4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2004 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
13 * Actions that can be called via action.php
15 * $Id: ACTION.php,v 1.1.1.1 2005-02-28 07:14:04 kimitake Exp $
24 function doAction($action)
28 return $this->addComment();
31 return $this->sendMessage();
34 return $this->createAccount();
36 case 'forgotpassword':
37 return $this->forgotPassword();
40 return $this->doKarma('pos');
43 return $this->doKarma('neg');
46 return $this->callPlugin();
49 doError(_ERROR_BADACTION);
53 function addComment() {
54 global $CONF, $errormessage, $manager;
56 $post['itemid'] = intPostVar('itemid');
57 $post['user'] = postVar('user');
58 $post['userid'] = postVar('userid');
59 $post['body'] = postVar('body');
61 // set cookies when required
62 $remember = intPostVar('remember');
64 $lifetime = time()+2592000;
65 setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
66 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
69 $comments = new COMMENTS($post['itemid']);
71 $blogid = getBlogIDFromItemID($post['itemid']);
72 $this->checkban($blogid);
73 $blog =& $manager->getBlog($blogid);
75 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
76 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
78 if ($errormessage == '1') {
79 // redirect when adding comments succeeded
81 redirect(postVar('url'));
\r
83 $url = $CONF['IndexURL'] . createItemLink($post['itemid']);
\r
87 // else, show error message using default skin for blog
89 'message' => $errormessage,
90 'skinid' => $blog->getDefaultSkin()
97 // Sends a message from the current member to the member given as argument
98 function sendMessage() {
99 global $CONF, $member;
101 $error = $this->validateMessage();
103 return array('message' => $error);
105 if (!$member->isLoggedIn()) {
106 $fromMail = postVar('frommail');
107 $fromName = _MMAIL_FROMANON;
109 $fromMail = $member->getEmail();
110 $fromName = $member->getDisplayName();
113 $tomem = new MEMBER();
114 $tomem->readFromId(postVar('memberid'));
116 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
117 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
118 . _MMAIL_MAIL . " \n\n"
119 . postVar('message');
120 $message .= getMailFooter();
122 $title = _MMAIL_TITLE . ' ' . $fromName;
124 mb_internal_encoding(_CHARSET);
125 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
127 if (postVar('url')) {
128 redirect(postVar('url'));
130 $CONF['MemberURL'] = $CONF['IndexURL'];
131 if ($CONF['URLMode'] == 'pathinfo')
132 $url = createMemberLink($tomem->getID());
134 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
142 function validateMessage() {
143 global $CONF, $member, $manager;
145 if (!$CONF['AllowMemberMail'])
146 return _ERROR_MEMBERMAILDISABLED;
148 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
149 return _ERROR_DISALLOWED;
151 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
152 return _ERROR_BADMAILADDRESS;
154 // let plugins do verification (any plugin which thinks the comment is invalid
155 // can change 'error' to something other than '')
157 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
163 // creates a new user account
164 function createAccount() {
165 global $CONF, $manager;
167 if (!$CONF['AllowMemberCreate'])
168 doError(_ERROR_MEMBERCREATEDISABLED);
170 // even though the member can not log in, set some random initial password. One never knows.
171 srand((double)microtime()*1000000);
172 $initialPwd = md5(uniqid(rand(), true));
174 // create member (non admin/can not login/no notes/random string as password)
175 $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
180 // send message containing password.
181 $newmem = new MEMBER();
182 $newmem->readFromName(postVar('name'));
183 $newmem->sendActivationLink('register');
185 $manager->notify('PostRegister',array('member' => &$newmem));
187 if (postVar('desturl')) {
188 redirect(postVar('desturl'));
190 echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=EUC-JP\" />\n"._MSG_ACTIVATION_SENT;
196 // sends a new password
197 function forgotPassword() {
198 $membername = trim(postVar('name'));
200 if (!MEMBER::exists($membername))
201 doError(_ERROR_NOSUCHMEMBER);
202 $mem = MEMBER::createFromName($membername);
204 if (!$mem->canLogin())
205 doError(_ERROR_NOLOGON_NOACTIVATE);
207 // check if e-mail address is correct
208 if (!($mem->getEmail() == postVar('email')))
209 doError(_ERROR_INCORRECTEMAIL);
211 // send activation link
212 $mem->sendActivationLink('forgot');
214 if (postVar('url')) {
215 redirect(postVar('url'));
217 echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=EUC-JP\" />\n"._MSG_ACTIVATION_SENT;
223 // handle karma votes
224 function doKarma($type) {
225 global $itemid, $member, $CONF, $manager;
227 // check if itemid exists
228 if (!$manager->existsItem($itemid,0,0))
229 doError(_ERROR_NOSUCHITEM);
231 $blogid = getBlogIDFromItemID($itemid);
232 $this->checkban($blogid);
234 $karma =& $manager->getKarma($itemid);
236 // check if not already voted
237 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
238 doError(_ERROR_VOTEDBEFORE);
240 // check if item does allow voting
241 $item =& $manager->getItem($itemid,0,0);
243 doError(_ERROR_ITEMCLOSED);
247 $karma->votePositive();
250 $karma->voteNegative();
254 $blogid = getBlogIDFromItemID($itemid);
255 $blog =& $manager->getBlog($blogid);
257 // send email to notification address, if any
258 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
260 $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
261 $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
262 if ($member->isLoggedIn()) {
263 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
265 $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
266 $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
267 $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
268 $mailto_msg .= getMailFooter();
270 $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
272 $frommail = $member->getNotifyFromMailAddress();
274 $notify = new NOTIFICATION($blog->getNotifyAddress());
275 $notify->notify($mailto_title, $mailto_msg , $frommail);
279 $refererUrl = serverVar('HTTP_REFERER');
283 $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
290 * Calls a plugin action
292 function callPlugin() {
295 $pluginName = 'NP_' . requestVar('name');
296 $actionType = requestVar('type');
298 // 1: check if plugin is installed
299 if (!$manager->pluginInstalled($pluginName))
300 doError(_ERROR_NOSUCHPLUGIN);
303 $pluginObject =& $manager->getPlugin($pluginName);
305 $error = $pluginObject->doAction($actionType);
307 $error = 'Could not load plugin (see actionlog)';
309 // doAction returns error when:
310 // - an error occurred (duh)
311 // - no actions are allowed (doAction is not implemented)
319 function checkban($blogid) {
321 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
323 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);