euc/nucleus/libs/ACTION.php

   1 <?php
   2
   3 /**
   4   * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
   5   * Copyright (C) 2002-2004 The Nucleus Group
   6   *
   7   * This program is free software; you can redistribute it and/or
   8   * modify it under the terms of the GNU General Public License
   9   * as published by the Free Software Foundation; either version 2
  10   * of the License, or (at your option) any later version.
  11   * (see nucleus/documentation/index.html#license for more info)
  12   *
  13   * Actions that can be called via action.php
  14   *
  15   * $Id: ACTION.php,v 1.1.1.1 2005-02-28 07:14:04 kimitake Exp $
  16   */
  17 class ACTION
  18 {
  19         function ACTION()
  20         {
  21
  22         }
  23
  24         function doAction($action)
  25         {
  26                 switch($action) {
  27                         case 'addcomment':
  28                                 return $this->addComment();
  29                                 break;
  30                         case 'sendmessage':
  31                                 return $this->sendMessage();
  32                                 break;
  33                         case 'createaccount':
  34                                 return $this->createAccount();
  35                                 break;
  36                         case 'forgotpassword':
  37                                 return $this->forgotPassword();
  38                                 break;
  39                         case 'votepositive':
  40                                 return $this->doKarma('pos');
  41                                 break;
  42                         case 'votenegative':
  43                                 return $this->doKarma('neg');
  44                                 break;
  45                         case 'plugin':
  46                                 return $this->callPlugin();
  47                                 break;
  48                         default:
  49                                 doError(_ERROR_BADACTION);
  50                 }
  51         }
  52
  53         function addComment() {
  54                 global $CONF, $errormessage, $manager;
  55
  56                 $post['itemid'] =       intPostVar('itemid');
  57                 $post['user'] =         postVar('user');
  58                 $post['userid'] =       postVar('userid');
  59                 $post['body'] =         postVar('body');
  60
  61                 // set cookies when required
  62                 $remember = intPostVar('remember');
  63                 if ($remember == 1) {
  64                         $lifetime = time()+2592000;
  65                         setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
  66                         setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
  67                 }
  68
  69                 $comments = new COMMENTS($post['itemid']);
  70
  71                 $blogid = getBlogIDFromItemID($post['itemid']);
  72                 $this->checkban($blogid);
  73                 $blog =& $manager->getBlog($blogid);
  74
  75                 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
  76                 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
  77
  78                 if ($errormessage == '1') {
  79                         // redirect when adding comments succeeded
  80                         if (postVar('url')) {
  81                                 redirect(postVar('url'));\r
  82                         } else {\r
  83                                 $url = $CONF['IndexURL'] . createItemLink($post['itemid']);\r
  84                                 redirect($url);
  85                         }
  86                 } else {
  87                         // else, show error message using default skin for blog
  88                         return array(
  89                                 'message' => $errormessage,
  90                                 'skinid' => $blog->getDefaultSkin()
  91                         );
  92                 }
  93
  94                 exit;
  95         }
  96
  97         // Sends a message from the current member to the member given as argument
  98         function sendMessage() {
  99                 global $CONF, $member;
 100
 101                 $error = $this->validateMessage();
 102                 if ($error != '')
 103                         return array('message' => $error);
 104
 105                 if (!$member->isLoggedIn()) {
 106                         $fromMail = postVar('frommail');
 107                         $fromName = _MMAIL_FROMANON;
 108                 } else {
 109                         $fromMail = $member->getEmail();
 110                         $fromName = $member->getDisplayName();
 111                 }
 112
 113                 $tomem = new MEMBER();
 114                 $tomem->readFromId(postVar('memberid'));
 115
 116                 $message  = _MMAIL_MSG . ' ' . $fromName . "\n"
 117                           . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
 118                           . _MMAIL_MAIL . " \n\n"
 119                           . postVar('message');
 120                 $message .= getMailFooter();
 121
 122                 $title = _MMAIL_TITLE . ' ' . $fromName;
 123                 @mb_language('ja');
 124                 mb_internal_encoding(_CHARSET);
 125                 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
 126
 127                 if (postVar('url')) {
 128                         redirect(postVar('url'));
 129                 } else {
 130                         $CONF['MemberURL'] = $CONF['IndexURL'];
 131                         if ($CONF['URLMode'] == 'pathinfo')
 132                                 $url = createMemberLink($tomem->getID());
 133                         else
 134                                 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
 135                         redirect($url);
 136                 }
 137
 138                 exit;
 139
 140         }
 141
 142         function validateMessage() {
 143                 global $CONF, $member, $manager;
 144
 145                 if (!$CONF['AllowMemberMail'])
 146                         return _ERROR_MEMBERMAILDISABLED;
 147
 148                 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
 149                         return _ERROR_DISALLOWED;
 150
 151                 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
 152                         return _ERROR_BADMAILADDRESS;
 153
 154                 // let plugins do verification (any plugin which thinks the comment is invalid
 155                 // can change 'error' to something other than '')
 156                 $result = '';
 157                 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
 158
 159                 return $result;
 160
 161         }
 162
 163         // creates a new user account
 164         function createAccount() {
 165                 global $CONF, $manager;
 166
 167                 if (!$CONF['AllowMemberCreate'])
 168                         doError(_ERROR_MEMBERCREATEDISABLED);
 169
 170                 // even though the member can not log in, set some random initial password. One never knows.
 171                 srand((double)microtime()*1000000);
 172                 $initialPwd = md5(uniqid(rand(), true));
 173
 174                 // create member (non admin/can not login/no notes/random string as password)
 175                 $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
 176
 177                 if ($r != 1)
 178                         doError($r);
 179
 180                 // send message containing password.
 181                 $newmem = new MEMBER();
 182                 $newmem->readFromName(postVar('name'));
 183                 $newmem->sendActivationLink('register');
 184
 185                 $manager->notify('PostRegister',array('member' => &$newmem));
 186
 187                 if (postVar('desturl')) {
 188                         redirect(postVar('desturl'));
 189                 } else {
 190                         echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=EUC-JP\" />\n"._MSG_ACTIVATION_SENT;
 191                 }
 192
 193                 exit;
 194         }
 195
 196         // sends a new password
 197         function forgotPassword() {
 198                 $membername = trim(postVar('name'));
 199
 200                 if (!MEMBER::exists($membername))
 201                         doError(_ERROR_NOSUCHMEMBER);
 202                 $mem = MEMBER::createFromName($membername);
 203
 204                 if (!$mem->canLogin())
 205                         doError(_ERROR_NOLOGON_NOACTIVATE);
 206
 207                 // check if e-mail address is correct
 208                 if (!($mem->getEmail() == postVar('email')))
 209                         doError(_ERROR_INCORRECTEMAIL);
 210
 211                 // send activation link
 212                 $mem->sendActivationLink('forgot');
 213
 214                 if (postVar('url')) {
 215                         redirect(postVar('url'));
 216                 } else {
 217                         echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=EUC-JP\" />\n"._MSG_ACTIVATION_SENT;
 218                 }
 219
 220                 exit;
 221         }
 222
 223         // handle karma votes
 224         function doKarma($type) {
 225                 global $itemid, $member, $CONF, $manager;
 226
 227                 // check if itemid exists
 228                 if (!$manager->existsItem($itemid,0,0))
 229                         doError(_ERROR_NOSUCHITEM);
 230
 231                 $blogid = getBlogIDFromItemID($itemid);
 232                 $this->checkban($blogid);
 233
 234                 $karma =& $manager->getKarma($itemid);
 235
 236                 // check if not already voted
 237                 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
 238                         doError(_ERROR_VOTEDBEFORE);
 239
 240                 // check if item does allow voting
 241                 $item =& $manager->getItem($itemid,0,0);
 242                 if ($item['closed'])
 243                         doError(_ERROR_ITEMCLOSED);
 244
 245                 switch($type) {
 246                         case 'pos':
 247                                 $karma->votePositive();
 248                                 break;
 249                         case 'neg':
 250                                 $karma->voteNegative();
 251                                 break;
 252                 }
 253
 254                 $blogid = getBlogIDFromItemID($itemid);
 255                 $blog =& $manager->getBlog($blogid);
 256
 257                 // send email to notification address, if any
 258                 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
 259
 260                         $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
 261                         $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
 262                         if ($member->isLoggedIn()) {
 263                                 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
 264                         }
 265                         $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
 266                         $mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";
 267                         $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
 268                         $mailto_msg .= getMailFooter();
 269
 270                         $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
 271
 272                         $frommail = $member->getNotifyFromMailAddress();
 273
 274                         $notify = new NOTIFICATION($blog->getNotifyAddress());
 275                         $notify->notify($mailto_title, $mailto_msg , $frommail);
 276                 }
 277
 278
 279                 $refererUrl = serverVar('HTTP_REFERER');
 280                 if ($refererUrl)
 281                         $url = $refererUrl;
 282                 else
 283                         $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
 284
 285                 redirect($url);
 286                 exit;
 287         }
 288
 289         /**
 290           * Calls a plugin action
 291           */
 292         function callPlugin() {
 293                 global $manager;
 294
 295                 $pluginName = 'NP_' . requestVar('name');
 296                 $actionType = requestVar('type');
 297
 298                 // 1: check if plugin is installed
 299                 if (!$manager->pluginInstalled($pluginName))
 300                         doError(_ERROR_NOSUCHPLUGIN);
 301
 302                 // 2: call plugin
 303                 $pluginObject =& $manager->getPlugin($pluginName);
 304                 if ($pluginObject)
 305                         $error = $pluginObject->doAction($actionType);
 306                 else
 307                         $error = 'Could not load plugin (see actionlog)';
 308
 309                 // doAction returns error when:
 310                 // - an error occurred (duh)
 311                 // - no actions are allowed (doAction is not implemented)
 312                 if ($error)
 313                         doError($error);
 314
 315                 exit;
 316
 317         }
 318
 319         function checkban($blogid) {
 320                 // check if banned
 321                 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
 322                 if ($ban != 0) {
 323                         doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
 324                 }
 325
 326         }
 327
 328
 329 }
 330
 331 ?>