OSDN Git Service

merged 3.2 original code
authorkimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Sat, 12 Mar 2005 06:19:07 +0000 (06:19 +0000)
committerkimitake <kimitake@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Sat, 12 Mar 2005 06:19:07 +0000 (06:19 +0000)
git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/nucleus-jp/trunk@32 1ca29b6e-896d-4ea0-84a5-967f57386b96

63 files changed:
utf8/action.php
utf8/atom.php
utf8/nucleus/bookmarklet.php
utf8/nucleus/forgotpassword.html
utf8/nucleus/forms/additemform.template
utf8/nucleus/forms/commentform-loggedin.template
utf8/nucleus/forms/commentform-notloggedin.template
utf8/nucleus/forms/membermailform-loggedin.template
utf8/nucleus/forms/membermailform-notloggedin.template
utf8/nucleus/forms/nucleusbutton.template
utf8/nucleus/index.php
utf8/nucleus/javascript/admin.js
utf8/nucleus/javascript/bookmarklet.js
utf8/nucleus/javascript/compatibility.js
utf8/nucleus/javascript/edit.js
utf8/nucleus/javascript/numbercheck.js
utf8/nucleus/javascript/opennew.js
utf8/nucleus/javascript/templateEdit.js
utf8/nucleus/language/english.php
utf8/nucleus/language/japanese-utf8.php
utf8/nucleus/libs/ACTION.php
utf8/nucleus/libs/ACTIONLOG.php
utf8/nucleus/libs/ADMIN.php
utf8/nucleus/libs/BAN.php
utf8/nucleus/libs/BLOG.php
utf8/nucleus/libs/COMMENT.php
utf8/nucleus/libs/COMMENTS.php
utf8/nucleus/libs/ITEM.php
utf8/nucleus/libs/MANAGER.php
utf8/nucleus/libs/MEDIA.php
utf8/nucleus/libs/MEMBER.php
utf8/nucleus/libs/NOTIFICATION.php
utf8/nucleus/libs/PAGEFACTORY.php
utf8/nucleus/libs/PARSER.php
utf8/nucleus/libs/PLUGIN.php
utf8/nucleus/libs/PLUGINADMIN.php
utf8/nucleus/libs/SEARCH.php
utf8/nucleus/libs/SKIN.php
utf8/nucleus/libs/TEMPLATE.php
utf8/nucleus/libs/backup.php
utf8/nucleus/libs/include/admin-add.template
utf8/nucleus/libs/include/admin-edit.template
utf8/nucleus/libs/include/bookmarklet-add.template
utf8/nucleus/libs/include/bookmarklet-edit.template
utf8/nucleus/libs/skinie.php
utf8/nucleus/libs/vars4.0.6.php
utf8/nucleus/libs/vars4.1.0.php
utf8/nucleus/libs/xmlrpcs.inc.php
utf8/nucleus/media.php
utf8/nucleus/styles/addedit.css
utf8/nucleus/styles/bookmarklet.css
utf8/nucleus/styles/manual.css
utf8/nucleus/styles/popups.css
utf8/nucleus/xmlrpc/api_blogger.inc.php
utf8/nucleus/xmlrpc/api_metaweblog.inc.php
utf8/nucleus/xmlrpc/api_mt.inc.php
utf8/nucleus/xmlrpc/api_nucleus.inc.php
utf8/nucleus/xmlrpc/server.php
utf8/rsd.php
utf8/skins/atom/skinbackup.xml
utf8/skins/grey/grey.css
utf8/skins/rss2.0/skinbackup.xml
utf8/xml-rss2.php

index f027ae3..de6628e 100755 (executable)
@@ -1,7 +1,7 @@
 <?php\r
 /** \r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
   *\r
   * File containing actions that can be performed by visitors of the site,\r
   * like adding comments, etc...\r
+  *\r
+  * $Id: action.php,v 1.4 2005-03-12 06:19:03 kimitake Exp $\r
   */\r
 \r
 $CONF = array();\r
 include('./config.php');                       // common functions\r
+include_once($DIR_LIBS . 'ACTION.php');\r
 \r
 $action = requestVar('action');\r
-switch($action) {\r
-       case 'addcomment':\r
-               addComment();\r
-               break;\r
-       case 'sendmessage':\r
-               sendMessage();\r
-               break;\r
-       case 'createaccount':\r
-               createAccount();\r
-               break;          \r
-       case 'forgotpassword':\r
-               forgotPassword();\r
-               break;\r
-       case 'votepositive':\r
-               doKarma('pos');\r
-               break;\r
-       case 'votenegative':\r
-               doKarma('neg');\r
-               break;\r
-       case 'plugin':\r
-               callPlugin();\r
-               break;\r
-       default:\r
-               doError(_ERROR_BADACTION);\r
-}\r
-\r
-function addComment() {\r
-       global $CONF, $errormessage, $manager;\r
-       \r
-       $post['itemid'] =       intPostVar('itemid');\r
-       $post['user'] =         postVar('user');\r
-       $post['userid'] =       postVar('userid');\r
-       $post['body'] =         postVar('body');\r
-       \r
-       \r
-       // set cookies when required\r
-       $remember = intPostVar('remember');\r
-       if ($remember == 1) {\r
-               $lifetime = time()+2592000;\r
-               setcookie('comment_user',$post['user'],$lifetime,'/','',0);\r
-               setcookie('comment_userid', $post['userid'],$lifetime,'/','',0);\r
-       }\r
-\r
-       $comments = new COMMENTS($post['itemid']);\r
-\r
-       $blogid = getBlogIDFromItemID($post['itemid']);\r
-       checkban($blogid);\r
-       $blog =& $manager->getBlog($blogid);\r
-\r
-       // note: PreAddComment and PostAddComment gets called somewhere inside addComment\r
-       $errormessage = $comments->addComment($blog->getCorrectTime(),$post);\r
-       \r
-       if ($errormessage == '1') {             \r
-               // redirect when adding comments succeeded\r
-               if (postVar('url')) {\r
-                               redirect(postVar('url'));\r
-               } else {\r
-                       $url = createItemLink($post['itemid']);\r
-                               redirect($url);\r
-               }\r
-       } else {\r
-               // else, show error message using default skin for blog\r
-               doError($errormessage, new SKIN($blog->getDefaultSkin()));\r
-       }\r
-}\r
-\r
-// Sends a message from the current member to the member given as argument\r
-function sendMessage() {\r
-       global $CONF, $member;\r
-       \r
-    $error = validateMessage();\r
-       if ($error != '')\r
-               doError($error);\r
-               \r
-       if (!$member->isLoggedIn()) {\r
-               $fromMail = postVar('frommail');\r
-               if (!isValidMailAddress($fromMail))\r
-                       doError(_ERROR_BADMAILADDRESS);\r
-               $fromName = _MMAIL_FROMANON;\r
-       } else {\r
-               $fromMail = $member->getEmail();\r
-               $fromName = $member->getDisplayName();\r
-       }\r
-               \r
-       $tomem = new MEMBER();\r
-       $tomem->readFromId(postVar('memberid'));\r
-\r
-       $message  = _MMAIL_MSG . ' ' . $fromName . "\n"\r
-                 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"\r
-                 . _MMAIL_MAIL . " \n\n"\r
-                 . postVar('message');\r
-       $message .= getMailFooter();\r
-\r
-       $title = _MMAIL_TITLE . ' ' . $fromName;\r
-//     mail($tomem->getEmail(), $title, $message, 'From: '. $fromMail);\r
-       mb_language('ja');\r
-       mb_internal_encoding(_CHARSET);\r
-       @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);\r
-\r
-       if (postVar('url')) {\r
-                       redirect(postVar('url'));\r
-       } else {\r
-               $CONF['MemberURL'] = $CONF['IndexURL'];\r
-               if ($CONF['URLMode'] == 'pathinfo')\r
-                       $url = createMemberLink($tomem->getID());\r
-               else\r
-                       $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());\r
-               redirect($url);\r
-       }\r
-\r
-}\r
-\r
-       function validateMessage() {\r
-               global $CONF, $member, $manager;\r
-\r
-               if (!$CONF['AllowMemberMail']) \r
-                       return _ERROR_MEMBERMAILDISABLED;\r
-\r
-               if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])\r
-                       return _ERROR_DISALLOWED;\r
-\r
-               if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))\r
-                       return _ERROR_BADMAILADDRESS;\r
-                       \r
-               // let plugins do verification (any plugin which thinks the comment is invalid\r
-               // can change 'error' to something other than '')\r
-               $result = '';\r
-               $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));\r
-               \r
-               return $result;\r
-               \r
-       }\r
-\r
-\r
-// creates a new user account\r
-function createAccount() {\r
-       global $CONF, $manager;\r
-       \r
-       if (!$CONF['AllowMemberCreate']) \r
-               doError(_ERROR_MEMBERCREATEDISABLED);\r
-\r
-       // create random password\r
-       $pw = genPassword(10);\r
-       // create member (non admin/can login/no notes)\r
-       $r = MEMBER::create(postVar('name'), postVar('realname'), $pw, postVar('email'), postVar('url'), 0, $CONF['NewMemberCanLogon'], '');\r
-       if ($r != 1)\r
-               doError($r);\r
-       // send message containing password.\r
-       $newmem = new MEMBER();\r
-       $newmem->readFromName(postVar('name'));\r
-       $newmem->sendPassword($pw);\r
 \r
-       $manager->notify('PostRegister',array('member' => &$newmem));           \r
+$a =& new ACTION();\r
+$errorInfo = $a->doAction($action);\r
 \r
-       if (postVar('desturl')) {\r
-               redirect(postVar('desturl'));\r
-       } else {\r
-               header ("Content-Type: text/html; charset="._CHARSET);\r
-               echo _MSG_ACCOUNTCREATED;\r
-       }\r
+if ($errorInfo)\r
+{\r
+       doError($errorInfo['message'], new SKIN($errorInfo['skinid'])); \r
 }\r
 \r
-// sends a new password \r
-function forgotPassword() {\r
-       $membername = trim(postVar('name'));\r
-       \r
-       if (!MEMBER::exists($membername))\r
-               doError(_ERROR_NOSUCHMEMBER);\r
-       $mem = MEMBER::createFromName($membername);\r
-       \r
-       // check if e-mail address is correct\r
-       if (!($mem->getEmail() == postVar('email')))\r
-               doError(_ERROR_INCORRECTEMAIL);\r
-       \r
-       $pw = genPassword(10);\r
-       $mem->setPassword($pw); // change password\r
-       $mem->write();                  // save\r
-       $mem->sendPassword($pw);// send\r
-       \r
-       if (postVar('url')) {\r
-               redirect(postVar('url'));\r
-       } else {\r
-               header ("Content-Type: text/html; charset="._CHARSET);\r
-               echo _MSG_PASSWORDSENT;\r
-       }\r
-}\r
-\r
-// handle karma votes\r
-function doKarma($type) {\r
-       global $itemid, $member, $CONF, $manager;\r
-\r
-       // check if itemid exists\r
-       if (!$manager->existsItem($itemid,0,0)) \r
-               doError(_ERROR_NOSUCHITEM);\r
-\r
-       $blogid = getBlogIDFromItemID($itemid);\r
-       checkban($blogid);      \r
-               \r
-       $karma =& $manager->getKarma($itemid);\r
-       \r
-       // check if not already voted\r
-       if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) \r
-               doError(_ERROR_VOTEDBEFORE);            \r
-               \r
-       // check if item does allow voting\r
-       $item =& $manager->getItem($itemid,0,0);\r
-       if ($item['closed'])\r
-               doError(_ERROR_ITEMCLOSED);\r
-       \r
-       switch($type) {\r
-               case 'pos': \r
-                       $karma->votePositive();\r
-                       break;\r
-               case 'neg':\r
-                       $karma->voteNegative();\r
-                       break;\r
-       }\r
-       \r
-       $blogid = getBlogIDFromItemID($itemid);\r
-       $blog =& $manager->getBlog($blogid);\r
-       \r
-       // send email to notification address, if any\r
-       if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {\r
-\r
-               $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";\r
-               $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";\r
-               if ($member->isLoggedIn()) {\r
-                       $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";\r
-               }\r
-               $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";\r
-               $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";\r
-               $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";\r
-               $mailto_msg .= getMailFooter();\r
-\r
-               $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';\r
-\r
-               $frommail = $member->getNotifyFromMailAddress();\r
-\r
-               $notify = new NOTIFICATION($blog->getNotifyAddress());\r
-               $notify->notify($mailto_title, $mailto_msg , $frommail);\r
-       }\r
-       \r
-       \r
-       $refererUrl = serverVar('HTTP_REFERER');\r
-       if ($refererUrl)\r
-               $url = $refererUrl;\r
-       else\r
-               $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;\r
-\r
-       redirect($url); \r
-}\r
-\r
-/**\r
-  * Calls a plugin action\r
-  */\r
-function callPlugin() {\r
-       global $manager;\r
-       \r
-       $pluginName = 'NP_' . requestVar('name');\r
-       $actionType = requestVar('type');\r
-       \r
-       // 1: check if plugin is installed\r
-       if (!$manager->pluginInstalled($pluginName))\r
-               doError(_ERROR_NOSUCHPLUGIN);\r
-       \r
-       // 2: call plugin\r
-       $pluginObject =& $manager->getPlugin($pluginName);\r
-       if ($pluginObject)\r
-               $error = $pluginObject->doAction($actionType);\r
-       else\r
-               $error = 'Could not load plugin (see actionlog)';\r
-       \r
-       // doAction returns error when:\r
-       // - an error occurred (duh)\r
-       // - no actions are allowed (doAction is not implemented)\r
-       if ($error)\r
-               doError($error);\r
-       \r
-}\r
-\r
-function checkban($blogid) {\r
-       // check if banned\r
-       $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));\r
-       if ($ban != 0) {\r
-               doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);\r
-       }\r
-\r
-}\r
-\r
-\r
-\r
-?>\r
+?>
\ No newline at end of file
index 7d569b2..1dbe816 100755 (executable)
@@ -2,7 +2,7 @@
 \r
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
index 15e9fde..13c44fe 100755 (executable)
@@ -1,7 +1,7 @@
 <?php\r
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -11,6 +11,9 @@
   *\r
   * This script allows adding items to Nucleus through bookmarklets. The member must be logged in\r
   * in order to use this.\r
+  *\r
+  * $Id: bookmarklet.php,v 1.3 2005-03-12 06:19:03 kimitake Exp $\r
+  $ $NucleusJP$\r
   */\r
 \r
 // bookmarklet is part of admin area (might need XML-RPC)\r
@@ -40,6 +43,16 @@ if ($action == '')
        \r
 sendContentType('application/xhtml+xml', 'bookmarklet-'.$action);      \r
 \r
+// check ticket\r
+$action = strtolower($action);\r
+$aActionsNotToCheck = array('login', 'add', 'edit');\r
+if (!in_array($action, $aActionsNotToCheck))\r
+{\r
+       if (!$manager->checkTicket())\r
+               bm_doError(_ERROR_BADTICKET);\r
+} \r
+\r
+\r
 // find out what to do\r
 switch ($action) {\r
        case 'additem':\r
@@ -61,7 +74,7 @@ switch ($action) {
 }\r
        \r
 function bm_doAddItem() {\r
-       global $member, $manager;\r
+       global $member, $manager, $CONF;\r
        \r
        $manager->loadClass('ITEM');\r
        $result = ITEM::createFromRequest();\r
@@ -77,7 +90,8 @@ function bm_doAddItem() {
                $extrahead = '';\r
        } elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland()) {\r
                $message = 'アイテムの追加に成功しました。現在weblogs.comにpingを送っています。しばらくの間お待ちください...';\r
-               $extrahead = '<meta http-equiv="refresh" content="1; url=index.php?action=sendping&amp;blogid=' . $blogid . '" />';\r
+               $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));\r
+               $extrahead = '<meta http-equiv="refresh" content="1; url=' . htmlspecialchars($pingUrl). '" />';\r
        } else {\r
                $message = _ITEM_ADDED;\r
                $extrahead = '';\r
@@ -310,4 +324,4 @@ function toUtf8($ar){
   return $c;\r
 }\r
 \r
-?>
\ No newline at end of file
+?>\r
index 6e505cb..c1f7a90 100755 (executable)
@@ -18,7 +18,7 @@
                        <h2>パスワードを忘れましたか?</h2>\r
 \r
                        <p>\r
-                       以下にユーザー名とメールアドレスを入力してください。あたらしいパスワードがメールで送信されます。\r
+                       以下にユーザー名とメールアドレスを入力してください。新しいパスワードを選択するページへのリンクの入ったメールが送信されます。\r
                        </p>\r
 \r
                        <form method="post" action="../action.php"><p>\r
@@ -32,7 +32,7 @@
                                <input name="email" />\r
                                <br />\r
                                <br />\r
-                               <input type="submit" value="パスワードを送信する" class="transparent" />\r
+                               <input type="submit" value="認証リンクの送信" class="transparent" />\r
                        </p></form>\r
 \r
                        <p>\r
@@ -41,7 +41,7 @@
 \r
 \r
                        <div class="foot">\r
-                               <a href="http://nucleuscms.org/">Nucleus &copy; 2002-2005 The Nucleus Group</a>\r
+                               <a href="http://nucleuscms.org/">Nucleus &copy; 2001-2005 The Nucleus Group</a>\r
                        </div>\r
 \r
                </div><!-- content -->\r
index 5c9e276..5c671f3 100755 (executable)
@@ -24,5 +24,6 @@
        onkeypress="shortCuts();"       ></textarea>\r
    <br />\r
    <span class="shortcuts">[ctrl+shift+A]&nbsp;=&nbsp;Link, [ctrl+shift+B]&nbsp;=&nbsp;Bold, [ctrl+shift+I]&nbsp;=&nbsp;Italic, [ctrl+shift+M]&nbsp;=&nbsp;Insert&nbsp;Media.</span>\r
+   <%callback(FormExtra,additemform)%> \r
  </div>\r
 </form>
\ No newline at end of file
index 042dcaf..89dfa4a 100755 (executable)
@@ -1,15 +1,19 @@
-<form method="post" action="<%formdata(actionurl)%>">\r
+<a id="nucleus_cf"></a>\r
+<form method="post" action="#nucleus_cf">\r
   <div class="commentform">\r
+       <%errordiv%>\r
+       \r
        <input type="hidden" name="action" value="addcomment" />\r
        <input type="hidden" name="url" value="<%formdata(destinationurl)%>" />\r
        <input type="hidden" name="itemid" value="<%itemid%>" />\r
        <label for="nucleus_cf_body"><%text(_COMMENTFORM_COMMENT)%></label>:\r
        <br />\r
-       <textarea name="body" class="formfield" cols="40" rows="10" id="nucleus_cf_body"></textarea>\r
+       <textarea name="body" class="formfield" cols="40" rows="10" id="nucleus_cf_body"><%formdata(body)%></textarea>\r
        <br />\r
        <%text(_COMMENTFORM_YOUARE)%> <%formdata(membername)%>\r
        <small>(<a href="?action=logout"><%text(_LOGOUT)%></a>)</small>\r
        <br />\r
        <input type="submit" value="<%text(_COMMENTFORM_SUBMIT)%>" class="formbutton" />\r
+       <%callback(FormExtra,commentform-loggedin)%>    \r
   </div>\r
 </form>
\ No newline at end of file
index 00f5ee2..617eb0e 100755 (executable)
@@ -1,15 +1,22 @@
-<form method="post" action="<%formdata(actionurl)%>">\r
+<a id="nucleus_cf"></a>\r
+<form method="post" action="#nucleus_cf"> \r
   <div class="commentform">\r
+\r
+       <%errordiv%>\r
+\r
        <input type="hidden" name="action" value="addcomment" />\r
        <input type="hidden" name="url" value="<%formdata(destinationurl)%>" />\r
        <input type="hidden" name="itemid" value="<%itemid%>" />\r
        <label for="nucleus_cf_body"><%text(_COMMENTFORM_COMMENT)%></label>:\r
        <br />\r
-       <textarea name="body" class="formfield" cols="40" rows="10" id="nucleus_cf_body"></textarea>\r
+       <textarea name="body" class="formfield" cols="40" rows="10" id="nucleus_cf_body"><%formdata(body)%></textarea>\r
        <br />\r
        <label for="nucleus_cf_name"><%text(_COMMENTFORM_NAME)%></label>: <input name="user" size="40" maxlength="40" value="<%formdata(user)%>" class="formfield" id="nucleus_cf_name" />\r
        <br />\r
        <label for="nucleus_cf_mail"><%text(_COMMENTFORM_MAIL)%></label>: <input name="userid" size="40" maxlength="60" value="<%formdata(userid)%>" class="formfield" id="nucleus_cf_mail" />\r
+\r
+       <%callback(FormExtra,commentform-notloggedin)%> \r
+       \r
        <br />\r
        <input type="checkbox" value="1" name="remember" id="nucleus_cf_remember" <%formdata(rememberchecked)%> /><label for="nucleus_cf_remember"><%text(_COMMENTFORM_REMEMBER)%></label>\r
        <br />\r
index 909308f..12e51ee 100755 (executable)
@@ -1,12 +1,19 @@
-<form method="post" action="<%formdata(actionurl)%>">\r
+<a id="nucleus_mf"></a>\r
+<form method="post" action="#nucleus_mf">\r
   <div class="mailform">\r
+       <%errordiv%>\r
+  \r
        <input type="hidden" name="memberid" value="<%formdata(memberid)%>" />\r
        <input type="hidden" name="action" value="sendmessage" />\r
 \r
        <input type="hidden" name="url" value="<%formdata(url)%>" />\r
 \r
-       <textarea name="message" class="formfield" rows="<%formdata(rows)%>" cols="<%formdata(cols)%>"></textarea>\r
+       <textarea name="message" class="formfield" rows="<%formdata(rows)%>" cols="<%formdata(cols)%>"><%formdata(message)%></textarea>\r
+\r
+       <%callback(FormExtra,membermailform-loggedin)%> \r
+       \r
        <br />\r
        <input type="submit" value="<%text(_MEMBERMAIL_SUBMIT)%>" class="formbutton" />\r
+       \r
   </div>\r
 </form>                \r
index 5073a6f..ba73ca3 100755 (executable)
@@ -1,13 +1,19 @@
-<form method="post" action="<%formdata(actionurl)%>">\r
+<a id="nucleus_mf"></a>\r
+<form method="post" action="#nucleus_mf">\r
   <div class="mailform">\r
+       <%errordiv%>\r
+       \r
        <input type="hidden" name="memberid" value="<%formdata(memberid)%>" />\r
        <input type="hidden" name="action" value="sendmessage" />\r
 \r
        <input type="hidden" name="url" value="<%formdata(url)%>" />\r
 \r
-       <textarea name="message" class="formfield" rows="<%formdata(rows)%>" cols="<%formdata(cols)%>"></textarea>\r
+       <textarea name="message" class="formfield" rows="<%formdata(rows)%>" cols="<%formdata(cols)%>"><%formdata(message)%></textarea>\r
        <br />\r
-       <%text(_MEMBERMAIL_MAIL)%><input type="text" name="frommail" class="formfield" />\r
+       <%text(_MEMBERMAIL_MAIL)%><input type="text" name="frommail" class="formfield" value="<%formdata(frommail)%>" />\r
+       \r
+       <%callback(FormExtra,membermailform-notloggedin)%>      \r
+       \r
        <br />\r
        <input type="submit" value="<%text(_MEMBERMAIL_SUBMIT)%>" class="formbutton" />\r
   </div>\r
index 2da4197..dbda482 100755 (executable)
@@ -1,3 +1,3 @@
 <div class="nucleusbutton">\r
-<a href="http://nucleuscms.org/"><img src="<%formdata(imgurl)%>" width="<%formdata(imgwidth)%>" height="<%formdata(imgheight)%>" alt="Powered by Nucleus" /></a>\r
+<a href="http://nucleuscms.org/"><img src="<%formdata(imgurl)%>" width="<%formdata(imgwidth)%>" height="<%formdata(imgheight)%>" alt="Powered by Nucleus CMS" /></a>\r
 </div>\r
index 9ba1101..7efc256 100755 (executable)
@@ -1,13 +1,16 @@
 <?php\r
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
   * as published by the Free Software Foundation; either version 2\r
   * of the License, or (at your option) any later version.\r
   * (see nucleus/documentation/index.html#license for more info)\r
+  *\r
+  * $Id: index.php,v 1.3 2005-03-12 06:19:03 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
        // we are using admin stuff:\r
        $CONF = array();\r
                }\r
        }\r
 \r
-       if (!$member->isLoggedIn() || ($action == 'logout')) {\r
-               $HTTP_POST_VARS['oldaction'] = $action; // see ADMIN::login()\r
-               $_POST['oldaction'] = $action;\r
-               $action = "showlogin";\r
-       }\r
+       $bNeedsLogin = false;\r
+       $bIsActivation = in_array($action, array('activate', 'activatesetpwd'));\r
+       \r
+       if ($action == 'logout') \r
+               $bNeedsLogin = true;    \r
+       \r
+       if (!$member->isLoggedIn() && !$bIsActivation)\r
+               $bNeedsLogin = true;\r
 \r
        // show error if member cannot login to admin\r
-       if ($member->isLoggedIn() && !$member->canLogin()) {\r
+       if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) {\r
                $error = _ERROR_LOGINDISALLOWED;\r
-               $HTTP_POST_VARS['oldaction'] = $action; // see ADMIN::login()\r
-               $_POST['oldaction'] = $action;\r
-               $action = "showlogin";\r
-\r
+               $bNeedsLogin = true;\r
+       }\r
+       \r
+       if ($bNeedsLogin)\r
+       {\r
+               setOldAction($action);  // see ADMIN::login() (sets old action in POST vars)\r
+               $action = 'showlogin';\r
        }\r
 \r
        sendContentType('application/xhtml+xml', 'admin-' . $action);\r
        \r
        $admin = new ADMIN();\r
        $admin->action($action);\r
-?>
\ No newline at end of file
+?>\r
index e56695b..2001194 100755 (executable)
@@ -1,3 +1,19 @@
+/**\r
+  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
+  *\r
+  * This program is free software; you can redistribute it and/or\r
+  * modify it under the terms of the GNU General Public License\r
+  * as published by the Free Software Foundation; either version 2\r
+  * of the License, or (at your option) any later version.\r
+  * (see nucleus/documentation/index.html#license for more info)\r
+  *  \r
+  * Some JavaScript code for the admin area\r
+  *\r
+  * $Id: admin.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
+  */\r
+\r
 function help(url) {\r
        popup = window.open(url,'helpwindow','status=no,toolbar=yes,scrollbars=yes,resizable=yes,width=500,height=500,top=0,left=0');\r
        if (popup.focus) popup.focus();\r
index e5b23db..09c9abb 100755 (executable)
@@ -1,6 +1,6 @@
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -9,6 +9,9 @@
   * (see nucleus/documentation/index.html#license for more info)\r
   *  \r
   * Some JavaScript code for the bookmarklets\r
+  *\r
+  * $Id: bookmarklet.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
 \r
 /**\r
index 1844d43..809850b 100755 (executable)
@@ -1,6 +1,6 @@
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -17,6 +17,9 @@
   *            - Use createElement() instead of document.createElement()\r
   *\r
   * That's basically it :)\r
+  *\r
+  * $Id: compatibility.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
 \r
 // to get the script working when page is sent as application/xhtml+xml\r
index 945e02f..7c66a3e 100755 (executable)
@@ -1,6 +1,6 @@
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -10,6 +10,9 @@
   *\r
   * This file contains functions to allow adding items from inside the weblog.\r
   * Also contains code to avoid submitting form data twice.\r
+  *\r
+  * $Id: edit.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
 \r
 var nucleusConvertBreaks = true;\r
index c93a316..6374511 100755 (executable)
@@ -1,6 +1,6 @@
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -11,7 +11,8 @@
   * script the check (on the clientside) if a entered value\r
   * is a valid number and remove the invalid chars\r
   *\r
-  * $Id: numbercheck.js,v 1.1.1.1 2005-02-28 07:14:41 kimitake Exp $\r
+  * $Id: numbercheck.js,v 1.2 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
 \r
 function checkNumeric(f)\r
index be64f60..a765404 100755 (executable)
@@ -1,6 +1,6 @@
 /*\r
  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
- * Copyright (C) 2002-2004 The Nucleus Group\r
+ * Copyright (C) 2002-2005 The Nucleus Group\r
  *\r
  * This program is free software; you can redistribute it and/or\r
  * modify it under the terms of the GNU General Public License\r
@@ -8,6 +8,9 @@
  * of the License, or (at your option) any later version.\r
  * (see nucleus/documentation/index.html#license for more info)\r
  *\r
+ * $Id: opennew.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $\r
+ * $NucleusJP$\r
+ *\r
  * JavaScript to open non-local links in a new window.\r
  *\r
  * How to use:\r
@@ -57,4 +60,4 @@ function setOpenNewWindow(newWin) {
                                document.links[i].target = to;\r
                }\r
        }\r
-}
\ No newline at end of file
+}\r
index 2e2bedf..187417e 100755 (executable)
@@ -1,6 +1,6 @@
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -11,6 +11,9 @@
   *    Javascript code to hide empty textareas when editing templates.\r
   *\r
   * @require compatibility.js\r
+  *\r
+  * $Id: templateEdit.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
 \r
 var amountOfFields = 1;\r
@@ -61,4 +64,4 @@ function makeVisible(i) {
        return false;\r
 }\r
 \r
-window.onload = hideUnused;    
\ No newline at end of file
+window.onload = hideUnused;    \r
index c7595df..e7db22a 100755 (executable)
 <?php\r
 // English Nucleus Language File\r
-// \r
-// Author: Wouter Demuynck (nucleus@demuynck.org)\r
-// Nucleus version: v1.0-v2.5\r
+//\r
+// Author: Wouter Demuynck\r
+// Nucleus version: v1.0-v3.2\r
 //\r
 // Please note: if you want to translate this file to your own language, be aware\r
 // that in a next Nucleus version, new variables might be added and some other ones\r
-// might be deleted. Therefor, it's important to list the Nucleus version for which \r
+// might be deleted. Therefor, it's important to list the Nucleus version for which\r
 // the file was written in your document.\r
 //\r
-// Fully translated language file can be sent to Wouter Demuynck (nucleus@demuynck.org)\r
-// and will be available for download (with proper credit to the author, of course)\r
+// Fully translated language file can be sent to us and will be made\r
+// available for download (with proper credit to the author, of course)\r
+\r
+// START changed/added after 3.15 START\r
+\r
+define('_LIST_PLUG_SUBS_NEEDUPDATE','Please use the \'Update Subscription list\'-button to update the plugin\'s subscription list.');\r
+define('_LIST_PLUGS_DEP',                      'Plugin(s) requires:');\r
+\r
+// END changed/added after 3.15\r
+\r
+// START changed/added after 3.1 START\r
+\r
+// comments list per weblog\r
+define('_COMMENTS_BLOG',                       'All Comments for blog');\r
+define('_NOCOMMENTS_BLOG',                     'No comments were made on items of this blog');\r
+define('_BLOGLIST_COMMENTS',           'Comments');\r
+define('_BLOGLIST_TT_COMMENTS',                'A list of all comments made on items of this blog');\r
+\r
+\r
+// for use in archivetype-skinvar\r
+define('_ARCHIVETYPE_DAY',                     'day');\r
+define('_ARCHIVETYPE_MONTH',           'month');\r
+\r
+// tickets (prevents malicious users to trick an admin to perform actions he doesn't want)\r
+define('_ERROR_BADTICKET',                     'Invalid or expired ticket.');\r
+\r
+// plugin dependency\r
+define('_ERROR_INSREQPLUGIN',          'Plugin installation failed, requires ');\r
+define('_ERROR_DELREQPLUGIN',          'Plugin deletion failed, required by ');\r
+\r
+// cookie prefix\r
+define('_SETTINGS_COOKIEPREFIX',       'Cookie Prefix');\r
+\r
+// account activation\r
+define('_ERROR_NOLOGON_NOACTIVATE',    'Cannot send activation link. You\'re not allowed to log in.');\r
+define('_ERROR_ACTIVATE',                      'Activation key does not exist, is invalid, or has expired.');\r
+define('_ACTIONLOG_ACTIVATIONLINK', 'Activation link sent');\r
+define('_MSG_ACTIVATION_SENT',         'An activation link has been sent by e-mail.');\r
+\r
+// activation link emails\r
+define('_ACTIVATE_REGISTER_MAIL',      "Hi <%memberName%>,\n\nYou need to activate your account at <%siteName%> (<%siteUrl%>).\nYou can do this by visiting the link below: \n\n\t<%activationUrl%>\n\nYou have 2 days to do this. After this, the activation link becomes invalid.");\r
+define('_ACTIVATE_REGISTER_MAILTITLE', "Activate your '<%memberName%>' account");\r
+define('_ACTIVATE_REGISTER_TITLE',     'Welcome <%memberName%>');\r
+define('_ACTIVATE_REGISTER_TEXT',      'You\'re almost there. Please choose a password for your account below.');\r
+define('_ACTIVATE_FORGOT_MAIL',                "Hi <%memberName%>,\n\nUsing the link below, you can choose a new password for your account at <%siteName%> (<%siteUrl%>) by choosing a new password.\n\n\t<%activationUrl%>\n\nYou have 2 days to do this. After this, the activation link becomes invalid.");\r
+define('_ACTIVATE_FORGOT_MAILTITLE',"Re-activate your '<%memberName%>' account");\r
+define('_ACTIVATE_FORGOT_TITLE',       'Welcome <%memberName%>');\r
+define('_ACTIVATE_FORGOT_TEXT',                'You can choose a new password for your account below:');\r
+define('_ACTIVATE_CHANGE_MAIL',                "Hi <%memberName%>,\n\nSince your e-mail address has changed, you'll need to re-activate your account at <%siteName%> (<%siteUrl%>).\nYou can do this by visiting the link below: \n\n\t<%activationUrl%>\n\nYou have 2 days to do this. After this, the activation link becomes invalid.");\r
+define('_ACTIVATE_CHANGE_MAILTITLE',"Re-activate your '<%memberName%>' account");\r
+define('_ACTIVATE_CHANGE_TITLE',       'Welcome <%memberName%>');\r
+define('_ACTIVATE_CHANGE_TEXT',                'Your address change has been verified. Thanks!');\r
+define('_ACTIVATE_SUCCESS_TITLE',      'Activation Succeeded');\r
+define('_ACTIVATE_SUCCESS_TEXT',       'Your account has been successfully activated.');\r
+define('_MEMBERS_SETPWD',                      'Set Password');\r
+define('_MEMBERS_SETPWD_BTN',          'Set Password');\r
+define('_QMENU_ACTIVATE',                      'Account Activation');\r
+define('_QMENU_ACTIVATE_TEXT',         '<p>After you have activated your account, you can start using it by <a href="index.php?action=showlogin">logging in</a>.</p>');\r
+\r
+define('_PLUGS_BTN_UPDATE',                    'Update subscription list');\r
+\r
+// global settings\r
+define('_SETTINGS_JSTOOLBAR',          'Javascript Toolbar Style');\r
+define('_SETTINGS_JSTOOLBAR_FULL',     'Full Toolbar (IE)');\r
+define('_SETTINGS_JSTOOLBAR_SIMPLE','Simple Toolbar (Non-IE)');\r
+define('_SETTINGS_JSTOOLBAR_NONE',     'Disable Toolbar');\r
+define('_SETTINGS_URLMODE_HELP',       '(Info: <a href="documentation/tips.html#searchengines-fancyurls">How to activate fancy URLs</a>)');\r
+\r
+// extra plugin settings part when editing categories/members/blogs/...\r
+define('_PLUGINS_EXTRA',                       'Extra Plugin Settings');\r
+\r
+// itemlist info column keys\r
+define('_LIST_ITEM_BLOG',                      'blog:');\r
+define('_LIST_ITEM_CAT',                       'cat:');\r
+define('_LIST_ITEM_AUTHOR',                    'author:');\r
+define('_LIST_ITEM_DATE',                      'date:');\r
+define('_LIST_ITEM_TIME',                      'time:');\r
+\r
+// indication of registered members in comments list\r
+define('_LIST_COMMENTS_MEMBER',        '(member)');\r
+\r
+// batch operations\r
+define('_BATCH_WITH_SEL',                      'With selected:');\r
+define('_BATCH_EXEC',                          'Execute');\r
+\r
+// quickmenu\r
+define('_QMENU_HOME',                          'Home');\r
+define('_QMENU_ADD',                           'Add Item');\r
+define('_QMENU_ADD_SELECT',                    '-- select --');\r
+define('_QMENU_USER_SETTINGS',         'Settings');\r
+define('_QMENU_USER_ITEMS',                    'Items');\r
+define('_QMENU_USER_COMMENTS',         'Comments');\r
+define('_QMENU_MANAGE',                                'Management');\r
+define('_QMENU_MANAGE_LOG',                    'Action Log');\r
+define('_QMENU_MANAGE_SETTINGS',       'Global Settings');\r
+define('_QMENU_MANAGE_MEMBERS',                'Members');\r
+define('_QMENU_MANAGE_NEWBLOG',                'New Weblog');\r
+define('_QMENU_MANAGE_BACKUPS',                'Backups');\r
+define('_QMENU_MANAGE_PLUGINS',                'Plugins');\r
+define('_QMENU_LAYOUT',                                'Layout');\r
+define('_QMENU_LAYOUT_SKINS',          'Skins');\r
+define('_QMENU_LAYOUT_TEMPL',          'Templates');\r
+define('_QMENU_LAYOUT_IEXPORT',                'Import/Export');\r
+define('_QMENU_PLUGINS',                       'Plugins');\r
+\r
+// quickmenu on logon screen\r
+define('_QMENU_INTRO',                         'Introduction');\r
+define('_QMENU_INTRO_TEXT',                    '<p>This is the logon screen for Nucleus CMS, the content management system that\'s being used to maintain this website.</p><p>If you have an account, you can log on and start posting new items.</p>');\r
+\r
+// helppages for plugins\r
+define('_ERROR_PLUGNOHELPFILE',                'The helpfile for this plugin can not be found');\r
+define('_PLUGS_HELP_TITLE',                    'Helppage for plugin');\r
+define('_LIST_PLUGS_HELP',                     'help');\r
+\r
+\r
+// END changed/started after 3.1\r
 \r
 // START changed/added after v2.5beta START\r
 \r
@@ -301,7 +415,7 @@ define('_BACKTOMANAGE',                             'Back to Nucleus management');
 \r
 \r
 \r
-// charset to use \r
+// charset to use\r
 define('_CHARSET',                                     'iso-8859-1');\r
 \r
 // global stuff\r
@@ -496,8 +610,8 @@ define('_UPLOAD_MSG',                               'Select the file you want to upload below, and hit the
 define('_UPLOAD_BUTTON',                       'Upload');\r
 \r
 // some status messages\r
-define('_MSG_ACCOUNTCREATED',          'Account created, password will be sent through email');\r
-define('_MSG_PASSWORDSENT',                    'Password has been sent by e-mail.');\r
+//define('_MSG_ACCOUNTCREATED',                'Account created, password will be sent through email');\r
+//define('_MSG_PASSWORDSENT',                  'Password has been sent by e-mail.');\r
 define('_MSG_LOGINAGAIN',                      'You\'ll need to login again, because your info changed');\r
 define('_MSG_SETTINGSCHANGED',         'Settings Changed');\r
 define('_MSG_ADMINCHANGED',                    'Admin Changed');\r
@@ -765,7 +879,7 @@ define('_OVERVIEW_SKINS',                   'Edit Skins...');
 define('_OVERVIEW_BACKUP',                     'Backup/Restore...');\r
 \r
 // ITEMLIST\r
-define('_ITEMLIST_BLOG',                       'Items for blog'); \r
+define('_ITEMLIST_BLOG',                       'Items for blog');\r
 define('_ITEMLIST_YOUR',                       'Your items');\r
 \r
 // Comments\r
@@ -795,7 +909,7 @@ define('_LISTS_COMMENTS',                   'Comments');
 define('_LISTS_TYPE',                          'Type');\r
 \r
 \r
-// member list \r
+// member list\r
 define('_LIST_MEMBER_NAME',                    'Display Name');\r
 define('_LIST_MEMBER_RNAME',           'Real Name');\r
 define('_LIST_MEMBER_ADMIN',           'Super-admin? ');\r
@@ -838,4 +952,4 @@ define('_EDITC_NONMEMBER',                  'non member');
 define('_MOVE_TITLE',                          'Move to which blog?');\r
 define('_MOVE_BTN',                                    'Move Item');\r
 \r
-?>
\ No newline at end of file
+?>\r
index 5844e15..a3f9491 100755 (executable)
@@ -3,7 +3,7 @@
 // \r
 // Author: chrome (chrome@cgi.no-ip.org)\r
 // Modified by: Osamu Higuchi (osamu@higuchi.com)\r
-// Nucleus version: v1.0-v3.1\r
+// Nucleus version: v1.0-v3.2\r
 //\r
 // Please note: if you want to translate this file to your own language, be aware\r
 // that in a next Nucleus version, new variables might be added and some other ones\r
 // ファイル名を japanese.php に変更してから、Nucleus の language ディレクトリに\r
 // 置いてください。\r
 \r
+// START changed/added after 3.15 START\r
+\r
+define('_LIST_PLUG_SUBS_NEEDUPDATE','Please use the \'Update Subscription list\'-button to update the plugin\'s subscription list.');\r
+define('_LIST_PLUGS_DEP',                      'Plugin(s) requires:');\r
+\r
+// END changed/added after 3.15\r
+\r
 // START changed/added after 3.1 START\r
 \r
 // comments list per weblog\r
@@ -608,8 +615,8 @@ define('_UPLOAD_MSG',                               'アップロードするファイルを選択して、
 define('_UPLOAD_BUTTON',                       'アップロード');\r
 \r
 // some status messages\r
-define('_MSG_ACCOUNTCREATED',          'アカウントが作成されました。パスワードがメールで送信されます');\r
-define('_MSG_PASSWORDSENT',                    'パスワードがメールで送信されました。');\r
+//define('_MSG_ACCOUNTCREATED',                'アカウントが作成されました。パスワードがメールで送信されます');\r
+//define('_MSG_PASSWORDSENT',                  'パスワードがメールで送信されました。');\r
 define('_MSG_LOGINAGAIN',                      'あなたの情報が変更された為、ログインしなおす必要があります');\r
 define('_MSG_SETTINGSCHANGED',         '設定が変更されました');\r
 define('_MSG_ADMINCHANGED',                    '管理者権限 が変更されました');\r
index ddbdc7d..1d5cadd 100755 (executable)
-<?php
-
-/**
-  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 
-  * Copyright (C) 2002-2004 The Nucleus Group
-  *
-  * This program is free software; you can redistribute it and/or
-  * modify it under the terms of the GNU General Public License
-  * as published by the Free Software Foundation; either version 2
-  * of the License, or (at your option) any later version.
-  * (see nucleus/documentation/index.html#license for more info)
-  *
-  * Actions that can be called via action.php
-  *
-  * $Id: ACTION.php,v 1.1.1.1 2005-02-28 07:14:43 kimitake Exp $
-  */
-class ACTION
-{
-       function ACTION()
-       {
-       
-       }
-       
-       function doAction($action) 
-       {
-               switch($action) {
-                       case 'addcomment':
-                               return $this->addComment();
-                               break;
-                       case 'sendmessage':
-                               return $this->sendMessage();
-                               break;
-                       case 'createaccount':
-                               return $this->createAccount();
-                               break;          
-                       case 'forgotpassword':
-                               return $this->forgotPassword();
-                               break;
-                       case 'votepositive':
-                               return $this->doKarma('pos');
-                               break;
-                       case 'votenegative':
-                               return $this->doKarma('neg');
-                               break;
-                       case 'plugin':
-                               return $this->callPlugin();
-                               break;
-                       default:
-                               doError(_ERROR_BADACTION);
-               }
-       }
-       
-       function addComment() {
-               global $CONF, $errormessage, $manager;
-
-               $post['itemid'] =       intPostVar('itemid');
-               $post['user'] =         postVar('user');
-               $post['userid'] =       postVar('userid');
-               $post['body'] =         postVar('body');
-
-               // set cookies when required
-               $remember = intPostVar('remember');
-               if ($remember == 1) {
-                       $lifetime = time()+2592000;
-                       setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
-                       setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
-               }
-
-               $comments = new COMMENTS($post['itemid']);
-
-               $blogid = getBlogIDFromItemID($post['itemid']);
-               $this->checkban($blogid);
-               $blog =& $manager->getBlog($blogid);
-
-               // note: PreAddComment and PostAddComment gets called somewhere inside addComment
-               $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
-
-               if ($errormessage == '1') {             
-                       // redirect when adding comments succeeded
-                       if (postVar('url')) {
+<?php\r
+\r
+/**\r
+  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
+  *\r
+  * This program is free software; you can redistribute it and/or\r
+  * modify it under the terms of the GNU General Public License\r
+  * as published by the Free Software Foundation; either version 2\r
+  * of the License, or (at your option) any later version.\r
+  * (see nucleus/documentation/index.html#license for more info)\r
+  *\r
+  * Actions that can be called via action.php\r
+  *\r
+  * $Id: ACTION.php,v 1.2 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
+  */\r
+class ACTION\r
+{\r
+       function ACTION()\r
+       {\r
+       \r
+       }\r
+       \r
+       function doAction($action) \r
+       {\r
+               switch($action) {\r
+                       case 'addcomment':\r
+                               return $this->addComment();\r
+                               break;\r
+                       case 'sendmessage':\r
+                               return $this->sendMessage();\r
+                               break;\r
+                       case 'createaccount':\r
+                               return $this->createAccount();\r
+                               break;          \r
+                       case 'forgotpassword':\r
+                               return $this->forgotPassword();\r
+                               break;\r
+                       case 'votepositive':\r
+                               return $this->doKarma('pos');\r
+                               break;\r
+                       case 'votenegative':\r
+                               return $this->doKarma('neg');\r
+                               break;\r
+                       case 'plugin':\r
+                               return $this->callPlugin();\r
+                               break;\r
+                       default:\r
+                               doError(_ERROR_BADACTION);\r
+               }\r
+       }\r
+       \r
+       function addComment() {\r
+               global $CONF, $errormessage, $manager;\r
+\r
+               $post['itemid'] =       intPostVar('itemid');\r
+               $post['user'] =         postVar('user');\r
+               $post['userid'] =       postVar('userid');\r
+               $post['body'] =         postVar('body');\r
+\r
+               // set cookies when required\r
+               $remember = intPostVar('remember');\r
+               if ($remember == 1) {\r
+                       $lifetime = time()+2592000;\r
+                       setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);\r
+                       setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);\r
+               }\r
+\r
+               $comments = new COMMENTS($post['itemid']);\r
+\r
+               $blogid = getBlogIDFromItemID($post['itemid']);\r
+               $this->checkban($blogid);\r
+               $blog =& $manager->getBlog($blogid);\r
+\r
+               // note: PreAddComment and PostAddComment gets called somewhere inside addComment\r
+               $errormessage = $comments->addComment($blog->getCorrectTime(),$post);\r
+\r
+               if ($errormessage == '1') {             \r
+                       // redirect when adding comments succeeded\r
+                       if (postVar('url')) {\r
                                redirect(postVar('url'));\r
                        } else {\r
                                $url = $CONF['IndexURL'] . createItemLink($post['itemid']);\r
-                               redirect($url);
-                       }
-               } else {
-                       // else, show error message using default skin for blog
-                       return array(
-                               'message' => $errormessage,
-                               'skinid' => $blog->getDefaultSkin()
-                       );
-               }
-               
-               exit;
-       }
-
-       // Sends a message from the current member to the member given as argument
-       function sendMessage() {
-               global $CONF, $member;
-
-               $error = $this->validateMessage();
-               if ($error != '')
-                       return array('message' => $error);
-
-               if (!$member->isLoggedIn()) {
-                       $fromMail = postVar('frommail');
-                       $fromName = _MMAIL_FROMANON;
-               } else {
-                       $fromMail = $member->getEmail();
-                       $fromName = $member->getDisplayName();
-               }
-
-               $tomem = new MEMBER();
-               $tomem->readFromId(postVar('memberid'));
-
-               $message  = _MMAIL_MSG . ' ' . $fromName . "\n"
-                         . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
-                         . _MMAIL_MAIL . " \n\n"
-                         . postVar('message');
-               $message .= getMailFooter();
-
-               $title = _MMAIL_TITLE . ' ' . $fromName;
-               @mb_language('ja');
-               mb_internal_encoding(_CHARSET);
-               @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
-
-               if (postVar('url')) {
-                       redirect(postVar('url'));
-               } else {
-                       $CONF['MemberURL'] = $CONF['IndexURL'];
-                       if ($CONF['URLMode'] == 'pathinfo')
-                               $url = createMemberLink($tomem->getID());
-                       else
-                               $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
-                       redirect($url);
-               }
-               
-               exit;
-
-       }
-       
-       function validateMessage() {
-               global $CONF, $member, $manager;
-
-               if (!$CONF['AllowMemberMail']) 
-                       return _ERROR_MEMBERMAILDISABLED;
-
-               if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
-                       return _ERROR_DISALLOWED;
-
-               if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
-                       return _ERROR_BADMAILADDRESS;
-                       
-               // let plugins do verification (any plugin which thinks the comment is invalid
-               // can change 'error' to something other than '')
-               $result = '';
-               $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
-               
-               return $result;
-               
-       }
-
-       // creates a new user account
-       function createAccount() {
-               global $CONF, $manager;
-
-               if (!$CONF['AllowMemberCreate']) 
-                       doError(_ERROR_MEMBERCREATEDISABLED);
-
-               // even though the member can not log in, set some random initial password. One never knows.
-               srand((double)microtime()*1000000);
-               $initialPwd = md5(uniqid(rand(), true));
-
-               // create member (non admin/can not login/no notes/random string as password)
-               $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
-               
-               if ($r != 1)
-                       doError($r);
-                       
-               // send message containing password.
-               $newmem = new MEMBER();
-               $newmem->readFromName(postVar('name'));
-               $newmem->sendActivationLink('register');
-
-               $manager->notify('PostRegister',array('member' => &$newmem));           
-
-               if (postVar('desturl')) {
-                       redirect(postVar('desturl'));
-               } else {
-                       echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n"._MSG_ACTIVATION_SENT;
-               }
-               
-               exit;
-       }
-
-       // sends a new password 
-       function forgotPassword() {
-               $membername = trim(postVar('name'));
-
-               if (!MEMBER::exists($membername))
-                       doError(_ERROR_NOSUCHMEMBER);
-               $mem = MEMBER::createFromName($membername);
-
-               if (!$mem->canLogin())
-                       doError(_ERROR_NOLOGON_NOACTIVATE);
-
-               // check if e-mail address is correct
-               if (!($mem->getEmail() == postVar('email')))
-                       doError(_ERROR_INCORRECTEMAIL);
-
-               // send activation link
-               $mem->sendActivationLink('forgot');
-
-               if (postVar('url')) {
-                       redirect(postVar('url'));
-               } else {
-                       echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n"._MSG_ACTIVATION_SENT;
-               }
-               
-               exit;
-       }
-
-       // handle karma votes
-       function doKarma($type) {
-               global $itemid, $member, $CONF, $manager;
-
-               // check if itemid exists
-               if (!$manager->existsItem($itemid,0,0)) 
-                       doError(_ERROR_NOSUCHITEM);
-
-               $blogid = getBlogIDFromItemID($itemid);
-               $this->checkban($blogid);       
-
-               $karma =& $manager->getKarma($itemid);
-
-               // check if not already voted
-               if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) 
-                       doError(_ERROR_VOTEDBEFORE);            
-
-               // check if item does allow voting
-               $item =& $manager->getItem($itemid,0,0);
-               if ($item['closed'])
-                       doError(_ERROR_ITEMCLOSED);
-
-               switch($type) {
-                       case 'pos': 
-                               $karma->votePositive();
-                               break;
-                       case 'neg':
-                               $karma->voteNegative();
-                               break;
-               }
-
-               $blogid = getBlogIDFromItemID($itemid);
-               $blog =& $manager->getBlog($blogid);
-
-               // send email to notification address, if any
-               if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
-
-                       $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
-                       $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
-                       if ($member->isLoggedIn()) {
-                               $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
-                       }
-                       $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
-                       $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";
-                       $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
-                       $mailto_msg .= getMailFooter();
-
-                       $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
-
-                       $frommail = $member->getNotifyFromMailAddress();
-
-                       $notify = new NOTIFICATION($blog->getNotifyAddress());
-                       $notify->notify($mailto_title, $mailto_msg , $frommail);
-               }
-
-
-               $refererUrl = serverVar('HTTP_REFERER');
-               if ($refererUrl)
-                       $url = $refererUrl;
-               else
-                       $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
-
-               redirect($url); 
-               exit;
-       }
-
-       /**
-         * Calls a plugin action
-         */
-       function callPlugin() {
-               global $manager;
-
-               $pluginName = 'NP_' . requestVar('name');
-               $actionType = requestVar('type');
-
-               // 1: check if plugin is installed
-               if (!$manager->pluginInstalled($pluginName))
-                       doError(_ERROR_NOSUCHPLUGIN);
-
-               // 2: call plugin
-               $pluginObject =& $manager->getPlugin($pluginName);
-               if ($pluginObject)
-                       $error = $pluginObject->doAction($actionType);
-               else
-                       $error = 'Could not load plugin (see actionlog)';
-
-               // doAction returns error when:
-               // - an error occurred (duh)
-               // - no actions are allowed (doAction is not implemented)
-               if ($error)
-                       doError($error);
-                       
-               exit;
-
-       }
-
-       function checkban($blogid) {
-               // check if banned
-               $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
-               if ($ban != 0) {
-                       doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
-               }
-
-       }
-
-
-}
-
-?>
\ No newline at end of file
+                               redirect($url);\r
+                       }\r
+               } else {\r
+                       // else, show error message using default skin for blog\r
+                       return array(\r
+                               'message' => $errormessage,\r
+                               'skinid' => $blog->getDefaultSkin()\r
+                       );\r
+               }\r
+               \r
+               exit;\r
+       }\r
+\r
+       // Sends a message from the current member to the member given as argument\r
+       function sendMessage() {\r
+               global $CONF, $member;\r
+\r
+               $error = $this->validateMessage();\r
+               if ($error != '')\r
+                       return array('message' => $error);\r
+\r
+               if (!$member->isLoggedIn()) {\r
+                       $fromMail = postVar('frommail');\r
+                       $fromName = _MMAIL_FROMANON;\r
+               } else {\r
+                       $fromMail = $member->getEmail();\r
+                       $fromName = $member->getDisplayName();\r
+               }\r
+\r
+               $tomem = new MEMBER();\r
+               $tomem->readFromId(postVar('memberid'));\r
+\r
+               $message  = _MMAIL_MSG . ' ' . $fromName . "\n"\r
+                         . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"\r
+                         . _MMAIL_MAIL . " \n\n"\r
+                         . postVar('message');\r
+               $message .= getMailFooter();\r
+\r
+               $title = _MMAIL_TITLE . ' ' . $fromName;\r
+               mb_language('ja');\r
+               mb_internal_encoding(_CHARSET);\r
+               @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);\r
+\r
+               if (postVar('url')) {\r
+                       redirect(postVar('url'));\r
+               } else {\r
+                       $CONF['MemberURL'] = $CONF['IndexURL'];\r
+                       if ($CONF['URLMode'] == 'pathinfo')\r
+                               $url = createMemberLink($tomem->getID());\r
+                       else\r
+                               $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());\r
+                       redirect($url);\r
+               }\r
+               \r
+               exit;\r
+\r
+       }\r
+       \r
+       function validateMessage() {\r
+               global $CONF, $member, $manager;\r
+\r
+               if (!$CONF['AllowMemberMail']) \r
+                       return _ERROR_MEMBERMAILDISABLED;\r
+\r
+               if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])\r
+                       return _ERROR_DISALLOWED;\r
+\r
+               if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))\r
+                       return _ERROR_BADMAILADDRESS;\r
+                       \r
+               // let plugins do verification (any plugin which thinks the comment is invalid\r
+               // can change 'error' to something other than '')\r
+               $result = '';\r
+               $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));\r
+               \r
+               return $result;\r
+               \r
+       }\r
+\r
+       // creates a new user account\r
+       function createAccount() {\r
+               global $CONF, $manager;\r
+\r
+               if (!$CONF['AllowMemberCreate']) \r
+                       doError(_ERROR_MEMBERCREATEDISABLED);\r
+\r
+               // even though the member can not log in, set some random initial password. One never knows.\r
+               srand((double)microtime()*1000000);\r
+               $initialPwd = md5(uniqid(rand(), true));\r
+\r
+               // create member (non admin/can not login/no notes/random string as password)\r
+               $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');\r
+               \r
+               if ($r != 1)\r
+                       doError($r);\r
+                       \r
+               // send message containing password.\r
+               $newmem = new MEMBER();\r
+               $newmem->readFromName(postVar('name'));\r
+               $newmem->sendActivationLink('register');\r
+\r
+               $manager->notify('PostRegister',array('member' => &$newmem));           \r
+\r
+               if (postVar('desturl')) {\r
+                       redirect(postVar('desturl'));\r
+               } else {\r
+                       header ("Content-Type: text/html; charset="._CHARSET);\r
+                       echo _MSG_ACTIVATION_SENT;\r
+               }\r
+               \r
+               exit;\r
+       }\r
+\r
+       // sends a new password \r
+       function forgotPassword() {\r
+               $membername = trim(postVar('name'));\r
+\r
+               if (!MEMBER::exists($membername))\r
+                       doError(_ERROR_NOSUCHMEMBER);\r
+               $mem = MEMBER::createFromName($membername);\r
+\r
+               if (!$mem->canLogin())\r
+                       doError(_ERROR_NOLOGON_NOACTIVATE);\r
+\r
+               // check if e-mail address is correct\r
+               if (!($mem->getEmail() == postVar('email')))\r
+                       doError(_ERROR_INCORRECTEMAIL);\r
+\r
+               // send activation link\r
+               $mem->sendActivationLink('forgot');\r
+\r
+               if (postVar('url')) {\r
+                       redirect(postVar('url'));\r
+               } else {\r
+                       header ("Content-Type: text/html; charset="._CHARSET);\r
+                       echo _MSG_ACTIVATION_SENT;\r
+               }\r
+               \r
+               exit;\r
+       }\r
+\r
+       // handle karma votes\r
+       function doKarma($type) {\r
+               global $itemid, $member, $CONF, $manager;\r
+\r
+               // check if itemid exists\r
+               if (!$manager->existsItem($itemid,0,0)) \r
+                       doError(_ERROR_NOSUCHITEM);\r
+\r
+               $blogid = getBlogIDFromItemID($itemid);\r
+               $this->checkban($blogid);       \r
+\r
+               $karma =& $manager->getKarma($itemid);\r
+\r
+               // check if not already voted\r
+               if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) \r
+                       doError(_ERROR_VOTEDBEFORE);            \r
+\r
+               // check if item does allow voting\r
+               $item =& $manager->getItem($itemid,0,0);\r
+               if ($item['closed'])\r
+                       doError(_ERROR_ITEMCLOSED);\r
+\r
+               switch($type) {\r
+                       case 'pos': \r
+                               $karma->votePositive();\r
+                               break;\r
+                       case 'neg':\r
+                               $karma->voteNegative();\r
+                               break;\r
+               }\r
+\r
+               $blogid = getBlogIDFromItemID($itemid);\r
+               $blog =& $manager->getBlog($blogid);\r
+\r
+               // send email to notification address, if any\r
+               if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {\r
+\r
+                       $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";\r
+                       $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";\r
+                       if ($member->isLoggedIn()) {\r
+                               $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";\r
+                       }\r
+                       $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";\r
+                       $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";\r
+                       $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";\r
+                       $mailto_msg .= getMailFooter();\r
+\r
+                       $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';\r
+\r
+                       $frommail = $member->getNotifyFromMailAddress();\r
+\r
+                       $notify = new NOTIFICATION($blog->getNotifyAddress());\r
+                       $notify->notify($mailto_title, $mailto_msg , $frommail);\r
+               }\r
+\r
+\r
+               $refererUrl = serverVar('HTTP_REFERER');\r
+               if ($refererUrl)\r
+                       $url = $refererUrl;\r
+               else\r
+                       $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;\r
+\r
+               redirect($url); \r
+               exit;\r
+       }\r
+\r
+       /**\r
+         * Calls a plugin action\r
+         */\r
+       function callPlugin() {\r
+               global $manager;\r
+\r
+               $pluginName = 'NP_' . requestVar('name');\r
+               $actionType = requestVar('type');\r
+\r
+               // 1: check if plugin is installed\r
+               if (!$manager->pluginInstalled($pluginName))\r
+                       doError(_ERROR_NOSUCHPLUGIN);\r
+\r
+               // 2: call plugin\r
+               $pluginObject =& $manager->getPlugin($pluginName);\r
+               if ($pluginObject)\r
+                       $error = $pluginObject->doAction($actionType);\r
+               else\r
+                       $error = 'Could not load plugin (see actionlog)';\r
+\r
+               // doAction returns error when:\r
+               // - an error occurred (duh)\r
+               // - no actions are allowed (doAction is not implemented)\r
+               if ($error)\r
+                       doError($error);\r
+                       \r
+               exit;\r
+\r
+       }\r
+\r
+       function checkban($blogid) {\r
+               // check if banned\r
+               $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));\r
+               if ($ban != 0) {\r
+                       doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);\r
+               }\r
+\r
+       }\r
+\r
+\r
+}\r
+\r
+?>\r
index da483b8..cbf6c9a 100755 (executable)
@@ -1,7 +1,7 @@
 <?php\r
 /**\r
   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -10,6 +10,9 @@
   * (see nucleus/documentation/index.html#license for more info)\r
   *\r
   * Actionlog class for Nucleus\r
+  *\r
+  * $Id: ACTIONLOG.php,v 1.3 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
 define('ERROR',1);             // only errors\r
 define('WARNING',2);   // errors and warnings\r
@@ -76,4 +79,4 @@ class ACTIONLOG {
 \r
 }\r
 \r
-?>
\ No newline at end of file
+?>\r
index dbeef1a..657362f 100755 (executable)
@@ -1,7 +1,7 @@
 <?php\r
 /**\r
-  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) \r
-  * Copyright (C) 2002-2004 The Nucleus Group\r
+  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
+  * Copyright (C) 2002-2005 The Nucleus Group\r
   *\r
   * This program is free software; you can redistribute it and/or\r
   * modify it under the terms of the GNU General Public License\r
@@ -9,9 +9,12 @@
   * of the License, or (at your option) any later version.\r
   * (see nucleus/documentation/index.html#license for more info)\r
   *\r
-  * The code for the Nucleus admin area   \r
+  * The code for the Nucleus admin area\r
+  *\r
+  * $Id: ADMIN.php,v 1.4 2005-03-12 06:19:04 kimitake Exp $\r
+  * $NucleusJP$\r
   */\r
\r
+\r
 class ADMIN {\r
 \r
        // action currently being executed ($action=xxxx -> action_xxxx method)\r
@@ -20,7 +23,7 @@ class ADMIN {
        function ADMIN() {\r
 \r
        }\r
-       \r
+\r
        /**\r
          * Executes an action\r
          *\r
@@ -28,6 +31,8 @@ class ADMIN {
          *             action to be performed\r
          */\r
        function action($action) {\r
+               global $CONF, $manager;\r
+\r
                // list of action aliases\r
                $alias = array(\r
                        'login' => 'overview',\r
@@ -38,14 +43,28 @@ class ADMIN {
                        $action = $alias[$action];\r
 \r
                $methodName = 'action_' . $action;\r
-               \r
-               $this->action = $action;\r
+\r
+               $this->action = strtolower($action);\r
+\r
+               // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
+               // is an action that requires user interaction before something is actually done)\r
+               // all safe actions are in this array:\r
+               $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');\r
+/*\r
+               // the rest of the actions needs to be checked\r
+               $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');\r
+*/\r
+               if (!in_array($this->action, $aActionsNotToCheck))\r
+               {\r
+                       if (!$manager->checkTicket())\r
+                               $this->error(_ERROR_BADTICKET);\r
+               }\r
 \r
                if (method_exists($this, $methodName))\r
                        call_user_func(array(&$this, $methodName));\r
                else\r
                        $this->error(_BADACTION . " ($action)");\r
-               \r
+\r
        }\r
 \r
 \r
@@ -56,19 +75,19 @@ class ADMIN {
 \r
        function action_login($msg = '', $passvars = 1) {\r
                global $member;\r
-               \r
+\r
                // skip to overview when allowed\r
                if ($member->isLoggedIn() && $member->canLogin()) {\r
                        $this->action_overview();\r
                        exit;\r
                }\r
-                       \r
+\r
                $this->pagehead();\r
-               \r
+\r
                echo '<h2>', _LOGIN ,'</h2>';\r
                if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
                ?>\r
-               \r
+\r
                <form action="index.php" method="post"><p>\r
                <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />\r
                <br />\r
@@ -83,13 +102,13 @@ class ADMIN {
                        <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
                </small>\r
                <?php                   // pass through vars\r
-                       \r
+\r
                        $oldaction = postVar('oldaction');\r
                        if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
                                passRequestVars();\r
                        }\r
 \r
-                       \r
+\r
                ?>\r
                </p></form>\r
                <?php           $this->pagefoot();\r
@@ -101,52 +120,52 @@ class ADMIN {
          */\r
        function action_overview($msg = '') {\r
                global $member;\r
-               \r
+\r
                $this->pagehead();\r
-               \r
+\r
                if ($msg)\r
                        echo _MESSAGE , ': ', $msg;\r
-               \r
+\r
                /* ---- add items ---- */\r
                echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
-               \r
+\r
                $showAll = requestVar('showall');\r
-               \r
+\r
                if (($member->isAdmin()) && ($showAll == 'yes')) {\r
                        // Super-Admins have access to all blogs! (no add item support though)\r
                        $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
-                              . ' FROM ' . sql_table('blog')\r
-                              . ' ORDER BY bname';\r
+                                  . ' FROM ' . sql_table('blog')\r
+                                  . ' ORDER BY bname';\r
                } else {\r
                        $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
-                              . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
-                              . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
-                              . ' ORDER BY bname';             \r
+                                  . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
+                                  . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
+                                  . ' ORDER BY bname';\r
                }\r
                $template['content'] = 'bloglist';\r
                $template['superadmin'] = $member->isAdmin();\r
                $amount = showlist($query,'table',$template);\r
-               \r
+\r
                if (($showAll != 'yes') && ($member->isAdmin())) {\r
                        $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
-                       if ($total > $amount) \r
+                       if ($total > $amount)\r
                                echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';\r
                }\r
 \r
                if ($amount == 0)\r
                        echo _OVERVIEW_NOBLOGS;\r
-                       \r
+\r
                if ($amount != 0) {\r
                        echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
                        $query =  'SELECT ititle, inumber, bshortname'\r
                                   . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
-                              . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
+                                  . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
                        $template['content'] = 'draftlist';\r
                        $amountdrafts = showlist($query, 'table', $template);\r
-                       if ($amountdrafts == 0) \r
+                       if ($amountdrafts == 0)\r
                                echo _OVERVIEW_NODRAFTS;\r
                }\r
-               \r
+\r
                /* ---- user settings ---- */\r
                echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
                echo '<ul>';\r
@@ -154,7 +173,7 @@ class ADMIN {
                echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
                echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
                echo '</ul>';\r
-               \r
+\r
                /* ---- general settings ---- */\r
                if ($member->isAdmin()) {\r
                        echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
@@ -162,144 +181,144 @@ class ADMIN {
                        echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
                        echo '</ul>';\r
                }\r
-               \r
-               \r
+\r
+\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        // returns a link to a weblog (takes BLOG object as parameter)\r
        function bloglink(&$blog) {\r
                return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';\r
        }\r
-       \r
+\r
        function action_manage($msg = '') {\r
                global $member;\r
-               \r
+\r
                $member->isAdmin() or $this->disallow();\r
-               \r
+\r
                $this->pagehead();\r
-               \r
+\r
                echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
-               \r
+\r
                if ($msg)\r
                        echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
 \r
 \r
                echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
-               \r
+\r
                echo '<ul>';\r
                echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
                echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
-               echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';            \r
-               echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';         \r
+               echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
+               echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
                echo '</ul>';\r
-               \r
+\r
                echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
                echo '<ul>';\r
                echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
                echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
-               echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';         \r
+               echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
                echo '</ul>';\r
-               \r
-               echo '<h2>' . _MANAGE_EXTRA . '</h2>';          \r
+\r
+               echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
                echo '<ul>';\r
-               echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';                     \r
-               echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';                        \r
-               echo '</ul>';   \r
-               \r
-               $this->pagefoot();      \r
+               echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
+               echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
+               echo '</ul>';\r
+\r
+               $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_itemlist($blogid = '') {\r
                global $member, $manager;\r
-               \r
+\r
                if ($blogid == '')\r
                        $blogid = intRequestVar('blogid');\r
-               \r
-               $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();                \r
-               \r
+\r
+               $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
+\r
                $this->pagehead();\r
                $blog =& $manager->getBlog($blogid);\r
-               \r
-               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
                echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
-               \r
+\r
                // start index\r
                if (postVar('start'))\r
                        $start = intPostVar('start');\r
                else\r
-                       $start = 0;     \r
-                       \r
+                       $start = 0;\r
+\r
                if ($start == 0)\r
-                       echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';            \r
-                       \r
+                       echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
+\r
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = intPostVar('amount');\r
                else\r
-                       $amount = 10;   \r
-               \r
+                       $amount = 10;\r
+\r
                $search = postVar('search');    // search through items\r
-                       \r
+\r
                $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'\r
-                      . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
-                      . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
-               \r
-               if ($search) \r
-                       $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';                       \r
-                       \r
+                          . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
+                          . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
+\r
+               if ($search)\r
+                       $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
+\r
                // non-blog-admins can only edit/delete their own items\r
-               if (!$member->blogAdminRights($blogid)) \r
+               if (!$member->blogAdminRights($blogid))\r
                        $query .= ' and iauthor=' . $member->getID();\r
 \r
-                               \r
+\r
                $query .= ' ORDER BY itime DESC'\r
-                       . " LIMIT $start,$amount";\r
-               \r
+                               . " LIMIT $start,$amount";\r
+\r
                $template['content'] = 'itemlist';\r
                $template['now'] = $blog->getCorrectTime(time());\r
 \r
 \r
-               $navList = new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
+               $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
                $navList->showBatchList('item',$query,'table',$template);\r
 \r
-               \r
+\r
                $this->pagefoot();\r
        }\r
-       \r
-       \r
+\r
+\r
        function action_batchitem() {\r
                global $member, $manager;\r
-               \r
+\r
                // check if logged in\r
                $member->isLoggedIn() or $this->disallow();\r
-               \r
-               // more precise check will be done for each performed operation \r
-       \r
+\r
+               // more precise check will be done for each performed operation\r
+\r
                // get array of itemids from request\r
                $selected = requestIntArray('batch');\r
                $action = requestVar('batchaction');\r
-               \r
+\r
                // Show error when no items were selected\r
                if (!is_array($selected) || sizeof($selected) == 0)\r
                        $this->error(_BATCH_NOSELECTION);\r
-                       \r
+\r
                // On move: when no destination blog/category chosen, show choice now\r
                $destCatid = intRequestVar('destcatid');\r
-               if (($action == 'move') && (!$manager->existsCategory($destCatid))) \r
+               if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
                        $this->batchMoveSelectDestination('item',$selected);\r
-               \r
+\r
                // On delete: check if confirmation has been given\r
-               if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
                        $this->batchAskDeleteConfirmation('item',$selected);\r
 \r
                $this->pagehead();\r
-               \r
-               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         \r
+\r
+               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
                echo '<h2>',_BATCH_ITEMS,'</h2>';\r
                echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
                echo '<ul>';\r
-               \r
+\r
 \r
                // walk over all itemids and perform action\r
                foreach ($selected as $itemid) {\r
@@ -321,42 +340,42 @@ class ADMIN {
                        echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
                        echo '</li>';\r
                }\r
-               \r
+\r
                echo '</ul>';\r
                echo '<b>',_BATCH_DONE,'</b>';\r
-               \r
+\r
                $this->pagefoot();\r
 \r
-               \r
+\r
        }\r
-       \r
+\r
        function action_batchcomment() {\r
                global $member;\r
-               \r
+\r
                // check if logged in\r
                $member->isLoggedIn() or $this->disallow();\r
-               \r
-               // more precise check will be done for each performed operation \r
-       \r
+\r
+               // more precise check will be done for each performed operation\r
+\r
                // get array of itemids from request\r
                $selected = requestIntArray('batch');\r
                $action = requestVar('batchaction');\r
-               \r
+\r
                // Show error when no items were selected\r
                if (!is_array($selected) || sizeof($selected) == 0)\r
                        $this->error(_BATCH_NOSELECTION);\r
-                       \r
+\r
                // On delete: check if confirmation has been given\r
-               if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
                        $this->batchAskDeleteConfirmation('comment',$selected);\r
 \r
                $this->pagehead();\r
-               \r
-               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         \r
+\r
+               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
                echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
                echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
                echo '<ul>';\r
-               \r
+\r
                // walk over all itemids and perform action\r
                foreach ($selected as $commentid) {\r
                        $commentid = intval($commentid);\r
@@ -374,40 +393,40 @@ class ADMIN {
                        echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
                        echo '</li>';\r
                }\r
-               \r
+\r
                echo '</ul>';\r
                echo '<b>',_BATCH_DONE,'</b>';\r
-               \r
+\r
                $this->pagefoot();\r
 \r
-               \r
+\r
        }\r
 \r
        function action_batchmember() {\r
                global $member;\r
-               \r
+\r
                // check if logged in and admin\r
                ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
-               \r
+\r
                // get array of itemids from request\r
                $selected = requestIntArray('batch');\r
                $action = requestVar('batchaction');\r
-               \r
+\r
                // Show error when no members selected\r
                if (!is_array($selected) || sizeof($selected) == 0)\r
                        $this->error(_BATCH_NOSELECTION);\r
-                       \r
+\r
                // On delete: check if confirmation has been given\r
-               if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
                        $this->batchAskDeleteConfirmation('member',$selected);\r
 \r
                $this->pagehead();\r
-               \r
-               echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';             \r
+\r
+               echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
                echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
                echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
                echo '<ul>';\r
-               \r
+\r
                // walk over all itemids and perform action\r
                foreach ($selected as $memberid) {\r
                        $memberid = intval($memberid);\r
@@ -438,44 +457,44 @@ class ADMIN {
                        echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
                        echo '</li>';\r
                }\r
-               \r
+\r
                echo '</ul>';\r
                echo '<b>',_BATCH_DONE,'</b>';\r
-               \r
+\r
                $this->pagefoot();\r
 \r
-               \r
-       }       \r
-       \r
+\r
+       }\r
+\r
 \r
        function action_batchteam() {\r
                global $member;\r
-               \r
+\r
                $blogid = intRequestVar('blogid');\r
-               \r
+\r
                // check if logged in and admin\r
                ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
-               \r
+\r
                // get array of itemids from request\r
                $selected = requestIntArray('batch');\r
                $action = requestVar('batchaction');\r
-               \r
+\r
                // Show error when no members selected\r
                if (!is_array($selected) || sizeof($selected) == 0)\r
                        $this->error(_BATCH_NOSELECTION);\r
-                       \r
+\r
                // On delete: check if confirmation has been given\r
-               if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
                        $this->batchAskDeleteConfirmation('team',$selected);\r
 \r
                $this->pagehead();\r
-               \r
+\r
                echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
 \r
                echo '<h2>',_BATCH_TEAM,'</h2>';\r
                echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
                echo '<ul>';\r
-               \r
+\r
                // walk over all itemids and perform action\r
                foreach ($selected as $memberid) {\r
                        $memberid = intval($memberid);\r
@@ -506,49 +525,49 @@ class ADMIN {
                        echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
                        echo '</li>';\r
                }\r
-               \r
+\r
                echo '</ul>';\r
                echo '<b>',_BATCH_DONE,'</b>';\r
-               \r
+\r
                $this->pagefoot();\r
 \r
-               \r
-       }       \r
+\r
+       }\r
+\r
 \r
 \r
-       \r
        function action_batchcategory() {\r
                global $member, $manager;\r
-               \r
+\r
                // check if logged in\r
                $member->isLoggedIn() or $this->disallow();\r
-               \r
-               // more precise check will be done for each performed operation \r
-       \r
+\r
+               // more precise check will be done for each performed operation\r
+\r
                // get array of itemids from request\r
                $selected = requestIntArray('batch');\r
                $action = requestVar('batchaction');\r
-               \r
+\r
                // Show error when no items were selected\r
                if (!is_array($selected) || sizeof($selected) == 0)\r
                        $this->error(_BATCH_NOSELECTION);\r
-                       \r
+\r
                // On move: when no destination blog chosen, show choice now\r
                $destBlogId = intRequestVar('destblogid');\r
-               if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) \r
+               if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
                        $this->batchMoveCategorySelectDestination('category',$selected);\r
-               \r
+\r
                // On delete: check if confirmation has been given\r
-               if (($action == 'delete') && (requestVar('confirmation') != 'yes')) \r
+               if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
                        $this->batchAskDeleteConfirmation('category',$selected);\r
 \r
                $this->pagehead();\r
-               \r
-               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';         \r
+\r
+               echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
                echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
                echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
                echo '<ul>';\r
-               \r
+\r
                // walk over all itemids and perform action\r
                foreach ($selected as $catid) {\r
                        $catid = intval($catid);\r
@@ -569,15 +588,16 @@ class ADMIN {
                        echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';\r
                        echo '</li>';\r
                }\r
-               \r
+\r
                echo '</ul>';\r
                echo '<b>',_BATCH_DONE,'</b>';\r
-               \r
+\r
                $this->pagefoot();\r
-               \r
+\r
        }\r
-       \r
+\r
        function batchMoveSelectDestination($type, $ids) {\r
+               global $manager;\r
                $this->pagehead();\r
                ?>\r
                <h2><?php echo _MOVE_TITLE?></h2>\r
@@ -585,25 +605,29 @@ class ADMIN {
 \r
                        <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
                        <input type="hidden" name="batchaction" value="move" />\r
-                       <?php                           // insert selected item numbers\r
+                       <?php\r
+                               $manager->addTicketHidden();\r
+\r
+                               // insert selected item numbers\r
                                $idx = 0;\r
                                foreach ($ids as $id)\r
                                        echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
-                       \r
+\r
                                // show blog/category selection list\r
                                $this->selectBlogCategory('destcatid');\r
-                       \r
+\r
                        ?>\r
-                       \r
-                       \r
+\r
+\r
                        <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
 \r
                </div></form>\r
                <?php           $this->pagefoot();\r
                exit;\r
        }\r
-       \r
+\r
        function batchMoveCategorySelectDestination($type, $ids) {\r
+               global $manager;\r
                $this->pagehead();\r
                ?>\r
                <h2><?php echo _MOVECAT_TITLE?></h2>\r
@@ -611,58 +635,64 @@ class ADMIN {
 \r
                        <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
                        <input type="hidden" name="batchaction" value="move" />\r
-                       <?php                           // insert selected item numbers\r
+                       <?php\r
+                               $manager->addTicketHidden();\r
+\r
+                               // insert selected item numbers\r
                                $idx = 0;\r
                                foreach ($ids as $id)\r
                                        echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
-                       \r
+\r
                                // show blog/category selection list\r
                                $this->selectBlog('destblogid');\r
-                       \r
+\r
                        ?>\r
-                       \r
-                       \r
+\r
+\r
                        <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
 \r
                </div></form>\r
                <?php           $this->pagefoot();\r
                exit;\r
        }\r
-       \r
+\r
        function batchAskDeleteConfirmation($type, $ids) {\r
+               global $manager;\r
+\r
                $this->pagehead();\r
                ?>\r
                <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
                <form method="post" action="index.php"><div>\r
 \r
                        <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
+                       <?php $manager->addTicketHidden() ?>\r
                        <input type="hidden" name="batchaction" value="delete" />\r
-                       <input type="hidden" name="confirmation" value="yes" />                 \r
+                       <input type="hidden" name="confirmation" value="yes" />\r
                        <?php                           // insert selected item numbers\r
                                $idx = 0;\r
                                foreach ($ids as $id)\r
                                        echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
-                                       \r
+\r
                                // add hidden vars for team & comment\r
-                               if ($type == 'team') \r
+                               if ($type == 'team')\r
                                {\r
                                        echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
                                }\r
-                               if ($type == 'comment') \r
+                               if ($type == 'comment')\r
                                {\r
                                        echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
                                }\r
-                                       \r
+\r
                        ?>\r
-                       \r
+\r
                        <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
 \r
                </div></form>\r
                <?php           $this->pagefoot();\r
                exit;\r
        }\r
-       \r
-       \r
+\r
+\r
        /**\r
          * Inserts a HTML select element with choices for all categories to which the current\r
          * member has access\r
@@ -670,7 +700,7 @@ class ADMIN {
        function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
                ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
        }\r
-       \r
+\r
        /**\r
          * Inserts a HTML select element with choices for all blogs to which the user has access\r
          *             mode = 'blog' => shows blognames and values are blogids\r
@@ -681,24 +711,24 @@ class ADMIN {
          */\r
        function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
                global $member, $CONF;\r
-               \r
+\r
                // 0. get IDs of blogs to which member can post items (+ forced blog)\r
                $aBlogIds = array();\r
                if ($iForcedBlogInclude != -1)\r
                        $aBlogIds[] = intval($iForcedBlogInclude);\r
 \r
-               if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) \r
+               if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
                        $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
                else\r
-                       $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();          \r
+                       $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
                $rblogids = sql_query($queryBlogs);\r
                while ($o = mysql_fetch_object($rblogids))\r
                        if ($o->bnumber != $iForcedBlogInclude)\r
                                $aBlogIds[] = intval($o->bnumber);\r
-                               \r
+\r
                if (count($aBlogIds) == 0)\r
                        return;\r
-               \r
+\r
                echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
 \r
                // 1. select blogs (we'll create optiongroups)\r
@@ -739,200 +769,200 @@ class ADMIN {
                                echo '<option value="',$oBlog->bnumber,'"';\r
                                if ($oBlog->bnumber == $selected)\r
                                        echo ' selected="selected"';\r
-                               echo'>',htmlspecialchars($oBlog->bname),'</option>';                    \r
+                               echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
                        }\r
                }\r
                echo '</select>';\r
-               \r
+\r
        }\r
-       \r
+\r
        function action_browseownitems() {\r
                global $member;\r
-               \r
+\r
                $this->pagehead();\r
-               \r
-               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
                echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
-               \r
+\r
                // start index\r
                if (postVar('start'))\r
                        $start = postVar('start');\r
                else\r
-                       $start = 0;     \r
-                       \r
+                       $start = 0;\r
+\r
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = postVar('amount');\r
                else\r
-                       $amount = 10;   \r
-               \r
+                       $amount = 10;\r
+\r
                $search = postVar('search');    // search through items\r
-                       \r
+\r
                $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
-                      . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
-                      . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
-               \r
-               if ($search) \r
+                          . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
+                          . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
+\r
+               if ($search)\r
                        $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
-                       \r
+\r
                $query .= ' ORDER BY itime DESC'\r
-                       . " LIMIT $start,$amount";\r
-               \r
+                               . " LIMIT $start,$amount";\r
+\r
                $template['content'] = 'itemlist';\r
                $template['now'] = time();\r
 \r
-               $navList = new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);\r
+               $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);\r
                $navList->showBatchList('item',$query,'table',$template);\r
 \r
-               $this->pagefoot();              \r
-               \r
+               $this->pagefoot();\r
+\r
        }\r
-       \r
+\r
        /**\r
          * Show all the comments for a given item\r
          */\r
        function action_itemcommentlist($itemid = '') {\r
                global $member;\r
-               \r
+\r
                if ($itemid == '')\r
                        $itemid = intRequestVar('itemid');\r
-               \r
+\r
                // only allow if user is allowed to alter item\r
                $member->canAlterItem($itemid) or $this->disallow();\r
-               \r
+\r
                $blogid = getBlogIdFromItemId($itemid);\r
-       \r
+\r
                $this->pagehead();\r
-               \r
+\r
                // start index\r
                if (postVar('start'))\r
                        $start = postVar('start');\r
                else\r
-                       $start = 0;     \r
-                       \r
+                       $start = 0;\r
+\r
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = postVar('amount');\r
                else\r
-                       $amount = 10;   \r
-               \r
-               $search = postVar('search');    \r
-               \r
+                       $amount = 10;\r
+\r
+               $search = postVar('search');\r
+\r
                echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
                echo '<h2>',_COMMENTS,'</h2>';\r
-               \r
+\r
                $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;\r
 \r
-               if ($search) \r
+               if ($search)\r
                        $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
 \r
                $query .= ' ORDER BY ctime ASC'\r
-                       . " LIMIT $start,$amount";\r
+                               . " LIMIT $start,$amount";\r
 \r
                $template['content'] = 'commentlist';\r
                $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
 \r
-               $navList = new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
+               $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
                $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
-               \r
+\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        /**\r
          * Browse own comments\r
          */\r
        function action_browseowncomments() {\r
                global $member;\r
-               \r
+\r
                // start index\r
                if (postVar('start'))\r
                        $start = postVar('start');\r
                else\r
-                       $start = 0;     \r
-                       \r
+                       $start = 0;\r
+\r
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = postVar('amount');\r
                else\r
-                       $amount = 10;   \r
-               \r
-               $search = postVar('search');                    \r
+                       $amount = 10;\r
+\r
+               $search = postVar('search');\r
 \r
 \r
                $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
 \r
-               if ($search) \r
+               if ($search)\r
                        $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
 \r
                $query .= ' ORDER BY ctime DESC'\r
-                       . " LIMIT $start,$amount";\r
-               \r
+                               . " LIMIT $start,$amount";\r
+\r
                $this->pagehead();\r
-               \r
-               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
                echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
-       \r
+\r
                $template['content'] = 'commentlist';\r
                $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself\r
-               \r
-               $navList = new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
+\r
+               $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
                $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
-       \r
+\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        /**\r
          * Browse all comments for a weblog\r
          */\r
-       function action_blogcommentlist($blogid = '') \r
+       function action_blogcommentlist($blogid = '')\r
        {\r
                global $member, $manager;\r
-               \r
+\r
                if ($blogid == '')\r
                        $blogid = intRequestVar('blogid');\r
                else\r
                        $blogid = intval($blogid);\r
-                       \r
-               $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();                \r
-               \r
+\r
+               $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
+\r
                // start index\r
                if (postVar('start'))\r
                        $start = postVar('start');\r
                else\r
-                       $start = 0;     \r
-                       \r
+                       $start = 0;\r
+\r
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = postVar('amount');\r
                else\r
-                       $amount = 10;   \r
-               \r
+                       $amount = 10;\r
+\r
                $search = postVar('search');            // search through comments\r
 \r
 \r
                $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
 \r
-               if ($search != '') \r
+               if ($search != '')\r
                        $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
-                       \r
-                               \r
+\r
+\r
                $query .= ' ORDER BY ctime DESC'\r
-                       . " LIMIT $start,$amount";\r
+                               . " LIMIT $start,$amount";\r
 \r
 \r
                $blog =& $manager->getBlog($blogid);\r
 \r
                $this->pagehead();\r
-                               \r
-               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
                echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
-               \r
+\r
                $template['content'] = 'commentlist';\r
                $template['canAddBan'] = $member->blogAdminRights($blogid);\r
-               \r
+\r
                $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
-               $navList->showBatchList('comment',$query,'table',$template, 'No comments were made on items of this blog');\r
-       \r
+               $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
+\r
                $this->pagefoot();\r
        }\r
 \r
@@ -941,97 +971,97 @@ class ADMIN {
          */\r
        function action_createitem() {\r
                global $member, $manager;\r
-               \r
+\r
                $blogid = intRequestVar('blogid');\r
-               \r
+\r
                // check if allowed\r
-               $member->teamRights($blogid) or $this->disallow();              \r
-               \r
+               $member->teamRights($blogid) or $this->disallow();\r
+\r
                $memberid = $member->getID();\r
-               \r
+\r
                $blog =& $manager->getBlog($blogid);\r
-                               \r
+\r
                $this->pagehead();\r
-       \r
+\r
                // generate the add-item form\r
-               $formfactory = new PAGEFACTORY($blogid);\r
+               $formfactory =& new PAGEFACTORY($blogid);\r
                $formfactory->createAddForm('admin');\r
 \r
-               $this->pagefoot();      \r
+               $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_itemedit() {\r
                global $member, $manager;\r
-               \r
+\r
                $itemid = intRequestVar('itemid');\r
-               \r
+\r
                // only allow if user is allowed to alter item\r
                $member->canAlterItem($itemid) or $this->disallow();\r
-               \r
+\r
                $item =& $manager->getItem($itemid,1,1);\r
                $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
-               \r
+\r
                $manager->notify('PrepareItemForEdit', array('item' => &$item));\r
-               \r
+\r
                if ($blog->convertBreaks()) {\r
                        $item['body'] = removeBreaks($item['body']);\r
                        $item['more'] = removeBreaks($item['more']);\r
                }\r
-       \r
+\r
                // form to edit blog items\r
                $this->pagehead();\r
-               $formfactory = new PAGEFACTORY($blog->getID());\r
-               $formfactory->createEditForm('admin',$item);            \r
-               $this->pagefoot();      \r
+               $formfactory =& new PAGEFACTORY($blog->getID());\r
+               $formfactory->createEditForm('admin',$item);\r
+               $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_itemupdate() {\r
                global $member, $manager, $CONF;\r
-               \r
+\r
                $itemid = intRequestVar('itemid');\r
                $catid = postVar('catid');\r
-               \r
+\r
                // only allow if user is allowed to alter item\r
                $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
 \r
                $actiontype = postVar('actiontype');\r
-               \r
+\r
                // delete actions are handled by itemdelete (which has confirmation)\r
                if ($actiontype == 'delete') {\r
                        $this->action_itemdelete();\r
-                       return; \r
+                       return;\r
                }\r
-                               \r
+\r
                $body   = postVar('body');\r
                $title  = postVar('title');\r
                $more   = postVar('more');\r
                $closed = intPostVar('closed');\r
 \r
                // default action = add now\r
-               if (!$actiontype) \r
+               if (!$actiontype)\r
                        $actiontype='addnow';\r
-                       \r
-               // create new category if needed \r
+\r
+               // create new category if needed\r
                if (strstr($catid,'newcat')) {\r
-                       // get blogid \r
+                       // get blogid\r
                        list($blogid) = sscanf($catid,"newcat-%d");\r
-                       \r
+\r
                        // create\r
                        $blog =& $manager->getBlog($blogid);\r
                        $catid = $blog->createNewCategory();\r
 \r
                        // show error when sth goes wrong\r
-                       if (!$catid) \r
+                       if (!$catid)\r
                                $this->doError(_ERROR_CATCREATEFAIL);\r
-               } \r
+               }\r
 \r
                /*\r
                        set some variables based on actiontype\r
-                       \r
+\r
                        actiontypes:\r
                                draft items -> addnow, addfuture, adddraft, delete\r
                                non-draft items -> edit, changedate, delete\r
-                       \r
+\r
                        variables set:\r
                                $timestamp: set to a nonzero value for future dates or date changes\r
                                $wasdraft: set to 1 when the item used to be a draft item\r
@@ -1046,7 +1076,7 @@ class ADMIN {
                        case 'addfuture':\r
                                $wasdraft = 1;\r
                                $publish = 1;\r
-                               $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
+                               $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
                                break;\r
                        case 'addnow':\r
                                $wasdraft = 1;\r
@@ -1064,15 +1094,22 @@ class ADMIN {
                                $wasdraft = 0;\r
                                $timestamp = 0;\r
                }\r
-               \r
+\r
                // edit the item for real\r
                ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
-               \r
+\r
+               $blogid = getBlogIDFromItemID($itemid);\r
+               $blog =& $manager->getBlog($blogid);\r
+               if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {\r
+                       $this->action_sendping($blogid);\r
+                       return;\r
+               }\r
+\r
                // show category edit window when we created a new category\r
                // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
                if ($catid != intPostVar('catid')) {\r
                        $this->action_categoryedit(\r
-                               $catid, \r
+                               $catid,\r
                                $blog->getID(),\r
                                $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
                        );\r
@@ -1081,136 +1118,141 @@ class ADMIN {
                        $this->action_itemlist(getBlogIDFromItemID($itemid));\r
                }\r
        }\r
-       \r
+\r
        function action_itemdelete() {\r
                global $member, $manager;\r
-               \r
+\r
                $itemid = intRequestVar('itemid');\r
-               \r
+\r
                // only allow if user is allowed to alter item\r
                $member->canAlterItem($itemid) or $this->disallow();\r
-               \r
+\r
                if (!$manager->existsItem($itemid,1,1))\r
                        $this->error(_ERROR_NOSUCHITEM);\r
-                       \r
+\r
                $item =& $manager->getItem($itemid,1,1);\r
                $title = htmlspecialchars(strip_tags($item['title']));\r
                $body = strip_tags($item['body']);\r
                $body = htmlspecialchars(shorten($body,300,'...'));\r
-               \r
+\r
                $this->pagehead();\r
                ?>\r
                        <h2><?php echo _DELETE_CONFIRM?></h2>\r
-                       \r
+\r
                        <p><?php echo _CONFIRMTXT_ITEM?></p>\r
-                       \r
+\r
                        <div class="note">\r
                                <b>"<?php echo  $title ?>"</b>\r
                                <br />\r
                                <?php echo $body?>\r
                        </div>\r
-                       \r
+\r
                        <form method="post" action="index.php"><div>\r
                                <input type="hidden" name="action" value="itemdeleteconfirm" />\r
+                               <?php $manager->addTicketHidden() ?>\r
                                <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
                                <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_itemdeleteconfirm() {\r
                global $member;\r
-               \r
+\r
                $itemid = intRequestVar('itemid');\r
-               \r
+\r
                // only allow if user is allowed to alter item\r
                $member->canAlterItem($itemid) or $this->disallow();\r
 \r
                // get blogid first\r
                $blogid = getBlogIdFromItemId($itemid);\r
-               \r
+\r
                // delete item (note: some checks will be performed twice)\r
                $this->deleteOneItem($itemid);\r
-               \r
+\r
                $this->action_itemlist($blogid);\r
        }\r
-       \r
+\r
        // deletes one item and returns error if something goes wrong\r
        function deleteOneItem($itemid) {\r
                global $member, $manager;\r
-               \r
+\r
                // only allow if user is allowed to alter item (also checks if itemid exists)\r
                if (!$member->canAlterItem($itemid))\r
                        return _ERROR_DISALLOWED;\r
-               \r
+\r
                $manager->loadClass('ITEM');\r
                ITEM::delete($itemid);\r
        }\r
 \r
        function action_itemmove() {\r
                global $member, $manager;\r
-               \r
-               $itemid = intRequestVar('itemid');              \r
-               \r
+\r
+               $itemid = intRequestVar('itemid');\r
+\r
                // only allow if user is allowed to alter item\r
                $member->canAlterItem($itemid) or $this->disallow();\r
 \r
                $item =& $manager->getItem($itemid,1,1);\r
-               \r
+\r
                $this->pagehead();\r
                ?>\r
                        <h2><?php echo _MOVE_TITLE?></h2>\r
                        <form method="post" action="index.php"><div>\r
                                <input type="hidden" name="action" value="itemmoveto" />\r
                                <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
-                               \r
-                               <?php $this->selectBlogCategory('catid',$item['catid'],10,1);?>\r
-                               \r
+\r
+                               <?php\r
+\r
+                                       $manager->addTicketHidden();\r
+                                       $this->selectBlogCategory('catid',$item['catid'],10,1);\r
+                               ?>\r
+\r
                                <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
 \r
        function action_itemmoveto() {\r
                global $member, $manager;\r
-               \r
+\r
                $itemid = intRequestVar('itemid');\r
                $catid = requestVar('catid');\r
-               \r
-               // create new category if needed \r
+\r
+               // create new category if needed\r
                if (strstr($catid,'newcat')) {\r
-                       // get blogid \r
+                       // get blogid\r
                        list($blogid) = sscanf($catid,'newcat-%d');\r
-                       \r
+\r
                        // create\r
                        $blog =& $manager->getBlog($blogid);\r
                        $catid = $blog->createNewCategory();\r
 \r
                        // show error when sth goes wrong\r
-                       if (!$catid) \r
+                       if (!$catid)\r
                                $this->doError(_ERROR_CATCREATEFAIL);\r
-               } \r
-               \r
+               }\r
+\r
                // only allow if user is allowed to alter item\r
                $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
 \r
-               ITEM::move($itemid, $catid);            \r
-               \r
+               ITEM::move($itemid, $catid);\r
+\r
                if ($catid != intRequestVar('catid'))\r
                        $this->action_categoryedit($catid, $blog->getID());\r
                else\r
-                       $this->action_itemlist(getBlogIDFromCatID($catid));             \r
+                       $this->action_itemlist(getBlogIDFromCatID($catid));\r
        }\r
-       \r
+\r
        /**\r
          * Moves one item to a given category (category existance should be checked by caller)\r
          * errors are returned\r
          */\r
        function moveOneItem($itemid, $destCatid) {\r
                global $member;\r
-               \r
+\r
                // only allow if user is allowed to move item\r
                if (!$member->canUpdateItem($itemid, $destCatid))\r
                        return _ERROR_DISALLOWED;\r
@@ -1223,46 +1265,50 @@ class ADMIN {
          */\r
        function action_additem() {\r
                global $member, $manager, $CONF;\r
-                \r
+\r
                $manager->loadClass('ITEM');\r
 \r
                $result = ITEM::createFromRequest();\r
-               \r
+\r
                if ($result['status'] == 'error')\r
                        $this->error($result['message']);\r
-               \r
+\r
                $blogid = getBlogIDFromItemID($result['itemid']);\r
                $blog =& $manager->getBlog($blogid);\r
 \r
+               $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));\r
+\r
                if ($result['status'] == 'newcategory')\r
                        $this->action_categoryedit(\r
                                $result['catid'],\r
-                               $blogid, \r
-                               $blog->pingUserland() ? $CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid) : ''\r
+                               $blogid,\r
+                               $blog->pingUserland() ? $pingUrl : ''\r
                        );\r
                elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())\r
                        $this->action_sendping($blogid);\r
                else\r
                        $this->action_itemlist($blogid);\r
        }\r
-       \r
+\r
        /**\r
          * Shows a window that says we're about to ping weblogs.com.\r
-         * immediately refresh to the real pinging page, which will \r
+         * immediately refresh to the real pinging page, which will\r
          * show an error, or redirect to the blog.\r
          *\r
          * @param $blogid ID of blog for which ping needs to be sent out\r
          */\r
        function action_sendping($blogid = -1) {\r
-               global $member;\r
-               \r
+               global $member, $manager;\r
+\r
                if ($blogid == -1)\r
                        $blogid = intRequestVar('blogid');\r
-               \r
+\r
                $member->isLoggedIn() or $this->disallow();\r
-               \r
-               $this->pagehead('<meta http-equiv="refresh" content="1; url=index.php?action=rawping&amp;blogid=' . $blogid . '" />');\r
-               ?>              \r
+\r
+               $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));\r
+\r
+               $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');\r
+               ?>\r
                <h2>Site Updated, Now pinging weblogs.com</h2>\r
 \r
                <p>\r
@@ -1270,78 +1316,79 @@ class ADMIN {
                        <br />\r
                        When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.\r
                </p>\r
-               \r
+\r
                <p>\r
                        If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>\r
                </p>\r
                <?php           $this->pagefoot();\r
        }\r
-       \r
+\r
        // ping to Weblogs.com\r
        // sends the real ping (can take up to 10 seconds!)\r
        function action_rawping() {\r
                global $manager;\r
                // TODO: checks?\r
-                               \r
+\r
                $blogid = intRequestVar('blogid');\r
                $blog =& $manager->getBlog($blogid);\r
-               \r
+\r
                $result = $blog->sendUserlandPing();\r
-               \r
+\r
                $this->pagehead();\r
-               \r
+\r
                ?>\r
-               \r
+\r
                <h2>Ping Results</h2>\r
-               \r
+\r
                <p>The following message was returned by weblogs.com:</p>\r
-               \r
+\r
                <div class='note'><?php echo  $result ?></div>\r
-               \r
+\r
                <ul>\r
                        <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>\r
                        <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>\r
                </ul>\r
-               \r
+\r
                <?php           $this->pagefoot();\r
        }\r
-       \r
-       /** \r
+\r
+       /**\r
          * Allows to edit previously made comments\r
          */\r
        function action_commentedit() {\r
                global $member, $manager;\r
-               \r
+\r
                $commentid = intRequestVar('commentid');\r
-               \r
+\r
                $member->canAlterComment($commentid) or $this->disallow();\r
 \r
                $comment = COMMENT::getComment($commentid);\r
-               \r
+\r
                $manager->notify('PrepareCommentForEdit',array('comment' => &$comment));\r
 \r
                // change <br /> to \n\r
                $comment['body'] = str_replace('<br />','',$comment['body']);\r
-               \r
-               $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]>[^<]*</a>","\\1",$comment['body']);\r
-               \r
+\r
+               $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);\r
+\r
                $this->pagehead();\r
-               \r
+\r
                ?>\r
                <h2><?php echo _EDITC_TITLE?></h2>\r
-               \r
+\r
                <form action="index.php" method="post"><div>\r
-               \r
+\r
                <input type="hidden" name="action" value="commentupdate" />\r
+               <?php $manager->addTicketHidden(); ?>\r
                <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
                <table><tr>\r
                        <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
                </tr><tr>\r
                        <td><?php echo _EDITC_WHO?></td>\r
                        <td>\r
-                       <?php                           if ($comment['member']) \r
+                       <?php                           if ($comment['member'])\r
                                        echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
-                               else \r
+                               else\r
                                        echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
                        ?>\r
                        </td>\r
@@ -1362,23 +1409,23 @@ class ADMIN {
                        <td><?php echo _EDITC_EDIT?></td>\r
                        <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
                </tr></table>\r
-               \r
+\r
                </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_commentupdate() {\r
                global $member, $manager;\r
-               \r
+\r
                $commentid = intRequestVar('commentid');\r
-               \r
+\r
                $member->canAlterComment($commentid) or $this->disallow();\r
-               \r
+\r
                $body = postVar('body');\r
-               \r
+\r
                // intercept words that are too long\r
-               if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) \r
+               if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)\r
                        $this->error(_ERROR_COMMENT_LONGWORD);\r
 \r
                // check length\r
@@ -1386,75 +1433,76 @@ class ADMIN {
                        $this->error(_ERROR_COMMENT_NOCOMMENT);\r
                if (strlen($body)>5000)\r
                        $this->error(_ERROR_COMMENT_TOOLONG);\r
-               \r
-               \r
+\r
+\r
                // prepare body\r
                $body = COMMENT::prepareBody($body);\r
-               \r
+\r
                // call plugins\r
                $manager->notify('PreUpdateComment',array('body' => &$body));\r
-               \r
+\r
                $query =  'UPDATE '.sql_table('comment')\r
-                      . " SET cbody='" .addslashes($body). "'"\r
-                      . " WHERE cnumber=" . $commentid;\r
+                          . " SET cbody='" .addslashes($body). "'"\r
+                          . " WHERE cnumber=" . $commentid;\r
                sql_query($query);\r
-               \r
+\r
                // get itemid\r
                $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
                $o = mysql_fetch_object($res);\r
                $itemid = $o->citem;\r
-               \r
+\r
                if ($member->canAlterItem($itemid))\r
-                       $this->action_itemcommentlist($itemid); \r
+                       $this->action_itemcommentlist($itemid);\r
                else\r
                        $this->action_browseowncomments();\r
-       \r
+\r
        }\r
-       \r
+\r
        function action_commentdelete() {\r
-               global $member;\r
-               \r
+               global $member, $manager;\r
+\r
                $commentid = intRequestVar('commentid');\r
-               \r
+\r
                $member->canAlterComment($commentid) or $this->disallow();\r
 \r
                $comment = COMMENT::getComment($commentid);\r
 \r
                $body = strip_tags($comment['body']);\r
                $body = htmlspecialchars(shorten($body, 300, '...'));\r
-               \r
+\r
                if ($comment['member'])\r
                        $author = $comment['member'];\r
                else\r
                        $author = $comment['user'];\r
-               \r
+\r
                $this->pagehead();\r
                ?>\r
-               \r
+\r
                        <h2><?php echo _DELETE_CONFIRM?></h2>\r
-                       \r
+\r
                        <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
-                       \r
+\r
                        <div class="note">\r
                        <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
                        <br />\r
                        <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
                        </div>\r
-                       \r
+\r
                        <form method="post" action="index.php"><div>\r
                                <input type="hidden" name="action" value="commentdeleteconfirm" />\r
+                               <?php $manager->addTicketHidden() ?>\r
                                <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
                                <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_commentdeleteconfirm() {\r
                global $member;\r
-               \r
+\r
                $commentid = intRequestVar('commentid');\r
-               \r
+\r
                // get item id first\r
                $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
                $o = mysql_fetch_object($res);\r
@@ -1463,70 +1511,71 @@ class ADMIN {
                $error = $this->deleteOneComment($commentid);\r
                if ($error)\r
                        $this->doError($error);\r
-                       \r
+\r
                if ($member->canAlterItem($itemid))\r
-                       $this->action_itemcommentlist($itemid); \r
+                       $this->action_itemcommentlist($itemid);\r
                else\r
                        $this->action_browseowncomments();\r
        }\r
-       \r
+\r
        function deleteOneComment($commentid) {\r
                global $member, $manager;\r
-               \r
+\r
                $commentid = intval($commentid);\r
-               \r
+\r
                if (!$member->canAlterComment($commentid))\r
                        return _ERROR_DISALLOWED;\r
-                       \r
+\r
                $manager->notify('PreDeleteComment', array('commentid' => $commentid));\r
-                               \r
+\r
                // delete the comments associated with the item\r
                $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
                sql_query($query);\r
-               \r
-               $manager->notify('PostDeleteComment', array('commentid' => $commentid));                \r
-               \r
+\r
+               $manager->notify('PostDeleteComment', array('commentid' => $commentid));\r
+\r
                return '';\r
        }\r
-       \r
+\r
        /**\r
          * Usermanagement main\r
          */\r
        function action_usermanagement() {\r
-               global $member;\r
-               \r
+               global $member, $manager;\r
+\r
                // check if allowed\r
                $member->isAdmin() or $this->disallow();\r
 \r
                $this->pagehead();\r
-       \r
+\r
                echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
-               \r
+\r
                echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
-               \r
+\r
                echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
-               \r
+\r
                // show list of members with actions\r
                $query =  'SELECT *'\r
-                      . ' FROM '.sql_table('member');\r
+                          . ' FROM '.sql_table('member');\r
                $template['content'] = 'memberlist';\r
                $template['tabindex'] = 10;\r
-               \r
-               $batch = new BATCH('member');\r
+\r
+               $batch =& new BATCH('member');\r
                $batch->showlist($query,'table',$template);\r
 \r
                echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
                ?>\r
                        <form method="post" action="index.php"><div>\r
-                       \r
+\r
                        <input type="hidden" name="action" value="memberadd" />\r
-                       \r
+                       <?php $manager->addTicketHidden() ?>\r
+\r
                        <table>\r
                        <tr>\r
                                <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
                        </tr><tr>\r
                                <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
-                                   <br /><small>(This is the name used to logon)</small>\r
+                                       <br /><small>(This is the name used to logon)</small>\r
                                </td>\r
                                <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>\r
                        </tr><tr>\r
@@ -1557,12 +1606,12 @@ class ADMIN {
                                <td><?php echo _MEMBERS_NEW?></td>\r
                                <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
                        </tr></table>\r
-                       \r
-                       </div></form>           \r
-               <?php           \r
+\r
+                       </div></form>\r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        /**\r
          * Edit member settings\r
          */\r
@@ -1571,14 +1620,15 @@ class ADMIN {
        }\r
        function action_editmembersettings($memberid = '') {\r
                global $member, $manager, $CONF;\r
-               \r
+\r
                if ($memberid == '')\r
                        $memberid = $member->getID();\r
-               \r
+\r
                // check if allowed\r
                ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
-       \r
-               $this->pagehead();\r
+\r
+               $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+               $this->pagehead($extrahead);\r
 \r
                // show message to go back to member overview (only for admins)\r
                if ($member->isAdmin())\r
@@ -1587,19 +1637,21 @@ class ADMIN {
                        echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
 \r
                echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
-               \r
+\r
                $mem = MEMBER::createFromID($memberid);\r
-               \r
+\r
                ?>\r
                <form method="post" action="index.php"><div>\r
-               \r
+\r
                <input type="hidden" name="action" value="changemembersettings" />\r
                <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
+               <?php $manager->addTicketHidden() ?>\r
+\r
                <table><tr>\r
                        <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
                </tr><tr>\r
                        <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
-                           <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
+                               <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
                        </td>\r
                        <td>\r
                        <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
@@ -1612,7 +1664,7 @@ class ADMIN {
                </tr><tr>\r
                        <td><?php echo _MEMBERS_REALNAME?></td>\r
                        <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
-               </tr><tr>               \r
+               </tr><tr>\r
                <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
                        <td><?php echo _MEMBERS_PWD?></td>\r
                        <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
@@ -1622,31 +1674,31 @@ class ADMIN {
                <?php } ?>\r
                </tr><tr>\r
                        <td><?php echo _MEMBERS_EMAIL?>\r
-                           <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
+                               <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
                        </td>\r
                        <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
                </tr><tr>\r
                        <td><?php echo _MEMBERS_URL?></td>\r
-                       <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>                  \r
+                       <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
                <?php // only allow to change this by super-admins\r
                   // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
                   if ($member->isAdmin()) {\r
                ?>\r
                        </tr><tr>\r
                                <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
-                               <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>       \r
+                               <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
                        </tr><tr>\r
                                <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
                                <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70); ?></td>\r
                <?php } ?>\r
                </tr><tr>\r
                        <td><?php echo _MEMBERS_NOTES?></td>\r
-                       <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>                      \r
-               </tr><tr>               \r
+                       <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
+               </tr><tr>\r
                        <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
                        </td>\r
                        <td>\r
-                       \r
+\r
                                <select name="deflang" tabindex="85">\r
                                        <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
                                <?php                           // show a dropdown list of all available languages\r
@@ -1664,13 +1716,13 @@ class ADMIN {
                                closedir($dirhandle);\r
 \r
                                ?>\r
-                               </select>                       \r
-                       \r
+                               </select>\r
+\r
                        </td>\r
                </tr>\r
                <?php\r
                        // plugin options\r
-                       $this->_insertPluginOptions('member',$memberid);                        \r
+                       $this->_insertPluginOptions('member',$memberid);\r
                ?>\r
                <tr>\r
                        <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
@@ -1678,35 +1730,35 @@ class ADMIN {
                        <td><?php echo _MEMBERS_EDIT?></td>\r
                        <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
                </tr></table>\r
-               \r
+\r
                </div></form>\r
-               \r
-               \r
-               <?php           \r
-                       echo '<h3>', _PLUGINS_EXTRA , '</h3>';\r
+\r
+               <?php\r
+                       echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
+\r
                        $manager->notify(\r
-                               'MemberSettingsFormExtras',     \r
+                               'MemberSettingsFormExtras',\r
                                array(\r
                                        'member' => &$mem\r
                                )\r
                        );\r
-                       \r
+\r
                $this->pagefoot();\r
        }\r
-       \r
-       \r
+\r
+\r
        function action_changemembersettings() {\r
                global $member, $CONF, $manager;\r
-               \r
+\r
                $memberid = intRequestVar('memberid');\r
-               \r
+\r
                // check if allowed\r
                ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
-               \r
+\r
                $name                   = trim(postVar('name'));\r
                $realname               = trim(postVar('realname'));\r
                $password               = postVar('password');\r
-               $repeatpassword = postVar('repeatpassword');            \r
+               $repeatpassword = postVar('repeatpassword');\r
                $email                  = postVar('email');\r
                $url                    = postVar('url');\r
 \r
@@ -1718,7 +1770,7 @@ class ADMIN {
                $canlogin               = postVar('canlogin');\r
                $notes                  = postVar('notes');\r
                $deflang                = postVar('deflang');\r
-               \r
+\r
                $mem = MEMBER::createFromID($memberid);\r
 \r
                if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
@@ -1728,238 +1780,399 @@ class ADMIN {
 \r
                        if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
                                $this->error(_ERROR_NICKNAMEINUSE);\r
-                               \r
+\r
                        if ($password != $repeatpassword)\r
                                $this->error(_ERROR_PASSWORDMISMATCH);\r
-                               \r
+\r
                        if ($password && (strlen($password) < 6))\r
                                $this->error(_ERROR_PASSWORDTOOSHORT);\r
                }\r
-               \r
+\r
                if (!isValidMailAddress($email))\r
                        $this->error(_ERROR_BADMAILADDRESS);\r
 \r
-       \r
+\r
                if (!$realname)\r
                        $this->error(_ERROR_REALNAMEMISSING);\r
-                       \r
-               if (($deflang != '') && (!checkLanguage($deflang))) \r
+\r
+               if (($deflang != '') && (!checkLanguage($deflang)))\r
                        $this->error(_ERROR_NOSUCHLANGUAGE);\r
-               \r
+\r
                // check if there will remain at least one site member with both the logon and admin rights\r
                // (check occurs when taking away one of these rights from such a member)\r
                if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
-                    || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
+                        || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
                   )\r
                {\r
                        $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
                        if (mysql_num_rows($r) < 2)\r
                                $this->error(_ERROR_ATLEASTONEADMIN);\r
                }\r
-               \r
-               \r
-               // if email changed, generate new password\r
-               if ($email != $mem->getEmail())\r
-               {\r
-                       $password = genPassword(10);\r
-                       $newpass = 1;\r
-               } else {\r
-                       $newpass = 0;\r
-               }\r
 \r
                if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
                        $mem->setDisplayName($name);\r
-                       if ($password) \r
+                       if ($password)\r
                                $mem->setPassword($password);\r
                }\r
 \r
                if ($newpass)\r
                        $mem->setPassword($password);\r
-               \r
+\r
+               $oldEmail = $mem->getEmail();\r
+\r
                $mem->setRealName($realname);\r
                $mem->setEmail($email);\r
                $mem->setURL($url);\r
                $mem->setNotes($notes);\r
                $mem->setLanguage($deflang);\r
 \r
-               \r
+\r
                // only allow super-admins to make changes to the admin status\r
                if ($member->isAdmin()) {\r
                        $mem->setAdmin($admin);\r
                        $mem->setCanLogin($canlogin);\r
                }\r
 \r
-       \r
+\r
                $mem->write();\r
-               \r
+\r
+               // if email changed, generate new password\r
+               if ($oldEmail != $mem->getEmail())\r
+               {\r
+                       $mem->sendActivationLink('addresschange', $oldEmail);\r
+                       // logout member\r
+                       $mem->newCookieKey();\r
+                       $member->logout();\r
+                       $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
+                       return;\r
+               }\r
+\r
+\r
                // store plugin options\r
                $aOptions = requestArray('plugoption');\r
                NucleusPlugin::_applyPluginOptions($aOptions);\r
-               $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));           \r
-               \r
-               // if new password was generated, send out mail message and logout\r
-               if ($newpass) \r
-                       $mem->sendPassword($password);\r
+               $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));\r
 \r
-               if (  ( $mem->getID() == $member->getID() ) \r
+               if (  ( $mem->getID() == $member->getID() )\r
                   && ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) )\r
                   ) {\r
+                       $mem->newCookieKey();\r
                        $member->logout();\r
                        $this->action_login(_MSG_LOGINAGAIN, 0);\r
                } else {\r
                        $this->action_overview(_MSG_SETTINGSCHANGED);\r
                }\r
        }\r
-       \r
+\r
        function action_memberadd() {\r
                global $member;\r
-               \r
+\r
                // check if allowed\r
                $member->isAdmin() or $this->disallow();\r
-               \r
+\r
                if (postVar('password') != postVar('repeatpassword'))\r
                        $this->error(_ERROR_PASSWORDMISMATCH);\r
-               if (strlen(postVar('password')) < 6)  \r
+               if (strlen(postVar('password')) < 6)\r
                        $this->error(_ERROR_PASSWORDTOOSHORT);\r
-               \r
-               $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));    \r
+\r
+               $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
                if ($res != 1)\r
                        $this->error($res);\r
-               \r
-               $this->action_usermanagement();         \r
+\r
+               $this->action_usermanagement();\r
+       }\r
+\r
+       /**\r
+        * Account activation\r
+        *\r
+        * @author dekarma\r
+        */\r
+       function action_activate() {\r
+\r
+               $key = getVar('key');\r
+               $this->_showActivationPage($key);\r
+       }\r
+\r
+       function _showActivationPage($key, $message = '')\r
+       {\r
+               global $manager;\r
+\r
+               // clean up old activation keys\r
+               MEMBER::cleanupActivationTable();\r
+\r
+               // get activation info\r
+               $info = MEMBER::getActivationInfo($key);\r
+\r
+               if (!$info)\r
+                       $this->error(_ERROR_ACTIVATE);\r
+\r
+               $mem = MEMBER::createFromId($info->vmember);\r
+\r
+               if (!$mem)\r
+                       $this->error(_ERROR_ACTIVATE);\r
+\r
+               $text = '';\r
+               $title = '';\r
+               $bNeedsPasswordChange = true;\r
+\r
+               switch ($info->vtype)\r
+               {\r
+                       case 'forgot':\r
+                               $title = _ACTIVATE_FORGOT_TITLE;\r
+                               $text = _ACTIVATE_FORGOT_TEXT;\r
+                               break;\r
+                       case 'register':\r
+                               $title = _ACTIVATE_REGISTER_TITLE;\r
+                               $text = _ACTIVATE_REGISTER_TEXT;\r
+                               break;\r
+                       case 'addresschange':\r
+                               $title = _ACTIVATE_CHANGE_TITLE;\r
+                               $text = _ACTIVATE_CHANGE_TEXT;\r
+                               $bNeedsPasswordChange = false;\r
+                               MEMBER::activate($key);\r
+                               break;\r
+               }\r
+\r
+               $aVars = array(\r
+                       'memberName' => htmlspecialchars($mem->getDisplayName())\r
+               );\r
+               $title = TEMPLATE::fill($title, $aVars);\r
+               $text = TEMPLATE::fill($text, $aVars);\r
+\r
+               $this->pagehead();\r
+\r
+                       echo '<h2>' , $title, '</h2>';\r
+                       echo '<p>' , $text, '</p>';\r
+\r
+                       if ($message != '')\r
+                       {\r
+                               echo '<p class="error">',$message,'</p>';\r
+                       }\r
+\r
+                       if ($bNeedsPasswordChange)\r
+                       {\r
+                               ?>\r
+                                       <div><form action="index.php" method="post">\r
+\r
+                                               <input type="hidden" name="action" value="activatesetpwd" />\r
+                                               <?php $manager->addTicketHidden() ?>\r
+                                               <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
+\r
+                                               <table><tr>\r
+                                                       <td><?php echo _MEMBERS_PWD?></td>\r
+                                                       <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
+                                               </tr><tr>\r
+                                                       <td><?php echo _MEMBERS_REPPWD?></td>\r
+                                                       <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
+                                               <?php\r
+\r
+                                                       global $manager;\r
+                                                       $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem));\r
+\r
+                                               ?>\r
+                                               </tr><tr>\r
+                                                       <td><?php echo _MEMBERS_SETPWD ?></td>\r
+                                                       <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
+                                               </tr></table>\r
+\r
+\r
+                                       </form></div>\r
+\r
+                               <?php\r
+\r
+                       }\r
+\r
+               $this->pagefoot();\r
+\r
+       }\r
+\r
+       /**\r
+        * Account activation - set password part\r
+        *\r
+        * @author dekarma\r
+        */\r
+       function action_activatesetpwd() {\r
+\r
+               $key = postVar('key');\r
+\r
+               // clean up old activation keys\r
+               MEMBER::cleanupActivationTable();\r
+\r
+               // get activation info\r
+               $info = MEMBER::getActivationInfo($key);\r
+\r
+               if (!$info || ($info->type == 'addresschange'))\r
+                       return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
+\r
+               $mem = MEMBER::createFromId($info->vmember);\r
+\r
+               if (!$mem)\r
+                       return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
+\r
+               $password               = postVar('password');\r
+               $repeatpassword = postVar('repeatpassword');\r
+\r
+               if ($password != $repeatpassword)\r
+                       return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
+\r
+               if ($password && (strlen($password) < 6))\r
+                       return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
+\r
+               $error = '';\r
+               global $manager;\r
+               $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
+               if ($error != '')\r
+                       return $this->_showActivationPage($key, $error);\r
+\r
+\r
+               // set password\r
+               $mem->setPassword($password);\r
+               $mem->write();\r
+\r
+               // do the activation\r
+               MEMBER::activate($key);\r
+\r
+               $this->pagehead();\r
+                       echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
+                       echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
+               $this->pagefoot();\r
        }\r
-       \r
+\r
        /**\r
          * Manage team\r
          */\r
        function action_manageteam() {\r
-               global $member;\r
-               \r
+               global $member, $manager;\r
+\r
                $blogid = intRequestVar('blogid');\r
-               \r
+\r
                // check if allowed\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-       \r
+\r
                $this->pagehead();\r
-               \r
+\r
                echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
-               \r
+\r
                echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
-               \r
+\r
                echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
 \r
 \r
 \r
                $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
-                      . ' FROM '.sql_table('member').', '.sql_table('team')\r
-                      . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
+                          . ' FROM '.sql_table('member').', '.sql_table('team')\r
+                          . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
 \r
                $template['content'] = 'teamlist';\r
                $template['tabindex'] = 10;\r
-               \r
-               $batch = new BATCH('team');\r
+\r
+               $batch =& new BATCH('team');\r
                $batch->showlist($query, 'table', $template);\r
 \r
                ?>\r
                        <h3><?php echo _TEAM_ADDNEW?></h3>\r
 \r
                        <form method='post' action='index.php'><div>\r
-                       \r
+\r
                        <input type='hidden' name='action' value='teamaddmember' />\r
                        <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
+                       <?php $manager->addTicketHidden() ?>\r
 \r
                        <table><tr>\r
                                <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
                                <td><?php                                       // TODO: try to make it so only non-team-members are listed\r
                                        $query =  'SELECT mname as text, mnumber as value'\r
-                                              . ' FROM '.sql_table('member');\r
+                                                  . ' FROM '.sql_table('member');\r
 \r
                                        $template['name'] = 'memberid';\r
                                        $template['tabindex'] = 10000;\r
-                                       showlist($query,'select',$template);                    \r
+                                       showlist($query,'select',$template);\r
                                ?></td>\r
                        </tr><tr>\r
                                <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
                                <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
                        </tr><tr>\r
                                <td><?php echo _TEAM_ADD?></td>\r
-                               <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>            \r
+                               <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
                        </tr></table>\r
-                       \r
+\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        /**\r
          * Add member tot tram\r
          */\r
        function action_teamaddmember() {\r
                global $member, $manager;\r
-               \r
+\r
                $memberid = intPostVar('memberid');\r
                $blogid = intPostVar('blogid');\r
                $admin = intPostVar('admin');\r
-               \r
+\r
                // check if allowed\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                $blog =& $manager->getBlog($blogid);\r
                if (!$blog->addTeamMember($memberid, $admin))\r
                        $this->error(_ERROR_ALREADYONTEAM);\r
-               \r
+\r
                $this->action_manageteam();\r
-               \r
+\r
        }\r
-       \r
+\r
        function action_teamdelete() {\r
                global $member, $manager;\r
-               \r
+\r
                $memberid = intRequestVar('memberid');\r
                $blogid = intRequestVar('blogid');\r
-               \r
+\r
                // check if allowed\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                $teammem = MEMBER::createFromID($memberid);\r
                $blog =& $manager->getBlog($blogid);\r
-               \r
+\r
                $this->pagehead();\r
                ?>\r
                        <h2><?php echo _DELETE_CONFIRM?></h2>\r
-                       \r
+\r
                        <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
                        </p>\r
-                       \r
-                       \r
+\r
+\r
                        <form method="post" action="index.php"><div>\r
                        <input type="hidden" name="action" value="teamdeleteconfirm" />\r
+                       <?php $manager->addTicketHidden() ?>\r
                        <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
                        <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
                        <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_teamdeleteconfirm() {\r
                global $member;\r
-               \r
+\r
                $memberid = intRequestVar('memberid');\r
                $blogid = intRequestVar('blogid');\r
 \r
                $error = $this->deleteOneTeamMember($blogid, $memberid);\r
-               \r
-               \r
+               if ($error)\r
+                       $this->error($error);\r
+\r
+\r
                $this->action_manageteam();\r
        }\r
-       \r
+\r
        function deleteOneTeamMember($blogid, $memberid) {\r
                global $member, $manager;\r
-               \r
+\r
                $blogid = intval($blogid);\r
                $memberid = intval($memberid);\r
-               \r
+\r
                // check if allowed\r
                if (!$member->blogAdminRights($blogid))\r
                        return _ERROR_DISALLOWED;\r
@@ -1967,9 +2180,9 @@ class ADMIN {
                // check if: - there remains at least one blog admin\r
                //           - (there remains at least one team member)\r
                $tmem = MEMBER::createFromID($memberid);\r
-               \r
-               $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));                         \r
-               \r
+\r
+               $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
+\r
                if ($tmem->isBlogAdmin($blogid)) {\r
                        // check if there are more blog members left and at least one admin\r
                        // (check for at least two admins before deletion)\r
@@ -1978,67 +2191,68 @@ class ADMIN {
                        if (mysql_num_rows($r) < 2)\r
                                return _ERROR_ATLEASTONEBLOGADMIN;\r
                }\r
-               \r
+\r
                $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
                sql_query($query);\r
-               \r
-               $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));                                                \r
-               \r
+\r
+               $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
+\r
                return '';\r
        }\r
-       \r
+\r
        function action_teamchangeadmin() {\r
                global $member;\r
-               \r
+\r
                $blogid = intRequestVar('blogid');\r
                $memberid = intRequestVar('memberid');\r
-               \r
+\r
                // check if allowed\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
                $mem = MEMBER::createFromID($memberid);\r
-               \r
+\r
                // don't allow when there is only one admin at this moment\r
                if ($mem->isBlogAdmin($blogid)) {\r
                        $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
                        if (mysql_num_rows($r) == 1)\r
                                $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
                }\r
-               \r
+\r
                if ($mem->isBlogAdmin($blogid))\r
                        $newval = 0;\r
-               else    \r
+               else\r
                        $newval = 1;\r
-                       \r
+\r
                $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
                sql_query($query);\r
-               \r
+\r
                // only show manageteam if member did not change its own admin privileges\r
                if ($member->isBlogAdmin($blogid))\r
                        $this->action_manageteam();\r
                else\r
                        $this->action_overview(_MSG_ADMINCHANGED);\r
        }\r
-         \r
+\r
        function action_blogsettings() {\r
                global $member, $manager;\r
-               \r
+\r
                $blogid = intRequestVar('blogid');\r
-               \r
+\r
                // check if allowed\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                $blog =& $manager->getBlog($blogid);\r
-               \r
-               $this->pagehead();\r
-               \r
-               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';          \r
+\r
+               $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+               $this->pagehead($extrahead);\r
+\r
+               echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
                ?>\r
                <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
 \r
                <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
-               \r
-               <p>Members currently on your team: \r
+\r
+               <p>Members currently on your team:\r
                <?php\r
                        $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
                        $aMemberNames = array();\r
@@ -2047,18 +2261,19 @@ class ADMIN {
                        echo implode(',', $aMemberNames);\r
                ?>\r
                </p>\r
-               \r
-               \r
+\r
+\r
 \r
                <p>\r
                <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
                </p>\r
 \r
                <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
-               \r
+\r
                <form method="post" action="index.php"><div>\r
-               \r
+\r
                <input type="hidden" name="action" value="blogsettingsupdate" />\r
+               <?php $manager->addTicketHidden() ?>\r
                <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
                <table><tr>\r
                        <td><?php echo _EBLOG_NAME?></td>\r
@@ -2076,36 +2291,36 @@ class ADMIN {
                        <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_DEFSKIN?>\r
-                           <?php help('blogdefaultskin'); ?>\r
+                               <?php help('blogdefaultskin'); ?>\r
                        </td>\r
                        <td>\r
-                               <?php \r
+                               <?php\r
                                        $query =  'SELECT sdname as text, sdnumber as value'\r
-                                              . ' FROM '.sql_table('skin_desc');\r
+                                                  . ' FROM '.sql_table('skin_desc');\r
                                        $template['name'] = 'defskin';\r
                                        $template['selected'] = $blog->getDefaultSkin();\r
                                        $template['tabindex'] = 50;\r
-                                       showlist($query,'select',$template);            \r
+                                       showlist($query,'select',$template);\r
                                ?>\r
-                               \r
+\r
                        </td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
                        </td>\r
-                       <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>        \r
+                       <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
                        </td>\r
-                       <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>  \r
-               </tr><tr>                                       \r
+                       <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
+               </tr><tr>\r
                        <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
                        </td>\r
-                       <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>   \r
+                       <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_ANONYMOUS?>\r
                        </td>\r
-                       <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>    \r
-               </tr><tr>               \r
+                       <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
+               </tr><tr>\r
                        <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
                        <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
                </tr><tr>\r
@@ -2116,17 +2331,17 @@ class ADMIN {
                                /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
                                <br />\r
                                <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
-                                       <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>                           \r
+                                       <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
                                /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
                                <br />\r
                                <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
-                                       <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>                                \r
+                                       <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
                                /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
                        </td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>\r
-                       <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>                          \r
-               </tr><tr>               \r
+                       <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>\r
+               </tr><tr>\r
                        <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
                        <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
                </tr><tr>\r
@@ -2135,25 +2350,25 @@ class ADMIN {
                </tr><tr>\r
                        <td><?php echo _EBLOG_DEFCAT?></td>\r
                        <td>\r
-                               <?php \r
+                               <?php\r
                                        $query =  'SELECT cname as text, catid as value'\r
-                                              . ' FROM '.sql_table('category')\r
-                                              . ' WHERE cblog=' . $blog->getID();\r
+                                                  . ' FROM '.sql_table('category')\r
+                                                  . ' WHERE cblog=' . $blog->getID();\r
                                        $template['name'] = 'defcat';\r
                                        $template['selected'] = $blog->getDefaultCategory();\r
                                        $template['tabindex'] = 110;\r
-                                       showlist($query,'select',$template);            \r
+                                       showlist($query,'select',$template);\r
                                ?>\r
-                       </td>                   \r
+                       </td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
-                           <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
-                           <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
-                           </td>\r
-                       <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>                   \r
+                               <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
+                               <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
+                               </td>\r
+                       <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
-                       <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>  \r
+                       <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
                </tr>\r
                <?php\r
                        // plugin options\r
@@ -2161,31 +2376,32 @@ class ADMIN {
                ?>\r
                <tr>\r
                        <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
-               </tr><tr>               \r
+               </tr><tr>\r
                        <td><?php echo _EBLOG_CHANGE?></td>\r
                        <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
                </tr></table>\r
-               \r
+\r
                </div></form>\r
-               \r
+\r
                <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
-               \r
 \r
-               <?php           \r
+\r
+               <?php\r
                $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
                $template['content'] = 'categorylist';\r
                $template['tabindex'] = 200;\r
-               \r
-               $batch = new BATCH('category');\r
+\r
+               $batch =& new BATCH('category');\r
                $batch->showlist($query,'table',$template);\r
-               \r
+\r
                ?>\r
 \r
-               \r
+\r
                <form action="index.php" method="post"><div>\r
                <input name="action" value="categorynew" type="hidden" />\r
+               <?php $manager->addTicketHidden() ?>\r
                <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
-               \r
+\r
                <table><tr>\r
                        <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
                </tr><tr>\r
@@ -2198,53 +2414,54 @@ class ADMIN {
                        <td><?php echo _EBLOG_CAT_CREATE?></td>\r
                        <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
                </tr></table>\r
-               \r
+\r
                </div></form>\r
-               \r
-               <?php           \r
-                       echo '<h3>', _PLUGINS_EXTRA , '</h3>';\r
-               \r
+\r
+               <?php\r
+\r
+                       echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
+\r
                        $manager->notify(\r
-                               'BlogSettingsFormExtras',       \r
+                               'BlogSettingsFormExtras',\r
                                array(\r
                                        'blog' => &$blog\r
                                )\r
                        );\r
-               \r
+\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_categorynew() {\r
                global $member, $manager;\r
-               \r
+\r
                $blogid = intRequestVar('blogid');\r
-               \r
+\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                $cname = postVar('cname');\r
                $cdesc = postVar('cdesc');\r
-               \r
+\r
                if (!isValidCategoryName($cname))\r
                        $this->error(_ERROR_BADCATEGORYNAME);\r
-                       \r
+\r
                $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);\r
                $res = sql_query($query);\r
                if (mysql_num_rows($res) > 0)\r
                        $this->error(_ERROR_DUPCATEGORYNAME);\r
-                       \r
+\r
                $blog           =& $manager->getBlog($blogid);\r
                $newCatID       =  $blog->createNewCategory($cname, $cdesc);\r
-               \r
+\r
                $this->action_blogsettings();\r
        }\r
-       \r
-       \r
+\r
+\r
        function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
-               global $member;\r
-               \r
+               global $member, $manager;\r
+\r
                if ($blogid == '')\r
                        $blogid = intGetVar('blogid');\r
-               else \r
+               else\r
                        $blogid = intval($blogid);\r
                if ($catid == '')\r
                        $catid = intGetVar('catid');\r
@@ -2259,16 +2476,18 @@ class ADMIN {
                $cname = $obj->cname;\r
                $cdesc = $obj->cdesc;\r
 \r
-               $this->pagehead();\r
+               $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+               $this->pagehead($extrahead);\r
 \r
                ?>\r
                <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
                <form method='post' action='index.php'><div>\r
                <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
-               <input name="catid" type="hidden" value="<?php echo $catid?>" />                        \r
-               <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />                                 \r
-               <input name="action" type="hidden" value="categoryupdate" />            \r
-               \r
+               <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
+               <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
+               <input name="action" type="hidden" value="categoryupdate" />\r
+               <?php $manager->addTicketHidden(); ?>\r
+\r
                <table><tr>\r
                        <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
                </tr><tr>\r
@@ -2278,7 +2497,7 @@ class ADMIN {
                        <td><?php echo _EBLOG_CAT_DESC?></td>\r
                        <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
                </tr>\r
-               <?php \r
+               <?php\r
                        // insert plugin options\r
                        $this->_insertPluginOptions('category',$catid);\r
                ?>\r
@@ -2288,16 +2507,16 @@ class ADMIN {
                        <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
                        <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
                </tr></table>\r
-                       \r
+\r
                </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
-       \r
+\r
+\r
        function action_categoryupdate() {\r
                global $member, $manager;\r
-               \r
+\r
                $blogid = intPostVar('blogid');\r
                $catid = intPostVar('catid');\r
                $cname = postVar('cname');\r
@@ -2305,28 +2524,28 @@ class ADMIN {
                $desturl = postVar('desturl');\r
 \r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                if (!isValidCategoryName($cname))\r
                        $this->error(_ERROR_BADCATEGORYNAME);\r
-                       \r
+\r
                $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
                $res = sql_query($query);\r
                if (mysql_num_rows($res) > 0)\r
                        $this->error(_ERROR_DUPCATEGORYNAME);\r
-                       \r
+\r
                $query =  'UPDATE '.sql_table('category').' SET'\r
                           . " cname='" . addslashes($cname) . "',"\r
-                          . " cdesc='" . addslashes($cdesc) . "'"                         \r
+                          . " cdesc='" . addslashes($cdesc) . "'"\r
                           . " WHERE catid=" . $catid;\r
-                          \r
+\r
                sql_query($query);\r
-               \r
+\r
                // store plugin options\r
                $aOptions = requestArray('plugoption');\r
                NucleusPlugin::_applyPluginOptions($aOptions);\r
-               $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));          \r
+               $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));\r
+\r
 \r
-               \r
                if ($desturl) {\r
                        redirect($desturl);\r
                        exit;\r
@@ -2336,54 +2555,55 @@ class ADMIN {
        }\r
 \r
        function action_categorydelete() {\r
-               global $member, $manager; \r
-               \r
+               global $member, $manager;\r
+\r
                $blogid = intRequestVar('blogid');\r
                $catid = intRequestVar('catid');\r
-               \r
+\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                $blog =& $manager->getBlog($blogid);\r
-       \r
+\r
                // check if the category is valid\r
-               if (!$blog->isValidCategory($catid)) \r
+               if (!$blog->isValidCategory($catid))\r
                        $this->error(_ERROR_NOSUCHCATEGORY);\r
-       \r
+\r
                // don't allow deletion of default category\r
                if ($blog->getDefaultCategory() == $catid)\r
                        $this->error(_ERROR_DELETEDEFCATEGORY);\r
-               \r
+\r
                // check if catid is the only category left for blogid\r
                $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
                $res = sql_query($query);\r
                if (mysql_num_rows($res) == 1)\r
                        $this->error(_ERROR_DELETELASTCATEGORY);\r
-               \r
-               \r
+\r
+\r
                $this->pagehead();\r
                ?>\r
                        <h2><?php echo _DELETE_CONFIRM?></h2>\r
-                       \r
+\r
                        <div>\r
                        <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  $blog->getCategoryName($catid)?></b>\r
                        </div>\r
-                       \r
+\r
                        <form method="post" action="index.php"><div>\r
                        <input type="hidden" name="action" value="categorydeleteconfirm" />\r
+                       <?php $manager->addTicketHidden() ?>\r
                        <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
-                       <input type="hidden" name="catid" value="<?php echo $catid?>" />                                                \r
+                       <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
                        <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_categorydeleteconfirm() {\r
-               global $member, $manager; \r
-               \r
+               global $member, $manager;\r
+\r
                $blogid = intRequestVar('blogid');\r
                $catid = intRequestVar('catid');\r
-               \r
+\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
                $error = $this->deleteOneCategory($catid);\r
@@ -2391,84 +2611,84 @@ class ADMIN {
                        $this->error($error);\r
 \r
                $this->action_blogsettings();\r
-       }       \r
+       }\r
 \r
        function deleteOneCategory($catid) {\r
                global $manager, $member;\r
-               \r
+\r
                $catid = intval($catid);\r
-               \r
-               $manager->notify('PreDeleteCategory', array('catid' => $catid));                \r
+\r
+               $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
 \r
                $blogid = getBlogIDFromCatID($catid);\r
-               \r
+\r
                if (!$member->blogAdminRights($blogid))\r
                        return ERROR_DISALLOWED;\r
-               \r
+\r
                // get blog\r
                $blog =& $manager->getBlog($blogid);\r
 \r
                // check if the category is valid\r
-               if (!$blog || !$blog->isValidCategory($catid)) \r
+               if (!$blog || !$blog->isValidCategory($catid))\r
                        return _ERROR_NOSUCHCATEGORY;\r
-       \r
+\r
                $destcatid = $blog->getDefaultCategory();\r
-               \r
+\r
                // don't allow deletion of default category\r
                if ($blog->getDefaultCategory() == $catid)\r
                        return _ERROR_DELETEDEFCATEGORY;\r
-               \r
+\r
                // check if catid is the only category left for blogid\r
                $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
                $res = sql_query($query);\r
                if (mysql_num_rows($res) == 1)\r
                        return _ERROR_DELETELASTCATEGORY;\r
-                       \r
+\r
                // change category for all items to the default category\r
                $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
                sql_query($query);\r
-               \r
+\r
                // delete all associated plugin options\r
                NucleusPlugin::_deleteOptionValues('category', $catid);\r
-               \r
+\r
                // delete category\r
                $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
                sql_query($query);\r
-               \r
-               $manager->notify('PostDeleteCategory', array('catid' => $catid));                               \r
+\r
+               $manager->notify('PostDeleteCategory', array('catid' => $catid));\r
 \r
        }\r
-       \r
+\r
        function moveOneCategory($catid, $destblogid) {\r
                global $manager, $member;\r
 \r
                $catid = intval($catid);\r
                $destblogid = intval($destblogid);\r
-               \r
+\r
                $blogid = getBlogIDFromCatID($catid);\r
-               \r
+\r
                // mover should have admin rights on both blogs\r
                if (!$member->blogAdminRights($blogid))\r
                        return _ERROR_DISALLOWED;\r
                if (!$member->blogAdminRights($destblogid))\r
                        return _ERROR_DISALLOWED;\r
-                       \r
+\r
                // cannot move to self\r
                if ($blogid == $destblogid)\r
                        return _ERROR_MOVETOSELF;\r
-               \r
+\r
                // get blogs\r
                $blog =& $manager->getBlog($blogid);\r
-               $destblog =& $manager->getBlog($destblogid);            \r
-               \r
+               $destblog =& $manager->getBlog($destblogid);\r
+\r
                // check if the category is valid\r
-               if (!$blog || !$blog->isValidCategory($catid)) \r
+               if (!$blog || !$blog->isValidCategory($catid))\r
                        return _ERROR_NOSUCHCATEGORY;\r
-                       \r
+\r
                // don't allow default category to be moved\r
                if ($blog->getDefaultCategory() == $catid)\r
                        return _ERROR_MOVEDEFCATEGORY;\r
-                       \r
+\r
                $manager->notify(\r
                        'PreMoveCategory',\r
                        array(\r
@@ -2477,7 +2697,7 @@ class ADMIN {
                                'destblog' => &$destblog\r
                        )\r
                );\r
-               \r
+\r
                // update comments table (cblog)\r
                $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
                $items = sql_query($query);\r
@@ -2489,7 +2709,7 @@ class ADMIN {
                $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;\r
                sql_query($query);\r
 \r
-               // move category \r
+               // move category\r
                $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;\r
                sql_query($query);\r
 \r
@@ -2500,47 +2720,47 @@ class ADMIN {
                                'sourceblog' => &$blog,\r
                                'destblog' => $destblog\r
                        )\r
-               );              \r
-               \r
+               );\r
+\r
        }\r
 \r
        function action_blogsettingsupdate() {\r
                global $member, $manager;\r
-               \r
+\r
                $blogid = intRequestVar('blogid');\r
-               \r
+\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                $blog =& $manager->getBlog($blogid);\r
-               \r
+\r
                $notify                 = trim(postVar('notify'));\r
                $shortname              = trim(postVar('shortname'));\r
                $updatefile             = trim(postVar('update'));\r
-               \r
+\r
                $notifyComment  = intPostVar('notifyComment');\r
                $notifyVote             = intPostVar('notifyVote');\r
-               $notifyNewItem  = intPostVar('notifyNewItem');          \r
-               \r
+               $notifyNewItem  = intPostVar('notifyNewItem');\r
+\r
                if ($notifyComment == 0)        $notifyComment = 1;\r
-               if ($notifyVote == 0)           $notifyVote = 1;                \r
-               if ($notifyNewItem == 0)        $notifyNewItem = 1;             \r
-               \r
+               if ($notifyVote == 0)           $notifyVote = 1;\r
+               if ($notifyNewItem == 0)        $notifyNewItem = 1;\r
+\r
                $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
-               \r
-               \r
+\r
+\r
                if ($notify) {\r
-                       $not = new NOTIFICATION($notify);\r
+                       $not =& new NOTIFICATION($notify);\r
                        if (!$not->validAddresses())\r
                                $this->error(_ERROR_BADNOTIFY);\r
-                       \r
+\r
                }\r
-                       \r
+\r
                if (!isValidShortName($shortname))\r
                        $this->error(_ERROR_BADSHORTBLOGNAME);\r
-                       \r
+\r
                if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))\r
                        $this->error(_ERROR_DUPSHORTBLOGNAME);\r
-                       \r
+\r
                // check if update file is writable\r
                if ($updatefile && !is_writeable($updatefile))\r
                        $this->error(_ERROR_UPDATEFILE);\r
@@ -2548,7 +2768,7 @@ class ADMIN {
                $blog->setName(trim(postVar('name')));\r
                $blog->setShortName($shortname);\r
                $blog->setNotifyAddress($notify);\r
-               $blog->setNotifyType($notifyType);              \r
+               $blog->setNotifyType($notifyType);\r
                $blog->setMaxComments(postVar('maxcomments'));\r
                $blog->setCommentsEnabled(postVar('comments'));\r
                $blog->setTimeOffset(postVar('timeoffset'));\r
@@ -2559,63 +2779,64 @@ class ADMIN {
                $blog->setPublic(postVar('public'));\r
                $blog->setPingUserland(postVar('pinguserland'));\r
                $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
-               $blog->setAllowPastPosting(intPostVar('allowpastposting'));             \r
+               $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
                $blog->setDefaultCategory(intPostVar('defcat'));\r
                $blog->setSearchable(intPostVar('searchable'));\r
 \r
                $blog->writeSettings();\r
-               \r
+\r
                // store plugin options\r
                $aOptions = requestArray('plugoption');\r
                NucleusPlugin::_applyPluginOptions($aOptions);\r
-               $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));          \r
-               \r
-               \r
+               $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));\r
+\r
+\r
                $this->action_overview(_MSG_SETTINGSCHANGED);\r
        }\r
-       \r
+\r
        function action_deleteblog() {\r
                global $member, $CONF, $manager;\r
-               \r
-               $blogid = intRequestVar('blogid');              \r
-               \r
+\r
+               $blogid = intRequestVar('blogid');\r
+\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
                // check if blog is default blog\r
                if ($CONF['DefaultBlog'] == $blogid)\r
                        $this->error(_ERROR_DELDEFBLOG);\r
-                       \r
+\r
                $blog =& $manager->getBlog($blogid);\r
-               \r
+\r
                $this->pagehead();\r
                ?>\r
                        <h2><?php echo _DELETE_CONFIRM?></h2>\r
-                       \r
+\r
                        <p><?php echo _WARNINGTXT_BLOGDEL?>\r
                        </p>\r
-                       \r
+\r
                        <div>\r
                        <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>\r
                        </div>\r
-                       \r
+\r
                        <form method="post" action="index.php"><div>\r
                        <input type="hidden" name="action" value="deleteblogconfirm" />\r
+                       <?php $manager->addTicketHidden() ?>\r
                        <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
                        <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_deleteblogconfirm() {\r
                global $member, $CONF, $manager;\r
-               \r
-               $blogid = intRequestVar('blogid');              \r
-               \r
-               $manager->notify('PreDeleteBlog', array('blogid' => $blogid));                          \r
-               \r
+\r
+               $blogid = intRequestVar('blogid');\r
+\r
+               $manager->notify('PreDeleteBlog', array('blogid' => $blogid));\r
+\r
                $member->blogAdminRights($blogid) or $this->disallow();\r
-               \r
+\r
                // check if blog is default blog\r
                if ($CONF['DefaultBlog'] == $blogid)\r
                        $this->error(_ERROR_DELDEFBLOG);\r
@@ -2624,143 +2845,151 @@ class ADMIN {
                $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;\r
                sql_query($query);\r
 \r
-               // delete all items             \r
+               // delete all items\r
                $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;\r
                sql_query($query);\r
-               \r
+\r
                // delete all team members\r
                $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;\r
                sql_query($query);\r
-               \r
+\r
                // delete all bans\r
                $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;\r
                sql_query($query);\r
-               \r
+\r
                // delete all categories\r
                $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;\r
                sql_query($query);\r
-               \r
+\r
                // delete all associated plugin options\r
                NucleusPlugin::_deleteOptionValues('blog', $blogid);\r
-               \r
+\r
                // delete the blog itself\r
                $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;\r
                sql_query($query);\r
-               \r
-               $manager->notify('PostDeleteBlog', array('blogid' => $blogid));                                         \r
-               \r
+\r
+               $manager->notify('PostDeleteBlog', array('blogid' => $blogid));\r
+\r
                $this->action_overview(_DELETED_BLOG);\r
        }\r
-       \r
+\r
        function action_memberdelete() {\r
-               global $member;\r
-               \r
+               global $member, $manager;\r
+\r
                $memberid = intRequestVar('memberid');\r
-       \r
+\r
                ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
-               \r
+\r
                $mem = MEMBER::createFromID($memberid);\r
-               \r
+\r
                $this->pagehead();\r
                ?>\r
                        <h2><?php echo _DELETE_CONFIRM?></h2>\r
-                       \r
+\r
                        <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo  $mem->getDisplayName() ?></b>\r
                        </p>\r
-                       \r
+\r
                        <p>\r
                        Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)\r
                        </p>\r
-                       \r
+\r
                        <form method="post" action="index.php"><div>\r
                        <input type="hidden" name="action" value="memberdeleteconfirm" />\r
+                       <?php $manager->addTicketHidden() ?>\r
                        <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
                        <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
                        </div></form>\r
-               <?php           \r
+               <?php\r
                $this->pagefoot();\r
        }\r
-       \r
+\r
        function action_memberdeleteconfirm() {\r
                global $member;\r
-               \r
-               $memberid = intRequestVar('memberid');          \r
-               \r
+\r
+               $memberid = intRequestVar('memberid');\r
+\r
                ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
-               \r
+\r
                $error = $this->deleteOneMember($memberid);\r
                if ($error)\r
                        $this->error($error);\r
-               \r
+\r
                if ($member->isAdmin())\r
                        $this->action_usermanagement();\r
                else\r
                        $this->action_overview(_DELETED_MEMBER);\r
-       }       \r
-       \r
+       }\r
+\r
+       // (static)\r
        function deleteOneMember($memberid) {\r
                global $manager;\r
-               \r
+\r
                $memberid = intval($memberid);\r
                $mem = MEMBER::createFromID($memberid);\r
-               \r
-               if (!$mem->canBeDeleted()) \r
-                       return _ERROR_DELETEMEMBER;     \r
 \r
-               $manager->notify('PreDeleteMember', array('member' => &$mem));                          \r
-               \r
+               if (!$mem->canBeDeleted())\r
+                       return _ERROR_DELETEMEMBER;\r
+\r
+               $manager->notify('PreDeleteMember', array('member' => &$mem));\r
+\r
                $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;\r
                sql_query($query);\r
 \r
                $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;\r
-               sql_query($query);      \r
-               \r
+               sql_query($query);\r
+\r
+               $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;\r
+               sql_query($query);\r
+\r
                // delete all associated plugin options\r
                NucleusPlugin::_deleteOptionValues('member', $memberid);\r
-               \r
-               $manager->notify('PostDeleteMember', array('member' => &$mem));                                         \r
-               \r
+\r
+               $manager->notify('PostDeleteMember', array('member' => &$mem));\r
+\r
                return '';\r
        }\r
-       \r
+\r
        function action_createnewlog() {\r
-               global $member, $CONF;\r
-               \r
+               global $member, $CONF, $manager;\r
+\r
                // Only Super-Admins can do this\r
                $member->isAdmin() or $this->disallow();\r
-               \r
+\r
                $this->pagehead();\r
 \r
                echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
                ?>\r
                <h2><?php echo _EBLOG_CREATE_TITLE?></h2>\r
-               \r
+\r
                <h3>注意事項</h3>\r
-               \r
+\r
                <p>作成にあたって、下記の<strong>注意事項</strong> をまずお読み下さい</p>\r
-               \r
+\r
                <p>新しいweblogを作成した後に、このblogにアクセスするための方法を紹介しておきます。方法は2つあります:</p>\r
-               \r
+\r
                <ol>\r
-                       <li><strong>簡単な方法:</strong> <code>index.php</code>の複製を作り、新しいblogを表示するように変更を加えます。 この変更の詳細は、作成後に表示されます。Further instructions on how to do this will be provided after you've submitted this first form.</li>\r
+                       <li><strong>簡単な方法:</strong> <code>index.php</code>の複製を作り、新しいblogを表示するように変更を加えます。 この変更の詳細は、作成後に表示されます。</li>\r
                        <li><strong>高度な方法:</strong> 現在のblogで使用しているスキンに<code>otherblog</code>というコードを使った記述を加えます。この方法では、同じページ内で複数のblogを展開することが可能となります。</li>\r
                </ol>\r
-               \r
+\r
                <h3>Weblogの作成</h3>