OSDN Git Service

This commit was generated by cvs2svn to compensate for changes in r4,
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
1 <?php
2 /**
3   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 
4   * Copyright (C) 2002-2004 The Nucleus Group
5   *
6   * This program is free software; you can redistribute it and/or
7   * modify it under the terms of the GNU General Public License
8   * as published by the Free Software Foundation; either version 2
9   * of the License, or (at your option) any later version.
10   * (see nucleus/documentation/index.html#license for more info)
11   *
12   * The code for the Nucleus admin area   
13   *
14   * $Id: ADMIN.php,v 1.1.1.1 2005-02-28 07:14:47 kimitake Exp $
15   */
16  
17 class ADMIN {
18
19         // action currently being executed ($action=xxxx -> action_xxxx method)
20         var $action;
21
22         function ADMIN() {
23
24         }
25         
26         /**
27           * Executes an action
28           *
29           * @param $action
30           *             action to be performed
31           */
32         function action($action) {
33                 global $CONF, $manager;
34                 
35                 // list of action aliases
36                 $alias = array(
37                         'login' => 'overview',
38                         '' => 'overview'
39                 );
40
41                 if ($alias[$action])
42                         $action = $alias[$action];
43
44                 $methodName = 'action_' . $action;
45                 
46                 $this->action = strtolower($action);
47                 
48                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
49                 // is an action that requires user interaction before something is actually done)
50                 // all safe actions are in this array:
51                 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');
52 /*              
53                 // the rest of the actions needs to be checked
54                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
55 */
56                 if (!in_array($this->action, $aActionsNotToCheck))
57                 {
58                         if (!$manager->checkTicket())
59                                 $this->error(_ERROR_BADTICKET);
60                 } 
61
62                 if (method_exists($this, $methodName))
63                         call_user_func(array(&$this, $methodName));
64                 else
65                         $this->error(_BADACTION . " ($action)");
66                 
67         }
68
69
70         function action_showlogin() {
71                 global $error;
72                 $this->action_login($error);
73         }
74
75         function action_login($msg = '', $passvars = 1) {
76                 global $member;
77                 
78                 // skip to overview when allowed
79                 if ($member->isLoggedIn() && $member->canLogin()) {
80                         $this->action_overview();
81                         exit;
82                 }
83                         
84                 $this->pagehead();
85                 
86                 echo '<h2>', _LOGIN ,'</h2>';
87                 if ($msg) echo _MESSAGE , ': ', $msg;
88                 ?>
89                 
90                 <form action="index.php" method="post"><p>
91                 <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />
92                 <br />
93                 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />
94                 <br />
95                 <input name="action" value="login" type="hidden" />
96                 <br />
97                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />
98                 <br />
99                 <small>
100                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>
101                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>
102                 </small>
103                 <?php                   // pass through vars
104                         
105                         $oldaction = postVar('oldaction');
106                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {
107                                 passRequestVars();
108                         }
109
110                         
111                 ?>
112                 </p></form>
113                 <?php           $this->pagefoot();
114         }
115
116
117         /**
118           * provides a screen with the overview of the actions available
119           */
120         function action_overview($msg = '') {
121                 global $member;
122                 
123                 $this->pagehead();
124                 
125                 if ($msg)
126                         echo _MESSAGE , ': ', $msg;
127                 
128                 /* ---- add items ---- */
129                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';
130                 
131                 $showAll = requestVar('showall');
132                 
133                 if (($member->isAdmin()) && ($showAll == 'yes')) {
134                         // Super-Admins have access to all blogs! (no add item support though)
135                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'
136                                . ' FROM ' . sql_table('blog')
137                                . ' ORDER BY bname';
138                 } else {
139                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'
140                                . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
141                                . ' WHERE tblog=bnumber and tmember=' . $member->getID()
142                                . ' ORDER BY bname';             
143                 }
144                 $template['content'] = 'bloglist';
145                 $template['superadmin'] = $member->isAdmin();
146                 $amount = showlist($query,'table',$template);
147                 
148                 if (($showAll != 'yes') && ($member->isAdmin())) {
149                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));
150                         if ($total > $amount) 
151                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';
152                 }
153
154                 if ($amount == 0)
155                         echo _OVERVIEW_NOBLOGS;
156                         
157                 if ($amount != 0) {
158                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';
159                         $query =  'SELECT ititle, inumber, bshortname'
160                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')
161                                . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';
162                         $template['content'] = 'draftlist';
163                         $amountdrafts = showlist($query, 'table', $template);
164                         if ($amountdrafts == 0) 
165                                 echo _OVERVIEW_NODRAFTS;
166                 }
167                 
168                 /* ---- user settings ---- */
169                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';
170                 echo '<ul>';
171                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';
172                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';
173                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';
174                 echo '</ul>';
175                 
176                 /* ---- general settings ---- */
177                 if ($member->isAdmin()) {
178                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';
179                         echo '<ul>';
180                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';
181                         echo '</ul>';
182                 }
183                 
184                 
185                 $this->pagefoot();
186         }
187         
188         // returns a link to a weblog (takes BLOG object as parameter)
189         function bloglink(&$blog) {
190                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';
191         }
192         
193         function action_manage($msg = '') {
194                 global $member;
195                 
196                 $member->isAdmin() or $this->disallow();
197                 
198                 $this->pagehead();
199                 
200                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';
201                 
202                 if ($msg)
203                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';
204
205
206                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';
207                 
208                 echo '<ul>';
209                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';
210                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';
211                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';            
212                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';         
213                 echo '</ul>';
214                 
215                 echo '<h2>' . _MANAGE_SKINS . '</h2>';
216                 echo '<ul>';
217                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';
218                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';
219                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';         
220                 echo '</ul>';
221                 
222                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';          
223                 echo '<ul>';
224                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';                     
225                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';                        
226                 echo '</ul>';   
227                 
228                 $this->pagefoot();      
229         }
230         
231         function action_itemlist($blogid = '') {
232                 global $member, $manager;
233                 
234                 if ($blogid == '')
235                         $blogid = intRequestVar('blogid');
236                 
237                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();                
238                 
239                 $this->pagehead();
240                 $blog =& $manager->getBlog($blogid);
241                 
242                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          
243                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';
244                 
245                 // start index
246                 if (postVar('start'))
247                         $start = intPostVar('start');
248                 else
249                         $start = 0;     
250                         
251                 if ($start == 0)
252                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';            
253                         
254                 // amount of items to show
255                 if (postVar('amount'))
256                         $amount = intPostVar('amount');
257                 else
258                         $amount = 10;   
259                 
260                 $search = postVar('search');    // search through items
261                         
262                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
263                        . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
264                        . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
265                 
266                 if ($search) 
267                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';                       
268                         
269                 // non-blog-admins can only edit/delete their own items
270                 if (!$member->blogAdminRights($blogid)) 
271                         $query .= ' and iauthor=' . $member->getID();
272
273                                 
274                 $query .= ' ORDER BY itime DESC'
275                         . " LIMIT $start,$amount";
276                 
277                 $template['content'] = 'itemlist';
278                 $template['now'] = $blog->getCorrectTime(time());
279
280
281                 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
282                 $navList->showBatchList('item',$query,'table',$template);
283
284                 
285                 $this->pagefoot();
286         }
287         
288         
289         function action_batchitem() {
290                 global $member, $manager;
291                 
292                 // check if logged in
293                 $member->isLoggedIn() or $this->disallow();
294                 
295                 // more precise check will be done for each performed operation 
296         
297                 // get array of itemids from request
298                 $selected = requestIntArray('batch');
299                 $action = requestVar('batchaction');
300                 
301                 // Show error when no items were selected
302                 if (!is_array($selected) || sizeof($selected) == 0)
303                         $this->error(_BATCH_NOSELECTION);
304                         
305                 // On move: when no destination blog/category chosen, show choice now
306                 $destCatid = intRequestVar('destcatid');
307                 if (($action == 'move') && (!$manager->existsCategory($destCatid))) 
308                         $this->batchMoveSelectDestination('item',$selected);
309                 
310                 // On delete: check if confirmation has been given
311                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 
312                         $this->batchAskDeleteConfirmation('item',$selected);
313
314                 $this->pagehead();
315                 
316                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         
317                 echo '<h2>',_BATCH_ITEMS,'</h2>';
318                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
319                 echo '<ul>';
320                 
321
322                 // walk over all itemids and perform action
323                 foreach ($selected as $itemid) {
324                         $itemid = intval($itemid);
325                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';
326
327                         // perform action, display errors if needed
328                         switch($action) {
329                                 case 'delete':
330                                         $error = $this->deleteOneItem($itemid);
331                                         break;
332                                 case 'move':
333                                         $error = $this->moveOneItem($itemid, $destCatid);
334                                         break;
335                                 default:
336                                         $error = _BATCH_UNKNOWN . $action;
337                         }
338
339                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
340                         echo '</li>';
341                 }
342                 
343                 echo '</ul>';
344                 echo '<b>',_BATCH_DONE,'</b>';
345                 
346                 $this->pagefoot();
347
348                 
349         }
350         
351         function action_batchcomment() {
352                 global $member;
353                 
354                 // check if logged in
355                 $member->isLoggedIn() or $this->disallow();
356                 
357                 // more precise check will be done for each performed operation 
358         
359                 // get array of itemids from request
360                 $selected = requestIntArray('batch');
361                 $action = requestVar('batchaction');
362                 
363                 // Show error when no items were selected
364                 if (!is_array($selected) || sizeof($selected) == 0)
365                         $this->error(_BATCH_NOSELECTION);
366                         
367                 // On delete: check if confirmation has been given
368                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 
369                         $this->batchAskDeleteConfirmation('comment',$selected);
370
371                 $this->pagehead();
372                 
373                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         
374                 echo '<h2>',_BATCH_COMMENTS,'</h2>';
375                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
376                 echo '<ul>';
377                 
378                 // walk over all itemids and perform action
379                 foreach ($selected as $commentid) {
380                         $commentid = intval($commentid);
381                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';
382
383                         // perform action, display errors if needed
384                         switch($action) {
385                                 case 'delete':
386                                         $error = $this->deleteOneComment($commentid);
387                                         break;
388                                 default:
389                                         $error = _BATCH_UNKNOWN . $action;
390                         }
391
392                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
393                         echo '</li>';
394                 }
395                 
396                 echo '</ul>';
397                 echo '<b>',_BATCH_DONE,'</b>';
398                 
399                 $this->pagefoot();
400
401                 
402         }
403
404         function action_batchmember() {
405                 global $member;
406                 
407                 // check if logged in and admin
408                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
409                 
410                 // get array of itemids from request
411                 $selected = requestIntArray('batch');
412                 $action = requestVar('batchaction');
413                 
414                 // Show error when no members selected
415                 if (!is_array($selected) || sizeof($selected) == 0)
416                         $this->error(_BATCH_NOSELECTION);
417                         
418                 // On delete: check if confirmation has been given
419                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 
420                         $this->batchAskDeleteConfirmation('member',$selected);
421
422                 $this->pagehead();
423                 
424                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';             
425                 echo '<h2>',_BATCH_MEMBERS,'</h2>';
426                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
427                 echo '<ul>';
428                 
429                 // walk over all itemids and perform action
430                 foreach ($selected as $memberid) {
431                         $memberid = intval($memberid);
432                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';
433
434                         // perform action, display errors if needed
435                         switch($action) {
436                                 case 'delete':
437                                         $error = $this->deleteOneMember($memberid);
438                                         break;
439                                 case 'setadmin':
440                                         // always succeeds
441                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
442                                         $error = '';
443                                         break;
444                                 case 'unsetadmin':
445                                         // there should always remain at least one super-admin
446                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
447                                         if (mysql_num_rows($r) < 2)
448                                                 $error = _ERROR_ATLEASTONEADMIN;
449                                         else
450                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
451                                         break;
452                                 default:
453                                         $error = _BATCH_UNKNOWN . $action;
454                         }
455
456                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
457                         echo '</li>';
458                 }
459                 
460                 echo '</ul>';
461                 echo '<b>',_BATCH_DONE,'</b>';
462                 
463                 $this->pagefoot();
464
465                 
466         }       
467         
468
469         function action_batchteam() {
470                 global $member;
471                 
472                 $blogid = intRequestVar('blogid');
473                 
474                 // check if logged in and admin
475                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
476                 
477                 // get array of itemids from request
478                 $selected = requestIntArray('batch');
479                 $action = requestVar('batchaction');
480                 
481                 // Show error when no members selected
482                 if (!is_array($selected) || sizeof($selected) == 0)
483                         $this->error(_BATCH_NOSELECTION);
484                         
485                 // On delete: check if confirmation has been given
486                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 
487                         $this->batchAskDeleteConfirmation('team',$selected);
488
489                 $this->pagehead();
490                 
491                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';
492
493                 echo '<h2>',_BATCH_TEAM,'</h2>';
494                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
495                 echo '<ul>';
496                 
497                 // walk over all itemids and perform action
498                 foreach ($selected as $memberid) {
499                         $memberid = intval($memberid);
500                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';
501
502                         // perform action, display errors if needed
503                         switch($action) {
504                                 case 'delete':
505                                         $error = $this->deleteOneTeamMember($blogid, $memberid);
506                                         break;
507                                 case 'setadmin':
508                                         // always succeeds
509                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
510                                         $error = '';
511                                         break;
512                                 case 'unsetadmin':
513                                         // there should always remain at least one admin
514                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
515                                         if (mysql_num_rows($r) < 2)
516                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;
517                                         else
518                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
519                                         break;
520                                 default:
521                                         $error = _BATCH_UNKNOWN . $action;
522                         }
523
524                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
525                         echo '</li>';
526                 }
527                 
528                 echo '</ul>';
529                 echo '<b>',_BATCH_DONE,'</b>';
530                 
531                 $this->pagefoot();
532
533                 
534         }       
535
536
537         
538         function action_batchcategory() {
539                 global $member, $manager;
540                 
541                 // check if logged in
542                 $member->isLoggedIn() or $this->disallow();
543                 
544                 // more precise check will be done for each performed operation 
545         
546                 // get array of itemids from request
547                 $selected = requestIntArray('batch');
548                 $action = requestVar('batchaction');
549                 
550                 // Show error when no items were selected
551                 if (!is_array($selected) || sizeof($selected) == 0)
552                         $this->error(_BATCH_NOSELECTION);
553                         
554                 // On move: when no destination blog chosen, show choice now
555                 $destBlogId = intRequestVar('destblogid');
556                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) 
557                         $this->batchMoveCategorySelectDestination('category',$selected);
558                 
559                 // On delete: check if confirmation has been given
560                 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 
561                         $this->batchAskDeleteConfirmation('category',$selected);
562
563                 $this->pagehead();
564                 
565                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         
566                 echo '<h2>',BATCH_CATEGORIES,'</h2>';
567                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';
568                 echo '<ul>';
569                 
570                 // walk over all itemids and perform action
571                 foreach ($selected as $catid) {
572                         $catid = intval($catid);
573                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';
574
575                         // perform action, display errors if needed
576                         switch($action) {
577                                 case 'delete':
578                                         $error = $this->deleteOneCategory($catid);
579                                         break;
580                                 case 'move':
581                                         $error = $this->moveOneCategory($catid, $destBlogId);
582                                         break;
583                                 default:
584                                         $error = _BATCH_UNKNOWN . $action;
585                         }
586
587                         echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
588                         echo '</li>';
589                 }
590                 
591                 echo '</ul>';
592                 echo '<b>',_BATCH_DONE,'</b>';
593                 
594                 $this->pagefoot();
595                 
596         }
597         
598         function batchMoveSelectDestination($type, $ids) {
599                 global $manager;
600                 $this->pagehead();
601                 ?>
602                 <h2><?php echo _MOVE_TITLE?></h2>
603                 <form method="post" action="index.php"><div>
604
605                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
606                         <input type="hidden" name="batchaction" value="move" />
607                         <?php                           
608                                 $manager->addTicketHidden();
609                                 
610                                 // insert selected item numbers
611                                 $idx = 0;
612                                 foreach ($ids as $id)
613                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
614                         
615                                 // show blog/category selection list
616                                 $this->selectBlogCategory('destcatid');
617                         
618                         ?>
619                         
620                         
621                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />
622
623                 </div></form>
624                 <?php           $this->pagefoot();
625                 exit;
626         }
627         
628         function batchMoveCategorySelectDestination($type, $ids) {
629                 global $manager;
630                 $this->pagehead();
631                 ?>
632                 <h2><?php echo _MOVECAT_TITLE?></h2>
633                 <form method="post" action="index.php"><div>
634
635                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
636                         <input type="hidden" name="batchaction" value="move" />
637                         <?php                           
638                                 $manager->addTicketHidden();
639                                 
640                                 // insert selected item numbers
641                                 $idx = 0;
642                                 foreach ($ids as $id)
643                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
644                         
645                                 // show blog/category selection list
646                                 $this->selectBlog('destblogid');
647                         
648                         ?>
649                         
650                         
651                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />
652
653                 </div></form>
654                 <?php           $this->pagefoot();
655                 exit;
656         }
657         
658         function batchAskDeleteConfirmation($type, $ids) {
659                 global $manager;
660                 
661                 $this->pagehead();
662                 ?>
663                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>
664                 <form method="post" action="index.php"><div>
665
666                         <input type="hidden" name="action" value="batch<?php echo $type?>" />
667                         <?php $manager->addTicketHidden() ?>
668                         <input type="hidden" name="batchaction" value="delete" />
669                         <input type="hidden" name="confirmation" value="yes" />                 
670                         <?php                           // insert selected item numbers
671                                 $idx = 0;
672                                 foreach ($ids as $id)
673                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
674                                         
675                                 // add hidden vars for team & comment
676                                 if ($type == 'team') 
677                                 {
678                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';
679                                 }
680                                 if ($type == 'comment') 
681                                 {
682                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';
683                                 }
684                                         
685                         ?>
686                         
687                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />
688
689                 </div></form>
690                 <?php           $this->pagefoot();
691                 exit;
692         }
693         
694         
695         /**
696           * Inserts a HTML select element with choices for all categories to which the current
697           * member has access
698           */
699         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
700                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
701         }
702         
703         /**
704           * Inserts a HTML select element with choices for all blogs to which the user has access
705           *             mode = 'blog' => shows blognames and values are blogids
706           *             mode = 'category' => show category names and values are catids
707           *
708           * @param $iForcedBlogInclude
709           *             ID of a blog that always needs to be included, without checking if the member is on the blog team (-1 = none)
710           */
711         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
712                 global $member, $CONF;
713                 
714                 // 0. get IDs of blogs to which member can post items (+ forced blog)
715                 $aBlogIds = array();
716                 if ($iForcedBlogInclude != -1)
717                         $aBlogIds[] = intval($iForcedBlogInclude);
718
719                 if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) 
720                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
721                 else
722                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();          
723                 $rblogids = sql_query($queryBlogs);
724                 while ($o = mysql_fetch_object($rblogids))
725                         if ($o->bnumber != $iForcedBlogInclude)
726                                 $aBlogIds[] = intval($o->bnumber);
727                                 
728                 if (count($aBlogIds) == 0)
729                         return;
730                 
731                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';
732
733                 // 1. select blogs (we'll create optiongroups)
734                 // (only select those blogs that have the user on the team)
735                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';
736                 $blogs = sql_query($queryBlogs);
737                 if ($mode == 'category') {
738                         if (mysql_num_rows($blogs) > 1)
739                                 $multipleBlogs = 1;
740
741                         while ($oBlog = mysql_fetch_object($blogs)) {
742                                 if ($multipleBlogs)
743                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';
744
745                                 // show selection to create new category when allowed/wanted
746                                 if ($showNewCat) {
747                                         // check if allowed to do so
748                                         if ($member->blogAdminRights($oBlog->bnumber))
749                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';
750                                 }
751
752                                 // 2. for each category in that blog
753                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');
754                                 while ($oCat = mysql_fetch_object($categories)) {
755                                         if ($oCat->catid == $selected)
756                                                 $selectText = ' selected="selected" ';
757                                         else
758                                                 $selectText = '';
759                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';
760                                 }
761
762                                 if ($multipleBlogs)
763                                         echo '</optgroup>';
764                         }
765                 } else {
766                         // blog mode
767                         while ($oBlog = mysql_fetch_object($blogs)) {
768                                 echo '<option value="',$oBlog->bnumber,'"';
769                                 if ($oBlog->bnumber == $selected)
770                                         echo ' selected="selected"';
771                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';                    
772                         }
773                 }
774                 echo '</select>';
775                 
776         }
777         
778         function action_browseownitems() {
779                 global $member;
780                 
781                 $this->pagehead();
782                 
783                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          
784                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';
785                 
786                 // start index
787                 if (postVar('start'))
788                         $start = postVar('start');
789                 else
790                         $start = 0;     
791                         
792                 // amount of items to show
793                 if (postVar('amount'))
794                         $amount = postVar('amount');
795                 else
796                         $amount = 10;   
797                 
798                 $search = postVar('search');    // search through items
799                         
800                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
801                        . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
802                        . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
803                 
804                 if ($search) 
805                         $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
806                         
807                 $query .= ' ORDER BY itime DESC'
808                         . " LIMIT $start,$amount";
809                 
810                 $template['content'] = 'itemlist';
811                 $template['now'] = time();
812
813                 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);
814                 $navList->showBatchList('item',$query,'table',$template);
815
816                 $this->pagefoot();              
817                 
818         }
819         
820         /**
821           * Show all the comments for a given item
822           */
823         function action_itemcommentlist($itemid = '') {
824                 global $member;
825                 
826                 if ($itemid == '')
827                         $itemid = intRequestVar('itemid');
828                 
829                 // only allow if user is allowed to alter item
830                 $member->canAlterItem($itemid) or $this->disallow();
831                 
832                 $blogid = getBlogIdFromItemId($itemid);
833         
834                 $this->pagehead();
835                 
836                 // start index
837                 if (postVar('start'))
838                         $start = postVar('start');
839                 else
840                         $start = 0;     
841                         
842                 // amount of items to show
843                 if (postVar('amount'))
844                         $amount = postVar('amount');
845                 else
846                         $amount = 10;   
847                 
848                 $search = postVar('search');    
849                 
850                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';
851                 echo '<h2>',_COMMENTS,'</h2>';
852                 
853                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;
854
855                 if ($search) 
856                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
857
858                 $query .= ' ORDER BY ctime ASC'
859                         . " LIMIT $start,$amount";
860
861                 $template['content'] = 'commentlist';
862                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
863
864                 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
865                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
866                 
867                 $this->pagefoot();
868         }
869         
870         /**
871           * Browse own comments
872           */
873         function action_browseowncomments() {
874                 global $member;
875                 
876                 // start index
877                 if (postVar('start'))
878                         $start = postVar('start');
879                 else
880                         $start = 0;     
881                         
882                 // amount of items to show
883                 if (postVar('amount'))
884                         $amount = postVar('amount');
885                 else
886                         $amount = 10;   
887                 
888                 $search = postVar('search');                    
889
890
891                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
892
893                 if ($search) 
894                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
895
896                 $query .= ' ORDER BY ctime DESC'
897                         . " LIMIT $start,$amount";
898                 
899                 $this->pagehead();
900                 
901                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          
902                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';
903         
904                 $template['content'] = 'commentlist';
905                 $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself
906                 
907                 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
908                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
909         
910                 $this->pagefoot();
911         }
912         
913         /**
914           * Browse all comments for a weblog
915           */
916         function action_blogcommentlist($blogid = '') 
917         {
918                 global $member, $manager;
919                 
920                 if ($blogid == '')
921                         $blogid = intRequestVar('blogid');
922                 else
923                         $blogid = intval($blogid);
924                         
925                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();                
926                 
927                 // start index
928                 if (postVar('start'))
929                         $start = postVar('start');
930                 else
931                         $start = 0;     
932                         
933                 // amount of items to show
934                 if (postVar('amount'))
935                         $amount = postVar('amount');
936                 else
937                         $amount = 10;   
938                 
939                 $search = postVar('search');            // search through comments
940
941
942                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
943
944                 if ($search != '') 
945                         $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
946                         
947                                 
948                 $query .= ' ORDER BY ctime DESC'
949                         . " LIMIT $start,$amount";
950
951
952                 $blog =& $manager->getBlog($blogid);
953
954                 $this->pagehead();
955                                 
956                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          
957                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';
958                 
959                 $template['content'] = 'commentlist';
960                 $template['canAddBan'] = $member->blogAdminRights($blogid);
961                 
962                 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
963                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
964         
965                 $this->pagefoot();
966         }
967
968         /**
969           * Provide a page to item a new item to the given blog
970           */
971         function action_createitem() {
972                 global $member, $manager;
973                 
974                 $blogid = intRequestVar('blogid');
975                 
976                 // check if allowed
977                 $member->teamRights($blogid) or $this->disallow();              
978                 
979                 $memberid = $member->getID();
980                 
981                 $blog =& $manager->getBlog($blogid);
982                                 
983                 $this->pagehead();
984         
985                 // generate the add-item form
986                 $formfactory =& new PAGEFACTORY($blogid);
987                 $formfactory->createAddForm('admin');
988
989                 $this->pagefoot();      
990         }
991         
992         function action_itemedit() {
993                 global $member, $manager;
994                 
995                 $itemid = intRequestVar('itemid');
996                 
997                 // only allow if user is allowed to alter item
998                 $member->canAlterItem($itemid) or $this->disallow();
999                 
1000                 $item =& $manager->getItem($itemid,1,1);
1001                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
1002                 
1003                 $manager->notify('PrepareItemForEdit', array('item' => &$item));
1004                 
1005                 if ($blog->convertBreaks()) {
1006                         $item['body'] = removeBreaks($item['body']);
1007                         $item['more'] = removeBreaks($item['more']);
1008                 }
1009         
1010                 // form to edit blog items
1011                 $this->pagehead();
1012                 $formfactory =& new PAGEFACTORY($blog->getID());
1013                 $formfactory->createEditForm('admin',$item);            
1014                 $this->pagefoot();      
1015         }
1016         
1017         function action_itemupdate() {
1018                 global $member, $manager, $CONF;
1019                 
1020                 $itemid = intRequestVar('itemid');
1021                 $catid = postVar('catid');
1022                 
1023                 // only allow if user is allowed to alter item
1024                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1025
1026                 $actiontype = postVar('actiontype');
1027                 
1028                 // delete actions are handled by itemdelete (which has confirmation)
1029                 if ($actiontype == 'delete') {
1030                         $this->action_itemdelete();
1031                         return; 
1032                 }
1033                                 
1034                 $body   = postVar('body');
1035                 $title  = postVar('title');
1036                 $more   = postVar('more');
1037                 $closed = intPostVar('closed');
1038
1039                 // default action = add now
1040                 if (!$actiontype) 
1041                         $actiontype='addnow';
1042                         
1043                 // create new category if needed 
1044                 if (strstr($catid,'newcat')) {
1045                         // get blogid 
1046                         list($blogid) = sscanf($catid,"newcat-%d");
1047                         
1048                         // create
1049                         $blog =& $manager->getBlog($blogid);
1050                         $catid = $blog->createNewCategory();
1051
1052                         // show error when sth goes wrong
1053                         if (!$catid) 
1054                                 $this->doError(_ERROR_CATCREATEFAIL);
1055                 } 
1056
1057                 /*
1058                         set some variables based on actiontype
1059                         
1060                         actiontypes:
1061                                 draft items -> addnow, addfuture, adddraft, delete
1062                                 non-draft items -> edit, changedate, delete
1063                         
1064                         variables set:
1065                                 $timestamp: set to a nonzero value for future dates or date changes
1066                                 $wasdraft: set to 1 when the item used to be a draft item
1067                                 $publish: set to 1 when the edited item is not a draft
1068                 */
1069                 switch ($actiontype) {
1070                         case 'adddraft':
1071                                 $publish = 0;
1072                                 $wasdraft = 1;
1073                                 $timestamp = 0;
1074                                 break;
1075                         case 'addfuture':
1076                                 $wasdraft = 1;
1077                                 $publish = 1;
1078                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1079                                 break;
1080                         case 'addnow':
1081                                 $wasdraft = 1;
1082                                 $publish = 1;
1083                                 $timestamp = 0;
1084                                 break;
1085                         case 'changedate':
1086                                 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
1087                                 $publish = 1;
1088                                 $wasdraft = 0;
1089                                 break;
1090                         case 'edit':
1091                         default:
1092                                 $publish = 1;
1093                                 $wasdraft = 0;
1094                                 $timestamp = 0;
1095                 }
1096                 
1097                 // edit the item for real
1098                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
1099
1100                 $blogid = getBlogIDFromItemID($itemid);
1101                 $blog =& $manager->getBlog($blogid);
1102                 if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {
1103                         $this->action_sendping($blogid);
1104                         return;
1105                 }
1106
1107                 // show category edit window when we created a new category
1108                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
1109                 if ($catid != intPostVar('catid')) {
1110                         $this->action_categoryedit(
1111                                 $catid, 
1112                                 $blog->getID(),
1113                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
1114                         );
1115                 } else {
1116                         // TODO: set start item correctly for itemlist
1117                         $this->action_itemlist(getBlogIDFromItemID($itemid));
1118                 }
1119         }
1120         
1121         function action_itemdelete() {
1122                 global $member, $manager;
1123                 
1124                 $itemid = intRequestVar('itemid');
1125                 
1126                 // only allow if user is allowed to alter item
1127                 $member->canAlterItem($itemid) or $this->disallow();
1128                 
1129                 if (!$manager->existsItem($itemid,1,1))
1130                         $this->error(_ERROR_NOSUCHITEM);
1131                         
1132                 $item =& $manager->getItem($itemid,1,1);
1133                 $title = htmlspecialchars(strip_tags($item['title']));
1134                 $body = strip_tags($item['body']);
1135                 $body = htmlspecialchars(shorten($body,300,'...'));
1136                 
1137                 $this->pagehead();
1138                 ?>
1139                         <h2><?php echo _DELETE_CONFIRM?></h2>
1140                         
1141                         <p><?php echo _CONFIRMTXT_ITEM?></p>
1142                         
1143                         <div class="note">
1144                                 <b>"<?php echo  $title ?>"</b>
1145                                 <br />
1146                                 <?php echo $body?>
1147                         </div>
1148                         
1149                         <form method="post" action="index.php"><div>
1150                                 <input type="hidden" name="action" value="itemdeleteconfirm" />
1151                                 <?php $manager->addTicketHidden() ?>
1152                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1153                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />
1154                         </div></form>
1155                 <?php           
1156                 $this->pagefoot();
1157         }
1158         
1159         function action_itemdeleteconfirm() {
1160                 global $member;
1161                 
1162                 $itemid = intRequestVar('itemid');
1163                 
1164                 // only allow if user is allowed to alter item
1165                 $member->canAlterItem($itemid) or $this->disallow();
1166
1167                 // get blogid first
1168                 $blogid = getBlogIdFromItemId($itemid);
1169                 
1170                 // delete item (note: some checks will be performed twice)
1171                 $this->deleteOneItem($itemid);
1172                 
1173                 $this->action_itemlist($blogid);
1174         }
1175         
1176         // deletes one item and returns error if something goes wrong
1177         function deleteOneItem($itemid) {
1178                 global $member, $manager;
1179                 
1180                 // only allow if user is allowed to alter item (also checks if itemid exists)
1181                 if (!$member->canAlterItem($itemid))
1182                         return _ERROR_DISALLOWED;
1183                 
1184                 $manager->loadClass('ITEM');
1185                 ITEM::delete($itemid);
1186         }
1187
1188         function action_itemmove() {
1189                 global $member, $manager;
1190                 
1191                 $itemid = intRequestVar('itemid');              
1192                 
1193                 // only allow if user is allowed to alter item
1194                 $member->canAlterItem($itemid) or $this->disallow();
1195
1196                 $item =& $manager->getItem($itemid,1,1);
1197                 
1198                 $this->pagehead();
1199                 ?>
1200                         <h2><?php echo _MOVE_TITLE?></h2>
1201                         <form method="post" action="index.php"><div>
1202                                 <input type="hidden" name="action" value="itemmoveto" />
1203                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />
1204                                 
1205                                 <?php 
1206                                         
1207                                         $manager->addTicketHidden();
1208                                         $this->selectBlogCategory('catid',$item['catid'],10,1);
1209                                 ?>
1210                                 
1211                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />
1212                         </div></form>
1213                 <?php           
1214                 $this->pagefoot();
1215         }
1216
1217         function action_itemmoveto() {
1218                 global $member, $manager;
1219                 
1220                 $itemid = intRequestVar('itemid');
1221                 $catid = requestVar('catid');
1222                 
1223                 // create new category if needed 
1224                 if (strstr($catid,'newcat')) {
1225                         // get blogid 
1226                         list($blogid) = sscanf($catid,'newcat-%d');
1227                         
1228                         // create
1229                         $blog =& $manager->getBlog($blogid);
1230                         $catid = $blog->createNewCategory();
1231
1232                         // show error when sth goes wrong
1233                         if (!$catid) 
1234                                 $this->doError(_ERROR_CATCREATEFAIL);
1235                 } 
1236                 
1237                 // only allow if user is allowed to alter item
1238                 $member->canUpdateItem($itemid, $catid) or $this->disallow();
1239
1240                 ITEM::move($itemid, $catid);            
1241                 
1242                 if ($catid != intRequestVar('catid'))
1243                         $this->action_categoryedit($catid, $blog->getID());
1244                 else
1245                         $this->action_itemlist(getBlogIDFromCatID($catid));             
1246         }
1247         
1248         /**
1249           * Moves one item to a given category (category existance should be checked by caller)
1250           * errors are returned
1251           */
1252         function moveOneItem($itemid, $destCatid) {
1253                 global $member;
1254                 
1255                 // only allow if user is allowed to move item
1256                 if (!$member->canUpdateItem($itemid, $destCatid))
1257                         return _ERROR_DISALLOWED;
1258
1259                 ITEM::move($itemid, $destCatid);
1260         }
1261
1262         /**
1263           * Adds a item to the chosen blog
1264           */
1265         function action_additem() {
1266                 global $member, $manager, $CONF;
1267                  
1268                 $manager->loadClass('ITEM');
1269
1270                 $result = ITEM::createFromRequest();
1271                 
1272                 if ($result['status'] == 'error')
1273                         $this->error($result['message']);
1274                 
1275                 $blogid = getBlogIDFromItemID($result['itemid']);
1276                 $blog =& $manager->getBlog($blogid);
1277
1278                 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
1279
1280                 if ($result['status'] == 'newcategory')
1281                         $this->action_categoryedit(
1282                                 $result['catid'],
1283                                 $blogid, 
1284                                 $blog->pingUserland() ? $pingUrl : ''
1285                         );
1286                 elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())
1287                         $this->action_sendping($blogid);
1288                 else
1289                         $this->action_itemlist($blogid);
1290         }
1291         
1292         /**
1293           * Shows a window that says we're about to ping weblogs.com.
1294           * immediately refresh to the real pinging page, which will 
1295           * show an error, or redirect to the blog.
1296           *
1297           * @param $blogid ID of blog for which ping needs to be sent out
1298           */
1299         function action_sendping($blogid = -1) {
1300                 global $member, $manager;
1301                 
1302                 if ($blogid == -1)
1303                         $blogid = intRequestVar('blogid');
1304                 
1305                 $member->isLoggedIn() or $this->disallow();
1306                 
1307                 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
1308                 
1309                 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
1310                 ?>              
1311                 <h2>Site Updated, Now pinging weblogs.com</h2>
1312
1313                 <p>
1314                         Pinging weblogs.com! This can a while...
1315                         <br />
1316                         When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.
1317                 </p>
1318                 
1319                 <p>
1320                         If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>
1321                 </p>
1322                 <?php           $this->pagefoot();
1323         }
1324         
1325         // ping to Weblogs.com
1326         // sends the real ping (can take up to 10 seconds!)
1327         function action_rawping() {
1328                 global $manager;
1329                 // TODO: checks?
1330                                 
1331                 $blogid = intRequestVar('blogid');
1332                 $blog =& $manager->getBlog($blogid);
1333                 
1334                 $result = $blog->sendUserlandPing();
1335                 
1336                 $this->pagehead();
1337                 
1338                 ?>
1339                 
1340                 <h2>Ping Results</h2>
1341                 
1342                 <p>The following message was returned by weblogs.com:</p>
1343                 
1344                 <div class='note'><?php echo  $result ?></div>
1345                 
1346                 <ul>
1347                         <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>
1348                         <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>
1349                 </ul>
1350                 
1351                 <?php           $this->pagefoot();
1352         }
1353         
1354         /** 
1355           * Allows to edit previously made comments
1356           */
1357         function action_commentedit() {
1358                 global $member, $manager;
1359                 
1360                 $commentid = intRequestVar('commentid');
1361                 
1362                 $member->canAlterComment($commentid) or $this->disallow();
1363
1364                 $comment = COMMENT::getComment($commentid);
1365                 
1366                 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
1367
1368                 // change <br /> to \n
1369                 $comment['body'] = str_replace('<br />','',$comment['body']);
1370                 
1371                 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]>[^<]*</a>","\\1",$comment['body']);
1372                 
1373                 $this->pagehead();
1374                 
1375                 ?>
1376                 <h2><?php echo _EDITC_TITLE?></h2>
1377                 
1378                 <form action="index.php" method="post"><div>
1379                 
1380                 <input type="hidden" name="action" value="commentupdate" />
1381                 <?php $manager->addTicketHidden(); ?>
1382                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1383                 <table><tr>
1384                         <th colspan="2"><?php echo _EDITC_TITLE?></th>
1385                 </tr><tr>
1386                         <td><?php echo _EDITC_WHO?></td>
1387                         <td>
1388                         <?php                           if ($comment['member']) 
1389                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";
1390                                 else 
1391                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";
1392                         ?>
1393                         </td>
1394                 </tr><tr>
1395                         <td><?php echo _EDITC_WHEN?></td>
1396                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>
1397                 </tr><tr>
1398                         <td><?php echo _EDITC_HOST?></td>
1399                         <td><?php echo  $comment['host']; ?></td>
1400                 </tr><tr>
1401                         <td><?php echo _EDITC_TEXT?></td>
1402                         <td>
1403                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)
1404                                         echo $comment['body'];
1405                                 ?></textarea>
1406                         </td>
1407                 </tr><tr>
1408                         <td><?php echo _EDITC_EDIT?></td>
1409                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>
1410                 </tr></table>
1411                 
1412                 </div></form>
1413                 <?php           
1414                 $this->pagefoot();
1415         }
1416         
1417         function action_commentupdate() {
1418                 global $member, $manager;
1419                 
1420                 $commentid = intRequestVar('commentid');
1421                 
1422                 $member->canAlterComment($commentid) or $this->disallow();
1423                 
1424                 $body = postVar('body');
1425                 
1426                 // intercept words that are too long
1427                 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) 
1428                         $this->error(_ERROR_COMMENT_LONGWORD);
1429
1430                 // check length
1431                 if (strlen($body)<3)
1432                         $this->error(_ERROR_COMMENT_NOCOMMENT);
1433                 if (strlen($body)>5000)
1434                         $this->error(_ERROR_COMMENT_TOOLONG);
1435                 
1436                 
1437                 // prepare body
1438                 $body = COMMENT::prepareBody($body);
1439                 
1440                 // call plugins
1441                 $manager->notify('PreUpdateComment',array('body' => &$body));
1442                 
1443                 $query =  'UPDATE '.sql_table('comment')
1444                        . " SET cbody='" .addslashes($body). "'"
1445                        . " WHERE cnumber=" . $commentid;
1446                 sql_query($query);
1447                 
1448                 // get itemid
1449                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
1450                 $o = mysql_fetch_object($res);
1451                 $itemid = $o->citem;
1452                 
1453                 if ($member->canAlterItem($itemid))
1454                         $this->action_itemcommentlist($itemid); 
1455                 else
1456                         $this->action_browseowncomments();
1457         
1458         }
1459         
1460         function action_commentdelete() {
1461                 global $member, $manager;
1462                 
1463                 $commentid = intRequestVar('commentid');
1464                 
1465                 $member->canAlterComment($commentid) or $this->disallow();
1466
1467                 $comment = COMMENT::getComment($commentid);
1468
1469                 $body = strip_tags($comment['body']);
1470                 $body = htmlspecialchars(shorten($body, 300, '...'));
1471                 
1472                 if ($comment['member'])
1473                         $author = $comment['member'];
1474                 else
1475                         $author = $comment['user'];
1476                 
1477                 $this->pagehead();
1478                 ?>
1479                 
1480                         <h2><?php echo _DELETE_CONFIRM?></h2>
1481                         
1482                         <p><?php echo _CONFIRMTXT_COMMENT?></p>
1483                         
1484                         <div class="note">
1485                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>
1486                         <br />
1487                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>
1488                         </div>
1489                         
1490                         <form method="post" action="index.php"><div>
1491                                 <input type="hidden" name="action" value="commentdeleteconfirm" />
1492                                 <?php $manager->addTicketHidden() ?>
1493                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />
1494                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
1495                         </div></form>
1496                 <?php           
1497                 $this->pagefoot();
1498         }
1499         
1500         function action_commentdeleteconfirm() {
1501                 global $member;
1502                 
1503                 $commentid = intRequestVar('commentid');
1504                 
1505                 // get item id first
1506                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
1507                 $o = mysql_fetch_object($res);
1508                 $itemid = $o->citem;
1509
1510                 $error = $this->deleteOneComment($commentid);
1511                 if ($error)
1512                         $this->doError($error);
1513                         
1514                 if ($member->canAlterItem($itemid))
1515                         $this->action_itemcommentlist($itemid); 
1516                 else
1517                         $this->action_browseowncomments();
1518         }
1519         
1520         function deleteOneComment($commentid) {
1521                 global $member, $manager;
1522                 
1523                 $commentid = intval($commentid);
1524                 
1525                 if (!$member->canAlterComment($commentid))
1526                         return _ERROR_DISALLOWED;
1527                         
1528                 $manager->notify('PreDeleteComment', array('commentid' => $commentid));
1529                                 
1530                 // delete the comments associated with the item
1531                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
1532                 sql_query($query);
1533                 
1534                 $manager->notify('PostDeleteComment', array('commentid' => $commentid));                
1535                 
1536                 return '';
1537         }
1538         
1539         /**
1540           * Usermanagement main
1541           */
1542         function action_usermanagement() {
1543                 global $member, $manager;
1544                 
1545                 // check if allowed
1546                 $member->isAdmin() or $this->disallow();
1547
1548                 $this->pagehead();
1549         
1550                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';
1551                 
1552                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';
1553                 
1554                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';
1555                 
1556                 // show list of members with actions
1557                 $query =  'SELECT *'
1558                        . ' FROM '.sql_table('member');
1559                 $template['content'] = 'memberlist';
1560                 $template['tabindex'] = 10;
1561                 
1562                 $batch =& new BATCH('member');
1563                 $batch->showlist($query,'table',$template);
1564
1565                 echo '<h3>' . _MEMBERS_NEW .'</h3>';
1566                 ?>
1567                         <form method="post" action="index.php"><div>
1568                         
1569                         <input type="hidden" name="action" value="memberadd" />
1570                         <?php $manager->addTicketHidden() ?>
1571                         
1572                         <table>
1573                         <tr>
1574                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>
1575                         </tr><tr>
1576                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1577                                     <br /><small>(This is the name used to logon)</small>
1578                                 </td>
1579                                 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
1580                         </tr><tr>
1581                                 <td><?php echo _MEMBERS_REALNAME?></td>
1582                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>
1583                         </tr><tr>
1584                                 <td><?php echo _MEMBERS_PWD?></td>
1585                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>
1586                         </tr><tr>
1587                                 <td><?php echo _MEMBERS_REPPWD?></td>
1588                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>
1589                         </tr><tr>
1590                                 <td><?php echo _MEMBERS_EMAIL?></td>
1591                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>
1592                         </tr><tr>
1593                                 <td><?php echo _MEMBERS_URL?></td>
1594                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>
1595                         </tr><tr>
1596                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1597                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>
1598                         </tr><tr>
1599                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1600                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>
1601                         </tr><tr>
1602                                 <td><?php echo _MEMBERS_NOTES?></td>
1603                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>
1604                         </tr><tr>
1605                                 <td><?php echo _MEMBERS_NEW?></td>
1606                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>
1607                         </tr></table>
1608                         
1609                         </div></form>           
1610                 <?php           
1611                 $this->pagefoot();
1612         }
1613         
1614         /**
1615           * Edit member settings
1616           */
1617         function action_memberedit() {
1618                 $this->action_editmembersettings(intRequestVar('memberid'));
1619         }
1620         function action_editmembersettings($memberid = '') {
1621                 global $member, $manager, $CONF;
1622                 
1623                 if ($memberid == '')
1624                         $memberid = $member->getID();
1625                 
1626                 // check if allowed
1627                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1628         
1629                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
1630                 $this->pagehead($extrahead);
1631
1632                 // show message to go back to member overview (only for admins)
1633                 if ($member->isAdmin())
1634                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';
1635                 else
1636                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';
1637
1638                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';
1639                 
1640                 $mem = MEMBER::createFromID($memberid);
1641                 
1642                 ?>
1643                 <form method="post" action="index.php"><div>
1644                 
1645                 <input type="hidden" name="action" value="changemembersettings" />
1646                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
1647                 <?php $manager->addTicketHidden() ?>
1648                 
1649                 <table><tr>
1650                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>
1651                 </tr><tr>
1652                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
1653                             <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
1654                         </td>
1655                         <td>
1656                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1657                                 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
1658                         <?php } else {
1659                                 echo htmlspecialchars($member->getDisplayName());
1660                            }
1661                         ?>
1662                         </td>
1663                 </tr><tr>
1664                         <td><?php echo _MEMBERS_REALNAME?></td>
1665                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>
1666                 </tr><tr>               
1667                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
1668                         <td><?php echo _MEMBERS_PWD?></td>
1669                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>
1670                 </tr><tr>
1671                         <td><?php echo _MEMBERS_REPPWD?></td>
1672                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>
1673                 <?php } ?>
1674                 </tr><tr>
1675                         <td><?php echo _MEMBERS_EMAIL?>
1676                             <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>
1677                         </td>
1678                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>
1679                 </tr><tr>
1680                         <td><?php echo _MEMBERS_URL?></td>
1681                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>                  
1682                 <?php // only allow to change this by super-admins
1683                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)
1684                    if ($member->isAdmin()) {
1685                 ?>
1686                         </tr><tr>
1687                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>
1688                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>       
1689                         </tr><tr>
1690                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>
1691                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70); ?></td>
1692                 <?php } ?>
1693                 </tr><tr>
1694                         <td><?php echo _MEMBERS_NOTES?></td>
1695                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>                      
1696                 </tr><tr>               
1697                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>
1698                         </td>
1699                         <td>
1700                         
1701                                 <select name="deflang" tabindex="85">
1702                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>
1703                                 <?php                           // show a dropdown list of all available languages
1704                                 global $DIR_LANG;
1705                                 $dirhandle = opendir($DIR_LANG);
1706                                 while ($filename = readdir($dirhandle)) {
1707                                         if (ereg("^(.*)\.php$",$filename,$matches)) {
1708                                                 $name = $matches[1];
1709                                                 echo "<option value='$name'";
1710                                                 if ($name == $mem->getLanguage())
1711                                                         echo " selected='selected'";
1712                                                 echo ">$name</option>";
1713                                         }
1714                                 }
1715                                 closedir($dirhandle);
1716
1717                                 ?>
1718                                 </select>                       
1719                         
1720                         </td>
1721                 </tr>
1722                 <?php
1723                         // plugin options
1724                         $this->_insertPluginOptions('member',$memberid);                        
1725                 ?>
1726                 <tr>
1727                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>
1728                 </tr><tr>
1729                         <td><?php echo _MEMBERS_EDIT?></td>
1730                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>
1731                 </tr></table>
1732                 
1733                 </div></form>
1734                 
1735                 <?php           
1736                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';             
1737                 
1738                         $manager->notify(
1739                                 'MemberSettingsFormExtras',     
1740                                 array(
1741                                         'member' => &$mem
1742                                 )
1743                         );
1744                         
1745                 $this->pagefoot();
1746         }
1747         
1748         
1749         function action_changemembersettings() {
1750                 global $member, $CONF, $manager;
1751                 
1752                 $memberid = intRequestVar('memberid');
1753                 
1754                 // check if allowed
1755                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
1756                 
1757                 $name                   = trim(postVar('name'));
1758                 $realname               = trim(postVar('realname'));
1759                 $password               = postVar('password');
1760                 $repeatpassword = postVar('repeatpassword');            
1761                 $email                  = postVar('email');
1762                 $url                    = postVar('url');
1763
1764                 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
1765                 if (!eregi("^https?://", $url))
1766                         $url = "http://".$url;
1767
1768                 $admin                  = postVar('admin');
1769                 $canlogin               = postVar('canlogin');
1770                 $notes                  = postVar('notes');
1771                 $deflang                = postVar('deflang');
1772                 
1773                 $mem = MEMBER::createFromID($memberid);
1774
1775                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1776
1777                         if (!isValidDisplayName($name))
1778                                 $this->error(_ERROR_BADNAME);
1779
1780                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
1781                                 $this->error(_ERROR_NICKNAMEINUSE);
1782                                 
1783                         if ($password != $repeatpassword)
1784                                 $this->error(_ERROR_PASSWORDMISMATCH);
1785                                 
1786                         if ($password && (strlen($password) < 6))
1787                                 $this->error(_ERROR_PASSWORDTOOSHORT);
1788                 }
1789                 
1790                 if (!isValidMailAddress($email))
1791                         $this->error(_ERROR_BADMAILADDRESS);
1792
1793         
1794                 if (!$realname)
1795                         $this->error(_ERROR_REALNAMEMISSING);
1796                         
1797                 if (($deflang != '') && (!checkLanguage($deflang))) 
1798                         $this->error(_ERROR_NOSUCHLANGUAGE);
1799                 
1800                 // check if there will remain at least one site member with both the logon and admin rights
1801                 // (check occurs when taking away one of these rights from such a member)
1802                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())
1803                      || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1804                    )
1805                 {
1806                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1807                         if (mysql_num_rows($r) < 2)
1808                                 $this->error(_ERROR_ATLEASTONEADMIN);
1809                 }
1810                 
1811                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
1812                         $mem->setDisplayName($name);
1813                         if ($password) 
1814                                 $mem->setPassword($password);
1815                 }
1816
1817                 if ($newpass)
1818                         $mem->setPassword($password);
1819                 
1820                 $oldEmail = $mem->getEmail();
1821
1822                 $mem->setRealName($realname);
1823                 $mem->setEmail($email);
1824                 $mem->setURL($url);
1825                 $mem->setNotes($notes);
1826                 $mem->setLanguage($deflang);
1827
1828                 
1829                 // only allow super-admins to make changes to the admin status
1830                 if ($member->isAdmin()) {
1831                         $mem->setAdmin($admin);
1832                         $mem->setCanLogin($canlogin);
1833                 }
1834
1835         
1836                 $mem->write();
1837                 
1838                 // if email changed, generate new password
1839                 if ($oldEmail != $mem->getEmail())
1840                 {
1841                         $mem->sendActivationLink('addresschange', $oldEmail);
1842                         // logout member
1843                         $mem->newCookieKey();
1844                         $member->logout();      
1845                         $this->action_login(_MSG_ACTIVATION_SENT, 0);
1846                         return;
1847                 }
1848                 
1849                 
1850                 // store plugin options
1851                 $aOptions = requestArray('plugoption');
1852                 NucleusPlugin::_applyPluginOptions($aOptions);
1853                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));           
1854                 
1855                 if (  ( $mem->getID() == $member->getID() ) 
1856                    && ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) )
1857                    ) {
1858                     $mem->newCookieKey();
1859                         $member->logout();
1860                         $this->action_login(_MSG_LOGINAGAIN, 0);
1861                 } else {
1862                         $this->action_overview(_MSG_SETTINGSCHANGED);
1863                 }
1864         }
1865         
1866         function action_memberadd() {
1867                 global $member;
1868                 
1869                 // check if allowed
1870                 $member->isAdmin() or $this->disallow();
1871                 
1872                 if (postVar('password') != postVar('repeatpassword'))
1873                         $this->error(_ERROR_PASSWORDMISMATCH);
1874                 if (strlen(postVar('password')) < 6)  
1875                         $this->error(_ERROR_PASSWORDTOOSHORT);
1876                 
1877                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));    
1878                 if ($res != 1)
1879                         $this->error($res);
1880                 
1881                 $this->action_usermanagement();         
1882         }
1883         
1884         /**
1885          * Account activation
1886          *
1887          * @author dekarma
1888          */
1889         function action_activate() {
1890                 
1891                 $key = getVar('key');
1892                 $this->_showActivationPage($key);
1893         }
1894                 
1895         function _showActivationPage($key, $message = '')
1896         {
1897                 global $manager;
1898                 
1899                 // clean up old activation keys
1900                 MEMBER::cleanupActivationTable();
1901
1902                 // get activation info
1903                 $info = MEMBER::getActivationInfo($key);
1904                 
1905                 if (!$info)
1906                         $this->error(_ERROR_ACTIVATE);
1907                         
1908                 $mem = MEMBER::createFromId($info->vmember);
1909                 
1910                 if (!$mem)
1911                         $this->error(_ERROR_ACTIVATE);
1912                 
1913                 $text = '';
1914                 $title = '';
1915                 $bNeedsPasswordChange = true;
1916
1917                 switch ($info->vtype)
1918                 {
1919                         case 'forgot':
1920                                 $title = _ACTIVATE_FORGOT_TITLE;
1921                                 $text = _ACTIVATE_FORGOT_TEXT;
1922                                 break;
1923                         case 'register':
1924                                 $title = _ACTIVATE_REGISTER_TITLE;
1925                                 $text = _ACTIVATE_REGISTER_TEXT;
1926                                 break;
1927                         case 'addresschange':
1928                                 $title = _ACTIVATE_CHANGE_TITLE;
1929                                 $text = _ACTIVATE_CHANGE_TEXT;
1930                                 $bNeedsPasswordChange = false;
1931                                 MEMBER::activate($key);
1932                                 break;
1933                 }
1934
1935                 $aVars = array(
1936                         'memberName' => htmlspecialchars($mem->getDisplayName())
1937                 );
1938                 $title = TEMPLATE::fill($title, $aVars);
1939                 $text = TEMPLATE::fill($text, $aVars);
1940
1941                 $this->pagehead();
1942                 
1943                         echo '<h2>' , $title, '</h2>';
1944                         echo '<p>' , $text, '</p>';
1945                         
1946                         if ($message != '')
1947                         {
1948                                 echo '<p class="error">',$message,'</p>';
1949                         }
1950                         
1951                         if ($bNeedsPasswordChange)
1952                         {
1953                                 ?>                      
1954                                         <div><form action="index.php" method="post">
1955
1956                                                 <input type="hidden" name="action" value="activatesetpwd" />
1957                                                 <?php $manager->addTicketHidden() ?>
1958                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />
1959
1960                                                 <table><tr>
1961                                                         <td><?php echo _MEMBERS_PWD?></td>
1962                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>
1963                                                 </tr><tr>
1964                                                         <td><?php echo _MEMBERS_REPPWD?></td>
1965                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>
1966                                                 <?php
1967                                                         
1968                                                         global $manager;
1969                                                         $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));
1970                                                 
1971                                                 ?>
1972                                                 </tr><tr>
1973                                                         <td><?php echo _MEMBERS_SETPWD ?></td>
1974                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>              
1975                                                 </tr></table>
1976
1977
1978                                         </form></div>
1979
1980                                 <?php
1981                                 
1982                         }
1983                 
1984                 $this->pagefoot();
1985                 
1986         }       
1987         
1988         /**
1989          * Account activation - set password part
1990          *
1991          * @author dekarma
1992          */
1993         function action_activatesetpwd() {      
1994                 
1995                 $key = postVar('key');
1996                 
1997                 // clean up old activation keys
1998                 MEMBER::cleanupActivationTable();
1999
2000                 // get activation info
2001                 $info = MEMBER::getActivationInfo($key);
2002                 
2003                 if (!$info || ($info->type == 'addresschange'))
2004                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2005                         
2006                 $mem = MEMBER::createFromId($info->vmember);
2007                 
2008                 if (!$mem)
2009                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);
2010                 
2011                 $password               = postVar('password');
2012                 $repeatpassword = postVar('repeatpassword');
2013                 
2014                 if ($password != $repeatpassword)
2015                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
2016
2017                 if ($password && (strlen($password) < 6))
2018                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
2019                         
2020                 $error = '';
2021                 global $manager;
2022                 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
2023                 if ($error != '')
2024                         return $this->_showActivationPage($key, $error);
2025                         
2026                 
2027                 // set password
2028                 $mem->setPassword($password);
2029                 $mem->write();
2030                 
2031                 // do the activation
2032                 MEMBER::activate($key);
2033                 
2034                 $this->pagehead();
2035                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';
2036                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';
2037                 $this->pagefoot();
2038         }
2039         
2040         /**
2041           * Manage team
2042           */
2043         function action_manageteam() {
2044                 global $member, $manager;
2045                 
2046                 $blogid = intRequestVar('blogid');
2047                 
2048                 // check if allowed
2049                 $member->blogAdminRights($blogid) or $this->disallow();
2050         
2051                 $this->pagehead();
2052                 
2053                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";
2054                 
2055                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';
2056                 
2057                 echo '<h3>' . _TEAM_CURRENT . '</h3>';
2058
2059
2060
2061                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
2062                        . ' FROM '.sql_table('member').', '.sql_table('team')
2063                        . ' WHERE tmember=mnumber and tblog=' . $blogid;
2064
2065                 $template['content'] = 'teamlist';
2066                 $template['tabindex'] = 10;
2067                 
2068                 $batch =& new BATCH('team');
2069                 $batch->showlist($query, 'table', $template);
2070
2071                 ?>
2072                         <h3><?php echo _TEAM_ADDNEW?></h3>
2073
2074                         <form method='post' action='index.php'><div>
2075                         
2076                         <input type='hidden' name='action' value='teamaddmember' />
2077                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />
2078                         <?php $manager->addTicketHidden() ?>
2079
2080                         <table><tr>
2081                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>
2082                                 <td><?php                                       // TODO: try to make it so only non-team-members are listed
2083                                         $query =  'SELECT mname as text, mnumber as value'
2084                                                . ' FROM '.sql_table('member');
2085
2086                                         $template['name'] = 'memberid';
2087                                         $template['tabindex'] = 10000;
2088                                         showlist($query,'select',$template);                    
2089                                 ?></td>
2090                         </tr><tr>
2091                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>
2092                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>
2093                         </tr><tr>
2094                                 <td><?php echo _TEAM_ADD?></td>
2095                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>            
2096                         </tr></table>
2097                         
2098                         </div></form>
2099                 <?php           
2100                 $this->pagefoot();
2101         }
2102         
2103         /**
2104           * Add member tot tram
2105           */
2106         function action_teamaddmember() {
2107                 global $member, $manager;
2108                 
2109                 $memberid = intPostVar('memberid');
2110                 $blogid = intPostVar('blogid');
2111                 $admin = intPostVar('admin');
2112                 
2113                 // check if allowed
2114                 $member->blogAdminRights($blogid) or $this->disallow();
2115                 
2116                 $blog =& $manager->getBlog($blogid);
2117                 if (!$blog->addTeamMember($memberid, $admin))
2118                         $this->error(_ERROR_ALREADYONTEAM);
2119                 
2120                 $this->action_manageteam();
2121                 
2122         }
2123         
2124         function action_teamdelete() {
2125                 global $member, $manager;
2126                 
2127                 $memberid = intRequestVar('memberid');
2128                 $blogid = intRequestVar('blogid');
2129                 
2130                 // check if allowed
2131                 $member->blogAdminRights($blogid) or $this->disallow();
2132                 
2133                 $teammem = MEMBER::createFromID($memberid);
2134                 $blog =& $manager->getBlog($blogid);
2135                 
2136                 $this->pagehead();
2137                 ?>
2138                         <h2><?php echo _DELETE_CONFIRM?></h2>
2139                         
2140                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>
2141                         </p>
2142                         
2143                         
2144                         <form method="post" action="index.php"><div>
2145                         <input type="hidden" name="action" value="teamdeleteconfirm" />
2146                         <?php $manager->addTicketHidden() ?>
2147                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2148                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2149                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2150                         </div></form>
2151                 <?php           
2152                 $this->pagefoot();
2153         }
2154         
2155         function action_teamdeleteconfirm() {
2156                 global $member;
2157                 
2158                 $memberid = intRequestVar('memberid');
2159                 $blogid = intRequestVar('blogid');
2160
2161                 $error = $this->deleteOneTeamMember($blogid, $memberid);
2162                 if ($error)
2163                         $this->error($error);
2164                 
2165                 
2166                 $this->action_manageteam();
2167         }
2168         
2169         function deleteOneTeamMember($blogid, $memberid) {
2170                 global $member, $manager;
2171                 
2172                 $blogid = intval($blogid);
2173                 $memberid = intval($memberid);
2174                 
2175                 // check if allowed
2176                 if (!$member->blogAdminRights($blogid))
2177                         return _ERROR_DISALLOWED;
2178
2179                 // check if: - there remains at least one blog admin
2180                 //           - (there remains at least one team member)
2181                 $tmem = MEMBER::createFromID($memberid);
2182                 
2183                 $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));                                
2184                 
2185                 if ($tmem->isBlogAdmin($blogid)) {
2186                         // check if there are more blog members left and at least one admin
2187                         // (check for at least two admins before deletion)
2188                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
2189                         $r = sql_query($query);
2190                         if (mysql_num_rows($r) < 2)
2191                                 return _ERROR_ATLEASTONEBLOGADMIN;
2192                 }
2193                 
2194                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
2195                 sql_query($query);
2196                 
2197                 $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));                                               
2198                 
2199                 return '';
2200         }
2201         
2202         function action_teamchangeadmin() {
2203                 global $member;
2204                 
2205                 $blogid = intRequestVar('blogid');
2206                 $memberid = intRequestVar('memberid');
2207                 
2208                 // check if allowed
2209                 $member->blogAdminRights($blogid) or $this->disallow();
2210
2211                 $mem = MEMBER::createFromID($memberid);
2212                 
2213                 // don't allow when there is only one admin at this moment
2214                 if ($mem->isBlogAdmin($blogid)) {
2215                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
2216                         if (mysql_num_rows($r) == 1)
2217                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
2218                 }
2219                 
2220                 if ($mem->isBlogAdmin($blogid))
2221                         $newval = 0;
2222                 else    
2223                         $newval = 1;
2224                         
2225                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
2226                 sql_query($query);
2227                 
2228                 // only show manageteam if member did not change its own admin privileges
2229                 if ($member->isBlogAdmin($blogid))
2230                         $this->action_manageteam();
2231                 else
2232                         $this->action_overview(_MSG_ADMINCHANGED);
2233         }
2234           
2235         function action_blogsettings() {
2236                 global $member, $manager;
2237                 
2238                 $blogid = intRequestVar('blogid');
2239                 
2240                 // check if allowed
2241                 $member->blogAdminRights($blogid) or $this->disallow();
2242                 
2243                 $blog =& $manager->getBlog($blogid);
2244                 
2245                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2246                 $this->pagehead($extrahead);
2247                 
2248                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          
2249                 ?>
2250                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>
2251
2252                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>
2253                 
2254                 <p>Members currently on your team: 
2255                 <?php
2256                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));
2257                         $aMemberNames = array();
2258                         while ($o = mysql_fetch_object($res))
2259                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');
2260                         echo implode(',', $aMemberNames);
2261                 ?>
2262                 </p>
2263                 
2264                 
2265
2266                 <p>
2267                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>
2268                 </p>
2269
2270                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>
2271                 
2272                 <form method="post" action="index.php"><div>
2273                 
2274                 <input type="hidden" name="action" value="blogsettingsupdate" />
2275                 <?php $manager->addTicketHidden() ?>
2276                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2277                 <table><tr>
2278                         <td><?php echo _EBLOG_NAME?></td>
2279                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>
2280                 </tr><tr>
2281                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>
2282                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>
2283                         </td>
2284                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>
2285                 </tr><tr>
2286                         <td><?php echo _EBLOG_DESC?></td>
2287                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>
2288                 </tr><tr>
2289                         <td><?php echo _EBLOG_URL?></td>
2290                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>
2291                 </tr><tr>
2292                         <td><?php echo _EBLOG_DEFSKIN?>
2293                             <?php help('blogdefaultskin'); ?>
2294                         </td>
2295                         <td>
2296                                 <?php 
2297                                         $query =  'SELECT sdname as text, sdnumber as value'
2298                                                . ' FROM '.sql_table('skin_desc');
2299                                         $template['name'] = 'defskin';
2300                                         $template['selected'] = $blog->getDefaultSkin();
2301                                         $template['tabindex'] = 50;
2302                                         showlist($query,'select',$template);            
2303                                 ?>
2304                                 
2305                         </td>
2306                 </tr><tr>
2307                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>
2308                         </td>
2309                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>        
2310                 </tr><tr>
2311                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>
2312                         </td>
2313                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>  
2314                 </tr><tr>                                       
2315                         <td><?php echo _EBLOG_DISABLECOMMENTS?>
2316                         </td>
2317                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>   
2318                 </tr><tr>
2319                         <td><?php echo _EBLOG_ANONYMOUS?>
2320                         </td>
2321                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>    
2322                 </tr><tr>               
2323                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>
2324                         <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
2325                 </tr><tr>
2326                         <td><?php echo _EBLOG_NOTIFY_ON?></td>
2327                         <td>
2328                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"
2329                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>
2330                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>
2331                                 <br />
2332                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"
2333                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>                           
2334                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>
2335                                 <br />
2336                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"
2337                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>                                
2338                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
2339                         </td>
2340                 </tr><tr>
2341                         <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>
2342                         <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>                          
2343                 </tr><tr>               
2344                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
2345                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>
2346                 </tr><tr>
2347                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>
2348                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>
2349                 </tr><tr>
2350                         <td><?php echo _EBLOG_DEFCAT?></td>
2351                         <td>
2352                                 <?php 
2353                                         $query =  'SELECT cname as text, catid as value'
2354                                                . ' FROM '.sql_table('category')
2355                                                . ' WHERE cblog=' . $blog->getID();
2356                                         $template['name'] = 'defcat';
2357                                         $template['selected'] = $blog->getDefaultCategory();
2358                                         $template['tabindex'] = 110;
2359                                         showlist($query,'select',$template);            
2360                                 ?>
2361                         </td>                   
2362                 </tr><tr>
2363                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>
2364                             <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>
2365                             <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>
2366                             </td>
2367                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>                   
2368                 </tr><tr>
2369                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>
2370                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>  
2371                 </tr>
2372                 <?php
2373                         // plugin options
2374                         $this->_insertPluginOptions('blog',$blogid);
2375                 ?>
2376                 <tr>
2377                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>
2378                 </tr><tr>               
2379                         <td><?php echo _EBLOG_CHANGE?></td>
2380                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>
2381                 </tr></table>
2382                 
2383                 </div></form>
2384                 
2385                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>
2386                 
2387
2388                 <?php           
2389                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';
2390                 $template['content'] = 'categorylist';
2391                 $template['tabindex'] = 200;
2392                 
2393                 $batch =& new BATCH('category');
2394                 $batch->showlist($query,'table',$template);
2395                 
2396                 ?>
2397
2398                 
2399                 <form action="index.php" method="post"><div>
2400                 <input name="action" value="categorynew" type="hidden" />
2401                 <?php $manager->addTicketHidden() ?>
2402                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />
2403                 
2404                 <table><tr>
2405                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>
2406                 </tr><tr>
2407                         <td><?php echo _EBLOG_CAT_NAME?></td>
2408                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>
2409                 </tr><tr>
2410                         <td><?php echo _EBLOG_CAT_DESC?></td>
2411                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>
2412                 </tr><tr>
2413                         <td><?php echo _EBLOG_CAT_CREATE?></td>
2414                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>
2415                 </tr></table>
2416                 
2417                 </div></form>
2418                 
2419                 <?php                   
2420                 
2421                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';
2422                 
2423                         $manager->notify(
2424                                 'BlogSettingsFormExtras',       
2425                                 array(
2426                                         'blog' => &$blog
2427                                 )
2428                         );
2429                 
2430                 $this->pagefoot();
2431         }
2432         
2433         function action_categorynew() {
2434                 global $member, $manager;
2435                 
2436                 $blogid = intRequestVar('blogid');
2437                 
2438                 $member->blogAdminRights($blogid) or $this->disallow();
2439                 
2440                 $cname = postVar('cname');
2441                 $cdesc = postVar('cdesc');
2442                 
2443                 if (!isValidCategoryName($cname))
2444                         $this->error(_ERROR_BADCATEGORYNAME);
2445                         
2446                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
2447                 $res = sql_query($query);
2448                 if (mysql_num_rows($res) > 0)
2449                         $this->error(_ERROR_DUPCATEGORYNAME);
2450                         
2451                 $blog           =& $manager->getBlog($blogid);
2452                 $newCatID       =  $blog->createNewCategory($cname, $cdesc);
2453                 
2454                 $this->action_blogsettings();
2455         }
2456         
2457         
2458         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
2459                 global $member, $manager;
2460                 
2461                 if ($blogid == '')
2462                         $blogid = intGetVar('blogid');
2463                 else 
2464                         $blogid = intval($blogid);
2465                 if ($catid == '')
2466                         $catid = intGetVar('catid');
2467                 else
2468                         $catid = intval($catid);
2469
2470                 $member->blogAdminRights($blogid) or $this->disallow();
2471
2472                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
2473                 $obj = mysql_fetch_object($res);
2474
2475                 $cname = $obj->cname;
2476                 $cdesc = $obj->cdesc;
2477
2478                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
2479                 $this->pagehead($extrahead);
2480
2481                 ?>
2482                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>
2483                 <form method='post' action='index.php'><div>
2484                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />
2485                 <input name="catid" type="hidden" value="<?php echo $catid?>" />                        
2486                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />                                 
2487                 <input name="action" type="hidden" value="categoryupdate" />            
2488                 <?php $manager->addTicketHidden(); ?>
2489                 
2490                 <table><tr>
2491                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2492                 </tr><tr>
2493                         <td><?php echo _EBLOG_CAT_NAME?></td>
2494                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>
2495                 </tr><tr>
2496                         <td><?php echo _EBLOG_CAT_DESC?></td>
2497                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>
2498                 </tr>
2499                 <?php 
2500                         // insert plugin options
2501                         $this->_insertPluginOptions('category',$catid);
2502                 ?>
2503                 <tr>
2504                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>
2505                 </tr><tr>
2506                         <td><?php echo _EBLOG_CAT_UPDATE?></td>
2507                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>
2508                 </tr></table>
2509                         
2510                 </div></form>
2511                 <?php           
2512                 $this->pagefoot();
2513         }
2514         
2515         
2516         function action_categoryupdate() {
2517                 global $member, $manager;
2518                 
2519                 $blogid = intPostVar('blogid');
2520                 $catid = intPostVar('catid');
2521                 $cname = postVar('cname');
2522                 $cdesc = postVar('cdesc');
2523                 $desturl = postVar('desturl');
2524
2525                 $member->blogAdminRights($blogid) or $this->disallow();
2526                 
2527                 if (!isValidCategoryName($cname))
2528                         $this->error(_ERROR_BADCATEGORYNAME);
2529                         
2530                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
2531                 $res = sql_query($query);
2532                 if (mysql_num_rows($res) > 0)
2533                         $this->error(_ERROR_DUPCATEGORYNAME);
2534                         
2535                 $query =  'UPDATE '.sql_table('category').' SET'
2536                            . " cname='" . addslashes($cname) . "',"
2537                            . " cdesc='" . addslashes($cdesc) . "'"                         
2538                            . " WHERE catid=" . $catid;
2539                            
2540                 sql_query($query);
2541                 
2542                 // store plugin options
2543                 $aOptions = requestArray('plugoption');
2544                 NucleusPlugin::_applyPluginOptions($aOptions);
2545                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));          
2546
2547                 
2548                 if ($desturl) {
2549                         redirect($desturl);
2550                         exit;
2551                 } else {
2552                         $this->action_blogsettings();
2553                 }
2554         }
2555
2556         function action_categorydelete() {
2557                 global $member, $manager; 
2558                 
2559                 $blogid = intRequestVar('blogid');
2560                 $catid = intRequestVar('catid');
2561                 
2562                 $member->blogAdminRights($blogid) or $this->disallow();
2563                 
2564                 $blog =& $manager->getBlog($blogid);
2565         
2566                 // check if the category is valid
2567                 if (!$blog->isValidCategory($catid)) 
2568                         $this->error(_ERROR_NOSUCHCATEGORY);
2569         
2570                 // don't allow deletion of default category
2571                 if ($blog->getDefaultCategory() == $catid)
2572                         $this->error(_ERROR_DELETEDEFCATEGORY);
2573                 
2574                 // check if catid is the only category left for blogid
2575                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2576                 $res = sql_query($query);
2577                 if (mysql_num_rows($res) == 1)
2578                         $this->error(_ERROR_DELETELASTCATEGORY);
2579                 
2580                 
2581                 $this->pagehead();
2582                 ?>
2583                         <h2><?php echo _DELETE_CONFIRM?></h2>
2584                         
2585                         <div>
2586                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  $blog->getCategoryName($catid)?></b>
2587                         </div>
2588                         
2589                         <form method="post" action="index.php"><div>
2590                         <input type="hidden" name="action" value="categorydeleteconfirm" />
2591                         <?php $manager->addTicketHidden() ?>
2592                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />
2593                         <input type="hidden" name="catid" value="<?php echo $catid?>" />                                                
2594                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2595                         </div></form>
2596                 <?php           
2597                 $this->pagefoot();
2598         }
2599         
2600         function action_categorydeleteconfirm() {
2601                 global $member, $manager; 
2602                 
2603                 $blogid = intRequestVar('blogid');
2604                 $catid = intRequestVar('catid');
2605                 
2606                 $member->blogAdminRights($blogid) or $this->disallow();
2607
2608                 $error = $this->deleteOneCategory($catid);
2609                 if ($error)
2610                         $this->error($error);
2611
2612                 $this->action_blogsettings();
2613         }       
2614
2615         function deleteOneCategory($catid) {
2616                 global $manager, $member;
2617                 
2618                 $catid = intval($catid);
2619                 
2620                 $manager->notify('PreDeleteCategory', array('catid' => $catid));                
2621
2622                 $blogid = getBlogIDFromCatID($catid);
2623                 
2624                 if (!$member->blogAdminRights($blogid))
2625                         return ERROR_DISALLOWED;
2626                 
2627                 // get blog
2628                 $blog =& $manager->getBlog($blogid);
2629
2630                 // check if the category is valid
2631                 if (!$blog || !$blog->isValidCategory($catid)) 
2632                         return _ERROR_NOSUCHCATEGORY;
2633         
2634                 $destcatid = $blog->getDefaultCategory();
2635                 
2636                 // don't allow deletion of default category
2637                 if ($blog->getDefaultCategory() == $catid)
2638                         return _ERROR_DELETEDEFCATEGORY;
2639                 
2640                 // check if catid is the only category left for blogid
2641                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
2642                 $res = sql_query($query);
2643                 if (mysql_num_rows($res) == 1)
2644                         return _ERROR_DELETELASTCATEGORY;
2645                         
2646                 // change category for all items to the default category
2647                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
2648                 sql_query($query);
2649                 
2650                 // delete all associated plugin options
2651                 NucleusPlugin::_deleteOptionValues('category', $catid);
2652                 
2653                 // delete category
2654                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
2655                 sql_query($query);
2656                 
2657                 $manager->notify('PostDeleteCategory', array('catid' => $catid));                               
2658
2659         }
2660         
2661         function moveOneCategory($catid, $destblogid) {
2662                 global $manager, $member;
2663
2664                 $catid = intval($catid);
2665                 $destblogid = intval($destblogid);
2666                 
2667                 $blogid = getBlogIDFromCatID($catid);
2668                 
2669                 // mover should have admin rights on both blogs
2670                 if (!$member->blogAdminRights($blogid))
2671                         return _ERROR_DISALLOWED;
2672                 if (!$member->blogAdminRights($destblogid))
2673                         return _ERROR_DISALLOWED;
2674                         
2675                 // cannot move to self
2676                 if ($blogid == $destblogid)
2677                         return _ERROR_MOVETOSELF;
2678                 
2679                 // get blogs
2680                 $blog =& $manager->getBlog($blogid);
2681                 $destblog =& $manager->getBlog($destblogid);            
2682                 
2683                 // check if the category is valid
2684                 if (!$blog || !$blog->isValidCategory($catid)) 
2685                         return _ERROR_NOSUCHCATEGORY;
2686                         
2687                 // don't allow default category to be moved
2688                 if ($blog->getDefaultCategory() == $catid)
2689                         return _ERROR_MOVEDEFCATEGORY;
2690                         
2691                 $manager->notify(
2692                         'PreMoveCategory',
2693                         array(
2694                                 'catid' => &$catid,
2695                                 'sourceblog' => &$blog,
2696                                 'destblog' => &$destblog
2697                         )
2698                 );
2699                 
2700                 // update comments table (cblog)
2701                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
2702                 $items = sql_query($query);
2703                 while ($oItem = mysql_fetch_object($items)) {
2704                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
2705                 }
2706
2707                 // update items (iblog)
2708                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;
2709                 sql_query($query);
2710
2711                 // move category 
2712                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;
2713                 sql_query($query);
2714
2715                 $manager->notify(
2716                         'PostMoveCategory',
2717                         array(
2718                                 'catid' => &$catid,
2719                                 'sourceblog' => &$blog,
2720                                 'destblog' => $destblog
2721                         )
2722                 );              
2723                 
2724         }
2725
2726         function action_blogsettingsupdate() {
2727                 global $member, $manager;
2728                 
2729                 $blogid = intRequestVar('blogid');
2730                 
2731                 $member->blogAdminRights($blogid) or $this->disallow();
2732                 
2733                 $blog =& $manager->getBlog($blogid);
2734                 
2735                 $notify                 = trim(postVar('notify'));
2736                 $shortname              = trim(postVar('shortname'));
2737                 $updatefile             = trim(postVar('update'));
2738                 
2739                 $notifyComment  = intPostVar('notifyComment');
2740                 $notifyVote             = intPostVar('notifyVote');
2741                 $notifyNewItem  = intPostVar('notifyNewItem');          
2742                 
2743                 if ($notifyComment == 0)        $notifyComment = 1;
2744                 if ($notifyVote == 0)           $notifyVote = 1;                
2745                 if ($notifyNewItem == 0)        $notifyNewItem = 1;             
2746                 
2747                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2748                 
2749                 
2750                 if ($notify) {
2751                         $not =& new NOTIFICATION($notify);
2752                         if (!$not->validAddresses())
2753                                 $this->error(_ERROR_BADNOTIFY);
2754                         
2755                 }
2756                         
2757                 if (!isValidShortName($shortname))
2758                         $this->error(_ERROR_BADSHORTBLOGNAME);
2759                         
2760                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))
2761                         $this->error(_ERROR_DUPSHORTBLOGNAME);
2762                         
2763                 // check if update file is writable
2764                 if ($updatefile && !is_writeable($updatefile))
2765                         $this->error(_ERROR_UPDATEFILE);
2766
2767                 $blog->setName(trim(postVar('name')));
2768                 $blog->setShortName($shortname);
2769                 $blog->setNotifyAddress($notify);
2770                 $blog->setNotifyType($notifyType);              
2771                 $blog->setMaxComments(postVar('maxcomments'));
2772                 $blog->setCommentsEnabled(postVar('comments'));
2773                 $blog->setTimeOffset(postVar('timeoffset'));
2774                 $blog->setUpdateFile($updatefile);
2775                 $blog->setURL(trim(postVar('url')));
2776                 $blog->setDefaultSkin(intPostVar('defskin'));
2777                 $blog->setDescription(trim(postVar('desc')));
2778                 $blog->setPublic(postVar('public'));
2779                 $blog->setPingUserland(postVar('pinguserland'));
2780                 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2781                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));             
2782                 $blog->setDefaultCategory(intPostVar('defcat'));
2783                 $blog->setSearchable(intPostVar('searchable'));
2784
2785                 $blog->writeSettings();
2786                 
2787                 // store plugin options
2788                 $aOptions = requestArray('plugoption');
2789                 NucleusPlugin::_applyPluginOptions($aOptions);
2790                 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));          
2791                 
2792                 
2793                 $this->action_overview(_MSG_SETTINGSCHANGED);
2794         }
2795         
2796         function action_deleteblog() {
2797                 global $member, $CONF, $manager;
2798                 
2799                 $blogid = intRequestVar('blogid');              
2800                 
2801                 $member->blogAdminRights($blogid) or $this->disallow();
2802
2803                 // check if blog is default blog
2804                 if ($CONF['DefaultBlog'] == $blogid)
2805                         $this->error(_ERROR_DELDEFBLOG);
2806                         
2807                 $blog =& $manager->getBlog($blogid);
2808                 
2809                 $this->pagehead();
2810                 ?>
2811                         <h2><?php echo _DELETE_CONFIRM?></h2>
2812                         
2813                         <p><?php echo _WARNINGTXT_BLOGDEL?>
2814                         </p>
2815                         
2816                         <div>
2817                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>
2818                         </div>
2819                         
2820                         <form method="post" action="index.php"><div>
2821                         <input type="hidden" name="action" value="deleteblogconfirm" />
2822                         <?php $manager->addTicketHidden() ?>
2823                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />
2824                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2825                         </div></form>
2826                 <?php           
2827                 $this->pagefoot();
2828         }
2829         
2830         function action_deleteblogconfirm() {
2831                 global $member, $CONF, $manager;
2832                 
2833                 $blogid = intRequestVar('blogid');              
2834                 
2835                 $manager->notify('PreDeleteBlog', array('blogid' => $blogid));                          
2836                 
2837                 $member->blogAdminRights($blogid) or $this->disallow();
2838                 
2839                 // check if blog is default blog
2840                 if ($CONF['DefaultBlog'] == $blogid)
2841                         $this->error(_ERROR_DELDEFBLOG);
2842
2843                 // delete all comments
2844                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
2845                 sql_query($query);
2846
2847                 // delete all items             
2848                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
2849                 sql_query($query);
2850                 
2851                 // delete all team members
2852                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
2853                 sql_query($query);
2854                 
2855                 // delete all bans
2856                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
2857                 sql_query($query);
2858                 
2859                 // delete all categories
2860                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
2861                 sql_query($query);
2862                 
2863                 // delete all associated plugin options
2864                 NucleusPlugin::_deleteOptionValues('blog', $blogid);
2865                 
2866                 // delete the blog itself
2867                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
2868                 sql_query($query);
2869                 
2870                 $manager->notify('PostDeleteBlog', array('blogid' => $blogid));                                         
2871                 
2872                 $this->action_overview(_DELETED_BLOG);
2873         }
2874         
2875         function action_memberdelete() {
2876                 global $member, $manager;
2877                 
2878                 $memberid = intRequestVar('memberid');
2879         
2880                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
2881                 
2882                 $mem = MEMBER::createFromID($memberid);
2883                 
2884                 $this->pagehead();
2885                 ?>
2886                         <h2><?php echo _DELETE_CONFIRM?></h2>
2887                         
2888                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo  $mem->getDisplayName() ?></b>
2889                         </p>
2890                         
2891                         <p>
2892                         Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)
2893                         </p>
2894                         
2895                         <form method="post" action="index.php"><div>
2896                         <input type="hidden" name="action" value="memberdeleteconfirm" />
2897                         <?php $manager->addTicketHidden() ?>
2898                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />
2899                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
2900                         </div></form>
2901                 <?php           
2902                 $this->pagefoot();
2903         }
2904         
2905         function action_memberdeleteconfirm() {
2906                 global $member;
2907                 
2908                 $memberid = intRequestVar('memberid');          
2909                 
2910                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
2911                 
2912                 $error = $this->deleteOneMember($memberid);
2913                 if ($error)
2914                         $this->error($error);
2915                 
2916                 if ($member->isAdmin())
2917                         $this->action_usermanagement();
2918                 else
2919                         $this->action_overview(_DELETED_MEMBER);
2920         }       
2921         
2922         // (static)     
2923         function deleteOneMember($memberid) {
2924                 global $manager;
2925                 
2926