OSDN Git Service

Add some codes from 3.61. Currently files under /nucleus/libs and /nucleus/libs/sql...
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
index 6ce0218..6b6e536 100755 (executable)
@@ -1,7 +1,7 @@
 <?php\r
 /*\r
  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
- * Copyright (C) 2002-2009 The Nucleus Group\r
+ * Copyright (C) 2002-2010 The Nucleus Group\r
  *\r
  * This program is free software; you can redistribute it and/or\r
  * modify it under the terms of the GNU General Public License\r
@@ -13,7 +13,7 @@
  * The code for the Nucleus admin area\r
  *\r
  * @license http://nucleuscms.org/license.txt GNU General Public License\r
- * @copyright Copyright (C) 2002-2009 The Nucleus Group\r
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group\r
  * @version $Id$\r
  * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $\r
  */\r
@@ -26,3342 +26,3362 @@ require_once dirname(__FILE__) . '/showlist.php';
  */\r
 class ADMIN {\r
 \r
-    /**\r
-     * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)\r
-     */\r
-    var $action;\r
-\r
-    /**\r
-     * Class constructor\r
-     */\r
-    function ADMIN() {\r
-\r
-    }\r
-\r
-    /**\r
-     * Executes an action\r
-     *\r
-     * @param string $action action to be performed\r
-     */\r
-    function action($action) {\r
-        global $CONF, $manager;\r
-\r
-        // list of action aliases\r
-        $alias = array(\r
-            'login' => 'overview',\r
-            '' => 'overview'\r
-        );\r
-\r
-        if (isset($alias[$action]))\r
-            $action = $alias[$action];\r
-\r
-        $methodName = 'action_' . $action;\r
-\r
-        $this->action = strtolower($action);\r
-\r
-        // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
-        // is an action that requires user interaction before something is actually done)\r
-        // all safe actions are in this array:\r
-        $aActionsNotToCheck = array(\r
-            'showlogin',\r
-            'login',\r
-            'overview',\r
-            'itemlist',\r
-            'blogcommentlist',\r
-            'bookmarklet',\r
-            'blogsettings',\r
-            'banlist',\r
-            'deleteblog',\r
-            'editmembersettings',\r
-            'browseownitems',\r
-            'browseowncomments',\r
-            'createitem',\r
-            'itemedit',\r
-            'itemmove',\r
-            'categoryedit',\r
-            'categorydelete',\r
-            'manage',\r
-            'actionlog',\r
-            'settingsedit',\r
-            'backupoverview',\r
-            'pluginlist',\r
-            'createnewlog',\r
-            'usermanagement',\r
-            'skinoverview',\r
-            'templateoverview',\r
-            'skinieoverview',\r
-            'itemcommentlist',\r
-            'commentedit',\r
-            'commentdelete',\r
-            'banlistnewfromitem',\r
-            'banlistdelete',\r
-            'itemdelete',\r
-            'manageteam',\r
-            'teamdelete',\r
-            'banlistnew',\r
-            'memberedit',\r
-            'memberdelete',\r
-            'pluginhelp',\r
-            'pluginoptions',\r
-            'plugindelete',\r
-            'skinedittype',\r
-            'skinremovetype',\r
-            'skindelete',\r
-            'skinedit',\r
-            'templateedit',\r
-            'templatedelete',\r
-            'activate',\r
-            'systemoverview'\r
-        );\r
+       /**\r
+        * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)\r
+        */\r
+       var $action;\r
+\r
+       /**\r
+        * Class constructor\r
+        */\r
+       function ADMIN() {\r
+\r
+       }\r
+\r
+       /**\r
+        * Executes an action\r
+        *\r
+        * @param string $action action to be performed\r
+        */\r
+       function action($action) {\r
+               global $CONF, $manager;\r
+\r
+               // list of action aliases\r
+               $alias = array(\r
+                       'login' => 'overview',\r
+                       '' => 'overview'\r
+               );\r
+\r
+               if (isset($alias[$action]))\r
+                       $action = $alias[$action];\r
+\r
+               $methodName = 'action_' . $action;\r
+\r
+               $this->action = strtolower($action);\r
+\r
+               // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
+               // is an action that requires user interaction before something is actually done)\r
+               // all safe actions are in this array:\r
+               $aActionsNotToCheck = array(\r
+                       'showlogin',\r
+                       'login',\r
+                       'overview',\r
+                       'itemlist',\r
+                       'blogcommentlist',\r
+                       'bookmarklet',\r
+                       'blogsettings',\r
+                       'banlist',\r
+                       'deleteblog',\r
+                       'editmembersettings',\r
+                       'browseownitems',\r
+                       'browseowncomments',\r
+                       'createitem',\r
+                       'itemedit',\r
+                       'itemmove',\r
+                       'categoryedit',\r
+                       'categorydelete',\r
+                       'manage',\r
+                       'actionlog',\r
+                       'settingsedit',\r
+                       'backupoverview',\r
+                       'pluginlist',\r
+                       'createnewlog',\r
+                       'usermanagement',\r
+                       'skinoverview',\r
+                       'templateoverview',\r
+                       'skinieoverview',\r
+                       'itemcommentlist',\r
+                       'commentedit',\r
+                       'commentdelete',\r
+                       'banlistnewfromitem',\r
+                       'banlistdelete',\r
+                       'itemdelete',\r
+                       'manageteam',\r
+                       'teamdelete',\r
+                       'banlistnew',\r
+                       'memberedit',\r
+                       'memberdelete',\r
+                       'pluginhelp',\r
+                       'pluginoptions',\r
+                       'plugindelete',\r
+                       'skinedittype',\r
+                       'skinremovetype',\r
+                       'skindelete',\r
+                       'skinedit',\r
+                       'templateedit',\r
+                       'templatedelete',\r
+                       'activate',\r
+                       'systemoverview'\r
+               );\r
 /*\r
-        // the rest of the actions needs to be checked\r
-        $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');\r
+               // the rest of the actions needs to be checked\r
+               $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');\r
 */\r
-        if (!in_array($this->action, $aActionsNotToCheck))\r
-        {\r
-            if (!$manager->checkTicket())\r
-                $this->error(_ERROR_BADTICKET);\r
-        }\r
-\r
-        if (method_exists($this, $methodName))\r
-            call_user_func(array(&$this, $methodName));\r
-        else\r
-            $this->error(_BADACTION . htmlspecialchars(" ($action)"));\r
-\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_showlogin() {\r
-        global $error;\r
-        $this->action_login($error);\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_login($msg = '', $passvars = 1) {\r
-        global $member;\r
-\r
-        // skip to overview when allowed\r
-        if ($member->isLoggedIn() && $member->canLogin()) {\r
-            $this->action_overview();\r
-            exit;\r
-        }\r
-\r
-        $this->pagehead();\r
-\r
-        echo '<h2>', _LOGIN ,'</h2>';\r
-        if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
-        ?>\r
-\r
-        <form action="index.php" method="post"><p>\r
-        <?php echo _LOGIN_NAME; ?> <br /><input name="login"  tabindex="10" />\r
-        <br />\r
-        <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password"  tabindex="20" type="password" />\r
-        <br />\r
-        <input name="action" value="login" type="hidden" />\r
-        <br />\r
-        <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
-        <br />\r
-        <small>\r
-            <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
-            <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
-        </small>\r
-        <?php           // pass through vars\r
-\r
-            $oldaction = postVar('oldaction');\r
-            if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
-                passRequestVars();\r
-            }\r
-\r
-\r
-        ?>\r
-        </p></form>\r
-        <?php       $this->pagefoot();\r
-    }\r
-\r
-\r
-    /**\r
-     * provides a screen with the overview of the actions available\r
-     * @todo document parameter\r
-     */\r
-    function action_overview($msg = '') {\r
-        global $member;\r
-\r
-        $this->pagehead();\r
-\r
-        if ($msg)\r
-            echo _MESSAGE , ': ', $msg;\r
-\r
-        /* ---- add items ---- */\r
-        echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
-\r
-        $showAll = requestVar('showall');\r
-\r
-        if (($member->isAdmin()) && ($showAll == 'yes')) {\r
-            // Super-Admins have access to all blogs! (no add item support though)\r
-            $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
-                   . ' FROM ' . sql_table('blog')\r
-                   . ' ORDER BY bname';\r
-        } else {\r
-            $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
-                   . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
-                   . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
-                   . ' ORDER BY bname';\r
-        }\r
-        $template['content'] = 'bloglist';\r
-        $template['superadmin'] = $member->isAdmin();\r
-        $amount = showlist($query,'table',$template);\r
-\r
-        if (($showAll != 'yes') && ($member->isAdmin())) {\r
-            $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
-            if ($total > $amount)\r
-                echo '<p><a href="index.php?action=overview&amp;showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>';\r
-        }\r
-\r
-        if ($amount == 0)\r
-            echo _OVERVIEW_NOBLOGS;\r
-\r
-        if ($amount != 0) {\r
-            echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
-            $query =  'SELECT ititle, inumber, bshortname'\r
-                   . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
-                   . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
-            $template['content'] = 'draftlist';\r
-            $amountdrafts = showlist($query, 'table', $template);\r
-            if ($amountdrafts == 0)\r
-                echo _OVERVIEW_NODRAFTS;\r
-        }\r
-\r
-        /* ---- user settings ---- */\r
-        echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
-        echo '<ul>';\r
-        echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
-        echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
-        echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
-        echo '</ul>';\r
-\r
-        /* ---- general settings ---- */\r
-        if ($member->isAdmin()) {\r
-            echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
-            echo '<ul>';\r
-            echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
-            echo '</ul>';\r
-        }\r
-\r
-\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * Returns a link to a weblog\r
-     * @param object BLOG\r
-     */\r
-    function bloglink(&$blog) {\r
-        return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_manage($msg = '') {\r
-        global $member;\r
-\r
-        $member->isAdmin() or $this->disallow();\r
-\r
-        $this->pagehead();\r
-\r
-        echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
-\r
-        if ($msg)\r
-            echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
-\r
-\r
-        echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
-\r
-        echo '<ul>';\r
-        echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
-        echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
-        echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
-        echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
-        echo '</ul>';\r
-\r
-        echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
-        echo '<ul>';\r
-        echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
-        echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
-        echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
-        echo '</ul>';\r
-\r
-        echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
-        echo '<ul>';\r
-        echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
-        echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
-        echo '</ul>';\r
-\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_itemlist($blogid = '') {\r
-        global $member, $manager, $CONF;\r
-\r
-        if ($blogid == '')\r
-            $blogid = intRequestVar('blogid');\r
-\r
-        $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
-\r
-        $this->pagehead();\r
-        $blog =& $manager->getBlog($blogid);\r
-\r
-        echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
-        echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
-\r
-        // start index\r
-        if (postVar('start'))\r
-            $start = intPostVar('start');\r
-        else\r
-            $start = 0;\r
-\r
-        if ($start == 0)\r
-            echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
+               if (!in_array($this->action, $aActionsNotToCheck))\r
+               {\r
+                       if (!$manager->checkTicket())\r
+                               $this->error(_ERROR_BADTICKET);\r
+               }\r
+\r
+               if (method_exists($this, $methodName))\r
+                       call_user_func(array(&$this, $methodName));\r
+               else\r
+                       $this->error(_BADACTION . htmlspecialchars(" ($action)"));\r
+\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_showlogin() {\r
+               global $error;\r
+               $this->action_login($error);\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_login($msg = '', $passvars = 1) {\r
+               global $member;\r
+\r
+               // skip to overview when allowed\r
+               if ($member->isLoggedIn() && $member->canLogin()) {\r
+                       $this->action_overview();\r
+                       exit;\r
+               }\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<h2>', _LOGIN ,'</h2>';\r
+               if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
+               ?>\r
+\r
+               <form action="index.php" method="post"><p>\r
+               <?php echo _LOGIN_NAME; ?> <br /><input name="login"  tabindex="10" />\r
+               <br />\r
+               <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password"  tabindex="20" type="password" />\r
+               <br />\r
+               <input name="action" value="login" type="hidden" />\r
+               <br />\r
+               <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
+               <br />\r
+               <small>\r
+                       <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
+                       <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
+               </small>\r
+               <?php              // pass through vars\r
+\r
+                       $oldaction = postVar('oldaction');\r
+                       if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
+                               passRequestVars();\r
+                       }\r
+\r
+\r
+               ?>\r
+               </p></form>\r
+               <?php      $this->pagefoot();\r
+       }\r
+\r
+\r
+       /**\r
+        * provides a screen with the overview of the actions available\r
+        * @todo document parameter\r
+        */\r
+       function action_overview($msg = '') {\r
+               global $member;\r
+\r
+               $this->pagehead();\r
+\r
+               if ($msg)\r
+                       echo _MESSAGE , ': ', $msg;\r
+\r
+               /* ---- add items ---- */\r
+               echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
+\r
+               $showAll = requestVar('showall');\r
+\r
+               if (($member->isAdmin()) && ($showAll == 'yes')) {\r
+                       // Super-Admins have access to all blogs! (no add item support though)\r
+                       $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
+                                  . ' FROM ' . sql_table('blog')\r
+                                  . ' ORDER BY bname';\r
+               } else {\r
+                       $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
+                                  . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
+                                  . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
+                                  . ' ORDER BY bname';\r
+               }\r
+               $template['content'] = 'bloglist';\r
+               $template['superadmin'] = $member->isAdmin();\r
+               $amount = showlist($query,'table',$template);\r
+\r
+               if (($showAll != 'yes') && ($member->isAdmin())) {\r
+                       $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
+                       if ($total > $amount)\r
+                               echo '<p><a href="index.php?action=overview&amp;showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>';\r
+               }\r
+\r
+               if ($amount == 0)\r
+                       echo _OVERVIEW_NOBLOGS;\r
+\r
+               if ($amount != 0) {\r
+                       echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
+                       $query =  'SELECT ititle, inumber, bshortname'\r
+                                  . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
+                                  . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
+                       $template['content'] = 'draftlist';\r
+                       $amountdrafts = showlist($query, 'table', $template);\r
+                       if ($amountdrafts == 0)\r
+                               echo _OVERVIEW_NODRAFTS;\r
+               }\r
+\r
+               /* ---- user settings ---- */\r
+               echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
+               echo '<ul>';\r
+               echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
+               echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
+               echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
+               echo '</ul>';\r
+\r
+               /* ---- general settings ---- */\r
+               if ($member->isAdmin()) {\r
+                       echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
+                       echo '<ul>';\r
+                       echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
+                       echo '</ul>';\r
+               }\r
+\r
+\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * Returns a link to a weblog\r
+        * @param object BLOG\r
+        */\r
+       function bloglink(&$blog) {\r
+               return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_manage($msg = '') {\r
+               global $member;\r
+\r
+               $member->isAdmin() or $this->disallow();\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
+\r
+               if ($msg)\r
+                       echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
+\r
+\r
+               echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
+\r
+               echo '<ul>';\r
+               echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
+               echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
+               echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
+               echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
+               echo '</ul>';\r
+\r
+               echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
+               echo '<ul>';\r
+               echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
+               echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
+               echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
+               echo '</ul>';\r
+\r
+               echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
+               echo '<ul>';\r
+               echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
+               echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
+               echo '</ul>';\r
+\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_itemlist($blogid = '') {\r
+               global $member, $manager, $CONF;\r
+\r
+               if ($blogid == '')\r
+                       $blogid = intRequestVar('blogid');\r
+\r
+               $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
+\r
+               $this->pagehead();\r
+               $blog =& $manager->getBlog($blogid);\r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
+               echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
+\r
+               // start index\r
+               if (postVar('start'))\r
+                       $start = intPostVar('start');\r
+               else\r
+                       $start = 0;\r
+\r
+               if ($start == 0)\r
+                       echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
 \r
-        // amount of items to show\r
-        if (postVar('amount'))\r
-            $amount = intPostVar('amount');\r
-        else {\r
-            $amount = intval($CONF['DefaultListSize']);\r
-            if ($amount < 1)\r
-                $amount = 10;\r
-        }\r
+               // amount of items to show\r
+               if (postVar('amount'))\r
+                       $amount = intPostVar('amount');\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
-        $search = postVar('search');    // search through items\r
+               $search = postVar('search');    // search through items\r
 \r
-        $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'\r
-               . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
-               . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
+               $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime, bnumber, catid'\r
+                          . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
+                          . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
 \r
-        if ($search)\r
-            $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
+               if ($search)\r
+                       $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
 \r
-        // non-blog-admins can only edit/delete their own items\r
-        if (!$member->blogAdminRights($blogid))\r
-            $query .= ' and iauthor=' . $member->getID();\r
+               // non-blog-admins can only edit/delete their own items\r
+               if (!$member->blogAdminRights($blogid))\r
+                       $query .= ' and iauthor=' . $member->getID();\r
 \r
 \r
-        $query .= ' ORDER BY itime DESC'\r
-                . " LIMIT $start,$amount";\r
+               $query .= ' ORDER BY itime DESC'\r
+                               . " LIMIT $start,$amount";\r
 \r
-        $template['content'] = 'itemlist';\r
-        $template['now'] = $blog->getCorrectTime(time());\r
+               $template['content'] = 'itemlist';\r
+               $template['now'] = $blog->getCorrectTime(time());\r
 \r
-        $manager->loadClass("ENCAPSULATE");\r
-        $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
-        $navList->showBatchList('item',$query,'table',$template);\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
+               $navList->showBatchList('item',$query,'table',$template);\r
 \r
 \r
-        $this->pagefoot();\r
-    }\r
+               $this->pagefoot();\r
+       }\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_batchitem() {\r
-        global $member, $manager;\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_batchitem() {\r
+               global $member, $manager;\r
 \r
-        // check if logged in\r
-        $member->isLoggedIn() or $this->disallow();\r
+               // check if logged in\r
+               $member->isLoggedIn() or $this->disallow();\r
 \r
-        // more precise check will be done for each performed operation\r
+               // more precise check will be done for each performed operation\r
 \r
-        // get array of itemids from request\r
-        $selected = requestIntArray('batch');\r
-        $action = requestVar('batchaction');\r
+               // get array of itemids from request\r
+               $selected = requestIntArray('batch');\r
+               $action = requestVar('batchaction');\r
 \r
-        // Show error when no items were selected\r
-        if (!is_array($selected) || sizeof($selected) == 0)\r
-            $this->error(_BATCH_NOSELECTION);\r
+               // Show error when no items were selected\r
+               if (!is_array($selected) || sizeof($selected) == 0)\r
+                       $this->error(_BATCH_NOSELECTION);\r
 \r
-        // On move: when no destination blog/category chosen, show choice now\r
-        $destCatid = intRequestVar('destcatid');\r
-        if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
-            $this->batchMoveSelectDestination('item',$selected);\r
+               // On move: when no destination blog/category chosen, show choice now\r
+               $destCatid = intRequestVar('destcatid');\r
+               if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
+                       $this->batchMoveSelectDestination('item',$selected);\r
 \r
-        // On delete: check if confirmation has been given\r
-        if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
-            $this->batchAskDeleteConfirmation('item',$selected);\r
+               // On delete: check if confirmation has been given\r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
+                       $this->batchAskDeleteConfirmation('item',$selected);\r
 \r
-        $this->pagehead();\r
+               $this->pagehead();\r
 \r
-        echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
-        echo '<h2>',_BATCH_ITEMS,'</h2>';\r
-        echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
-        echo '<ul>';\r
+               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
+               echo '<h2>',_BATCH_ITEMS,'</h2>';\r
+               echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
+               echo '<ul>';\r
 \r
 \r
-        // walk over all itemids and perform action\r
-        foreach ($selected as $itemid) {\r
-            $itemid = intval($itemid);\r
-            echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
+               // walk over all itemids and perform action\r
+               foreach ($selected as $itemid) {\r
+                       $itemid = intval($itemid);\r
+                       echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
 \r
-            // perform action, display errors if needed\r
-            switch($action) {\r
-                case 'delete':\r
-                    $error = $this->deleteOneItem($itemid);\r
-                    break;\r
-                case 'move':\r
-                    $error = $this->moveOneItem($itemid, $destCatid);\r
-                    break;\r
-                default:\r
-                    $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
-            }\r
+                       // perform action, display errors if needed\r
+                       switch($action) {\r
+                               case 'delete':\r
+                                       $error = $this->deleteOneItem($itemid);\r
+                                       break;\r
+                               case 'move':\r
+                                       $error = $this->moveOneItem($itemid, $destCatid);\r
+                                       break;\r
+                               default:\r
+                                       $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
+                       }\r
 \r
-            echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
-            echo '</li>';\r
-        }\r
+                       echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
+                       echo '</li>';\r
+               }\r
 \r
-        echo '</ul>';\r
-        echo '<b>',_BATCH_DONE,'</b>';\r
+               echo '</ul>';\r
+               echo '<b>',_BATCH_DONE,'</b>';\r
 \r
-        $this->pagefoot();\r
+               $this->pagefoot();\r
 \r
 \r
-    }\r
+       }\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_batchcomment() {\r
-        global $member;\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_batchcomment() {\r
+               global $member;\r
 \r
-        // check if logged in\r
-        $member->isLoggedIn() or $this->disallow();\r
+               // check if logged in\r
+               $member->isLoggedIn() or $this->disallow();\r
 \r
-        // more precise check will be done for each performed operation\r
+               // more precise check will be done for each performed operation\r
 \r
-        // get array of itemids from request\r
-        $selected = requestIntArray('batch');\r
-        $action = requestVar('batchaction');\r
+               // get array of itemids from request\r
+               $selected = requestIntArray('batch');\r
+               $action = requestVar('batchaction');\r
 \r
-        // Show error when no items were selected\r
-        if (!is_array($selected) || sizeof($selected) == 0)\r
-            $this->error(_BATCH_NOSELECTION);\r
+               // Show error when no items were selected\r
+               if (!is_array($selected) || sizeof($selected) == 0)\r
+                       $this->error(_BATCH_NOSELECTION);\r
 \r
-        // On delete: check if confirmation has been given\r
-        if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
-            $this->batchAskDeleteConfirmation('comment',$selected);\r
+               // On delete: check if confirmation has been given\r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
+                       $this->batchAskDeleteConfirmation('comment',$selected);\r
 \r
-        $this->pagehead();\r
+               $this->pagehead();\r
 \r
-        echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
-        echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
-        echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
-        echo '<ul>';\r
+               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
+               echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
+               echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
+               echo '<ul>';\r
 \r
-        // walk over all itemids and perform action\r
-        foreach ($selected as $commentid) {\r
-            $commentid = intval($commentid);\r
-            echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
+               // walk over all itemids and perform action\r
+               foreach ($selected as $commentid) {\r
+                       $commentid = intval($commentid);\r
+                       echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
 \r
-            // perform action, display errors if needed\r
-            switch($action) {\r
-                case 'delete':\r
-                    $error = $this->deleteOneComment($commentid);\r
-                    break;\r
-                default:\r
-                    $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
-            }\r
+                       // perform action, display errors if needed\r
+                       switch($action) {\r
+                               case 'delete':\r
+                                       $error = $this->deleteOneComment($commentid);\r
+                                       break;\r
+                               default:\r
+                                       $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
+                       }\r
 \r
-            echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
-            echo '</li>';\r
-        }\r
+                       echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
+                       echo '</li>';\r
+               }\r
 \r
-        echo '</ul>';\r
-        echo '<b>',_BATCH_DONE,'</b>';\r
+               echo '</ul>';\r
+               echo '<b>',_BATCH_DONE,'</b>';\r
 \r
-        $this->pagefoot();\r
+               $this->pagefoot();\r
 \r
 \r
-    }\r
+       }\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_batchmember() {\r
-        global $member;\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_batchmember() {\r
+               global $member;\r
 \r
-        // check if logged in and admin\r
-        ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
-\r
-        // get array of itemids from request\r
-        $selected = requestIntArray('batch');\r
-        $action = requestVar('batchaction');\r
-\r
-        // Show error when no members selected\r
-        if (!is_array($selected) || sizeof($selected) == 0)\r
-            $this->error(_BATCH_NOSELECTION);\r
-\r
-        // On delete: check if confirmation has been given\r
-        if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
-            $this->batchAskDeleteConfirmation('member',$selected);\r
-\r
-        $this->pagehead();\r
-\r
-        echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
-        echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
-        echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
-        echo '<ul>';\r
-\r
-        // walk over all itemids and perform action\r
-        foreach ($selected as $memberid) {\r
-            $memberid = intval($memberid);\r
-            echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
-\r
-            // perform action, display errors if needed\r
-            switch($action) {\r
-                case 'delete':\r
-                    $error = $this->deleteOneMember($memberid);\r
-                    break;\r
-                case 'setadmin':\r
-                    // always succeeds\r
-                    sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
-                    $error = '';\r
-                    break;\r
-                case 'unsetadmin':\r
-                    // there should always remain at least one super-admin\r
-                    $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
-                    if (sql_num_rows($r) < 2)\r
-                        $error = _ERROR_ATLEASTONEADMIN;\r
-                    else\r
-                        sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
-                    break;\r
-                default:\r
-                    $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
-            }\r
-\r
-            echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
-            echo '</li>';\r
-        }\r
-\r
-        echo '</ul>';\r
-        echo '<b>',_BATCH_DONE,'</b>';\r
-\r
-        $this->pagefoot();\r
-\r
-\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_batchteam() {\r
-        global $member;\r
-\r
-        $blogid = intRequestVar('blogid');\r
-\r
-        // check if logged in and admin\r
-        ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
-\r
-        // get array of itemids from request\r
-        $selected = requestIntArray('batch');\r
-        $action = requestVar('batchaction');\r
-\r
-        // Show error when no members selected\r
-        if (!is_array($selected) || sizeof($selected) == 0)\r
-            $this->error(_BATCH_NOSELECTION);\r
-\r
-        // On delete: check if confirmation has been given\r
-        if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
-            $this->batchAskDeleteConfirmation('team',$selected);\r
-\r
-        $this->pagehead();\r
-\r
-        echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
-\r
-        echo '<h2>',_BATCH_TEAM,'</h2>';\r
-        echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
-        echo '<ul>';\r
-\r
-        // walk over all itemids and perform action\r
-        foreach ($selected as $memberid) {\r
-            $memberid = intval($memberid);\r
-            echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
-\r
-            // perform action, display errors if needed\r
-            switch($action) {\r
-                case 'delete':\r
-                    $error = $this->deleteOneTeamMember($blogid, $memberid);\r
-                    break;\r
-                case 'setadmin':\r
-                    // always succeeds\r
-                    sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
-                    $error = '';\r
-                    break;\r
-                case 'unsetadmin':\r
-                    // there should always remain at least one admin\r
-                    $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
-                    if (sql_num_rows($r) < 2)\r
-                        $error = _ERROR_ATLEASTONEBLOGADMIN;\r
-                    else\r
-                        sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
-                    break;\r
-                default:\r
-                    $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
-            }\r
-\r
-            echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
-            echo '</li>';\r
-        }\r
-\r
-        echo '</ul>';\r
-        echo '<b>',_BATCH_DONE,'</b>';\r
-\r
-        $this->pagefoot();\r
-\r
-\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_batchcategory() {\r
-        global $member, $manager;\r
-\r
-        // check if logged in\r
-        $member->isLoggedIn() or $this->disallow();\r
-\r
-        // more precise check will be done for each performed operation\r
-\r
-        // get array of itemids from request\r
-        $selected = requestIntArray('batch');\r
-        $action = requestVar('batchaction');\r
-\r
-        // Show error when no items were selected\r
-        if (!is_array($selected) || sizeof($selected) == 0)\r
-            $this->error(_BATCH_NOSELECTION);\r
-\r
-        // On move: when no destination blog chosen, show choice now\r
-        $destBlogId = intRequestVar('destblogid');\r
-        if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
-            $this->batchMoveCategorySelectDestination('category',$selected);\r
+               // check if logged in and admin\r
+               ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
+\r
+               // get array of itemids from request\r
+               $selected = requestIntArray('batch');\r
+               $action = requestVar('batchaction');\r
+\r
+               // Show error when no members selected\r
+               if (!is_array($selected) || sizeof($selected) == 0)\r
+                       $this->error(_BATCH_NOSELECTION);\r
+\r
+               // On delete: check if confirmation has been given\r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
+                       $this->batchAskDeleteConfirmation('member',$selected);\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
+               echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
+               echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
+               echo '<ul>';\r
+\r
+               // walk over all itemids and perform action\r
+               foreach ($selected as $memberid) {\r
+                       $memberid = intval($memberid);\r
+                       echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
+\r
+                       // perform action, display errors if needed\r
+                       switch($action) {\r
+                               case 'delete':\r
+                                       $error = $this->deleteOneMember($memberid);\r
+                                       break;\r
+                               case 'setadmin':\r
+                                       // always succeeds\r
+                                       sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
+                                       $error = '';\r
+                                       break;\r
+                               case 'unsetadmin':\r
+                                       // there should always remain at least one super-admin\r
+                                       $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
+                                       if (sql_num_rows($r) < 2)\r
+                                               $error = _ERROR_ATLEASTONEADMIN;\r
+                                       else\r
+                                               sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
+                                       break;\r
+                               default:\r
+                                       $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
+                       }\r
+\r
+                       echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
+                       echo '</li>';\r
+               }\r
+\r
+               echo '</ul>';\r
+               echo '<b>',_BATCH_DONE,'</b>';\r
+\r
+               $this->pagefoot();\r
+\r
+\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_batchteam() {\r
+               global $member;\r
+\r
+               $blogid = intRequestVar('blogid');\r
+\r
+               // check if logged in and admin\r
+               ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
+\r
+               // get array of itemids from request\r
+               $selected = requestIntArray('batch');\r
+               $action = requestVar('batchaction');\r
+\r
+               // Show error when no members selected\r
+               if (!is_array($selected) || sizeof($selected) == 0)\r
+                       $this->error(_BATCH_NOSELECTION);\r
+\r
+               // On delete: check if confirmation has been given\r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
+                       $this->batchAskDeleteConfirmation('team',$selected);\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
+\r
+               echo '<h2>',_BATCH_TEAM,'</h2>';\r
+               echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
+               echo '<ul>';\r
+\r
+               // walk over all itemids and perform action\r
+               foreach ($selected as $memberid) {\r
+                       $memberid = intval($memberid);\r
+                       echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
+\r
+                       // perform action, display errors if needed\r
+                       switch($action) {\r
+                               case 'delete':\r
+                                       $error = $this->deleteOneTeamMember($blogid, $memberid);\r
+                                       break;\r
+                               case 'setadmin':\r
+                                       // always succeeds\r
+                                       sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
+                                       $error = '';\r
+                                       break;\r
+                               case 'unsetadmin':\r
+                                       // there should always remain at least one admin\r
+                                       $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
+                                       if (sql_num_rows($r) < 2)\r
+                                               $error = _ERROR_ATLEASTONEBLOGADMIN;\r
+                                       else\r
+                                               sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
+                                       break;\r
+                               default:\r
+                                       $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
+                       }\r
+\r
+                       echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
+                       echo '</li>';\r
+               }\r
+\r
+               echo '</ul>';\r
+               echo '<b>',_BATCH_DONE,'</b>';\r
+\r
+               $this->pagefoot();\r
+\r
+\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_batchcategory() {\r
+               global $member, $manager;\r
+\r
+               // check if logged in\r
+               $member->isLoggedIn() or $this->disallow();\r
+\r
+               // more precise check will be done for each performed operation\r
+\r
+               // get array of itemids from request\r
+               $selected = requestIntArray('batch');\r
+               $action = requestVar('batchaction');\r
+\r
+               // Show error when no items were selected\r
+               if (!is_array($selected) || sizeof($selected) == 0)\r
+                       $this->error(_BATCH_NOSELECTION);\r
+\r
+               // On move: when no destination blog chosen, show choice now\r
+               $destBlogId = intRequestVar('destblogid');\r
+               if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
+                       $this->batchMoveCategorySelectDestination('category',$selected);\r
 \r
-        // On delete: check if confirmation has been given\r
-        if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
-            $this->batchAskDeleteConfirmation('category',$selected);\r
-\r
-        $this->pagehead();\r
-\r
-        echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
-        echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
-        echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
-        echo '<ul>';\r
-\r
-        // walk over all itemids and perform action\r
-        foreach ($selected as $catid) {\r
-            $catid = intval($catid);\r
-            echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
-\r
-            // perform action, display errors if needed\r
-            switch($action) {\r
-                case 'delete':\r
-                    $error = $this->deleteOneCategory($catid);\r
-                    break;\r
-                case 'move':\r
-                    $error = $this->moveOneCategory($catid, $destBlogId);\r
-                    break;\r
-                default:\r
-                    $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
-            }\r
-\r
-            echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>';\r
-            echo '</li>';\r
-        }\r
-\r
-        echo '</ul>';\r
-        echo '<b>',_BATCH_DONE,'</b>';\r
-\r
-        $this->pagefoot();\r
-\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function batchMoveSelectDestination($type, $ids) {\r
-        global $manager;\r
-        $this->pagehead();\r
-        ?>\r
-        <h2><?php echo _MOVE_TITLE?></h2>\r
-        <form method="post" action="index.php"><div>\r
-\r
-            <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
-            <input type="hidden" name="batchaction" value="move" />\r
-            <?php\r
-                $manager->addTicketHidden();\r
-\r
-                // insert selected item numbers\r
-                $idx = 0;\r
-                foreach ($ids as $id)\r
-                    echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
-\r
-                // show blog/category selection list\r
-                $this->selectBlogCategory('destcatid');\r
-\r
-            ?>\r
-\r
-\r
-            <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
-\r
-        </div></form>\r
-        <?php       $this->pagefoot();\r
-        exit;\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function batchMoveCategorySelectDestination($type, $ids) {\r
-        global $manager;\r
-        $this->pagehead();\r
-        ?>\r
-        <h2><?php echo _MOVECAT_TITLE?></h2>\r
-        <form method="post" action="index.php"><div>\r
-\r
-            <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
-            <input type="hidden" name="batchaction" value="move" />\r
-            <?php\r
-                $manager->addTicketHidden();\r
-\r
-                // insert selected item numbers\r
-                $idx = 0;\r
-                foreach ($ids as $id)\r
-                    echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
-\r
-                // show blog/category selection list\r
-                $this->selectBlog('destblogid');\r
-\r
-            ?>\r
-\r
-\r
-            <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
-\r
-        </div></form>\r
-        <?php       $this->pagefoot();\r
-        exit;\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function batchAskDeleteConfirmation($type, $ids) {\r
-        global $manager;\r
-\r
-        $this->pagehead();\r
-        ?>\r
-        <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
-        <form method="post" action="index.php"><div>\r
-\r
-            <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
-            <?php $manager->addTicketHidden() ?>\r
-            <input type="hidden" name="batchaction" value="delete" />\r
-            <input type="hidden" name="confirmation" value="yes" />\r
-            <?php               // insert selected item numbers\r
-                $idx = 0;\r
-                foreach ($ids as $id)\r
-                    echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
-\r
-                // add hidden vars for team & comment\r
-                if ($type == 'team')\r
-                {\r
-                    echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
-                }\r
-                if ($type == 'comment')\r
-                {\r
-                    echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
-                }\r
-\r
-            ?>\r
-\r
-            <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
-\r
-        </div></form>\r
-        <?php       $this->pagefoot();\r
-        exit;\r
-    }\r
-\r
-\r
-    /**\r
-     * Inserts a HTML select element with choices for all categories to which the current\r
-     * member has access\r
-     * @see function selectBlog\r
-     */\r
-    function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
-        ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
-    }\r
-\r
-    /**\r
-     * Inserts a HTML select element with choices for all blogs to which the user has access\r
-     *      mode = 'blog' => shows blognames and values are blogids\r
-     *      mode = 'category' => show category names and values are catids\r
-     *\r
-     * @param $iForcedBlogInclude\r
-     *      ID of a blog that always needs to be included, without checking if the\r
-     *      member is on the blog team (-1 = none)\r
-     * @todo document parameters\r
-     */\r
-    function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
-        global $member, $CONF;\r
-\r
-        // 0. get IDs of blogs to which member can post items (+ forced blog)\r
-        $aBlogIds = array();\r
-        if ($iForcedBlogInclude != -1)\r
-            $aBlogIds[] = intval($iForcedBlogInclude);\r
-\r
-        if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
-            $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
-        else\r
-            $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
-        $rblogids = sql_query($queryBlogs);\r
-        while ($o = sql_fetch_object($rblogids))\r
-            if ($o->bnumber != $iForcedBlogInclude)\r
-                $aBlogIds[] = intval($o->bnumber);\r
-\r
-        if (count($aBlogIds) == 0)\r
-            return;\r
-\r
-        echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
-\r
-        // 1. select blogs (we'll create optiongroups)\r
-        // (only select those blogs that have the user on the team)\r
-        $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
-        $blogs = sql_query($queryBlogs);\r
-        if ($mode == 'category') {\r
-            if (sql_num_rows($blogs) > 1)\r
-                $multipleBlogs = 1;\r
-\r
-            while ($oBlog = sql_fetch_object($blogs)) {\r
-                if ($multipleBlogs)\r
-                    echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
-\r
-                // show selection to create new category when allowed/wanted\r
-                if ($showNewCat) {\r
-                    // check if allowed to do so\r
-                    if ($member->blogAdminRights($oBlog->bnumber))\r
-                        echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
-                }\r
-\r
-                // 2. for each category in that blog\r
-                $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
-                while ($oCat = sql_fetch_object($categories)) {\r
-                    if ($oCat->catid == $selected)\r
-                        $selectText = ' selected="selected" ';\r
-                    else\r
-                        $selectText = '';\r
-                    echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
-                }\r
-\r
-                if ($multipleBlogs)\r
-                    echo '</optgroup>';\r
-            }\r
-        } else {\r
-            // blog mode\r
-            while ($oBlog = sql_fetch_object($blogs)) {\r
-                echo '<option value="',$oBlog->bnumber,'"';\r
-                if ($oBlog->bnumber == $selected)\r
-                    echo ' selected="selected"';\r
-                echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
-            }\r
-        }\r
-        echo '</select>';\r
-\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_browseownitems() {\r
-        global $member, $manager, $CONF;\r
-\r
-        $this->pagehead();\r
-\r
-        echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
-        echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
-\r
-        // start index\r
-        if (postVar('start'))\r
-            $start = intPostVar('start');\r
-        else\r
-            $start = 0;\r
-\r
-        // amount of items to show\r
-        if (postVar('amount'))\r
-            $amount = intPostVar('amount');\r
-        else {\r
-            $amount = intval($CONF['DefaultListSize']);\r
-            if ($amount < 1)\r
-                $amount = 10;\r
-        }\r
-\r
-        $search = postVar('search');    // search through items\r
-\r
-        $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
-               . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
-               . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
-\r
-        if ($search)\r
-            $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
-\r
-        $query .= ' ORDER BY itime DESC'\r
-                . " LIMIT $start,$amount";\r
-\r
-        $template['content'] = 'itemlist';\r
-        $template['now'] = time();\r
-\r
-        $manager->loadClass("ENCAPSULATE");\r
-        $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);\r
-        $navList->showBatchList('item',$query,'table',$template);\r
-\r
-        $this->pagefoot();\r
-\r
-    }\r
-\r
-    /**\r
-     * Show all the comments for a given item\r
-     * @param int $itemid\r
-     */\r
-    function action_itemcommentlist($itemid = '') {\r
-        global $member, $manager, $CONF;\r
-\r
-        if ($itemid == '')\r
-            $itemid = intRequestVar('itemid');\r
-\r
-        // only allow if user is allowed to alter item\r
-        $member->canAlterItem($itemid) or $this->disallow();\r
-\r
-        $blogid = getBlogIdFromItemId($itemid);\r
-\r
-        $this->pagehead();\r
-\r
-        // start index\r
-        if (postVar('start'))\r
-            $start = intPostVar('start');\r
-        else\r
-            $start = 0;\r
-\r
-        // amount of items to show\r
-        if (postVar('amount'))\r
-            $amount = intPostVar('amount');\r
-        else {\r
-            $amount = intval($CONF['DefaultListSize']);\r
-            if ($amount < 1)\r
-                $amount = 10;\r
-        }\r
-\r
-        $search = postVar('search');\r
+               // On delete: check if confirmation has been given\r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
+                       $this->batchAskDeleteConfirmation('category',$selected);\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
+               echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
+               echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
+               echo '<ul>';\r
+\r
+               // walk over all itemids and perform action\r
+               foreach ($selected as $catid) {\r
+                       $catid = intval($catid);\r
+                       echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
+\r
+                       // perform action, display errors if needed\r
+                       switch($action) {\r
+                               case 'delete':\r
+                                       $error = $this->deleteOneCategory($catid);\r
+                                       break;\r
+                               case 'move':\r
+                                       $error = $this->moveOneCategory($catid, $destBlogId);\r
+                                       break;\r
+                               default:\r
+                                       $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
+                       }\r
+\r
+                       echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>';\r
+                       echo '</li>';\r
+               }\r
+\r
+               echo '</ul>';\r
+               echo '<b>',_BATCH_DONE,'</b>';\r
+\r
+               $this->pagefoot();\r
+\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function batchMoveSelectDestination($type, $ids) {\r
+               global $manager;\r
+               $this->pagehead();\r
+               ?>\r
+               <h2><?php echo _MOVE_TITLE?></h2>\r
+               <form method="post" action="index.php"><div>\r
+\r
+                       <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
+                       <input type="hidden" name="batchaction" value="move" />\r
+                       <?php\r
+                               $manager->addTicketHidden();\r
+\r
+                               // insert selected item numbers\r
+                               $idx = 0;\r
+                               foreach ($ids as $id)\r
+                                       echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
+\r
+                               // show blog/category selection list\r
+                               $this->selectBlogCategory('destcatid');\r
+\r
+                       ?>\r
+\r
+\r
+                       <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
+\r
+               </div></form>\r
+               <?php      $this->pagefoot();\r
+               exit;\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function batchMoveCategorySelectDestination($type, $ids) {\r
+               global $manager;\r
+               $this->pagehead();\r
+               ?>\r
+               <h2><?php echo _MOVECAT_TITLE?></h2>\r
+               <form method="post" action="index.php"><div>\r
+\r
+                       <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
+                       <input type="hidden" name="batchaction" value="move" />\r
+                       <?php\r
+                               $manager->addTicketHidden();\r
+\r
+                               // insert selected item numbers\r
+                               $idx = 0;\r
+                               foreach ($ids as $id)\r
+                                       echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
+\r
+                               // show blog/category selection list\r
+                               $this->selectBlog('destblogid');\r
+\r
+                       ?>\r
+\r
+\r
+                       <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
+\r
+               </div></form>\r
+               <?php      $this->pagefoot();\r
+               exit;\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function batchAskDeleteConfirmation($type, $ids) {\r
+               global $manager;\r
+\r
+               $this->pagehead();\r
+               ?>\r
+               <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
+               <form method="post" action="index.php"><div>\r
+\r
+                       <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
+                       <?php $manager->addTicketHidden() ?>\r
+                       <input type="hidden" name="batchaction" value="delete" />\r
+                       <input type="hidden" name="confirmation" value="yes" />\r
+                       <?php                      // insert selected item numbers\r
+                               $idx = 0;\r
+                               foreach ($ids as $id)\r
+                                       echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
+\r
+                               // add hidden vars for team & comment\r
+                               if ($type == 'team')\r
+                               {\r
+                                       echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
+                               }\r
+                               if ($type == 'comment')\r
+                               {\r
+                                       echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
+                               }\r
+\r
+                       ?>\r
+\r
+                       <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
+\r
+               </div></form>\r
+               <?php      $this->pagefoot();\r
+               exit;\r
+       }\r
+\r
+\r
+       /**\r
+        * Inserts a HTML select element with choices for all categories to which the current\r
+        * member has access\r
+        * @see function selectBlog\r
+        */\r
+       function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
+               ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
+       }\r
+\r
+       /**\r
+        * Inserts a HTML select element with choices for all blogs to which the user has access\r
+        *        mode = 'blog' => shows blognames and values are blogids\r
+        *        mode = 'category' => show category names and values are catids\r
+        *\r
+        * @param $iForcedBlogInclude\r
+        *        ID of a blog that always needs to be included, without checking if the\r
+        *        member is on the blog team (-1 = none)\r
+        * @todo document parameters\r
+        */\r
+       function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
+               global $member, $CONF;\r
+\r
+               // 0. get IDs of blogs to which member can post items (+ forced blog)\r
+               $aBlogIds = array();\r
+               if ($iForcedBlogInclude != -1)\r
+                       $aBlogIds[] = intval($iForcedBlogInclude);\r
+\r
+               if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
+                       $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
+               else\r
+                       $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
+               $rblogids = sql_query($queryBlogs);\r
+               while ($o = sql_fetch_object($rblogids))\r
+                       if ($o->bnumber != $iForcedBlogInclude)\r
+                               $aBlogIds[] = intval($o->bnumber);\r
+\r
+               if (count($aBlogIds) == 0)\r
+                       return;\r
+\r
+               echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
+\r
+               // 1. select blogs (we'll create optiongroups)\r
+               // (only select those blogs that have the user on the team)\r
+               $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
+               $blogs = sql_query($queryBlogs);\r
+               if ($mode == 'category') {\r
+                       if (sql_num_rows($blogs) > 1)\r
+                               $multipleBlogs = 1;\r
+\r
+                       while ($oBlog = sql_fetch_object($blogs)) {\r
+                               if ($multipleBlogs)\r
+                                       echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
+\r
+                               // show selection to create new category when allowed/wanted\r
+                               if ($showNewCat) {\r
+                                       // check if allowed to do so\r
+                                       if ($member->blogAdminRights($oBlog->bnumber))\r
+                                               echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
+                               }\r
+\r
+                               // 2. for each category in that blog\r
+                               $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
+                               while ($oCat = sql_fetch_object($categories)) {\r
+                                       if ($oCat->catid == $selected)\r
+                                               $selectText = ' selected="selected" ';\r
+                                       else\r
+                                               $selectText = '';\r
+                                       echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
+                               }\r
+\r
+                               if ($multipleBlogs)\r
+                                       echo '</optgroup>';\r
+                       }\r
+               } else {\r
+                       // blog mode\r
+                       while ($oBlog = sql_fetch_object($blogs)) {\r
+                               echo '<option value="',$oBlog->bnumber,'"';\r
+                               if ($oBlog->bnumber == $selected)\r
+                                       echo ' selected="selected"';\r
+                               echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
+                       }\r
+               }\r
+               echo '</select>';\r
+\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_browseownitems() {\r
+               global $member, $manager, $CONF;\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
+               echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
+\r
+               // start index\r
+               if (postVar('start'))\r
+                       $start = intPostVar('start');\r
+               else\r
+                       $start = 0;\r
+\r
+               // amount of items to show\r
+               if (postVar('amount'))\r
+                       $amount = intPostVar('amount');\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
+\r
+               $search = postVar('search');    // search through items\r
+\r
+               $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
+                          . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
+                          . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
+\r
+               if ($search)\r
+                       $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
+\r
+               $query .= ' ORDER BY itime DESC'\r
+                               . " LIMIT $start,$amount";\r
+\r
+               $template['content'] = 'itemlist';\r
+               $template['now'] = time();\r
+\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);\r
+               $navList->showBatchList('item',$query,'table',$template);\r
+\r
+               $this->pagefoot();\r
+\r
+       }\r
+\r
+       /**\r
+        * Show all the comments for a given item\r
+        * @param int $itemid\r
+        */\r
+       function action_itemcommentlist($itemid = '') {\r
+               global $member, $manager, $CONF;\r
+\r
+               if ($itemid == '')\r
+                       $itemid = intRequestVar('itemid');\r
+\r
+               // only allow if user is allowed to alter item\r
+               $member->canAlterItem($itemid) or $this->disallow();\r
+\r
+               $blogid = getBlogIdFromItemId($itemid);\r
+\r
+               $this->pagehead();\r
+\r
+               // start index\r
+               if (postVar('start'))\r
+                       $start = intPostVar('start');\r
+               else\r
+                       $start = 0;\r
+\r
+               // amount of items to show\r
+               if (postVar('amount'))\r
+                       $amount = intPostVar('amount');\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
+\r
+               $search = postVar('search');\r
 \r
-        echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
-        echo '<h2>',_COMMENTS,'</h2>';\r
+               echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
+               echo '<h2>',_COMMENTS,'</h2>';\r
 \r
-        $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;\r
+               $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;\r
 \r
-        if ($search)\r
-            $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
+               if ($search)\r
+                       $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
 \r
-        $query .= ' ORDER BY ctime ASC'\r
-                . " LIMIT $start,$amount";\r
+               $query .= ' ORDER BY ctime ASC'\r
+                               . " LIMIT $start,$amount";\r
 \r
-        $template['content'] = 'commentlist';\r
-        $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
+               $template['content'] = 'commentlist';\r
+               $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
 \r
-        $manager->loadClass("ENCAPSULATE");\r
-        $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
-        $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
+               $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
 \r
-        $this->pagefoot();\r
-    }\r
+               $this->pagefoot();\r
+       }\r
 \r
-    /**\r
-     * Browse own comments\r
-     */\r
-    function action_browseowncomments() {\r
-        global $member, $manager, $CONF;\r
+       /**\r
+        * Browse own comments\r
+        */\r
+       function action_browseowncomments() {\r
+               global $member, $manager, $CONF;\r
 \r
-        // start index\r
-        if (postVar('start'))\r
-            $start = intPostVar('start');\r
-        else\r
-            $start = 0;\r
+               // start index\r
+               if (postVar('start'))\r
+                       $start = intPostVar('start');\r
+               else\r
+                       $start = 0;\r
 \r
-        // amount of items to show\r
-        if (postVar('amount'))\r
-            $amount = intPostVar('amount');\r
-        else {\r
-            $amount = intval($CONF['DefaultListSize']);\r
-            if ($amount < 1)\r
-                $amount = 10;\r
-        }\r
+               // amount of items to show\r
+               if (postVar('amount'))\r
+                       $amount = intPostVar('amount');\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
-        $search = postVar('search');\r
+               $search = postVar('search');\r
 \r
 \r
-        $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
+               $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
 \r
-        if ($search)\r
-            $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
+               if ($search)\r
+                       $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
 \r
-        $query .= ' ORDER BY ctime DESC'\r
-                . " LIMIT $start,$amount";\r
+               $query .= ' ORDER BY ctime DESC'\r
+                               . " LIMIT $start,$amount";\r
 \r
-        $this->pagehead();\r
+               $this->pagehead();\r
 \r
-        echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
-        echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
+               echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
 \r
-        $template['content'] = 'commentlist';\r
-        $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself\r
+               $template['content'] = 'commentlist';\r
+               $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself\r
 \r
-        $manager->loadClass("ENCAPSULATE");\r
-        $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
-        $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
+               $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
 \r
-        $this->pagefoot();\r
-    }\r
+               $this->pagefoot();\r
+       }\r
 \r
-    /**\r
-     * Browse all comments for a weblog\r
-     * @param int $blogid\r
-     */\r
-    function action_blogcommentlist($blogid = '')\r
-    {\r
-        global $member, $manager, $CONF;\r
+       /**\r
+        * Browse all comments for a weblog\r
+        * @param int $blogid\r
+        */\r
+       function action_blogcommentlist($blogid = '')\r
+       {\r
+               global $member, $manager, $CONF;\r
 \r
-        if ($blogid == '')\r
-            $blogid = intRequestVar('blogid');\r
-        else\r
-            $blogid = intval($blogid);\r
+               if ($blogid == '')\r
+                       $blogid = intRequestVar('blogid');\r
+               else\r
+                       $blogid = intval($blogid);\r
 \r
-        $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
+               $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
 \r
-        // start index\r
-        if (postVar('start'))\r
-            $start = intPostVar('start');\r
-        else\r
-            $start = 0;\r
+               // start index\r
+               if (postVar('start'))\r
+                       $start = intPostVar('start');\r
+               else\r
+                       $start = 0;\r
 \r
-        // amount of items to show\r
-        if (postVar('amount'))\r
-            $amount = intPostVar('amount');\r
-        else {\r
-            $amount = intval($CONF['DefaultListSize']);\r
-            if ($amount < 1)\r
-                $amount = 10;\r
-        }\r
+               // amount of items to show\r
+               if (postVar('amount'))\r
+                       $amount = intPostVar('amount');\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
-        $search = postVar('search');        // search through comments\r
+               $search = postVar('search');            // search through comments\r
 \r
 \r
-        $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
+               $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
 \r
-        if ($search != '')\r
-            $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
+               if ($search != '')\r
+                       $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
 \r
 \r
-        $query .= ' ORDER BY ctime DESC'\r
-                . " LIMIT $start,$amount";\r
+               $query .= ' ORDER BY ctime DESC'\r
+                               . " LIMIT $start,$amount";\r
 \r
 \r
-        $blog =& $manager->getBlog($blogid);\r
+               $blog =& $manager->getBlog($blogid);\r
 \r
-        $this->pagehead();\r
+               $this->pagehead();\r
 \r
-        echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
-        echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
+               echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
 \r
-        $template['content'] = 'commentlist';\r
-        $template['canAddBan'] = $member->blogAdminRights($blogid);\r
+               $template['content'] = 'commentlist';\r
+               $template['canAddBan'] = $member->blogAdminRights($blogid);\r
 \r
-        $manager->loadClass("ENCAPSULATE");\r
-        $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
-        $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
+               $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
 \r
-        $this->pagefoot();\r
-    }\r
+               $this->pagefoot();\r
+       }\r
 \r
-    /**\r
-     * Provide a page to item a new item to the given blog\r
-     */\r
-    function action_createitem() {\r
-        global $member, $manager;\r
+       /**\r
+        * Provide a page to item a new item to the given blog\r
+        */\r
+       function action_createitem() {\r
+               global $member, $manager;\r
 \r
-        $blogid = intRequestVar('blogid');\r
+               $blogid = intRequestVar('blogid');\r
 \r
-        // check if allowed\r
-        $member->teamRights($blogid) or $this->disallow();\r
+               // check if allowed\r
+               $member->teamRights($blogid) or $this->disallow();\r
 \r
-        $memberid = $member->getID();\r
+               $memberid = $member->getID();\r
 \r
-        $blog =& $manager->getBlog($blogid);\r
+               $blog =& $manager->getBlog($blogid);\r
 \r
-        $this->pagehead();\r
+               $this->pagehead();\r
 \r
-        // generate the add-item form\r
-        $formfactory =& new PAGEFACTORY($blogid);\r
-        $formfactory->createAddForm('admin');\r
+               // generate the add-item form\r
+               $formfactory =& new PAGEFACTORY($blogid);\r
+               $formfactory->createAddForm('admin');\r
 \r
-        $this->pagefoot();\r
-    }\r
+               $this->pagefoot();\r
+       }\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_itemedit() {\r
-        global $member, $manager;\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_itemedit() {\r
+               global $member, $manager;\r
 \r
-        $itemid = intRequestVar('itemid');\r
+               $itemid = intRequestVar('itemid');\r
 \r
-        // only allow if user is allowed to alter item\r
-        $member->canAlterItem($itemid) or $this->disallow();\r
+               // only allow if user is allowed to alter item\r
+               $member->canAlterItem($itemid) or $this->disallow();\r
 \r
-        $item =& $manager->getItem($itemid,1,1);\r
-        $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
+               $item =& $manager->getItem($itemid,1,1);\r
+               $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
 \r
-        $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
+               $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
 \r
-        if ($blog->convertBreaks()) {\r
-            $item['body'] = removeBreaks($item['body']);\r
-            $item['more'] = removeBreaks($item['more']);\r
-        }\r
+               if ($blog->convertBreaks()) {\r
+                       $item['body'] = removeBreaks($item['body']);\r
+                       $item['more'] = removeBreaks($item['more']);\r
+               }\r
 \r
-        // form to edit blog items\r
-        $this->pagehead();\r
-        $formfactory =& new PAGEFACTORY($blog->getID());\r
-        $formfactory->createEditForm('admin',$item);\r
-        $this->pagefoot();\r
-    }\r
+               // form to edit blog items\r
+               $this->pagehead();\r
+               $formfactory =& new PAGEFACTORY($blog->getID());\r
+               $formfactory->createEditForm('admin',$item);\r
+               $this->pagefoot();\r
+       }\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_itemupdate() {\r
-        global $member, $manager, $CONF;\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_itemupdate() {\r
+               global $member, $manager, $CONF;\r
 \r
-        $itemid = intRequestVar('itemid');\r
-        $catid = postVar('catid');\r
+               $itemid = intRequestVar('itemid');\r
+               $catid = postVar('catid');\r
 \r
-        // only allow if user is allowed to alter item\r
-        $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
+               // only allow if user is allowed to alter item\r
+               $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
 \r
-        $actiontype = postVar('actiontype');\r
+               $actiontype = postVar('actiontype');\r
 \r
-        // delete actions are handled by itemdelete (which has confirmation)\r
-        if ($actiontype == 'delete') {\r
-            $this->action_itemdelete();\r
-            return;\r
-        }\r
+               // delete actions are handled by itemdelete (which has confirmation)\r
+               if ($actiontype == 'delete') {\r
+                       $this->action_itemdelete();\r
+                       return;\r
+               }\r
 \r
-        $body   = postVar('body');\r
-        $title  = postVar('title');\r
-        $more   = postVar('more');\r
-        $closed = intPostVar('closed');\r
-        $draftid = intPostVar('draftid');\r
+               $body   = postVar('body');\r
+               $title  = postVar('title');\r
+               $more   = postVar('more');\r
+               $closed = intPostVar('closed');\r
+               $draftid = intPostVar('draftid');\r
 \r
-        // default action = add now\r
-        if (!$actiontype)\r
-            $actiontype='addnow';\r
-\r
-        // create new category if needed\r
-        if (strstr($catid,'newcat')) {\r
-            // get blogid\r
-            list($blogid) = sscanf($catid,"newcat-%d");\r
-\r
-            // create\r
-            $blog =& $manager->getBlog($blogid);\r
-            $catid = $blog->createNewCategory();\r
-\r
-            // show error when sth goes wrong\r
-            if (!$catid)\r
-                $this->doError(_ERROR_CATCREATEFAIL);\r
-        }\r
-\r
-        /*\r
-            set some variables based on actiontype\r
-\r
-            actiontypes:\r
-                draft items -> addnow, addfuture, adddraft, delete\r
-                non-draft items -> edit, changedate, delete\r
-\r
-            variables set:\r
-                $timestamp: set to a nonzero value for future dates or date changes\r
-                $wasdraft: set to 1 when the item used to be a draft item\r
-                $publish: set to 1 when the edited item is not a draft\r
-        */\r
-        $blogid =  getBlogIDFromItemID($itemid);\r
-        $blog   =& $manager->getBlog($blogid);\r
-\r
-        $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
-        $wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
-        $publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
-        if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
-            $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
-        } else {\r
-            $timestamp =0;\r
-        }\r
-\r
-        // edit the item for real\r
-        ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
-\r
-        $this->updateFuturePosted($blogid);\r
-\r
-        if ($draftid > 0) {\r
-            // delete permission is checked inside ITEM::delete()\r
-            ITEM::delete($draftid);\r
-        }\r
-\r
-        // show category edit window when we created a new category\r
-        // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
-        if ($catid != intPostVar('catid')) {\r
-            $this->action_categoryedit(\r
-                $catid,\r
-                $blog->getID(),\r
-                $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
-            );\r
-        } else {\r
-            // TODO: set start item correctly for itemlist\r
-            $this->action_itemlist(getBlogIDFromItemID($itemid));\r
-        }\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_itemdelete() {\r
-        global $member, $manager;\r
-\r
-        $itemid = intRequestVar('itemid');\r
-\r
-        // only allow if user is allowed to alter item\r
-        $member->canAlterItem($itemid) or $this->disallow();\r
-\r
-        if (!$manager->existsItem($itemid,1,1))\r
-            $this->error(_ERROR_NOSUCHITEM);\r
-\r
-        $item =& $manager->getItem($itemid,1,1);\r
-        $title = htmlspecialchars(strip_tags($item['title']));\r
-        $body = strip_tags($item['body']);\r
-        $body = htmlspecialchars(shorten($body,300,'...'));\r
-\r
-        $this->pagehead();\r
-        ?>\r
-            <h2><?php echo _DELETE_CONFIRM?></h2>\r
-\r
-            <p><?php echo _CONFIRMTXT_ITEM?></p>\r
-\r
-            <div class="note">\r
-                <b>"<?php echo  $title ?>"</b>\r
-                <br />\r
-                <?php echo $body?>\r
-            </div>\r
-\r
-            <form method="post" action="index.php"><div>\r
-                <input type="hidden" name="action" value="itemdeleteconfirm" />\r
-                <?php $manager->addTicketHidden() ?>\r
-                <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
-                <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
-            </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_itemdeleteconfirm() {\r
-        global $member;\r
-\r
-        $itemid = intRequestVar('itemid');\r
-\r
-        // only allow if user is allowed to alter item\r
-        $member->canAlterItem($itemid) or $this->disallow();\r
-\r
-        // get blogid first\r
-        $blogid = getBlogIdFromItemId($itemid);\r
-\r
-        // delete item (note: some checks will be performed twice)\r
-        $this->deleteOneItem($itemid);\r
-\r
-        $this->action_itemlist($blogid);\r
-    }\r
-\r
-    /**\r
-     * Deletes one item and returns error if something goes wrong\r
-     * @param int $itemid\r
-     */\r
-    function deleteOneItem($itemid) {\r
-        global $member, $manager;\r
-\r
-        // only allow if user is allowed to alter item (also checks if itemid exists)\r
-        if (!$member->canAlterItem($itemid))\r
-            return _ERROR_DISALLOWED;\r
-\r
-        // need to get blogid before the item is deleted\r
-        $blogid = getBlogIDFromItemId($itemid);\r
-\r
-        $manager->loadClass('ITEM');\r
-        ITEM::delete($itemid);\r
-\r
-        // update blog's futureposted\r
-        $this->updateFuturePosted($blogid);\r
-    }\r
-\r
-    /**\r
-     * Update a blog's future posted flag\r
-     * @param int $blogid\r
-     */\r
-    function updateFuturePosted($blogid) {\r
-        global $manager;\r
-\r
-        $blog =& $manager->getBlog($blogid);\r
-        $currenttime = $blog->getCorrectTime(time());\r
-        $result = sql_query("SELECT * FROM ".sql_table('item').\r
-            " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
-        if (sql_num_rows($result) > 0) {\r
-                $blog->setFuturePost();\r
-        }\r
-        else {\r
-                $blog->clearFuturePost();\r
-        }\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_itemmove() {\r
-        global $member, $manager;\r
-\r
-        $itemid = intRequestVar('itemid');\r
-\r
-        // only allow if user is allowed to alter item\r
-        $member->canAlterItem($itemid) or $this->disallow();\r
-\r
-        $item =& $manager->getItem($itemid,1,1);\r
-\r
-        $this->pagehead();\r
-        ?>\r
-            <h2><?php echo _MOVE_TITLE?></h2>\r
-            <form method="post" action="index.php"><div>\r
-                <input type="hidden" name="action" value="itemmoveto" />\r
-                <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
-\r
-                <?php\r
-\r
-                    $manager->addTicketHidden();\r
-                    $this->selectBlogCategory('catid',$item['catid'],10,1);\r
-                ?>\r
-\r
-                <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
-            </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_itemmoveto() {\r
-        global $member, $manager;\r
+               // default action = add now\r
+               if (!$actiontype)\r
+                       $actiontype='addnow';\r
+\r
+               // create new category if needed\r
+               if (strstr($catid,'newcat')) {\r
+                       // get blogid\r
+                       list($blogid) = sscanf($catid,"newcat-%d");\r
+\r
+                       // create\r
+                       $blog =& $manager->getBlog($blogid);\r
+                       $catid = $blog->createNewCategory();\r
+\r
+                       // show error when sth goes wrong\r
+                       if (!$catid)\r
+                               $this->doError(_ERROR_CATCREATEFAIL);\r
+               }\r
+\r
+               /*\r
+                       set some variables based on actiontype\r
+\r
+                       actiontypes:\r
+                               draft items -> addnow, addfuture, adddraft, delete\r
+                               non-draft items -> edit, changedate, delete\r
+\r
+                       variables set:\r
+                               $timestamp: set to a nonzero value for future dates or date changes\r
+                               $wasdraft: set to 1 when the item used to be a draft item\r
+                               $publish: set to 1 when the edited item is not a draft\r
+               */\r
+               $blogid =  getBlogIDFromItemID($itemid);\r
+               $blog   =& $manager->getBlog($blogid);\r
+\r
+               $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
+               $wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
+               $publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
+               if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
+                       $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
+               } else {\r
+                       $timestamp =0;\r
+               }\r
+\r
+               // edit the item for real\r
+               ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
+\r
+               $this->updateFuturePosted($blogid);\r
+\r
+               if ($draftid > 0) {\r
+                       // delete permission is checked inside ITEM::delete()\r
+                       ITEM::delete($draftid);\r
+               }\r
+\r
+               // show category edit window when we created a new category\r
+               // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
+               if ($catid != intPostVar('catid')) {\r
+                       $this->action_categoryedit(\r
+                               $catid,\r
+                               $blog->getID(),\r
+                               $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
+                       );\r
+               } else {\r
+                       // TODO: set start item correctly for itemlist\r
+                       $this->action_itemlist(getBlogIDFromItemID($itemid));\r
+               }\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_itemdelete() {\r
+               global $member, $manager;\r
+\r
+               $itemid = intRequestVar('itemid');\r
+\r
+               // only allow if user is allowed to alter item\r
+               $member->canAlterItem($itemid) or $this->disallow();\r
+\r
+               if (!$manager->existsItem($itemid,1,1))\r
+                       $this->error(_ERROR_NOSUCHITEM);\r
+\r
+               $item =& $manager->getItem($itemid,1,1);\r
+               $title = htmlspecialchars(strip_tags($item['title']));\r
+               $body = strip_tags($item['body']);\r
+               $body = htmlspecialchars(shorten($body,300,'...'));\r
+\r
+               $this->pagehead();\r
+               ?>\r
+                       <h2><?php echo _DELETE_CONFIRM?></h2>\r
+\r
+                       <p><?php echo _CONFIRMTXT_ITEM?></p>\r
+\r
+                       <div class="note">\r
+                               <b>"<?php echo  $title ?>"</b>\r
+                               <br />\r
+                               <?php echo $body?>\r
+                       </div>\r
+\r
+                       <form method="post" action="index.php"><div>\r
+                               <input type="hidden" name="action" value="itemdeleteconfirm" />\r
+                               <?php $manager->addTicketHidden() ?>\r
+                               <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
+                               <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_itemdeleteconfirm() {\r
+               global $member;\r
+\r
+               $itemid = intRequestVar('itemid');\r
+\r
+               // only allow if user is allowed to alter item\r
+               $member->canAlterItem($itemid) or $this->disallow();\r
+\r
+               // get blogid first\r
+               $blogid = getBlogIdFromItemId($itemid);\r
+\r
+               // delete item (note: some checks will be performed twice)\r
+               $this->deleteOneItem($itemid);\r
+\r
+               $this->action_itemlist($blogid);\r
+       }\r
+\r
+       /**\r
+        * Deletes one item and returns error if something goes wrong\r
+        * @param int $itemid\r
+        */\r
+       function deleteOneItem($itemid) {\r
+               global $member, $manager;\r
+\r
+               // only allow if user is allowed to alter item (also checks if itemid exists)\r
+               if (!$member->canAlterItem($itemid))\r
+                       return _ERROR_DISALLOWED;\r
+\r
+               // need to get blogid before the item is deleted\r
+               $blogid = getBlogIDFromItemId($itemid);\r
+\r
+               $manager->loadClass('ITEM');\r
+               ITEM::delete($itemid);\r
+\r
+               // update blog's futureposted\r
+               $this->updateFuturePosted($blogid);\r
+       }\r
+\r
+       /**\r
+        * Update a blog's future posted flag\r
+        * @param int $blogid\r
+        */\r
+       function updateFuturePosted($blogid) {\r
+               global $manager;\r
+\r
+               $blog =& $manager->getBlog($blogid);\r
+               $currenttime = $blog->getCorrectTime(time());\r
+               $result = sql_query("SELECT * FROM ".sql_table('item').\r
+                       " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
+               if (sql_num_rows($result) > 0) {\r
+                               $blog->setFuturePost();\r
+               }\r
+               else {\r
+                               $blog->clearFuturePost();\r
+               }\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_itemmove() {\r
+               global $member, $manager;\r
+\r
+               $itemid = intRequestVar('itemid');\r
+\r
+               // only allow if user is allowed to alter item\r
+               $member->canAlterItem($itemid) or $this->disallow();\r
+\r
+               $item =& $manager->getItem($itemid,1,1);\r
+\r
+               $this->pagehead();\r
+               ?>\r
+                       <h2><?php echo _MOVE_TITLE?></h2>\r
+                       <form method="post" action="index.php"><div>\r
+                               <input type="hidden" name="action" value="itemmoveto" />\r
+                               <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
+\r
+                               <?php\r
+\r
+                                       $manager->addTicketHidden();\r
+                                       $this->selectBlogCategory('catid',$item['catid'],10,1);\r
+                               ?>\r
+\r
+                               <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_itemmoveto() {\r
+               global $member, $manager;\r
+\r
+               $itemid = intRequestVar('itemid');\r
+               $catid = requestVar('catid');\r
+\r
+               // create new category if needed\r
+               if (strstr($catid,'newcat')) {\r
+                       // get blogid\r
+                       list($blogid) = sscanf($catid,'newcat-%d');\r
+\r
+                       // create\r
+                       $blog =& $manager->getBlog($blogid);\r
+                       $catid = $blog->createNewCategory();\r
+\r
+                       // show error when sth goes wrong\r
+                       if (!$catid)\r
+                               $this->doError(_ERROR_CATCREATEFAIL);\r
+               }\r
+\r
+               // only allow if user is allowed to alter item\r
+               $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
+\r
+               $old_blogid = getBlogIDFromItemId($itemid);\r
+\r
+               ITEM::move($itemid, $catid);\r
+\r
+               // set the futurePosted flag on the blog\r
+               $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
+\r
+               // reset the futurePosted in case the item is moved from one blog to another\r
+               $this->updateFuturePosted($old_blogid);\r
+\r
+               if ($catid != intRequestVar('catid'))\r
+                       $this->action_categoryedit($catid, $blog->getID());\r
+               else\r
+                       $this->action_itemlist(getBlogIDFromCatID($catid));\r
+       }\r
+\r
+       /**\r
+        * Moves one item to a given category (category existance should be checked by caller)\r
+        * errors are returned\r
+        * @param int $itemid\r
+        * @param int $destCatid category ID to which the item will be moved\r
+        */\r
+       function moveOneItem($itemid, $destCatid) {\r
+               global $member;\r
+\r
+               // only allow if user is allowed to move item\r
+               if (!$member->canUpdateItem($itemid, $destCatid))\r
+                       return _ERROR_DISALLOWED;\r
+\r
+               ITEM::move($itemid, $destCatid);\r
+       }\r
+\r
+       /**\r
+        * Adds a item to the chosen blog\r
+        */\r
+       function action_additem() {\r
+               global $manager, $CONF;\r
+\r
+               $manager->loadClass('ITEM');\r
+\r
+               $result = ITEM::createFromRequest();\r
+\r
+               if ($result['status'] == 'error')\r
+                       $this->error($result['message']);\r
+\r
+               $blogid = getBlogIDFromItemID($result['itemid']);\r
+               $blog =& $manager->getBlog($blogid);\r
+               $btimestamp = $blog->getCorrectTime();\r
+               $item      = $manager->getItem(intval($result['itemid']), 1, 1);\r
+\r
+               if ($result['status'] == 'newcategory') {\r
+                       $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));\r
+                       $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
+               } else {\r
+                       $methodName = 'action_itemList';\r
+                       call_user_func(array(&$this, $methodName), $blogid);\r
+               }\r
+       }\r
+\r
+       /**\r
+        * Allows to edit previously made comments\r
+        */\r
+       function action_commentedit() {\r
+               global $member, $manager;\r
+\r
+               $commentid = intRequestVar('commentid');\r
+\r
+               $member->canAlterComment($commentid) or $this->disallow();\r
+\r
+               $comment = COMMENT::getComment($commentid);\r
+\r
+               $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
+\r
+               // change <br /> to \n\r
+               $comment['body'] = str_replace('<br />','',$comment['body']);\r
+               \r
+               // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0\r
+               /* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */\r
+               $comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#I", "\\1", $comment['body']);\r
+               \r
+               $this->pagehead();\r
+\r
+               ?>\r
+               <h2><?php echo _EDITC_TITLE?></h2>\r
+\r
+               <form action="index.php" method="post"><div>\r
+\r
+               <input type="hidden" name="action" value="commentupdate" />\r
+               <?php $manager->addTicketHidden(); ?>\r
+               <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
+               <table><tr>\r
+                       <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
+               </tr><tr>\r
+                       <td><?php echo _EDITC_WHO?></td>\r
+                       <td>\r
+                       <?php                      if ($comment['member'])\r
+                                       echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
+                               else\r
+                                       echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
+                       ?>\r
+                       </td>\r
+               </tr><tr>\r
+                       <td><?php echo _EDITC_WHEN?></td>\r
+                       <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EDITC_HOST?></td>\r
+                       <td><?php echo  $comment['host']; ?></td>\r
+               </tr>\r
+               <tr>\r
+                       <td><?php echo _EDITC_URL; ?></td>\r
+                       <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td>\r
+               </tr>\r
+               <tr>\r
+                       <td><?php echo _EDITC_EMAIL; ?></td>\r
+                       <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td>\r
+               </tr>\r
+               <tr>\r
+                       <td><?php echo _EDITC_TEXT?></td>\r
+                       <td>\r
+                               <textarea name="body" tabindex="10" rows="10" cols="50"><?php                              // htmlspecialchars not needed (things should be escaped already)\r
+                                       echo $comment['body'];\r
+                               ?></textarea>\r
+                       </td>\r
+               </tr><tr>\r
+                       <td><?php echo _EDITC_EDIT?></td>\r
+                       <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
+               </tr></table>\r
+\r
+               </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_commentupdate() {\r
+               global $member, $manager;\r
+\r
+               $commentid = intRequestVar('commentid');\r
+\r
+               $member->canAlterComment($commentid) or $this->disallow();\r
+\r
+               $url = postVar('url');\r
+               $email = postVar('email');\r
+               $body = postVar('body');\r
+               \r
+               # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+               # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE\r
+               # important note that '\' must be matched with '\\\\' in preg* expressions\r
+               // intercept words that are too long\r
+               if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)\r
+               {\r
+                       $this->error(_ERROR_COMMENT_LONGWORD);\r
+               }\r
+               \r
+               // check length\r
+               if (strlen($body) < 3) {\r
+                       $this->error(_ERROR_COMMENT_NOCOMMENT);\r
+               }\r
+               if (strlen($body)>5000)\r
+               {\r
+                       $this->error(_ERROR_COMMENT_TOOLONG);\r
+               }\r
+               \r
+               // prepare body\r
+               $body = COMMENT::prepareBody($body);\r
+\r
+               // call plugins\r
+               $manager->notify('PreUpdateComment',array('body' => &$body));\r
+\r
+               $query =  'UPDATE '.sql_table('comment')\r
+                          . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"\r
+                          . " WHERE cnumber=" . $commentid;\r
+               sql_query($query);\r
+\r
+               // get itemid\r
+               $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
+               $o = sql_fetch_object($res);\r
+               $itemid = $o->citem;\r
+\r
+               if ($member->canAlterItem($itemid))\r
+                       $this->action_itemcommentlist($itemid);\r
+               else\r
+                       $this->action_browseowncomments();\r
+\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_commentdelete() {\r
+               global $member, $manager;\r
+\r
+               $commentid = intRequestVar('commentid');\r
+\r
+               $member->canAlterComment($commentid) or $this->disallow();\r
+\r
+               $comment = COMMENT::getComment($commentid);\r
+\r
+               $body = strip_tags($comment['body']);\r
+               $body = htmlspecialchars(shorten($body, 300, '...'));\r
+\r
+               if ($comment['member'])\r
+                       $author = $comment['member'];\r
+               else\r
+                       $author = $comment['user'];\r
+\r
+               $this->pagehead();\r
+               ?>\r
+\r
+                       <h2><?php echo _DELETE_CONFIRM?></h2>\r
+\r
+                       <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
+\r
+                       <div class="note">\r
+                       <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
+                       <br />\r
+                       <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
+                       </div>\r
+\r
+                       <form method="post" action="index.php"><div>\r
+                               <input type="hidden" name="action" value="commentdeleteconfirm" />\r
+                               <?php $manager->addTicketHidden() ?>\r
+                               <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
+                               <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_commentdeleteconfirm() {\r
+               global $member;\r
+\r
+               $commentid = intRequestVar('commentid');\r
+\r
+               // get item id first\r
+               $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
+               $o = sql_fetch_object($res);\r
+               $itemid = $o->citem;\r
+\r
+               $error = $this->deleteOneComment($commentid);\r
+               if ($error)\r
+                       $this->doError($error);\r
+\r
+               if ($member->canAlterItem($itemid))\r
+                       $this->action_itemcommentlist($itemid);\r
+               else\r
+                       $this->action_browseowncomments();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function deleteOneComment($commentid) {\r
+               global $member, $manager;\r
+\r
+               $commentid = intval($commentid);\r
+\r
+               if (!$member->canAlterComment($commentid))\r
+                       return _ERROR_DISALLOWED;\r
+\r
+               $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
+\r
+               // delete the comments associated with the item\r
+               $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
+               sql_query($query);\r
+\r
+               $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
+\r
+               return '';\r
+       }\r
+\r
+       /**\r
+        * Usermanagement main\r
+        */\r
+       function action_usermanagement() {\r
+               global $member, $manager;\r
+\r
+               // check if allowed\r
+               $member->isAdmin() or $this->disallow();\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
+\r
+               echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
+\r
+               echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
+\r
+               // show list of members with actions\r
+               $query =  'SELECT *'\r
+                          . ' FROM '.sql_table('member');\r
+               $template['content'] = 'memberlist';\r
+               $template['tabindex'] = 10;\r
+\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $batch =& new BATCH('member');\r
+               $batch->showlist($query,'table',$template);\r
+\r
+               echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
+               ?>\r
+                       <form method="post" action="index.php" name="memberedit"><div>\r
+\r
+                       <input type="hidden" name="action" value="memberadd" />\r
+                       <?php $manager->addTicketHidden() ?>\r
+\r
+                       <table>\r
+                       <tr>\r
+                               <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
+                               <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
+                               </td>\r
+                               <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_REALNAME?></td>\r
+                               <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_PWD?></td>\r
+                               <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_REPPWD?></td>\r
+                               <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_EMAIL?></td>\r
+                               <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_URL?></td>\r
+                               <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
+                               <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
+                               <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_NOTES?></td>\r
+                               <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_NEW?></td>\r
+                               <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
+                       </tr></table>\r
+\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * Edit member settings\r
+        */\r
+       function action_memberedit() {\r
+               $this->action_editmembersettings(intRequestVar('memberid'));\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_editmembersettings($memberid = '') {\r
+               global $member, $manager, $CONF;\r
+\r
+               if ($memberid == '')\r
+                       $memberid = $member->getID();\r
+\r
+               // check if allowed\r
+               ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
+\r
+               $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+               $this->pagehead($extrahead);\r
+\r
+               // show message to go back to member overview (only for admins)\r
+               if ($member->isAdmin())\r
+                       echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
+               else\r
+                       echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
+\r
+               echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
+\r
+               $mem = MEMBER::createFromID($memberid);\r
+\r
+               ?>\r
+               <form method="post" action="index.php" name="memberedit"><div>\r
+\r
+               <input type="hidden" name="action" value="changemembersettings" />\r
+               <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
+               <?php $manager->addTicketHidden() ?>\r
+\r
+               <table><tr>\r
+                       <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
+                               <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
+                       </td>\r
+                       <td>\r
+                       <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
+                               <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
+                       <?php } else {\r
+                               echo htmlspecialchars($member->getDisplayName());\r
+                          }\r
+                       ?>\r
+                       </td>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_REALNAME?></td>\r
+                       <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
+               </tr><tr>\r
+               <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
+                       <td><?php echo _MEMBERS_PWD?></td>\r
+                       <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_REPPWD?></td>\r
+                       <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
+               <?php } ?>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_EMAIL?>\r
+                               <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
+                       </td>\r
+                       <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_URL?></td>\r
+                       <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
+               <?php // only allow to change this by super-admins\r
+                  // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
+                  if ($member->isAdmin()) {\r
+               ?>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
+                               <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
+                               <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>\r
+               <?php } ?>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_NOTES?></td>\r
+                       <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
+                       </td>\r
+                       <td>\r
+\r
+                               <select name="deflang" tabindex="85">\r
+                                       <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
+                               <?php                      // show a dropdown list of all available languages\r
+                               global $DIR_LANG;\r
+                               $dirhandle = opendir($DIR_LANG);\r
+                               while ($filename = readdir($dirhandle))\r
+                               {\r
+                                       # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+                                       # original ereg: ereg("^(.*)\.php$", $filename, $matches)\r
+                                       if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
+                                       {\r
+                                               $name = $matches[1];\r
+                                               echo "<option value=\"$name\"";\r
+                                               if ($name == $mem->getLanguage() )\r
+                                               {\r
+                                                       echo " selected=\"selected\"";\r
+                                               }\r
+                                               echo ">$name</option>";\r
+                                       }\r
+                               }\r
+                               closedir($dirhandle);\r
+                               \r
+                               ?>\r
+                               </select>\r
+\r
+                       </td>\r
+               </tr>\r
+               <tr>\r
+                       <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td>\r
+                       <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td>\r
+               </tr>\r
+               <?php\r
+                       // plugin options\r
+                       $this->_insertPluginOptions('member',$memberid);\r
+               ?>\r
+               <tr>\r
+                       <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
+               </tr><tr>\r
+                       <td><?php echo _MEMBERS_EDIT?></td>\r
+                       <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
+               </tr></table>\r
+\r
+               </div></form>\r
+\r
+               <?php\r
+                       echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
+\r
+                       $manager->notify(\r
+                               'MemberSettingsFormExtras',\r
+                               array(\r
+                                       'member' => &$mem\r
+                               )\r
+                       );\r
+\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_changemembersettings() {\r
+               global $member, $CONF, $manager;\r
+\r
+               $memberid = intRequestVar('memberid');\r
+\r
+               // check if allowed\r
+               ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
+\r
+               $name              = trim(strip_tags(postVar('name')));\r
+               $realname          = trim(strip_tags(postVar('realname')));\r
+               $password          = postVar('password');\r
+               $repeatpassword = postVar('repeatpassword');\r
+               $email            = strip_tags(postVar('email'));\r
+               $url                    = strip_tags(postVar('url'));\r
+\r
+               # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+               # original eregi: !eregi("^https?://", $url)\r
+               // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.\r
+               if (!preg_match('#^https?://#', $url) )\r
+               {\r
+                       $url = "http://" . $url;\r
+               }\r
+               $admin            = postVar('admin');\r
+               $canlogin          = postVar('canlogin');\r
+               $notes            = strip_tags(postVar('notes'));\r
+               $deflang                = postVar('deflang');\r
+\r
+               $mem = MEMBER::createFromID($memberid);\r
+\r
+               if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
+\r
+                       if (!isValidDisplayName($name))\r
+                               $this->error(_ERROR_BADNAME);\r
+\r
+                       if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
+                               $this->error(_ERROR_NICKNAMEINUSE);\r
+\r
+                       if ($password != $repeatpassword)\r
+                               $this->error(_ERROR_PASSWORDMISMATCH);\r
+\r
+                       if ($password && (strlen($password) < 6))\r
+                               $this->error(_ERROR_PASSWORDTOOSHORT);\r
+\r
+                       if ($password) {\r
+                               $pwdvalid = true;\r
+                               $pwderror = '';\r
+                               $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
+                               if (!$pwdvalid) {\r
+                                       $this->error($pwderror);\r
+                               }\r
+                       }\r
+               }\r
+\r
+               if (!isValidMailAddress($email))\r
+                       $this->error(_ERROR_BADMAILADDRESS);\r
+\r
+\r
+               if (!$realname)\r
+                       $this->error(_ERROR_REALNAMEMISSING);\r
+\r
+               if (($deflang != '') && (!checkLanguage($deflang)))\r
+                       $this->error(_ERROR_NOSUCHLANGUAGE);\r
+\r
+               // check if there will remain at least one site member with both the logon and admin rights\r
+               // (check occurs when taking away one of these rights from such a member)\r
+               if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
+                        || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
+                  )\r
+               {\r
+                       $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
+                       if (sql_num_rows($r) < 2)\r
+                               $this->error(_ERROR_ATLEASTONEADMIN);\r
+               }\r
+\r
+               if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
+                       $mem->setDisplayName($name);\r
+                       if ($password)\r
+                               $mem->setPassword($password);\r
+               }\r
+\r
+               $oldEmail = $mem->getEmail();\r
+\r
+               $mem->setRealName($realname);\r
+               $mem->setEmail($email);\r
+               $mem->setURL($url);\r
+               $mem->setNotes($notes);\r
+               $mem->setLanguage($deflang);\r
+\r
+\r
+               // only allow super-admins to make changes to the admin status\r
+               if ($member->isAdmin()) {\r
+                       $mem->setAdmin($admin);\r
+                       $mem->setCanLogin($canlogin);\r
+               }\r
+\r
+               $autosave = postVar ('autosave');\r
+               $mem->setAutosave($autosave);\r
+\r
+               $mem->write();\r
+\r
+               // store plugin options\r
+               $aOptions = requestArray('plugoption');\r
+               NucleusPlugin::_applyPluginOptions($aOptions);\r
+               $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
+\r
+               // if email changed, generate new password\r
+               if ($oldEmail != $mem->getEmail())\r
+               {\r
+                       $mem->sendActivationLink('addresschange', $oldEmail);\r
+                       // logout member\r
+                       $mem->newCookieKey();\r
+\r
+                       // only log out if the member being edited is the current member.\r
+                       if ($member->getID() == $memberid)\r
+                               $member->logout();\r
+                       $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
+                       return;\r
+               }\r
+\r
+\r
+               if (  ( $mem->getID() == $member->getID() )\r
+                  && ( $mem->getDisplayName() != $member->getDisplayName() )\r
+                  ) {\r
+                       $mem->newCookieKey();\r
+                       $member->logout();\r
+                       $this->action_login(_MSG_LOGINAGAIN, 0);\r
+               } else {\r
+                       $this->action_overview(_MSG_SETTINGSCHANGED);\r
+               }\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_memberadd() {\r
+               global $member, $manager;\r
+\r
+               // check if allowed\r
+               $member->isAdmin() or $this->disallow();\r
+\r
+               if (postVar('password') != postVar('repeatpassword'))\r
+                       $this->error(_ERROR_PASSWORDMISMATCH);\r
+               if (strlen(postVar('password')) < 6)\r
+                       $this->error(_ERROR_PASSWORDTOOSHORT);\r
+\r
+               $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
+               if ($res != 1)\r
+                       $this->error($res);\r
+\r
+               // fire PostRegister event\r
+               $newmem = new MEMBER();\r
+               $newmem->readFromName(postVar('name'));\r
+               $manager->notify('PostRegister',array('member' => &$newmem));\r
+\r
+               $this->action_usermanagement();\r
+       }\r
+\r
+       /**\r
+        * Account activation\r
+        *\r
+        * @author dekarma\r
+        */\r
+       function action_activate() {\r
+\r
+               $key = getVar('key');\r
+               $this->_showActivationPage($key);\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function _showActivationPage($key, $message = '')\r
+       {\r
+               global $manager;\r
+\r
+               // clean up old activation keys\r
+               MEMBER::cleanupActivationTable();\r
+\r
+               // get activation info\r
+               $info = MEMBER::getActivationInfo($key);\r
+\r
+               if (!$info)\r
+                       $this->error(_ERROR_ACTIVATE);\r
+\r
+               $mem = MEMBER::createFromId($info->vmember);\r
+\r
+               if (!$mem)\r
+                       $this->error(_ERROR_ACTIVATE);\r
+\r
+               $text = '';\r
+               $title = '';\r
+               $bNeedsPasswordChange = true;\r
+\r
+               switch ($info->vtype)\r
+               {\r
+                       case 'forgot':\r
+                               $title = _ACTIVATE_FORGOT_TITLE;\r
+                               $text = _ACTIVATE_FORGOT_TEXT;\r
+                               break;\r
+                       case 'register':\r
+                               $title = _ACTIVATE_REGISTER_TITLE;\r
+                               $text = _ACTIVATE_REGISTER_TEXT;\r
+                               break;\r
+                       case 'addresschange':\r
+                               $title = _ACTIVATE_CHANGE_TITLE;\r
+                               $text = _ACTIVATE_CHANGE_TEXT;\r
+                               $bNeedsPasswordChange = false;\r
+                               MEMBER::activate($key);\r
+                               break;\r
+               }\r
+\r
+               $aVars = array(\r
+                       'memberName' => htmlspecialchars($mem->getDisplayName())\r
+               );\r
+               $title = TEMPLATE::fill($title, $aVars);\r
+               $text = TEMPLATE::fill($text, $aVars);\r
+\r
+               $this->pagehead();\r
+\r
+                       echo '<h2>' , $title, '</h2>';\r
+                       echo '<p>' , $text, '</p>';\r
+\r
+                       if ($message != '')\r
+                       {\r
+                               echo '<p class="error">',$message,'</p>';\r
+                       }\r
+\r
+                       if ($bNeedsPasswordChange)\r
+                       {\r
+                               ?>\r
+                                       <div><form action="index.php" method="post">\r
+\r
+                                               <input type="hidden" name="action" value="activatesetpwd" />\r
+                                               <?php $manager->addTicketHidden() ?>\r
+                                               <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
+\r
+                                               <table><tr>\r
+                                                       <td><?php echo _MEMBERS_PWD?></td>\r
+                                                       <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
+                                               </tr><tr>\r
+                                                       <td><?php echo _MEMBERS_REPPWD?></td>\r
+                                                       <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
+                                               <?php\r
 \r
-        $itemid = intRequestVar('itemid');\r
-        $catid = requestVar('catid');\r
+                                                       global $manager;\r
+                                                       $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));\r
 \r
-        // create new category if needed\r
-        if (strstr($catid,'newcat')) {\r
-            // get blogid\r
-            list($blogid) = sscanf($catid,'newcat-%d');\r
+                                               ?>\r
+                                               </tr><tr>\r
+                                                       <td><?php echo _MEMBERS_SETPWD ?></td>\r
+                                                       <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
+                                               </tr></table>\r
 \r
-            // create\r
-            $blog =& $manager->getBlog($blogid);\r
-            $catid = $blog->createNewCategory();\r
-\r
-            // show error when sth goes wrong\r
-            if (!$catid)\r
-                $this->doError(_ERROR_CATCREATEFAIL);\r
-        }\r
-\r
-        // only allow if user is allowed to alter item\r
-        $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
-\r
-        $old_blogid = getBlogIDFromItemId($itemid);\r
-\r
-        ITEM::move($itemid, $catid);\r
-\r
-        // set the futurePosted flag on the blog\r
-        $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
-\r
-        // reset the futurePosted in case the item is moved from one blog to another\r
-        $this->updateFuturePosted($old_blogid);\r
-\r
-        if ($catid != intRequestVar('catid'))\r
-            $this->action_categoryedit($catid, $blog->getID());\r
-        else\r
-            $this->action_itemlist(getBlogIDFromCatID($catid));\r
-    }\r
-\r
-    /**\r
-     * Moves one item to a given category (category existance should be checked by caller)\r
-     * errors are returned\r
-     * @param int $itemid\r
-     * @param int $destCatid category ID to which the item will be moved\r
-     */\r
-    function moveOneItem($itemid, $destCatid) {\r
-        global $member;\r
-\r
-        // only allow if user is allowed to move item\r
-        if (!$member->canUpdateItem($itemid, $destCatid))\r
-            return _ERROR_DISALLOWED;\r
-\r
-        ITEM::move($itemid, $destCatid);\r
-    }\r
-\r
-    /**\r
-     * Adds a item to the chosen blog\r
-     */\r
-    function action_additem() {\r
-        global $manager, $CONF;\r
-\r
-        $manager->loadClass('ITEM');\r
-\r
-        $result = ITEM::createFromRequest();\r
-\r
-        if ($result['status'] == 'error')\r
-            $this->error($result['message']);\r
-\r
-        $blogid = getBlogIDFromItemID($result['itemid']);\r
-        $blog =& $manager->getBlog($blogid);\r
-        $btimestamp = $blog->getCorrectTime();\r
-        $item       = $manager->getItem(intval($result['itemid']), 1, 1);\r
-\r
-        if ($result['status'] == 'newcategory') {\r
-            $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));\r
-            $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
-        } else {\r
-            $methodName = 'action_itemList';\r
-            call_user_func(array(&$this, $methodName), $blogid);\r
-        }\r
-    }\r
-\r
-    /**\r
-     * Allows to edit previously made comments\r
-     */\r
-    function action_commentedit() {\r
-        global $member, $manager;\r
-\r
-        $commentid = intRequestVar('commentid');\r
-\r
-        $member->canAlterComment($commentid) or $this->disallow();\r
-\r
-        $comment = COMMENT::getComment($commentid);\r
-\r
-        $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
-\r
-        // change <br /> to \n\r
-        $comment['body'] = str_replace('<br />','',$comment['body']);\r
-\r
-        $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);\r
-\r
-        $this->pagehead();\r
-\r
-        ?>\r
-        <h2><?php echo _EDITC_TITLE?></h2>\r
-\r
-        <form action="index.php" method="post"><div>\r
-\r
-        <input type="hidden" name="action" value="commentupdate" />\r
-        <?php $manager->addTicketHidden(); ?>\r
-        <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
-        <table><tr>\r
-            <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
-        </tr><tr>\r
-            <td><?php echo _EDITC_WHO?></td>\r
-            <td>\r
-            <?php               if ($comment['member'])\r
-                    echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
-                else\r
-                    echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
-            ?>\r
-            </td>\r
-        </tr><tr>\r
-            <td><?php echo _EDITC_WHEN?></td>\r
-            <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
-        </tr><tr>\r
-            <td><?php echo _EDITC_HOST?></td>\r
-            <td><?php echo  $comment['host']; ?></td>\r
-        </tr>\r
-        <tr>\r
-            <td><?php echo _EDITC_URL; ?></td>\r
-            <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td>\r
-        </tr>\r
-        <tr>\r
-            <td><?php echo _EDITC_EMAIL; ?></td>\r
-            <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td>\r
-        </tr>\r
-        <tr>\r
-            <td><?php echo _EDITC_TEXT?></td>\r
-            <td>\r
-                <textarea name="body" tabindex="10" rows="10" cols="50"><?php                   // htmlspecialchars not needed (things should be escaped already)\r
-                    echo $comment['body'];\r
-                ?></textarea>\r
-            </td>\r
-        </tr><tr>\r
-            <td><?php echo _EDITC_EDIT?></td>\r
-            <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
-        </tr></table>\r
-\r
-        </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_commentupdate() {\r
-        global $member, $manager;\r
-\r
-        $commentid = intRequestVar('commentid');\r
-\r
-        $member->canAlterComment($commentid) or $this->disallow();\r
-\r
-        $url = postVar('url');\r
-        $email = postVar('email');\r
-        $body = postVar('body');\r
-\r
-        // intercept words that are too long\r
-        if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)\r
-            $this->error(_ERROR_COMMENT_LONGWORD);\r
-\r
-        // check length\r
-        if (strlen($body)<3)\r
-            $this->error(_ERROR_COMMENT_NOCOMMENT);\r
-        if (strlen($body)>5000)\r
-            $this->error(_ERROR_COMMENT_TOOLONG);\r
-\r
-\r
-        // prepare body\r
-        $body = COMMENT::prepareBody($body);\r
-\r
-        // call plugins\r
-        $manager->notify('PreUpdateComment',array('body' => &$body));\r
-\r
-        $query =  'UPDATE '.sql_table('comment')\r
-               . " SET cmail = '" . addslashes($url) . "', cemail = '" . addslashes($email) . "', cbody = '" . addslashes($body) . "'"\r
-               . " WHERE cnumber=" . $commentid;\r
-        sql_query($query);\r
-\r
-        // get itemid\r
-        $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
-        $o = sql_fetch_object($res);\r
-        $itemid = $o->citem;\r
-\r
-        if ($member->canAlterItem($itemid))\r
-            $this->action_itemcommentlist($itemid);\r
-        else\r
-            $this->action_browseowncomments();\r
-\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_commentdelete() {\r
-        global $member, $manager;\r
-\r
-        $commentid = intRequestVar('commentid');\r
-\r
-        $member->canAlterComment($commentid) or $this->disallow();\r
-\r
-        $comment = COMMENT::getComment($commentid);\r
-\r
-        $body = strip_tags($comment['body']);\r
-        $body = htmlspecialchars(shorten($body, 300, '...'));\r
-\r
-        if ($comment['member'])\r
-            $author = $comment['member'];\r
-        else\r
-            $author = $comment['user'];\r
-\r
-        $this->pagehead();\r
-        ?>\r
-\r
-            <h2><?php echo _DELETE_CONFIRM?></h2>\r
-\r
-            <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
-\r
-            <div class="note">\r
-            <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
-            <br />\r
-            <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
-            </div>\r
-\r
-            <form method="post" action="index.php"><div>\r
-                <input type="hidden" name="action" value="commentdeleteconfirm" />\r
-                <?php $manager->addTicketHidden() ?>\r
-                <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
-                <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
-            </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_commentdeleteconfirm() {\r
-        global $member;\r
-\r
-        $commentid = intRequestVar('commentid');\r
-\r
-        // get item id first\r
-        $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
-        $o = sql_fetch_object($res);\r
-        $itemid = $o->citem;\r
-\r
-        $error = $this->deleteOneComment($commentid);\r
-        if ($error)\r
-            $this->doError($error);\r
-\r
-        if ($member->canAlterItem($itemid))\r
-            $this->action_itemcommentlist($itemid);\r
-        else\r
-            $this->action_browseowncomments();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function deleteOneComment($commentid) {\r
-        global $member, $manager;\r
-\r
-        $commentid = intval($commentid);\r
-\r
-        if (!$member->canAlterComment($commentid))\r
-            return _ERROR_DISALLOWED;\r
-\r
-        $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
-\r
-        // delete the comments associated with the item\r
-        $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
-        sql_query($query);\r
-\r
-        $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
-\r
-        return '';\r
-    }\r
-\r
-    /**\r
-     * Usermanagement main\r
-     */\r
-    function action_usermanagement() {\r
-        global $member, $manager;\r
-\r
-        // check if allowed\r
-        $member->isAdmin() or $this->disallow();\r
-\r
-        $this->pagehead();\r
-\r
-        echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
-\r
-        echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
-\r
-        echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
-\r
-        // show list of members with actions\r
-        $query =  'SELECT *'\r
-               . ' FROM '.sql_table('member');\r
-        $template['content'] = 'memberlist';\r
-        $template['tabindex'] = 10;\r
-\r
-        $manager->loadClass("ENCAPSULATE");\r
-        $batch =& new BATCH('member');\r
-        $batch->showlist($query,'table',$template);\r
-\r
-        echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
-        ?>\r
-            <form method="post" action="index.php" name="memberedit"><div>\r
-\r
-            <input type="hidden" name="action" value="memberadd" />\r
-            <?php $manager->addTicketHidden() ?>\r
-\r
-            <table>\r
-            <tr>\r
-                <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
-                <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
-                </td>\r
-                <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_REALNAME?></td>\r
-                <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_PWD?></td>\r
-                <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_REPPWD?></td>\r
-                <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_EMAIL?></td>\r
-                <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_URL?></td>\r
-                <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
-                <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
-                <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_NOTES?></td>\r
-                <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_NEW?></td>\r
-                <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
-            </tr></table>\r
-\r
-            </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * Edit member settings\r
-     */\r
-    function action_memberedit() {\r
-        $this->action_editmembersettings(intRequestVar('memberid'));\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_editmembersettings($memberid = '') {\r
-        global $member, $manager, $CONF;\r
-\r
-        if ($memberid == '')\r
-            $memberid = $member->getID();\r
-\r
-        // check if allowed\r
-        ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
-\r
-        $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
-        $this->pagehead($extrahead);\r
-\r
-        // show message to go back to member overview (only for admins)\r
-        if ($member->isAdmin())\r
-            echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
-        else\r
-            echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
-\r
-        echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
-\r
-        $mem = MEMBER::createFromID($memberid);\r
-\r
-        ?>\r
-        <form method="post" action="index.php" name="memberedit"><div>\r
-\r
-        <input type="hidden" name="action" value="changemembersettings" />\r
-        <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
-        <?php $manager->addTicketHidden() ?>\r
-\r
-        <table><tr>\r
-            <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
-                <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
-            </td>\r
-            <td>\r
-            <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
-                <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
-            <?php } else {\r
-                echo htmlspecialchars($member->getDisplayName());\r
-               }\r
-            ?>\r
-            </td>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_REALNAME?></td>\r
-            <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
-        </tr><tr>\r
-        <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
-            <td><?php echo _MEMBERS_PWD?></td>\r
-            <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_REPPWD?></td>\r
-            <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
-        <?php } ?>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_EMAIL?>\r
-                <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
-            </td>\r
-            <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_URL?></td>\r
-            <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
-        <?php // only allow to change this by super-admins\r
-           // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
-           if ($member->isAdmin()) {\r
-        ?>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
-                <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
-            </tr><tr>\r
-                <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
-                <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>\r
-        <?php } ?>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_NOTES?></td>\r
-            <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
-            </td>\r
-            <td>\r
-\r
-                <select name="deflang" tabindex="85">\r
-                    <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
-                <?php               // show a dropdown list of all available languages\r
-                global $DIR_LANG;\r
-                $dirhandle = opendir($DIR_LANG);\r
-                while ($filename = readdir($dirhandle)) {\r
-                    if (ereg("^(.*)\.php$",$filename,$matches)) {\r
-                        $name = $matches[1];\r
-                        echo "<option value='$name'";\r
-                        if ($name == $mem->getLanguage())\r
-                            echo " selected='selected'";\r
-                        echo ">$name</option>";\r
-                    }\r
-                }\r
-                closedir($dirhandle);\r
-\r
-                ?>\r
-                </select>\r
-\r
-            </td>\r
-        </tr>\r
-        <tr>\r
-            <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td>\r
-            <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td>\r
-        </tr>\r
-        <?php\r
-            // plugin options\r
-            $this->_insertPluginOptions('member',$memberid);\r
-        ?>\r
-        <tr>\r
-            <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
-        </tr><tr>\r
-            <td><?php echo _MEMBERS_EDIT?></td>\r
-            <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
-        </tr></table>\r
-\r
-        </div></form>\r
-\r
-        <?php\r
-            echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
-\r
-            $manager->notify(\r
-                'MemberSettingsFormExtras',\r
-                array(\r
-                    'member' => &$mem\r
-                )\r
-            );\r
-\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_changemembersettings() {\r
-        global $member, $CONF, $manager;\r
-\r
-        $memberid = intRequestVar('memberid');\r
-\r
-        // check if allowed\r
-        ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
-\r
-        $name           = trim(strip_tags(postVar('name')));\r
-        $realname       = trim(strip_tags(postVar('realname')));\r
-        $password       = postVar('password');\r
-        $repeatpassword = postVar('repeatpassword');\r
-        $email          = strip_tags(postVar('email'));\r
-        $url            = strip_tags(postVar('url'));\r
-\r
-        // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.\r
-        if (!eregi("^https?://", $url))\r
-            $url = "http://".$url;\r
-\r
-        $admin          = postVar('admin');\r
-        $canlogin       = postVar('canlogin');\r
-        $notes          = strip_tags(postVar('notes'));\r
-        $deflang        = postVar('deflang');\r
-\r
-        $mem = MEMBER::createFromID($memberid);\r
-\r
-        if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
-\r
-            if (!isValidDisplayName($name))\r
-                $this->error(_ERROR_BADNAME);\r
-\r
-            if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
-                $this->error(_ERROR_NICKNAMEINUSE);\r
-\r
-            if ($password != $repeatpassword)\r
-                $this->error(_ERROR_PASSWORDMISMATCH);\r
-\r
-            if ($password && (strlen($password) < 6))\r
-                $this->error(_ERROR_PASSWORDTOOSHORT);\r
-\r
-            $pwdvalid = true;\r
-            $pwderror = '';\r
-            $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
-            if (!$pwdvalid) {\r
-                $this->error($pwderror);\r
-            }\r
-        }\r
-\r
-        if (!isValidMailAddress($email))\r
-            $this->error(_ERROR_BADMAILADDRESS);\r
-\r
-\r
-        if (!$realname)\r
-            $this->error(_ERROR_REALNAMEMISSING);\r
-\r
-        if (($deflang != '') && (!checkLanguage($deflang)))\r
-            $this->error(_ERROR_NOSUCHLANGUAGE);\r
-\r
-        // check if there will remain at least one site member with both the logon and admin rights\r
-        // (check occurs when taking away one of these rights from such a member)\r
-        if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
-             || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
-           )\r
-        {\r
-            $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
-            if (sql_num_rows($r) < 2)\r
-                $this->error(_ERROR_ATLEASTONEADMIN);\r
-        }\r
-\r
-        if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
-            $mem->setDisplayName($name);\r
-            if ($password)\r
-                $mem->setPassword($password);\r
-        }\r
-\r
-        $oldEmail = $mem->getEmail();\r
-\r
-        $mem->setRealName($realname);\r
-        $mem->setEmail($email);\r
-        $mem->setURL($url);\r
-        $mem->setNotes($notes);\r
-        $mem->setLanguage($deflang);\r
-\r
-\r
-        // only allow super-admins to make changes to the admin status\r
-        if ($member->isAdmin()) {\r
-            $mem->setAdmin($admin);\r
-            $mem->setCanLogin($canlogin);\r
-        }\r
-\r
-        $autosave = postVar ('autosave');\r
-        $mem->setAutosave($autosave);\r
-\r
-        $mem->write();\r
-\r
-        // store plugin options\r
-        $aOptions = requestArray('plugoption');\r
-        NucleusPlugin::_applyPluginOptions($aOptions);\r
-        $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
-\r
-        // if email changed, generate new password\r
-        if ($oldEmail != $mem->getEmail())\r
-        {\r
-            $mem->sendActivationLink('addresschange', $oldEmail);\r
-            // logout member\r
-            $mem->newCookieKey();\r
-\r
-            // only log out if the member being edited is the current member.\r
-            if ($member->getID() == $memberid)\r
-                $member->logout();\r
-            $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
-            return;\r
-        }\r
-\r
-\r
-        if (  ( $mem->getID() == $member->getID() )\r
-           && ( $mem->getDisplayName() != $member->getDisplayName() )\r
-           ) {\r
-            $mem->newCookieKey();\r
-            $member->logout();\r
-            $this->action_login(_MSG_LOGINAGAIN, 0);\r
-        } else {\r
-            $this->action_overview(_MSG_SETTINGSCHANGED);\r
-        }\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_memberadd() {\r
-        global $member, $manager;\r
-\r
-        // check if allowed\r
-        $member->isAdmin() or $this->disallow();\r
-\r
-        if (postVar('password') != postVar('repeatpassword'))\r
-            $this->error(_ERROR_PASSWORDMISMATCH);\r
-        if (strlen(postVar('password')) < 6)\r
-            $this->error(_ERROR_PASSWORDTOOSHORT);\r
-\r
-        $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
-        if ($res != 1)\r
-            $this->error($res);\r
-\r
-        // fire PostRegister event\r
-        $newmem = new MEMBER();\r
-        $newmem->readFromName(postVar('name'));\r
-        $manager->notify('PostRegister',array('member' => &$newmem));\r
-\r
-        $this->action_usermanagement();\r
-    }\r
-\r
-    /**\r
-     * Account activation\r
-     *\r
-     * @author dekarma\r
-     */\r
-    function action_activate() {\r
-\r
-        $key = getVar('key');\r
-        $this->_showActivationPage($key);\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function _showActivationPage($key, $message = '')\r
-    {\r
-        global $manager;\r
-\r
-        // clean up old activation keys\r
-        MEMBER::cleanupActivationTable();\r
-\r
-        // get activation info\r
-        $info = MEMBER::getActivationInfo($key);\r
-\r
-        if (!$info)\r
-            $this->error(_ERROR_ACTIVATE);\r
-\r
-        $mem = MEMBER::createFromId($info->vmember);\r
-\r
-        if (!$mem)\r
-            $this->error(_ERROR_ACTIVATE);\r
-\r
-        $text = '';\r
-        $title = '';\r
-        $bNeedsPasswordChange = true;\r
-\r
-        switch ($info->vtype)\r
-        {\r
-            case 'forgot':\r
-                $title = _ACTIVATE_FORGOT_TITLE;\r
-                $text = _ACTIVATE_FORGOT_TEXT;\r
-                break;\r
-            case 'register':\r
-                $title = _ACTIVATE_REGISTER_TITLE;\r
-                $text = _ACTIVATE_REGISTER_TEXT;\r
-                break;\r
-            case 'addresschange':\r
-                $title = _ACTIVATE_CHANGE_TITLE;\r
-                $text = _ACTIVATE_CHANGE_TEXT;\r
-                $bNeedsPasswordChange = false;\r
-                MEMBER::activate($key);\r
-                break;\r
-        }\r
-\r
-        $aVars = array(\r
-            'memberName' => htmlspecialchars($mem->getDisplayName())\r
-        );\r
-        $title = TEMPLATE::fill($title, $aVars);\r
-        $text = TEMPLATE::fill($text, $aVars);\r
-\r
-        $this->pagehead();\r
-\r
-            echo '<h2>' , $title, '</h2>';\r
-            echo '<p>' , $text, '</p>';\r
-\r
-            if ($message != '')\r
-            {\r
-                echo '<p class="error">',$message,'</p>';\r
-            }\r
-\r
-            if ($bNeedsPasswordChange)\r
-            {\r
-                ?>\r
-                    <div><form action="index.php" method="post">\r
-\r
-                        <input type="hidden" name="action" value="activatesetpwd" />\r
-                        <?php $manager->addTicketHidden() ?>\r
-                        <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
 \r
-                        <table><tr>\r
-                            <td><?php echo _MEMBERS_PWD?></td>\r
-                            <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
-                        </tr><tr>\r
-                            <td><?php echo _MEMBERS_REPPWD?></td>\r
-                            <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
-                        <?php\r
+                                       </form></div>\r
 \r
-                            global $manager;\r
-                            $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));\r
+                               <?php\r
 \r
-                        ?>\r
-                        </tr><tr>\r
-                            <td><?php echo _MEMBERS_SETPWD ?></td>\r
-                            <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
-                        </tr></table>\r
+                       }\r
 \r
+               $this->pagefoot();\r
 \r
-                    </form></div>\r
+       }\r
 \r
-                <?php\r
+       /**\r
+        * Account activation - set password part\r
+        *\r
+        * @author dekarma\r
+        */\r
+       function action_activatesetpwd() {\r
+               \r
+               $key = postVar('key');\r
 \r
-            }\r
+               // clean up old activation keys\r
+               MEMBER::cleanupActivationTable();\r
 \r
-        $this->pagefoot();\r
+               // get activation info\r
+               $info = MEMBER::getActivationInfo($key);\r
 \r
-    }\r
+               if (!$info || ($info->type == 'addresschange'))\r
+                       return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
+\r
+               $mem = MEMBER::createFromId($info->vmember);\r
 \r
-    /**\r
-     * Account activation - set password part\r
-     *\r
-     * @author dekarma\r
-     */\r
-    function action_activatesetpwd() {\r
+               if (!$mem)\r
+                       return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
+\r
+               $password          = postVar('password');\r
+               $repeatpassword = postVar('repeatpassword');\r
+\r
+               if ($password != $repeatpassword)\r
+                       return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
+\r
+               if ($password && (strlen($password) < 6))\r
+                       return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
+               \r
+               if ($password) {\r
+                       $pwdvalid = true;\r
+                       $pwderror = '';\r
+                       global $manager;\r
+                       $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
+                       if (!$pwdvalid) {\r
+                               return $this->_showActivationPage($key,$pwderror);\r
+                       }\r
+               }\r
+               $error = '';\r
+               $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
+               if ($error != '')\r
+                       return $this->_showActivationPage($key, $error);\r
 \r
-        $key = postVar('key');\r
 \r
-        // clean up old activation keys\r
-        MEMBER::cleanupActivationTable();\r
+               // set password\r
+               $mem->setPassword($password);\r
+               $mem->write();\r
 \r
-        // get activation info\r
-        $info = MEMBER::getActivationInfo($key);\r
+               // do the activation\r
+               MEMBER::activate($key);\r
 \r
-        if (!$info || ($info->type == 'addresschange'))\r
-            return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
+               $this->pagehead();\r
+                       echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
+                       echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
+               $this->pagefoot();\r
+       }\r
 \r
-        $mem = MEMBER::createFromId($info->vmember);\r
+       /**\r
+        * Manage team\r
+        */\r
+       function action_manageteam() {\r
+               global $member, $manager;\r
 \r
-        if (!$mem)\r
-            return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
+               $blogid = intRequestVar('blogid');\r
 \r
-        $password       = postVar('password');\r
-        $repeatpassword = postVar('repeatpassword');\r
+               // check if allowed\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
-        if ($password != $repeatpassword)\r
-            return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
+               $this->pagehead();\r
 \r
-        if ($password && (strlen($password) < 6))\r
-            return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
+               echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
 \r
-        $pwdvalid = true;\r
-        $pwderror = '';\r
-        $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
-        if (!$pwdvalid) {\r
-            return $this->_showActivationPage($key,$pwderror);\r
-        }\r
+               echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
 \r
-        $error = '';\r
-        global $manager;\r
-        $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
-        if ($error != '')\r
-            return $this->_showActivationPage($key, $error);\r
+               echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
 \r
 \r
-        // set password\r
-        $mem->setPassword($password);\r
-        $mem->write();\r
 \r
-        // do the activation\r
-        MEMBER::activate($key);\r
+               $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
+                          . ' FROM '.sql_table('member').', '.sql_table('team')\r
+                          . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
 \r
-        $this->pagehead();\r
-            echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
-            echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
-        $this->pagefoot();\r
-    }\r
+               $template['content'] = 'teamlist';\r
+               $template['tabindex'] = 10;\r
 \r
-    /**\r
-     * Manage team\r
-     */\r
-    function action_manageteam() {\r
-        global $member, $manager;\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $batch =& new BATCH('team');\r
+               $batch->showlist($query, 'table', $template);\r
 \r
-        $blogid = intRequestVar('blogid');\r
+               ?>\r
+                       <h3><?php echo _TEAM_ADDNEW?></h3>\r
 \r
-        // check if allowed\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
+                       <form method='post' action='index.php'><div>\r
 \r
-        $this->pagehead();\r
+                       <input type='hidden' name='action' value='teamaddmember' />\r
+                       <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
+                       <?php $manager->addTicketHidden() ?>\r
 \r
-        echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
+                       <table><tr>\r
+                               <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
+                               <td><?php                                  // TODO: try to make it so only non-team-members are listed\r
+                                       $query =  'SELECT mname as text, mnumber as value'\r
+                                                  . ' FROM '.sql_table('member');\r
 \r
-        echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
+                                       $template['name'] = 'memberid';\r
+                                       $template['tabindex'] = 10000;\r
+                                       showlist($query,'select',$template);\r
+                               ?></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
+                               <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
+                       </tr><tr>\r
+                               <td><?php echo _TEAM_ADD?></td>\r
+                               <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
+                       </tr></table>\r
 \r
-        echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
 \r
+       /**\r
+        * Add member to team\r
+        */\r
+       function action_teamaddmember() {\r
+               global $member, $manager;\r
 \r
+               $memberid = intPostVar('memberid');\r
+               $blogid = intPostVar('blogid');\r
+               $admin = intPostVar('admin');\r
 \r
-        $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
-               . ' FROM '.sql_table('member').', '.sql_table('team')\r
-               . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
+               // check if allowed\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
-        $template['content'] = 'teamlist';\r
-        $template['tabindex'] = 10;\r
+               $blog =& $manager->getBlog($blogid);\r
+               if (!$blog->addTeamMember($memberid, $admin))\r
+                       $this->error(_ERROR_ALREADYONTEAM);\r
 \r
-        $manager->loadClass("ENCAPSULATE");\r
-        $batch =& new BATCH('team');\r
-        $batch->showlist($query, 'table', $template);\r
+               $this->action_manageteam();\r
 \r
-        ?>\r
-            <h3><?php echo _TEAM_ADDNEW?></h3>\r
+       }\r
 \r
-            <form method='post' action='index.php'><div>\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_teamdelete() {\r
+               global $member, $manager;\r
 \r
-            <input type='hidden' name='action' value='teamaddmember' />\r
-            <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
-            <?php $manager->addTicketHidden() ?>\r
+               $memberid = intRequestVar('memberid');\r
+               $blogid = intRequestVar('blogid');\r
 \r
-            <table><tr>\r
-                <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
-                <td><?php                   // TODO: try to make it so only non-team-members are listed\r
-                    $query =  'SELECT mname as text, mnumber as value'\r
-                           . ' FROM '.sql_table('member');\r
+               // check if allowed\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
-                    $template['name'] = 'memberid';\r
-                    $template['tabindex'] = 10000;\r
-                    showlist($query,'select',$template);\r
-                ?></td>\r
-            </tr><tr>\r
-                <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
-                <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
-            </tr><tr>\r
-                <td><?php echo _TEAM_ADD?></td>\r
-                <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
-            </tr></table>\r
+               $teammem = MEMBER::createFromID($memberid);\r
+               $blog =& $manager->getBlog($blogid);\r
 \r
-            </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
+               $this->pagehead();\r
+               ?>\r
+                       <h2><?php echo _DELETE_CONFIRM?></h2>\r
 \r
-    /**\r
-     * Add member to team\r
-     */\r
-    function action_teamaddmember() {\r
-        global $member, $manager;\r
+                       <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
+                       </p>\r
 \r
-        $memberid = intPostVar('memberid');\r
-        $blogid = intPostVar('blogid');\r
-        $admin = intPostVar('admin');\r
 \r
-        // check if allowed\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
+                       <form method="post" action="index.php"><div>\r
+                       <input type="hidden" name="action" value="teamdeleteconfirm" />\r
+                       <?php $manager->addTicketHidden() ?>\r
+                       <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
+                       <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
+                       <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
 \r
-        $blog =& $manager->getBlog($blogid);\r
-        if (!$blog->addTeamMember($memberid, $admin))\r
-            $this->error(_ERROR_ALREADYONTEAM);\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_teamdeleteconfirm() {\r
+               global $member;\r
 \r
-        $this->action_manageteam();\r
+               $memberid = intRequestVar('memberid');\r
+               $blogid = intRequestVar('blogid');\r
 \r
-    }\r
+               $error = $this->deleteOneTeamMember($blogid, $memberid);\r
+               if ($error)\r
+                       $this->error($error);\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_teamdelete() {\r
-        global $member, $manager;\r
 \r
-        $memberid = intRequestVar('memberid');\r
-        $blogid = intRequestVar('blogid');\r
+               $this->action_manageteam();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function deleteOneTeamMember($blogid, $memberid) {\r
+               global $member, $manager;\r
+\r
+               $blogid = intval($blogid);\r
+               $memberid = intval($memberid);\r
+\r
+               // check if allowed\r
+               if (!$member->blogAdminRights($blogid))\r
+                       return _ERROR_DISALLOWED;\r
+\r
+               // check if: - there remains at least one blog admin\r
+               //                 - (there remains at least one team member)\r
+               $tmem = MEMBER::createFromID($memberid);\r
 \r
-        // check if allowed\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
+               $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
 \r
-        $teammem = MEMBER::createFromID($memberid);\r
-        $blog =& $manager->getBlog($blogid);\r
+               if ($tmem->isBlogAdmin($blogid)) {\r
+                       // check if there are more blog members left and at least one admin\r
+                       // (check for at least two admins before deletion)\r
+                       $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
+                       $r = sql_query($query);\r
+                       if (sql_num_rows($r) < 2)\r
+                               return _ERROR_ATLEASTONEBLOGADMIN;\r
+               }\r
 \r
-        $this->pagehead();\r
-        ?>\r
-            <h2><?php echo _DELETE_CONFIRM?></h2>\r
+               $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
+               sql_query($query);\r
+\r
+               $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
+\r
+               return '';\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_teamchangeadmin() {\r
+               global $member;\r
+\r
+               $blogid = intRequestVar('blogid');\r
+               $memberid = intRequestVar('memberid');\r
+\r
+               // check if allowed\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
+\r
+               $mem = MEMBER::createFromID($memberid);\r
+\r
+               // don't allow when there is only one admin at this moment\r
+               if ($mem->isBlogAdmin($blogid)) {\r
+                       $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
+                       if (sql_num_rows($r) == 1)\r
+                               $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
+               }\r
+\r
+               if ($mem->isBlogAdmin($blogid))\r
+                       $newval = 0;\r
+               else\r
+                       $newval = 1;\r
+\r
+               $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
+               sql_query($query);\r
+\r
+               // only show manageteam if member did not change its own admin privileges\r
+               if ($member->isBlogAdmin($blogid))\r
+                       $this->action_manageteam();\r
+               else\r
+                       $this->action_overview(_MSG_ADMINCHANGED);\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_blogsettings() {\r
+               global $member, $manager;\r
+\r
+               $blogid = intRequestVar('blogid');\r
+\r
+               // check if allowed\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
+\r
+               $blog =& $manager->getBlog($blogid);\r
+\r
+               $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+               $this->pagehead($extrahead);\r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
+               ?>\r
+               <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
+\r
+               <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
+\r
+               <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?>\r
+               <?php\r
+                       $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
+                       $aMemberNames = array();\r
+                       while ($o = sql_fetch_object($res))\r
+                               array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
+                       echo implode(',', $aMemberNames);\r
+               ?>\r
+               </p>\r
+\r
+\r
+\r
+               <p>\r
+               <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
+               </p>\r
+\r
+               <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
+\r
+               <form method="post" action="index.php"><div>\r
+\r
+               <input type="hidden" name="action" value="blogsettingsupdate" />\r
+               <?php $manager->addTicketHidden() ?>\r
+               <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
+               <table><tr>\r
+                       <td><?php echo _EBLOG_NAME?></td>\r
+                       <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
+                               <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
+                       </td>\r
+                       <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_DESC?></td>\r
+                       <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_URL?></td>\r
+                       <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_DEFSKIN?>\r
+                               <?php help('blogdefaultskin'); ?>\r
+                       </td>\r
+                       <td>\r
+                               <?php\r
+                                       $query =  'SELECT sdname as text, sdnumber as value'\r
+                                                  . ' FROM '.sql_table('skin_desc');\r
+                                       $template['name'] = 'defskin';\r
+                                       $template['selected'] = $blog->getDefaultSkin();\r
+                                       $template['tabindex'] = 50;\r
+                                       showlist($query,'select',$template);\r
+                               ?>\r
+\r
+                       </td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
+                       </td>\r
+                       <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
+                       </td>\r
+                       <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
+                       </td>\r
+                       <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_ANONYMOUS?>\r
+                       </td>\r
+                       <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
+               </tr><tr>\r
+       <td><?php echo _EBLOG_REQUIREDEMAIL?>\r
+                </td>\r
+                <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>\r
+         </tr><tr>\r
+                       <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
+                       <td><input name="notify" tabindex="80" maxlength="128" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
+                       <td>\r
+                               <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
+                                       <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
+                               /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
+                               <br />\r
+                               <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
+                                       <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
+                               /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
+                               <br />\r
+                               <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
+                                       <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
+                               /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
+                       </td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
+                       <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
+                       <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_DEFCAT?></td>\r
+                       <td>\r
+                               <?php\r
+                                       $query =  'SELECT cname as text, catid as value'\r
+                                                  . ' FROM '.sql_table('category')\r
+                                                  . ' WHERE cblog=' . $blog->getID();\r
+                                       $template['name'] = 'defcat';\r
+                                       $template['selected'] = $blog->getDefaultCategory();\r
+                                       $template['tabindex'] = 110;\r
+                                       showlist($query,'select',$template);\r
+                               ?>\r
+                       </td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
+                               <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
+                               <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
+                               </td>\r
+                       <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
+                       <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
+               </tr>\r
+               <?php\r
+                       // plugin options\r
+                       $this->_insertPluginOptions('blog',$blogid);\r
+               ?>\r
+               <tr>\r
+                       <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_CHANGE?></td>\r
+                       <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
+               </tr></table>\r
+\r
+               </div></form>\r
+\r
+               <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
+\r
+\r
+               <?php\r
+               $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
+               $template['content'] = 'categorylist';\r
+               $template['tabindex'] = 200;\r
+\r
+               $manager->loadClass("ENCAPSULATE");\r
+               $batch =& new BATCH('category');\r
+               $batch->showlist($query,'table',$template);\r
+\r
+               ?>\r
+\r
+\r
+               <form action="index.php" method="post"><div>\r
+               <input name="action" value="categorynew" type="hidden" />\r
+               <?php $manager->addTicketHidden() ?>\r
+               <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
+\r
+               <table><tr>\r
+                       <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_CAT_NAME?></td>\r
+                       <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_CAT_DESC?></td>\r
+                       <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_CAT_CREATE?></td>\r
+                       <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
+               </tr></table>\r
+\r
+               </div></form>\r
+\r
+               <?php\r
+\r
+                       echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
+\r
+                       $manager->notify(\r
+                               'BlogSettingsFormExtras',\r
+                               array(\r
+                                       'blog' => &$blog\r
+                               )\r
+                       );\r
+\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_categorynew() {\r
+               global $member, $manager;\r
+\r
+               $blogid = intRequestVar('blogid');\r
+\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
+\r
+               $cname = postVar('cname');\r
+               $cdesc = postVar('cdesc');\r
+\r
+               if (!isValidCategoryName($cname))\r
+                       $this->error(_ERROR_BADCATEGORYNAME);\r
+\r
+               $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid);\r
+               $res = sql_query($query);\r
+               if (sql_num_rows($res) > 0)\r
+                       $this->error(_ERROR_DUPCATEGORYNAME);\r
+\r
+               $blog      =& $manager->getBlog($blogid);\r
+               $newCatID   =  $blog->createNewCategory($cname, $cdesc);\r
+\r
+               $this->action_blogsettings();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
+               global $member, $manager;\r
+\r
+               if ($blogid == '')\r
+                       $blogid = intGetVar('blogid');\r
+               else\r
+                       $blogid = intval($blogid);\r
+               if ($catid == '')\r
+                       $catid = intGetVar('catid');\r
+               else\r
+                       $catid = intval($catid);\r
+\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
+\r
+               $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
+               $obj = sql_fetch_object($res);\r
+\r
+               $cname = $obj->cname;\r
+               $cdesc = $obj->cdesc;\r
+\r
+               $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+               $this->pagehead($extrahead);\r
+\r
+               echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
+\r
+               ?>\r
+               <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
+               <form method='post' action='index.php'><div>\r
+               <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
+               <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
+               <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
+               <input name="action" type="hidden" value="categoryupdate" />\r
+               <?php $manager->addTicketHidden(); ?>\r
+\r
+               <table><tr>\r
+                       <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_CAT_NAME?></td>\r
+                       <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_CAT_DESC?></td>\r
+                       <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
+               </tr>\r
+               <?php\r
+                       // insert plugin options\r
+                       $this->_insertPluginOptions('category',$catid);\r
+               ?>\r
+               <tr>\r
+                       <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
+               </tr><tr>\r
+                       <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
+                       <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
+               </tr></table>\r
+\r
+               </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_categoryupdate() {\r
+               global $member, $manager;\r
+\r
+               $blogid = intPostVar('blogid');\r
+               $catid = intPostVar('catid');\r
+               $cname = postVar('cname');\r
+               $cdesc = postVar('cdesc');\r
+               $desturl = postVar('desturl');\r
+\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
+\r
+               if (!isValidCategoryName($cname))\r
+                       $this->error(_ERROR_BADCATEGORYNAME);\r
+\r
+               $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
+               $res = sql_query($query);\r
+               if (sql_num_rows($res) > 0)\r
+                       $this->error(_ERROR_DUPCATEGORYNAME);\r
+\r
+               $query =  'UPDATE '.sql_table('category').' SET'\r
+                          . " cname='" . sql_real_escape_string($cname) . "',"\r
+                          . " cdesc='" . sql_real_escape_string($cdesc) . "'"\r
+                          . " WHERE catid=" . $catid;\r
+\r
+               sql_query($query);\r
+\r
+               // store plugin options\r
+               $aOptions = requestArray('plugoption');\r
+               NucleusPlugin::_applyPluginOptions($aOptions);\r
+               $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));\r
+\r
+\r
+               if ($desturl) {\r
+                       redirect($desturl);\r
+                       exit;\r
+               } else {\r
+                       $this->action_blogsettings();\r
+               }\r
+       }\r
+\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_categorydelete() {\r
+               global $member, $manager;\r
+\r
+               $blogid = intRequestVar('blogid');\r
+               $catid = intRequestVar('catid');\r
+\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
+\r
+               $blog =& $manager->getBlog($blogid);\r
+\r
+               // check if the category is valid\r
+               if (!$blog->isValidCategory($catid))\r
+                       $this->error(_ERROR_NOSUCHCATEGORY);\r
+\r
+               // don't allow deletion of default category\r
+               if ($blog->getDefaultCategory() == $catid)\r
+                       $this->error(_ERROR_DELETEDEFCATEGORY);\r
+\r
+               // check if catid is the only category left for blogid\r
+               $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
+               $res = sql_query($query);\r
+               if (sql_num_rows($res) == 1)\r
+                       $this->error(_ERROR_DELETELASTCATEGORY);\r
+\r
+\r
+               $this->pagehead();\r
+               ?>\r
+                       <h2><?php echo _DELETE_CONFIRM?></h2>\r
+\r
+                       <div>\r
+                       <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>\r
+                       </div>\r
+\r
+                       <form method="post" action="index.php"><div>\r
+                       <input type="hidden" name="action" value="categorydeleteconfirm" />\r
+                       <?php $manager->addTicketHidden() ?>\r
+                       <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
+                       <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
+                       <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
 \r
-            <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
-            </p>\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_categorydeleteconfirm() {\r
+               global $member, $manager;\r
 \r
+               $blogid = intRequestVar('blogid');\r
+               $catid = intRequestVar('catid');\r
 \r
-            <form method="post" action="index.php"><div>\r
-            <input type="hidden" name="action" value="teamdeleteconfirm" />\r
-            <?php $manager->addTicketHidden() ?>\r
-            <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
-            <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
-            <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
-            </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_teamdeleteconfirm() {\r
-        global $member;\r
+               $error = $this->deleteOneCategory($catid);\r
+               if ($error)\r
+                       $this->error($error);\r
 \r
-        $memberid = intRequestVar('memberid');\r
-        $blogid = intRequestVar('blogid');\r
+               $this->action_blogsettings();\r
+       }\r
 \r
-        $error = $this->deleteOneTeamMember($blogid, $memberid);\r
-        if ($error)\r
-            $this->error($error);\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function deleteOneCategory($catid) {\r
+               global $manager, $member;\r
 \r
+               $catid = intval($catid);\r
 \r
-        $this->action_manageteam();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function deleteOneTeamMember($blogid, $memberid) {\r
-        global $member, $manager;\r
-\r
-        $blogid = intval($blogid);\r
-        $memberid = intval($memberid);\r
-\r
-        // check if allowed\r
-        if (!$member->blogAdminRights($blogid))\r
-            return _ERROR_DISALLOWED;\r
-\r
-        // check if: - there remains at least one blog admin\r
-        //           - (there remains at least one team member)\r
-        $tmem = MEMBER::createFromID($memberid);\r
+               $blogid = getBlogIDFromCatID($catid);\r
+\r
+               if (!$member->blogAdminRights($blogid))\r
+                       return ERROR_DISALLOWED;\r
+\r
+               // get blog\r
+               $blog =& $manager->getBlog($blogid);\r
+\r
+               // check if the category is valid\r
+               if (!$blog || !$blog->isValidCategory($catid))\r
+                       return _ERROR_NOSUCHCATEGORY;\r
+\r
+               $destcatid = $blog->getDefaultCategory();\r
+\r
+               // don't allow deletion of default category\r
+               if ($blog->getDefaultCategory() == $catid)\r
+                       return _ERROR_DELETEDEFCATEGORY;\r
 \r
-        $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
+               // check if catid is the only category left for blogid\r
+               $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
+               $res = sql_query($query);\r
+               if (sql_num_rows($res) == 1)\r
+                       return _ERROR_DELETELASTCATEGORY;\r
 \r
-        if ($tmem->isBlogAdmin($blogid)) {\r
-            // check if there are more blog members left and at least one admin\r
-            // (check for at least two admins before deletion)\r
-            $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
-            $r = sql_query($query);\r
-            if (sql_num_rows($r) < 2)\r
-                return _ERROR_ATLEASTONEBLOGADMIN;\r
-        }\r
+               $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
 \r
-        $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
-        sql_query($query);\r
-\r
-        $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
-\r
-        return '';\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_teamchangeadmin() {\r
-        global $member;\r
-\r
-        $blogid = intRequestVar('blogid');\r
-        $memberid = intRequestVar('memberid');\r
-\r
-        // check if allowed\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
-\r
-        $mem = MEMBER::createFromID($memberid);\r
-\r
-        // don't allow when there is only one admin at this moment\r
-        if ($mem->isBlogAdmin($blogid)) {\r
-            $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
-            if (sql_num_rows($r) == 1)\r
-                $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
-        }\r
-\r
-        if ($mem->isBlogAdmin($blogid))\r
-            $newval = 0;\r
-        else\r
-            $newval = 1;\r
-\r
-        $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
-        sql_query($query);\r
-\r
-        // only show manageteam if member did not change its own admin privileges\r
-        if ($member->isBlogAdmin($blogid))\r
-            $this->action_manageteam();\r
-        else\r
-            $this->action_overview(_MSG_ADMINCHANGED);\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_blogsettings() {\r
-        global $member, $manager;\r
-\r
-        $blogid = intRequestVar('blogid');\r
-\r
-        // check if allowed\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
-\r
-        $blog =& $manager->getBlog($blogid);\r
-\r
-        $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
-        $this->pagehead($extrahead);\r
-\r
-        echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
-        ?>\r
-        <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
-\r
-        <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
-\r
-        <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?>\r
-        <?php\r
-            $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
-            $aMemberNames = array();\r
-            while ($o = sql_fetch_object($res))\r
-                array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
-            echo implode(',', $aMemberNames);\r
-        ?>\r
-        </p>\r
-\r
-\r
-\r
-        <p>\r
-        <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
-        </p>\r
-\r
-        <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
-\r
-        <form method="post" action="index.php"><div>\r
-\r
-        <input type="hidden" name="action" value="blogsettingsupdate" />\r
-        <?php $manager->addTicketHidden() ?>\r
-        <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
-        <table><tr>\r
-            <td><?php echo _EBLOG_NAME?></td>\r
-            <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
-                <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
-            </td>\r
-            <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_DESC?></td>\r
-            <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_URL?></td>\r
-            <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_DEFSKIN?>\r
-                <?php help('blogdefaultskin'); ?>\r
-            </td>\r
-            <td>\r
-                <?php\r
-                    $query =  'SELECT sdname as text, sdnumber as value'\r
-                           . ' FROM '.sql_table('skin_desc');\r
-                    $template['name'] = 'defskin';\r
-                    $template['selected'] = $blog->getDefaultSkin();\r
-                    $template['tabindex'] = 50;\r
-                    showlist($query,'select',$template);\r
-                ?>\r
-\r
-            </td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
-            </td>\r
-            <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
-            </td>\r
-            <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
-            </td>\r
-            <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_ANONYMOUS?>\r
-            </td>\r
-            <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
-        </tr><tr>\r
-    <td><?php echo _EBLOG_REQUIREDEMAIL?>\r
-         </td>\r
-         <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>\r
-      </tr><tr>\r
-            <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
-            <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
-            <td>\r
-                <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
-                    <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
-                /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
-                <br />\r
-                <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
-                    <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
-                /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
-                <br />\r
-                <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
-                    <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
-                /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
-            </td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
-            <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
-            <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_DEFCAT?></td>\r
-            <td>\r
-                <?php\r
-                    $query =  'SELECT cname as text, catid as value'\r
-                           . ' FROM '.sql_table('category')\r
-                           . ' WHERE cblog=' . $blog->getID();\r
-                    $template['name'] = 'defcat';\r
-                    $template['selected'] = $blog->getDefaultCategory();\r
-                    $template['tabindex'] = 110;\r
-                    showlist($query,'select',$template);\r
-                ?>\r
-            </td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
-                <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
-                <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
-                </td>\r
-            <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
-            <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
-        </tr>\r
-        <?php\r
-            // plugin options\r
-            $this->_insertPluginOptions('blog',$blogid);\r
-        ?>\r
-        <tr>\r
-            <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_CHANGE?></td>\r
-            <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
-        </tr></table>\r
-\r
-        </div></form>\r
-\r
-        <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
-\r
-\r
-        <?php\r
-        $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
-        $template['content'] = 'categorylist';\r
-        $template['tabindex'] = 200;\r
-\r
-        $manager->loadClass("ENCAPSULATE");\r
-        $batch =& new BATCH('category');\r
-        $batch->showlist($query,'table',$template);\r
-\r
-        ?>\r
-\r
-\r
-        <form action="index.php" method="post"><div>\r
-        <input name="action" value="categorynew" type="hidden" />\r
-        <?php $manager->addTicketHidden() ?>\r
-        <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
-\r
-        <table><tr>\r
-            <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_CAT_NAME?></td>\r
-            <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_CAT_DESC?></td>\r
-            <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_CAT_CREATE?></td>\r
-            <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
-        </tr></table>\r
-\r
-        </div></form>\r
-\r
-        <?php\r
-\r
-            echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
-\r
-            $manager->notify(\r
-                'BlogSettingsFormExtras',\r
-                array(\r
-                    'blog' => &$blog\r
-                )\r
-            );\r
-\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_categorynew() {\r
-        global $member, $manager;\r
-\r
-        $blogid = intRequestVar('blogid');\r
-\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
-\r
-        $cname = postVar('cname');\r
-        $cdesc = postVar('cdesc');\r
-\r
-        if (!isValidCategoryName($cname))\r
-            $this->error(_ERROR_BADCATEGORYNAME);\r
-\r
-        $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);\r
-        $res = sql_query($query);\r
-        if (sql_num_rows($res) > 0)\r
-            $this->error(_ERROR_DUPCATEGORYNAME);\r
-\r
-        $blog       =& $manager->getBlog($blogid);\r
-        $newCatID   =  $blog->createNewCategory($cname, $cdesc);\r
-\r
-        $this->action_blogsettings();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
-        global $member, $manager;\r
-\r
-        if ($blogid == '')\r
-            $blogid = intGetVar('blogid');\r
-        else\r
-            $blogid = intval($blogid);\r
-        if ($catid == '')\r
-            $catid = intGetVar('catid');\r
-        else\r
-            $catid = intval($catid);\r
-\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
-\r
-        $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
-        $obj = sql_fetch_object($res);\r
-\r
-        $cname = $obj->cname;\r
-        $cdesc = $obj->cdesc;\r
-\r
-        $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
-        $this->pagehead($extrahead);\r
-\r
-        echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
-\r
-        ?>\r
-        <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
-        <form method='post' action='index.php'><div>\r
-        <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
-        <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
-        <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
-        <input name="action" type="hidden" value="categoryupdate" />\r
-        <?php $manager->addTicketHidden(); ?>\r
-\r
-        <table><tr>\r
-            <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_CAT_NAME?></td>\r
-            <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_CAT_DESC?></td>\r
-            <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
-        </tr>\r
-        <?php\r
-            // insert plugin options\r
-            $this->_insertPluginOptions('category',$catid);\r
-        ?>\r
-        <tr>\r
-            <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
-        </tr><tr>\r
-            <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
-            <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
-        </tr></table>\r
-\r
-        </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_categoryupdate() {\r
-        global $member, $manager;\r
-\r
-        $blogid = intPostVar('blogid');\r
-        $catid = intPostVar('catid');\r
-        $cname = postVar('cname');\r
-        $cdesc = postVar('cdesc');\r
-        $desturl = postVar('desturl');\r
-\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
-\r
-        if (!isValidCategoryName($cname))\r
-            $this->error(_ERROR_BADCATEGORYNAME);\r
-\r
-        $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
-        $res = sql_query($query);\r
-        if (sql_num_rows($res) > 0)\r
-            $this->error(_ERROR_DUPCATEGORYNAME);\r
-\r
-        $query =  'UPDATE '.sql_table('category').' SET'\r
-               . " cname='" . addslashes($cname) . "',"\r
-               . " cdesc='" . addslashes($cdesc) . "'"\r
-               . " WHERE catid=" . $catid;\r
-\r
-        sql_query($query);\r
-\r
-        // store plugin options\r
-        $aOptions = requestArray('plugoption');\r
-        NucleusPlugin::_applyPluginOptions($aOptions);\r
-        $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));\r
-\r
-\r
-        if ($desturl) {\r
-            redirect($desturl);\r
-            exit;\r
-        } else {\r
-            $this->action_blogsettings();\r
-        }\r
-    }\r
-\r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_categorydelete() {\r
-        global $member, $manager;\r
-\r
-        $blogid = intRequestVar('blogid');\r
-        $catid = intRequestVar('catid');\r
-\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
-\r
-        $blog =& $manager->getBlog($blogid);\r
-\r
-        // check if the category is valid\r
-        if (!$blog->isValidCategory($catid))\r
-            $this->error(_ERROR_NOSUCHCATEGORY);\r
-\r
-        // don't allow deletion of default category\r
-        if ($blog->getDefaultCategory() == $catid)\r
-            $this->error(_ERROR_DELETEDEFCATEGORY);\r
-\r
-        // check if catid is the only category left for blogid\r
-        $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
-        $res = sql_query($query);\r
-        if (sql_num_rows($res) == 1)\r
-            $this->error(_ERROR_DELETELASTCATEGORY);\r
-\r
-\r
-        $this->pagehead();\r
-        ?>\r
-            <h2><?php echo _DELETE_CONFIRM?></h2>\r
-\r
-            <div>\r
-            <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>\r
-            </div>\r
-\r
-            <form method="post" action="index.php"><div>\r
-            <input type="hidden" name="action" value="categorydeleteconfirm" />\r
-            <?php $manager->addTicketHidden() ?>\r
-            <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
-            <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
-            <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
-            </div></form>\r
-        <?php\r
-        $this->pagefoot();\r
-    }\r
+               // change category for all items to the default category\r
+               $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
+               sql_query($query);\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_categorydeleteconfirm() {\r
-        global $member, $manager;\r
+               // delete all associated plugin options\r
+               NucleusPlugin::_deleteOptionValues('category', $catid);\r
 \r
-        $blogid = intRequestVar('blogid');\r
-        $catid = intRequestVar('catid');\r
+               // delete category\r
+               $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
+               sql_query($query);\r
 \r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
+               $manager->notify('PostDeleteCategory', array('catid' => $catid));\r
 \r
-        $error = $this->deleteOneCategory($catid);\r
-        if ($error)\r
-            $this->error($error);\r
+       }\r
 \r
-        $this->action_blogsettings();\r
-    }\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function moveOneCategory($catid, $destblogid) {\r
+               global $manager, $member;\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function deleteOneCategory($catid) {\r
-        global $manager, $member;\r
+               $catid = intval($catid);\r
+               $destblogid = intval($destblogid);\r
 \r
-        $catid = intval($catid);\r
+               $blogid = getBlogIDFromCatID($catid);\r
 \r
-        $blogid = getBlogIDFromCatID($catid);\r
-\r
-        if (!$member->blogAdminRights($blogid))\r
-            return ERROR_DISALLOWED;\r
-\r
-        // get blog\r
-        $blog =& $manager->getBlog($blogid);\r
-\r
-        // check if the category is valid\r
-        if (!$blog || !$blog->isValidCategory($catid))\r
-            return _ERROR_NOSUCHCATEGORY;\r
-\r
-        $destcatid = $blog->getDefaultCategory();\r
-\r
-        // don't allow deletion of default category\r
-        if ($blog->getDefaultCategory() == $catid)\r
-            return _ERROR_DELETEDEFCATEGORY;\r
+               // mover should have admin rights on both blogs\r
+               if (!$member->blogAdminRights($blogid))\r
+                       return _ERROR_DISALLOWED;\r
+               if (!$member->blogAdminRights($destblogid))\r
+                       return _ERROR_DISALLOWED;\r
 \r
-        // check if catid is the only category left for blogid\r
-        $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
-        $res = sql_query($query);\r
-        if (sql_num_rows($res) == 1)\r
-            return _ERROR_DELETELASTCATEGORY;\r
+               // cannot move to self\r
+               if ($blogid == $destblogid)\r
+                       return _ERROR_MOVETOSELF;\r
 \r
-        $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
+               // get blogs\r
+               $blog =& $manager->getBlog($blogid);\r
+               $destblog =& $manager->getBlog($destblogid);\r
+\r
+               // check if the category is valid\r
+               if (!$blog || !$blog->isValidCategory($catid))\r
+                       return _ERROR_NOSUCHCATEGORY;\r
+\r
+               // don't allow default category to be moved\r
+               if ($blog->getDefaultCategory() == $catid)\r
+                       return _ERROR_MOVEDEFCATEGORY;\r
 \r
-        // change category for all items to the default category\r
-        $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
-        sql_query($query);\r
+               $manager->notify(\r
+                       'PreMoveCategory',\r
+                       array(\r
+                               'catid' => &$catid,\r
+                               'sourceblog' => &$blog,\r
+                               'destblog' => &$destblog\r
+                       )\r
+               );\r
 \r
-        // delete all associated plugin options\r
-        NucleusPlugin::_deleteOptionValues('category', $catid);\r
+               // update comments table (cblog)\r
+               $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
+               $items = sql_query($query);\r
+               while ($oItem = sql_fetch_object($items)) {\r
+                       sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);\r
+               }\r
 \r
-        // delete category\r
-        $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
-        sql_query($query);\r
+               // update items (iblog)\r
+               $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;\r
+               sql_query($query);\r
 \r
-        $manager->notify('PostDeleteCategory', array('catid' => $catid));\r
+               // move category\r
+               $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;\r
+               sql_query($query);\r
 \r
-    }\r
+               $manager->notify(\r
+                       'PostMoveCategory',\r
+                       array(\r
+                               'catid' => &$catid,\r
+                               'sourceblog' => &$blog,\r
+                               'destblog' => $destblog\r
+                       )\r
+               );\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function moveOneCategory($catid, $destblogid) {\r
-        global $manager, $member;\r
+       }\r
 \r
-        $catid = intval($catid);\r
-        $destblogid = intval($destblogid);\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_blogsettingsupdate() {\r
+               global $member, $manager;\r
+\r
+               $blogid = intRequestVar('blogid');\r
+\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
+\r
+               $blog =& $manager->getBlog($blogid);\r
+\r
+               $notify          = trim(postVar('notify'));\r
+               $shortname        = trim(postVar('shortname'));\r
+               $updatefile      = trim(postVar('update'));\r
+\r
+               $notifyComment  = intPostVar('notifyComment');\r
+               $notifyVote      = intPostVar('notifyVote');\r
+               $notifyNewItem  = intPostVar('notifyNewItem');\r
 \r
-        $blogid = getBlogIDFromCatID($catid);\r
+               if ($notifyComment == 0)        $notifyComment = 1;\r
+               if ($notifyVote == 0)      $notifyVote = 1;\r
+               if ($notifyNewItem == 0)        $notifyNewItem = 1;\r
 \r
-        // mover should have admin rights on both blogs\r
-        if (!$member->blogAdminRights($blogid))\r
-            return _ERROR_DISALLOWED;\r
-        if (!$member->blogAdminRights($destblogid))\r
-            return _ERROR_DISALLOWED;\r
+               $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
 \r
-        // cannot move to self\r
-        if ($blogid == $destblogid)\r
-            return _ERROR_MOVETOSELF;\r
 \r
-        // get blogs\r
-        $blog =& $manager->getBlog($blogid);\r
-        $destblog =& $manager->getBlog($destblogid);\r
-\r
-        // check if the category is valid\r
-        if (!$blog || !$blog->isValidCategory($catid))\r
-            return _ERROR_NOSUCHCATEGORY;\r
-\r
-        // don't allow default category to be moved\r
-        if ($blog->getDefaultCategory() == $catid)\r
-            return _ERROR_MOVEDEFCATEGORY;\r
+               if ($notify) {\r
+                       $not =& new NOTIFICATION($notify);\r
+                       if (!$not->validAddresses())\r
+                               $this->error(_ERROR_BADNOTIFY);\r
+\r
+               }\r
+\r
+               if (!isValidShortName($shortname))\r
+                       $this->error(_ERROR_BADSHORTBLOGNAME);\r
+\r
+               if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))\r
+                       $this->error(_ERROR_DUPSHORTBLOGNAME);\r
+\r
+               // check if update file is writable\r
+               if ($updatefile && !is_writeable($updatefile))\r
+                       $this->error(_ERROR_UPDATEFILE);\r
+\r
+               $blog->setName(trim(postVar('name')));\r
+               $blog->setShortName($shortname);\r
+               $blog->setNotifyAddress($notify);\r
+               $blog->setNotifyType($notifyType);\r
+               $blog->setMaxComments(postVar('maxcomments'));\r
+               $blog->setCommentsEnabled(postVar('comments'));\r
+               $blog->setTimeOffset(postVar('timeoffset'));\r
+               $blog->setUpdateFile($updatefile);\r
+               $blog->setURL(trim(postVar('url')));\r
+               $blog->setDefaultSkin(intPostVar('defskin'));\r
+               $blog->setDescription(trim(postVar('desc')));\r
+               $blog->setPublic(postVar('public'));\r
+               $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
+               $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
+               $blog->setDefaultCategory(intPostVar('defcat'));\r
+               $blog->setSearchable(intPostVar('searchable'));\r
+               $blog->setEmailRequired(intPostVar('reqemail'));\r
+\r
+               $blog->writeSettings();\r
 \r
-        $manager->notify(\r
-            'PreMoveCategory',\r
-            array(\r
-                'catid' => &$catid,\r
-                'sourceblog' => &$blog,\r
-                'destblog' => &$destblog\r
-            )\r
-        );\r
+               // store plugin options\r
+               $aOptions = requestArray('plugoption');\r
+               NucleusPlugin::_applyPluginOptions($aOptions);\r
+               $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));\r
 \r
-        // update comments table (cblog)\r
-        $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
-        $items = sql_query($query);\r
-        while ($oItem = sql_fetch_object($items)) {\r
-            sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);\r
-        }\r
 \r
-        // update items (iblog)\r
-        $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;\r
-        sql_query($query);\r
+               $this->action_overview(_MSG_SETTINGSCHANGED);\r
+       }\r
 \r
-        // move category\r
-        $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;\r
-        sql_query($query);\r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_deleteblog() {\r
+               global $member, $CONF, $manager;\r
 \r
-        $manager->notify(\r
-            'PostMoveCategory',\r
-            array(\r
-                'catid' => &$catid,\r
-                'sourceblog' => &$blog,\r
-                'destblog' => $destblog\r
-            )\r
-        );\r
+               $blogid = intRequestVar('blogid');\r
 \r
-    }\r
+               $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
-    /**\r
-     * @todo document this\r
-     */\r
-    function action_blogsettingsupdate() {\r
-        global $member, $manager;\r
-\r
-        $blogid = intRequestVar('blogid');\r
-\r
-        $member->blogAdminRights($blogid) or $this->disallow();\r
-\r
-        $blog =& $manager->getBlog($blogid);\r
-\r
-        $notify         = trim(postVar('notify'));\r
-        $shortname      = trim(postVar('shortname'));\r
-        $updatefile     = trim(postVar('update'));\r
-\r
-        $notifyComment  = intPostVar('notifyComment');\r
-        $notifyVote     = intPostVar('notifyVote');\r
-        $notifyNewItem  = intPostVar('notifyNewItem');\r
+               // check if blog is default blog\r
+               if ($CONF['DefaultBlog'] == $blogid)\r
+                       $this->error(_ERROR_DELDEFBLOG);\r
 \r
-        if ($notifyComment == 0)    $notifyComment = 1;\r
-        if ($notifyVote == 0)       $notifyVote = 1;\r
-        if ($notifyNewItem == 0)    $notifyNewItem = 1;\r
+               $blog =& $manager->getBlog($blogid);\r
 \r
-        $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
+               $this->pagehead();\r
+               ?>\r
+                       <h2><?php echo _DELETE_CONFIRM?></h2>\r
 \r
+                       <p><?php echo _WARNINGTXT_BLOGDEL?>\r
+                       </p>\r
 \r
-        if ($notify) {\r
-            $not =& new NOTIFICATION($notify);\r
-            if (!$not->validAddresses())\r
-                $this->error(_ERROR_BADNOTIFY);\r
-\r
-        }\r
-\r
-        if (!isValidShortName($shortname))\r
-            $this->error(_ERROR_BADSHORTBLOGNAME);\r
-\r
-        if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))\r
-            $this->error(_ERROR_DUPSHORTBLOGNAME);\r
-\r
-        // check if update file is writable\r
-        if ($updatefile && !is_writeable($updatefile))\r
-            $this->error(_ERROR_UPDATEFILE);\r
-\r
-        $blog->setName(trim(postVar('name')));\r
-        $blog->setShortName($shortname);\r
-        $blog->setNotifyAddress($notify);\r
-        $blog->setNotifyType($notifyType);\r
-        $blog->setMaxComments(postVar('maxcomments'));\r
-        $blog->setCommentsEnabled(postVar('comments'));\r
-        $blog->setTimeOffset(postVar('timeoffset'));\r
-        $blog->setUpdateFile($updatefile);\r
-        $blog->setURL(trim(postVar('url')));\r
-        $blog->setDefaultSkin(intPostVar('defskin'));\r
-        $blog->setDescription(trim(postVar('desc')));\r
-        $blog->setPublic(postVar('public'));\r
-        $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
-        $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
-        $blog->setDefaultCategory(intPostVar('defcat'));\r
-        $blog->setSearchable(intPostVar('searchable'));\r
-        $blog->setEmailRequired(intPostVar('reqemail'));\r
-\r
-        $blog->writeSettings();\r
+                       <div>\r
+                       <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>\r
+                       </div>\r
 \r
-        // store plugin options\r
-        $aOptions = requestArray('plugoption');\r
-        NucleusPlugin::_applyPluginOptions($aOptions);\r
-        $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));\r
+                       <form method="post" action="index.php"><div>\r
+                       <input type="hidden" name="action" value="deleteblogconfirm" />\r
+                       <?php $manager->addTicketHidden() ?>\r
+                       <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
+                       <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
+                       </div></form>\r
+               <?php\r
+               $this->pagefoot();\r
+       }\r
 \r
+       /**\r
+        * @todo document this\r
+        */\r
+       function action_deleteblogconfirm() {\r
+               global $member, $CONF, $manager;\r
 \r
-        $this->action_overview(_MSG_SETTINGSCHANGED);\r
-    }\r