- // default action = add now\r
- if (!$actiontype)\r
- $actiontype='addnow';\r
-\r
- // create new category if needed\r
- if (strstr($catid,'newcat')) {\r
- // get blogid\r
- list($blogid) = sscanf($catid,"newcat-%d");\r
-\r
- // create\r
- $blog =& $manager->getBlog($blogid);\r
- $catid = $blog->createNewCategory();\r
-\r
- // show error when sth goes wrong\r
- if (!$catid)\r
- $this->doError(_ERROR_CATCREATEFAIL);\r
- }\r
-\r
- /*\r
- set some variables based on actiontype\r
-\r
- actiontypes:\r
- draft items -> addnow, addfuture, adddraft, delete\r
- non-draft items -> edit, changedate, delete\r
-\r
- variables set:\r
- $timestamp: set to a nonzero value for future dates or date changes\r
- $wasdraft: set to 1 when the item used to be a draft item\r
- $publish: set to 1 when the edited item is not a draft\r
- */\r
- $blogid = getBlogIDFromItemID($itemid);\r
- $blog =& $manager->getBlog($blogid);\r
-\r
- $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
- $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
- $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
- if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
- $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
- } else {\r
- $timestamp =0;\r
- }\r
-\r
- // edit the item for real\r
- ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
-\r
- $this->updateFuturePosted($blogid);\r
-\r
- if ($draftid > 0) {\r
- // delete permission is checked inside ITEM::delete()\r
- ITEM::delete($draftid);\r
- }\r
-\r
- // show category edit window when we created a new category\r
- // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
- if ($catid != intPostVar('catid')) {\r
- $this->action_categoryedit(\r
- $catid,\r
- $blog->getID(),\r
- $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
- );\r
- } else {\r
- // TODO: set start item correctly for itemlist\r
- $this->action_itemlist(getBlogIDFromItemID($itemid));\r
- }\r
- }\r
-\r
- /**\r
- * @todo document this\r
- */\r
- function action_itemdelete() {\r
- global $member, $manager;\r
-\r
- $itemid = intRequestVar('itemid');\r
-\r
- // only allow if user is allowed to alter item\r
- $member->canAlterItem($itemid) or $this->disallow();\r
-\r
- if (!$manager->existsItem($itemid,1,1))\r
- $this->error(_ERROR_NOSUCHITEM);\r
-\r
- $item =& $manager->getItem($itemid,1,1);\r
- $title = htmlspecialchars(strip_tags($item['title']));\r
- $body = strip_tags($item['body']);\r
- $body = htmlspecialchars(shorten($body,300,'...'));\r
-\r
- $this->pagehead();\r
- ?>\r
- <h2><?php echo _DELETE_CONFIRM?></h2>\r
-\r
- <p><?php echo _CONFIRMTXT_ITEM?></p>\r
-\r
- <div class="note">\r
- <b>"<?php echo $title ?>"</b>\r
- <br />\r
- <?php echo $body?>\r
- </div>\r
-\r
- <form method="post" action="index.php"><div>\r
- <input type="hidden" name="action" value="itemdeleteconfirm" />\r
- <?php $manager->addTicketHidden() ?>\r
- <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" />\r
- <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" tabindex="10" />\r
- </div></form>\r
- <?php\r
- $this->pagefoot();\r
- }\r
-\r
- /**\r
- * @todo document this\r
- */\r
- function action_itemdeleteconfirm() {\r
- global $member;\r
-\r
- $itemid = intRequestVar('itemid');\r
-\r
- // only allow if user is allowed to alter item\r
- $member->canAlterItem($itemid) or $this->disallow();\r
-\r
- // get blogid first\r
- $blogid = getBlogIdFromItemId($itemid);\r
-\r
- // delete item (note: some checks will be performed twice)\r
- $this->deleteOneItem($itemid);\r
-\r
- $this->action_itemlist($blogid);\r
- }\r
-\r
- /**\r
- * Deletes one item and returns error if something goes wrong\r
- * @param int $itemid\r
- */\r
- function deleteOneItem($itemid) {\r
- global $member, $manager;\r
-\r
- // only allow if user is allowed to alter item (also checks if itemid exists)\r
- if (!$member->canAlterItem($itemid))\r
- return _ERROR_DISALLOWED;\r
-\r
- // need to get blogid before the item is deleted\r
- $blogid = getBlogIDFromItemId($itemid);\r
-\r
- $manager->loadClass('ITEM');\r
- ITEM::delete($itemid);\r
-\r
- // update blog's futureposted\r
- $this->updateFuturePosted($blogid);\r
- }\r
-\r
- /**\r
- * Update a blog's future posted flag\r
- * @param int $blogid\r
- */\r
- function updateFuturePosted($blogid) {\r
- global $manager;\r
-\r
- $blog =& $manager->getBlog($blogid);\r
- $currenttime = $blog->getCorrectTime(time());\r
- $result = sql_query("SELECT * FROM ".sql_table('item').\r
- " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
- if (sql_num_rows($result) > 0) {\r
- $blog->setFuturePost();\r
- }\r
- else {\r
- $blog->clearFuturePost();\r
- }\r
- }\r
-\r
- /**\r
- * @todo document this\r
- */\r
- function action_itemmove() {\r
- global $member, $manager;\r
-\r
- $itemid = intRequestVar('itemid');\r
-\r
- // only allow if user is allowed to alter item\r
- $member->canAlterItem($itemid) or $this->disallow();\r
-\r
- $item =& $manager->getItem($itemid,1,1);\r
-\r
- $this->pagehead();\r
- ?>\r
- <h2><?php echo _MOVE_TITLE?></h2>\r
- <form method="post" action="index.php"><div>\r
- <input type="hidden" name="action" value="itemmoveto" />\r
- <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" />\r
-\r
- <?php\r
-\r
- $manager->addTicketHidden();\r
- $this->selectBlogCategory('catid',$item['catid'],10,1);\r
- ?>\r
-\r
- <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
- </div></form>\r
- <?php\r
- $this->pagefoot();\r
- }\r
-\r
- /**\r
- * @todo document this\r
- */\r
- function action_itemmoveto() {\r
- global $member, $manager;\r
+ // default action = add now\r
+ if (!$actiontype)\r
+ $actiontype='addnow';\r
+\r
+ // create new category if needed\r
+ if (strstr($catid,'newcat')) {\r
+ // get blogid\r
+ list($blogid) = sscanf($catid,"newcat-%d");\r
+\r
+ // create\r
+ $blog =& $manager->getBlog($blogid);\r
+ $catid = $blog->createNewCategory();\r
+\r
+ // show error when sth goes wrong\r
+ if (!$catid)\r
+ $this->doError(_ERROR_CATCREATEFAIL);\r
+ }\r
+\r
+ /*\r
+ set some variables based on actiontype\r
+\r
+ actiontypes:\r
+ draft items -> addnow, addfuture, adddraft, delete\r
+ non-draft items -> edit, changedate, delete\r
+\r
+ variables set:\r
+ $timestamp: set to a nonzero value for future dates or date changes\r
+ $wasdraft: set to 1 when the item used to be a draft item\r
+ $publish: set to 1 when the edited item is not a draft\r
+ */\r
+ $blogid = getBlogIDFromItemID($itemid);\r
+ $blog =& $manager->getBlog($blogid);\r
+\r
+ $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
+ $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
+ $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
+ if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
+ $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
+ } else {\r
+ $timestamp =0;\r
+ }\r
+\r
+ // edit the item for real\r
+ ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
+\r
+ $this->updateFuturePosted($blogid);\r
+\r
+ if ($draftid > 0) {\r
+ // delete permission is checked inside ITEM::delete()\r
+ ITEM::delete($draftid);\r
+ }\r
+\r
+ // show category edit window when we created a new category\r
+ // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
+ if ($catid != intPostVar('catid')) {\r
+ $this->action_categoryedit(\r
+ $catid,\r
+ $blog->getID(),\r
+ $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
+ );\r
+ } else {\r
+ // TODO: set start item correctly for itemlist\r
+ $this->action_itemlist(getBlogIDFromItemID($itemid));\r
+ }\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_itemdelete() {\r
+ global $member, $manager;\r
+\r
+ $itemid = intRequestVar('itemid');\r
+\r
+ // only allow if user is allowed to alter item\r
+ $member->canAlterItem($itemid) or $this->disallow();\r
+\r
+ if (!$manager->existsItem($itemid,1,1))\r
+ $this->error(_ERROR_NOSUCHITEM);\r
+\r
+ $item =& $manager->getItem($itemid,1,1);\r
+ $title = htmlspecialchars(strip_tags($item['title']));\r
+ $body = strip_tags($item['body']);\r
+ $body = htmlspecialchars(shorten($body,300,'...'));\r
+\r
+ $this->pagehead();\r
+ ?>\r
+ <h2><?php echo _DELETE_CONFIRM?></h2>\r
+\r
+ <p><?php echo _CONFIRMTXT_ITEM?></p>\r
+\r
+ <div class="note">\r
+ <b>"<?php echo $title ?>"</b>\r
+ <br />\r
+ <?php echo $body?>\r
+ </div>\r
+\r
+ <form method="post" action="index.php"><div>\r
+ <input type="hidden" name="action" value="itemdeleteconfirm" />\r
+ <?php $manager->addTicketHidden() ?>\r
+ <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" />\r
+ <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" tabindex="10" />\r
+ </div></form>\r
+ <?php\r
+ $this->pagefoot();\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_itemdeleteconfirm() {\r
+ global $member;\r
+\r
+ $itemid = intRequestVar('itemid');\r
+\r
+ // only allow if user is allowed to alter item\r
+ $member->canAlterItem($itemid) or $this->disallow();\r
+\r
+ // get blogid first\r
+ $blogid = getBlogIdFromItemId($itemid);\r
+\r
+ // delete item (note: some checks will be performed twice)\r
+ $this->deleteOneItem($itemid);\r
+\r
+ $this->action_itemlist($blogid);\r
+ }\r
+\r
+ /**\r
+ * Deletes one item and returns error if something goes wrong\r
+ * @param int $itemid\r
+ */\r
+ function deleteOneItem($itemid) {\r
+ global $member, $manager;\r
+\r
+ // only allow if user is allowed to alter item (also checks if itemid exists)\r
+ if (!$member->canAlterItem($itemid))\r
+ return _ERROR_DISALLOWED;\r
+\r
+ // need to get blogid before the item is deleted\r
+ $blogid = getBlogIDFromItemId($itemid);\r
+\r
+ $manager->loadClass('ITEM');\r
+ ITEM::delete($itemid);\r
+\r
+ // update blog's futureposted\r
+ $this->updateFuturePosted($blogid);\r
+ }\r
+\r
+ /**\r
+ * Update a blog's future posted flag\r
+ * @param int $blogid\r
+ */\r
+ function updateFuturePosted($blogid) {\r
+ global $manager;\r
+\r
+ $blog =& $manager->getBlog($blogid);\r
+ $currenttime = $blog->getCorrectTime(time());\r
+ $result = sql_query("SELECT * FROM ".sql_table('item').\r
+ " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
+ if (sql_num_rows($result) > 0) {\r
+ $blog->setFuturePost();\r
+ }\r
+ else {\r
+ $blog->clearFuturePost();\r
+ }\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_itemmove() {\r
+ global $member, $manager;\r
+\r
+ $itemid = intRequestVar('itemid');\r
+\r
+ // only allow if user is allowed to alter item\r
+ $member->canAlterItem($itemid) or $this->disallow();\r
+\r
+ $item =& $manager->getItem($itemid,1,1);\r
+\r
+ $this->pagehead();\r
+ ?>\r
+ <h2><?php echo _MOVE_TITLE?></h2>\r
+ <form method="post" action="index.php"><div>\r
+ <input type="hidden" name="action" value="itemmoveto" />\r
+ <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" />\r
+\r
+ <?php\r
+\r
+ $manager->addTicketHidden();\r
+ $this->selectBlogCategory('catid',$item['catid'],10,1);\r
+ ?>\r
+\r
+ <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
+ </div></form>\r
+ <?php\r
+ $this->pagefoot();\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_itemmoveto() {\r
+ global $member, $manager;\r
+\r
+ $itemid = intRequestVar('itemid');\r
+ $catid = requestVar('catid');\r
+\r
+ // create new category if needed\r
+ if (strstr($catid,'newcat')) {\r
+ // get blogid\r
+ list($blogid) = sscanf($catid,'newcat-%d');\r
+\r
+ // create\r
+ $blog =& $manager->getBlog($blogid);\r
+ $catid = $blog->createNewCategory();\r
+\r
+ // show error when sth goes wrong\r
+ if (!$catid)\r
+ $this->doError(_ERROR_CATCREATEFAIL);\r
+ }\r
+\r
+ // only allow if user is allowed to alter item\r
+ $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
+\r
+ $old_blogid = getBlogIDFromItemId($itemid);\r
+\r
+ ITEM::move($itemid, $catid);\r
+\r
+ // set the futurePosted flag on the blog\r
+ $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
+\r
+ // reset the futurePosted in case the item is moved from one blog to another\r
+ $this->updateFuturePosted($old_blogid);\r
+\r
+ if ($catid != intRequestVar('catid'))\r
+ $this->action_categoryedit($catid, $blog->getID());\r
+ else\r
+ $this->action_itemlist(getBlogIDFromCatID($catid));\r
+ }\r
+\r
+ /**\r
+ * Moves one item to a given category (category existance should be checked by caller)\r
+ * errors are returned\r
+ * @param int $itemid\r
+ * @param int $destCatid category ID to which the item will be moved\r
+ */\r
+ function moveOneItem($itemid, $destCatid) {\r
+ global $member;\r
+\r
+ // only allow if user is allowed to move item\r
+ if (!$member->canUpdateItem($itemid, $destCatid))\r
+ return _ERROR_DISALLOWED;\r
+\r
+ ITEM::move($itemid, $destCatid);\r
+ }\r
+\r
+ /**\r
+ * Adds a item to the chosen blog\r
+ */\r
+ function action_additem() {\r
+ global $manager, $CONF;\r
+\r
+ $manager->loadClass('ITEM');\r
+\r
+ $result = ITEM::createFromRequest();\r
+\r
+ if ($result['status'] == 'error')\r
+ $this->error($result['message']);\r
+\r
+ $blogid = getBlogIDFromItemID($result['itemid']);\r
+ $blog =& $manager->getBlog($blogid);\r
+ $btimestamp = $blog->getCorrectTime();\r
+ $item = $manager->getItem(intval($result['itemid']), 1, 1);\r
+\r
+ if ($result['status'] == 'newcategory') {\r
+ $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));\r
+ $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
+ } else {\r
+ $methodName = 'action_itemList';\r
+ call_user_func(array(&$this, $methodName), $blogid);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Allows to edit previously made comments\r
+ */\r
+ function action_commentedit() {\r
+ global $member, $manager;\r
+\r
+ $commentid = intRequestVar('commentid');\r
+\r
+ $member->canAlterComment($commentid) or $this->disallow();\r
+\r
+ $comment = COMMENT::getComment($commentid);\r
+\r
+ $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
+\r
+ // change <br /> to \n\r
+ $comment['body'] = str_replace('<br />','',$comment['body']);\r
+ \r
+ // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0\r
+ /* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */\r
+ $comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#I", "\\1", $comment['body']);\r
+ \r
+ $this->pagehead();\r
+\r
+ ?>\r
+ <h2><?php echo _EDITC_TITLE?></h2>\r
+\r
+ <form action="index.php" method="post"><div>\r
+\r
+ <input type="hidden" name="action" value="commentupdate" />\r
+ <?php $manager->addTicketHidden(); ?>\r
+ <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" />\r
+ <table><tr>\r
+ <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
+ </tr><tr>\r
+ <td><?php echo _EDITC_WHO?></td>\r
+ <td>\r
+ <?php if ($comment['member'])\r
+ echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
+ else\r
+ echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
+ ?>\r
+ </td>\r
+ </tr><tr>\r
+ <td><?php echo _EDITC_WHEN?></td>\r
+ <td><?php echo date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
+ </tr><tr>\r
+ <td><?php echo _EDITC_HOST?></td>\r
+ <td><?php echo $comment['host']; ?></td>\r
+ </tr>\r
+ <tr>\r
+ <td><?php echo _EDITC_URL; ?></td>\r
+ <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td>\r
+ </tr>\r
+ <tr>\r
+ <td><?php echo _EDITC_EMAIL; ?></td>\r
+ <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td>\r
+ </tr>\r
+ <tr>\r
+ <td><?php echo _EDITC_TEXT?></td>\r
+ <td>\r
+ <textarea name="body" tabindex="10" rows="10" cols="50"><?php // htmlspecialchars not needed (things should be escaped already)\r
+ echo $comment['body'];\r
+ ?></textarea>\r
+ </td>\r
+ </tr><tr>\r
+ <td><?php echo _EDITC_EDIT?></td>\r
+ <td><input type="submit" tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
+ </tr></table>\r
+\r
+ </div></form>\r
+ <?php\r
+ $this->pagefoot();\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_commentupdate() {\r
+ global $member, $manager;\r
+\r
+ $commentid = intRequestVar('commentid');\r
+\r
+ $member->canAlterComment($commentid) or $this->disallow();\r
+\r
+ $url = postVar('url');\r
+ $email = postVar('email');\r
+ $body = postVar('body');\r
+ \r
+ # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+ # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE\r
+ # important note that '\' must be matched with '\\\\' in preg* expressions\r
+ // intercept words that are too long\r
+ if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)\r
+ {\r
+ $this->error(_ERROR_COMMENT_LONGWORD);\r
+ }\r
+ \r
+ // check length\r
+ if (strlen($body) < 3) {\r
+ $this->error(_ERROR_COMMENT_NOCOMMENT);\r
+ }\r
+ if (strlen($body)>5000)\r
+ {\r
+ $this->error(_ERROR_COMMENT_TOOLONG);\r
+ }\r
+ \r
+ // prepare body\r
+ $body = COMMENT::prepareBody($body);\r
+\r
+ // call plugins\r
+ $manager->notify('PreUpdateComment',array('body' => &$body));\r
+\r
+ $query = 'UPDATE '.sql_table('comment')\r
+ . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"\r
+ . " WHERE cnumber=" . $commentid;\r
+ sql_query($query);\r
+\r
+ // get itemid\r
+ $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
+ $o = sql_fetch_object($res);\r
+ $itemid = $o->citem;\r
+\r
+ if ($member->canAlterItem($itemid))\r
+ $this->action_itemcommentlist($itemid);\r
+ else\r
+ $this->action_browseowncomments();\r
+\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_commentdelete() {\r
+ global $member, $manager;\r
+\r
+ $commentid = intRequestVar('commentid');\r
+\r
+ $member->canAlterComment($commentid) or $this->disallow();\r
+\r
+ $comment = COMMENT::getComment($commentid);\r
+\r
+ $body = strip_tags($comment['body']);\r
+ $body = htmlspecialchars(shorten($body, 300, '...'));\r
+\r
+ if ($comment['member'])\r
+ $author = $comment['member'];\r
+ else\r
+ $author = $comment['user'];\r
+\r
+ $this->pagehead();\r
+ ?>\r
+\r
+ <h2><?php echo _DELETE_CONFIRM?></h2>\r
+\r
+ <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
+\r
+ <div class="note">\r
+ <b><?php echo _EDITC_WHO?>:</b> <?php echo $author ?>\r
+ <br />\r
+ <b><?php echo _EDITC_TEXT?>:</b> <?php echo $body ?>\r
+ </div>\r
+\r
+ <form method="post" action="index.php"><div>\r
+ <input type="hidden" name="action" value="commentdeleteconfirm" />\r
+ <?php $manager->addTicketHidden() ?>\r
+ <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" />\r
+ <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
+ </div></form>\r
+ <?php\r
+ $this->pagefoot();\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_commentdeleteconfirm() {\r
+ global $member;\r
+\r
+ $commentid = intRequestVar('commentid');\r
+\r
+ // get item id first\r
+ $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
+ $o = sql_fetch_object($res);\r
+ $itemid = $o->citem;\r
+\r
+ $error = $this->deleteOneComment($commentid);\r
+ if ($error)\r
+ $this->doError($error);\r
+\r
+ if ($member->canAlterItem($itemid))\r
+ $this->action_itemcommentlist($itemid);\r
+ else\r
+ $this->action_browseowncomments();\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function deleteOneComment($commentid) {\r
+ global $member, $manager;\r
+\r
+ $commentid = intval($commentid);\r
+\r
+ if (!$member->canAlterComment($commentid))\r
+ return _ERROR_DISALLOWED;\r
+\r
+ $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
+\r
+ // delete the comments associated with the item\r
+ $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
+ sql_query($query);\r
+\r
+ $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
+\r
+ return '';\r
+ }\r
+\r
+ /**\r
+ * Usermanagement main\r
+ */\r
+ function action_usermanagement() {\r
+ global $member, $manager;\r
+\r
+ // check if allowed\r
+ $member->isAdmin() or $this->disallow();\r
+\r
+ $this->pagehead();\r
+\r
+ echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
+\r
+ echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
+\r
+ echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
+\r
+ // show list of members with actions\r
+ $query = 'SELECT *'\r
+ . ' FROM '.sql_table('member');\r
+ $template['content'] = 'memberlist';\r
+ $template['tabindex'] = 10;\r
+\r
+ $manager->loadClass("ENCAPSULATE");\r
+ $batch =& new BATCH('member');\r
+ $batch->showlist($query,'table',$template);\r
+\r
+ echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
+ ?>\r
+ <form method="post" action="index.php" name="memberedit"><div>\r
+\r
+ <input type="hidden" name="action" value="memberadd" />\r
+ <?php $manager->addTicketHidden() ?>\r
+\r
+ <table>\r
+ <tr>\r
+ <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
+ <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
+ </td>\r
+ <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_REALNAME?></td>\r
+ <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_PWD?></td>\r
+ <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_REPPWD?></td>\r
+ <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_EMAIL?></td>\r
+ <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_URL?></td>\r
+ <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
+ <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
+ <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_NOTES?></td>\r
+ <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_NEW?></td>\r
+ <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
+ </tr></table>\r
+\r
+ </div></form>\r
+ <?php\r
+ $this->pagefoot();\r
+ }\r
+\r
+ /**\r
+ * Edit member settings\r
+ */\r
+ function action_memberedit() {\r
+ $this->action_editmembersettings(intRequestVar('memberid'));\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_editmembersettings($memberid = '') {\r
+ global $member, $manager, $CONF;\r
+\r
+ if ($memberid == '')\r
+ $memberid = $member->getID();\r
+\r
+ // check if allowed\r
+ ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
+\r
+ $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+ $this->pagehead($extrahead);\r
+\r
+ // show message to go back to member overview (only for admins)\r
+ if ($member->isAdmin())\r
+ echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
+ else\r
+ echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
+\r
+ echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
+\r
+ $mem = MEMBER::createFromID($memberid);\r
+\r
+ ?>\r
+ <form method="post" action="index.php" name="memberedit"><div>\r
+\r
+ <input type="hidden" name="action" value="changemembersettings" />\r
+ <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" />\r
+ <?php $manager->addTicketHidden() ?>\r
+\r
+ <table><tr>\r
+ <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
+ <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
+ </td>\r
+ <td>\r
+ <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
+ <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo htmlspecialchars($mem->getDisplayName()); ?>" />\r
+ <?php } else {\r
+ echo htmlspecialchars($member->getDisplayName());\r
+ }\r
+ ?>\r
+ </td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_REALNAME?></td>\r
+ <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo htmlspecialchars($mem->getRealName()); ?>" /></td>\r
+ </tr><tr>\r
+ <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
+ <td><?php echo _MEMBERS_PWD?></td>\r
+ <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_REPPWD?></td>\r
+ <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
+ <?php } ?>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_EMAIL?>\r
+ <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
+ </td>\r
+ <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo htmlspecialchars($mem->getEmail()); ?>" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_URL?></td>\r
+ <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getURL()); ?>" /></td>\r
+ <?php // only allow to change this by super-admins\r
+ // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
+ if ($member->isAdmin()) {\r
+ ?>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
+ <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
+ <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>\r
+ <?php } ?>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_NOTES?></td>\r
+ <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getNotes()); ?>" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
+ </td>\r
+ <td>\r
+\r
+ <select name="deflang" tabindex="85">\r
+ <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
+ <?php // show a dropdown list of all available languages\r
+ global $DIR_LANG;\r
+ $dirhandle = opendir($DIR_LANG);\r
+ while ($filename = readdir($dirhandle))\r
+ {\r
+ # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+ # original ereg: ereg("^(.*)\.php$", $filename, $matches)\r
+ if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
+ {\r
+ $name = $matches[1];\r
+ echo "<option value=\"$name\"";\r
+ if ($name == $mem->getLanguage() )\r
+ {\r
+ echo " selected=\"selected\"";\r
+ }\r
+ echo ">$name</option>";\r
+ }\r
+ }\r
+ closedir($dirhandle);\r
+ \r
+ ?>\r
+ </select>\r
+\r
+ </td>\r
+ </tr>\r
+ <tr>\r
+ <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td>\r
+ <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td>\r
+ </tr>\r
+ <?php\r
+ // plugin options\r
+ $this->_insertPluginOptions('member',$memberid);\r
+ ?>\r
+ <tr>\r
+ <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_EDIT?></td>\r
+ <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
+ </tr></table>\r
+\r
+ </div></form>\r
+\r
+ <?php\r
+ echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
+\r
+ $manager->notify(\r
+ 'MemberSettingsFormExtras',\r
+ array(\r
+ 'member' => &$mem\r
+ )\r
+ );\r
+\r
+ $this->pagefoot();\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_changemembersettings() {\r
+ global $member, $CONF, $manager;\r
+\r
+ $memberid = intRequestVar('memberid');\r
+\r
+ // check if allowed\r
+ ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
+\r
+ $name = trim(strip_tags(postVar('name')));\r
+ $realname = trim(strip_tags(postVar('realname')));\r
+ $password = postVar('password');\r
+ $repeatpassword = postVar('repeatpassword');\r
+ $email = strip_tags(postVar('email'));\r
+ $url = strip_tags(postVar('url'));\r
+\r
+ # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+ # original eregi: !eregi("^https?://", $url)\r
+ // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.\r
+ if (!preg_match('#^https?://#', $url) )\r
+ {\r
+ $url = "http://" . $url;\r
+ }\r
+ $admin = postVar('admin');\r
+ $canlogin = postVar('canlogin');\r
+ $notes = strip_tags(postVar('notes'));\r
+ $deflang = postVar('deflang');\r
+\r
+ $mem = MEMBER::createFromID($memberid);\r
+\r
+ if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
+\r
+ if (!isValidDisplayName($name))\r
+ $this->error(_ERROR_BADNAME);\r
+\r
+ if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
+ $this->error(_ERROR_NICKNAMEINUSE);\r
+\r
+ if ($password != $repeatpassword)\r
+ $this->error(_ERROR_PASSWORDMISMATCH);\r
+\r
+ if ($password && (strlen($password) < 6))\r
+ $this->error(_ERROR_PASSWORDTOOSHORT);\r
+\r
+ if ($password) {\r
+ $pwdvalid = true;\r
+ $pwderror = '';\r
+ $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
+ if (!$pwdvalid) {\r
+ $this->error($pwderror);\r
+ }\r
+ }\r
+ }\r
+\r
+ if (!isValidMailAddress($email))\r
+ $this->error(_ERROR_BADMAILADDRESS);\r
+\r
+\r
+ if (!$realname)\r
+ $this->error(_ERROR_REALNAMEMISSING);\r
+\r
+ if (($deflang != '') && (!checkLanguage($deflang)))\r
+ $this->error(_ERROR_NOSUCHLANGUAGE);\r
+\r
+ // check if there will remain at least one site member with both the logon and admin rights\r
+ // (check occurs when taking away one of these rights from such a member)\r
+ if ( (!$admin && $mem->isAdmin() && $mem->canLogin())\r
+ || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
+ )\r
+ {\r
+ $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
+ if (sql_num_rows($r) < 2)\r
+ $this->error(_ERROR_ATLEASTONEADMIN);\r
+ }\r
+\r
+ if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
+ $mem->setDisplayName($name);\r
+ if ($password)\r
+ $mem->setPassword($password);\r
+ }\r
+\r
+ $oldEmail = $mem->getEmail();\r
+\r
+ $mem->setRealName($realname);\r
+ $mem->setEmail($email);\r
+ $mem->setURL($url);\r
+ $mem->setNotes($notes);\r
+ $mem->setLanguage($deflang);\r
+\r
+\r
+ // only allow super-admins to make changes to the admin status\r
+ if ($member->isAdmin()) {\r
+ $mem->setAdmin($admin);\r
+ $mem->setCanLogin($canlogin);\r
+ }\r
+\r
+ $autosave = postVar ('autosave');\r
+ $mem->setAutosave($autosave);\r
+\r
+ $mem->write();\r
+\r
+ // store plugin options\r
+ $aOptions = requestArray('plugoption');\r
+ NucleusPlugin::_applyPluginOptions($aOptions);\r
+ $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
+\r
+ // if email changed, generate new password\r
+ if ($oldEmail != $mem->getEmail())\r
+ {\r
+ $mem->sendActivationLink('addresschange', $oldEmail);\r
+ // logout member\r
+ $mem->newCookieKey();\r
+\r
+ // only log out if the member being edited is the current member.\r
+ if ($member->getID() == $memberid)\r
+ $member->logout();\r
+ $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
+ return;\r
+ }\r
+\r
+\r
+ if ( ( $mem->getID() == $member->getID() )\r
+ && ( $mem->getDisplayName() != $member->getDisplayName() )\r
+ ) {\r
+ $mem->newCookieKey();\r
+ $member->logout();\r
+ $this->action_login(_MSG_LOGINAGAIN, 0);\r
+ } else {\r
+ $this->action_overview(_MSG_SETTINGSCHANGED);\r
+ }\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function action_memberadd() {\r
+ global $member, $manager;\r
+\r
+ // check if allowed\r
+ $member->isAdmin() or $this->disallow();\r
+\r
+ if (postVar('password') != postVar('repeatpassword'))\r
+ $this->error(_ERROR_PASSWORDMISMATCH);\r
+ if (strlen(postVar('password')) < 6)\r
+ $this->error(_ERROR_PASSWORDTOOSHORT);\r
+\r
+ $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
+ if ($res != 1)\r
+ $this->error($res);\r
+\r
+ // fire PostRegister event\r
+ $newmem = new MEMBER();\r
+ $newmem->readFromName(postVar('name'));\r
+ $manager->notify('PostRegister',array('member' => &$newmem));\r
+\r
+ $this->action_usermanagement();\r
+ }\r
+\r
+ /**\r
+ * Account activation\r
+ *\r
+ * @author dekarma\r
+ */\r
+ function action_activate() {\r
+\r
+ $key = getVar('key');\r
+ $this->_showActivationPage($key);\r
+ }\r
+\r
+ /**\r
+ * @todo document this\r
+ */\r
+ function _showActivationPage($key, $message = '')\r
+ {\r
+ global $manager;\r
+\r
+ // clean up old activation keys\r
+ MEMBER::cleanupActivationTable();\r
+\r
+ // get activation info\r
+ $info = MEMBER::getActivationInfo($key);\r
+\r
+ if (!$info)\r
+ $this->error(_ERROR_ACTIVATE);\r
+\r
+ $mem = MEMBER::createFromId($info->vmember);\r
+\r
+ if (!$mem)\r
+ $this->error(_ERROR_ACTIVATE);\r
+\r
+ $text = '';\r
+ $title = '';\r
+ $bNeedsPasswordChange = true;\r
+\r
+ switch ($info->vtype)\r
+ {\r
+ case 'forgot':\r
+ $title = _ACTIVATE_FORGOT_TITLE;\r
+ $text = _ACTIVATE_FORGOT_TEXT;\r
+ break;\r
+ case 'register':\r
+ $title = _ACTIVATE_REGISTER_TITLE;\r
+ $text = _ACTIVATE_REGISTER_TEXT;\r
+ break;\r
+ case 'addresschange':\r
+ $title = _ACTIVATE_CHANGE_TITLE;\r
+ $text = _ACTIVATE_CHANGE_TEXT;\r
+ $bNeedsPasswordChange = false;\r
+ MEMBER::activate($key);\r
+ break;\r
+ }\r
+\r
+ $aVars = array(\r
+ 'memberName' => htmlspecialchars($mem->getDisplayName())\r
+ );\r
+ $title = TEMPLATE::fill($title, $aVars);\r
+ $text = TEMPLATE::fill($text, $aVars);\r
+\r
+ $this->pagehead();\r
+\r
+ echo '<h2>' , $title, '</h2>';\r
+ echo '<p>' , $text, '</p>';\r
+\r
+ if ($message != '')\r
+ {\r
+ echo '<p class="error">',$message,'</p>';\r
+ }\r
+\r
+ if ($bNeedsPasswordChange)\r
+ {\r
+ ?>\r
+ <div><form action="index.php" method="post">\r
+\r
+ <input type="hidden" name="action" value="activatesetpwd" />\r
+ <?php $manager->addTicketHidden() ?>\r
+ <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
+\r
+ <table><tr>\r
+ <td><?php echo _MEMBERS_PWD?></td>\r
+ <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
+ </tr><tr>\r
+ <td><?php echo _MEMBERS_REPPWD?></td>\r
+ <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
+ <?php\r