';
}
$this->pagefoot();
}
/**
* Returns a link to a weblog
* @param object BLOG
*/
function bloglink(&$blog) {
return ''. htmlspecialchars( $blog->getName() ) .'';
}
/**
* @todo document this
*/
function action_manage($msg = '') {
global $member;
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
// amount of items to show
if (postVar('amount'))
$amount = intPostVar('amount');
else {
$amount = intval($CONF['DefaultListSize']);
if ($amount < 1)
$amount = 10;
}
$search = postVar('search'); // search through items
$query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime, bnumber, catid'
. ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
. ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
if ($search)
$query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';
// non-blog-admins can only edit/delete their own items
if (!$member->blogAdminRights($blogid))
$query .= ' and iauthor=' . $member->getID();
$query .= ' ORDER BY itime DESC'
. " LIMIT $start,$amount";
$template['content'] = 'itemlist';
$template['now'] = $blog->getCorrectTime(time());
$manager->loadClass("ENCAPSULATE");
$navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('item',$query,'table',$template);
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchitem() {
global $member, $manager;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On move: when no destination blog/category chosen, show choice now
$destCatid = intRequestVar('destcatid');
if (($action == 'move') && (!$manager->existsCategory($destCatid)))
$this->batchMoveSelectDestination('item',$selected);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('item',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchcomment() {
global $member;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('comment',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchmember() {
global $member;
// check if logged in and admin
($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no members selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('member',$selected);
$this->pagehead();
echo '(',_MEMBERS_BACKTOOVERVIEW,')';
echo '
';
// walk over all itemids and perform action
foreach ($selected as $memberid) {
$memberid = intval($memberid);
echo '
',_BATCH_EXECUTING,' ',htmlspecialchars($action),' ',_BATCH_ONMEMBER,' ', $memberid, '...';
// perform action, display errors if needed
switch($action) {
case 'delete':
$error = $this->deleteOneMember($memberid);
break;
case 'setadmin':
// always succeeds
sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
$error = '';
break;
case 'unsetadmin':
// there should always remain at least one super-admin
$r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
if (sql_num_rows($r) < 2)
$error = _ERROR_ATLEASTONEADMIN;
else
sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
break;
default:
$error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '',($error ? $error : _BATCH_SUCCESS),'';
echo '
';
}
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchteam() {
global $member;
$blogid = intRequestVar('blogid');
// check if logged in and admin
($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no members selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('team',$selected);
$this->pagehead();
echo '
';
// walk over all itemids and perform action
foreach ($selected as $memberid) {
$memberid = intval($memberid);
echo '
',_BATCH_EXECUTING,' ',htmlspecialchars($action),' ',_BATCH_ONTEAM,' ', $memberid, '...';
// perform action, display errors if needed
switch($action) {
case 'delete':
$error = $this->deleteOneTeamMember($blogid, $memberid);
break;
case 'setadmin':
// always succeeds
sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
$error = '';
break;
case 'unsetadmin':
// there should always remain at least one admin
$r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
if (sql_num_rows($r) < 2)
$error = _ERROR_ATLEASTONEBLOGADMIN;
else
sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
break;
default:
$error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '',($error ? $error : _BATCH_SUCCESS),'';
echo '
';
}
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchcategory() {
global $member, $manager;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On move: when no destination blog chosen, show choice now
$destBlogId = intRequestVar('destblogid');
if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
$this->batchMoveCategorySelectDestination('category',$selected);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('category',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function batchMoveSelectDestination($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
/**
* @todo document this
*/
function batchMoveCategorySelectDestination($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
/**
* @todo document this
*/
function batchAskDeleteConfirmation($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
/**
* Inserts a HTML select element with choices for all categories to which the current
* member has access
* @see function selectBlog
*/
function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
}
/**
* Inserts a HTML select element with choices for all blogs to which the user has access
* mode = 'blog' => shows blognames and values are blogids
* mode = 'category' => show category names and values are catids
*
* @param $iForcedBlogInclude
* ID of a blog that always needs to be included, without checking if the
* member is on the blog team (-1 = none)
* @todo document parameters
*/
function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
global $member, $CONF;
// 0. get IDs of blogs to which member can post items (+ forced blog)
$aBlogIds = array();
if ($iForcedBlogInclude != -1)
$aBlogIds[] = intval($iForcedBlogInclude);
if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
else
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
$rblogids = sql_query($queryBlogs);
while ($o = sql_fetch_object($rblogids))
if ($o->bnumber != $iForcedBlogInclude)
$aBlogIds[] = intval($o->bnumber);
if (count($aBlogIds) == 0)
return;
echo '';
}
/**
* @todo document this
*/
function action_browseownitems() {
global $member, $manager, $CONF;
$this->pagehead();
echo '
';
// start index
if (postVar('start'))
$start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
$amount = intPostVar('amount');
else {
$amount = intval($CONF['DefaultListSize']);
if ($amount < 1)
$amount = 10;
}
$search = postVar('search'); // search through items
$query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
. ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
. ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
if ($search)
$query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';
$query .= ' ORDER BY itime DESC'
. " LIMIT $start,$amount";
$template['content'] = 'itemlist';
$template['now'] = time();
$manager->loadClass("ENCAPSULATE");
$navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);
$navList->showBatchList('item',$query,'table',$template);
$this->pagefoot();
}
/**
* Show all the comments for a given item
* @param int $itemid
*/
function action_itemcommentlist($itemid = '') {
global $member, $manager, $CONF;
if ($itemid == '')
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$blogid = getBlogIdFromItemId($itemid);
$this->pagehead();
// start index
if (postVar('start'))
$start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
$amount = intPostVar('amount');
else {
$amount = intval($CONF['DefaultListSize']);
if ($amount < 1)
$amount = 10;
}
$search = postVar('search');
echo '
';
$template['content'] = 'commentlist';
$template['canAddBan'] = $member->blogAdminRights($blogid);
$manager->loadClass("ENCAPSULATE");
$navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
$this->pagefoot();
}
/**
* Provide a page to item a new item to the given blog
*/
function action_createitem() {
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->teamRights($blogid) or $this->disallow();
$memberid = $member->getID();
$blog =& $manager->getBlog($blogid);
$this->pagehead();
// generate the add-item form
$formfactory =& new PAGEFACTORY($blogid);
$formfactory->createAddForm('admin');
$this->pagefoot();
}
/**
* @todo document this
*/
function action_itemedit() {
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$item =& $manager->getItem($itemid,1,1);
$blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
$manager->notify('PrepareItemForEdit', array('item' => &$item));
if ($blog->convertBreaks()) {
$item['body'] = removeBreaks($item['body']);
$item['more'] = removeBreaks($item['more']);
}
// form to edit blog items
$this->pagehead();
$formfactory =& new PAGEFACTORY($blog->getID());
$formfactory->createEditForm('admin',$item);
$this->pagefoot();
}
/**
* @todo document this
*/
function action_itemupdate() {
global $member, $manager, $CONF;
$itemid = intRequestVar('itemid');
$catid = postVar('catid');
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
$actiontype = postVar('actiontype');
// delete actions are handled by itemdelete (which has confirmation)
if ($actiontype == 'delete') {
$this->action_itemdelete();
return;
}
$body = postVar('body');
$title = postVar('title');
$more = postVar('more');
$closed = intPostVar('closed');
$draftid = intPostVar('draftid');
// default action = add now
if (!$actiontype)
$actiontype='addnow';
// create new category if needed
if (strstr($catid,'newcat')) {
// get blogid
list($blogid) = sscanf($catid,"newcat-%d");
// create
$blog =& $manager->getBlog($blogid);
$catid = $blog->createNewCategory();
// show error when sth goes wrong
if (!$catid)
$this->doError(_ERROR_CATCREATEFAIL);
}
/*
set some variables based on actiontype
actiontypes:
draft items -> addnow, addfuture, adddraft, delete
non-draft items -> edit, changedate, delete
variables set:
$timestamp: set to a nonzero value for future dates or date changes
$wasdraft: set to 1 when the item used to be a draft item
$publish: set to 1 when the edited item is not a draft
*/
$blogid = getBlogIDFromItemID($itemid);
$blog =& $manager->getBlog($blogid);
$wasdrafts = array('adddraft', 'addfuture', 'addnow');
$wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
$publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
if ($actiontype == 'addfuture' || $actiontype == 'changedate') {
$timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
} else {
$timestamp =0;
}
// edit the item for real
ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
$this->updateFuturePosted($blogid);
if ($draftid > 0) {
// delete permission is checked inside ITEM::delete()
ITEM::delete($draftid);
}
// show category edit window when we created a new category
// ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
if ($catid != intPostVar('catid')) {
$this->action_categoryedit(
$catid,
$blog->getID(),
$CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
);
} else {
// TODO: set start item correctly for itemlist
$this->action_itemlist(getBlogIDFromItemID($itemid));
}
}
/**
* @todo document this
*/
function action_itemdelete() {
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
if (!$manager->existsItem($itemid,1,1))
$this->error(_ERROR_NOSUCHITEM);
$item =& $manager->getItem($itemid,1,1);
$title = htmlspecialchars(strip_tags($item['title']));
$body = strip_tags($item['body']);
$body = htmlspecialchars(shorten($body,300,'...'));
$this->pagehead();
?>
""
pagefoot();
}
/**
* @todo document this
*/
function action_itemdeleteconfirm() {
global $member;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
// get blogid first
$blogid = getBlogIdFromItemId($itemid);
// delete item (note: some checks will be performed twice)
$this->deleteOneItem($itemid);
$this->action_itemlist($blogid);
}
/**
* Deletes one item and returns error if something goes wrong
* @param int $itemid
*/
function deleteOneItem($itemid) {
global $member, $manager;
// only allow if user is allowed to alter item (also checks if itemid exists)
if (!$member->canAlterItem($itemid))
return _ERROR_DISALLOWED;
// need to get blogid before the item is deleted
$blogid = getBlogIDFromItemId($itemid);
$manager->loadClass('ITEM');
ITEM::delete($itemid);
// update blog's futureposted
$this->updateFuturePosted($blogid);
}
/**
* Update a blog's future posted flag
* @param int $blogid
*/
function updateFuturePosted($blogid) {
global $manager;
$blog =& $manager->getBlog($blogid);
$currenttime = $blog->getCorrectTime(time());
$result = sql_query("SELECT * FROM ".sql_table('item').
" WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));
if (sql_num_rows($result) > 0) {
$blog->setFuturePost();
}
else {
$blog->clearFuturePost();
}
}
/**
* @todo document this
*/
function action_itemmove() {
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$item =& $manager->getItem($itemid,1,1);
$this->pagehead();
?>
pagefoot();
}
/**
* @todo document this
*/
function action_itemmoveto() {
global $member, $manager;
$itemid = intRequestVar('itemid');
$catid = requestVar('catid');
// create new category if needed
if (strstr($catid,'newcat')) {
// get blogid
list($blogid) = sscanf($catid,'newcat-%d');
// create
$blog =& $manager->getBlog($blogid);
$catid = $blog->createNewCategory();
// show error when sth goes wrong
if (!$catid)
$this->doError(_ERROR_CATCREATEFAIL);
}
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
$old_blogid = getBlogIDFromItemId($itemid);
ITEM::move($itemid, $catid);
// set the futurePosted flag on the blog
$this->updateFuturePosted(getBlogIDFromItemId($itemid));
// reset the futurePosted in case the item is moved from one blog to another
$this->updateFuturePosted($old_blogid);
if ($catid != intRequestVar('catid'))
$this->action_categoryedit($catid, $blog->getID());
else
$this->action_itemlist(getBlogIDFromCatID($catid));
}
/**
* Moves one item to a given category (category existance should be checked by caller)
* errors are returned
* @param int $itemid
* @param int $destCatid category ID to which the item will be moved
*/
function moveOneItem($itemid, $destCatid) {
global $member;
// only allow if user is allowed to move item
if (!$member->canUpdateItem($itemid, $destCatid))
return _ERROR_DISALLOWED;
ITEM::move($itemid, $destCatid);
}
/**
* Adds a item to the chosen blog
*/
function action_additem() {
global $manager, $CONF;
$manager->loadClass('ITEM');
$result = ITEM::createFromRequest();
if ($result['status'] == 'error')
$this->error($result['message']);
$blogid = getBlogIDFromItemID($result['itemid']);
$blog =& $manager->getBlog($blogid);
$btimestamp = $blog->getCorrectTime();
$item = $manager->getItem(intval($result['itemid']), 1, 1);
if ($result['status'] == 'newcategory') {
$distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
$this->action_categoryedit($result['catid'], $blogid, $distURI);
} else {
$methodName = 'action_itemList';
call_user_func(array(&$this, $methodName), $blogid);
}
}
/**
* Allows to edit previously made comments
*/
function action_commentedit() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$comment = COMMENT::getComment($commentid);
$manager->notify('PrepareCommentForEdit',array('comment' => &$comment));
// change to \n
$comment['body'] = str_replace(' ','',$comment['body']);
// replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0
/* original eregi_replace: eregi_replace("[^<]*", "\\1", $comment['body']) */
$comment['body'] = preg_replace("#[^<]*#i", "\\1", $comment['body']);
$this->pagehead();
?>
pagefoot();
}
/**
* @todo document this
*/
function action_commentupdate() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$url = postVar('url');
$email = postVar('email');
$body = postVar('body');
# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
# original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE
# important note that '\' must be matched with '\\\\' in preg* expressions
// intercept words that are too long
if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
{
$this->error(_ERROR_COMMENT_LONGWORD);
}
// check length
if (strlen($body) < 3)
{
$this->error(_ERROR_COMMENT_NOCOMMENT);
}
if (strlen($body)>5000)
{
$this->error(_ERROR_COMMENT_TOOLONG);
}
// prepare body
$body = COMMENT::prepareBody($body);
// call plugins
$manager->notify('PreUpdateComment',array('body' => &$body));
$query = 'UPDATE '.sql_table('comment')
. " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"
. " WHERE cnumber=" . $commentid;
sql_query($query);
// get itemid
$res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
$o = sql_fetch_object($res);
$itemid = $o->citem;
if ($member->canAlterItem($itemid))
$this->action_itemcommentlist($itemid);
else
$this->action_browseowncomments();
}
/**
* @todo document this
*/
function action_commentdelete() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$comment = COMMENT::getComment($commentid);
$body = strip_tags($comment['body']);
$body = htmlspecialchars(shorten($body, 300, '...'));
if ($comment['member'])
$author = $comment['member'];
else
$author = $comment['user'];
$this->pagehead();
?>
: :
pagefoot();
}
/**
* @todo document this
*/
function action_commentdeleteconfirm() {
global $member;
$commentid = intRequestVar('commentid');
// get item id first
$res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
$o = sql_fetch_object($res);
$itemid = $o->citem;
$error = $this->deleteOneComment($commentid);
if ($error)
$this->doError($error);
if ($member->canAlterItem($itemid))
$this->action_itemcommentlist($itemid);
else
$this->action_browseowncomments();
}
/**
* @todo document this
*/
function deleteOneComment($commentid) {
global $member, $manager;
$commentid = intval($commentid);
if (!$member->canAlterComment($commentid))
return _ERROR_DISALLOWED;
$manager->notify('PreDeleteComment', array('commentid' => $commentid));
// delete the comments associated with the item
$query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;
sql_query($query);
$manager->notify('PostDeleteComment', array('commentid' => $commentid));
return '';
}
/**
* Usermanagement main
*/
function action_usermanagement() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
// show list of members with actions
$query = 'SELECT *'
. ' FROM '.sql_table('member');
$template['content'] = 'memberlist';
$template['tabindex'] = 10;
$manager->loadClass("ENCAPSULATE");
$batch =& new BATCH('member');
$batch->showlist($query,'table',$template);
echo '
' . _MEMBERS_NEW .'
';
?>
pagefoot();
}
/**
* Edit member settings
*/
function action_memberedit() {
$this->action_editmembersettings(intRequestVar('memberid'));
}
/**
* @todo document this
*/
function action_editmembersettings($memberid = '') {
global $member, $manager, $CONF;
if ($memberid == '')
$memberid = $member->getID();
// check if allowed
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$extrahead = '';
$this->pagehead($extrahead);
// show message to go back to member overview (only for admins)
if ($member->isAdmin())
echo '(' ._MEMBERS_BACKTOOVERVIEW. ')';
else
echo '(' ._BACKHOME. ')';
echo '
' . _MEMBERS_EDIT . '
';
$mem = MEMBER::createFromID($memberid);
?>
',_PLUGINS_EXTRA,'';
$manager->notify(
'MemberSettingsFormExtras',
array(
'member' => &$mem
)
);
$this->pagefoot();
}
/**
* @todo document this
*/
function action_changemembersettings() {
global $member, $CONF, $manager;
$memberid = intRequestVar('memberid');
// check if allowed
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$name = trim(strip_tags(postVar('name')));
$realname = trim(strip_tags(postVar('realname')));
$password = postVar('password');
$repeatpassword = postVar('repeatpassword');
$email = strip_tags(postVar('email'));
$url = strip_tags(postVar('url'));
# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
# original eregi: !eregi("^https?://", $url)
// begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
if (!preg_match('#^https?://#', $url) )
{
$url = 'http://' . $url;
}
$admin = postVar('admin');
$canlogin = postVar('canlogin');
$notes = strip_tags(postVar('notes'));
$deflang = postVar('deflang');
$mem = MEMBER::createFromID($memberid);
if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
if (!isValidDisplayName($name))
$this->error(_ERROR_BADNAME);
if (($name != $mem->getDisplayName()) && MEMBER::exists($name))
$this->error(_ERROR_NICKNAMEINUSE);
if ($password != $repeatpassword)
$this->error(_ERROR_PASSWORDMISMATCH);
if ($password && (strlen($password) < 6))
$this->error(_ERROR_PASSWORDTOOSHORT);
if ($password) {
$pwdvalid = true;
$pwderror = '';
$manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
if (!$pwdvalid) {
$this->error($pwderror);
}
}
}
if (!isValidMailAddress($email))
$this->error(_ERROR_BADMAILADDRESS);
if (!$realname)
$this->error(_ERROR_REALNAMEMISSING);
if (($deflang != '') && (!checkLanguage($deflang)))
$this->error(_ERROR_NOSUCHLANGUAGE);
// check if there will remain at least one site member with both the logon and admin rights
// (check occurs when taking away one of these rights from such a member)
if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
|| (!$canlogin && $mem->isAdmin() && $mem->canLogin())
)
{
$r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
if (sql_num_rows($r) < 2)
$this->error(_ERROR_ATLEASTONEADMIN);
}
if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
$mem->setDisplayName($name);
if ($password)
$mem->setPassword($password);
}
$oldEmail = $mem->getEmail();
$mem->setRealName($realname);
$mem->setEmail($email);
$mem->setURL($url);
$mem->setNotes($notes);
$mem->setLanguage($deflang);
// only allow super-admins to make changes to the admin status
if ($member->isAdmin()) {
$mem->setAdmin($admin);
$mem->setCanLogin($canlogin);
}
$autosave = postVar ('autosave');
$mem->setAutosave($autosave);
$mem->write();
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::_applyPluginOptions($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
// if email changed, generate new password
if ($oldEmail != $mem->getEmail())
{
$mem->sendActivationLink('addresschange', $oldEmail);
// logout member
$mem->newCookieKey();
// only log out if the member being edited is the current member.
if ($member->getID() == $memberid)
$member->logout();
$this->action_login(_MSG_ACTIVATION_SENT, 0);
return;
}
if ( ( $mem->getID() == $member->getID() )
&& ( $mem->getDisplayName() != $member->getDisplayName() )
) {
$mem->newCookieKey();
$member->logout();
$this->action_login(_MSG_LOGINAGAIN, 0);
} else {
$this->action_overview(_MSG_SETTINGSCHANGED);
}
}
/**
* @todo document this
*/
function action_memberadd() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
if (postVar('password') != postVar('repeatpassword'))
$this->error(_ERROR_PASSWORDMISMATCH);
if (strlen(postVar('password')) < 6)
$this->error(_ERROR_PASSWORDTOOSHORT);
$res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
if ($res != 1)
$this->error($res);
// fire PostRegister event
$newmem = new MEMBER();
$newmem->readFromName(postVar('name'));
$manager->notify('PostRegister',array('member' => &$newmem));
$this->action_usermanagement();
}
/**
* Account activation
*
* @author dekarma
*/
function action_activate() {
$key = getVar('key');
$this->_showActivationPage($key);
}
/**
* @todo document this
*/
function _showActivationPage($key, $message = '')
{
global $manager;
// clean up old activation keys
MEMBER::cleanupActivationTable();
// get activation info
$info = MEMBER::getActivationInfo($key);
if (!$info)
$this->error(_ERROR_ACTIVATE);
$mem = MEMBER::createFromId($info->vmember);
if (!$mem)
$this->error(_ERROR_ACTIVATE);
$text = '';
$title = '';
$bNeedsPasswordChange = true;
switch ($info->vtype)
{
case 'forgot':
$title = _ACTIVATE_FORGOT_TITLE;
$text = _ACTIVATE_FORGOT_TEXT;
break;
case 'register':
$title = _ACTIVATE_REGISTER_TITLE;
$text = _ACTIVATE_REGISTER_TEXT;
break;
case 'addresschange':
$title = _ACTIVATE_CHANGE_TITLE;
$text = _ACTIVATE_CHANGE_TEXT;
$bNeedsPasswordChange = false;
MEMBER::activate($key);
break;
}
$aVars = array(
'memberName' => htmlspecialchars($mem->getDisplayName())
);
$title = TEMPLATE::fill($title, $aVars);
$text = TEMPLATE::fill($text, $aVars);
$this->pagehead();
echo '
' , $title, '
';
echo '
' , $text, '
';
if ($message != '')
{
echo '
',$message,'
';
}
if ($bNeedsPasswordChange)
{
?>
pagefoot();
}
/**
* Account activation - set password part
*
* @author dekarma
*/
function action_activatesetpwd() {
$key = postVar('key');
// clean up old activation keys
MEMBER::cleanupActivationTable();
// get activation info
$info = MEMBER::getActivationInfo($key);
if (!$info || ($info->type == 'addresschange'))
return $this->_showActivationPage($key, _ERROR_ACTIVATE);
$mem = MEMBER::createFromId($info->vmember);
if (!$mem)
return $this->_showActivationPage($key, _ERROR_ACTIVATE);
$password = postVar('password');
$repeatpassword = postVar('repeatpassword');
if (!$password) {
return $this->_showActivationPage($key, _ERROR_PASSWORDMISSING);
}
if ($password != $repeatpassword) {
return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
}
if (strlen($password) < 6) {
return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
}
$pwdvalid = true;
$pwderror = '';
global $manager;
$manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
if (!$pwdvalid) {
return $this->_showActivationPage($key,$pwderror);
}
$error = '';
$manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
if ($error != '')
return $this->_showActivationPage($key, $error);
// set password
$mem->setPassword($password);
$mem->write();
// do the activation
MEMBER::activate($key);
$this->pagehead();
echo '
',_ACTIVATE_SUCCESS_TITLE,'
';
echo '
',_ACTIVATE_SUCCESS_TEXT,'
';
$this->pagefoot();
}
/**
* Manage team
*/
function action_manageteam() {
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$this->pagehead();
echo "
';
$query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
. ' FROM '.sql_table('member').', '.sql_table('team')
. ' WHERE tmember=mnumber and tblog=' . $blogid;
$template['content'] = 'teamlist';
$template['tabindex'] = 10;
$manager->loadClass("ENCAPSULATE");
$batch =& new BATCH('team');
$batch->showlist($query, 'table', $template);
?>
pagefoot();
}
/**
* Add member to team
*/
function action_teamaddmember() {
global $member, $manager;
$memberid = intPostVar('memberid');
$blogid = intPostVar('blogid');
$admin = intPostVar('admin');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
if (!$blog->addTeamMember($memberid, $admin))
$this->error(_ERROR_ALREADYONTEAM);
$this->action_manageteam();
}
/**
* @todo document this
*/
function action_teamdelete() {
global $member, $manager;
$memberid = intRequestVar('memberid');
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$teammem = MEMBER::createFromID($memberid);
$blog =& $manager->getBlog($blogid);
$this->pagehead();
?>
getDisplayName()) ?>getName())) ?>
pagefoot();
}
/**
* @todo document this
*/
function action_teamdeleteconfirm() {
global $member;
$memberid = intRequestVar('memberid');
$blogid = intRequestVar('blogid');
$error = $this->deleteOneTeamMember($blogid, $memberid);
if ($error)
$this->error($error);
$this->action_manageteam();
}
/**
* @todo document this
*/
function deleteOneTeamMember($blogid, $memberid) {
global $member, $manager;
$blogid = intval($blogid);
$memberid = intval($memberid);
// check if allowed
if (!$member->blogAdminRights($blogid))
return _ERROR_DISALLOWED;
// check if: - there remains at least one blog admin
// - (there remains at least one team member)
$tmem = MEMBER::createFromID($memberid);
$manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
if ($tmem->isBlogAdmin($blogid)) {
// check if there are more blog members left and at least one admin
// (check for at least two admins before deletion)
$query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
$r = sql_query($query);
if (sql_num_rows($r) < 2)
return _ERROR_ATLEASTONEBLOGADMIN;
}
$query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
sql_query($query);
$manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
return '';
}
/**
* @todo document this
*/
function action_teamchangeadmin() {
global $member;
$blogid = intRequestVar('blogid');
$memberid = intRequestVar('memberid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$mem = MEMBER::createFromID($memberid);
// don't allow when there is only one admin at this moment
if ($mem->isBlogAdmin($blogid)) {
$r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
if (sql_num_rows($r) == 1)
$this->error(_ERROR_ATLEASTONEBLOGADMIN);
}
if ($mem->isBlogAdmin($blogid))
$newval = 0;
else
$newval = 1;
$query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
sql_query($query);
// only show manageteam if member did not change its own admin privileges
if ($member->isBlogAdmin($blogid))
$this->action_manageteam();
else
$this->action_overview(_MSG_ADMINCHANGED);
}
/**
* @todo document this
*/
function action_blogsettings() {
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
$extrahead = '';
$this->pagehead($extrahead);
echo '
pagefoot();
}
/**
* @todo document this
*/
function action_categoryupdate() {
global $member, $manager;
$blogid = intPostVar('blogid');
$catid = intPostVar('catid');
$cname = postVar('cname');
$cdesc = postVar('cdesc');
$desturl = postVar('desturl');
$member->blogAdminRights($blogid) or $this->disallow();
if (!isValidCategoryName($cname))
$this->error(_ERROR_BADCATEGORYNAME);
$query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
$res = sql_query($query);
if (sql_num_rows($res) > 0)
$this->error(_ERROR_DUPCATEGORYNAME);
$query = 'UPDATE '.sql_table('category').' SET'
. " cname='" . sql_real_escape_string($cname) . "',"
. " cdesc='" . sql_real_escape_string($cdesc) . "'"
. " WHERE catid=" . $catid;
sql_query($query);
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::_applyPluginOptions($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
if ($desturl) {
redirect($desturl);
exit;
} else {
$this->action_blogsettings();
}
}
/**
* @todo document this
*/
function action_categorydelete() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$catid = intRequestVar('catid');
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
// check if the category is valid
if (!$blog->isValidCategory($catid))
$this->error(_ERROR_NOSUCHCATEGORY);
// don't allow deletion of default category
if ($blog->getDefaultCategory() == $catid)
$this->error(_ERROR_DELETEDEFCATEGORY);
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = sql_query($query);
if (sql_num_rows($res) == 1)
$this->error(_ERROR_DELETELASTCATEGORY);
$this->pagehead();
?>
getCategoryName($catid))?>
pagefoot();
}
/**
* @todo document this
*/
function action_categorydeleteconfirm() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$catid = intRequestVar('catid');
$member->blogAdminRights($blogid) or $this->disallow();
$error = $this->deleteOneCategory($catid);
if ($error)
$this->error($error);
$this->action_blogsettings();
}
/**
* @todo document this
*/
function deleteOneCategory($catid) {
global $manager, $member;
$catid = intval($catid);
$blogid = getBlogIDFromCatID($catid);
if (!$member->blogAdminRights($blogid))
return ERROR_DISALLOWED;
// get blog
$blog =& $manager->getBlog($blogid);
// check if the category is valid
if (!$blog || !$blog->isValidCategory($catid))
return _ERROR_NOSUCHCATEGORY;
$destcatid = $blog->getDefaultCategory();
// don't allow deletion of default category
if ($blog->getDefaultCategory() == $catid)
return _ERROR_DELETEDEFCATEGORY;
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = sql_query($query);
if (sql_num_rows($res) == 1)
return _ERROR_DELETELASTCATEGORY;
$manager->notify('PreDeleteCategory', array('catid' => $catid));
// change category for all items to the default category
$query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
sql_query($query);
// delete all associated plugin options
NucleusPlugin::_deleteOptionValues('category', $catid);
// delete category
$query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
sql_query($query);
$manager->notify('PostDeleteCategory', array('catid' => $catid));
}
/**
* @todo document this
*/
function moveOneCategory($catid, $destblogid) {
global $manager, $member;
$catid = intval($catid);
$destblogid = intval($destblogid);
$blogid = getBlogIDFromCatID($catid);
// mover should have admin rights on both blogs
if (!$member->blogAdminRights($blogid))
return _ERROR_DISALLOWED;
if (!$member->blogAdminRights($destblogid))
return _ERROR_DISALLOWED;
// cannot move to self
if ($blogid == $destblogid)
return _ERROR_MOVETOSELF;
// get blogs
$blog =& $manager->getBlog($blogid);
$destblog =& $manager->getBlog($destblogid);
// check if the category is valid
if (!$blog || !$blog->isValidCategory($catid))
return _ERROR_NOSUCHCATEGORY;
// don't allow default category to be moved
if ($blog->getDefaultCategory() == $catid)
return _ERROR_MOVEDEFCATEGORY;
$manager->notify(
'PreMoveCategory',
array(
'catid' => &$catid,
'sourceblog' => &$blog,
'destblog' => &$destblog
)
);
// update comments table (cblog)
$query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
$items = sql_query($query);
while ($oItem = sql_fetch_object($items)) {
sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
}
// update items (iblog)
$query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;
sql_query($query);
// move category
$query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;
sql_query($query);
$manager->notify(
'PostMoveCategory',
array(
'catid' => &$catid,
'sourceblog' => &$blog,
'destblog' => $destblog
)
);
}
/**
* @todo document this
*/
function action_blogsettingsupdate() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
$notify = trim(postVar('notify'));
$shortname = trim(postVar('shortname'));
$updatefile = trim(postVar('update'));
$notifyComment = intPostVar('notifyComment');
$notifyVote = intPostVar('notifyVote');
$notifyNewItem = intPostVar('notifyNewItem');
if ($notifyComment == 0) $notifyComment = 1;
if ($notifyVote == 0) $notifyVote = 1;
if ($notifyNewItem == 0) $notifyNewItem = 1;
$notifyType = $notifyComment * $notifyVote * $notifyNewItem;
if ($notify) {
$not =& new NOTIFICATION($notify);
if (!$not->validAddresses())
$this->error(_ERROR_BADNOTIFY);
}
if (!isValidShortName($shortname))
$this->error(_ERROR_BADSHORTBLOGNAME);
if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))
$this->error(_ERROR_DUPSHORTBLOGNAME);
// check if update file is writable
if ($updatefile && !is_writeable($updatefile))
$this->error(_ERROR_UPDATEFILE);
$blog->setName(trim(postVar('name')));
$blog->setShortName($shortname);
$blog->setNotifyAddress($notify);
$blog->setNotifyType($notifyType);
$blog->setMaxComments(postVar('maxcomments'));
$blog->setCommentsEnabled(postVar('comments'));
$blog->setTimeOffset(postVar('timeoffset'));
$blog->setUpdateFile($updatefile);
$blog->setURL(trim(postVar('url')));
$blog->setDefaultSkin(intPostVar('defskin'));
$blog->setDescription(trim(postVar('desc')));
$blog->setPublic(postVar('public'));
$blog->setConvertBreaks(intPostVar('convertbreaks'));
$blog->setAllowPastPosting(intPostVar('allowpastposting'));
$blog->setDefaultCategory(intPostVar('defcat'));
$blog->setSearchable(intPostVar('searchable'));
$blog->setEmailRequired(intPostVar('reqemail'));
$blog->writeSettings();
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::_applyPluginOptions($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));
$this->action_overview(_MSG_SETTINGSCHANGED);
}
/**
* @todo document this
*/
function action_deleteblog() {
global $member, $CONF, $manager;
$blogid = intRequestVar('blogid');
$member->blogAdminRights($blogid) or $this->disallow();
// check if blog is default blog
if ($CONF['DefaultBlog'] == $blogid)
$this->error(_ERROR_DELDEFBLOG);
$blog =& $manager->getBlog($blogid);
$this->pagehead();
?>
getName())?>
pagefoot();
}
/**
* @todo document this
*/
function action_deleteblogconfirm() {
global $member, $CONF, $manager;
$blogid = intRequestVar('blogid');
$manager->notify('PreDeleteBlog', array('blogid' => $blogid));
$member->blogAdminRights($blogid) or $this->disallow();
// check if blog is default blog
if ($CONF['DefaultBlog'] == $blogid)
$this->error(_ERROR_DELDEFBLOG);
// delete all comments
$query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
sql_query($query);
// delete all items
$query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
sql_query($query);
// delete all team members
$query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
sql_query($query);
// delete all bans
$query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
sql_query($query);
// delete all categories
$query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
sql_query($query);
// delete all associated plugin options
NucleusPlugin::_deleteOptionValues('blog', $blogid);
// delete the blog itself
$query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
sql_query($query);
$manager->notify('PostDeleteBlog', array('blogid' => $blogid));
$this->action_overview(_DELETED_BLOG);
}
/**
* @todo document this
*/
function action_memberdelete() {
global $member, $manager;
$memberid = intRequestVar('memberid');
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$mem = MEMBER::createFromID($memberid);
$this->pagehead();
?>
getDisplayName()) ?>
pagefoot();
}
/**
* @todo document this
*/
function action_memberdeleteconfirm() {
global $member;
$memberid = intRequestVar('memberid');
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$error = $this->deleteOneMember($memberid);
if ($error)
$this->error($error);
if ($member->isAdmin())
$this->action_usermanagement();
else
$this->action_overview(_DELETED_MEMBER);
}
/**
* @static
* @todo document this
*/
function deleteOneMember($memberid) {
global $manager;
$memberid = intval($memberid);
$mem = MEMBER::createFromID($memberid);
if (!$mem->canBeDeleted())
return _ERROR_DELETEMEMBER;
$manager->notify('PreDeleteMember', array('member' => &$mem));
/* unlink comments from memberid */
if ($memberid) {
$query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName())
.'" WHERE cmember='.$memberid;
sql_query($query);
}
$query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;
sql_query($query);
$query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;
sql_query($query);
$query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;
sql_query($query);
// delete all associated plugin options
NucleusPlugin::_deleteOptionValues('member', $memberid);
$manager->notify('PostDeleteMember', array('member' => &$mem));
return '';
}
/**
* @todo document this
*/
function action_createnewlog() {
global $member, $CONF, $manager;
// Only Super-Admins can do this
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
pagefoot();
}
/**
* @todo document this
*/
function action_templatedeleteconfirm() {
global $member, $manager;
$templateid = intRequestVar('templateid');
$member->isAdmin() or $this->disallow();
$manager->notify('PreDeleteTemplate', array('templateid' => $templateid));
// 1. delete description
sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid);
// 2. delete parts
sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
$manager->notify('PostDeleteTemplate', array('templateid' => $templateid));
$this->action_templateoverview();
}
/**
* @todo document this
*/
function action_templatenew() {
global $member;
$member->isAdmin() or $this->disallow();
$name = postVar('name');
$desc = postVar('desc');
if (!isValidTemplateName($name))
$this->error(_ERROR_BADTEMPLATENAME);
if (TEMPLATE::exists($name))
$this->error(_ERROR_DUPTEMPLATENAME);
$newTemplateId = TEMPLATE::createNew($name, $desc);
$this->action_templateoverview();
}
/**
* @todo document this
*/
function action_templateclone() {
global $member;
$templateid = intRequestVar('templateid');
$member->isAdmin() or $this->disallow();
// 1. read old template
$name = TEMPLATE::getNameFromId($templateid);
$desc = TEMPLATE::getDesc($templateid);
// 2. create desc thing
$name = "cloned" . $name;
// if a template with that name already exists:
if (TEMPLATE::exists($name)) {
$i = 1;
while (TEMPLATE::exists($name . $i))
$i++;
$name .= $i;
}
$newid = TEMPLATE::createNew($name, $desc);
// 3. create clone
// go through parts of old template and add them to the new one
$res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
while ($o = sql_fetch_object($res)) {
$this->addToTemplate($newid, $o->tpartname, $o->tcontent);
}
$this->action_templateoverview();
}
/**
* @todo document this
*/
function action_skinoverview() {
global $member, $manager;
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
?>
',_PLUGINS_EXTRA,'';
$manager->notify(
'GeneralSettingsFormExtras',
array()
);
$this->pagefoot();
}
/**
* @todo document this
*/
function action_settingsupdate() {
global $member, $CONF;
$member->isAdmin() or $this->disallow();
// check if email address for admin is valid
if (!isValidMailAddress(postVar('AdminEmail')))
$this->error(_ERROR_BADMAILADDRESS);
// save settings
$this->updateConfig('DefaultBlog', postVar('DefaultBlog'));
$this->updateConfig('BaseSkin', postVar('BaseSkin'));
$this->updateConfig('IndexURL', postVar('IndexURL'));
$this->updateConfig('AdminURL', postVar('AdminURL'));
$this->updateConfig('PluginURL', postVar('PluginURL'));
$this->updateConfig('SkinsURL', postVar('SkinsURL'));
$this->updateConfig('ActionURL', postVar('ActionURL'));
$this->updateConfig('Language', postVar('Language'));
$this->updateConfig('AdminEmail', postVar('AdminEmail'));
$this->updateConfig('SessionCookie', postVar('SessionCookie'));
$this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));
$this->updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
$this->updateConfig('NonmemberMail', postVar('NonmemberMail'));
$this->updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
$this->updateConfig('SiteName', postVar('SiteName'));
$this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));
$this->updateConfig('DisableSite', postVar('DisableSite'));
$this->updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
$this->updateConfig('LastVisit', postVar('LastVisit'));
$this->updateConfig('MediaURL', postVar('MediaURL'));
$this->updateConfig('AllowedTypes', postVar('AllowedTypes'));
$this->updateConfig('AllowUpload', postVar('AllowUpload'));
$this->updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
$this->updateConfig('MediaPrefix', postVar('MediaPrefix'));
$this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
$this->updateConfig('DisableJsTools', postVar('DisableJsTools'));
$this->updateConfig('CookieDomain', postVar('CookieDomain'));
$this->updateConfig('CookiePath', postVar('CookiePath'));
$this->updateConfig('CookieSecure', postVar('CookieSecure'));
$this->updateConfig('URLMode', postVar('URLMode'));
$this->updateConfig('CookiePrefix', postVar('CookiePrefix'));
$this->updateConfig('DebugVars', postVar('DebugVars'));
$this->updateConfig('DefaultListSize', postVar('DefaultListSize'));
$this->updateConfig('AdminCSS', postVar('AdminCSS'));
// load new config and redirect (this way, the new language will be used is necessary)
// note that when changing cookie settings, this redirect might cause the user
// to have to log in again.
getConfig();
redirect($CONF['AdminURL'] . '?action=manage');
exit;
}
/**
* Give an overview over the used system
*/
function action_systemoverview() {
global $member, $nucleus, $CONF;
$this->pagehead();
echo '
' . _ADMIN_SYSTEMOVERVIEW_HEADING . "
\n";
if ($member->isLoggedIn() && $member->isAdmin()) {
// Information about the used PHP and MySQL installation
echo '
pagefoot();
}
/**
* @todo document this
*/
function action_actionlog() {
global $member, $manager;
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
?>
pagefoot();
}
/**
* @todo document this
*/
function action_backupcreate() {
global $member, $DIR_LIBS;
$member->isAdmin() or $this->disallow();
// use compression ?
$useGzip = intval(postVar('gzip'));
include($DIR_LIBS . 'backup.php');
// try to extend time limit
// (creating/restoring dumps might take a while)
@set_time_limit(1200);
$bu = new Backup();
$bu->do_backup($useGzip);
exit;
}
/**
* @todo document this
*/
function action_backuprestore() {
global $member, $DIR_LIBS;
$member->isAdmin() or $this->disallow();
if (intPostVar('letsgo') != 1)
$this->error(_ERROR_BACKUP_NOTSURE);
include($DIR_LIBS . 'backup.php');
// try to extend time limit
// (creating/restoring dumps might take a while)
@set_time_limit(1200);
$bu = new Backup();
$message = $bu->do_restore();
if ($message != '')
$this->error($message);
$this->pagehead();
?>
pagefoot();
}
/*
* @todo document this
*/
function action_pluginlist() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
}
$this->pagefoot();
}
/**
* @todo document this
*/
function action_pluginadd() {
global $member, $manager, $DIR_PLUGINS;
// check if allowed
$member->isAdmin() or $this->disallow();
$name = postVar('filename');
if ($manager->pluginInstalled($name))
$this->error(_ERROR_DUPPLUGIN);
if (!checkPlugin($name))
$this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')');
// get number of currently installed plugins
$res = sql_query('SELECT * FROM '.sql_table('plugin'));
$numCurrent = sql_num_rows($res);
// plugin will be added as last one in the list
$newOrder = $numCurrent + 1;
$manager->notify(
'PreAddPlugin',
array(
'file' => &$name
)
);
// do this before calling getPlugin (in case the plugin id is used there)
$query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")';
sql_query($query);
$iPid = sql_insert_id();
$manager->clearCachedInfo('installedPlugins');
// Load the plugin for condition checking and instalation
$plugin =& $manager->getPlugin($name);
// check if it got loaded (could have failed)
if (!$plugin)
{
sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));
$manager->clearCachedInfo('installedPlugins');
$this->error(_ERROR_PLUGIN_LOAD);
}
// check if plugin needs a newer Nucleus version
if (getNucleusVersion() < $plugin->getMinNucleusVersion())
{
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
// ...and show error
$this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion()));
}
// check if plugin needs a newer Nucleus version
if ((getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()))
{
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
// ...and show error
$this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
}
$pluginList = $plugin->getPluginDep();
foreach ($pluginList as $pluginName)
{
$res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
if (sql_num_rows($res) == 0)
{
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
$this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES)));
}
}
// call the install method of the plugin
$plugin->install();
$manager->notify(
'PostAddPlugin',
array(
'plugin' => &$plugin
)
);
// update all events
$this->action_pluginupdate();
}
/**
* @todo document this
*/
function action_pluginupdate() {
global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
// delete everything from plugin_events
sql_query('DELETE FROM '.sql_table('plugin_event'));
// loop over all installed plugins
$res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
while($o = sql_fetch_object($res)) {
$pid = $o->pid;
$plug =& $manager->getPlugin($o->pfile);
if ($plug)
{
$eventList = $plug->getEventList();
foreach ($eventList as $eventName)
sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.sql_real_escape_string($eventName).'\')');
}
}
redirect($CONF['AdminURL'] . '?action=pluginlist');
// $this->action_pluginlist();
}
/**
* @todo document this
*/
function action_plugindelete() {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$pid = intGetVar('plugid');
if (!$manager->pidInstalled($pid))
$this->error(_ERROR_NOSUCHPLUGIN);
$this->pagehead();
?>
?
pagefoot();
}
/**
* @todo document this
*/
function action_plugindeleteconfirm() {
global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
$pid = intPostVar('plugid');
$error = $this->deleteOnePlugin($pid, 1);
if ($error) {
$this->error($error);
}
redirect($CONF['AdminURL'] . '?action=pluginlist');
// $this->action_pluginlist();
}
/**
* @todo document this
*/
function deleteOnePlugin($pid, $callUninstall = 0) {
global $manager;
$pid = intval($pid);
if (!$manager->pidInstalled($pid))
return _ERROR_NOSUCHPLUGIN;
$name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid);
/* // call the unInstall method of the plugin
if ($callUninstall) {
$plugin =& $manager->getPlugin($name);
if ($plugin) $plugin->unInstall();
}*/
// check dependency before delete
$res = sql_query('SELECT pfile FROM '.sql_table('plugin'));
while($o = sql_fetch_object($res)) {
$plug =& $manager->getPlugin($o->pfile);
if ($plug)
{
$depList = $plug->getPluginDep();
foreach ($depList as $depName)
{
if ($name == $depName)
{
return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);
}
}
}
}
$manager->notify('PreDeletePlugin', array('plugid' => $pid));
// call the unInstall method of the plugin
if ($callUninstall) {
$plugin =& $manager->getPlugin($name);
if ($plugin) $plugin->unInstall();
}
// delete all subscriptions
sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid);
// delete all options
// get OIDs from plugin_option_desc
$res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
$aOIDs = array();
while ($o = sql_fetch_object($res)) {
array_push($aOIDs, $o->oid);
}
// delete from plugin_option and plugin_option_desc
sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid);
if (count($aOIDs) > 0)
sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')');
// update order numbers
$res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid);
$o = sql_fetch_object($res);
sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder);
// delete row
sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid);
$manager->clearCachedInfo('installedPlugins');
$manager->notify('PostDeletePlugin', array('plugid' => $pid));
return '';
}
/**
* @todo document this
*/
function action_pluginup() {
global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
$plugid = intGetVar('plugid');
if (!$manager->pidInstalled($plugid))
$this->error(_ERROR_NOSUCHPLUGIN);
// 1. get old order number
$res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);
$o = sql_fetch_object($res);
$oldOrder = $o->porder;
// 2. calculate new order number
$newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
// 3. update plug numbers
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
//$this->action_pluginlist();
// To avoid showing ticket in the URL, redirect to pluginlist, instead.
redirect($CONF['AdminURL'] . '?action=pluginlist');
}
/**
* @todo document this
*/
function action_plugindown() {
global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
$plugid = intGetVar('plugid');
if (!$manager->pidInstalled($plugid))
$this->error(_ERROR_NOSUCHPLUGIN);
// 1. get old order number
$res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);
$o = sql_fetch_object($res);
$oldOrder = $o->porder;
$res = sql_query('SELECT * FROM '.sql_table('plugin'));
$maxOrder = sql_num_rows($res);
// 2. calculate new order number
$newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
// 3. update plug numbers
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
//$this->action_pluginlist();
// To avoid showing ticket in the URL, redirect to pluginlist, instead.
redirect($CONF['AdminURL'] . '?action=pluginlist');
}
/**
* @todo document this
*/
function action_pluginoptions($message = '') {
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
$pid = intRequestVar('plugid');
if (!$manager->pidInstalled($pid))
$this->error(_ERROR_NOSUCHPLUGIN);
$extrahead = '';
$pluginName = htmlspecialchars(getPluginNameFromPid($pid), ENT_QUOTES);
$this->pagehead($extrahead);
?>