4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2006 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * Actions that can be called via action.php
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2006 The Nucleus Group
18 * @version $Id: ACTION.php,v 1.5 2006-07-17 20:03:44 kimitake Exp $
19 * $NucleusJP: ACTION.php,v 1.4 2006/07/12 07:11:47 kimitake Exp $
28 function doAction($action)
32 return $this->autoDraft();
35 return $this->updateTicket();
38 return $this->addComment();
41 return $this->sendMessage();
44 return $this->createAccount();
46 case 'forgotpassword':
47 return $this->forgotPassword();
50 return $this->doKarma('pos');
53 return $this->doKarma('neg');
56 return $this->callPlugin();
59 doError(_ERROR_BADACTION);
63 function addComment() {
64 global $CONF, $errormessage, $manager;
66 $post['itemid'] = intPostVar('itemid');
67 $post['user'] = postVar('user');
68 $post['userid'] = postVar('userid');
69 $post['email'] = postVar('email');
70 $post['body'] = postVar('body');
72 // set cookies when required
73 $remember = intPostVar('remember');
75 $lifetime = time()+2592000;
76 setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
77 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
78 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime,'/','',0);
81 $comments = new COMMENTS($post['itemid']);
83 $blogid = getBlogIDFromItemID($post['itemid']);
84 $this->checkban($blogid);
85 $blog =& $manager->getBlog($blogid);
87 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
88 $errormessage = $comments->addComment($blog->getCorrectTime(),$post);
90 if ($errormessage == '1') {
91 // redirect when adding comments succeeded
93 redirect(postVar('url'));
95 $url = createItemLink($post['itemid']);
99 // else, show error message using default skin for blog
101 'message' => $errormessage,
102 'skinid' => $blog->getDefaultSkin()
109 // Sends a message from the current member to the member given as argument
110 function sendMessage() {
111 global $CONF, $member;
113 $error = $this->validateMessage();
115 return array('message' => $error);
117 if (!$member->isLoggedIn()) {
118 $fromMail = postVar('frommail');
119 $fromName = _MMAIL_FROMANON;
121 $fromMail = $member->getEmail();
122 $fromName = $member->getDisplayName();
125 $tomem = new MEMBER();
126 $tomem->readFromId(postVar('memberid'));
128 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
129 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
130 . _MMAIL_MAIL . " \n\n"
131 . postVar('message');
132 $message .= getMailFooter();
134 $title = _MMAIL_TITLE . ' ' . $fromName;
136 mb_internal_encoding(_CHARSET);
137 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
139 if (postVar('url')) {
140 redirect(postVar('url'));
142 $CONF['MemberURL'] = $CONF['IndexURL'];
143 if ($CONF['URLMode'] == 'pathinfo')
145 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName()));
149 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
158 function validateMessage() {
159 global $CONF, $member, $manager;
161 if (!$CONF['AllowMemberMail'])
162 return _ERROR_MEMBERMAILDISABLED;
164 if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
165 return _ERROR_DISALLOWED;
167 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
168 return _ERROR_BADMAILADDRESS;
170 // let plugins do verification (any plugin which thinks the comment is invalid
171 // can change 'error' to something other than '')
173 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
179 // creates a new user account
180 function createAccount() {
181 global $CONF, $manager;
183 if (!$CONF['AllowMemberCreate'])
184 doError(_ERROR_MEMBERCREATEDISABLED);
186 // even though the member can not log in, set some random initial password. One never knows.
187 srand((double)microtime()*1000000);
188 $initialPwd = md5(uniqid(rand(), true));
190 // create member (non admin/can not login/no notes/random string as password)
191 $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
196 // send message containing password.
197 $newmem = new MEMBER();
198 $newmem->readFromName(postVar('name'));
199 $newmem->sendActivationLink('register');
201 $manager->notify('PostRegister',array('member' => &$newmem));
203 if (postVar('desturl')) {
204 redirect(postVar('desturl'));
206 header ("Content-Type: text/html; charset="._CHARSET);
207 echo _MSG_ACTIVATION_SENT;
213 // sends a new password
214 function forgotPassword() {
215 $membername = trim(postVar('name'));
217 if (!MEMBER::exists($membername))
218 doError(_ERROR_NOSUCHMEMBER);
219 $mem = MEMBER::createFromName($membername);
221 if (!$mem->canLogin())
222 doError(_ERROR_NOLOGON_NOACTIVATE);
224 // check if e-mail address is correct
225 if (!($mem->getEmail() == postVar('email')))
226 doError(_ERROR_INCORRECTEMAIL);
228 // send activation link
229 $mem->sendActivationLink('forgot');
231 if (postVar('url')) {
232 redirect(postVar('url'));
234 echo _MSG_ACTIVATION_SENT;
240 // handle karma votes
241 function doKarma($type) {
242 global $itemid, $member, $CONF, $manager;
244 // check if itemid exists
245 if (!$manager->existsItem($itemid,0,0))
246 doError(_ERROR_NOSUCHITEM);
248 $blogid = getBlogIDFromItemID($itemid);
249 $this->checkban($blogid);
251 $karma =& $manager->getKarma($itemid);
253 // check if not already voted
254 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
255 doError(_ERROR_VOTEDBEFORE);
257 // check if item does allow voting
258 $item =& $manager->getItem($itemid,0,0);
260 doError(_ERROR_ITEMCLOSED);
264 $karma->votePositive();
267 $karma->voteNegative();
271 $blogid = getBlogIDFromItemID($itemid);
272 $blog =& $manager->getBlog($blogid);
274 // send email to notification address, if any
275 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
277 $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
278 $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
279 if ($member->isLoggedIn()) {
280 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
282 $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
283 $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
284 $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
285 $mailto_msg .= getMailFooter();
287 $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
289 $frommail = $member->getNotifyFromMailAddress();
291 $notify = new NOTIFICATION($blog->getNotifyAddress());
292 $notify->notify($mailto_title, $mailto_msg , $frommail);
296 $refererUrl = serverVar('HTTP_REFERER');
300 $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
307 * Calls a plugin action
309 function callPlugin() {
312 $pluginName = 'NP_' . requestVar('name');
313 $actionType = requestVar('type');
315 // 1: check if plugin is installed
316 if (!$manager->pluginInstalled($pluginName))
317 doError(_ERROR_NOSUCHPLUGIN);
320 $pluginObject =& $manager->getPlugin($pluginName);
322 $error = $pluginObject->doAction($actionType);
324 $error = 'Could not load plugin (see actionlog)';
326 // doAction returns error when:
327 // - an error occurred (duh)
328 // - no actions are allowed (doAction is not implemented)
336 function checkban($blogid) {
338 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
340 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
348 function updateTicket() {
350 if ($manager->checkTicket()) {
351 echo $manager->getNewTicket();
354 echo 'err:' . _ERROR_BADTICKET;
360 * Handles AutoSaveDraft
362 function autoDraft() {
364 if ($manager->checkTicket()) {
365 $manager->loadClass('ITEM');
366 $info = ITEM::CreateDraftFromRequest();
367 if ($info['status'] == 'error') {
368 echo $info['message'];
371 echo $info['draftid'];
375 echo 'err:' . _ERROR_BADTICKET;