4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2009 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * Actions that can be called via action.php
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2009 The Nucleus Group
18 * @version $Id: ACTION.php 1646 2012-01-29 10:47:32Z sakamocchi $
23 * Action::__construct()
24 * Constructor for an new ACTION object
29 public function __construct()
36 * Calls functions that handle an action called from action.php
38 * @param string $action action type
41 public function doAction($action)
46 return $this->autoDraft();
49 return $this->updateTicket();
52 return $this->addComment();
55 return $this->sendMessage();
58 return $this->createAccount();
60 case 'forgotpassword':
61 return $this->forgotPassword();
64 return $this->doKarma('pos');
67 return $this->doKarma('neg');
70 return $this->callPlugin();
73 doError(_ERROR_BADACTION);
80 * Action::addComment()
81 * Adds a new comment to an item (if IP isn't banned)
86 private function addComment()
88 global $CONF, $errormessage, $manager;
90 $post['itemid'] = intPostVar('itemid');
91 $post['user'] = postVar('user');
92 $post['userid'] = postVar('userid');
93 $post['email'] = postVar('email');
94 $post['body'] = postVar('body');
95 $post['remember'] = intPostVar('remember');
97 // begin if: "Remember Me" box checked
98 if ( $post['remember'] == 1 )
100 $lifetime = time() + 2592000;
101 setcookie($CONF['CookiePrefix'] . 'comment_user', $post['user'], $lifetime, '/', '', 0);
102 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'], $lifetime, '/', '', 0);
103 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime, '/', '', 0);
106 $item =& $manager->getItem($post['itemid'], 0, 0);
107 $this->checkban($item['blogid']);
108 $blog =& $manager->getBlog($item['blogid']);
110 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
111 $comments = new Comments($post['itemid']);
112 $errormessage = $comments->addComment($blog->getCorrectTime(), $post);
114 if ( $errormessage != '1' )
116 // show error message using default skin for blo
118 'message' => $errormessage,
119 'skinid' => $blog->getDefaultSkin()
124 // redirect when adding comments succeeded
125 if ( postVar('url') )
127 redirect(postVar('url') );
131 $url = Link::create_item_link($post['itemid']);
139 * Action::sendMessage()
140 * Sends a message from the current member to the member given as argument
145 private function sendMessage()
147 global $CONF, $member;
149 $error = $this->validateMessage();
153 return array('message' => $error);
156 if ( !$member->isLoggedIn() )
158 $fromMail = postVar('frommail');
159 $fromName = _MMAIL_FROMANON;
163 $fromMail = $member->getEmail();
164 $fromName = $member->getDisplayName();
167 /* TODO: validation */
168 $memberid = postVar('memberid');
169 $tomem = new Member();
170 $tomem->readFromId($memberid);
172 /* TODO: validation */
173 $message = postVar('message');
174 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
175 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
176 . _MMAIL_MAIL . " \n\n"
178 $message .= Notification::get_mail_footer();
180 $title = _MMAIL_TITLE . ' ' . $fromName;
181 Notification::mail($tomem->getEmail(), $title, $message, $fromMail, i18n::get_current_charset());
183 /* TODO: validation */
184 $url = postVar('url');
187 $CONF['MemberURL'] = $CONF['IndexURL'];
189 if ( $CONF['URLMode'] == 'pathinfo' )
192 'memberid' => $tomem->getID(),
193 'name' => $tomem->getDisplayName()
195 $url = Link::create_link('member', $data);
199 $url = $CONF['IndexURL'] . Link::create_member_link($tomem->getID());
208 * Action::validateMessage()
209 * Checks if a mail to a member is allowed
210 * Returns a string with the error message if the mail is disallowed
213 * @return String Null character string
215 private function validateMessage()
217 global $CONF, $member, $manager;
219 if ( !$CONF['AllowMemberMail'] )
221 return _ERROR_MEMBERMAILDISABLED;
224 if ( !$member->isLoggedIn() && !$CONF['NonmemberMail'] )
226 return _ERROR_DISALLOWED;
229 if ( !$member->isLoggedIn() && !Notification::address_validation(postVar('frommail')) )
231 return _ERROR_BADMAILADDRESS;
235 * let plugins do verification (any plugin which thinks the comment is
236 * invalid can change 'error' to something other than '')
240 'type' => 'membermail',
243 $manager->notify('ValidateForm', $data);
249 * Action::createAccount()
250 * Creates a new user account
255 private function createAccount()
257 global $CONF, $manager;
259 if ( array_key_exists('AllowMemberCreate', $CONF) && !$CONF['AllowMemberCreate'] )
261 doError(_ERROR_MEMBERCREATEDISABLED);
265 // evaluate content from FormExtra
268 'type' => 'membermail',
271 $manager->notify('ValidateForm', $data);
278 // even though the member can not log in, set some random initial password. One never knows.
279 srand((double) microtime() * 1000000);
280 $initialPwd = md5(uniqid(rand(), TRUE) );
282 // create member (non admin/can not login/no notes/random string as password)
283 $name = Entity::shorten(postVar('name'), 32, '');
284 $relname = postVar('realname');
285 $email = postVar('email');
286 $url = postVar('url');
288 $r = Member::create($name, $realname, $initialPwd, $email, $url, 0, 0, '');
295 // send message containing password.
296 $newmem = new Member();
297 $newmem->readFromName($name);
298 $newmem->sendActivationLink('register');
300 $data = array('member' => $newmem);
301 $manager->notify('PostRegister', $data);
303 if ( postVar('desturl') )
305 redirect(postVar('desturl') );
312 * Action::forgotPassword()
313 * Sends a new password
318 private function forgotPassword()
320 $membername = trim(postVar('name') );
322 if ( !Member::exists($membername) )
324 doError(_ERROR_NOSUCHMEMBER);
328 $mem = Member::createFromName($membername);
330 // check if e-mail address is correct
331 $email = postVar('email');
332 if ( $mem->getEmail() != $email )
334 doError(_ERROR_INCORRECTEMAIL);
338 // send activation link
339 $mem->sendActivationLink('forgot');
342 $url = postVar('url');
345 redirect(postVar('url') );
349 echo _MSG_ACTIVATION_SENT;
352 . "Return to <a href=\"{$CONF['IndexURL']}\" title=\"{$CONF['SiteName']}\">{$CONF['SiteName']}</a>\n";
362 * @param string $type pos or neg
365 private function doKarma($type)
367 global $itemid, $member, $CONF, $manager;
369 // check if itemid exists
370 if ( !$manager->existsItem($itemid, 0, 0) )
372 doError(_ERROR_NOSUCHITEM);
376 $item =& $manager->getItem($itemid, 0, 0);
377 $this->checkban($item['blogid']);
379 $karma =& $manager->getKarma($itemid);
381 // check if not already voted
382 if ( !$karma->isVoteAllowed(serverVar('REMOTE_ADDR') ) )
384 doError(_ERROR_VOTEDBEFORE);
388 // check if item does allow voting
389 $item =& $manager->getItem($itemid, 0, 0);
391 if ( $item['closed'] )
393 doError(_ERROR_ITEMCLOSED);
400 $karma->votePositive();
404 $karma->voteNegative();
408 $blog =& $manager->getBlog($blogid);
410 // send email to notification address, if any
411 if ( $blog->getNotifyAddress() && $blog->notifyOnVote() )
413 $message = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
414 $itemLink = Link::create_item_link((integer)$itemid);
415 $temp = parse_url($itemLink);
417 if ( !$temp['scheme'] )
419 $itemLink = $CONF['IndexURL'] . $itemLink;
422 $message .= $itemLink . "\n\n";
424 if ( $member->isLoggedIn() )
426 $message .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
429 $message .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
430 $message .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
431 $message .= _NOTIFY_VOTE . "\n " . $type . "\n";
432 $message .= Notification::get_mail_footer();
434 $subject = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
436 $from = $member->getNotifyFromMailAddress();
438 Notification::mail($blog->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());
441 $refererUrl = serverVar('HTTP_REFERER');
457 * Action::callPlugin()
458 * Calls a plugin action
463 private function callPlugin()
467 $name = requestVar('name');
468 $pluginName = "NP_{$name}";
469 $actionType = requestVar('type');
471 // 1: check if plugin is installed
472 if ( !$manager->pluginInstalled($pluginName) )
474 doError(_ERROR_NOSUCHPLUGIN);
479 $pluginObject =& $manager->getPlugin($pluginName);
480 if ( !$pluginObject )
482 $error = 'Could not load plugin (see actionlog)';
486 $error = $pluginObject->doAction($actionType);
490 * doAction returns error when:
491 * - an error occurred (duh)
492 * - no actions are allowed (doAction is not implemented)
505 * Checks if an IP or IP range is banned
507 * @param integer $blogid
510 private function checkban($blogid)
513 $ban = Ban::isBanned($blogid, serverVar('REMOTE_ADDR') );
517 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
525 * Action::updateTicket()
529 * @return boolean FALSE
531 private function updateTicket()
535 if ( !$manager->checkTicket() )
537 echo _ERROR . ':' . _ERROR_BADTICKET;
541 echo $manager->getNewTicket();
548 * Action::autoDraft()
549 * Handles AutoSaveDraft
552 * @return boolean FALSE
554 private function autoDraft()
558 if ( !$manager->checkTicket() )
560 echo _ERROR . ':' . _ERROR_BADTICKET;
564 $manager->loadClass('ITEM');
565 $info = Item::createDraftFromRequest();
567 if ( $info['status'] != 'error' )
569 echo $info['draftid'];
573 echo $info['message'];