\r
1744                         $this->error(_ERROR_REALNAMEMISSING);\r
1745                         \r
1746                 if (($deflang != '') && (!checkLanguage($deflang))) \r
1747                         $this->error(_ERROR_NOSUCHLANGUAGE);\r
1748                 \r
1749                 // check if there will remain at least one site member with both the logon and admin rights\r
1750                 // (check occurs when taking away one of these rights from such a member)\r
1751                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
1752                      || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
1753                    )\r
1754                 {\r
1755                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
1756                         if (mysql_num_rows($r) < 2)\r
1757                                 $this->error(_ERROR_ATLEASTONEADMIN);\r
1758                 }\r
1759                 \r
1760                 \r
1761                 // if email changed, generate new password\r
1762                 if ($email != $mem->getEmail())\r
1763                 {\r
1764                         $password = genPassword(10);\r
1765                         $newpass = 1;\r
1766                 } else {\r
1767                         $newpass = 0;\r
1768                 }\r
1769 \r
1770                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1771                         $mem->setDisplayName($name);\r
1772                         if ($password) \r
1773                                 $mem->setPassword($password);\r
1774                 }\r
1775 \r
1776                 if ($newpass)\r
1777                         $mem->setPassword($password);\r
1778                 \r
1779                 $mem->setRealName($realname);\r
1780                 $mem->setEmail($email);\r
1781                 $mem->setURL($url);\r
1782                 $mem->setNotes($notes);\r
1783                 $mem->setLanguage($deflang);\r
1784 \r
1785                 \r
1786                 // only allow super-admins to make changes to the admin status\r
1787                 if ($member->isAdmin()) {\r
1788                         $mem->setAdmin($admin);\r
1789                         $mem->setCanLogin($canlogin);\r
1790                 }\r
1791 \r
1792         \r
1793                 $mem->write();\r
1794                 \r
1795                 // store plugin options\r
1796                 $aOptions = requestArray('plugoption');\r
1797                 NucleusPlugin::_applyPluginOptions($aOptions);\r
1798                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));           \r
1799                 \r
1800                 // if new password was generated, send out mail message and logout\r
1801                 if ($newpass) \r
1802                         $mem->sendPassword($password);\r
1803 \r
1804                 if (  ( $mem->getID() == $member->getID() ) \r
1805                    && ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) )\r
1806                    ) {\r
1807                         $member->logout();\r
1808                         $this->action_login(_MSG_LOGINAGAIN, 0);\r
1809                 } else {\r
1810                         $this->action_overview(_MSG_SETTINGSCHANGED);\r
1811                 }\r
1812         }\r
1813         \r
1814         function action_memberadd() {\r
1815                 global $member;\r
1816                 \r
1817                 // check if allowed\r
1818                 $member->isAdmin() or $this->disallow();\r
1819                 \r
1820                 if (postVar('password') != postVar('repeatpassword'))\r
1821                         $this->error(_ERROR_PASSWORDMISMATCH);\r
1822                 if (strlen(postVar('password')) < 6)  \r
1823                         $this->error(_ERROR_PASSWORDTOOSHORT);\r
1824                 \r
1825                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));    \r
1826                 if ($res != 1)\r
1827                         $this->error($res);\r
1828                 \r
1829                 $this->action_usermanagement();         \r
1830         }\r
1831         \r
1832         /**\r
1833           * Manage team\r
1834           */\r
1835         function action_manageteam() {\r
1836                 global $member;\r
1837                 \r
1838                 $blogid = intRequestVar('blogid');\r
1839                 \r
1840                 // check if allowed\r
1841                 $member->blogAdminRights($blogid) or $this->disallow();\r
1842         \r
1843                 $this->pagehead();\r
1844                 \r
1845                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
1846                 \r
1847                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
1848                 \r
1849                 echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
1850 \r
1851 \r
1852 \r
1853                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
1854                        . ' FROM '.sql_table('member').', '.sql_table('team')\r
1855                        . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
1856 \r
1857                 $template['content'] = 'teamlist';\r
1858                 $template['tabindex'] = 10;\r
1859                 \r
1860                 $batch = new BATCH('team');\r
1861                 $batch->showlist($query, 'table', $template);\r
1862 \r
1863                 ?>\r
1864                         <h3><?php echo _TEAM_ADDNEW?></h3>\r
1865 \r
1866                         <form method='post' action='index.php'><div>\r
1867                         \r
1868                         <input type='hidden' name='action' value='teamaddmember' />\r
1869                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
1870 \r
1871                         <table><tr>\r
1872                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
1873                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed\r
1874                                         $query =  'SELECT mname as text, mnumber as value'\r
1875                                                . ' FROM '.sql_table('member');\r
1876 \r
1877                                         $template['name'] = 'memberid';\r
1878                                         $template['tabindex'] = 10000;\r
1879                                         showlist($query,'select',$template);                    \r
1880                                 ?></td>\r
1881                         </tr><tr>\r
1882                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
1883                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
1884                         </tr><tr>\r
1885                                 <td><?php echo _TEAM_ADD?></td>\r
1886                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>            \r
1887                         </tr></table>\r
1888                         \r
1889                         </div></form>\r
1890                 <?php           \r
1891                 $this->pagefoot();\r
1892         }\r
1893         \r
1894         /**\r
1895           * Add member tot tram\r
1896           */\r
1897         function action_teamaddmember() {\r
1898                 global $member, $manager;\r
1899                 \r
1900                 $memberid = intPostVar('memberid');\r
1901                 $blogid = intPostVar('blogid');\r
1902                 $admin = intPostVar('admin');\r
1903                 \r
1904                 // check if allowed\r
1905                 $member->blogAdminRights($blogid) or $this->disallow();\r
1906                 \r
1907                 $blog =& $manager->getBlog($blogid);\r
1908                 if (!$blog->addTeamMember($memberid, $admin))\r
1909                         $this->error(_ERROR_ALREADYONTEAM);\r
1910                 \r
1911                 $this->action_manageteam();\r
1912                 \r
1913         }\r
1914         \r
1915         function action_teamdelete() {\r
1916                 global $member, $manager;\r
1917                 \r
1918                 $memberid = intRequestVar('memberid');\r
1919                 $blogid = intRequestVar('blogid');\r
1920                 \r
1921                 // check if allowed\r
1922                 $member->blogAdminRights($blogid) or $this->disallow();\r
1923                 \r
1924                 $teammem = MEMBER::createFromID($memberid);\r
1925                 $blog =& $manager->getBlog($blogid);\r
1926                 \r
1927                 $this->pagehead();\r
1928                 ?>\r
1929                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1930                         \r
1931                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
1932                         </p>\r
1933                         \r
1934                         \r
1935                         <form method="post" action="index.php"><div>\r
1936                         <input type="hidden" name="action" value="teamdeleteconfirm" />\r
1937                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
1938                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
1939                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
1940                         </div></form>\r
1941                 <?php           \r
1942                 $this->pagefoot();\r
1943         }\r
1944         \r
1945         function action_teamdeleteconfirm() {\r
1946                 global $member;\r
1947                 \r
1948                 $memberid = intRequestVar('memberid');\r
1949                 $blogid = intRequestVar('blogid');\r
1950 \r
1951                 $error = $this->deleteOneTeamMember($blogid, $memberid);\r
1952                 \r
1953                 \r
1954                 $this->action_manageteam();\r
1955         }\r
1956         \r
1957         function deleteOneTeamMember($blogid, $memberid) {\r
1958                 global $member, $manager;\r
1959                 \r
1960                 $blogid = intval($blogid);\r
1961                 $memberid = intval($memberid);\r
1962                 \r
1963                 // check if allowed\r
1964                 if (!$member->blogAdminRights($blogid))\r
1965                         return _ERROR_DISALLOWED;\r
1966 \r
1967                 // check if: - there remains at least one blog admin\r
1968                 //           - (there remains at least one team member)\r
1969                 $tmem = MEMBER::createFromID($memberid);\r
1970                 \r
1971                 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));                         \r
1972                 \r
1973                 if ($tmem->isBlogAdmin($blogid)) {\r
1974                         // check if there are more blog members left and at least one admin\r
1975                         // (check for at least two admins before deletion)\r
1976                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
1977                         $r = sql_query($query);\r
1978                         if (mysql_num_rows($r) < 2)\r
1979                                 return _ERROR_ATLEASTONEBLOGADMIN;\r
1980                 }\r
1981                 \r
1982                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
1983                 sql_query($query);\r
1984                 \r
1985                 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));                                                \r
1986                 \r
1987                 return '';\r
1988         }\r
1989         \r
1990         function action_teamchangeadmin() {\r
1991                 global $member;\r
1992                 \r
1993                 $blogid = intRequestVar('blogid');\r
1994                 $memberid = intRequestVar('memberid');\r
1995                 \r
1996                 // check if allowed\r
1997                 $member->blogAdminRights($blogid) or $this->disallow();\r
1998 \r
1999                 $mem = MEMBER::createFromID($memberid);\r
2000                 \r
2001                 // don't allow when there is only one admin at this moment\r
2002                 if ($mem->isBlogAdmin($blogid)) {\r
2003                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
2004                         if (mysql_num_rows($r) == 1)\r
2005                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
2006                 }\r
2007                 \r
2008                 if ($mem->isBlogAdmin($blogid))\r
2009                         $newval = 0;\r
2010                 else    \r
2011                         $newval = 1;\r
2012                         \r
2013                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
2014                 sql_query($query);\r
2015                 \r
2016                 // only show manageteam if member did not change its own admin privileges\r
2017                 if ($member->isBlogAdmin($blogid))\r
2018                         $this->action_manageteam();\r
2019                 else\r
2020                         $this->action_overview(_MSG_ADMINCHANGED);\r
2021         }\r
2022           \r
2023         function action_blogsettings() {\r
2024                 global $member, $manager;\r
2025                 \r
2026                 $blogid = intRequestVar('blogid');\r
2027                 \r
2028                 // check if allowed\r
2029                 $member->blogAdminRights($blogid) or $this->disallow();\r
2030                 \r
2031                 $blog =& $manager->getBlog($blogid);\r
2032                 \r
2033                 $this->pagehead();\r
2034                 \r
2035                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
2036                 ?>\r
2037                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
2038 \r
2039                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
2040                 \r
2041                 <p>Members currently on your team: \r
2042                 <?php\r
2043                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
2044                         $aMemberNames = array();\r
2045                         while ($o = mysql_fetch_object($res))\r
2046                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
2047                         echo implode(',', $aMemberNames);\r
2048                 ?>\r
2049                 </p>\r
2050                 \r
2051                 \r
2052 \r
2053                 <p>\r
2054                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
2055                 </p>\r
2056 \r
2057                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
2058                 \r
2059                 <form method="post" action="index.php"><div>\r
2060                 \r
2061                 <input type="hidden" name="action" value="blogsettingsupdate" />\r
2062                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2063                 <table><tr>\r
2064                         <td><?php echo _EBLOG_NAME?></td>\r
2065                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
2066                 </tr><tr>\r
2067                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
2068                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
2069                         </td>\r
2070                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
2071                 </tr><tr>\r
2072                         <td><?php echo _EBLOG_DESC?></td>\r
2073                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
2074                 </tr><tr>\r
2075                         <td><?php echo _EBLOG_URL?></td>\r
2076                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
2077                 </tr><tr>\r
2078                         <td><?php echo _EBLOG_DEFSKIN?>\r
2079                             <?php help('blogdefaultskin'); ?>\r
2080                         </td>\r
2081                         <td>\r
2082                                 <?php \r
2083                                         $query =  'SELECT sdname as text, sdnumber as value'\r
2084                                                . ' FROM '.sql_table('skin_desc');\r
2085                                         $template['name'] = 'defskin';\r
2086                                         $template['selected'] = $blog->getDefaultSkin();\r
2087                                         $template['tabindex'] = 50;\r
2088                                         showlist($query,'select',$template);            \r
2089                                 ?>\r
2090                                 \r
2091                         </td>\r
2092                 </tr><tr>\r
2093                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
2094                         </td>\r
2095                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>        \r
2096                 </tr><tr>\r
2097                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
2098                         </td>\r
2099                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>  \r
2100                 </tr><tr>                                       \r
2101                         <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
2102                         </td>\r
2103                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>   \r
2104                 </tr><tr>\r
2105                         <td><?php echo _EBLOG_ANONYMOUS?>\r
2106                         </td>\r
2107                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>    \r
2108                 </tr><tr>               \r
2109                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
2110                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
2111                 </tr><tr>\r
2112                         <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
2113                         <td>\r
2114                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
2115                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
2116                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
2117                                 <br />\r
2118                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
2119                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>                           \r
2120                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
2121                                 <br />\r
2122                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
2123                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>                                \r
2124                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
2125                         </td>\r
2126                 </tr><tr>\r
2127                         <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>\r
2128                         <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>                          \r
2129                 </tr><tr>               \r
2130                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
2131                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
2132                 </tr><tr>\r
2133                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
2134                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
2135                 </tr><tr>\r
2136                         <td><?php echo _EBLOG_DEFCAT?></td>\r
2137                         <td>\r
2138                                 <?php \r
2139                                         $query =  'SELECT cname as text, catid as value'\r
2140                                                . ' FROM '.sql_table('category')\r
2141                                                . ' WHERE cblog=' . $blog->getID();\r
2142                                         $template['name'] = 'defcat';\r
2143                                         $template['selected'] = $blog->getDefaultCategory();\r
2144                                         $template['tabindex'] = 110;\r
2145                                         showlist($query,'select',$template);            \r
2146                                 ?>\r
2147                         </td>                   \r
2148                 </tr><tr>\r
2149                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
2150                             <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
2151                             <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
2152                             </td>\r
2153                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>                   \r
2154                 </tr><tr>\r
2155                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
2156                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>  \r
2157                 </tr>\r
2158                 <?php\r
2159                         // plugin options\r
2160                         $this->_insertPluginOptions('blog',$blogid);\r
2161                 ?>\r
2162                 <tr>\r
2163                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
2164                 </tr><tr>               \r
2165                         <td><?php echo _EBLOG_CHANGE?></td>\r
2166                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
2167                 </tr></table>\r
2168                 \r
2169                 </div></form>\r
2170                 \r
2171                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
2172                 \r
2173 \r
2174                 <?php           \r
2175                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
2176                 $template['content'] = 'categorylist';\r
2177                 $template['tabindex'] = 200;\r
2178                 \r
2179                 $batch = new BATCH('category');\r
2180                 $batch->showlist($query,'table',$template);\r
2181                 \r
2182                 ?>\r
2183 \r
2184                 \r
2185                 <form action="index.php" method="post"><div>\r
2186                 <input name="action" value="categorynew" type="hidden" />\r
2187                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
2188                 \r
2189                 <table><tr>\r
2190                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
2191                 </tr><tr>\r
2192                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2193                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
2194                 </tr><tr>\r
2195                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2196                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
2197                 </tr><tr>\r
2198                         <td><?php echo _EBLOG_CAT_CREATE?></td>\r
2199                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
2200                 </tr></table>\r
2201                 \r
2202                 </div></form>\r
2203                 \r
2204                 <?php           \r
2205                         echo '<h3>', _PLUGINS_EXTRA , '</h3>';\r
2206                 \r
2207                         $manager->notify(\r
2208                                 'BlogSettingsFormExtras',       \r
2209                                 array(\r
2210                                         'blog' => &$blog\r
2211                                 )\r
2212                         );\r
2213                 \r
2214                 $this->pagefoot();\r
2215         }\r
2216         \r
2217         function action_categorynew() {\r
2218                 global $member, $manager;\r
2219                 \r
2220                 $blogid = intRequestVar('blogid');\r
2221                 \r
2222                 $member->blogAdminRights($blogid) or $this->disallow();\r
2223                 \r
2224                 $cname = postVar('cname');\r
2225                 $cdesc = postVar('cdesc');\r
2226                 \r
2227                 if (!isValidCategoryName($cname))\r
2228                         $this->error(_ERROR_BADCATEGORYNAME);\r
2229                         \r
2230                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);\r
2231                 $res = sql_query($query);\r
2232                 if (mysql_num_rows($res) > 0)\r
2233                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2234                         \r
2235                 $blog           =& $manager->getBlog($blogid);\r
2236                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);\r
2237                 \r
2238                 $this->action_blogsettings();\r
2239         }\r
2240         \r
2241         \r
2242         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
2243                 global $member;\r
2244                 \r
2245                 if ($blogid == '')\r
2246                         $blogid = intGetVar('blogid');\r
2247                 else \r
2248                         $blogid = intval($blogid);\r
2249                 if ($catid == '')\r
2250                         $catid = intGetVar('catid');\r
2251                 else\r
2252                         $catid = intval($catid);\r
2253 \r
2254                 $member->blogAdminRights($blogid) or $this->disallow();\r
2255 \r
2256                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
2257                 $obj = mysql_fetch_object($res);\r
2258 \r
2259                 $cname = $obj->cname;\r
2260                 $cdesc = $obj->cdesc;\r
2261 \r
2262                 $this->pagehead();\r
2263 \r
2264                 ?>\r
2265                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
2266                 <form method='post' action='index.php'><div>\r
2267                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
2268                 <input name="catid" type="hidden" value="<?php echo $catid?>" />                        \r
2269                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />                                 \r
2270                 <input name="action" type="hidden" value="categoryupdate" />            \r
2271                 \r
2272                 <table><tr>\r
2273                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2274                 </tr><tr>\r
2275                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2276                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
2277                 </tr><tr>\r
2278                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2279                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
2280                 </tr>\r
2281                 <?php \r
2282                         // insert plugin options\r
2283                         $this->_insertPluginOptions('category',$catid);\r
2284                 ?>\r
2285                 <tr>\r
2286                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2287                 </tr><tr>\r
2288                         <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
2289                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
2290                 </tr></table>\r
2291                         \r
2292                 </div></form>\r
2293                 <?php           \r
2294                 $this->pagefoot();\r
2295         }\r
2296         \r
2297         \r
2298         function action_categoryupdate() {\r
2299                 global $member, $manager;\r
2300                 \r
2301                 $blogid = intPostVar('blogid');\r
2302                 $catid = intPostVar('catid');\r
2303                 $cname = postVar('cname');\r
2304                 $cdesc = postVar('cdesc');\r
2305                 $desturl = postVar('desturl');\r
2306 \r
2307                 $member->blogAdminRights($blogid) or $this->disallow();\r
2308                 \r
2309                 if (!isValidCategoryName($cname))\r
2310                         $this->error(_ERROR_BADCATEGORYNAME);\r
2311                         \r
2312                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
2313                 $res = sql_query($query);\r
2314                 if (mysql_num_rows($res) > 0)\r
2315                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2316                         \r
2317                 $query =  'UPDATE '.sql_table('category').' SET'\r
2318                            . " cname='" . addslashes($cname) . "',"\r
2319                            . " cdesc='" . addslashes($cdesc) . "'"                         \r
2320                            . " WHERE catid=" . $catid;\r
2321                            \r
2322                 sql_query($query);\r
2323                 \r
2324                 // store plugin options\r
2325                 $aOptions = requestArray('plugoption');\r
2326                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2327                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));          \r
2328 \r
2329                 \r
2330                 if ($desturl) {\r
2331                         redirect($desturl);\r
2332                         exit;\r
2333                 } else {\r
2334                         $this->action_blogsettings();\r
2335                 }\r
2336         }\r
2337 \r
2338         function action_categorydelete() {\r
2339                 global $member, $manager; \r
2340                 \r
2341                 $blogid = intRequestVar('blogid');\r
2342                 $catid = intRequestVar('catid');\r
2343                 \r
2344                 $member->blogAdminRights($blogid) or $this->disallow();\r
2345                 \r
2346                 $blog =& $manager->getBlog($blogid);\r
2347         \r
2348                 // check if the category is valid\r
2349                 if (!$blog->isValidCategory($catid)) \r
2350                         $this->error(_ERROR_NOSUCHCATEGORY);\r
2351         \r
2352                 // don't allow deletion of default category\r
2353                 if ($blog->getDefaultCategory() == $catid)\r
2354                         $this->error(_ERROR_DELETEDEFCATEGORY);\r
2355                 \r
2356                 // check if catid is the only category left for blogid\r
2357                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2358                 $res = sql_query($query);\r
2359                 if (mysql_num_rows($res) == 1)\r
2360                         $this->error(_ERROR_DELETELASTCATEGORY);\r
2361                 \r
2362                 \r
2363                 $this->pagehead();\r
2364                 ?>\r
2365                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2366                         \r
2367                         <div>\r
2368                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  $blog->getCategoryName($catid)?></b>\r
2369                         </div>\r
2370                         \r
2371                         <form method="post" action="index.php"><div>\r
2372                         <input type="hidden" name="action" value="categorydeleteconfirm" />\r
2373                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
2374                         <input type="hidden" name="catid" value="<?php echo $catid?>" />                                                \r
2375                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2376                         </div></form>\r
2377                 <?php           \r
2378                 $this->pagefoot();\r
2379         }\r
2380         \r
2381         function action_categorydeleteconfirm() {\r
2382                 global $member, $manager; \r
2383                 \r
2384                 $blogid = intRequestVar('blogid');\r
2385                 $catid = intRequestVar('catid');\r
2386                 \r
2387                 $member->blogAdminRights($blogid) or $this->disallow();\r
2388 \r
2389                 $error = $this->deleteOneCategory($catid);\r
2390                 if ($error)\r
2391                         $this->error($error);\r
2392 \r
2393                 $this->action_blogsettings();\r
2394         }       \r
2395 \r
2396         function deleteOneCategory($catid) {\r
2397                 global $manager, $member;\r
2398                 \r
2399                 $catid = intval($catid);\r
2400                 \r
2401                 $manager->notify('PreDeleteCategory', array('catid' => $catid));                \r
2402 \r
2403                 $blogid = getBlogIDFromCatID($catid);\r
2404                 \r
2405                 if (!$member->blogAdminRights($blogid))\r
2406                         return ERROR_DISALLOWED;\r
2407                 \r
2408                 // get blog\r
2409                 $blog =& $manager->getBlog($blogid);\r
2410 \r
2411                 // check if the category is valid\r
2412                 if (!$blog || !$blog->isValidCategory($catid)) \r
2413                         return _ERROR_NOSUCHCATEGORY;\r
2414         \r
2415                 $destcatid = $blog->getDefaultCategory();\r
2416                 \r
2417                 // don't allow deletion of default category\r
2418                 if ($blog->getDefaultCategory() == $catid)\r
2419                         return _ERROR_DELETEDEFCATEGORY;\r
2420                 \r
2421                 // check if catid is the only category left for blogid\r
2422                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2423                 $res = sql_query($query);\r
2424                 if (mysql_num_rows($res) == 1)\r
2425                         return _ERROR_DELETELASTCATEGORY;\r
2426                         \r
2427                 // change category for all items to the default category\r
2428                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
2429                 sql_query($query);\r
2430                 \r
2431                 // delete all associated plugin options\r
2432                 NucleusPlugin::_deleteOptionValues('category', $catid);\r
2433                 \r
2434                 // delete category\r
2435                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
2436                 sql_query($query);\r
2437                 \r
2438                 $manager->notify('PostDeleteCategory', array('catid' => $catid));                               \r
2439 \r
2440         }\r
2441         \r
2442         function moveOneCategory($catid, $destblogid) {\r
2443                 global $manager, $member;\r
2444 \r
2445                 $catid = intval($catid);\r
2446                 $destblogid = intval($destblogid);\r
2447                 \r
2448                 $blogid = getBlogIDFromCatID($catid);\r
2449                 \r
2450                 // mover should have admin rights on both blogs\r
2451                 if (!$member->blogAdminRights($blogid))\r
2452                         return _ERROR_DISALLOWED;\r
2453                 if (!$member->blogAdminRights($destblogid))\r
2454                         return _ERROR_DISALLOWED;\r
2455                         \r
2456                 // cannot move to self\r
2457                 if ($blogid == $destblogid)\r
2458                         return _ERROR_MOVETOSELF;\r
2459                 \r
2460                 // get blogs\r
2461                 $blog =& $manager->getBlog($blogid);\r
2462                 $destblog =& $manager->getBlog($destblogid);            \r
2463                 \r
2464                 // check if the category is valid\r
2465                 if (!$blog || !$blog->isValidCategory($catid)) \r
2466                         return _ERROR_NOSUCHCATEGORY;\r
2467                         \r
2468                 // don't allow default category to be moved\r
2469                 if ($blog->getDefaultCategory() == $catid)\r
2470                         return _ERROR_MOVEDEFCATEGORY;\r
2471                         \r
2472                 $manager->notify(\r
2473                         'PreMoveCategory',\r
2474                         array(\r
2475                                 'catid' => &$catid,\r
2476                                 'sourceblog' => &$blog,\r
2477                                 'destblog' => &$destblog\r
2478                         )\r
2479                 );\r
2480                 \r
2481                 // update comments table (cblog)\r
2482                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
2483                 $items = sql_query($query);\r
2484                 while ($oItem = mysql_fetch_object($items)) {\r
2485                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);\r
2486                 }\r
2487 \r
2488                 // update items (iblog)\r
2489                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;\r
2490                 sql_query($query);\r
2491 \r
2492                 // move category \r
2493                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;\r
2494                 sql_query($query);\r
2495 \r
2496                 $manager->notify(\r
2497                         'PostMoveCategory',\r
2498                         array(\r
2499                                 'catid' => &$catid,\r
2500                                 'sourceblog' => &$blog,\r
2501                                 'destblog' => $destblog\r
2502                         )\r
2503                 );              \r
2504                 \r
2505         }\r
2506 \r
2507         function action_blogsettingsupdate() {\r
2508                 global $member, $manager;\r
2509                 \r
2510                 $blogid = intRequestVar('blogid');\r
2511                 \r
2512                 $member->blogAdminRights($blogid) or $this->disallow();\r
2513                 \r
2514                 $blog =& $manager->getBlog($blogid);\r
2515                 \r
2516                 $notify                 = trim(postVar('notify'));\r
2517                 $shortname              = trim(postVar('shortname'));\r
2518                 $updatefile             = trim(postVar('update'));\r
2519                 \r
2520                 $notifyComment  = intPostVar('notifyComment');\r
2521                 $notifyVote             = intPostVar('notifyVote');\r
2522                 $notifyNewItem  = intPostVar('notifyNewItem');          \r
2523                 \r
2524                 if ($notifyComment == 0)        $notifyComment = 1;\r
2525                 if ($notifyVote == 0)           $notifyVote = 1;                \r
2526                 if ($notifyNewItem == 0)        $notifyNewItem = 1;             \r
2527                 \r
2528                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
2529                 \r
2530                 \r
2531                 if ($notify) {\r
2532                         $not = new NOTIFICATION($notify);\r
2533                         if (!$not->validAddresses())\r
2534                                 $this->error(_ERROR_BADNOTIFY);\r
2535                         \r
2536                 }\r
2537                         \r
2538                 if (!isValidShortName($shortname))\r
2539                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
2540                         \r
2541                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))\r
2542                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
2543                         \r
2544                 // check if update file is writable\r
2545                 if ($updatefile && !is_writeable($updatefile))\r
2546                         $this->error(_ERROR_UPDATEFILE);\r
2547 \r
2548                 $blog->setName(trim(postVar('name')));\r
2549                 $blog->setShortName($shortname);\r
2550                 $blog->setNotifyAddress($notify);\r
2551                 $blog->setNotifyType($notifyType);              \r
2552                 $blog->setMaxComments(postVar('maxcomments'));\r
2553                 $blog->setCommentsEnabled(postVar('comments'));\r
2554                 $blog->setTimeOffset(postVar('timeoffset'));\r
2555                 $blog->setUpdateFile($updatefile);\r
2556                 $blog->setURL(trim(postVar('url')));\r
2557                 $blog->setDefaultSkin(intPostVar('defskin'));\r
2558                 $blog->setDescription(trim(postVar('desc')));\r
2559                 $blog->setPublic(postVar('public'));\r
2560                 $blog->setPingUserland(postVar('pinguserland'));\r
2561                 $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
2562                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));             \r
2563                 $blog->setDefaultCategory(intPostVar('defcat'));\r
2564                 $blog->setSearchable(intPostVar('searchable'));\r
2565 \r
2566                 $blog->writeSettings();\r
2567                 \r
2568                 // store plugin options\r
2569                 $aOptions = requestArray('plugoption');\r
2570                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2571                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));          \r
2572                 \r
2573                 \r
2574                 $this->action_overview(_MSG_SETTINGSCHANGED);\r
2575         }\r
2576         \r
2577         function action_deleteblog() {\r
2578                 global $member, $CONF, $manager;\r
2579                 \r
2580                 $blogid = intRequestVar('blogid');              \r
2581                 \r
2582                 $member->blogAdminRights($blogid) or $this->disallow();\r
2583 \r
2584                 // check if blog is default blog\r
2585                 if ($CONF['DefaultBlog'] == $blogid)\r
2586                         $this->error(_ERROR_DELDEFBLOG);\r
2587                         \r
2588                 $blog =& $manager->getBlog($blogid);\r
2589                 \r
2590                 $this->pagehead();\r
2591                 ?>\r
2592                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2593                         \r
2594                         <p><?php echo _WARNINGTXT_BLOGDEL?>\r
2595                         </p>\r
2596                         \r
2597                         <div>\r
2598                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>\r
2599                         </div>\r
2600                         \r
2601                         <form method="post" action="index.php"><div>\r
2602                         <input type="hidden" name="action" value="deleteblogconfirm" />\r
2603                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2604                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2605                         </div></form>\r
2606                 <?php           \r
2607                 $this->pagefoot();\r
2608         }\r
2609         \r
2610         function action_deleteblogconfirm() {\r
2611                 global $member, $CONF, $manager;\r
2612                 \r
2613                 $blogid = intRequestVar('blogid');              \r
2614                 \r
2615                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));                          \r
2616                 \r
2617                 $member->blogAdminRights($blogid) or $this->disallow();\r
2618                 \r
2619                 // check if blog is default blog\r
2620                 if ($CONF['DefaultBlog'] == $blogid)\r
2621                         $this->error(_ERROR_DELDEFBLOG);\r
2622 \r
2623                 // delete all comments\r
2624                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;\r
2625                 sql_query($query);\r
2626 \r
2627                 // delete all items             \r
2628                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;\r
2629                 sql_query($query);\r
2630                 \r
2631                 // delete all team members\r
2632                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;\r
2633                 sql_query($query);\r
2634                 \r
2635                 // delete all bans\r
2636                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;\r
2637                 sql_query($query);\r
2638                 \r
2639                 // delete all categories\r
2640                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;\r
2641                 sql_query($query);\r
2642                 \r
2643                 // delete all associated plugin options\r
2644                 NucleusPlugin::_deleteOptionValues('blog', $blogid);\r
2645                 \r
2646                 // delete the blog itself\r
2647                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;\r
2648                 sql_query($query);\r
2649                 \r
2650                 $manager->notify('PostDeleteBlog', array('blogid' => $blogid));                                         \r
2651                 \r
2652                 $this->action_overview(_DELETED_BLOG);\r
2653         }\r
2654         \r
2655         function action_memberdelete() {\r
2656                 global $member;\r
2657                 \r
2658                 $memberid = intRequestVar('memberid');\r
2659         \r
2660                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
2661                 \r
2662                 $mem = MEMBER::createFromID($memberid);\r
2663                 \r
2664                 $this->pagehead();\r
2665                 ?>\r
2666                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2667                         \r
2668                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo  $mem->getDisplayName() ?></b>\r
2669                         </p>\r
2670                         \r
2671                         <p>\r
2672                         Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)\r
2673                         </p>\r
2674                         \r
2675                         <form method="post" action="index.php"><div>\r
2676                         <input type="hidden" name="action" value="memberdeleteconfirm" />\r
2677                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
2678                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2679                         </div></form>\r
2680                 <?php           \r
2681                 $this->pagefoot();\r
2682         }\r
2683         \r
2684         function action_memberdeleteconfirm() {\r
2685                 global $member;\r
2686                 \r
2687                 $memberid = intRequestVar('memberid');          \r
2688                 \r
2689                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
2690                 \r
2691                 $error = $this->deleteOneMember($memberid);\r
2692                 if ($error)\r
2693                         $this->error($error);\r
2694                 \r
2695                 if ($member->isAdmin())\r
2696                         $this->action_usermanagement();\r
2697                 else\r
2698                         $this->action_overview(_DELETED_MEMBER);\r
2699         }       \r
2700         \r
2701         function deleteOneMember($memberid) {\r
2702                 global $manager;\r
2703                 \r
2704                 $memberid = intval($memberid);\r
2705                 $mem = MEMBER::createFromID($memberid);\r
2706                 \r
2707                 if (!$mem->canBeDeleted()) \r
2708                         return _ERROR_DELETEMEMBER;     \r
2709 \r
2710                 $manager->notify('PreDeleteMember', array('member' => &$mem));                          \r
2711                 \r
2712                 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;\r
2713                 sql_query($query);\r
2714 \r
2715                 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;\r
2716                 sql_query($query);      \r