From: kimitake Date: Sat, 12 Mar 2005 06:19:07 +0000 (+0000) Subject: merged 3.2 original code X-Git-Tag: release-3-2-b2~53 X-Git-Url: http://git.sourceforge.jp/view?p=nucleus-jp%2Fnucleus-jp-ancient.git;a=commitdiff_plain;h=02ef663776459a9704a30f1a15a21f814f7d6239 merged 3.2 original code git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/nucleus-jp/trunk@32 1ca29b6e-896d-4ea0-84a5-967f57386b96 --- diff --git a/utf8/action.php b/utf8/action.php index f027ae3..de6628e 100755 --- a/utf8/action.php +++ b/utf8/action.php @@ -1,7 +1,7 @@ getBlog($blogid); - - // note: PreAddComment and PostAddComment gets called somewhere inside addComment - $errormessage = $comments->addComment($blog->getCorrectTime(),$post); - - if ($errormessage == '1') { - // redirect when adding comments succeeded - if (postVar('url')) { - redirect(postVar('url')); - } else { - $url = createItemLink($post['itemid']); - redirect($url); - } - } else { - // else, show error message using default skin for blog - doError($errormessage, new SKIN($blog->getDefaultSkin())); - } -} - -// Sends a message from the current member to the member given as argument -function sendMessage() { - global $CONF, $member; - - $error = validateMessage(); - if ($error != '') - doError($error); - - if (!$member->isLoggedIn()) { - $fromMail = postVar('frommail'); - if (!isValidMailAddress($fromMail)) - doError(_ERROR_BADMAILADDRESS); - $fromName = _MMAIL_FROMANON; - } else { - $fromMail = $member->getEmail(); - $fromName = $member->getDisplayName(); - } - - $tomem = new MEMBER(); - $tomem->readFromId(postVar('memberid')); - - $message = _MMAIL_MSG . ' ' . $fromName . "\n" - . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n" - . _MMAIL_MAIL . " \n\n" - . postVar('message'); - $message .= getMailFooter(); - - $title = _MMAIL_TITLE . ' ' . $fromName; -// mail($tomem->getEmail(), $title, $message, 'From: '. $fromMail); - mb_language('ja'); - mb_internal_encoding(_CHARSET); - @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail); - - if (postVar('url')) { - redirect(postVar('url')); - } else { - $CONF['MemberURL'] = $CONF['IndexURL']; - if ($CONF['URLMode'] == 'pathinfo') - $url = createMemberLink($tomem->getID()); - else - $url = $CONF['IndexURL'] . createMemberLink($tomem->getID()); - redirect($url); - } - -} - - function validateMessage() { - global $CONF, $member, $manager; - - if (!$CONF['AllowMemberMail']) - return _ERROR_MEMBERMAILDISABLED; - - if (!$member->isLoggedIn() && !$CONF['NonmemberMail']) - return _ERROR_DISALLOWED; - - if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail')))) - return _ERROR_BADMAILADDRESS; - - // let plugins do verification (any plugin which thinks the comment is invalid - // can change 'error' to something other than '') - $result = ''; - $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result)); - - return $result; - - } - - -// creates a new user account -function createAccount() { - global $CONF, $manager; - - if (!$CONF['AllowMemberCreate']) - doError(_ERROR_MEMBERCREATEDISABLED); - - // create random password - $pw = genPassword(10); - // create member (non admin/can login/no notes) - $r = MEMBER::create(postVar('name'), postVar('realname'), $pw, postVar('email'), postVar('url'), 0, $CONF['NewMemberCanLogon'], ''); - if ($r != 1) - doError($r); - // send message containing password. - $newmem = new MEMBER(); - $newmem->readFromName(postVar('name')); - $newmem->sendPassword($pw); - $manager->notify('PostRegister',array('member' => &$newmem)); +$a =& new ACTION(); +$errorInfo = $a->doAction($action); - if (postVar('desturl')) { - redirect(postVar('desturl')); - } else { - header ("Content-Type: text/html; charset="._CHARSET); - echo _MSG_ACCOUNTCREATED; - } +if ($errorInfo) +{ + doError($errorInfo['message'], new SKIN($errorInfo['skinid'])); } -// sends a new password -function forgotPassword() { - $membername = trim(postVar('name')); - - if (!MEMBER::exists($membername)) - doError(_ERROR_NOSUCHMEMBER); - $mem = MEMBER::createFromName($membername); - - // check if e-mail address is correct - if (!($mem->getEmail() == postVar('email'))) - doError(_ERROR_INCORRECTEMAIL); - - $pw = genPassword(10); - $mem->setPassword($pw); // change password - $mem->write(); // save - $mem->sendPassword($pw);// send - - if (postVar('url')) { - redirect(postVar('url')); - } else { - header ("Content-Type: text/html; charset="._CHARSET); - echo _MSG_PASSWORDSENT; - } -} - -// handle karma votes -function doKarma($type) { - global $itemid, $member, $CONF, $manager; - - // check if itemid exists - if (!$manager->existsItem($itemid,0,0)) - doError(_ERROR_NOSUCHITEM); - - $blogid = getBlogIDFromItemID($itemid); - checkban($blogid); - - $karma =& $manager->getKarma($itemid); - - // check if not already voted - if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) - doError(_ERROR_VOTEDBEFORE); - - // check if item does allow voting - $item =& $manager->getItem($itemid,0,0); - if ($item['closed']) - doError(_ERROR_ITEMCLOSED); - - switch($type) { - case 'pos': - $karma->votePositive(); - break; - case 'neg': - $karma->voteNegative(); - break; - } - - $blogid = getBlogIDFromItemID($itemid); - $blog =& $manager->getBlog($blogid); - - // send email to notification address, if any - if ($blog->getNotifyAddress() && $blog->notifyOnVote()) { - - $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n"; - $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n"; - if ($member->isLoggedIn()) { - $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; - } - $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n"; - $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n"; - $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n"; - $mailto_msg .= getMailFooter(); - - $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')'; - - $frommail = $member->getNotifyFromMailAddress(); - - $notify = new NOTIFICATION($blog->getNotifyAddress()); - $notify->notify($mailto_title, $mailto_msg , $frommail); - } - - - $refererUrl = serverVar('HTTP_REFERER'); - if ($refererUrl) - $url = $refererUrl; - else - $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid; - - redirect($url); -} - -/** - * Calls a plugin action - */ -function callPlugin() { - global $manager; - - $pluginName = 'NP_' . requestVar('name'); - $actionType = requestVar('type'); - - // 1: check if plugin is installed - if (!$manager->pluginInstalled($pluginName)) - doError(_ERROR_NOSUCHPLUGIN); - - // 2: call plugin - $pluginObject =& $manager->getPlugin($pluginName); - if ($pluginObject) - $error = $pluginObject->doAction($actionType); - else - $error = 'Could not load plugin (see actionlog)'; - - // doAction returns error when: - // - an error occurred (duh) - // - no actions are allowed (doAction is not implemented) - if ($error) - doError($error); - -} - -function checkban($blogid) { - // check if banned - $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR')); - if ($ban != 0) { - doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3); - } - -} - - - -?> +?> \ No newline at end of file diff --git a/utf8/atom.php b/utf8/atom.php index 7d569b2..1dbe816 100755 --- a/utf8/atom.php +++ b/utf8/atom.php @@ -2,7 +2,7 @@ /** * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2004 The Nucleus Group + * Copyright (C) 2002-2005 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/utf8/nucleus/bookmarklet.php b/utf8/nucleus/bookmarklet.php index 15e9fde..13c44fe 100755 --- a/utf8/nucleus/bookmarklet.php +++ b/utf8/nucleus/bookmarklet.php @@ -1,7 +1,7 @@ checkTicket()) + bm_doError(_ERROR_BADTICKET); +} + + // find out what to do switch ($action) { case 'additem': @@ -61,7 +74,7 @@ switch ($action) { } function bm_doAddItem() { - global $member, $manager; + global $member, $manager, $CONF; $manager->loadClass('ITEM'); $result = ITEM::createFromRequest(); @@ -77,7 +90,8 @@ function bm_doAddItem() { $extrahead = ''; } elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland()) { $message = 'アイテムの追加に成功しました。現在weblogs.comにpingを送っています。しばらくの間お待ちください...'; - $extrahead = ''; + $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid)); + $extrahead = ''; } else { $message = _ITEM_ADDED; $extrahead = ''; @@ -310,4 +324,4 @@ function toUtf8($ar){ return $c; } -?> \ No newline at end of file +?> diff --git a/utf8/nucleus/forgotpassword.html b/utf8/nucleus/forgotpassword.html index 6e505cb..c1f7a90 100755 --- a/utf8/nucleus/forgotpassword.html +++ b/utf8/nucleus/forgotpassword.html @@ -18,7 +18,7 @@

パスワードを忘れましたか?

- 以下にユーザー名とメールアドレスを入力してください。あたらしいパスワードがメールで送信されます。 + 以下にユーザー名とメールアドレスを入力してください。新しいパスワードを選択するページへのリンクの入ったメールが送信されます。

@@ -32,7 +32,7 @@

- +

@@ -41,7 +41,7 @@

- Nucleus © 2002-2005 The Nucleus Group + Nucleus © 2001-2005 The Nucleus Group
diff --git a/utf8/nucleus/forms/additemform.template b/utf8/nucleus/forms/additemform.template index 5c9e276..5c671f3 100755 --- a/utf8/nucleus/forms/additemform.template +++ b/utf8/nucleus/forms/additemform.template @@ -24,5 +24,6 @@ onkeypress="shortCuts();" >
[ctrl+shift+A] = Link, [ctrl+shift+B] = Bold, [ctrl+shift+I] = Italic, [ctrl+shift+M] = Insert Media. + <%callback(FormExtra,additemform)%> \ No newline at end of file diff --git a/utf8/nucleus/forms/commentform-loggedin.template b/utf8/nucleus/forms/commentform-loggedin.template index 042dcaf..89dfa4a 100755 --- a/utf8/nucleus/forms/commentform-loggedin.template +++ b/utf8/nucleus/forms/commentform-loggedin.template @@ -1,15 +1,19 @@ -
+ +
+ <%errordiv%> + :
- +
<%text(_COMMENTFORM_YOUARE)%> <%formdata(membername)%> (<%text(_LOGOUT)%>)
+ <%callback(FormExtra,commentform-loggedin)%>
\ No newline at end of file diff --git a/utf8/nucleus/forms/commentform-notloggedin.template b/utf8/nucleus/forms/commentform-notloggedin.template index 00f5ee2..617eb0e 100755 --- a/utf8/nucleus/forms/commentform-notloggedin.template +++ b/utf8/nucleus/forms/commentform-notloggedin.template @@ -1,15 +1,22 @@ -
+ +
+ + <%errordiv%> + :
- +
:
: + + <%callback(FormExtra,commentform-notloggedin)%> +
/>
diff --git a/utf8/nucleus/forms/membermailform-loggedin.template b/utf8/nucleus/forms/membermailform-loggedin.template index 909308f..12e51ee 100755 --- a/utf8/nucleus/forms/membermailform-loggedin.template +++ b/utf8/nucleus/forms/membermailform-loggedin.template @@ -1,12 +1,19 @@ - + +
+ <%errordiv%> + - + + + <%callback(FormExtra,membermailform-loggedin)%> +
+
diff --git a/utf8/nucleus/forms/membermailform-notloggedin.template b/utf8/nucleus/forms/membermailform-notloggedin.template index 5073a6f..ba73ca3 100755 --- a/utf8/nucleus/forms/membermailform-notloggedin.template +++ b/utf8/nucleus/forms/membermailform-notloggedin.template @@ -1,13 +1,19 @@ -
+ +
+ <%errordiv%> + - +
- <%text(_MEMBERMAIL_MAIL)%> + <%text(_MEMBERMAIL_MAIL)%> + + <%callback(FormExtra,membermailform-notloggedin)%> +
diff --git a/utf8/nucleus/forms/nucleusbutton.template b/utf8/nucleus/forms/nucleusbutton.template index 2da4197..dbda482 100755 --- a/utf8/nucleus/forms/nucleusbutton.template +++ b/utf8/nucleus/forms/nucleusbutton.template @@ -1,3 +1,3 @@
-Powered by Nucleus +Powered by Nucleus CMS
diff --git a/utf8/nucleus/index.php b/utf8/nucleus/index.php index 9ba1101..7efc256 100755 --- a/utf8/nucleus/index.php +++ b/utf8/nucleus/index.php @@ -1,13 +1,16 @@ isLoggedIn() || ($action == 'logout')) { - $HTTP_POST_VARS['oldaction'] = $action; // see ADMIN::login() - $_POST['oldaction'] = $action; - $action = "showlogin"; - } + $bNeedsLogin = false; + $bIsActivation = in_array($action, array('activate', 'activatesetpwd')); + + if ($action == 'logout') + $bNeedsLogin = true; + + if (!$member->isLoggedIn() && !$bIsActivation) + $bNeedsLogin = true; // show error if member cannot login to admin - if ($member->isLoggedIn() && !$member->canLogin()) { + if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) { $error = _ERROR_LOGINDISALLOWED; - $HTTP_POST_VARS['oldaction'] = $action; // see ADMIN::login() - $_POST['oldaction'] = $action; - $action = "showlogin"; - + $bNeedsLogin = true; + } + + if ($bNeedsLogin) + { + setOldAction($action); // see ADMIN::login() (sets old action in POST vars) + $action = 'showlogin'; } sendContentType('application/xhtml+xml', 'admin-' . $action); $admin = new ADMIN(); $admin->action($action); -?> \ No newline at end of file +?> diff --git a/utf8/nucleus/javascript/admin.js b/utf8/nucleus/javascript/admin.js index e56695b..2001194 100755 --- a/utf8/nucleus/javascript/admin.js +++ b/utf8/nucleus/javascript/admin.js @@ -1,3 +1,19 @@ +/** + * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) + * Copyright (C) 2002-2005 The Nucleus Group + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * (see nucleus/documentation/index.html#license for more info) + * + * Some JavaScript code for the admin area + * + * $Id: admin.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $ + * $NucleusJP$ + */ + function help(url) { popup = window.open(url,'helpwindow','status=no,toolbar=yes,scrollbars=yes,resizable=yes,width=500,height=500,top=0,left=0'); if (popup.focus) popup.focus(); diff --git a/utf8/nucleus/javascript/bookmarklet.js b/utf8/nucleus/javascript/bookmarklet.js index e5b23db..09c9abb 100755 --- a/utf8/nucleus/javascript/bookmarklet.js +++ b/utf8/nucleus/javascript/bookmarklet.js @@ -1,6 +1,6 @@ /** * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2004 The Nucleus Group + * Copyright (C) 2002-2005 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -9,6 +9,9 @@ * (see nucleus/documentation/index.html#license for more info) * * Some JavaScript code for the bookmarklets + * + * $Id: bookmarklet.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $ + * $NucleusJP$ */ /** diff --git a/utf8/nucleus/javascript/compatibility.js b/utf8/nucleus/javascript/compatibility.js index 1844d43..809850b 100755 --- a/utf8/nucleus/javascript/compatibility.js +++ b/utf8/nucleus/javascript/compatibility.js @@ -1,6 +1,6 @@ /** * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2004 The Nucleus Group + * Copyright (C) 2002-2005 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -17,6 +17,9 @@ * - Use createElement() instead of document.createElement() * * That's basically it :) + * + * $Id: compatibility.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $ + * $NucleusJP$ */ // to get the script working when page is sent as application/xhtml+xml diff --git a/utf8/nucleus/javascript/edit.js b/utf8/nucleus/javascript/edit.js index 945e02f..7c66a3e 100755 --- a/utf8/nucleus/javascript/edit.js +++ b/utf8/nucleus/javascript/edit.js @@ -1,6 +1,6 @@ /** * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2004 The Nucleus Group + * Copyright (C) 2002-2005 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -10,6 +10,9 @@ * * This file contains functions to allow adding items from inside the weblog. * Also contains code to avoid submitting form data twice. + * + * $Id: edit.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $ + * $NucleusJP$ */ var nucleusConvertBreaks = true; diff --git a/utf8/nucleus/javascript/numbercheck.js b/utf8/nucleus/javascript/numbercheck.js index c93a316..6374511 100755 --- a/utf8/nucleus/javascript/numbercheck.js +++ b/utf8/nucleus/javascript/numbercheck.js @@ -1,6 +1,6 @@ /** * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2004 The Nucleus Group + * Copyright (C) 2002-2005 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -11,7 +11,8 @@ * script the check (on the clientside) if a entered value * is a valid number and remove the invalid chars * - * $Id: numbercheck.js,v 1.1.1.1 2005-02-28 07:14:41 kimitake Exp $ + * $Id: numbercheck.js,v 1.2 2005-03-12 06:19:04 kimitake Exp $ + * $NucleusJP$ */ function checkNumeric(f) diff --git a/utf8/nucleus/javascript/opennew.js b/utf8/nucleus/javascript/opennew.js index be64f60..a765404 100755 --- a/utf8/nucleus/javascript/opennew.js +++ b/utf8/nucleus/javascript/opennew.js @@ -1,6 +1,6 @@ /* * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2004 The Nucleus Group + * Copyright (C) 2002-2005 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -8,6 +8,9 @@ * of the License, or (at your option) any later version. * (see nucleus/documentation/index.html#license for more info) * + * $Id: opennew.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $ + * $NucleusJP$ + * * JavaScript to open non-local links in a new window. * * How to use: @@ -57,4 +60,4 @@ function setOpenNewWindow(newWin) { document.links[i].target = to; } } -} \ No newline at end of file +} diff --git a/utf8/nucleus/javascript/templateEdit.js b/utf8/nucleus/javascript/templateEdit.js index 2e2bedf..187417e 100755 --- a/utf8/nucleus/javascript/templateEdit.js +++ b/utf8/nucleus/javascript/templateEdit.js @@ -1,6 +1,6 @@ /** * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2004 The Nucleus Group + * Copyright (C) 2002-2005 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -11,6 +11,9 @@ * Javascript code to hide empty textareas when editing templates. * * @require compatibility.js + * + * $Id: templateEdit.js,v 1.3 2005-03-12 06:19:04 kimitake Exp $ + * $NucleusJP$ */ var amountOfFields = 1; @@ -61,4 +64,4 @@ function makeVisible(i) { return false; } -window.onload = hideUnused; \ No newline at end of file +window.onload = hideUnused; diff --git a/utf8/nucleus/language/english.php b/utf8/nucleus/language/english.php index c7595df..e7db22a 100755 --- a/utf8/nucleus/language/english.php +++ b/utf8/nucleus/language/english.php @@ -1,16 +1,130 @@ ,\n\nYou need to activate your account at <%siteName%> (<%siteUrl%>).\nYou can do this by visiting the link below: \n\n\t<%activationUrl%>\n\nYou have 2 days to do this. After this, the activation link becomes invalid."); +define('_ACTIVATE_REGISTER_MAILTITLE', "Activate your '<%memberName%>' account"); +define('_ACTIVATE_REGISTER_TITLE', 'Welcome <%memberName%>'); +define('_ACTIVATE_REGISTER_TEXT', 'You\'re almost there. Please choose a password for your account below.'); +define('_ACTIVATE_FORGOT_MAIL', "Hi <%memberName%>,\n\nUsing the link below, you can choose a new password for your account at <%siteName%> (<%siteUrl%>) by choosing a new password.\n\n\t<%activationUrl%>\n\nYou have 2 days to do this. After this, the activation link becomes invalid."); +define('_ACTIVATE_FORGOT_MAILTITLE',"Re-activate your '<%memberName%>' account"); +define('_ACTIVATE_FORGOT_TITLE', 'Welcome <%memberName%>'); +define('_ACTIVATE_FORGOT_TEXT', 'You can choose a new password for your account below:'); +define('_ACTIVATE_CHANGE_MAIL', "Hi <%memberName%>,\n\nSince your e-mail address has changed, you'll need to re-activate your account at <%siteName%> (<%siteUrl%>).\nYou can do this by visiting the link below: \n\n\t<%activationUrl%>\n\nYou have 2 days to do this. After this, the activation link becomes invalid."); +define('_ACTIVATE_CHANGE_MAILTITLE',"Re-activate your '<%memberName%>' account"); +define('_ACTIVATE_CHANGE_TITLE', 'Welcome <%memberName%>'); +define('_ACTIVATE_CHANGE_TEXT', 'Your address change has been verified. Thanks!'); +define('_ACTIVATE_SUCCESS_TITLE', 'Activation Succeeded'); +define('_ACTIVATE_SUCCESS_TEXT', 'Your account has been successfully activated.'); +define('_MEMBERS_SETPWD', 'Set Password'); +define('_MEMBERS_SETPWD_BTN', 'Set Password'); +define('_QMENU_ACTIVATE', 'Account Activation'); +define('_QMENU_ACTIVATE_TEXT', '

After you have activated your account, you can start using it by logging in.

'); + +define('_PLUGS_BTN_UPDATE', 'Update subscription list'); + +// global settings +define('_SETTINGS_JSTOOLBAR', 'Javascript Toolbar Style'); +define('_SETTINGS_JSTOOLBAR_FULL', 'Full Toolbar (IE)'); +define('_SETTINGS_JSTOOLBAR_SIMPLE','Simple Toolbar (Non-IE)'); +define('_SETTINGS_JSTOOLBAR_NONE', 'Disable Toolbar'); +define('_SETTINGS_URLMODE_HELP', '(Info: How to activate fancy URLs)'); + +// extra plugin settings part when editing categories/members/blogs/... +define('_PLUGINS_EXTRA', 'Extra Plugin Settings'); + +// itemlist info column keys +define('_LIST_ITEM_BLOG', 'blog:'); +define('_LIST_ITEM_CAT', 'cat:'); +define('_LIST_ITEM_AUTHOR', 'author:'); +define('_LIST_ITEM_DATE', 'date:'); +define('_LIST_ITEM_TIME', 'time:'); + +// indication of registered members in comments list +define('_LIST_COMMENTS_MEMBER', '(member)'); + +// batch operations +define('_BATCH_WITH_SEL', 'With selected:'); +define('_BATCH_EXEC', 'Execute'); + +// quickmenu +define('_QMENU_HOME', 'Home'); +define('_QMENU_ADD', 'Add Item'); +define('_QMENU_ADD_SELECT', '-- select --'); +define('_QMENU_USER_SETTINGS', 'Settings'); +define('_QMENU_USER_ITEMS', 'Items'); +define('_QMENU_USER_COMMENTS', 'Comments'); +define('_QMENU_MANAGE', 'Management'); +define('_QMENU_MANAGE_LOG', 'Action Log'); +define('_QMENU_MANAGE_SETTINGS', 'Global Settings'); +define('_QMENU_MANAGE_MEMBERS', 'Members'); +define('_QMENU_MANAGE_NEWBLOG', 'New Weblog'); +define('_QMENU_MANAGE_BACKUPS', 'Backups'); +define('_QMENU_MANAGE_PLUGINS', 'Plugins'); +define('_QMENU_LAYOUT', 'Layout'); +define('_QMENU_LAYOUT_SKINS', 'Skins'); +define('_QMENU_LAYOUT_TEMPL', 'Templates'); +define('_QMENU_LAYOUT_IEXPORT', 'Import/Export'); +define('_QMENU_PLUGINS', 'Plugins'); + +// quickmenu on logon screen +define('_QMENU_INTRO', 'Introduction'); +define('_QMENU_INTRO_TEXT', '

This is the logon screen for Nucleus CMS, the content management system that\'s being used to maintain this website.

If you have an account, you can log on and start posting new items.

'); + +// helppages for plugins +define('_ERROR_PLUGNOHELPFILE', 'The helpfile for this plugin can not be found'); +define('_PLUGS_HELP_TITLE', 'Helppage for plugin'); +define('_LIST_PLUGS_HELP', 'help'); + + +// END changed/started after 3.1 // START changed/added after v2.5beta START @@ -301,7 +415,7 @@ define('_BACKTOMANAGE', 'Back to Nucleus management'); -// charset to use +// charset to use define('_CHARSET', 'iso-8859-1'); // global stuff @@ -496,8 +610,8 @@ define('_UPLOAD_MSG', 'Select the file you want to upload below, and hit the define('_UPLOAD_BUTTON', 'Upload'); // some status messages -define('_MSG_ACCOUNTCREATED', 'Account created, password will be sent through email'); -define('_MSG_PASSWORDSENT', 'Password has been sent by e-mail.'); +//define('_MSG_ACCOUNTCREATED', 'Account created, password will be sent through email'); +//define('_MSG_PASSWORDSENT', 'Password has been sent by e-mail.'); define('_MSG_LOGINAGAIN', 'You\'ll need to login again, because your info changed'); define('_MSG_SETTINGSCHANGED', 'Settings Changed'); define('_MSG_ADMINCHANGED', 'Admin Changed'); @@ -765,7 +879,7 @@ define('_OVERVIEW_SKINS', 'Edit Skins...'); define('_OVERVIEW_BACKUP', 'Backup/Restore...'); // ITEMLIST -define('_ITEMLIST_BLOG', 'Items for blog'); +define('_ITEMLIST_BLOG', 'Items for blog'); define('_ITEMLIST_YOUR', 'Your items'); // Comments @@ -795,7 +909,7 @@ define('_LISTS_COMMENTS', 'Comments'); define('_LISTS_TYPE', 'Type'); -// member list +// member list define('_LIST_MEMBER_NAME', 'Display Name'); define('_LIST_MEMBER_RNAME', 'Real Name'); define('_LIST_MEMBER_ADMIN', 'Super-admin? '); @@ -838,4 +952,4 @@ define('_EDITC_NONMEMBER', 'non member'); define('_MOVE_TITLE', 'Move to which blog?'); define('_MOVE_BTN', 'Move Item'); -?> \ No newline at end of file +?> diff --git a/utf8/nucleus/language/japanese-utf8.php b/utf8/nucleus/language/japanese-utf8.php index 5844e15..a3f9491 100755 --- a/utf8/nucleus/language/japanese-utf8.php +++ b/utf8/nucleus/language/japanese-utf8.php @@ -3,7 +3,7 @@ // // Author: chrome (chrome@cgi.no-ip.org) // Modified by: Osamu Higuchi (osamu@higuchi.com) -// Nucleus version: v1.0-v3.1 +// Nucleus version: v1.0-v3.2 // // Please note: if you want to translate this file to your own language, be aware // that in a next Nucleus version, new variables might be added and some other ones @@ -18,6 +18,13 @@ // ファイル名を japanese.php に変更してから、Nucleus の language ディレクトリに // 置いてください。 +// START changed/added after 3.15 START + +define('_LIST_PLUG_SUBS_NEEDUPDATE','Please use the \'Update Subscription list\'-button to update the plugin\'s subscription list.'); +define('_LIST_PLUGS_DEP', 'Plugin(s) requires:'); + +// END changed/added after 3.15 + // START changed/added after 3.1 START // comments list per weblog @@ -608,8 +615,8 @@ define('_UPLOAD_MSG', 'アップロードするファイルを選択して、 define('_UPLOAD_BUTTON', 'アップロード'); // some status messages -define('_MSG_ACCOUNTCREATED', 'アカウントが作成されました。パスワードがメールで送信されます'); -define('_MSG_PASSWORDSENT', 'パスワードがメールで送信されました。'); +//define('_MSG_ACCOUNTCREATED', 'アカウントが作成されました。パスワードがメールで送信されます'); +//define('_MSG_PASSWORDSENT', 'パスワードがメールで送信されました。'); define('_MSG_LOGINAGAIN', 'あなたの情報が変更された為、ログインしなおす必要があります'); define('_MSG_SETTINGSCHANGED', '設定が変更されました'); define('_MSG_ADMINCHANGED', '管理者権限 が変更されました'); diff --git a/utf8/nucleus/libs/ACTION.php b/utf8/nucleus/libs/ACTION.php index ddbdc7d..1d5cadd 100755 --- a/utf8/nucleus/libs/ACTION.php +++ b/utf8/nucleus/libs/ACTION.php @@ -1,331 +1,334 @@ -addComment(); - break; - case 'sendmessage': - return $this->sendMessage(); - break; - case 'createaccount': - return $this->createAccount(); - break; - case 'forgotpassword': - return $this->forgotPassword(); - break; - case 'votepositive': - return $this->doKarma('pos'); - break; - case 'votenegative': - return $this->doKarma('neg'); - break; - case 'plugin': - return $this->callPlugin(); - break; - default: - doError(_ERROR_BADACTION); - } - } - - function addComment() { - global $CONF, $errormessage, $manager; - - $post['itemid'] = intPostVar('itemid'); - $post['user'] = postVar('user'); - $post['userid'] = postVar('userid'); - $post['body'] = postVar('body'); - - // set cookies when required - $remember = intPostVar('remember'); - if ($remember == 1) { - $lifetime = time()+2592000; - setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0); - setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0); - } - - $comments = new COMMENTS($post['itemid']); - - $blogid = getBlogIDFromItemID($post['itemid']); - $this->checkban($blogid); - $blog =& $manager->getBlog($blogid); - - // note: PreAddComment and PostAddComment gets called somewhere inside addComment - $errormessage = $comments->addComment($blog->getCorrectTime(),$post); - - if ($errormessage == '1') { - // redirect when adding comments succeeded - if (postVar('url')) { +addComment(); + break; + case 'sendmessage': + return $this->sendMessage(); + break; + case 'createaccount': + return $this->createAccount(); + break; + case 'forgotpassword': + return $this->forgotPassword(); + break; + case 'votepositive': + return $this->doKarma('pos'); + break; + case 'votenegative': + return $this->doKarma('neg'); + break; + case 'plugin': + return $this->callPlugin(); + break; + default: + doError(_ERROR_BADACTION); + } + } + + function addComment() { + global $CONF, $errormessage, $manager; + + $post['itemid'] = intPostVar('itemid'); + $post['user'] = postVar('user'); + $post['userid'] = postVar('userid'); + $post['body'] = postVar('body'); + + // set cookies when required + $remember = intPostVar('remember'); + if ($remember == 1) { + $lifetime = time()+2592000; + setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0); + setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0); + } + + $comments = new COMMENTS($post['itemid']); + + $blogid = getBlogIDFromItemID($post['itemid']); + $this->checkban($blogid); + $blog =& $manager->getBlog($blogid); + + // note: PreAddComment and PostAddComment gets called somewhere inside addComment + $errormessage = $comments->addComment($blog->getCorrectTime(),$post); + + if ($errormessage == '1') { + // redirect when adding comments succeeded + if (postVar('url')) { redirect(postVar('url')); } else { $url = $CONF['IndexURL'] . createItemLink($post['itemid']); - redirect($url); - } - } else { - // else, show error message using default skin for blog - return array( - 'message' => $errormessage, - 'skinid' => $blog->getDefaultSkin() - ); - } - - exit; - } - - // Sends a message from the current member to the member given as argument - function sendMessage() { - global $CONF, $member; - - $error = $this->validateMessage(); - if ($error != '') - return array('message' => $error); - - if (!$member->isLoggedIn()) { - $fromMail = postVar('frommail'); - $fromName = _MMAIL_FROMANON; - } else { - $fromMail = $member->getEmail(); - $fromName = $member->getDisplayName(); - } - - $tomem = new MEMBER(); - $tomem->readFromId(postVar('memberid')); - - $message = _MMAIL_MSG . ' ' . $fromName . "\n" - . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n" - . _MMAIL_MAIL . " \n\n" - . postVar('message'); - $message .= getMailFooter(); - - $title = _MMAIL_TITLE . ' ' . $fromName; - @mb_language('ja'); - mb_internal_encoding(_CHARSET); - @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail); - - if (postVar('url')) { - redirect(postVar('url')); - } else { - $CONF['MemberURL'] = $CONF['IndexURL']; - if ($CONF['URLMode'] == 'pathinfo') - $url = createMemberLink($tomem->getID()); - else - $url = $CONF['IndexURL'] . createMemberLink($tomem->getID()); - redirect($url); - } - - exit; - - } - - function validateMessage() { - global $CONF, $member, $manager; - - if (!$CONF['AllowMemberMail']) - return _ERROR_MEMBERMAILDISABLED; - - if (!$member->isLoggedIn() && !$CONF['NonmemberMail']) - return _ERROR_DISALLOWED; - - if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail')))) - return _ERROR_BADMAILADDRESS; - - // let plugins do verification (any plugin which thinks the comment is invalid - // can change 'error' to something other than '') - $result = ''; - $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result)); - - return $result; - - } - - // creates a new user account - function createAccount() { - global $CONF, $manager; - - if (!$CONF['AllowMemberCreate']) - doError(_ERROR_MEMBERCREATEDISABLED); - - // even though the member can not log in, set some random initial password. One never knows. - srand((double)microtime()*1000000); - $initialPwd = md5(uniqid(rand(), true)); - - // create member (non admin/can not login/no notes/random string as password) - $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, ''); - - if ($r != 1) - doError($r); - - // send message containing password. - $newmem = new MEMBER(); - $newmem->readFromName(postVar('name')); - $newmem->sendActivationLink('register'); - - $manager->notify('PostRegister',array('member' => &$newmem)); - - if (postVar('desturl')) { - redirect(postVar('desturl')); - } else { - echo "\n"._MSG_ACTIVATION_SENT; - } - - exit; - } - - // sends a new password - function forgotPassword() { - $membername = trim(postVar('name')); - - if (!MEMBER::exists($membername)) - doError(_ERROR_NOSUCHMEMBER); - $mem = MEMBER::createFromName($membername); - - if (!$mem->canLogin()) - doError(_ERROR_NOLOGON_NOACTIVATE); - - // check if e-mail address is correct - if (!($mem->getEmail() == postVar('email'))) - doError(_ERROR_INCORRECTEMAIL); - - // send activation link - $mem->sendActivationLink('forgot'); - - if (postVar('url')) { - redirect(postVar('url')); - } else { - echo "\n"._MSG_ACTIVATION_SENT; - } - - exit; - } - - // handle karma votes - function doKarma($type) { - global $itemid, $member, $CONF, $manager; - - // check if itemid exists - if (!$manager->existsItem($itemid,0,0)) - doError(_ERROR_NOSUCHITEM); - - $blogid = getBlogIDFromItemID($itemid); - $this->checkban($blogid); - - $karma =& $manager->getKarma($itemid); - - // check if not already voted - if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) - doError(_ERROR_VOTEDBEFORE); - - // check if item does allow voting - $item =& $manager->getItem($itemid,0,0); - if ($item['closed']) - doError(_ERROR_ITEMCLOSED); - - switch($type) { - case 'pos': - $karma->votePositive(); - break; - case 'neg': - $karma->voteNegative(); - break; - } - - $blogid = getBlogIDFromItemID($itemid); - $blog =& $manager->getBlog($blogid); - - // send email to notification address, if any - if ($blog->getNotifyAddress() && $blog->notifyOnVote()) { - - $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n"; - $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n"; - if ($member->isLoggedIn()) { - $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; - } - $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n"; - $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n"; - $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n"; - $mailto_msg .= getMailFooter(); - - $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')'; - - $frommail = $member->getNotifyFromMailAddress(); - - $notify = new NOTIFICATION($blog->getNotifyAddress()); - $notify->notify($mailto_title, $mailto_msg , $frommail); - } - - - $refererUrl = serverVar('HTTP_REFERER'); - if ($refererUrl) - $url = $refererUrl; - else - $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid; - - redirect($url); - exit; - } - - /** - * Calls a plugin action - */ - function callPlugin() { - global $manager; - - $pluginName = 'NP_' . requestVar('name'); - $actionType = requestVar('type'); - - // 1: check if plugin is installed - if (!$manager->pluginInstalled($pluginName)) - doError(_ERROR_NOSUCHPLUGIN); - - // 2: call plugin - $pluginObject =& $manager->getPlugin($pluginName); - if ($pluginObject) - $error = $pluginObject->doAction($actionType); - else - $error = 'Could not load plugin (see actionlog)'; - - // doAction returns error when: - // - an error occurred (duh) - // - no actions are allowed (doAction is not implemented) - if ($error) - doError($error); - - exit; - - } - - function checkban($blogid) { - // check if banned - $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR')); - if ($ban != 0) { - doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3); - } - - } - - -} - -?> \ No newline at end of file + redirect($url); + } + } else { + // else, show error message using default skin for blog + return array( + 'message' => $errormessage, + 'skinid' => $blog->getDefaultSkin() + ); + } + + exit; + } + + // Sends a message from the current member to the member given as argument + function sendMessage() { + global $CONF, $member; + + $error = $this->validateMessage(); + if ($error != '') + return array('message' => $error); + + if (!$member->isLoggedIn()) { + $fromMail = postVar('frommail'); + $fromName = _MMAIL_FROMANON; + } else { + $fromMail = $member->getEmail(); + $fromName = $member->getDisplayName(); + } + + $tomem = new MEMBER(); + $tomem->readFromId(postVar('memberid')); + + $message = _MMAIL_MSG . ' ' . $fromName . "\n" + . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n" + . _MMAIL_MAIL . " \n\n" + . postVar('message'); + $message .= getMailFooter(); + + $title = _MMAIL_TITLE . ' ' . $fromName; + mb_language('ja'); + mb_internal_encoding(_CHARSET); + @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail); + + if (postVar('url')) { + redirect(postVar('url')); + } else { + $CONF['MemberURL'] = $CONF['IndexURL']; + if ($CONF['URLMode'] == 'pathinfo') + $url = createMemberLink($tomem->getID()); + else + $url = $CONF['IndexURL'] . createMemberLink($tomem->getID()); + redirect($url); + } + + exit; + + } + + function validateMessage() { + global $CONF, $member, $manager; + + if (!$CONF['AllowMemberMail']) + return _ERROR_MEMBERMAILDISABLED; + + if (!$member->isLoggedIn() && !$CONF['NonmemberMail']) + return _ERROR_DISALLOWED; + + if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail')))) + return _ERROR_BADMAILADDRESS; + + // let plugins do verification (any plugin which thinks the comment is invalid + // can change 'error' to something other than '') + $result = ''; + $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result)); + + return $result; + + } + + // creates a new user account + function createAccount() { + global $CONF, $manager; + + if (!$CONF['AllowMemberCreate']) + doError(_ERROR_MEMBERCREATEDISABLED); + + // even though the member can not log in, set some random initial password. One never knows. + srand((double)microtime()*1000000); + $initialPwd = md5(uniqid(rand(), true)); + + // create member (non admin/can not login/no notes/random string as password) + $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, ''); + + if ($r != 1) + doError($r); + + // send message containing password. + $newmem = new MEMBER(); + $newmem->readFromName(postVar('name')); + $newmem->sendActivationLink('register'); + + $manager->notify('PostRegister',array('member' => &$newmem)); + + if (postVar('desturl')) { + redirect(postVar('desturl')); + } else { + header ("Content-Type: text/html; charset="._CHARSET); + echo _MSG_ACTIVATION_SENT; + } + + exit; + } + + // sends a new password + function forgotPassword() { + $membername = trim(postVar('name')); + + if (!MEMBER::exists($membername)) + doError(_ERROR_NOSUCHMEMBER); + $mem = MEMBER::createFromName($membername); + + if (!$mem->canLogin()) + doError(_ERROR_NOLOGON_NOACTIVATE); + + // check if e-mail address is correct + if (!($mem->getEmail() == postVar('email'))) + doError(_ERROR_INCORRECTEMAIL); + + // send activation link + $mem->sendActivationLink('forgot'); + + if (postVar('url')) { + redirect(postVar('url')); + } else { + header ("Content-Type: text/html; charset="._CHARSET); + echo _MSG_ACTIVATION_SENT; + } + + exit; + } + + // handle karma votes + function doKarma($type) { + global $itemid, $member, $CONF, $manager; + + // check if itemid exists + if (!$manager->existsItem($itemid,0,0)) + doError(_ERROR_NOSUCHITEM); + + $blogid = getBlogIDFromItemID($itemid); + $this->checkban($blogid); + + $karma =& $manager->getKarma($itemid); + + // check if not already voted + if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) + doError(_ERROR_VOTEDBEFORE); + + // check if item does allow voting + $item =& $manager->getItem($itemid,0,0); + if ($item['closed']) + doError(_ERROR_ITEMCLOSED); + + switch($type) { + case 'pos': + $karma->votePositive(); + break; + case 'neg': + $karma->voteNegative(); + break; + } + + $blogid = getBlogIDFromItemID($itemid); + $blog =& $manager->getBlog($blogid); + + // send email to notification address, if any + if ($blog->getNotifyAddress() && $blog->notifyOnVote()) { + + $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n"; + $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n"; + if ($member->isLoggedIn()) { + $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; + } + $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n"; + $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n"; + $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n"; + $mailto_msg .= getMailFooter(); + + $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')'; + + $frommail = $member->getNotifyFromMailAddress(); + + $notify = new NOTIFICATION($blog->getNotifyAddress()); + $notify->notify($mailto_title, $mailto_msg , $frommail); + } + + + $refererUrl = serverVar('HTTP_REFERER'); + if ($refererUrl) + $url = $refererUrl; + else + $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid; + + redirect($url); + exit; + } + + /** + * Calls a plugin action + */ + function callPlugin() { + global $manager; + + $pluginName = 'NP_' . requestVar('name'); + $actionType = requestVar('type'); + + // 1: check if plugin is installed + if (!$manager->pluginInstalled($pluginName)) + doError(_ERROR_NOSUCHPLUGIN); + + // 2: call plugin + $pluginObject =& $manager->getPlugin($pluginName); + if ($pluginObject) + $error = $pluginObject->doAction($actionType); + else + $error = 'Could not load plugin (see actionlog)'; + + // doAction returns error when: + // - an error occurred (duh) + // - no actions are allowed (doAction is not implemented) + if ($error) + doError($error); + + exit; + + } + + function checkban($blogid) { + // check if banned + $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR')); + if ($ban != 0) { + doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3); + } + + } + + +} + +?> diff --git a/utf8/nucleus/libs/ACTIONLOG.php b/utf8/nucleus/libs/ACTIONLOG.php index da483b8..cbf6c9a 100755 --- a/utf8/nucleus/libs/ACTIONLOG.php +++ b/utf8/nucleus/libs/ACTIONLOG.php @@ -1,7 +1,7 @@ \ No newline at end of file +?> diff --git a/utf8/nucleus/libs/ADMIN.php b/utf8/nucleus/libs/ADMIN.php index dbeef1a..657362f 100755 --- a/utf8/nucleus/libs/ADMIN.php +++ b/utf8/nucleus/libs/ADMIN.php @@ -1,7 +1,7 @@ action_xxxx method) @@ -20,7 +23,7 @@ class ADMIN { function ADMIN() { } - + /** * Executes an action * @@ -28,6 +31,8 @@ class ADMIN { * action to be performed */ function action($action) { + global $CONF, $manager; + // list of action aliases $alias = array( 'login' => 'overview', @@ -38,14 +43,28 @@ class ADMIN { $action = $alias[$action]; $methodName = 'action_' . $action; - - $this->action = $action; + + $this->action = strtolower($action); + + // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action + // is an action that requires user interaction before something is actually done) + // all safe actions are in this array: + $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate'); +/* + // the rest of the actions needs to be checked + $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd'); +*/ + if (!in_array($this->action, $aActionsNotToCheck)) + { + if (!$manager->checkTicket()) + $this->error(_ERROR_BADTICKET); + } if (method_exists($this, $methodName)) call_user_func(array(&$this, $methodName)); else $this->error(_BADACTION . " ($action)"); - + } @@ -56,19 +75,19 @@ class ADMIN { function action_login($msg = '', $passvars = 1) { global $member; - + // skip to overview when allowed if ($member->isLoggedIn() && $member->canLogin()) { $this->action_overview(); exit; } - + $this->pagehead(); - + echo '

', _LOGIN ,'

'; if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg); ?> - +

:

@@ -83,13 +102,13 @@ class ADMIN {

pagefoot(); @@ -101,52 +120,52 @@ class ADMIN { */ function action_overview($msg = '') { global $member; - + $this->pagehead(); - + if ($msg) echo _MESSAGE , ': ', $msg; - + /* ---- add items ---- */ echo '

' . _OVERVIEW_YRBLOGS . '

'; - + $showAll = requestVar('showall'); - + if (($member->isAdmin()) && ($showAll == 'yes')) { // Super-Admins have access to all blogs! (no add item support though) $query = 'SELECT bnumber, bname, 1 as tadmin, burl, bshortname' - . ' FROM ' . sql_table('blog') - . ' ORDER BY bname'; + . ' FROM ' . sql_table('blog') + . ' ORDER BY bname'; } else { $query = 'SELECT bnumber, bname, tadmin, burl, bshortname' - . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') - . ' WHERE tblog=bnumber and tmember=' . $member->getID() - . ' ORDER BY bname'; + . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') + . ' WHERE tblog=bnumber and tmember=' . $member->getID() + . ' ORDER BY bname'; } $template['content'] = 'bloglist'; $template['superadmin'] = $member->isAdmin(); $amount = showlist($query,'table',$template); - + if (($showAll != 'yes') && ($member->isAdmin())) { $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog')); - if ($total > $amount) + if ($total > $amount) echo '

Show all blogs

'; } if ($amount == 0) echo _OVERVIEW_NOBLOGS; - + if ($amount != 0) { echo '

' . _OVERVIEW_YRDRAFTS . '

'; $query = 'SELECT ititle, inumber, bshortname' . ' FROM ' . sql_table('item'). ', ' . sql_table('blog') - . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1'; + . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1'; $template['content'] = 'draftlist'; $amountdrafts = showlist($query, 'table', $template); - if ($amountdrafts == 0) + if ($amountdrafts == 0) echo _OVERVIEW_NODRAFTS; } - + /* ---- user settings ---- */ echo '

' . _OVERVIEW_YRSETTINGS . '

'; echo ''; - + /* ---- general settings ---- */ if ($member->isAdmin()) { echo '

' . _OVERVIEW_MANAGEMENT. '

'; @@ -162,144 +181,144 @@ class ADMIN { echo '
  • ',_OVERVIEW_MANAGE,'
    • '; echo ''; } - - + + $this->pagefoot(); } - + // returns a link to a weblog (takes BLOG object as parameter) function bloglink(&$blog) { return ''.$blog->getName() .''; } - + function action_manage($msg = '') { global $member; - + $member->isAdmin() or $this->disallow(); - + $this->pagehead(); - + echo '

    (',_BACKHOME,')

    '; - + if ($msg) echo '

    ' , _MESSAGE , ': ', $msg , '

    '; echo '

    ' . _MANAGE_GENERAL. '

    '; - + echo ''; - + echo '

    ' . _MANAGE_SKINS . '

    '; echo ''; - - echo '

    ' . _MANAGE_EXTRA . '

    '; + + echo '

    ' . _MANAGE_EXTRA . '

    '; echo ''; - - $this->pagefoot(); + echo '
  • '._OVERVIEW_BACKUP.'
    • '; + echo '
  • '._OVERVIEW_PLUGINS.'
    • '; + echo ''; + + $this->pagefoot(); } - + function action_itemlist($blogid = '') { global $member, $manager; - + if ($blogid == '') $blogid = intRequestVar('blogid'); - - $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); - + + $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); + $this->pagehead(); $blog =& $manager->getBlog($blogid); - - echo '

    (',_BACKHOME,')

    '; + + echo '

    (',_BACKHOME,')

    '; echo '

    ' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '

    '; - + // start index if (postVar('start')) $start = intPostVar('start'); else - $start = 0; - + $start = 0; + if ($start == 0) - echo '

    ',_ITEMLIST_ADDNEW,'

    '; - + echo '

    ',_ITEMLIST_ADDNEW,'

    '; + // amount of items to show if (postVar('amount')) $amount = intPostVar('amount'); else - $amount = 10; - + $amount = 10; + $search = postVar('search'); // search through items - + $query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime' - . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category') - . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid; - - if ($search) - $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; - + . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category') + . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid; + + if ($search) + $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; + // non-blog-admins can only edit/delete their own items - if (!$member->blogAdminRights($blogid)) + if (!$member->blogAdminRights($blogid)) $query .= ' and iauthor=' . $member->getID(); - + $query .= ' ORDER BY itime DESC' - . " LIMIT $start,$amount"; - + . " LIMIT $start,$amount"; + $template['content'] = 'itemlist'; $template['now'] = $blog->getCorrectTime(time()); - $navList = new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0); + $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0); $navList->showBatchList('item',$query,'table',$template); - + $this->pagefoot(); } - - + + function action_batchitem() { global $member, $manager; - + // check if logged in $member->isLoggedIn() or $this->disallow(); - - // more precise check will be done for each performed operation - + + // more precise check will be done for each performed operation + // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); - + // Show error when no items were selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); - + // On move: when no destination blog/category chosen, show choice now $destCatid = intRequestVar('destcatid'); - if (($action == 'move') && (!$manager->existsCategory($destCatid))) + if (($action == 'move') && (!$manager->existsCategory($destCatid))) $this->batchMoveSelectDestination('item',$selected); - + // On delete: check if confirmation has been given - if (($action == 'delete') && (requestVar('confirmation') != 'yes')) + if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('item',$selected); $this->pagehead(); - - echo '(',_BACKHOME,')'; + + echo '(',_BACKHOME,')'; echo '

    ',_BATCH_ITEMS,'

    '; echo '

    ',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

    '; echo '
      '; - + // walk over all itemids and perform action foreach ($selected as $itemid) { @@ -321,42 +340,42 @@ class ADMIN { echo '',($error ? $error : _BATCH_SUCCESS),''; echo ''; } - + echo '
    '; echo '',_BATCH_DONE,''; - + $this->pagefoot(); - + } - + function action_batchcomment() { global $member; - + // check if logged in $member->isLoggedIn() or $this->disallow(); - - // more precise check will be done for each performed operation - + + // more precise check will be done for each performed operation + // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); - + // Show error when no items were selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); - + // On delete: check if confirmation has been given - if (($action == 'delete') && (requestVar('confirmation') != 'yes')) + if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('comment',$selected); $this->pagehead(); - - echo '(',_BACKHOME,')'; + + echo '(',_BACKHOME,')'; echo '

    ',_BATCH_COMMENTS,'

    '; echo '

    ',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

    '; echo '
      '; - + // walk over all itemids and perform action foreach ($selected as $commentid) { $commentid = intval($commentid); @@ -374,40 +393,40 @@ class ADMIN { echo '',($error ? $error : _BATCH_SUCCESS),''; echo ''; } - + echo '
    '; echo '',_BATCH_DONE,''; - + $this->pagefoot(); - + } function action_batchmember() { global $member; - + // check if logged in and admin ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); - + // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); - + // Show error when no members selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); - + // On delete: check if confirmation has been given - if (($action == 'delete') && (requestVar('confirmation') != 'yes')) + if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('member',$selected); $this->pagehead(); - - echo '(',_MEMBERS_BACKTOOVERVIEW,')'; + + echo '(',_MEMBERS_BACKTOOVERVIEW,')'; echo '

    ',_BATCH_MEMBERS,'

    '; echo '

    ',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

    '; echo '
      '; - + // walk over all itemids and perform action foreach ($selected as $memberid) { $memberid = intval($memberid); @@ -438,44 +457,44 @@ class ADMIN { echo '',($error ? $error : _BATCH_SUCCESS),''; echo ''; } - + echo '
    '; echo '',_BATCH_DONE,''; - + $this->pagefoot(); - - } - + + } + function action_batchteam() { global $member; - + $blogid = intRequestVar('blogid'); - + // check if logged in and admin ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); - + // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); - + // Show error when no members selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); - + // On delete: check if confirmation has been given - if (($action == 'delete') && (requestVar('confirmation') != 'yes')) + if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('team',$selected); $this->pagehead(); - + echo '

    (',_BACK,')

    '; echo '

    ',_BATCH_TEAM,'

    '; echo '

    ',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

    '; echo '
      '; - + // walk over all itemids and perform action foreach ($selected as $memberid) { $memberid = intval($memberid); @@ -506,49 +525,49 @@ class ADMIN { echo '',($error ? $error : _BATCH_SUCCESS),''; echo ''; } - + echo '
    '; echo '',_BATCH_DONE,''; - + $this->pagefoot(); - - } + + } + - function action_batchcategory() { global $member, $manager; - + // check if logged in $member->isLoggedIn() or $this->disallow(); - - // more precise check will be done for each performed operation - + + // more precise check will be done for each performed operation + // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); - + // Show error when no items were selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); - + // On move: when no destination blog chosen, show choice now $destBlogId = intRequestVar('destblogid'); - if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) + if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) $this->batchMoveCategorySelectDestination('category',$selected); - + // On delete: check if confirmation has been given - if (($action == 'delete') && (requestVar('confirmation') != 'yes')) + if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('category',$selected); $this->pagehead(); - - echo '(',_BACKHOME,')'; + + echo '(',_BACKHOME,')'; echo '

    ',BATCH_CATEGORIES,'

    '; echo '

    ',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

    '; echo '
      '; - + // walk over all itemids and perform action foreach ($selected as $catid) { $catid = intval($catid); @@ -569,15 +588,16 @@ class ADMIN { echo '',($error ? 'Error: '.$error : _BATCH_SUCCESS),''; echo ''; } - + echo '
    '; echo '',_BATCH_DONE,''; - + $this->pagefoot(); - + } - + function batchMoveSelectDestination($type, $ids) { + global $manager; $this->pagehead(); ?>

    @@ -585,25 +605,29 @@ class ADMIN { - addTicketHidden(); + + // insert selected item numbers $idx = 0; foreach ($ids as $id) echo ''; - + // show blog/category selection list $this->selectBlogCategory('destcatid'); - + ?> - - + +
    pagefoot(); exit; } - + function batchMoveCategorySelectDestination($type, $ids) { + global $manager; $this->pagehead(); ?>

    @@ -611,58 +635,64 @@ class ADMIN { - addTicketHidden(); + + // insert selected item numbers $idx = 0; foreach ($ids as $id) echo ''; - + // show blog/category selection list $this->selectBlog('destblogid'); - + ?> - - + + pagefoot(); exit; } - + function batchAskDeleteConfirmation($type, $ids) { + global $manager; + $this->pagehead(); ?>

    + addTicketHidden() ?> - + '; - + // add hidden vars for team & comment - if ($type == 'team') + if ($type == 'team') { echo ''; } - if ($type == 'comment') + if ($type == 'comment') { echo ''; } - + ?> - +
    pagefoot(); exit; } - - + + /** * Inserts a HTML select element with choices for all categories to which the current * member has access @@ -670,7 +700,7 @@ class ADMIN { function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); } - + /** * Inserts a HTML select element with choices for all blogs to which the user has access * mode = 'blog' => shows blognames and values are blogids @@ -681,24 +711,24 @@ class ADMIN { */ function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { global $member, $CONF; - + // 0. get IDs of blogs to which member can post items (+ forced blog) $aBlogIds = array(); if ($iForcedBlogInclude != -1) $aBlogIds[] = intval($iForcedBlogInclude); - if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) + if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; else - $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); + $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); $rblogids = sql_query($queryBlogs); while ($o = mysql_fetch_object($rblogids)) if ($o->bnumber != $iForcedBlogInclude) $aBlogIds[] = intval($o->bnumber); - + if (count($aBlogIds) == 0) return; - + echo ''; - + } - + function action_browseownitems() { global $member; - + $this->pagehead(); - - echo '

    (',_BACKHOME,')

    '; + + echo '

    (',_BACKHOME,')

    '; echo '

    ' . _ITEMLIST_YOUR. '

    '; - + // start index if (postVar('start')) $start = postVar('start'); else - $start = 0; - + $start = 0; + // amount of items to show if (postVar('amount')) $amount = postVar('amount'); else - $amount = 10; - + $amount = 10; + $search = postVar('search'); // search through items - + $query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime' - . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category') - . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid'; - - if ($search) + . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category') + . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid'; + + if ($search) $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; - + $query .= ' ORDER BY itime DESC' - . " LIMIT $start,$amount"; - + . " LIMIT $start,$amount"; + $template['content'] = 'itemlist'; $template['now'] = time(); - $navList = new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0); + $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0); $navList->showBatchList('item',$query,'table',$template); - $this->pagefoot(); - + $this->pagefoot(); + } - + /** * Show all the comments for a given item */ function action_itemcommentlist($itemid = '') { global $member; - + if ($itemid == '') $itemid = intRequestVar('itemid'); - + // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); - + $blogid = getBlogIdFromItemId($itemid); - + $this->pagehead(); - + // start index if (postVar('start')) $start = postVar('start'); else - $start = 0; - + $start = 0; + // amount of items to show if (postVar('amount')) $amount = postVar('amount'); else - $amount = 10; - - $search = postVar('search'); - + $amount = 10; + + $search = postVar('search'); + echo '

    (',_BACKTOOVERVIEW,')

    '; echo '

    ',_COMMENTS,'

    '; - + $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid; - if ($search) + if ($search) $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; $query .= ' ORDER BY ctime ASC' - . " LIMIT $start,$amount"; + . " LIMIT $start,$amount"; $template['content'] = 'commentlist'; $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid)); - $navList = new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid); + $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid); $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS); - + $this->pagefoot(); } - + /** * Browse own comments */ function action_browseowncomments() { global $member; - + // start index if (postVar('start')) $start = postVar('start'); else - $start = 0; - + $start = 0; + // amount of items to show if (postVar('amount')) $amount = postVar('amount'); else - $amount = 10; - - $search = postVar('search'); + $amount = 10; + + $search = postVar('search'); $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID(); - if ($search) + if ($search) $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; $query .= ' ORDER BY ctime DESC' - . " LIMIT $start,$amount"; - + . " LIMIT $start,$amount"; + $this->pagehead(); - - echo '

    (',_BACKHOME,')

    '; + + echo '

    (',_BACKHOME,')

    '; echo '

    ', _COMMENTS_YOUR ,'

    '; - + $template['content'] = 'commentlist'; $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself - - $navList = new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0); + + $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0); $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR); - + $this->pagefoot(); } - + /** * Browse all comments for a weblog */ - function action_blogcommentlist($blogid = '') + function action_blogcommentlist($blogid = '') { global $member, $manager; - + if ($blogid == '') $blogid = intRequestVar('blogid'); else $blogid = intval($blogid); - - $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); - + + $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); + // start index if (postVar('start')) $start = postVar('start'); else - $start = 0; - + $start = 0; + // amount of items to show if (postVar('amount')) $amount = postVar('amount'); else - $amount = 10; - + $amount = 10; + $search = postVar('search'); // search through comments $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid); - if ($search != '') + if ($search != '') $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; - - + + $query .= ' ORDER BY ctime DESC' - . " LIMIT $start,$amount"; + . " LIMIT $start,$amount"; $blog =& $manager->getBlog($blogid); $this->pagehead(); - - echo '

    (',_BACKHOME,')

    '; + + echo '

    (',_BACKHOME,')

    '; echo '

    ', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '

    '; - + $template['content'] = 'commentlist'; $template['canAddBan'] = $member->blogAdminRights($blogid); - + $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0); - $navList->showBatchList('comment',$query,'table',$template, 'No comments were made on items of this blog'); - + $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG); + $this->pagefoot(); } @@ -941,97 +971,97 @@ class ADMIN { */ function action_createitem() { global $member, $manager; - + $blogid = intRequestVar('blogid'); - + // check if allowed - $member->teamRights($blogid) or $this->disallow(); - + $member->teamRights($blogid) or $this->disallow(); + $memberid = $member->getID(); - + $blog =& $manager->getBlog($blogid); - + $this->pagehead(); - + // generate the add-item form - $formfactory = new PAGEFACTORY($blogid); + $formfactory =& new PAGEFACTORY($blogid); $formfactory->createAddForm('admin'); - $this->pagefoot(); + $this->pagefoot(); } - + function action_itemedit() { global $member, $manager; - + $itemid = intRequestVar('itemid'); - + // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); - + $item =& $manager->getItem($itemid,1,1); $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); - + $manager->notify('PrepareItemForEdit', array('item' => &$item)); - + if ($blog->convertBreaks()) { $item['body'] = removeBreaks($item['body']); $item['more'] = removeBreaks($item['more']); } - + // form to edit blog items $this->pagehead(); - $formfactory = new PAGEFACTORY($blog->getID()); - $formfactory->createEditForm('admin',$item); - $this->pagefoot(); + $formfactory =& new PAGEFACTORY($blog->getID()); + $formfactory->createEditForm('admin',$item); + $this->pagefoot(); } - + function action_itemupdate() { global $member, $manager, $CONF; - + $itemid = intRequestVar('itemid'); $catid = postVar('catid'); - + // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); $actiontype = postVar('actiontype'); - + // delete actions are handled by itemdelete (which has confirmation) if ($actiontype == 'delete') { $this->action_itemdelete(); - return; + return; } - + $body = postVar('body'); $title = postVar('title'); $more = postVar('more'); $closed = intPostVar('closed'); // default action = add now - if (!$actiontype) + if (!$actiontype) $actiontype='addnow'; - - // create new category if needed + + // create new category if needed if (strstr($catid,'newcat')) { - // get blogid + // get blogid list($blogid) = sscanf($catid,"newcat-%d"); - + // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong - if (!$catid) + if (!$catid) $this->doError(_ERROR_CATCREATEFAIL); - } + } /* set some variables based on actiontype - + actiontypes: draft items -> addnow, addfuture, adddraft, delete non-draft items -> edit, changedate, delete - + variables set: $timestamp: set to a nonzero value for future dates or date changes $wasdraft: set to 1 when the item used to be a draft item @@ -1046,7 +1076,7 @@ class ADMIN { case 'addfuture': $wasdraft = 1; $publish = 1; - $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year')); + $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year')); break; case 'addnow': $wasdraft = 1; @@ -1064,15 +1094,22 @@ class ADMIN { $wasdraft = 0; $timestamp = 0; } - + // edit the item for real ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); - + + $blogid = getBlogIDFromItemID($itemid); + $blog =& $manager->getBlog($blogid); + if (!$closed && $publish && $wasdraft && $blog->pingUserland()) { + $this->action_sendping($blogid); + return; + } + // show category edit window when we created a new category // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') if ($catid != intPostVar('catid')) { $this->action_categoryedit( - $catid, + $catid, $blog->getID(), $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) ); @@ -1081,136 +1118,141 @@ class ADMIN { $this->action_itemlist(getBlogIDFromItemID($itemid)); } } - + function action_itemdelete() { global $member, $manager; - + $itemid = intRequestVar('itemid'); - + // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); - + if (!$manager->existsItem($itemid,1,1)) $this->error(_ERROR_NOSUCHITEM); - + $item =& $manager->getItem($itemid,1,1); $title = htmlspecialchars(strip_tags($item['title'])); $body = strip_tags($item['body']); $body = htmlspecialchars(shorten($body,300,'...')); - + $this->pagehead(); ?>

    - +

    - +
    ""
    - +
    + addTicketHidden() ?>
    - pagefoot(); } - + function action_itemdeleteconfirm() { global $member; - + $itemid = intRequestVar('itemid'); - + // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); // get blogid first $blogid = getBlogIdFromItemId($itemid); - + // delete item (note: some checks will be performed twice) $this->deleteOneItem($itemid); - + $this->action_itemlist($blogid); } - + // deletes one item and returns error if something goes wrong function deleteOneItem($itemid) { global $member, $manager; - + // only allow if user is allowed to alter item (also checks if itemid exists) if (!$member->canAlterItem($itemid)) return _ERROR_DISALLOWED; - + $manager->loadClass('ITEM'); ITEM::delete($itemid); } function action_itemmove() { global $member, $manager; - - $itemid = intRequestVar('itemid'); - + + $itemid = intRequestVar('itemid'); + // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $item =& $manager->getItem($itemid,1,1); - + $this->pagehead(); ?>

    - - selectBlogCategory('catid',$item['catid'],10,1);?> - + + addTicketHidden(); + $this->selectBlogCategory('catid',$item['catid'],10,1); + ?> +
    - pagefoot(); } function action_itemmoveto() { global $member, $manager; - + $itemid = intRequestVar('itemid'); $catid = requestVar('catid'); - - // create new category if needed + + // create new category if needed if (strstr($catid,'newcat')) { - // get blogid + // get blogid list($blogid) = sscanf($catid,'newcat-%d'); - + // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong - if (!$catid) + if (!$catid) $this->doError(_ERROR_CATCREATEFAIL); - } - + } + // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); - ITEM::move($itemid, $catid); - + ITEM::move($itemid, $catid); + if ($catid != intRequestVar('catid')) $this->action_categoryedit($catid, $blog->getID()); else - $this->action_itemlist(getBlogIDFromCatID($catid)); + $this->action_itemlist(getBlogIDFromCatID($catid)); } - + /** * Moves one item to a given category (category existance should be checked by caller) * errors are returned */ function moveOneItem($itemid, $destCatid) { global $member; - + // only allow if user is allowed to move item if (!$member->canUpdateItem($itemid, $destCatid)) return _ERROR_DISALLOWED; @@ -1223,46 +1265,50 @@ class ADMIN { */ function action_additem() { global $member, $manager, $CONF; - + $manager->loadClass('ITEM'); $result = ITEM::createFromRequest(); - + if ($result['status'] == 'error') $this->error($result['message']); - + $blogid = getBlogIDFromItemID($result['itemid']); $blog =& $manager->getBlog($blogid); + $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid)); + if ($result['status'] == 'newcategory') $this->action_categoryedit( $result['catid'], - $blogid, - $blog->pingUserland() ? $CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid) : '' + $blogid, + $blog->pingUserland() ? $pingUrl : '' ); elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland()) $this->action_sendping($blogid); else $this->action_itemlist($blogid); } - + /** * Shows a window that says we're about to ping weblogs.com. - * immediately refresh to the real pinging page, which will + * immediately refresh to the real pinging page, which will * show an error, or redirect to the blog. * * @param $blogid ID of blog for which ping needs to be sent out */ function action_sendping($blogid = -1) { - global $member; - + global $member, $manager; + if ($blogid == -1) $blogid = intRequestVar('blogid'); - + $member->isLoggedIn() or $this->disallow(); - - $this->pagehead(''); - ?> + + $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid)); + + $this->pagehead(''); + ?>

    Site Updated, Now pinging weblogs.com

    @@ -1270,78 +1316,79 @@ class ADMIN {
    When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.

    - +

    If you aren't automatically passed through, try again

    pagefoot(); } - + // ping to Weblogs.com // sends the real ping (can take up to 10 seconds!) function action_rawping() { global $manager; // TODO: checks? - + $blogid = intRequestVar('blogid'); $blog =& $manager->getBlog($blogid); - + $result = $blog->sendUserlandPing(); - + $this->pagehead(); - + ?> - +

    Ping Results

    - +

    The following message was returned by weblogs.com:

    - +
    - + - + pagefoot(); } - - /** + + /** * Allows to edit previously made comments */ function action_commentedit() { global $member, $manager; - + $commentid = intRequestVar('commentid'); - + $member->canAlterComment($commentid) or $this->disallow(); $comment = COMMENT::getComment($commentid); - + $manager->notify('PrepareCommentForEdit',array('comment' => &$comment)); // change
    to \n $comment['body'] = str_replace('
    ','',$comment['body']); - - $comment['body'] = eregi_replace("[^<]*","\\1",$comment['body']); - + + $comment['body'] = eregi_replace("[^<]*","\\1",$comment['body']); + $this->pagehead(); - + ?>

    - +
    - + + addTicketHidden(); ?> @@ -1362,23 +1409,23 @@ class ADMIN {
    -
    - +
    - pagefoot(); } - + function action_commentupdate() { global $member, $manager; - + $commentid = intRequestVar('commentid'); - + $member->canAlterComment($commentid) or $this->disallow(); - + $body = postVar('body'); - + // intercept words that are too long - if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) + if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) $this->error(_ERROR_COMMENT_LONGWORD); // check length @@ -1386,75 +1433,76 @@ class ADMIN { $this->error(_ERROR_COMMENT_NOCOMMENT); if (strlen($body)>5000) $this->error(_ERROR_COMMENT_TOOLONG); - - + + // prepare body $body = COMMENT::prepareBody($body); - + // call plugins $manager->notify('PreUpdateComment',array('body' => &$body)); - + $query = 'UPDATE '.sql_table('comment') - . " SET cbody='" .addslashes($body). "'" - . " WHERE cnumber=" . $commentid; + . " SET cbody='" .addslashes($body). "'" + . " WHERE cnumber=" . $commentid; sql_query($query); - + // get itemid $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); $o = mysql_fetch_object($res); $itemid = $o->citem; - + if ($member->canAlterItem($itemid)) - $this->action_itemcommentlist($itemid); + $this->action_itemcommentlist($itemid); else $this->action_browseowncomments(); - + } - + function action_commentdelete() { - global $member; - + global $member, $manager; + $commentid = intRequestVar('commentid'); - + $member->canAlterComment($commentid) or $this->disallow(); $comment = COMMENT::getComment($commentid); $body = strip_tags($comment['body']); $body = htmlspecialchars(shorten($body, 300, '...')); - + if ($comment['member']) $author = $comment['member']; else $author = $comment['user']; - + $this->pagehead(); ?> - +

    - +

    - +
    :
    :
    - +
    + addTicketHidden() ?>
    - pagefoot(); } - + function action_commentdeleteconfirm() { global $member; - + $commentid = intRequestVar('commentid'); - + // get item id first $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); $o = mysql_fetch_object($res); @@ -1463,70 +1511,71 @@ class ADMIN { $error = $this->deleteOneComment($commentid); if ($error) $this->doError($error); - + if ($member->canAlterItem($itemid)) - $this->action_itemcommentlist($itemid); + $this->action_itemcommentlist($itemid); else $this->action_browseowncomments(); } - + function deleteOneComment($commentid) { global $member, $manager; - + $commentid = intval($commentid); - + if (!$member->canAlterComment($commentid)) return _ERROR_DISALLOWED; - + $manager->notify('PreDeleteComment', array('commentid' => $commentid)); - + // delete the comments associated with the item $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid; sql_query($query); - - $manager->notify('PostDeleteComment', array('commentid' => $commentid)); - + + $manager->notify('PostDeleteComment', array('commentid' => $commentid)); + return ''; } - + /** * Usermanagement main */ function action_usermanagement() { - global $member; - + global $member, $manager; + // check if allowed $member->isAdmin() or $this->disallow(); $this->pagehead(); - + echo '

    (',_BACKTOMANAGE,')

    '; - + echo '

    ' . _MEMBERS_TITLE .'

    '; - + echo '

    ' . _MEMBERS_CURRENT .'

    '; - + // show list of members with actions $query = 'SELECT *' - . ' FROM '.sql_table('member'); + . ' FROM '.sql_table('member'); $template['content'] = 'memberlist'; $template['tabindex'] = 10; - - $batch = new BATCH('member'); + + $batch =& new BATCH('member'); $batch->showlist($query,'table',$template); echo '

    ' . _MEMBERS_NEW .'

    '; ?>
    - + - + addTicketHidden() ?> + @@ -1557,12 +1606,12 @@ class ADMIN {
    -
    (This is the name used to logon) +
    (This is the name used to logon)
    - -
    - + pagefoot(); } - + /** * Edit member settings */ @@ -1571,14 +1620,15 @@ class ADMIN { } function action_editmembersettings($memberid = '') { global $member, $manager, $CONF; - + if ($memberid == '') $memberid = $member->getID(); - + // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - - $this->pagehead(); + + $extrahead = ''; + $this->pagehead($extrahead); // show message to go back to member overview (only for admins) if ($member->isAdmin()) @@ -1587,19 +1637,21 @@ class ADMIN { echo '(' ._BACKHOME. ')'; echo '

    ' . _MEMBERS_EDIT . '

    '; - + $mem = MEMBER::createFromID($memberid); - + ?>
    - + + addTicketHidden() ?> + - + isAdmin()) { ?> @@ -1622,31 +1674,31 @@ class ADMIN { - + isAdmin()) { ?> - + - - + + _insertPluginOptions('member',$memberid); + $this->_insertPluginOptions('member',$memberid); ?> @@ -1678,35 +1730,35 @@ class ADMIN {
    -
    +
    		isAdmin()) { ?> @@ -1612,7 +1664,7 @@ class ADMIN {
    -
    +
    input_yesno('admin',$mem->isAdmin(),60); ?>input_yesno('admin',$mem->isAdmin(),60); ?>
    input_yesno('canlogin',$mem->canLogin(),70); ?>
    - + - + +
    - +
    - - - ', _PLUGINS_EXTRA , ''; + + ',_PLUGINS_EXTRA,''; + $manager->notify( - 'MemberSettingsFormExtras', + 'MemberSettingsFormExtras', array( 'member' => &$mem ) ); - + $this->pagefoot(); } - - + + function action_changemembersettings() { global $member, $CONF, $manager; - + $memberid = intRequestVar('memberid'); - + // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - + $name = trim(postVar('name')); $realname = trim(postVar('realname')); $password = postVar('password'); - $repeatpassword = postVar('repeatpassword'); + $repeatpassword = postVar('repeatpassword'); $email = postVar('email'); $url = postVar('url'); @@ -1718,7 +1770,7 @@ class ADMIN { $canlogin = postVar('canlogin'); $notes = postVar('notes'); $deflang = postVar('deflang'); - + $mem = MEMBER::createFromID($memberid); if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { @@ -1728,238 +1780,399 @@ class ADMIN { if (($name != $mem->getDisplayName()) && MEMBER::exists($name)) $this->error(_ERROR_NICKNAMEINUSE); - + if ($password != $repeatpassword) $this->error(_ERROR_PASSWORDMISMATCH); - + if ($password && (strlen($password) < 6)) $this->error(_ERROR_PASSWORDTOOSHORT); } - + if (!isValidMailAddress($email)) $this->error(_ERROR_BADMAILADDRESS); - + if (!$realname) $this->error(_ERROR_REALNAMEMISSING); - - if (($deflang != '') && (!checkLanguage($deflang))) + + if (($deflang != '') && (!checkLanguage($deflang))) $this->error(_ERROR_NOSUCHLANGUAGE); - + // check if there will remain at least one site member with both the logon and admin rights // (check occurs when taking away one of these rights from such a member) if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) - || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) + || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) ) { $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); if (mysql_num_rows($r) < 2) $this->error(_ERROR_ATLEASTONEADMIN); } - - - // if email changed, generate new password - if ($email != $mem->getEmail()) - { - $password = genPassword(10); - $newpass = 1; - } else { - $newpass = 0; - } if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { $mem->setDisplayName($name); - if ($password) + if ($password) $mem->setPassword($password); } if ($newpass) $mem->setPassword($password); - + + $oldEmail = $mem->getEmail(); + $mem->setRealName($realname); $mem->setEmail($email); $mem->setURL($url); $mem->setNotes($notes); $mem->setLanguage($deflang); - + // only allow super-admins to make changes to the admin status if ($member->isAdmin()) { $mem->setAdmin($admin); $mem->setCanLogin($canlogin); } - + $mem->write(); - + + // if email changed, generate new password + if ($oldEmail != $mem->getEmail()) + { + $mem->sendActivationLink('addresschange', $oldEmail); + // logout member + $mem->newCookieKey(); + $member->logout(); + $this->action_login(_MSG_ACTIVATION_SENT, 0); + return; + } + + // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); - $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); - - // if new password was generated, send out mail message and logout - if ($newpass) - $mem->sendPassword($password); + $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); - if ( ( $mem->getID() == $member->getID() ) + if ( ( $mem->getID() == $member->getID() ) && ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) ) ) { + $mem->newCookieKey(); $member->logout(); $this->action_login(_MSG_LOGINAGAIN, 0); } else { $this->action_overview(_MSG_SETTINGSCHANGED); } } - + function action_memberadd() { global $member; - + // check if allowed $member->isAdmin() or $this->disallow(); - + if (postVar('password') != postVar('repeatpassword')) $this->error(_ERROR_PASSWORDMISMATCH); - if (strlen(postVar('password')) < 6) + if (strlen(postVar('password')) < 6) $this->error(_ERROR_PASSWORDTOOSHORT); - - $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes')); + + $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes')); if ($res != 1) $this->error($res); - - $this->action_usermanagement(); + + $this->action_usermanagement(); + } + + /** + * Account activation + * + * @author dekarma + */ + function action_activate() { + + $key = getVar('key'); + $this->_showActivationPage($key); + } + + function _showActivationPage($key, $message = '') + { + global $manager; + + // clean up old activation keys + MEMBER::cleanupActivationTable(); + + // get activation info + $info = MEMBER::getActivationInfo($key); + + if (!$info) + $this->error(_ERROR_ACTIVATE); + + $mem = MEMBER::createFromId($info->vmember); + + if (!$mem) + $this->error(_ERROR_ACTIVATE); + + $text = ''; + $title = ''; + $bNeedsPasswordChange = true; + + switch ($info->vtype) + { + case 'forgot': + $title = _ACTIVATE_FORGOT_TITLE; + $text = _ACTIVATE_FORGOT_TEXT; + break; + case 'register': + $title = _ACTIVATE_REGISTER_TITLE; + $text = _ACTIVATE_REGISTER_TEXT; + break; + case 'addresschange': + $title = _ACTIVATE_CHANGE_TITLE; + $text = _ACTIVATE_CHANGE_TEXT; + $bNeedsPasswordChange = false; + MEMBER::activate($key); + break; + } + + $aVars = array( + 'memberName' => htmlspecialchars($mem->getDisplayName()) + ); + $title = TEMPLATE::fill($title, $aVars); + $text = TEMPLATE::fill($text, $aVars); + + $this->pagehead(); + + echo '

    ' , $title, '

    '; + echo '

    ' , $text, '

    '; + + if ($message != '') + { + echo '

    ',$message,'

    '; + } + + if ($bNeedsPasswordChange) + { + ?> +
    + + + addTicketHidden() ?> + + + + + + + + + notify('FormExtra', array('type' => 'activation', 'member' => $mem)); + + ?> + + + +
    + + +
    + + pagefoot(); + + } + + /** + * Account activation - set password part + * + * @author dekarma + */ + function action_activatesetpwd() { + + $key = postVar('key'); + + // clean up old activation keys + MEMBER::cleanupActivationTable(); + + // get activation info + $info = MEMBER::getActivationInfo($key); + + if (!$info || ($info->type == 'addresschange')) + return $this->_showActivationPage($key, _ERROR_ACTIVATE); + + $mem = MEMBER::createFromId($info->vmember); + + if (!$mem) + return $this->_showActivationPage($key, _ERROR_ACTIVATE); + + $password = postVar('password'); + $repeatpassword = postVar('repeatpassword'); + + if ($password != $repeatpassword) + return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); + + if ($password && (strlen($password) < 6)) + return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); + + $error = ''; + global $manager; + $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error)); + if ($error != '') + return $this->_showActivationPage($key, $error); + + + // set password + $mem->setPassword($password); + $mem->write(); + + // do the activation + MEMBER::activate($key); + + $this->pagehead(); + echo '

    ',_ACTIVATE_SUCCESS_TITLE,'

    '; + echo '

    ',_ACTIVATE_SUCCESS_TEXT,'

    '; + $this->pagefoot(); } - + /** * Manage team */ function action_manageteam() { - global $member; - + global $member, $manager; + $blogid = intRequestVar('blogid'); - + // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); - + $this->pagehead(); - + echo "

    (",_BACK_TO_BLOGSETTINGS,")

    "; - + echo '

    ' . _TEAM_TITLE . getBlogNameFromID($blogid) . '

    '; - + echo '

    ' . _TEAM_CURRENT . '

    '; $query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin' - . ' FROM '.sql_table('member').', '.sql_table('team') - . ' WHERE tmember=mnumber and tblog=' . $blogid; + . ' FROM '.sql_table('member').', '.sql_table('team') + . ' WHERE tmember=mnumber and tblog=' . $blogid; $template['content'] = 'teamlist'; $template['tabindex'] = 10; - - $batch = new BATCH('team'); + + $batch =& new BATCH('team'); $batch->showlist($query, 'table', $template); ?>

    - + + addTicketHidden() ?> - +
    input_yesno('admin',0,10020); ?>
    - +
    - pagefoot(); } - + /** * Add member tot tram */ function action_teamaddmember() { global $member, $manager; - + $memberid = intPostVar('memberid'); $blogid = intPostVar('blogid'); $admin = intPostVar('admin'); - + // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); if (!$blog->addTeamMember($memberid, $admin)) $this->error(_ERROR_ALREADYONTEAM); - + $this->action_manageteam(); - + } - + function action_teamdelete() { global $member, $manager; - + $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); - + // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); - + $teammem = MEMBER::createFromID($memberid); $blog =& $manager->getBlog($blogid); - + $this->pagehead(); ?>

    - +

    getDisplayName() ?>getName())) ?>

    - - + +
    + addTicketHidden() ?>
    - pagefoot(); } - + function action_teamdeleteconfirm() { global $member; - + $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); $error = $this->deleteOneTeamMember($blogid, $memberid); - - + if ($error) + $this->error($error); + + $this->action_manageteam(); } - + function deleteOneTeamMember($blogid, $memberid) { global $member, $manager; - + $blogid = intval($blogid); $memberid = intval($memberid); - + // check if allowed if (!$member->blogAdminRights($blogid)) return _ERROR_DISALLOWED; @@ -1967,9 +2180,9 @@ class ADMIN { // check if: - there remains at least one blog admin // - (there remains at least one team member) $tmem = MEMBER::createFromID($memberid); - - $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); - + + $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); + if ($tmem->isBlogAdmin($blogid)) { // check if there are more blog members left and at least one admin // (check for at least two admins before deletion) @@ -1978,67 +2191,68 @@ class ADMIN { if (mysql_num_rows($r) < 2) return _ERROR_ATLEASTONEBLOGADMIN; } - + $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); - - $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); - + + $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); + return ''; } - + function action_teamchangeadmin() { global $member; - + $blogid = intRequestVar('blogid'); $memberid = intRequestVar('memberid'); - + // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $mem = MEMBER::createFromID($memberid); - + // don't allow when there is only one admin at this moment if ($mem->isBlogAdmin($blogid)) { $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); if (mysql_num_rows($r) == 1) $this->error(_ERROR_ATLEASTONEBLOGADMIN); } - + if ($mem->isBlogAdmin($blogid)) $newval = 0; - else + else $newval = 1; - + $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); - + // only show manageteam if member did not change its own admin privileges if ($member->isBlogAdmin($blogid)) $this->action_manageteam(); else $this->action_overview(_MSG_ADMINCHANGED); } - + function action_blogsettings() { global $member, $manager; - + $blogid = intRequestVar('blogid'); - + // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); - - $this->pagehead(); - - echo '

    (',_BACKHOME,')

    '; + + $extrahead = ''; + $this->pagehead($extrahead); + + echo '

    (',_BACKHOME,')

    '; ?>

    : 'bloglink($blog)?>'

    - -

    Members currently on your team: + +

    Members currently on your team:

    - - + +

    - +
    - + + addTicketHidden() ?> @@ -2076,36 +2291,36 @@ class ADMIN { - + - - + + - + - - + + @@ -2116,17 +2331,17 @@ class ADMIN { />
    notifyOnVote()) echo "checked='checked'" ?> + notifyOnVote()) echo "checked='checked'" ?> />
    notifyOnNewItem()) echo "checked='checked'" ?> + notifyOnNewItem()) echo "checked='checked'" ?> /> - - + + @@ -2135,25 +2350,25 @@ class ADMIN { + - +
    +
    getCorrectTime()); ?> + + - + - +
    - + - getDefaultSkin(); $template['tabindex'] = 50; - showlist($query,'select',$template); + showlist($query,'select',$template); ?> - +
    input_yesno('convertbreaks',$blog->convertBreaks(),55); ?>input_yesno('convertbreaks',$blog->convertBreaks(),55); ?>
    input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?>
    input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?>
    input_yesno('comments',$blog->commentsEnabled(),60); ?>input_yesno('comments',$blog->commentsEnabled(),60); ?>
    input_yesno('public',$blog->isPublic(),70); ?>
    input_yesno('public',$blog->isPublic(),70); ?>
    input_yesno('pinguserland',$blog->pingUserland(),85); ?>
    input_yesno('pinguserland',$blog->pingUserland(),85); ?>
    - getID(); + . ' FROM '.sql_table('category') + . ' WHERE cblog=' . $blog->getID(); $template['name'] = 'defcat'; $template['selected'] = $blog->getDefaultCategory(); $template['tabindex'] = 110; - showlist($query,'select',$template); + showlist($query,'select',$template); ?> -
    -
    -
    getCorrectTime()); ?> -
    input_yesno('searchable',$blog->getSearchable(),122); ?>input_yesno('searchable',$blog->getSearchable(),122); ?>
    - +
    - +

    - - getID().' ORDER BY cname'; $template['content'] = 'categorylist'; $template['tabindex'] = 200; - - $batch = new BATCH('category'); + + $batch =& new BATCH('category'); $batch->showlist($query,'table',$template); - + ?> - +
    + addTicketHidden() ?> - + @@ -2198,53 +2414,54 @@ class ADMIN {
    - +
    - - ', _PLUGINS_EXTRA , ''; - + + ',_PLUGINS_EXTRA,''; + $manager->notify( - 'BlogSettingsFormExtras', + 'BlogSettingsFormExtras', array( 'blog' => &$blog ) ); - + $this->pagefoot(); } - + function action_categorynew() { global $member, $manager; - + $blogid = intRequestVar('blogid'); - + $member->blogAdminRights($blogid) or $this->disallow(); - + $cname = postVar('cname'); $cdesc = postVar('cdesc'); - + if (!isValidCategoryName($cname)) $this->error(_ERROR_BADCATEGORYNAME); - + $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid); $res = sql_query($query); if (mysql_num_rows($res) > 0) $this->error(_ERROR_DUPCATEGORYNAME); - + $blog =& $manager->getBlog($blogid); $newCatID = $blog->createNewCategory($cname, $cdesc); - + $this->action_blogsettings(); } - - + + function action_categoryedit($catid = '', $blogid = '', $desturl = '') { - global $member; - + global $member, $manager; + if ($blogid == '') $blogid = intGetVar('blogid'); - else + else $blogid = intval($blogid); if ($catid == '') $catid = intGetVar('catid'); @@ -2259,16 +2476,18 @@ class ADMIN { $cname = $obj->cname; $cdesc = $obj->cdesc; - $this->pagehead(); + $extrahead = ''; + $this->pagehead($extrahead); ?>

    ''

    - - - - + + + + addTicketHidden(); ?> + @@ -2278,7 +2497,7 @@ class ADMIN { - _insertPluginOptions('category',$catid); ?> @@ -2288,16 +2507,16 @@ class ADMIN {
    - +
    - pagefoot(); } - - + + function action_categoryupdate() { global $member, $manager; - + $blogid = intPostVar('blogid'); $catid = intPostVar('catid'); $cname = postVar('cname'); @@ -2305,28 +2524,28 @@ class ADMIN { $desturl = postVar('desturl'); $member->blogAdminRights($blogid) or $this->disallow(); - + if (!isValidCategoryName($cname)) $this->error(_ERROR_BADCATEGORYNAME); - + $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)"; $res = sql_query($query); if (mysql_num_rows($res) > 0) $this->error(_ERROR_DUPCATEGORYNAME); - + $query = 'UPDATE '.sql_table('category').' SET' . " cname='" . addslashes($cname) . "'," - . " cdesc='" . addslashes($cdesc) . "'" + . " cdesc='" . addslashes($cdesc) . "'" . " WHERE catid=" . $catid; - + sql_query($query); - + // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); - $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid)); + $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid)); + - if ($desturl) { redirect($desturl); exit; @@ -2336,54 +2555,55 @@ class ADMIN { } function action_categorydelete() { - global $member, $manager; - + global $member, $manager; + $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); - + $member->blogAdminRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); - + // check if the category is valid - if (!$blog->isValidCategory($catid)) + if (!$blog->isValidCategory($catid)) $this->error(_ERROR_NOSUCHCATEGORY); - + // don't allow deletion of default category if ($blog->getDefaultCategory() == $catid) $this->error(_ERROR_DELETEDEFCATEGORY); - + // check if catid is the only category left for blogid $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; $res = sql_query($query); if (mysql_num_rows($res) == 1) $this->error(_ERROR_DELETELASTCATEGORY); - - + + $this->pagehead(); ?>

    - +
    getCategoryName($catid)?>
    - +
    + addTicketHidden() ?> - +
    - pagefoot(); } - + function action_categorydeleteconfirm() { - global $member, $manager; - + global $member, $manager; + $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); - + $member->blogAdminRights($blogid) or $this->disallow(); $error = $this->deleteOneCategory($catid); @@ -2391,84 +2611,84 @@ class ADMIN { $this->error($error); $this->action_blogsettings(); - } + } function deleteOneCategory($catid) { global $manager, $member; - + $catid = intval($catid); - - $manager->notify('PreDeleteCategory', array('catid' => $catid)); + + $manager->notify('PreDeleteCategory', array('catid' => $catid)); $blogid = getBlogIDFromCatID($catid); - + if (!$member->blogAdminRights($blogid)) return ERROR_DISALLOWED; - + // get blog $blog =& $manager->getBlog($blogid); // check if the category is valid - if (!$blog || !$blog->isValidCategory($catid)) + if (!$blog || !$blog->isValidCategory($catid)) return _ERROR_NOSUCHCATEGORY; - + $destcatid = $blog->getDefaultCategory(); - + // don't allow deletion of default category if ($blog->getDefaultCategory() == $catid) return _ERROR_DELETEDEFCATEGORY; - + // check if catid is the only category left for blogid $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; $res = sql_query($query); if (mysql_num_rows($res) == 1) return _ERROR_DELETELASTCATEGORY; - + // change category for all items to the default category $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid"; sql_query($query); - + // delete all associated plugin options NucleusPlugin::_deleteOptionValues('category', $catid); - + // delete category $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid; sql_query($query); - - $manager->notify('PostDeleteCategory', array('catid' => $catid)); + + $manager->notify('PostDeleteCategory', array('catid' => $catid)); } - + function moveOneCategory($catid, $destblogid) { global $manager, $member; $catid = intval($catid); $destblogid = intval($destblogid); - + $blogid = getBlogIDFromCatID($catid); - + // mover should have admin rights on both blogs if (!$member->blogAdminRights($blogid)) return _ERROR_DISALLOWED; if (!$member->blogAdminRights($destblogid)) return _ERROR_DISALLOWED; - + // cannot move to self if ($blogid == $destblogid) return _ERROR_MOVETOSELF; - + // get blogs $blog =& $manager->getBlog($blogid); - $destblog =& $manager->getBlog($destblogid); - + $destblog =& $manager->getBlog($destblogid); + // check if the category is valid - if (!$blog || !$blog->isValidCategory($catid)) + if (!$blog || !$blog->isValidCategory($catid)) return _ERROR_NOSUCHCATEGORY; - + // don't allow default category to be moved if ($blog->getDefaultCategory() == $catid) return _ERROR_MOVEDEFCATEGORY; - + $manager->notify( 'PreMoveCategory', array( @@ -2477,7 +2697,7 @@ class ADMIN { 'destblog' => &$destblog ) ); - + // update comments table (cblog) $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid; $items = sql_query($query); @@ -2489,7 +2709,7 @@ class ADMIN { $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid; sql_query($query); - // move category + // move category $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid; sql_query($query); @@ -2500,47 +2720,47 @@ class ADMIN { 'sourceblog' => &$blog, 'destblog' => $destblog ) - ); - + ); + } function action_blogsettingsupdate() { global $member, $manager; - + $blogid = intRequestVar('blogid'); - + $member->blogAdminRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); - + $notify = trim(postVar('notify')); $shortname = trim(postVar('shortname')); $updatefile = trim(postVar('update')); - + $notifyComment = intPostVar('notifyComment'); $notifyVote = intPostVar('notifyVote'); - $notifyNewItem = intPostVar('notifyNewItem'); - + $notifyNewItem = intPostVar('notifyNewItem'); + if ($notifyComment == 0) $notifyComment = 1; - if ($notifyVote == 0) $notifyVote = 1; - if ($notifyNewItem == 0) $notifyNewItem = 1; - + if ($notifyVote == 0) $notifyVote = 1; + if ($notifyNewItem == 0) $notifyNewItem = 1; + $notifyType = $notifyComment * $notifyVote * $notifyNewItem; - - + + if ($notify) { - $not = new NOTIFICATION($notify); + $not =& new NOTIFICATION($notify); if (!$not->validAddresses()) $this->error(_ERROR_BADNOTIFY); - + } - + if (!isValidShortName($shortname)) $this->error(_ERROR_BADSHORTBLOGNAME); - + if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname)) $this->error(_ERROR_DUPSHORTBLOGNAME); - + // check if update file is writable if ($updatefile && !is_writeable($updatefile)) $this->error(_ERROR_UPDATEFILE); @@ -2548,7 +2768,7 @@ class ADMIN { $blog->setName(trim(postVar('name'))); $blog->setShortName($shortname); $blog->setNotifyAddress($notify); - $blog->setNotifyType($notifyType); + $blog->setNotifyType($notifyType); $blog->setMaxComments(postVar('maxcomments')); $blog->setCommentsEnabled(postVar('comments')); $blog->setTimeOffset(postVar('timeoffset')); @@ -2559,63 +2779,64 @@ class ADMIN { $blog->setPublic(postVar('public')); $blog->setPingUserland(postVar('pinguserland')); $blog->setConvertBreaks(intPostVar('convertbreaks')); - $blog->setAllowPastPosting(intPostVar('allowpastposting')); + $blog->setAllowPastPosting(intPostVar('allowpastposting')); $blog->setDefaultCategory(intPostVar('defcat')); $blog->setSearchable(intPostVar('searchable')); $blog->writeSettings(); - + // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); - $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog)); - - + $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog)); + + $this->action_overview(_MSG_SETTINGSCHANGED); } - + function action_deleteblog() { global $member, $CONF, $manager; - - $blogid = intRequestVar('blogid'); - + + $blogid = intRequestVar('blogid'); + $member->blogAdminRights($blogid) or $this->disallow(); // check if blog is default blog if ($CONF['DefaultBlog'] == $blogid) $this->error(_ERROR_DELDEFBLOG); - + $blog =& $manager->getBlog($blogid); - + $this->pagehead(); ?>

    - +

    - +
    getName())?>
    - +
    + addTicketHidden() ?>
    - pagefoot(); } - + function action_deleteblogconfirm() { global $member, $CONF, $manager; - - $blogid = intRequestVar('blogid'); - - $manager->notify('PreDeleteBlog', array('blogid' => $blogid)); - + + $blogid = intRequestVar('blogid'); + + $manager->notify('PreDeleteBlog', array('blogid' => $blogid)); + $member->blogAdminRights($blogid) or $this->disallow(); - + // check if blog is default blog if ($CONF['DefaultBlog'] == $blogid) $this->error(_ERROR_DELDEFBLOG); @@ -2624,143 +2845,151 @@ class ADMIN { $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid; sql_query($query); - // delete all items + // delete all items $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid; sql_query($query); - + // delete all team members $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid; sql_query($query); - + // delete all bans $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid; sql_query($query); - + // delete all categories $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid; sql_query($query); - + // delete all associated plugin options NucleusPlugin::_deleteOptionValues('blog', $blogid); - + // delete the blog itself $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid; sql_query($query); - - $manager->notify('PostDeleteBlog', array('blogid' => $blogid)); - + + $manager->notify('PostDeleteBlog', array('blogid' => $blogid)); + $this->action_overview(_DELETED_BLOG); } - + function action_memberdelete() { - global $member; - + global $member, $manager; + $memberid = intRequestVar('memberid'); - + ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - + $mem = MEMBER::createFromID($memberid); - + $this->pagehead(); ?>

    - +

    getDisplayName() ?>

    - +

    Please note that media files will NOT be deleted. (At least not in this Nucleus version)

    - +
    + addTicketHidden() ?>
    - pagefoot(); } - + function action_memberdeleteconfirm() { global $member; - - $memberid = intRequestVar('memberid'); - + + $memberid = intRequestVar('memberid'); + ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - + $error = $this->deleteOneMember($memberid); if ($error) $this->error($error); - + if ($member->isAdmin()) $this->action_usermanagement(); else $this->action_overview(_DELETED_MEMBER); - } - + } + + // (static) function deleteOneMember($memberid) { global $manager; - + $memberid = intval($memberid); $mem = MEMBER::createFromID($memberid); - - if (!$mem->canBeDeleted()) - return _ERROR_DELETEMEMBER; - $manager->notify('PreDeleteMember', array('member' => &$mem)); - + if (!$mem->canBeDeleted()) + return _ERROR_DELETEMEMBER; + + $manager->notify('PreDeleteMember', array('member' => &$mem)); + $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid; sql_query($query); $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid; - sql_query($query); - + sql_query($query); + + $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid; + sql_query($query); + // delete all associated plugin options NucleusPlugin::_deleteOptionValues('member', $memberid); - - $manager->notify('PostDeleteMember', array('member' => &$mem)); - + + $manager->notify('PostDeleteMember', array('member' => &$mem)); + return ''; } - + function action_createnewlog() { - global $member, $CONF; - + global $member, $CONF, $manager; + // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); - + $this->pagehead(); echo '

    (',_BACKTOMANAGE,')

    '; ?>

    - +

    注意事項

    - +

    作成にあたって、下記の注意事項 をまずお読み下さい

    - +

    新しいweblogを作成した後に、このblogにアクセスするための方法を紹介しておきます。方法は2つあります:

    - +
      -
    1. 簡単な方法: index.phpの複製を作り、新しいblogを表示するように変更を加えます。 この変更の詳細は、作成後に表示されます。Further instructions on how to do this will be provided after you've submitted this first form.
      2. +
    2. 簡単な方法: index.phpの複製を作り、新しいblogを表示するように変更を加えます。 この変更の詳細は、作成後に表示されます。
    3. 高度な方法: 現在のblogで使用しているスキンにotherblogというコードを使った記述を加えます。この方法では、同じページ内で複数のblogを展開することが可能となります。
    - +

    Weblogの作成

    - +

    - +
    - + + addTicketHidden() ?> + + @@ -2768,57 +2997,57 @@ class ADMIN { - +
    - +
    - + -
    - -
    + +
    - +
    - +
    - pagefoot(); + pagefoot(); } - + function action_addnewlog() { global $member, $manager, $CONF; - + // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); - + $bname = trim(postVar('name')); $bshortname = trim(postVar('shortname')); $btimeoffset = postVar('timeoffset'); $bdesc = trim(postVar('desc')); $bdefskin = postVar('defskin'); - + if (!isValidShortName($bshortname)) $this->error(_ERROR_BADSHORTBLOGNAME); - + if ($manager->existsBlog($bshortname)) $this->error(_ERROR_DUPSHORTBLOGNAME); - + $manager->notify( 'PreAddBlog', array( @@ -2837,13 +3066,13 @@ class ADMIN { $btimeoffset = addslashes($btimeoffset); $bdesc = addslashes($bdesc); $bdefskin = addslashes($bdefskin); - + // create blog $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')"; sql_query($query); $blogid = mysql_insert_id(); $blog =& $manager->getBlog($blogid); - + // create new category sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, 'General','Items that do not fit in other categories')"); $catid = mysql_insert_id(); @@ -2851,42 +3080,42 @@ class ADMIN { // set as default category $blog->setDefaultCategory($catid); $blog->writeSettings(); - - // create team member + + // create team member $memberid = $member->getID(); $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)"; sql_query($query); - + $blog->additem($blog->getDefaultCategory(),'First Item','これはあなたのweblogにおける最初のアイテムです。自由に削除していただいてかまいません。','',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); - + $manager->notify( 'PostAddBlog', array( 'blog' => &$blog ) ); - + $manager->notify( 'PostAddCategory', array( 'catid' => $catid ) ); - + $this->pagehead(); ?>

    新しいweblogが作成されました

    - +

    新しいweblog 「」が作成されました。続けて、これにアクセスするために以下のどちらかの手順に進んでください。

    - +
    1. 簡単な方法: 下のコードを貼付けた .php というファイルを作成する
      2. -
    2. 高度な方法: 現在使用しているスキンに新しいweblogを展開させるための記述を加える
      3. +
    3. 高度な方法: 現在使用しているスキンに新しいweblogを展開させるための記述を加える
    - +

    方法 1: .php というファイルを作成

    - +

    .php というファイルを作成して、中身に以下のコードを貼り付ける:

    <?php
 
@@ -2900,12 +3129,14 @@ selector();
 ?>

    すでにあるindex.phpと同じディレクトリにアップロードします。

    - +

    新しいweblogの作成を完了するためには、下にこのファイルのURLを入力してください。 (すでに用意した値で合っているとは思いますが保証はしません):

    - + +
    - - + + addTicketHidden() ?> + @@ -2914,14 +3145,16 @@ selector();
    - +

    方法 2: 現在使用しているスキンに新しいweblogを展開する記述を加える

    新しいweblogの作成を完了するためには、下にURLを入力してください。 (大抵は既存blogと同じURL)

    - + +
    - + addTicketHidden() ?> + @@ -2930,41 +3163,41 @@ selector();
    - - pagefoot(); - + + pagefoot(); + } - + function action_addnewlog2() { global $member, $manager; - + $member->blogAdminRights($blogid) or $this->disallow(); - + $burl = requestVar('url'); $blogid = intRequestVar('blogid'); - - $blog =& $manager->getBlog($blogid); + + $blog =& $manager->getBlog($blogid); $blog->setURL(trim($burl)); - $blog->writeSettings(); - + $blog->writeSettings(); + $this->action_overview(_MSG_NEWBLOG); } function action_skinieoverview() { - global $member, $DIR_LIBS; - + global $member, $DIR_LIBS, $manager; + $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); - + $this->pagehead(); - - echo '

    (',_BACKTOMANAGE,')

    '; - + + echo '

    (',_BACKTOMANAGE,')

    '; + ?> -

    - +

    +

    + addTicketHidden() ?> - +

    - +

    - + addTicketHidden() ?> +

    - + @@ -3016,72 +3252,72 @@ selector(); $id = 'skinexp' . $skinObj->sdnumber; echo ''; - echo ''; + echo ''; echo ''; } - + echo ''; - + // show list of templates $res = sql_query('SELECT * FROM '.sql_table('template_desc')); while ($templateObj = mysql_fetch_object($res)) { - $id = 'templateexp' . $templateObj->tdnumber; + $id = 'templateexp' . $templateObj->tdnumber; echo ''; - echo ''; + echo ''; echo ''; } - + ?> - +
    '; echo '',htmlspecialchars($skinObj->sddesc),'',htmlspecialchars($skinObj->sddesc),'
    ',_SKINIE_EXPORT_TEMPLATES,'
    '; echo '',htmlspecialchars($templateObj->tddesc),'',htmlspecialchars($templateObj->tddesc),'
    - - pagefoot(); - + } - + function action_skinieimport() { - global $member, $DIR_LIBS, $DIR_SKINS; - + global $member, $DIR_LIBS, $DIR_SKINS, $manager; + $member->isAdmin() or $this->disallow(); - + // load skinie class include_once($DIR_LIBS . 'skinie.php'); - + $skinFileRaw= postVar('skinfile'); $mode = postVar('mode'); - $importer = new SKINIMPORT(); - + $importer =& new SKINIMPORT(); + // get full filename if ($mode == 'file') { $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; - + // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; } else { $skinFile = $skinFileRaw; } - + // read only metadata - $error = $importer->readFile($skinFile, 1); - + $error = $importer->readFile($skinFile, 1); + if ($error) $this->error($error); $this->pagehead(); - echo '

    (',_BACK,')

    '; + echo '

    (',_BACK,')

    '; ?>

    @@ -3089,29 +3325,30 @@ selector();

  • getInfo())?>

  • '._AND.' ',$importer->getSkinNames())?>

  • '._AND.' ',$importer->getTemplateNames())?>

    • -

  • '._AND.' ',$importer->checkSkinNameClashes())?>

    • +

  • '._AND.' ',$importer->checkSkinNameClashes())?>

  • '._AND.' ',$importer->checkTemplateNameClashes())?>

    • + addTicketHidden() ?> - +
    - pagefoot(); } - + function action_skiniedoimport() { global $member, $DIR_LIBS, $DIR_SKINS; - + $member->isAdmin() or $this->disallow(); - + // load skinie class include_once($DIR_LIBS . 'skinie.php'); @@ -3119,23 +3356,23 @@ selector(); $mode = postVar('mode'); $allowOverwrite = intPostVar('overwrite'); - + // get full filename if ($mode == 'file') { - $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; - + $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; + // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; - + } else { $skinFile = $skinFileRaw; } - $importer = new SKINIMPORT(); + $importer =& new SKINIMPORT(); - $error = $importer->readFile($skinFile); + $error = $importer->readFile($skinFile); if ($error) $this->error($error); @@ -3147,7 +3384,7 @@ selector(); $this->pagehead(); - echo '

    (',_BACKTOMANAGE,')

    '; + echo '

    (',_BACKTOMANAGE,')

    '; ?>

    @@ -3160,15 +3397,15 @@ selector(); pagefoot(); } - + function action_skinieexport() { global $member, $DIR_LIBS; - + $member->isAdmin() or $this->disallow(); - + // load skinie class include_once($DIR_LIBS . 'skinie.php'); - + $aSkins = requestIntArray('skin'); $aTemplates = requestIntArray('template'); @@ -3176,11 +3413,11 @@ selector(); if (!is_array($aSkins)) $aSkins = array(); $skinList = array_keys($aSkins); - $templateList = array_keys($aTemplates); + $templateList = array_keys($aTemplates); $info = postVar('info'); - $exporter = new SKINEXPORT(); + $exporter =& new SKINEXPORT(); foreach ($skinList as $skinId) { $exporter->addSkin($skinId); } @@ -3189,32 +3426,33 @@ selector(); } $exporter->setInfo($info); - $exporter->export(); + $exporter->export(); } - + function action_templateoverview() { - global $member; - + global $member, $manager; + $member->isAdmin() or $this->disallow(); - + $this->pagehead(); - - echo '

    (',_BACKTOMANAGE,')

    '; - + + echo '

    (',_BACKTOMANAGE,')

    '; + echo '

    ' . _TEMPLATE_TITLE . '

    '; echo '

    ' . _TEMPLATE_AVAILABLE_TITLE . '

    '; - + $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname'; $template['content'] = 'templatelist'; $template['tabindex'] = 10; showlist($query,'table',$template); - + echo '

    ' . _TEMPLATE_NEW_TITLE . '

    '; - + ?>
    - + + addTicketHidden() ?> @@ -3225,47 +3463,48 @@ selector();
    - +
    - - pagefoot(); } - + function action_templateedit($msg = '') { - global $member; - + global $member, $manager; + $templateid = intRequestVar('templateid'); - + $member->isAdmin() or $this->disallow(); - + $extrahead = ''; $extrahead .= ''; $this->pagehead($extrahead); - + $templatename = TEMPLATE::getNameFromId($templateid); $templatedescription = TEMPLATE::getDesc($templateid); - $template = TEMPLATE::read($templatename); - + $template =& $manager->getTemplate($templatename); + ?>

    ()

    ''

    - + "._MESSAGE.": $msg

    "; ?> - +

    - +
    - + + addTicketHidden() ?> - + @@ -3284,63 +3523,63 @@ selector(); -_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); - $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); - $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); - $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); - $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); - $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); +_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); + $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); + $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); + $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); + $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); + $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); ?> - + -_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); - $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); - $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); - $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); - $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); - $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); - $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); +_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); + $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); + $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); + $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); + $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); + $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); + $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); ?> - + _templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); + $this->_templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); ?> - + -_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); +_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); ?> - + -_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); - $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); - $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); +_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); + $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); + $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); ?> - + -_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 160); - $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 170); - $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 180); +_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 160); + $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 170); + $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 180); ?> -_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 190); - $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 200); - $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 210); - $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 220); - $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 230); +_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 190); + $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 200); + $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 210); + $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 220); + $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 230); ?> - + -_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 240); - $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 250); - $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 260); +_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 240); + $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 250); + $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 260); ?> -_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',270); - $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',280); -?> +_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',270); + $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',280); +?> @@ -3350,59 +3589,59 @@ selector();
    - +
    - pagefoot(); } - + function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { static $count = 1; ?> - + isAdmin() or $this->disallow(); - + $name = postVar('tname'); $desc = postVar('tdesc'); - + if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); - + if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name)) $this->error(_ERROR_DUPTEMPLATENAME); - + $name = addslashes($name); $desc = addslashes($desc); - + // 1. Remove all template parts $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid; sql_query($query); - + // 2. Update description $query = 'UPDATE '.sql_table('template_desc').' SET' - . " tdname='" . $name . "'," - . " tddesc='" . $desc . "'" - . " WHERE tdnumber=" . $templateid; + . " tdname='" . $name . "'," + . " tddesc='" . $desc . "'" + . " WHERE tdnumber=" . $templateid; sql_query($query); - + // 3. Add non-empty template parts $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); $this->addToTemplate($templateid, 'ITEM', postVar('ITEM')); $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER')); $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK')); - $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); + $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); $this->addToTemplate($templateid, 'NEW', postVar('NEW')); $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER')); $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY')); @@ -3429,118 +3668,119 @@ selector(); $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE')); $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE')); $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE')); - - + + // jump back to template edit $this->action_templateedit(_TEMPLATE_UPDATED); - - } + + } function addToTemplate($id, $partname, $content) { $partname = addslashes($partname); - $content = addslashes($content); - + $content = addslashes($content); + $id = intval($id); - + // don't add empty parts: if (!trim($content)) return -1; - + $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) " - . "VALUES ($id, '$partname', '$content')"; + . "VALUES ($id, '$partname', '$content')"; mysql_query($query) or die("Query error: " . mysql_error()); return mysql_insert_id(); - } - + } + function action_templatedelete() { - global $member; - + global $member, $manager; + $member->isAdmin() or $this->disallow(); - + $templateid = intRequestVar('templateid'); // TODO: check if template can be deleted - + $this->pagehead(); - + $name = TEMPLATE::getNameFromId($templateid); $desc = TEMPLATE::getDesc($templateid); - + ?>

    - +

    ()

    - +
    + addTicketHidden() ?>
    - pagefoot(); - } - + } + function action_templatedeleteconfirm() { global $member, $manager; - + $templateid = intRequestVar('templateid'); - + $member->isAdmin() or $this->disallow(); - + $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); - + // 1. delete description sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); - + // 2. delete parts sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); - - $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); - - $this->action_templateoverview(); - } - + + $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); + + $this->action_templateoverview(); + } + function action_templatenew() { global $member; - + $member->isAdmin() or $this->disallow(); - + $name = postVar('name'); $desc = postVar('desc'); - + if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); - + if (TEMPLATE::exists($name)) - $this->error(_ERROR_DUPTEMPLATENAME); + $this->error(_ERROR_DUPTEMPLATENAME); $newTemplateId = TEMPLATE::createNew($name, $desc); $this->action_templateoverview(); } - + function action_templateclone() { global $member; - + $templateid = intRequestVar('templateid'); - + $member->isAdmin() or $this->disallow(); - + // 1. read old template $name = TEMPLATE::getNameFromId($templateid); $desc = TEMPLATE::getDesc($templateid); // 2. create desc thing $name = "cloned" . $name; - + // if a template with that name already exists: if (TEMPLATE::exists($name)) { $i = 1; while (TEMPLATE::exists($name . $i)) $i++; $name .= $i; - } - + } + $newid = TEMPLATE::createNew($name, $desc); // 3. create clone @@ -3552,32 +3792,33 @@ selector(); $this->action_templateoverview(); } - + function action_skinoverview() { - global $member; - + global $member, $manager; + $member->isAdmin() or $this->disallow(); - + $this->pagehead(); - - echo '

    (',_BACKTOMANAGE,')

    '; - + + echo '

    (',_BACKTOMANAGE,')

    '; + echo '

    ' . _SKIN_EDIT_TITLE . '

    '; - + echo '

    ' . _SKIN_AVAILABLE_TITLE . '

    '; - + $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname'; $template['content'] = 'skinlist'; $template['tabindex'] = 10; showlist($query,'table',$template); - + echo '

    ' . _SKIN_NEW_TITLE . '

    '; - + ?>
    - + + addTicketHidden() ?> @@ -3588,49 +3829,49 @@ selector();
    - +
    - - pagefoot(); } - + function action_skinnew() { global $member; - + $member->isAdmin() or $this->disallow(); - + $name = trim(postVar('name')); $desc = trim(postVar('desc')); - + if (!isValidSkinName($name)) $this->error(_ERROR_BADSKINNAME); - + if (SKIN::exists($name)) - $this->error(_ERROR_DUPSKINNAME); - + $this->error(_ERROR_DUPSKINNAME); + $newId = SKIN::createNew($name, $desc); - + $this->action_skinoverview(); - } + } function action_skinedit() { - global $member; - + global $member, $manager; + $skinid = intRequestVar('skinid'); - + $member->isAdmin() or $this->disallow(); - - $skin = new SKIN($skinid); - + + $skin =& new SKIN($skinid); + $this->pagehead(); ?>

    - () + ()

    'getName() ?>'

    - +

      @@ -3643,12 +3884,13 @@ selector();
    - +

    - + + addTicketHidden() ?> @@ -3662,40 +3904,40 @@ selector(); - + - +
    input_yesno('inc_mode',$skin->getIncludeMode(),120,'skindir','normal',_PARSER_INCMODE_SKINDIR,_PARSER_INCMODE_NORMAL);?>
    - +
    - - + + pagefoot(); } - + function action_skineditgeneral() { global $member; - - $skinid = intRequestVar('skinid'); - + + $skinid = intRequestVar('skinid'); + $member->isAdmin() or $this->disallow(); - + $name = postVar('name'); $desc = postVar('desc'); $type = postVar('type'); $inc_mode = postVar('inc_mode'); $inc_prefix = postVar('inc_prefix'); - - $skin = new SKIN($skinid); - + + $skin =& new SKIN($skinid); + // 1. Some checks if (!isValidSkinName($name)) $this->error(_ERROR_BADSKINNAME); - + if (($skin->getName() != $name) && SKIN::exists($name)) $this->error(_ERROR_DUPSKINNAME); @@ -3704,65 +3946,66 @@ selector(); // 2. Update description $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix); - + $this->action_skinedit(); - + } - + function action_skinedittype($msg = '') { - global $member; - + global $member, $manager; + $skinid = intRequestVar('skinid'); $type = requestVar('type'); - + $member->isAdmin() or $this->disallow(); - - $skin = new SKIN($skinid); - + + $skin =& new SKIN($skinid); + $friendlyNames = SKIN::getFriendlyNames(); - + $this->pagehead(); ?>

    ()

    - +

    'getName() ?>':

    - + "._MESSAGE.": $msg

    "; ?> - - + +
    - + + addTicketHidden() ?> - + (skin type: )
    - + - +
    (skin type: ) - +

    - + "; if (count($actions) != 0) echo ", "; } @@ -3779,110 +4022,111 @@ selector(); showlist($query,'table',array('content'=>'shortnames')); ?> - +
    - - - pagefoot(); + + + pagefoot(); } - + function action_skinupdate() { global $member; - - $skinid = intRequestVar('skinid'); + + $skinid = intRequestVar('skinid'); $content = trim(postVar('content')); - $type = postVar('type'); + $type = postVar('type'); $member->isAdmin() or $this->disallow(); - - $skin = new SKIN($skinid); + + $skin =& new SKIN($skinid); $skin->update($type, $content); - + $this->action_skinedittype(_SKIN_UPDATED); } - + function action_skindelete() { - global $member, $CONF; - + global $member, $manager, $CONF; + $skinid = intRequestVar('skinid'); - + $member->isAdmin() or $this->disallow(); - + // don't allow default skin to be deleted if ($skinid == $CONF['BaseSkin']) $this->error(_ERROR_DEFAULTSKIN); - + // don't allow deletion of default skins for blogs $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; $r = sql_query($query); if ($o = mysql_fetch_object($r)) $this->error(_ERROR_SKINDEFDELETE . $o->bname); - + $this->pagehead(); - - $skin = new SKIN($skinid); + + $skin =& new SKIN($skinid); $name = $skin->getName(); $desc = $skin->getDescription(); - + ?>

    - +

    ()

    - +
    + addTicketHidden() ?>
    - pagefoot(); - } - + } + function action_skindeleteconfirm() { global $member, $CONF, $manager; - - $skinid = intRequestVar('skinid'); - + + $skinid = intRequestVar('skinid'); + $member->isAdmin() or $this->disallow(); - + // don't allow default skin to be deleted if ($skinid == $CONF['BaseSkin']) $this->error(_ERROR_DEFAULTSKIN); - + // don't allow deletion of default skins for blogs $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; $r = sql_query($query); if ($o = mysql_fetch_object($r)) - $this->error(_ERROR_SKINDEFDELETE .$o->bname); - - $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); - + $this->error(_ERROR_SKINDEFDELETE .$o->bname); + + $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); + // 1. delete description sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); - + // 2. delete parts sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); - - $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); - + + $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); + $this->action_skinoverview(); } - + function action_skinclone() { global $member; - - $skinid = intRequestVar('skinid'); - + + $skinid = intRequestVar('skinid'); + $member->isAdmin() or $this->disallow(); - + // 1. read skin to clone - $skin = new SKIN($skinid); - + $skin =& new SKIN($skinid); + $name = "clone_" . $skin->getName(); - + // if a skin with that name already exists: if (SKIN::exists($name)) { $i = 1; @@ -3890,7 +4134,7 @@ selector(); $i++; $name .= $i; } - + // 2. create skin desc $newid = SKIN::createNew( $name, @@ -3899,8 +4143,8 @@ selector(); $skin->getIncludeMode(), $skin->getIncludePrefix() ); - - + + // 3. clone $this->skinclonetype($skin, $newid, 'index'); $this->skinclonetype($skin, $newid, 'item'); @@ -3910,11 +4154,11 @@ selector(); $this->skinclonetype($skin, $newid, 'error'); $this->skinclonetype($skin, $newid, 'member'); $this->skinclonetype($skin, $newid, 'imagepopup'); - + $this->action_skinoverview(); - + } - + function skinclonetype($skin, $newid, $type) { $newid = intval($newid); $content = $skin->getContent($type); @@ -3923,48 +4167,49 @@ selector(); sql_query($query); } } - + function action_settingsedit() { global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; - + $member->isAdmin() or $this->disallow(); - + $this->pagehead(); - - echo '

    (',_BACKTOMANAGE,')

    '; + + echo '

    (',_BACKTOMANAGE,')

    '; ?>

    - +
    - + - + addTicketHidden() ?> + @@ -3988,11 +4233,11 @@ selector(); - + - + + + - + @@ -4088,13 +4335,13 @@ selector(); + + @@ -4104,33 +4351,33 @@ selector(); - + - + - + - + @@ -4140,6 +4387,9 @@ selector(); + + + @@ -4151,7 +4401,7 @@ selector(); @@ -4165,47 +4415,47 @@ selector();
    -
    -
    - + - + +
    input_yesno('DisableSite',$CONF['DisableSite'],10060); ?> -
    - URL: +
    + URL:
    -
    - input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?> -
    input_yesno('URLMode',$CONF['URLMode'],10077, - 'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO); - - echo ' ', _SETTINGS_URLMODE_HELP; - - ?> - input_yesno('URLMode',$CONF['URLMode'],10077, + 'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO); + + echo ' ', _SETTINGS_URLMODE_HELP; + + ?> + +
    - - " . _WARNING_NOTADIR . ""; - if (!is_readable($DIR_MEDIA)) - echo "
    " . _WARNING_NOTREADABLE . ""; - if (!is_writeable($DIR_MEDIA)) - echo "
    " . _WARNING_NOTWRITABLE . ""; - ?> + + " . _WARNING_NOTADIR . ""; + if (!is_readable($DIR_MEDIA)) + echo "
    " . _WARNING_NOTREADABLE . ""; + if (!is_writeable($DIR_MEDIA)) + echo "
    " . _WARNING_NOTWRITABLE . ""; + ?>
    - +
    - +
    - -
    input_yesno('MediaPrefix',$CONF['MediaPrefix'],10110); ?>
    input_yesno('AllowLoginEdit',$CONF['AllowLoginEdit'],10120); ?>
    - + input_yesno('AllowMemberCreate',$CONF['AllowMemberCreate'],10130); ?>
    -
    +
    		input_yesno('NewMemberCanLogon',$CONF['NewMemberCanLogon'],10140); ?>
    - + input_yesno('AllowMemberMail',$CONF['AllowMemberMail'],10150); ?>
    - + input_yesno('NonmemberMail',$CONF['NonmemberMail'],10155); ?>
    - + input_yesno('ProtectMemNames',$CONF['ProtectMemNames'],10156); ?>
    input_yesno('SessionCookie',$CONF['SessionCookie'],10190, - 1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?> + 1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?>
    - +
    - ',_PLUGINS_EXTRA,''; + ',_PLUGINS_EXTRA,''; $manager->notify( - 'GeneralSettingsFormExtras', + 'GeneralSettingsFormExtras', array() ); - + $this->pagefoot(); } - + function action_settingsupdate() { global $member, $CONF; - + $member->isAdmin() or $this->disallow(); - + // check if email address for admin is valid if (!isValidMailAddress(postVar('AdminEmail'))) $this->error(_ERROR_BADMAILADDRESS); - - // save settings - $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); - $this->updateConfig('BaseSkin', postVar('BaseSkin')); - $this->updateConfig('IndexURL', postVar('IndexURL')); + + // save settings + $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); + $this->updateConfig('BaseSkin', postVar('BaseSkin')); + $this->updateConfig('IndexURL', postVar('IndexURL')); $this->updateConfig('AdminURL', postVar('AdminURL')); - $this->updateConfig('PluginURL', postVar('PluginURL')); - $this->updateConfig('SkinsURL', postVar('SkinsURL')); - $this->updateConfig('ActionURL', postVar('ActionURL')); - $this->updateConfig('Language', postVar('Language')); - $this->updateConfig('AdminEmail', postVar('AdminEmail')); - $this->updateConfig('SessionCookie', postVar('SessionCookie')); - $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); - $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); - $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); - $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); - $this->updateConfig('SiteName', postVar('SiteName')); + $this->updateConfig('PluginURL', postVar('PluginURL')); + $this->updateConfig('SkinsURL', postVar('SkinsURL')); + $this->updateConfig('ActionURL', postVar('ActionURL')); + $this->updateConfig('Language', postVar('Language')); + $this->updateConfig('AdminEmail', postVar('AdminEmail')); + $this->updateConfig('SessionCookie', postVar('SessionCookie')); + $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); + $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); + $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); + $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); + $this->updateConfig('SiteName', postVar('SiteName')); $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon')); $this->updateConfig('DisableSite', postVar('DisableSite')); $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); @@ -4214,36 +4464,37 @@ selector(); $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); $this->updateConfig('AllowUpload', postVar('AllowUpload')); $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); - $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); + $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); - $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); + $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); $this->updateConfig('CookieDomain', postVar('CookieDomain')); $this->updateConfig('CookiePath', postVar('CookiePath')); $this->updateConfig('CookieSecure', postVar('CookieSecure')); - $this->updateConfig('URLMode', postVar('URLMode')); - + $this->updateConfig('URLMode', postVar('URLMode')); + $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); + // load new config and redirect (this way, the new language will be used is necessary) // note that when changing cookie settings, this redirect might cause the user // to have to log in again. getConfig(); redirect($CONF['AdminURL'] . '?action=manage'); exit; - + } - - + + function updateConfig($name, $val) { $name = addslashes($name); $val = trim(addslashes($val)); - + $query = 'UPDATE '.sql_table('config') - . " SET value='$val'" - . " WHERE name='$name'"; + . " SET value='$val'" + . " WHERE name='$name'"; mysql_query($query) or die("Query error: " . mysql_error()); return mysql_insert_id(); } - + /** * Error message */ @@ -4257,17 +4508,17 @@ selector(); $this->pagefoot(); exit; } - + function disallow() { ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI')); - + $this->error(_ERROR_DISALLOWED); } - - + + function pagehead($extrahead = '') { global $member, $nucleus, $CONF, $manager; - + $manager->notify( 'AdminPrePageHead', array( @@ -4275,26 +4526,25 @@ selector(); 'action' => $this->action ) ); - + $baseUrl = htmlspecialchars($CONF['AdminURL']); ?> - - <?php echo htmlspecialchars($CONF['SiteName'])?> - Admin + <?php echo htmlspecialchars($CONF['SiteName'])?> - Admin - - + - - - + + + @@ -4305,36 +4555,36 @@ selector();
    - isLoggedIn()) + isLoggedIn()) echo _LOGGEDINAS . ' ' . $member->getDisplayName() - ." - " . _LOGOUT. "" - . "
    " . _ADMINHOME . " - "; - else - echo _NOTLOGGEDIN . '
    '; + ." - " . _LOGOUT. "" + . "
    " . _ADMINHOME . " - "; + else + echo '' , _NOTLOGGEDIN , '
    '; echo ""._YOURSITE.""; - + echo '
    ('; - + if ($member->isLoggedIn() && $member->isAdmin()) - echo 'Nucleus ', $nucleus['version'], ''; + echo 'Nucleus CMS ', $nucleus['version'], ''; else - echo 'Nucleus ' , $nucleus['version']; + echo 'Nucleus CMS ' , $nucleus['version']; echo ')'; echo '
    '; } - + function pagefoot() { global $action, $member, $manager; - + $manager->notify( 'AdminPrePageFoot', array( 'action' => $this->action ) - ); - - if ($action != 'showlogin') { + ); + + if ($member->isLoggedIn() && ($action != 'showlogin')) { ?>

      @@ -4344,21 +4594,21 @@ selector();
      - Nucleus © 2002-2004 The Nucleus Group + Nucleus CMS © 2002-2005 The Nucleus Group - Donate! -
      - +
    +
    - +
    - - isLoggedIn())) { echo ''; - + echo ''; + echo '

    ',_QMENU_ADD,'

    '; echo '
    '; echo ''; @@ -4373,7 +4623,7 @@ selector(); $query = 'SELECT bnumber as value, bname as text' . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') . ' WHERE tblog=bnumber and tmember=' . $member->getID() - . ' ORDER BY bname'; + . ' ORDER BY bname'; } $template['name'] = 'blogid'; $template['tabindex'] = 15000; @@ -4381,7 +4631,7 @@ selector(); $template['selected'] = -1; $template['shorten'] = 10; $template['shortenel'] = ''; - $template['javascript'] = 'onchange="return form.submit()"'; + $template['javascript'] = 'onchange="return form.submit()"'; showlist($query,'select',$template); echo '
    '; @@ -4396,29 +4646,29 @@ selector(); - // ---- general settings ---- + // ---- general settings ---- if ($member->isAdmin()) { echo '

    ',_QMENU_MANAGE,'

    '; echo ''; echo '

    ',_QMENU_LAYOUT,'

    '; echo ''; } - + $aPluginExtras = array(); $manager->notify( 'QuickMenu', @@ -4436,31 +4686,33 @@ selector(); } echo ''; } - - } else { - echo '

    ', _QMENU_INTRO, '

    ', _QMENU_INTRO_TEXT; - + } else if (($action == 'activate') || ($action == 'activatesetpwd')) { + + echo '

    ', _QMENU_ACTIVATE, '

    ', _QMENU_ACTIVATE_TEXT; + } else { + // introduction text on login screen + echo '

    ', _QMENU_INTRO, '

    ', _QMENU_INTRO_TEXT; } ?>
    - + -
    - - + + + teamRights($blogid) or $this->disallow(); - + // header-code stolen from phpMyAdmin // REGEDIT and bookmarklet code stolen from GreyMatter @@ -4470,36 +4722,36 @@ selector(); header('Content-Type: application/octetstream'); header('Content-Disposition: filename="nucleus.reg"'); header('Pragma: no-cache'); - header('Expires: 0'); - + header('Expires: 0'); + echo "REGEDIT4\n"; echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\Post To &Nucleus (".$sjisBlogName.")]\n"; echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n"; - echo '"contexts"=hex:31'; + echo '"contexts"=hex:31'; } - + function action_bookmarklet() { global $member, $manager; - + $blogid = intRequestVar('blogid'); - + $member->teamRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); $bm = getBookmarklet($blogid); - + $this->pagehead(); echo '

    (',_BACKHOME,')

    '; - + ?> - +

    Bookmarklet

    - +

    Bookmarklet とは、クリック1回で記事の投稿ができるシステムです。 この Bookmarklet をインストールすると、ブラウザのツールバーの'add to weblog'ボタンが利用可能となり、Nucleusの新規アイテムの追加ウィンドウがポップアップします。任意のWebページを開いた状態でこのボタンを押せば、そのWebページのタイトルと、そのページへのリンクタグがすでに埋め込まれた状態でアイテム追加ウィンドウが開き、さらに、そのページ内に引用したい文を選択した状態であればその引用文も自動的に引用します。

    - +

    Bookmarklet

    下のリンク部分を「お気に入り」もしくはツールバーにドラッグできます。(その前にテストしてみたい場合は単純に下のリンクをクリックしてみてください) @@ -4507,16 +4759,20 @@ selector();
    Add to getShortName()?> (ほとんどのブラウザで動作します)

    - +

    右クリックメニューにインストール (WindowsでIE使用時)

    - あるいは右クリックメニューにインストールすることもできます (「開く」を選択すれば直接レジストリに登録します) + addTicketToUrl($url); + ?> + あるいは右クリックメニューにインストールすることもできます (「開く」を選択すれば直接レジストリに登録します)

    - +

    - このインストールした右クリックメニューを表示するためにはIEの再起動が必要です + このインストールした右クリックメニューを表示するためにはIEの再起動が必要です。

    - +

    アンインストール

    「お気に入り」もしくはツールバーから消すには、単に削除するだけです。 @@ -4525,7 +4781,7 @@ selector();

    右クリックメニューから消したい時は、以下の手順を踏んでください:

    - +
    1. スタートメニューから「ファイルを指定して実行...」を選択
    2. "regedit" と入力
      3. @@ -4536,29 +4792,31 @@ selector(); pagefoot(); - + } function action_actionlog() { - global $member; - + global $member, $manager; + $member->isAdmin() or $this->disallow(); - + $this->pagehead(); - - echo '

      (',_BACKTOMANAGE,')

      '; - + + echo '

      (',_BACKTOMANAGE,')

      '; + + $url = $manager->addTicketToUrl('index.php?action=clearactionlog'); + ?>

      -

      +

      ' . _ACTIONLOG_TITLE . ''; - + $query = 'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC'; $template['content'] = 'actionlist'; $amount = showlist($query,'table',$template); - + $this->pagefoot(); } @@ -4566,30 +4824,30 @@ selector(); function action_banlist() { global $member, $manager; - + $blogid = intRequestVar('blogid'); - + $member->blogAdminRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); - + $this->pagehead(); - echo '

      (',_BACKHOME,')

      '; - + echo '

      (',_BACKHOME,')

      '; + echo '

      ' . _BAN_TITLE . " '". $this->bloglink($blog) ."'

      "; - + $query = 'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid.' ORDER BY iprange'; $template['content'] = 'banlist'; $amount = showlist($query,'table',$template); - + if ($amount == 0) echo _BAN_NONE; - + echo '

      '._BAN_NEW_TITLE.'

      '; echo "

      "._BAN_NEW_TEXT."

      "; - - + + $this->pagefoot(); } @@ -4597,57 +4855,58 @@ selector(); function action_banlistdelete() { global $member, $manager; - - $blogid = intRequestVar('blogid'); - $iprange = requestVar('iprange'); - + + $blogid = intRequestVar('blogid'); + $iprange = requestVar('iprange'); + $member->blogAdminRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); - + $this->pagehead(); ?>

      - +
      - +

      - +

      - +

      - +

      - +

      - +
      + addTicketHidden() ?>
      - +
      - pagefoot(); } function action_banlistdeleteconfirm() { global $member, $manager; - + $blogid = intPostVar('blogid'); $allblogs = postVar('allblogs'); $iprange = postVar('iprange'); - + $member->blogAdminRights($blogid) or $this->disallow(); - + $deleted = array(); if (!$allblogs) { @@ -4662,59 +4921,59 @@ selector(); } } - if (sizeof($deleted) == 0) - $this->error(_ERROR_DELETEBAN); + if (sizeof($deleted) == 0) + $this->error(_ERROR_DELETEBAN); $this->pagehead(); - + echo '(',_BACK,')'; echo '

      '._BAN_REMOVED_TITLE.'

      '; echo "

      "._BAN_REMOVED_TEXT."

      "; - + echo ""; - + $this->pagefoot(); } - + function action_banlistnewfromitem() { $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid'))); } - + function action_banlistnew($blogid = '') { global $member, $manager; - + if ($blogid == '') $blogid = intRequestVar('blogid'); - + $ip = requestVar('ip'); - + $member->blogAdminRights($blogid) or $this->disallow(); - + $blog =& $manager->getBlog($blogid); - + $this->pagehead(); ?>

      - - + +
      - +

      - +

      - +
      An example: "134.58.253.193" will only block one computer, while "134.58.253" will block 256 IP addresses, including the one from the first example.
      - +
      -
      @@ -4725,50 +4984,51 @@ selector(); } ?>
      - +

      -
      +

      - +

      - +

      - +
      + addTicketHidden() ?>
      - + - + pagefoot(); } - + function action_banlistadd() { global $member; - + $blogid = intPostVar('blogid'); $allblogs = postVar('allblogs'); $iprange = postVar('iprange'); if ($iprange == "custom") $iprange = postVar('customiprange'); $reason = postVar('reason'); - + $member->blogAdminRights($blogid) or $this->disallow(); - + // TODO: check IP range validity - + if (!$allblogs) { if (!BAN::addBan($blogid, $iprange, $reason)) $this->error(_ERROR_ADDBAN); @@ -4783,61 +5043,63 @@ selector(); if ($failed) $this->error(_ERROR_ADDBAN); } - + $this->action_banlist(); - + } - + function action_clearactionlog() { global $member; - + $member->isAdmin() or $this->disallow(); - + ACTIONLOG::clear(); - + $this->action_manage(_MSG_ACTIONLOGCLEARED); } - + function action_backupoverview() { - global $member; - + global $member, $manager; + $member->isAdmin() or $this->disallow(); - + $this->pagehead(); - echo '

      (',_BACKTOMANAGE,')

      '; + echo '

      (',_BACKTOMANAGE,')

      '; ?>

      - +

      - +

      - +

      + addTicketHidden() ?>


      - +

      - +
      - +

      - +
      - +

      - +

      + addTicketHidden() ?>

      - +

      @@ -4847,18 +5109,18 @@ selector(); function action_backupcreate() { global $member, $DIR_LIBS; - + $member->isAdmin() or $this->disallow(); // use compression ? $useGzip = intval(postVar('gzip')); - + include($DIR_LIBS . 'backup.php'); - - // try to extend time limit + + // try to extend time limit // (creating/restoring dumps might take a while) @set_time_limit(1200); - + do_backup($useGzip); exit; } @@ -4866,61 +5128,62 @@ selector(); function action_backuprestore() { global $member, $DIR_LIBS; - + $member->isAdmin() or $this->disallow(); - + if (intPostVar('letsgo') != 1) $this->error(_ERROR_BACKUP_NOTSURE); include($DIR_LIBS . 'backup.php'); - - // try to extend time limit + + // try to extend time limit // (creating/restoring dumps might take a while) @set_time_limit(1200); - + $message = do_restore(); if ($message != '') $this->error($message); - + $this->pagehead(); ?>

      pagefoot(); } - + function action_pluginlist() { - global $member; - + global $member, $manager; + // check if allowed $member->isAdmin() or $this->disallow(); - + $this->pagehead(); - - echo '

      (',_BACKTOMANAGE,')

      '; - + + echo '

      (',_BACKTOMANAGE,')

      '; + echo '

      ' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '

      '; - + echo '

      ' , _PLUGS_TITLE_INSTALLED , '

      '; - - + + $query = 'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC'; $template['content'] = 'pluginlist'; $template['tabindex'] = 10; showlist($query, 'table', $template); - + ?>

      - +

      - +
      + addTicketHidden() ?>
      - +

      0) { ?>

      - +
      + addTicketHidden() ?>
      pagefoot(); } - + function action_plugindeleteconfirm() { global $member, $manager; - + // check if allowed $member->isAdmin() or $this->disallow(); - + $pid = intPostVar('plugid'); - + $error = $this->deleteOnePlugin($pid, 1); if ($error) { $this->error($error); @@ -5102,27 +5417,45 @@ selector(); $this->action_pluginlist(); } - + function deleteOnePlugin($pid, $callUninstall = 0) { global $manager; - + $pid = intval($pid); - + if (!$manager->pidInstalled($pid)) return _ERROR_NOSUCHPLUGIN; - + + $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid); + // call the unInstall method of the plugin if ($callUninstall) { - $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid); $plugin =& $manager->getPlugin($name); if ($plugin) $plugin->unInstall(); } - $manager->notify('PreDeletePlugin', array('plugid' => $pid)); - + // check dependency before delete + $res = sql_query('SELECT pfile FROM '.sql_table('plugin')); + while($o = mysql_fetch_object($res)) { + $plug =& $manager->getPlugin($o->pfile); + if ($plug) + { + $depList = $plug->getPluginDep(); + foreach ($depList as $depName) + { + if ($name == $depName) + { + return _ERROR_DELREQPLUGIN . $o->pfile; + } + } + } + } + + $manager->notify('PreDeletePlugin', array('plugid' => $pid)); + // delete all subscriptions sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid); - + // delete all options // get OIDs from plugin_option_desc $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); @@ -5130,91 +5463,92 @@ selector(); while ($o = mysql_fetch_object($res)) { array_push($aOIDs, $o->oid); } - + // delete from plugin_option and plugin_option_desc sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid); if (count($aOIDs) > 0) - sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')'); - + sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')'); + // update order numbers $o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid)); sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder); - + // delete row sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid); - + $manager->clearCachedInfo('installedPlugins'); - $manager->notify('PostDeletePlugin', array('plugid' => $pid)); - + $manager->notify('PostDeletePlugin', array('plugid' => $pid)); + return ''; } - + function action_pluginup() { global $member, $manager; - + // check if allowed $member->isAdmin() or $this->disallow(); - + $plugid = intGetVar('plugid'); if (!$manager->pidInstalled($plugid)) $this->error(_ERROR_NOSUCHPLUGIN); - + // 1. get old order number $o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid)); $oldOrder = $o->porder; - + // 2. calculate new order number $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; - + // 3. update plug numbers - sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); - sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); - + sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); + sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); + $this->action_pluginlist(); } function action_plugindown() { global $member, $manager; - + // check if allowed $member->isAdmin() or $this->disallow(); - + $plugid = intGetVar('plugid'); if (!$manager->pidInstalled($plugid)) $this->error(_ERROR_NOSUCHPLUGIN); - + // 1. get old order number $o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid)); $oldOrder = $o->porder; - + $maxOrder = mysql_num_rows(sql_query('SELECT * FROM '.sql_table('plugin'))); - + // 2. calculate new order number $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; - + // 3. update plug numbers - sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); - sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); - + sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); + sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); + $this->action_pluginlist(); } - + function action_pluginoptions($message = '') { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); - + $pid = intRequestVar('plugid'); if (!$manager->pidInstalled($pid)) $this->error(_ERROR_NOSUCHPLUGIN); - $this->pagehead(); + $extrahead = ''; + $this->pagehead($extrahead); ?>

      ()

      - +

      Options for

      @@ -5222,10 +5556,13 @@ selector();
      - - " /> + + addTicketHidden(); - $aOptions = array(); + $aOptions = array(); $aOIDs = array(); $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC'; $r = sql_query($query); @@ -5244,27 +5581,27 @@ selector(); // fill out actual values if (count($aOIDs) > 0) { $r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')'); - while ($o = mysql_fetch_object($r)) + while ($o = mysql_fetch_object($r)) $aOptions[$o->oid]['value'] = $o->ovalue; } - + // call plugins $manager->notify('PrePluginOptionsEdit',array('context' => 'global', 'plugid' => $pid, 'options'=>&$aOptions)); - + $template['content'] = 'plugoptionlist'; $amount = showlist($aOptions,'table',$template); if ($amount == 0) echo '

      ',_ERROR_NOPLUGOPTIONS,'

      '; - + ?>
      pagefoot(); - - - + + + } - + function action_pluginoptionsupdate() { global $member, $manager; @@ -5274,25 +5611,27 @@ selector(); $pid = intRequestVar('plugid'); if (!$manager->pidInstalled($pid)) $this->error(_ERROR_NOSUCHPLUGIN); - + $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); - $manager->notify('PostPluginOptionsUpdate',array('context' => 'global', 'plugid' => $pid)); - + $manager->notify('PostPluginOptionsUpdate',array('context' => 'global', 'plugid' => $pid)); + $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED); } - + /** + * @static + */ function _insertPluginOptions($context, $contextid = 0) { - // get all current values for this contextid + // get all current values for this contextid // (note: this might contain doubles for overlapping contextids) $aIdToValue = array(); $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid)); while ($o = mysql_fetch_object($res)) { $aIdToValue[$o->oid] = $o->ovalue; } - + // get list of oids per pid $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin') . ' WHERE opid=pid and ocontext=\''.addslashes($context).'\' ORDER BY porder, oid ASC'; @@ -5313,14 +5652,15 @@ selector(); 'description' => $o->odesc, 'type' => $o->otype, 'typeinfo' => $o->oextra, - 'contextid' => $contextid + 'contextid' => $contextid, + 'extra' => '' )); } - + global $manager; $manager->notify('PrePluginOptionsEdit',array('context' => $context, 'contextid' => $contextid, 'options'=>&$aOptions)); - - + + $iPrevPid = -1; foreach ($aOptions as $aOption) { @@ -5330,24 +5670,24 @@ selector(); echo 'Options for ', htmlspecialchars($aOption['pfile']),''; } - + echo ''; listplug_plugOptionRow($aOption); echo ''; - + } - + } - + /* helper functions to create option forms etc. */ function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO) { $id = htmlspecialchars($name); $id = str_replace('[','-',$id); - $id = str_replace(']','-',$id); + $id = str_replace(']','-',$id); $id1 = $id . htmlspecialchars($value1); $id2 = $id . htmlspecialchars($value2); - + echo ''; } - + } // class ADMIN class ENCAPSULATE { - /** + /** * Uses $call to call a function using parameters $params * This function should return the amount of entries shown. * When entries are show, batch operation handlers are shown too. @@ -5381,7 +5721,7 @@ class ENCAPSULATE { // get list contents and stop buffering $list = ob_get_contents(); ob_end_clean(); - + if ($nbOfRows > 0) { $this->showHead(); echo $list; @@ -5410,26 +5750,26 @@ class NAVLIST extends ENCAPSULATE { $this->search = $search; $this->itemid = $itemid; } - + function showBatchList($batchtype, $query, $type, $template, $errorMessage = _LISTS_NOMORE) { - $batch = new BATCH($batchtype); + $batch =& new BATCH($batchtype); $this->doEncapsulate( array(&$batch, 'showlist'), array(&$query, $type, $template), $errorMessage ); - + } - + function showHead() { $this->showNavigation(); } function showFoot() { $this->showNavigation(); } - + /** * Displays a next/prev bar for long tables */ @@ -5442,7 +5782,7 @@ class NAVLIST extends ENCAPSULATE { $blogid = $this->blogid; $search = $this->search; $itemid = $this->itemid; - + $prev = $start - $amount; if ($prev < $minamount) $prev=$minamount; @@ -5456,9 +5796,9 @@ class NAVLIST extends ENCAPSULATE {
      - + - + @@ -5467,33 +5807,33 @@ class NAVLIST extends ENCAPSULATE {
      - + - + - +
      -       		+
      - + - +
      -       		+
      - + - + -
      +
      type = $type; } - + function showHead() { ?>
      showOperationList(); +// $this->showOperationList(); } function showFoot() { @@ -5525,6 +5865,7 @@ class BATCH extends ENCAPSULATE {
      @@ -5537,7 +5878,7 @@ class BATCH extends ENCAPSULATE { 'move' => _BATCH_ITEM_MOVE ); break; - case 'member': + case 'member': $options = array( 'delete' => _BATCH_MEMBER_DELETE, 'setadmin' => _BATCH_MEMBER_SET_ADM, @@ -5569,26 +5910,27 @@ class BATCH extends ENCAPSULATE { ?> - type == 'team') + addTicketHidden(); + + // add hidden fields for 'team' and 'comment' batchlists + if ($this->type == 'team') { echo ''; } - if ($this->type == 'comment') + if ($this->type == 'comment') { echo ''; } - - ?> - - - ( + + echo ''; + ?>( - )
      doEncapsulate( 'showlist', @@ -5610,20 +5952,15 @@ function showlist($query, $type, $template) { call_user_func('listplug_' . $type, $template, 'HEAD'); - // add extra row if needed - if ($template['extra']) { - echo ''; - } - foreach ($query as $currentObj) { $template['current'] = $currentObj; call_user_func('listplug_' . $type, $template, 'BODY'); } - + call_user_func('listplug_' . $type, $template, 'FOOT'); - + return sizeof($query); - + } else { $res = sql_query($query); @@ -5634,12 +5971,7 @@ function showlist($query, $type, $template) { call_user_func('listplug_' . $type, $template, 'HEAD'); - // add extra row if needed - if ($template['extra']) { - echo ''; - } - - while($template['current'] = mysql_fetch_object($res)) + while($template['current'] = mysql_fetch_object($res)) call_user_func('listplug_' . $type, $template, 'BODY'); call_user_func('listplug_' . $type, $template, 'FOOT'); @@ -5655,6 +5987,12 @@ function listplug_select($template, $type) { switch($type) { case 'HEAD': echo ''; echo '