action_xxxx method)
var $action;
function ADMIN() {
}
/**
* Executes an action
*
* @param $action
* action to be performed
*/
function action($action) {
global $CONF, $manager;
// list of action aliases
$alias = array(
'login' => 'overview',
'' => 'overview'
);
if ($alias[$action])
$action = $alias[$action];
$methodName = 'action_' . $action;
$this->action = strtolower($action);
// check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
// is an action that requires user interaction before something is actually done)
// all safe actions are in this array:
$aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');
/*
// the rest of the actions needs to be checked
$aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
*/
if (!in_array($this->action, $aActionsNotToCheck))
{
if (!$manager->checkTicket())
$this->error(_ERROR_BADTICKET);
}
if (method_exists($this, $methodName))
call_user_func(array(&$this, $methodName));
else
$this->error(_BADACTION . " ($action)");
}
function action_showlogin() {
global $error;
$this->action_login($error);
}
function action_login($msg = '', $passvars = 1) {
global $member;
// skip to overview when allowed
if ($member->isLoggedIn() && $member->canLogin()) {
$this->action_overview();
exit;
}
$this->pagehead();
echo '
', _LOGIN ,'
';
if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);
?>
pagefoot();
}
/**
* provides a screen with the overview of the actions available
*/
function action_overview($msg = '') {
global $member;
$this->pagehead();
if ($msg)
echo _MESSAGE , ': ', $msg;
/* ---- add items ---- */
echo '
' . _OVERVIEW_YRBLOGS . '
';
$showAll = requestVar('showall');
if (($member->isAdmin()) && ($showAll == 'yes')) {
// Super-Admins have access to all blogs! (no add item support though)
$query = 'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'
. ' FROM ' . sql_table('blog')
. ' ORDER BY bname';
} else {
$query = 'SELECT bnumber, bname, tadmin, burl, bshortname'
. ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
. ' WHERE tblog=bnumber and tmember=' . $member->getID()
. ' ORDER BY bname';
}
$template['content'] = 'bloglist';
$template['superadmin'] = $member->isAdmin();
$amount = showlist($query,'table',$template);
if (($showAll != 'yes') && ($member->isAdmin())) {
$total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));
if ($total > $amount)
echo '
';
}
$this->pagefoot();
}
// returns a link to a weblog (takes BLOG object as parameter)
function bloglink(&$blog) {
return ''.$blog->getName() .'';
}
function action_manage($msg = '') {
global $member;
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
// amount of items to show
if (postVar('amount'))
$amount = intPostVar('amount');
else
$amount = 10;
$search = postVar('search'); // search through items
$query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
. ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
. ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
if ($search)
$query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
// non-blog-admins can only edit/delete their own items
if (!$member->blogAdminRights($blogid))
$query .= ' and iauthor=' . $member->getID();
$query .= ' ORDER BY itime DESC'
. " LIMIT $start,$amount";
$template['content'] = 'itemlist';
$template['now'] = $blog->getCorrectTime(time());
$navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('item',$query,'table',$template);
$this->pagefoot();
}
function action_batchitem() {
global $member, $manager;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On move: when no destination blog/category chosen, show choice now
$destCatid = intRequestVar('destcatid');
if (($action == 'move') && (!$manager->existsCategory($destCatid)))
$this->batchMoveSelectDestination('item',$selected);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('item',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
function action_batchcomment() {
global $member;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('comment',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
function action_batchmember() {
global $member;
// check if logged in and admin
($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no members selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('member',$selected);
$this->pagehead();
echo '(',_MEMBERS_BACKTOOVERVIEW,')';
echo '
';
// walk over all itemids and perform action
foreach ($selected as $memberid) {
$memberid = intval($memberid);
echo '
',_BATCH_EXECUTING,' ',htmlspecialchars($action),' ',_BATCH_ONMEMBER,' ', $memberid, '...';
// perform action, display errors if needed
switch($action) {
case 'delete':
$error = $this->deleteOneMember($memberid);
break;
case 'setadmin':
// always succeeds
sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
$error = '';
break;
case 'unsetadmin':
// there should always remain at least one super-admin
$r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
if (mysql_num_rows($r) < 2)
$error = _ERROR_ATLEASTONEADMIN;
else
sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
break;
default:
$error = _BATCH_UNKNOWN . $action;
}
echo '',($error ? $error : _BATCH_SUCCESS),'';
echo '
';
}
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
function action_batchteam() {
global $member;
$blogid = intRequestVar('blogid');
// check if logged in and admin
($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no members selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('team',$selected);
$this->pagehead();
echo '
';
// walk over all itemids and perform action
foreach ($selected as $memberid) {
$memberid = intval($memberid);
echo '
',_BATCH_EXECUTING,' ',htmlspecialchars($action),' ',_BATCH_ONTEAM,' ', $memberid, '...';
// perform action, display errors if needed
switch($action) {
case 'delete':
$error = $this->deleteOneTeamMember($blogid, $memberid);
break;
case 'setadmin':
// always succeeds
sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
$error = '';
break;
case 'unsetadmin':
// there should always remain at least one admin
$r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
if (mysql_num_rows($r) < 2)
$error = _ERROR_ATLEASTONEBLOGADMIN;
else
sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
break;
default:
$error = _BATCH_UNKNOWN . $action;
}
echo '',($error ? $error : _BATCH_SUCCESS),'';
echo '
';
}
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
function action_batchcategory() {
global $member, $manager;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On move: when no destination blog chosen, show choice now
$destBlogId = intRequestVar('destblogid');
if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
$this->batchMoveCategorySelectDestination('category',$selected);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('category',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
function batchMoveSelectDestination($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
function batchMoveCategorySelectDestination($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
function batchAskDeleteConfirmation($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
/**
* Inserts a HTML select element with choices for all categories to which the current
* member has access
*/
function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
}
/**
* Inserts a HTML select element with choices for all blogs to which the user has access
* mode = 'blog' => shows blognames and values are blogids
* mode = 'category' => show category names and values are catids
*
* @param $iForcedBlogInclude
* ID of a blog that always needs to be included, without checking if the member is on the blog team (-1 = none)
*/
function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
global $member, $CONF;
// 0. get IDs of blogs to which member can post items (+ forced blog)
$aBlogIds = array();
if ($iForcedBlogInclude != -1)
$aBlogIds[] = intval($iForcedBlogInclude);
if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
else
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
$rblogids = sql_query($queryBlogs);
while ($o = mysql_fetch_object($rblogids))
if ($o->bnumber != $iForcedBlogInclude)
$aBlogIds[] = intval($o->bnumber);
if (count($aBlogIds) == 0)
return;
echo '';
}
function action_browseownitems() {
global $member;
$this->pagehead();
echo '
';
// start index
if (postVar('start'))
$start = postVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
$amount = postVar('amount');
else
$amount = 10;
$search = postVar('search'); // search through items
$query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
. ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
. ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
if ($search)
$query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
$query .= ' ORDER BY itime DESC'
. " LIMIT $start,$amount";
$template['content'] = 'itemlist';
$template['now'] = time();
$navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('item',$query,'table',$template);
$this->pagefoot();
}
/**
* Show all the comments for a given item
*/
function action_itemcommentlist($itemid = '') {
global $member;
if ($itemid == '')
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$blogid = getBlogIdFromItemId($itemid);
$this->pagehead();
// start index
if (postVar('start'))
$start = postVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
$amount = postVar('amount');
else
$amount = 10;
$search = postVar('search');
echo '
';
$template['content'] = 'commentlist';
$template['canAddBan'] = $member->blogAdminRights($blogid);
$navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
$this->pagefoot();
}
/**
* Provide a page to item a new item to the given blog
*/
function action_createitem() {
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->teamRights($blogid) or $this->disallow();
$memberid = $member->getID();
$blog =& $manager->getBlog($blogid);
$this->pagehead();
// generate the add-item form
$formfactory =& new PAGEFACTORY($blogid);
$formfactory->createAddForm('admin');
$this->pagefoot();
}
function action_itemedit() {
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$item =& $manager->getItem($itemid,1,1);
$blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
$manager->notify('PrepareItemForEdit', array('item' => &$item));
if ($blog->convertBreaks()) {
$item['body'] = removeBreaks($item['body']);
$item['more'] = removeBreaks($item['more']);
}
// form to edit blog items
$this->pagehead();
$formfactory =& new PAGEFACTORY($blog->getID());
$formfactory->createEditForm('admin',$item);
$this->pagefoot();
}
function action_itemupdate() {
global $member, $manager, $CONF;
$itemid = intRequestVar('itemid');
$catid = postVar('catid');
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
$actiontype = postVar('actiontype');
// delete actions are handled by itemdelete (which has confirmation)
if ($actiontype == 'delete') {
$this->action_itemdelete();
return;
}
$body = postVar('body');
$title = postVar('title');
$more = postVar('more');
$closed = intPostVar('closed');
// default action = add now
if (!$actiontype)
$actiontype='addnow';
// create new category if needed
if (strstr($catid,'newcat')) {
// get blogid
list($blogid) = sscanf($catid,"newcat-%d");
// create
$blog =& $manager->getBlog($blogid);
$catid = $blog->createNewCategory();
// show error when sth goes wrong
if (!$catid)
$this->doError(_ERROR_CATCREATEFAIL);
}
/*
set some variables based on actiontype
actiontypes:
draft items -> addnow, addfuture, adddraft, delete
non-draft items -> edit, changedate, delete
variables set:
$timestamp: set to a nonzero value for future dates or date changes
$wasdraft: set to 1 when the item used to be a draft item
$publish: set to 1 when the edited item is not a draft
*/
switch ($actiontype) {
case 'adddraft':
$publish = 0;
$wasdraft = 1;
$timestamp = 0;
break;
case 'addfuture':
$wasdraft = 1;
$publish = 1;
$timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
break;
case 'addnow':
$wasdraft = 1;
$publish = 1;
$timestamp = 0;
break;
case 'changedate':
$timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
$publish = 1;
$wasdraft = 0;
break;
case 'edit':
default:
$publish = 1;
$wasdraft = 0;
$timestamp = 0;
}
// edit the item for real
ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
$blogid = getBlogIDFromItemID($itemid);
$blog =& $manager->getBlog($blogid);
if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {
$this->action_sendping($blogid);
return;
}
// show category edit window when we created a new category
// ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
if ($catid != intPostVar('catid')) {
$this->action_categoryedit(
$catid,
$blog->getID(),
$CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
);
} else {
// TODO: set start item correctly for itemlist
$this->action_itemlist(getBlogIDFromItemID($itemid));
}
}
function action_itemdelete() {
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
if (!$manager->existsItem($itemid,1,1))
$this->error(_ERROR_NOSUCHITEM);
$item =& $manager->getItem($itemid,1,1);
$title = htmlspecialchars(strip_tags($item['title']));
$body = strip_tags($item['body']);
$body = htmlspecialchars(shorten($body,300,'...'));
$this->pagehead();
?>
""
pagefoot();
}
function action_itemdeleteconfirm() {
global $member;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
// get blogid first
$blogid = getBlogIdFromItemId($itemid);
// delete item (note: some checks will be performed twice)
$this->deleteOneItem($itemid);
$this->action_itemlist($blogid);
}
// deletes one item and returns error if something goes wrong
function deleteOneItem($itemid) {
global $member, $manager;
// only allow if user is allowed to alter item (also checks if itemid exists)
if (!$member->canAlterItem($itemid))
return _ERROR_DISALLOWED;
$manager->loadClass('ITEM');
ITEM::delete($itemid);
}
function action_itemmove() {
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$item =& $manager->getItem($itemid,1,1);
$this->pagehead();
?>
pagefoot();
}
function action_itemmoveto() {
global $member, $manager;
$itemid = intRequestVar('itemid');
$catid = requestVar('catid');
// create new category if needed
if (strstr($catid,'newcat')) {
// get blogid
list($blogid) = sscanf($catid,'newcat-%d');
// create
$blog =& $manager->getBlog($blogid);
$catid = $blog->createNewCategory();
// show error when sth goes wrong
if (!$catid)
$this->doError(_ERROR_CATCREATEFAIL);
}
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
ITEM::move($itemid, $catid);
if ($catid != intRequestVar('catid'))
$this->action_categoryedit($catid, $blog->getID());
else
$this->action_itemlist(getBlogIDFromCatID($catid));
}
/**
* Moves one item to a given category (category existance should be checked by caller)
* errors are returned
*/
function moveOneItem($itemid, $destCatid) {
global $member;
// only allow if user is allowed to move item
if (!$member->canUpdateItem($itemid, $destCatid))
return _ERROR_DISALLOWED;
ITEM::move($itemid, $destCatid);
}
/**
* Adds a item to the chosen blog
*/
function action_additem() {
global $member, $manager, $CONF;
$manager->loadClass('ITEM');
$result = ITEM::createFromRequest();
if ($result['status'] == 'error')
$this->error($result['message']);
$blogid = getBlogIDFromItemID($result['itemid']);
$blog =& $manager->getBlog($blogid);
$pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
if ($result['status'] == 'newcategory')
$this->action_categoryedit(
$result['catid'],
$blogid,
$blog->pingUserland() ? $pingUrl : ''
);
elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())
$this->action_sendping($blogid);
else
$this->action_itemlist($blogid);
}
/**
* Shows a window that says we're about to ping weblogs.com.
* immediately refresh to the real pinging page, which will
* show an error, or redirect to the blog.
*
* @param $blogid ID of blog for which ping needs to be sent out
*/
function action_sendping($blogid = -1) {
global $member, $manager;
if ($blogid == -1)
$blogid = intRequestVar('blogid');
$member->isLoggedIn() or $this->disallow();
$rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
$this->pagehead('');
?>
Site Updated, Now pinging weblogs.com
Pinging weblogs.com! This can a while...
When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.
If you aren't automatically passed through, try again
pagefoot();
}
// ping to Weblogs.com
// sends the real ping (can take up to 10 seconds!)
function action_rawping() {
global $manager;
// TODO: checks?
$blogid = intRequestVar('blogid');
$blog =& $manager->getBlog($blogid);
$result = $blog->sendUserlandPing();
$this->pagehead();
?>
Ping Results
The following message was returned by weblogs.com:
pagefoot();
}
/**
* Allows to edit previously made comments
*/
function action_commentedit() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$comment = COMMENT::getComment($commentid);
$manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
// change to \n
$comment['body'] = str_replace(' ','',$comment['body']);
$comment['body'] = eregi_replace("[^<]*","\\1",$comment['body']);
$this->pagehead();
?>
pagefoot();
}
function action_commentupdate() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$body = postVar('body');
// intercept words that are too long
if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
$this->error(_ERROR_COMMENT_LONGWORD);
// check length
if (strlen($body)<3)
$this->error(_ERROR_COMMENT_NOCOMMENT);
if (strlen($body)>5000)
$this->error(_ERROR_COMMENT_TOOLONG);
// prepare body
$body = COMMENT::prepareBody($body);
// call plugins
$manager->notify('PreUpdateComment',array('body' => &$body));
$query = 'UPDATE '.sql_table('comment')
. " SET cbody='" .addslashes($body). "'"
. " WHERE cnumber=" . $commentid;
sql_query($query);
// get itemid
$res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
$o = mysql_fetch_object($res);
$itemid = $o->citem;
if ($member->canAlterItem($itemid))
$this->action_itemcommentlist($itemid);
else
$this->action_browseowncomments();
}
function action_commentdelete() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$comment = COMMENT::getComment($commentid);
$body = strip_tags($comment['body']);
$body = htmlspecialchars(shorten($body, 300, '...'));
if ($comment['member'])
$author = $comment['member'];
else
$author = $comment['user'];
$this->pagehead();
?>
: :
pagefoot();
}
function action_commentdeleteconfirm() {
global $member;
$commentid = intRequestVar('commentid');
// get item id first
$res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
$o = mysql_fetch_object($res);
$itemid = $o->citem;
$error = $this->deleteOneComment($commentid);
if ($error)
$this->doError($error);
if ($member->canAlterItem($itemid))
$this->action_itemcommentlist($itemid);
else
$this->action_browseowncomments();
}
function deleteOneComment($commentid) {
global $member, $manager;
$commentid = intval($commentid);
if (!$member->canAlterComment($commentid))
return _ERROR_DISALLOWED;
$manager->notify('PreDeleteComment', array('commentid' => $commentid));
// delete the comments associated with the item
$query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
sql_query($query);
$manager->notify('PostDeleteComment', array('commentid' => $commentid));
return '';
}
/**
* Usermanagement main
*/
function action_usermanagement() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
// show list of members with actions
$query = 'SELECT *'
. ' FROM '.sql_table('member');
$template['content'] = 'memberlist';
$template['tabindex'] = 10;
$batch =& new BATCH('member');
$batch->showlist($query,'table',$template);
echo '
' . _MEMBERS_NEW .'
';
?>
pagefoot();
}
/**
* Edit member settings
*/
function action_memberedit() {
$this->action_editmembersettings(intRequestVar('memberid'));
}
function action_editmembersettings($memberid = '') {
global $member, $manager, $CONF;
if ($memberid == '')
$memberid = $member->getID();
// check if allowed
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$extrahead = '';
$this->pagehead($extrahead);
// show message to go back to member overview (only for admins)
if ($member->isAdmin())
echo '(' ._MEMBERS_BACKTOOVERVIEW. ')';
else
echo '(' ._BACKHOME. ')';
echo '
' . _MEMBERS_EDIT . '
';
$mem = MEMBER::createFromID($memberid);
?>
',_PLUGINS_EXTRA,'';
$manager->notify(
'MemberSettingsFormExtras',
array(
'member' => &$mem
)
);
$this->pagefoot();
}
function action_changemembersettings() {
global $member, $CONF, $manager;
$memberid = intRequestVar('memberid');
// check if allowed
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$name = trim(postVar('name'));
$realname = trim(postVar('realname'));
$password = postVar('password');
$repeatpassword = postVar('repeatpassword');
$email = postVar('email');
$url = postVar('url');
// Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
if (!eregi("^https?://", $url))
$url = "http://".$url;
$admin = postVar('admin');
$canlogin = postVar('canlogin');
$notes = postVar('notes');
$deflang = postVar('deflang');
$mem = MEMBER::createFromID($memberid);
if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
if (!isValidDisplayName($name))
$this->error(_ERROR_BADNAME);
if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
$this->error(_ERROR_NICKNAMEINUSE);
if ($password != $repeatpassword)
$this->error(_ERROR_PASSWORDMISMATCH);
if ($password && (strlen($password) < 6))
$this->error(_ERROR_PASSWORDTOOSHORT);
}
if (!isValidMailAddress($email))
$this->error(_ERROR_BADMAILADDRESS);
if (!$realname)
$this->error(_ERROR_REALNAMEMISSING);
if (($deflang != '') && (!checkLanguage($deflang)))
$this->error(_ERROR_NOSUCHLANGUAGE);
// check if there will remain at least one site member with both the logon and admin rights
// (check occurs when taking away one of these rights from such a member)
if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
|| (!$canlogin && $mem->isAdmin() && $mem->canLogin())
)
{
$r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
if (mysql_num_rows($r) < 2)
$this->error(_ERROR_ATLEASTONEADMIN);
}
if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
$mem->setDisplayName($name);
if ($password)
$mem->setPassword($password);
}
if ($newpass)
$mem->setPassword($password);
$oldEmail = $mem->getEmail();
$mem->setRealName($realname);
$mem->setEmail($email);
$mem->setURL($url);
$mem->setNotes($notes);
$mem->setLanguage($deflang);
// only allow super-admins to make changes to the admin status
if ($member->isAdmin()) {
$mem->setAdmin($admin);
$mem->setCanLogin($canlogin);
}
$mem->write();
// if email changed, generate new password
if ($oldEmail != $mem->getEmail())
{
$mem->sendActivationLink('addresschange', $oldEmail);
// logout member
$mem->newCookieKey();
$member->logout();
$this->action_login(_MSG_ACTIVATION_SENT, 0);
return;
}
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::_applyPluginOptions($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
if ( ( $mem->getID() == $member->getID() )
&& ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) )
) {
$mem->newCookieKey();
$member->logout();
$this->action_login(_MSG_LOGINAGAIN, 0);
} else {
$this->action_overview(_MSG_SETTINGSCHANGED);
}
}
function action_memberadd() {
global $member;
// check if allowed
$member->isAdmin() or $this->disallow();
if (postVar('password') != postVar('repeatpassword'))
$this->error(_ERROR_PASSWORDMISMATCH);
if (strlen(postVar('password')) < 6)
$this->error(_ERROR_PASSWORDTOOSHORT);
$res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
if ($res != 1)
$this->error($res);
$this->action_usermanagement();
}
/**
* Account activation
*
* @author dekarma
*/
function action_activate() {
$key = getVar('key');
$this->_showActivationPage($key);
}
function _showActivationPage($key, $message = '')
{
global $manager;
// clean up old activation keys
MEMBER::cleanupActivationTable();
// get activation info
$info = MEMBER::getActivationInfo($key);
if (!$info)
$this->error(_ERROR_ACTIVATE);
$mem = MEMBER::createFromId($info->vmember);
if (!$mem)
$this->error(_ERROR_ACTIVATE);
$text = '';
$title = '';
$bNeedsPasswordChange = true;
switch ($info->vtype)
{
case 'forgot':
$title = _ACTIVATE_FORGOT_TITLE;
$text = _ACTIVATE_FORGOT_TEXT;
break;
case 'register':
$title = _ACTIVATE_REGISTER_TITLE;
$text = _ACTIVATE_REGISTER_TEXT;
break;
case 'addresschange':
$title = _ACTIVATE_CHANGE_TITLE;
$text = _ACTIVATE_CHANGE_TEXT;
$bNeedsPasswordChange = false;
MEMBER::activate($key);
break;
}
$aVars = array(
'memberName' => htmlspecialchars($mem->getDisplayName())
);
$title = TEMPLATE::fill($title, $aVars);
$text = TEMPLATE::fill($text, $aVars);
$this->pagehead();
echo '
' , $title, '
';
echo '
' , $text, '
';
if ($message != '')
{
echo '
',$message,'
';
}
if ($bNeedsPasswordChange)
{
?>
pagefoot();
}
/**
* Account activation - set password part
*
* @author dekarma
*/
function action_activatesetpwd() {
$key = postVar('key');
// clean up old activation keys
MEMBER::cleanupActivationTable();
// get activation info
$info = MEMBER::getActivationInfo($key);
if (!$info || ($info->type == 'addresschange'))
return $this->_showActivationPage($key, _ERROR_ACTIVATE);
$mem = MEMBER::createFromId($info->vmember);
if (!$mem)
return $this->_showActivationPage($key, _ERROR_ACTIVATE);
$password = postVar('password');
$repeatpassword = postVar('repeatpassword');
if ($password != $repeatpassword)
return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
if ($password && (strlen($password) < 6))
return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
$error = '';
global $manager;
$manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
if ($error != '')
return $this->_showActivationPage($key, $error);
// set password
$mem->setPassword($password);
$mem->write();
// do the activation
MEMBER::activate($key);
$this->pagehead();
echo '
',_ACTIVATE_SUCCESS_TITLE,'
';
echo '
',_ACTIVATE_SUCCESS_TEXT,'
';
$this->pagefoot();
}
/**
* Manage team
*/
function action_manageteam() {
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$this->pagehead();
echo "
';
$query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
. ' FROM '.sql_table('member').', '.sql_table('team')
. ' WHERE tmember=mnumber and tblog=' . $blogid;
$template['content'] = 'teamlist';
$template['tabindex'] = 10;
$batch =& new BATCH('team');
$batch->showlist($query, 'table', $template);
?>
pagefoot();
}
/**
* Add member tot tram
*/
function action_teamaddmember() {
global $member, $manager;
$memberid = intPostVar('memberid');
$blogid = intPostVar('blogid');
$admin = intPostVar('admin');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
if (!$blog->addTeamMember($memberid, $admin))
$this->error(_ERROR_ALREADYONTEAM);
$this->action_manageteam();
}
function action_teamdelete() {
global $member, $manager;
$memberid = intRequestVar('memberid');
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$teammem = MEMBER::createFromID($memberid);
$blog =& $manager->getBlog($blogid);
$this->pagehead();
?>
getDisplayName() ?>getName())) ?>
pagefoot();
}
function action_teamdeleteconfirm() {
global $member;
$memberid = intRequestVar('memberid');
$blogid = intRequestVar('blogid');
$error = $this->deleteOneTeamMember($blogid, $memberid);
if ($error)
$this->error($error);
$this->action_manageteam();
}
function deleteOneTeamMember($blogid, $memberid) {
global $member, $manager;
$blogid = intval($blogid);
$memberid = intval($memberid);
// check if allowed
if (!$member->blogAdminRights($blogid))
return _ERROR_DISALLOWED;
// check if: - there remains at least one blog admin
// - (there remains at least one team member)
$tmem = MEMBER::createFromID($memberid);
$manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
if ($tmem->isBlogAdmin($blogid)) {
// check if there are more blog members left and at least one admin
// (check for at least two admins before deletion)
$query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
$r = sql_query($query);
if (mysql_num_rows($r) < 2)
return _ERROR_ATLEASTONEBLOGADMIN;
}
$query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
sql_query($query);
$manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
return '';
}
function action_teamchangeadmin() {
global $member;
$blogid = intRequestVar('blogid');
$memberid = intRequestVar('memberid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$mem = MEMBER::createFromID($memberid);
// don't allow when there is only one admin at this moment
if ($mem->isBlogAdmin($blogid)) {
$r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
if (mysql_num_rows($r) == 1)
$this->error(_ERROR_ATLEASTONEBLOGADMIN);
}
if ($mem->isBlogAdmin($blogid))
$newval = 0;
else
$newval = 1;
$query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
sql_query($query);
// only show manageteam if member did not change its own admin privileges
if ($member->isBlogAdmin($blogid))
$this->action_manageteam();
else
$this->action_overview(_MSG_ADMINCHANGED);
}
function action_blogsettings() {
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
$extrahead = '';
$this->pagehead($extrahead);
echo '
Members currently on your team:
mname) . ' (' . htmlspecialchars($o->mrealname). ')');
echo implode(',', $aMemberNames);
?>
getID().' ORDER BY cname';
$template['content'] = 'categorylist';
$template['tabindex'] = 200;
$batch =& new BATCH('category');
$batch->showlist($query,'table',$template);
?>
',_PLUGINS_EXTRA,'';
$manager->notify(
'BlogSettingsFormExtras',
array(
'blog' => &$blog
)
);
$this->pagefoot();
}
function action_categorynew() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$member->blogAdminRights($blogid) or $this->disallow();
$cname = postVar('cname');
$cdesc = postVar('cdesc');
if (!isValidCategoryName($cname))
$this->error(_ERROR_BADCATEGORYNAME);
$query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
$res = sql_query($query);
if (mysql_num_rows($res) > 0)
$this->error(_ERROR_DUPCATEGORYNAME);
$blog =& $manager->getBlog($blogid);
$newCatID = $blog->createNewCategory($cname, $cdesc);
$this->action_blogsettings();
}
function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
global $member, $manager;
if ($blogid == '')
$blogid = intGetVar('blogid');
else
$blogid = intval($blogid);
if ($catid == '')
$catid = intGetVar('catid');
else
$catid = intval($catid);
$member->blogAdminRights($blogid) or $this->disallow();
$res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
$obj = mysql_fetch_object($res);
$cname = $obj->cname;
$cdesc = $obj->cdesc;
$extrahead = '';
$this->pagehead($extrahead);
?>
''
pagefoot();
}
function action_categoryupdate() {
global $member, $manager;
$blogid = intPostVar('blogid');
$catid = intPostVar('catid');
$cname = postVar('cname');
$cdesc = postVar('cdesc');
$desturl = postVar('desturl');
$member->blogAdminRights($blogid) or $this->disallow();
if (!isValidCategoryName($cname))
$this->error(_ERROR_BADCATEGORYNAME);
$query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
$res = sql_query($query);
if (mysql_num_rows($res) > 0)
$this->error(_ERROR_DUPCATEGORYNAME);
$query = 'UPDATE '.sql_table('category').' SET'
. " cname='" . addslashes($cname) . "',"
. " cdesc='" . addslashes($cdesc) . "'"
. " WHERE catid=" . $catid;
sql_query($query);
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::_applyPluginOptions($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
if ($desturl) {
redirect($desturl);
exit;
} else {
$this->action_blogsettings();
}
}
function action_categorydelete() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$catid = intRequestVar('catid');
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
// check if the category is valid
if (!$blog->isValidCategory($catid))
$this->error(_ERROR_NOSUCHCATEGORY);
// don't allow deletion of default category
if ($blog->getDefaultCategory() == $catid)
$this->error(_ERROR_DELETEDEFCATEGORY);
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = sql_query($query);
if (mysql_num_rows($res) == 1)
$this->error(_ERROR_DELETELASTCATEGORY);
$this->pagehead();
?>
getCategoryName($catid)?>
pagefoot();
}
function action_categorydeleteconfirm() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$catid = intRequestVar('catid');
$member->blogAdminRights($blogid) or $this->disallow();
$error = $this->deleteOneCategory($catid);
if ($error)
$this->error($error);
$this->action_blogsettings();
}
function deleteOneCategory($catid) {
global $manager, $member;
$catid = intval($catid);
$manager->notify('PreDeleteCategory', array('catid' => $catid));
$blogid = getBlogIDFromCatID($catid);
if (!$member->blogAdminRights($blogid))
return ERROR_DISALLOWED;
// get blog
$blog =& $manager->getBlog($blogid);
// check if the category is valid
if (!$blog || !$blog->isValidCategory($catid))
return _ERROR_NOSUCHCATEGORY;
$destcatid = $blog->getDefaultCategory();
// don't allow deletion of default category
if ($blog->getDefaultCategory() == $catid)
return _ERROR_DELETEDEFCATEGORY;
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = sql_query($query);
if (mysql_num_rows($res) == 1)
return _ERROR_DELETELASTCATEGORY;
// change category for all items to the default category
$query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
sql_query($query);
// delete all associated plugin options
NucleusPlugin::_deleteOptionValues('category', $catid);
// delete category
$query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
sql_query($query);
$manager->notify('PostDeleteCategory', array('catid' => $catid));
}
function moveOneCategory($catid, $destblogid) {
global $manager, $member;
$catid = intval($catid);
$destblogid = intval($destblogid);
$blogid = getBlogIDFromCatID($catid);
// mover should have admin rights on both blogs
if (!$member->blogAdminRights($blogid))
return _ERROR_DISALLOWED;
if (!$member->blogAdminRights($destblogid))
return _ERROR_DISALLOWED;
// cannot move to self
if ($blogid == $destblogid)
return _ERROR_MOVETOSELF;
// get blogs
$blog =& $manager->getBlog($blogid);
$destblog =& $manager->getBlog($destblogid);
// check if the category is valid
if (!$blog || !$blog->isValidCategory($catid))
return _ERROR_NOSUCHCATEGORY;
// don't allow default category to be moved
if ($blog->getDefaultCategory() == $catid)
return _ERROR_MOVEDEFCATEGORY;
$manager->notify(
'PreMoveCategory',
array(
'catid' => &$catid,
'sourceblog' => &$blog,
'destblog' => &$destblog
)
);
// update comments table (cblog)
$query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
$items = sql_query($query);
while ($oItem = mysql_fetch_object($items)) {
sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
}
// update items (iblog)
$query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;
sql_query($query);
// move category
$query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;
sql_query($query);
$manager->notify(
'PostMoveCategory',
array(
'catid' => &$catid,
'sourceblog' => &$blog,
'destblog' => $destblog
)
);
}
function action_blogsettingsupdate() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
$notify = trim(postVar('notify'));
$shortname = trim(postVar('shortname'));
$updatefile = trim(postVar('update'));
$notifyComment = intPostVar('notifyComment');
$notifyVote = intPostVar('notifyVote');
$notifyNewItem = intPostVar('notifyNewItem');
if ($notifyComment == 0) $notifyComment = 1;
if ($notifyVote == 0) $notifyVote = 1;
if ($notifyNewItem == 0) $notifyNewItem = 1;
$notifyType = $notifyComment * $notifyVote * $notifyNewItem;
if ($notify) {
$not =& new NOTIFICATION($notify);
if (!$not->validAddresses())
$this->error(_ERROR_BADNOTIFY);
}
if (!isValidShortName($shortname))
$this->error(_ERROR_BADSHORTBLOGNAME);
if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))
$this->error(_ERROR_DUPSHORTBLOGNAME);
// check if update file is writable
if ($updatefile && !is_writeable($updatefile))
$this->error(_ERROR_UPDATEFILE);
$blog->setName(trim(postVar('name')));
$blog->setShortName($shortname);
$blog->setNotifyAddress($notify);
$blog->setNotifyType($notifyType);
$blog->setMaxComments(postVar('maxcomments'));
$blog->setCommentsEnabled(postVar('comments'));
$blog->setTimeOffset(postVar('timeoffset'));
$blog->setUpdateFile($updatefile);
$blog->setURL(trim(postVar('url')));
$blog->setDefaultSkin(intPostVar('defskin'));
$blog->setDescription(trim(postVar('desc')));
$blog->setPublic(postVar('public'));
$blog->setPingUserland(postVar('pinguserland'));
$blog->setConvertBreaks(intPostVar('convertbreaks'));
$blog->setAllowPastPosting(intPostVar('allowpastposting'));
$blog->setDefaultCategory(intPostVar('defcat'));
$blog->setSearchable(intPostVar('searchable'));
$blog->writeSettings();
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::_applyPluginOptions($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));
$this->action_overview(_MSG_SETTINGSCHANGED);
}
function action_deleteblog() {
global $member, $CONF, $manager;
$blogid = intRequestVar('blogid');
$member->blogAdminRights($blogid) or $this->disallow();
// check if blog is default blog
if ($CONF['DefaultBlog'] == $blogid)
$this->error(_ERROR_DELDEFBLOG);
$blog =& $manager->getBlog($blogid);
$this->pagehead();
?>
getName())?>
pagefoot();
}
function action_deleteblogconfirm() {
global $member, $CONF, $manager;
$blogid = intRequestVar('blogid');
$manager->notify('PreDeleteBlog', array('blogid' => $blogid));
$member->blogAdminRights($blogid) or $this->disallow();
// check if blog is default blog
if ($CONF['DefaultBlog'] == $blogid)
$this->error(_ERROR_DELDEFBLOG);
// delete all comments
$query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
sql_query($query);
// delete all items
$query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
sql_query($query);
// delete all team members
$query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
sql_query($query);
// delete all bans
$query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
sql_query($query);
// delete all categories
$query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
sql_query($query);
// delete all associated plugin options
NucleusPlugin::_deleteOptionValues('blog', $blogid);
// delete the blog itself
$query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
sql_query($query);
$manager->notify('PostDeleteBlog', array('blogid' => $blogid));
$this->action_overview(_DELETED_BLOG);
}
function action_memberdelete() {
global $member, $manager;
$memberid = intRequestVar('memberid');
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$mem = MEMBER::createFromID($memberid);
$this->pagehead();
?>
getDisplayName() ?>
Please note that media files will NOT be deleted. (At least not in this Nucleus version)
pagefoot();
}
function action_memberdeleteconfirm() {
global $member;
$memberid = intRequestVar('memberid');
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$error = $this->deleteOneMember($memberid);
if ($error)
$this->error($error);
if ($member->isAdmin())
$this->action_usermanagement();
else
$this->action_overview(_DELETED_MEMBER);
}
// (static)
function deleteOneMember($memberid) {
global $manager;
$memberid = intval($memberid);
$mem = MEMBER::createFromID($memberid);
if (!$mem->canBeDeleted())
return _ERROR_DELETEMEMBER;
$manager->notify('PreDeleteMember', array('member' => &$mem));
$query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;
sql_query($query);
$query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;
sql_query($query);
$query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;
sql_query($query);
// delete all associated plugin options
NucleusPlugin::_deleteOptionValues('member', $memberid);
$manager->notify('PostDeleteMember', array('member' => &$mem));
return '';
}
function action_createnewlog() {
global $member, $CONF, $manager;
// Only Super-Admins can do this
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
pagefoot();
}
function action_templatedeleteconfirm() {
global $member, $manager;
$templateid = intRequestVar('templateid');
$member->isAdmin() or $this->disallow();
$manager->notify('PreDeleteTemplate', array('templateid' => $templateid));
// 1. delete description
sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid);
// 2. delete parts
sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
$manager->notify('PostDeleteTemplate', array('templateid' => $templateid));
$this->action_templateoverview();
}
function action_templatenew() {
global $member;
$member->isAdmin() or $this->disallow();
$name = postVar('name');
$desc = postVar('desc');
if (!isValidTemplateName($name))
$this->error(_ERROR_BADTEMPLATENAME);
if (TEMPLATE::exists($name))
$this->error(_ERROR_DUPTEMPLATENAME);
$newTemplateId = TEMPLATE::createNew($name, $desc);
$this->action_templateoverview();
}
function action_templateclone() {
global $member;
$templateid = intRequestVar('templateid');
$member->isAdmin() or $this->disallow();
// 1. read old template
$name = TEMPLATE::getNameFromId($templateid);
$desc = TEMPLATE::getDesc($templateid);
// 2. create desc thing
$name = "cloned" . $name;
// if a template with that name already exists:
if (TEMPLATE::exists($name)) {
$i = 1;
while (TEMPLATE::exists($name . $i))
$i++;
$name .= $i;
}
$newid = TEMPLATE::createNew($name, $desc);
// 3. create clone
// go through parts of old template and add them to the new one
$res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
while ($o = mysql_fetch_object($res)) {
$this->addToTemplate($newid, $o->tpartname, $o->tcontent);
}
$this->action_templateoverview();
}
function action_skinoverview() {
global $member, $manager;
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
?>
pagefoot();
}
function action_backupcreate() {
global $member, $DIR_LIBS;
$member->isAdmin() or $this->disallow();
// use compression ?
$useGzip = intval(postVar('gzip'));
include($DIR_LIBS . 'backup.php');
// try to extend time limit
// (creating/restoring dumps might take a while)
@set_time_limit(1200);
do_backup($useGzip);
exit;
}
function action_backuprestore() {
global $member, $DIR_LIBS;
$member->isAdmin() or $this->disallow();
if (intPostVar('letsgo') != 1)
$this->error(_ERROR_BACKUP_NOTSURE);
include($DIR_LIBS . 'backup.php');
// try to extend time limit
// (creating/restoring dumps might take a while)
@set_time_limit(1200);
$message = do_restore();
if ($message != '')
$this->error($message);
$this->pagehead();
?>
pagefoot();
}
function action_pluginlist() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
}
$this->pagefoot();
}
function action_pluginadd() {
global $member, $manager, $DIR_PLUGINS;
// check if allowed
$member->isAdmin() or $this->disallow();
$name = postVar('filename');
if ($manager->pluginInstalled($name))
$this->error(_ERROR_DUPPLUGIN);
if (!checkPlugin($name))
$this->error(_ERROR_PLUGFILEERROR . ' (' . $name . ')');
// check if the plugin dependency is met
$plugin =& $manager->getPlugin($name);
$pluginList = $plugin->getPluginDep();
foreach ($pluginList as $pluginName)
{
$res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
if (mysql_num_rows($res) == 0)
{
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
$this->error(_ERROR_INSREQPLUGIN . $pluginName);
}
}
// get number of currently installed plugins
$numCurrent = mysql_num_rows(sql_query('SELECT * FROM '.sql_table('plugin')));
// plugin will be added as last one in the list
$newOrder = $numCurrent + 1;
$manager->notify(
'PreAddPlugin',
array(
'file' => &$name
)
);
// do this before calling getPlugin (in case the plugin id is used there)
$query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.addslashes($name).'")';
sql_query($query);
$iPid = mysql_insert_id();
// need to update the plugin object's pid since we didn't have it above when it's first create....
$plugin->plugid = $iPid;
$manager->clearCachedInfo('installedPlugins');
// call the install method of the plugin
if (!$plugin)
{
sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));
$manager->clearCachedInfo('installedPlugins');
$this->error('Plugin could not be loaded, or does not support certain features that are required for it to run on your Nucleus installation (you might want to check the actionlog for more info)');
}
// check if plugin needs a newer Nucleus version
if (getNucleusVersion() < $plugin->getMinNucleusVersion())
{
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
// ...and show error
$this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion());
}
// check if plugin needs a newer Nucleus version
if ((getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()))
{
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
// ...and show error
$this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel());
}
$plugin->install();
$manager->notify(
'PostAddPlugin',
array(
'plugin' => &$plugin
)
);
// update all events
$this->action_pluginupdate();
}
function action_pluginupdate() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
// delete everything from plugin_events
sql_query('DELETE FROM '.sql_table('plugin_event'));
// loop over all installed plugins
$res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
while($o = mysql_fetch_object($res)) {
$pid = $o->pid;
$plug =& $manager->getPlugin($o->pfile);
if ($plug)
{
$eventList = $plug->getEventList();
foreach ($eventList as $eventName)
sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.addslashes($eventName).'\')');
}
}
$this->action_pluginlist();
}
function action_plugindelete() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$pid = intGetVar('plugid');
if (!$manager->pidInstalled($pid))
$this->error(_ERROR_NOSUCHPLUGIN);
$this->pagehead();
?>
?
pagefoot();
}
function action_plugindeleteconfirm() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$pid = intPostVar('plugid');
$error = $this->deleteOnePlugin($pid, 1);
if ($error) {
$this->error($error);
}
$this->action_pluginlist();
}
function deleteOnePlugin($pid, $callUninstall = 0) {
global $manager;
$pid = intval($pid);
if (!$manager->pidInstalled($pid))
return _ERROR_NOSUCHPLUGIN;
$name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid);
// call the unInstall method of the plugin
if ($callUninstall) {
$plugin =& $manager->getPlugin($name);
if ($plugin) $plugin->unInstall();
}
// check dependency before delete
$res = sql_query('SELECT pfile FROM '.sql_table('plugin'));
while($o = mysql_fetch_object($res)) {
$plug =& $manager->getPlugin($o->pfile);
if ($plug)
{
$depList = $plug->getPluginDep();
foreach ($depList as $depName)
{
if ($name == $depName)
{
return _ERROR_DELREQPLUGIN . $o->pfile;
}
}
}
}
$manager->notify('PreDeletePlugin', array('plugid' => $pid));
// delete all subscriptions
sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid);
// delete all options
// get OIDs from plugin_option_desc
$res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
$aOIDs = array();
while ($o = mysql_fetch_object($res)) {
array_push($aOIDs, $o->oid);
}
// delete from plugin_option and plugin_option_desc
sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid);
if (count($aOIDs) > 0)
sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')');
// update order numbers
$o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid));
sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder);
// delete row
sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid);
$manager->clearCachedInfo('installedPlugins');
$manager->notify('PostDeletePlugin', array('plugid' => $pid));
return '';
}
function action_pluginup() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$plugid = intGetVar('plugid');
if (!$manager->pidInstalled($plugid))
$this->error(_ERROR_NOSUCHPLUGIN);
// 1. get old order number
$o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid));
$oldOrder = $o->porder;
// 2. calculate new order number
$newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
// 3. update plug numbers
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
$this->action_pluginlist();
}
function action_plugindown() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$plugid = intGetVar('plugid');
if (!$manager->pidInstalled($plugid))
$this->error(_ERROR_NOSUCHPLUGIN);
// 1. get old order number
$o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid));
$oldOrder = $o->porder;
$maxOrder = mysql_num_rows(sql_query('SELECT * FROM '.sql_table('plugin')));
// 2. calculate new order number
$newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
// 3. update plug numbers
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
$this->action_pluginlist();
}
function action_pluginoptions($message = '') {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$pid = intRequestVar('plugid');
if (!$manager->pidInstalled($pid))
$this->error(_ERROR_NOSUCHPLUGIN);
$extrahead = '';
$this->pagehead($extrahead);
?>
',_LIST_PLUGS_SUBS,' ',htmlspecialchars(implode($plug->getEventList(),', '));
// check the database to see if it is up-to-date and notice the user if not
}
if (!$plug->subscribtionListIsUptodate()) {
echo '
',_LIST_PLUG_SUBS_NEEDUPDATE,'';
}
if (sizeof($plug->getPluginDep()) > 0)
echo '
Error: plugin file ',htmlspecialchars($current->pfile),'.php could not be loaded, or it has been set inactive because it does not support some features (check the actionlog for more info)
';
}
echo '
';
$baseUrl = 'index.php?plugid=' . intval($current->pid) . '&action=';
$url = $manager->addTicketToUrl($baseUrl . 'pluginup');
echo "",_LIST_PLUGS_UP,"";
$url = $manager->addTicketToUrl($baseUrl . 'plugindown');
echo " ",_LIST_PLUGS_DOWN,"";
echo " ",_LIST_PLUGS_UNINSTALL,"";
if ($plug && ($plug->hasAdminArea() > 0))
echo " ",_LIST_PLUGS_ADMIN,"";
if ($plug && ($plug->supportsFeature('HelpPage') > 0))
echo " ",_LIST_PLUGS_HELP,"";
if (quickQuery('SELECT COUNT(*) AS result FROM '.sql_table('plugin_option_desc').' WHERE ocontext=\'global\' and opid='.$current->pid) > 0)
echo " ",_LIST_PLUGS_OPTIONS,"";
echo '
';
break;
}
}
function listplug_table_plugoptionlist($template, $type) {
global $manager;
switch($type) {
case 'HEAD':
echo '
'._LISTS_INFO.'
'._LISTS_VALUE.'
';
break;
case 'BODY':
$current = $template['current'];
listplug_plugOptionRow($current);
break;
case 'FOOT':
?>
";
break;
}
}
// for batch operations: generates the index numbers for checkboxes
function listplug_nextBatchId() {
static $id = 0;
return $id++;
}
function listplug_table_commentlist($template, $type) {
switch($type) {
case 'HEAD':
echo "
";
break;
}
}
function listplug_table_skinlist($template, $type) {
global $CONF, $DIR_SKINS, $manager;
switch($type) {
case 'HEAD':
echo "
"._LISTS_NAME."
"._LISTS_DESC."
"._LISTS_ACTIONS."
";
break;
case 'BODY':
$current = $template['current'];
echo '
';
// use a special style for the default skin
if ($current->sdnumber == $CONF['BaseSkin']) {
echo '',htmlspecialchars($current->sdname),'';
} else {
echo htmlspecialchars($current->sdname);
}
echo '
" , htmlspecialchars($current->sddesc);
// show list of defined parts
$r = sql_query('SELECT stype FROM '.sql_table('skin').' WHERE sdesc='.$current->sdnumber . ' ORDER BY stype');
$types = array();
while ($o = mysql_fetch_object($r))
array_push($types,$o->stype);
if (sizeof($types) > 0) {
$friendlyNames = SKIN::getFriendlyNames();
for ($i=0;$i' . htmlspecialchars($friendlyNames[$type]) . "";
}
echo '
";
break;
}
}
/**
* Returns the Javascript code for a bookmarklet that works on most modern browsers
*
* @param blogid
*/
function getBookmarklet($blogid) {
global $CONF;
// normal
$document = 'document';
$bookmarkletline = "javascript:Q='';x=".$document.";y=window;if(x.selection){Q=x.selection.createRange().text;}else if(y.getSelection){Q=y.getSelection();}else if(x.getSelection){Q=x.getSelection();}wingm=window.open('";
$bookmarkletline .= $CONF['AdminURL'] . "bookmarklet.php?blogid=$blogid";
$bookmarkletline .="&logtext='+escape(Q)+'&loglink='+escape(x.location.href)+'&loglinktitle='+escape(x.title),'nucleusbm','scrollbars=yes,width=600,height=500,left=10,top=10,status=yes,resizable=yes');wingm.focus();";
return $bookmarkletline;
}
?>
,'preview-large.png)
';
if ($hasEnlargement)
echo '