3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4 * Copyright (C) 2002-2009 The Nucleus Group
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 * (see nucleus/documentation/index.html#license for more info)
13 * The code for the Nucleus admin area
15 * @license http://nucleuscms.org/license.txt GNU General Public License
16 * @copyright Copyright (C) 2002-2009 The Nucleus Group
17 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
20 if ( !function_exists('requestVar') ) exit;
21 require_once dirname(__FILE__) . '/showlist.php';
27 static public $action;
28 static public $aOptions;
30 static public $contents;
31 static public $extrahead;
32 static public $headMess;
33 static public $passvar;
35 static private $skinless_actions = array(
36 'plugindeleteconfirm',
37 'pluginoptionsupdate',
45 'changemembersettings',
50 'skinremovetypeconfirm',
60 'templatedeleteconfirm',
64 'adminskinremovetypeconfirm',
66 'adminskindeleteconfirm',
68 'adminskineditgeneral',
73 'admintemplateupdate',
74 'admintemplatedeleteconfirm',
79 static private $ticketless_actions = array(
110 'banlistnewfromitem',
147 'adminskinremovetype',
149 'adminskinieoverview',
151 'admintemplateoverview',
152 'admintemplateclone',
154 'admintemplatedelete'
158 * NOTE: This is for condition of admin/normal skin actions
160 static public $adminskin_actions = array(
168 'adminskinremovetype',
170 'adminskinieoverview',
172 'admintemplateoverview',
173 'admintemplateclone',
175 'admintemplatedelete',
178 'adminskineditgeneral',
180 'adminskindeleteconfirm',
181 'adminskinremovetypeconfirm',
183 'adminskinieoverview',
184 'adminskiniedoimport',
189 'admintemplatedeleteconfirm',
190 'admintemplateupdate'
193 static public function initialize()
195 global $CONF, $manager, $member;
197 /* NOTE: 1. decide which skinid to use */
198 $skinid = $CONF['AdminSkin'];
199 if ( $member->isLoggedIn() )
201 $memskin = $member->getAdminSkin();
202 if ( $memskin && Skin::existsID($memskin))
208 /* NOTE: 2. make an instance of skin object */
209 if ( !Skin::existsID($skinid) )
214 /* NOTE: 3. initializing each members */
215 self::$skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
217 self::$extrahead = '';
219 self::$headMess = '';
220 self::$aOptions = '';
228 * @param string $action action to be performed
231 static public function action($action)
233 global $CONF, $manager, $member;
235 /* 1. decide action name */
236 $customAction = postvar('customaction');
237 if ( empty($customAction) )
240 'login' => 'overview',
247 'login' => $customAction,
251 if ( array_key_exists($action, $alias) && isset($alias[$action]) )
253 $action = $alias[$action];
255 $method_name = "action_{$action}";
256 self::$action = strtolower($action);
258 /* 2. check ticket-needed action */
259 if ( !in_array(self::$action, self::$ticketless_actions) && !$manager->checkTicket() )
261 self::error(_ERROR_BADTICKET);
265 /* 3. parse according to the action */
266 else if ( method_exists('Admin', $method_name) )
268 call_user_func(array(__CLASS__, $method_name));
271 /* 4. parse special admin skin */
272 elseif ( in_array(self::$action, self::$skinless_actions) )
274 /* TODO: need to be implemented or not?
275 self::action_parseSpecialskin();
280 self::error(_BADACTION . ENTITY::hsc($action));
288 * Action::action_showlogin()
293 static private function action_showlogin()
296 self::action_login($error);
301 * Action::action_login()
303 * @param string $msg message for pageheader
304 * @param integer $passvars ???
306 static private function action_login($msg = '', $passvars = 1)
310 // skip to overview when allowed
311 if ( $member->isLoggedIn() && $member->canLogin() )
313 self::action_overview();
317 /* TODO: needless variable??? */
318 self::$passvar = $passvars;
321 self::$headMess = $msg;
324 self::$skin->parse('showlogin');
328 * Action::action_overview()
329 * provides a screen with the overview of the actions available
331 * @param string $msg message for pageheader
334 static private function action_overview($msg = '')
338 self::$headMess = $msg;
341 self::$skin->parse('overview');
346 * Admin::action_manage()
348 * @param string $msg message for pageheader
351 static private function action_manage($msg = '')
357 self::$headMess = $msg;
359 $member->isAdmin() or self::disallow();
361 self::$skin->parse('manage');
366 * Action::action_itemlist()
368 * @param integer id for weblod
371 static private function action_itemlist($blogid = '')
373 global $member, $manager, $CONF;
377 $blogid = intRequestVar('blogid');
380 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
382 self::$skin->parse('itemlist');
387 * Action::action_batchitem()
392 static private function action_batchitem()
394 global $member, $manager;
396 $member->isLoggedIn() or self::disallow();
398 $selected = requestIntArray('batch');
399 $action = requestVar('batchaction');
401 if ( !is_array($selected) || sizeof($selected) == 0 )
403 self::error(_BATCH_NOSELECTION);
407 // On move: when no destination blog/category chosen, show choice now
408 $destCatid = intRequestVar('destcatid');
409 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
411 self::batchMoveSelectDestination('item', $selected);
414 // On delete: check if confirmation has been given
415 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
417 self::batchAskDeleteConfirmation('item', $selected);
420 self::$skin->parse('batchitem');
425 * Action::action_batchcomment()
430 static private function action_batchcomment()
434 $member->isLoggedIn() or self::disallow();
436 $selected = requestIntArray('batch');
437 $action = requestVar('batchaction');
439 // Show error when no items were selected
440 if ( !is_array($selected) || sizeof($selected) == 0 )
442 self::error(_BATCH_NOSELECTION);
446 // On delete: check if confirmation has been given
447 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
449 self::batchAskDeleteConfirmation('comment', $selected);
452 self::$skin->parse('batchcomment');
457 * Admin::action_batchmember()
462 static private function action_batchmember()
466 ($member->isLoggedIn() && $member->isAdmin()) or self::disallow();
468 $selected = requestIntArray('batch');
469 $action = requestVar('batchaction');
471 // Show error when no members selected
472 if ( !is_array($selected) || sizeof($selected) == 0 )
474 self::error(_BATCH_NOSELECTION);
478 // On delete: check if confirmation has been given
479 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
481 self::batchAskDeleteConfirmation('member',$selected);
484 self::$skin->parse('batchmember');
489 * Admin::action_batchteam()
494 static private function action_batchteam()
498 $blogid = intRequestVar('blogid');
500 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or self::disallow();
502 $selected = requestIntArray('batch');
503 $action = requestVar('batchaction');
505 if ( !is_array($selected) || sizeof($selected) == 0 )
507 self::error(_BATCH_NOSELECTION);
511 // On delete: check if confirmation has been given
512 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
514 self::batchAskDeleteConfirmation('team',$selected);
517 self::$skin->parse('batchteam');
522 * Admin::action_batchcategory()
527 static private function action_batchcategory()
529 global $member, $manager;
531 $member->isLoggedIn() or self::disallow();
533 $selected = requestIntArray('batch');
534 $action = requestVar('batchaction');
536 if ( !is_array($selected) || sizeof($selected) == 0 )
538 self::error(_BATCH_NOSELECTION);
542 // On move: when no destination blog chosen, show choice now
543 $destBlogId = intRequestVar('destblogid');
544 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
546 self::batchMoveCategorySelectDestination('category', $selected);
549 // On delete: check if confirmation has been given
550 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
552 self::batchAskDeleteConfirmation('category', $selected);
555 self::$skin->parse('batchcategory');
560 * Admin::batchMoveSelectDestination()
562 * @param string $type type of batch action
563 * @param integer $ids needless???
566 * TODO: remove needless argument
568 static private function batchMoveSelectDestination($type, $ids)
570 $_POST['batchmove'] = $type;
571 self::$skin->parse('batchmove');
576 * Admin::batchMoveCategorySelectDestination()
578 * @param string $type type of batch action
579 * @param integer $ids needless???
582 * TODO: remove needless argument
584 static private function batchMoveCategorySelectDestination($type, $ids)
586 $_POST['batchmove'] = $type;
588 self::$skin->parse('batchmovecat');
593 * Admin::batchAskDeleteConfirmation()
595 * @param string $type type of batch action
596 * @param integer $ids needless???
599 * TODO: remove needless argument
601 static private function batchAskDeleteConfirmation($type, $ids)
603 self::$skin->parse('batchdelete');
608 * Admin::action_browseownitems()
613 static private function action_browseownitems()
615 global $member, $manager, $CONF;
617 self::$skin->parse('browseownitems');
622 * Admin::action_itemcommentlist()
623 * Show all the comments for a given item
625 * @param integer $itemid ID for item
628 static private function action_itemcommentlist($itemid = '')
630 global $member, $manager, $CONF;
634 $itemid = intRequestVar('itemid');
637 // only allow if user is allowed to alter item
638 $member->canAlterItem($itemid) or self::disallow();
640 $item =& $manager->getItem($itemid, 1, 1);
641 $_REQUEST['itemid'] = $item['itemid'];
642 $_REQUEST['blogid'] = $item['blogid'];
644 self::$skin->parse('itemcommentlist');
649 * Admin::action_browseowncomments()
650 * Browse own comments
655 static private function action_browseowncomments()
657 self::$skin->parse('browseowncomments');
662 * Admin::action_blogcommentlist()
663 * Browse all comments for a weblog
665 * @param integer $blogid ID for weblog
668 static private function action_blogcommentlist($blogid = '')
670 global $member, $manager, $CONF;
674 $blogid = intRequestVar('blogid');
678 $blogid = intval($blogid);
681 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
683 /* TODO: we consider to use the other way insterad of this */
684 $_REQUEST['blogid'] = $blogid;
686 self::$skin->parse('blogcommentlist');
691 * Admin::action_createaccount()
696 static private function action_createaccount()
700 if ( $CONF['AllowMemberCreate'] != 1 )
702 self::$skin->parse('createaccountdisable');
718 if ( array_key_exists('showform', $_POST) && $_POST['showform'] == 1 )
720 $action = new Action();
721 $message = $action->createAccount();
722 if ( $message === 1 )
724 self::$headMess = $message;
725 self::$skin->parse('createaccountsuccess');
729 /* TODO: validation */
730 if ( array_key_exists('name', $_POST) )
732 $contents['name'] = $_POST['name'];
734 if ( array_key_exists('realname', $_POST) )
736 $contents['realname'] = $_POST['realname'];
738 if ( array_key_exists('email', $_POST) )
740 $contents['email'] = $_POST['email'];
742 if ( array_key_exists('url', $_POST) )
744 $contents['url'] = $_POST['url'];
747 self::$contents = $contents;
751 self::$skin->parse('createaccountinput');
756 * Admin::action_createitem()
757 * Provide a page to item a new item to the given blog
762 static private function action_createitem()
764 global $member, $manager;
766 $blogid = intRequestVar('blogid');
769 $member->teamRights($blogid) or self::disallow();
771 $blog =& $manager->getBlog($blogid);
776 'contents' => &$contents
778 $manager->notify('PreAddItemForm', $data);
780 if ( $blog->convertBreaks() )
782 if ( array_key_exists('body', $contents) && !empty($contents['body']) )
784 $contents['body'] = removeBreaks($contents['body']);
786 if ( array_key_exists('more', $contents) && !empty($contents['more']) )
788 $contents['more'] = removeBreaks($contents['more']);
792 self::$blog = &$blog;
793 self::$contents = &$contents;
795 self::$skin->parse('createitem');
800 * Admin::action_itemedit()
805 static private function action_itemedit()
807 global $member, $manager;
809 $itemid = intRequestVar('itemid');
811 // only allow if user is allowed to alter item
812 $member->canAlterItem($itemid) or self::disallow();
814 $item =& $manager->getItem($itemid, 1, 1);
815 $blog =& $manager->getBlog($item['blogid']);
816 $data = array('blog'=> &$blog, 'item' => &$item);
817 $manager->notify('PrepareItemForEdit', $data);
819 if ( $blog->convertBreaks() )
821 if ( array_key_exists('body', $item) && !empty($item['body']) )
823 $item['body'] = removeBreaks($item['body']);
825 if ( array_key_exists('more', $item) && !empty($item['more']) )
827 $item['more'] = removeBreaks($item['more']);
831 self::$blog = &$blog;
832 self::$contents = &$item;
834 self::$skin->parse('itemedit');
839 * Admin::action_itemupdate()
844 static private function action_itemupdate()
846 global $member, $manager, $CONF;
848 $itemid = intRequestVar('itemid');
849 $catid = postVar('catid');
851 // only allow if user is allowed to alter item
852 $member->canUpdateItem($itemid, $catid) or self::disallow();
854 $actiontype = postVar('actiontype');
856 // delete actions are handled by itemdelete (which has confirmation)
857 if ( $actiontype == 'delete' )
859 self::action_itemdelete();
863 $body = postVar('body');
864 $title = postVar('title');
865 $more = postVar('more');
866 $closed = intPostVar('closed');
867 $draftid = intPostVar('draftid');
869 // default action = add now
872 $actiontype='addnow';
875 // create new category if needed
876 if ( i18n::strpos($catid,'newcat') === 0 )
879 list($blogid) = sscanf($catid,"newcat-%d");
882 $blog =& $manager->getBlog($blogid);
883 $catid = $blog->createNewCategory();
885 // show error when sth goes wrong
888 self::doError(_ERROR_CATCREATEFAIL);
893 * set some variables based on actiontype
896 * draft items -> addnow, addfuture, adddraft, delete
897 * non-draft items -> edit, changedate, delete
900 * $timestamp: set to a nonzero value for future dates or date changes
901 * $wasdraft: set to 1 when the item used to be a draft item
902 * $publish: set to 1 when the edited item is not a draft
904 $blogid = getBlogIDFromItemID($itemid);
905 $blog =& $manager->getBlog($blogid);
907 $wasdrafts = array('adddraft', 'addfuture', 'addnow');
908 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
909 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
910 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
912 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
919 // edit the item for real
920 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
922 self::updateFuturePosted($blogid);
926 // delete permission is checked inside Item::delete()
927 Item::delete($draftid);
930 if ( $catid != intPostVar('catid') )
932 self::action_categoryedit(
935 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
940 // TODO: set start item correctly for itemlist
941 $item =& $manager->getitem($itemid, 1, 1);
942 $query = "SELECT COUNT(*) FROM %s WHERE unix_timestamp(itime) <= '%s';";
943 $query = sprintf($query, sql_table('item'), $item['timestamp']);
944 $cnt = DB::getValue($query);
945 $_REQUEST['start'] = $cnt + 1;
946 self::action_itemlist(getBlogIDFromItemID($itemid));
952 * Admin::action_itemdelete()
958 static private function action_itemdelete()
960 global $member, $manager;
962 $itemid = intRequestVar('itemid');
964 // only allow if user is allowed to alter item
965 $member->canAlterItem($itemid) or self::disallow();
967 if ( !$manager->existsItem($itemid,1,1) )
969 self::error(_ERROR_NOSUCHITEM);
973 self::$skin->parse('itemdelete');
978 * Admin::action_itemdeleteconfirm()
983 static private function action_itemdeleteconfirm()
985 global $member, $manager;
987 $itemid = intRequestVar('itemid');
989 // only allow if user is allowed to alter item
990 $member->canAlterItem($itemid) or self::disallow();
993 $item =& $manager->getItem($itemid, 1, 1);
995 // delete item (note: some checks will be performed twice)
996 self::deleteOneItem($item['itemid']);
998 self::action_itemlist($item['blogid']);
1003 * Admin::deleteOneItem()
1004 * Deletes one item and returns error if something goes wrong
1006 * @param integer $itemid ID for item
1009 static public function deleteOneItem($itemid)
1011 global $member, $manager;
1013 // only allow if user is allowed to alter item (also checks if itemid exists)
1014 if ( !$member->canAlterItem($itemid) )
1016 return _ERROR_DISALLOWED;
1019 // need to get blogid before the item is deleted
1020 $item =& $manager->getItem($itemid, 1, 1);
1022 $manager->loadClass('ITEM');
1023 Item::delete($item['itemid']);
1025 // update blog's futureposted
1026 self::updateFuturePosted($item['itemid']);
1031 * Admin::updateFuturePosted()
1032 * Update a blog's future posted flag
1034 * @param integer $blogid
1037 static private function updateFuturePosted($blogid)
1041 $blogid = intval($blogid);
1042 $blog =& $manager->getBlog($blogid);
1043 $currenttime = $blog->getCorrectTime(time());
1045 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
1046 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
1047 $result = DB::getResult($query);
1049 if ( $result->rowCount() > 0 )
1051 $blog->setFuturePost();
1055 $blog->clearFuturePost();
1061 * Admin::action_itemmove()
1066 static private function action_itemmove()
1068 global $member, $manager;
1070 $itemid = intRequestVar('itemid');
1072 $member->canAlterItem($itemid) or self::disallow();
1074 self::$skin->parse('itemmove');
1079 * Admin::action_itemmoveto()
1084 static private function action_itemmoveto()
1086 global $member, $manager;
1088 $itemid = intRequestVar('itemid');
1089 $catid = requestVar('catid');
1091 // create new category if needed
1092 if ( i18n::strpos($catid,'newcat') === 0 )
1095 list($blogid) = sscanf($catid,'newcat-%d');
1098 $blog =& $manager->getBlog($blogid);
1099 $catid = $blog->createNewCategory();
1101 // show error when sth goes wrong
1104 self::doError(_ERROR_CATCREATEFAIL);
1108 // only allow if user is allowed to alter item
1109 $member->canUpdateItem($itemid, $catid) or self::disallow();
1111 $old_blogid = getBlogIDFromItemId($itemid);
1113 Item::move($itemid, $catid);
1115 // set the futurePosted flag on the blog
1116 self::updateFuturePosted(getBlogIDFromItemId($itemid));
1118 // reset the futurePosted in case the item is moved from one blog to another
1119 self::updateFuturePosted($old_blogid);
1121 if ( $catid != intRequestVar('catid') )
1123 self::action_categoryedit($catid, $blog->getID());
1127 self::action_itemlist(getBlogIDFromCatID($catid));
1133 * Admin::moveOneItem()
1134 * Moves one item to a given category (category existance should be checked by caller)
1135 * errors are returned
1137 * @param integer $itemid ID for item
1138 * @param integer $destCatid ID for category to which the item will be moved
1141 static public function moveOneItem($itemid, $destCatid)
1145 // only allow if user is allowed to move item
1146 if ( !$member->canUpdateItem($itemid, $destCatid) )
1148 return _ERROR_DISALLOWED;
1151 Item::move($itemid, $destCatid);
1156 * Admin::action_additem()
1157 * Adds a item to the chosen blog
1162 static private function action_additem()
1164 global $manager, $CONF;
1166 $manager->loadClass('ITEM');
1168 $result = Item::createFromRequest();
1170 if ( $result['status'] == 'error' )
1172 self::error($result['message']);
1176 $item =& $manager->getItem($result['itemid'], 0, 0);
1178 if ( $result['status'] == 'newcategory' )
1180 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . $item['blogid']);
1181 self::action_categoryedit($result['catid'], $item['blogid'], $distURI);
1185 $methodName = 'action_itemlist';
1186 self::action_itemlist($item['blogid']);
1192 * Admin::action_commentedit()
1193 * Allows to edit previously made comments
1198 static private function action_commentedit()
1200 global $member, $manager;
1202 $commentid = intRequestVar('commentid');
1204 $member->canAlterComment($commentid) or self::disallow();
1206 $comment = Comment::getComment($commentid);
1207 $data = array('comment' => &$comment);
1208 $manager->notify('PrepareCommentForEdit', $data);
1210 self::$contents = $comment;
1211 self::$skin->parse('commentedit');
1216 * Admin::action_commentupdate()
1221 static private function action_commentupdate()
1223 global $member, $manager;
1225 $commentid = intRequestVar('commentid');
1227 $member->canAlterComment($commentid) or self::disallow();
1229 $url = postVar('url');
1230 $email = postVar('email');
1231 $body = postVar('body');
1233 // intercept words that are too long
1234 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
1236 self::error(_ERROR_COMMENT_LONGWORD);
1241 if ( i18n::strlen($body) < 3 )
1243 self::error(_ERROR_COMMENT_NOCOMMENT);
1247 if ( i18n::strlen($body) > 5000 )
1249 self::error(_ERROR_COMMENT_TOOLONG);
1254 $body = Comment::prepareBody($body);
1260 $manager->notify('PreUpdateComment', $data);
1262 $query = "UPDATE %s SET cmail=%s, cemail=%s, cbody=%s WHERE cnumber=%d;";
1263 $query = sprintf($query, sql_table('comment'), DB::quoteValue($url), DB::quoteValue($email), DB::quoteValue($body), (integer) $commentid);
1264 DB::execute($query);
1267 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
1268 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1270 $itemid = DB::getValue($query);
1272 if ( $member->canAlterItem($itemid) )
1274 self::action_itemcommentlist($itemid);
1278 self::action_browseowncomments();
1284 * Admin::action_commentdelete()
1290 static private function action_commentdelete()
1292 global $member, $manager;
1294 $commentid = intRequestVar('commentid');
1295 $member->canAlterComment($commentid) or self::disallow();
1297 self::$skin->parse('commentdelete');
1302 * Admin::action_commentdeleteconfirm()
1307 static private function action_commentdeleteconfirm()
1311 $commentid = intRequestVar('commentid');
1313 // get item id first
1314 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
1315 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1317 $itemid = DB::getValue($query);
1319 $error = self::deleteOneComment($commentid);
1322 self::doError($error);
1325 if ( $member->canAlterItem($itemid) )
1327 self::action_itemcommentlist($itemid);
1331 self::action_browseowncomments();
1337 * Admin::deleteOneComment()
1339 * @param integer $commentid ID for comment
1342 static public function deleteOneComment($commentid)
1344 global $member, $manager;
1346 $commentid = (integer) $commentid;
1348 if ( !$member->canAlterComment($commentid) )
1350 return _ERROR_DISALLOWED;
1354 'commentid' => $commentid
1357 $manager->notify('PreDeleteComment', $data);
1359 // delete the comments associated with the item
1360 $query = "DELETE FROM %s WHERE cnumber=%d;";
1361 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1362 DB::execute($query);
1365 'commentid' => $commentid
1368 $manager->notify('PostDeleteComment', $data);
1374 * Admin::action_usermanagement()
1375 * Usermanagement main
1380 static private function action_usermanagement()
1382 global $member, $manager;
1385 $member->isAdmin() or self::disallow();
1387 self::$skin->parse('usermanagement');
1392 * Admin::action_memberedit()
1393 * Edit member settings
1398 static private function action_memberedit()
1400 self::action_editmembersettings(intRequestVar('memberid'));
1405 * Admin::action_editmembersettings()
1407 * @param integer $memberid ID for member
1411 static private function action_editmembersettings($memberid = '')
1413 global $member, $manager, $CONF;
1415 if ( $memberid == '' )
1417 $memberid = $member->getID();
1420 /* TODO: we should consider to use the other way insterad of this */
1421 $_REQUEST['memberid'] = $memberid;
1424 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
1426 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
1428 self::$skin->parse('editmembersettings');
1433 * Admin::action_changemembersettings()
1438 static private function action_changemembersettings()
1440 global $member, $CONF, $manager;
1442 $memberid = intRequestVar('memberid');
1445 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
1447 $name = trim(strip_tags(postVar('name')));
1448 $realname = trim(strip_tags(postVar('realname')));
1449 $password = postVar('password');
1450 $repeatpassword = postVar('repeatpassword');
1451 $email = strip_tags(postVar('email'));
1452 $url = strip_tags(postVar('url'));
1453 $adminskin = intPostVar('adminskin');
1454 $bookmarklet = intPostVar('bookmarklet');
1456 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
1457 if ( !preg_match('#^https?://#', $url) )
1459 $url = 'http://' . $url;
1462 $admin = postVar('admin');
1463 $canlogin = postVar('canlogin');
1464 $notes = strip_tags(postVar('notes'));
1465 $locale = postVar('locale');
1467 $mem =& $manager->getMember($memberid);
1469 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
1471 if ( !isValidDisplayName($name) )
1473 self::error(_ERROR_BADNAME);
1477 if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
1479 self::error(_ERROR_NICKNAMEINUSE);
1483 if ( $password != $repeatpassword )
1485 self::error(_ERROR_PASSWORDMISMATCH);
1489 if ( $password && (i18n::strlen($password) < 6) )
1491 self::error(_ERROR_PASSWORDTOOSHORT);
1501 'password' => $password,
1502 'errormessage' => &$pwderror,
1503 'valid' => &$pwdvalid
1505 $manager->notify('PrePasswordSet', $data);
1509 self::error($pwderror);
1515 if ( !NOTIFICATION::address_validation($email) )
1517 self::error(_ERROR_BADMAILADDRESS);
1522 self::error(_ERROR_REALNAMEMISSING);
1525 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
1527 self::error(_ERROR_NOSUCHTRANSLATION);
1531 // check if there will remain at least one site member with both the logon and admin rights
1532 // (check occurs when taking away one of these rights from such a member)
1533 if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
1534 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1537 $r = DB::getResult('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1538 if ( $r->rowCount() < 2 )
1540 self::error(_ERROR_ATLEASTONEADMIN);
1545 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
1547 $mem->setDisplayName($name);
1550 $mem->setPassword($password);
1554 $oldEmail = $mem->getEmail();
1556 $mem->setRealName($realname);
1557 $mem->setEmail($email);
1559 $mem->setNotes($notes);
1560 $mem->setLocale($locale);
1561 $mem->setAdminSkin($adminskin);
1562 $mem->setBookmarklet($bookmarklet);
1564 // only allow super-admins to make changes to the admin status
1565 if ( $member->isAdmin() )
1567 $mem->setAdmin($admin);
1568 $mem->setCanLogin($canlogin);
1571 $autosave = postVar('autosave');
1572 $mem->setAutosave($autosave);
1576 // store plugin options
1577 $aOptions = requestArray('plugoption');
1578 NucleusPlugin::apply_plugin_options($aOptions);
1580 'context' => 'member',
1581 'memberid' => $memberid,
1584 $manager->notify('PostPluginOptionsUpdate', $data);
1586 // if email changed, generate new password
1587 if ( $oldEmail != $mem->getEmail() )
1589 $mem->sendActivationLink('addresschange', $oldEmail);
1591 $mem->newCookieKey();
1593 // only log out if the member being edited is the current member.
1594 if ( $member->getID() == $memberid )
1598 self::action_login(_MSG_ACTIVATION_SENT, 0);
1602 if ( ($mem->getID() == $member->getID())
1603 && ($mem->getDisplayName() != $member->getDisplayName()) )
1605 $mem->newCookieKey();
1607 self::action_login(_MSG_LOGINAGAIN, 0);
1611 self::action_overview(_MSG_SETTINGSCHANGED);
1617 * Admin::action_memberadd()
1623 static private function action_memberadd()
1625 global $member, $manager;
1628 $member->isAdmin() or self::disallow();
1630 if ( postVar('password') != postVar('repeatpassword') )
1632 self::error(_ERROR_PASSWORDMISMATCH);
1636 if ( i18n::strlen(postVar('password')) < 6 )
1638 self::error(_ERROR_PASSWORDTOOSHORT);
1642 $res = Member::create(
1644 postVar('realname'),
1645 postVar('password'),
1649 postVar('canlogin'),
1659 // fire PostRegister event
1660 $newmem = new Member();
1661 $newmem->readFromName(postVar('name'));
1663 'member' => &$newmem
1665 $manager->notify('PostRegister', $data);
1667 self::action_usermanagement();
1672 * Admin::action_forgotpassword()
1677 static private function action_forgotpassword()
1679 self::$skin->parse('forgotpassword');
1684 * Admin::action_activate()
1685 * Account activation
1690 static private function action_activate()
1692 $key = getVar('key');
1693 self::showActivationPage($key);
1698 * Admin::showActivationPage()
1703 static private function showActivationPage($key, $message = '')
1707 // clean up old activation keys
1708 Member::cleanupActivationTable();
1710 // get activation info
1711 $info = Member::getActivationInfo($key);
1715 self::error(_ERROR_ACTIVATE);
1719 $mem =& $manager->getMember($info->vmember);
1723 self::error(_ERROR_ACTIVATE);
1727 /* TODO: we should consider to use the other way insterad of this */
1728 $_POST['ackey'] = $key;
1729 $_POST['bNeedsPasswordChange'] = TRUE;
1731 self::$headMess = $message;
1732 self::$skin->parse('activate');
1737 * Admin::action_activatesetpwd()
1738 * Account activation - set password part
1743 static private function action_activatesetpwd()
1746 $key = postVar('key');
1748 // clean up old activation keys
1749 Member::cleanupActivationTable();
1751 // get activation info
1752 $info = Member::getActivationInfo($key);
1754 if ( !$info || ($info->type == 'addresschange') )
1756 return self::showActivationPage($key, _ERROR_ACTIVATE);
1759 $mem =& $manager->getMember($info->vmember);
1763 return self::showActivationPage($key, _ERROR_ACTIVATE);
1766 $password = postVar('password');
1767 $repeatpassword = postVar('repeatpassword');
1769 if ( $password != $repeatpassword )
1771 return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH);
1774 if ( $password && (i18n::strlen($password) < 6) )
1776 return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
1785 'password' => $password,
1786 'errormessage' => &$pwderror,
1787 'valid' => &$pwdvalid
1789 $manager->notify('PrePasswordSet', $data);
1792 return self::showActivationPage($key,$pwderror);
1799 'type' => 'activation',
1803 $manager->notify('ValidateForm', $data);
1806 return self::showActivationPage($key, $error);
1810 $mem->setPassword($password);
1813 // do the activation
1814 Member::activate($key);
1816 self::$skin->parse('activatesetpwd');
1821 * Admin::action_manageteam()
1827 static private function action_manageteam()
1829 global $member, $manager;
1831 $blogid = intRequestVar('blogid');
1834 $member->blogAdminRights($blogid) or self::disallow();
1836 self::$skin->parse('manageteam');
1841 * Admin::action_teamaddmember()
1842 * Add member to team
1847 static private function action_teamaddmember()
1849 global $member, $manager;
1851 $memberid = intPostVar('memberid');
1852 $blogid = intPostVar('blogid');
1853 $admin = intPostVar('admin');
1856 $member->blogAdminRights($blogid) or self::disallow();
1858 $blog =& $manager->getBlog($blogid);
1859 if ( !$blog->addTeamMember($memberid, $admin) )
1861 self::error(_ERROR_ALREADYONTEAM);
1865 self::action_manageteam();
1870 * Admin::action_teamdelete()
1875 static private function action_teamdelete()
1877 global $member, $manager;
1879 $memberid = intRequestVar('memberid');
1880 $blogid = intRequestVar('blogid');
1883 $member->blogAdminRights($blogid) or self::disallow();
1885 $teammem =& $manager->getMember($memberid);
1886 $blog =& $manager->getBlog($blogid);
1888 self::$skin->parse('teamdelete');
1893 * Admin::action_teamdeleteconfirm()
1898 static private function action_teamdeleteconfirm()
1902 $memberid = intRequestVar('memberid');
1903 $blogid = intRequestVar('blogid');
1905 $error = self::deleteOneTeamMember($blogid, $memberid);
1908 self::error($error);
1911 self::action_manageteam();
1916 * Admin::deleteOneTeamMember()
1921 static public function deleteOneTeamMember($blogid, $memberid)
1923 global $member, $manager;
1925 $blogid = intval($blogid);
1926 $memberid = intval($memberid);
1929 if ( !$member->blogAdminRights($blogid) )
1931 return _ERROR_DISALLOWED;
1934 // check if: - there remains at least one blog admin
1935 // - (there remains at least one team member)
1936 $tmem =& $manager->getMember($memberid);
1943 $manager->notify('PreDeleteTeamMember', $data);
1945 if ( $tmem->isBlogAdmin($blogid) )
1947 /* TODO: why we did double check? */
1948 // check if there are more blog members left and at least one admin
1949 // (check for at least two admins before deletion)
1950 $query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;";
1951 $query = sprintf($query, sql_table('team'), (integer) $blogid);
1952 $r = DB::getResult($query);
1953 if ( $r->rowCount() < 2 )
1955 return _ERROR_ATLEASTONEBLOGADMIN;
1959 $query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;";
1960 $query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid);
1961 DB::execute($query);
1967 $manager->notify('PostDeleteTeamMember', $data);
1973 * Admin::action_teamchangeadmin()
1978 static private function action_teamchangeadmin()
1980 global $manager, $member;
1982 $blogid = intRequestVar('blogid');
1983 $memberid = intRequestVar('memberid');
1986 $member->blogAdminRights($blogid) or self::disallow();
1988 $mem =& $manager->getMember($memberid);
1990 // don't allow when there is only one admin at this moment
1991 if ( $mem->isBlogAdmin($blogid) )
1993 $query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;";
1994 $query = sprintf($query, sql_table('team'), (integer) $blogid);
1995 $r = DB::getResult($query);
1996 if ( $r->rowCount() == 1 )
1998 self::error(_ERROR_ATLEASTONEBLOGADMIN);
2003 if ( $mem->isBlogAdmin($blogid) )
2012 $query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;";
2013 $query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid);
2014 DB::execute($query);
2016 // only show manageteam if member did not change its own admin privileges
2017 if ( $member->isBlogAdmin($blogid) )
2019 self::action_manageteam();
2023 self::action_overview(_MSG_ADMINCHANGED);
2029 * Admin::action_blogsettings()
2034 static private function action_blogsettings()
2036 global $member, $manager;
2038 $blogid = intRequestVar('blogid');
2041 $member->blogAdminRights($blogid) or self::disallow();
2043 $blog =& $manager->getBlog($blogid);
2045 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
2047 self::$skin->parse('blogsettings');
2052 * Admin::action_categorynew()
2057 static private function action_categorynew()
2059 global $member, $manager;
2061 $blogid = intRequestVar('blogid');
2063 $member->blogAdminRights($blogid) or self::disallow();
2065 $cname = postVar('cname');
2066 $cdesc = postVar('cdesc');
2068 if ( !isValidCategoryName($cname) )
2070 self::error(_ERROR_BADCATEGORYNAME);
2074 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d;";
2075 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid);
2076 $res = DB::getResult($query);
2077 if ( $res->rowCount() > 0 )
2079 self::error(_ERROR_DUPCATEGORYNAME);
2083 $blog =& $manager->getBlog($blogid);
2084 $newCatID = $blog->createNewCategory($cname, $cdesc);
2086 self::action_blogsettings();
2091 * Admin::action_categoryedit()
2096 static private function action_categoryedit($catid = '', $blogid = '', $desturl = '')
2098 global $member, $manager;
2100 if ( $blogid == '' )
2102 $blogid = intGetVar('blogid');
2106 $blogid = intval($blogid);
2110 $catid = intGetVar('catid');
2114 $catid = intval($catid);
2117 /* TODO: we should consider to use the other way insterad of this */
2118 $_REQUEST['blogid'] = $blogid;
2119 $_REQUEST['catid'] = $catid;
2120 $_REQUEST['desturl'] = $desturl;
2121 $member->blogAdminRights($blogid) or self::disallow();
2123 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
2125 self::$skin->parse('categoryedit');
2130 * Admin::action_categoryupdate()
2135 static private function action_categoryupdate()
2137 global $member, $manager;
2139 $blogid = intPostVar('blogid');
2140 $catid = intPostVar('catid');
2141 $cname = postVar('cname');
2142 $cdesc = postVar('cdesc');
2143 $desturl = postVar('desturl');
2145 $member->blogAdminRights($blogid) or self::disallow();
2147 if ( !isValidCategoryName($cname) )
2149 self::error(_ERROR_BADCATEGORYNAME);
2153 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d AND not(catid=%d);";
2154 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid, (integer) $catid);
2155 $res = DB::getResult($query);
2156 if ( $res->rowCount() > 0 )
2158 self::error(_ERROR_DUPCATEGORYNAME);
2162 $query = "UPDATE %s SET cname=%s, cdesc=%s WHERE catid=%d;";
2163 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), DB::quoteValue($cdesc), (integer) $catid);
2164 DB::execute($query);
2166 // store plugin options
2167 $aOptions = requestArray('plugoption');
2168 NucleusPlugin::apply_plugin_options($aOptions);
2170 'context' => 'category',
2173 $manager->notify('PostPluginOptionsUpdate', $data);
2181 self::action_blogsettings();
2187 * Admin::action_categorydelete()
2192 static private function action_categorydelete()
2194 global $member, $manager;
2196 $blogid = intRequestVar('blogid');
2197 $catid = intRequestVar('catid');
2199 $member->blogAdminRights($blogid) or self::disallow();
2201 $blog =& $manager->getBlog($blogid);
2203 // check if the category is valid
2204 if ( !$blog->isValidCategory($catid) )
2206 self::error(_ERROR_NOSUCHCATEGORY);
2210 // don't allow deletion of default category
2211 if ( $blog->getDefaultCategory() == $catid )
2213 self::error(_ERROR_DELETEDEFCATEGORY);
2217 // check if catid is the only category left for blogid
2218 $query = "SELECT catid FROM %s WHERE cblog=%d;";
2219 $query = sprintf($query, sql_table('category'), $blogid);
2220 $res = DB::getResult($query);
2221 if ( $res->rowCount() == 1 )
2223 self::error(_ERROR_DELETELASTCATEGORY);
2227 self::$skin->parse('categorydelete');
2232 * Admin::action_categorydeleteconfirm()
2237 static private function action_categorydeleteconfirm()
2239 global $member, $manager;
2241 $blogid = intRequestVar('blogid');
2242 $catid = intRequestVar('catid');
2244 $member->blogAdminRights($blogid) or self::disallow();
2246 $error = self::deleteOneCategory($catid);
2249 self::error($error);
2253 self::action_blogsettings();
2258 * Admin::deleteOneCategory()
2259 * Delete a category by its id
2261 * @param String $catid category id for deleting
2264 static public function deleteOneCategory($catid)
2266 global $manager, $member;
2268 $catid = intval($catid);
2269 $blogid = getBlogIDFromCatID($catid);
2271 if ( !$member->blogAdminRights($blogid) )
2273 return ERROR_DISALLOWED;
2277 $blog =& $manager->getBlog($blogid);
2279 // check if the category is valid
2280 if ( !$blog || !$blog->isValidCategory($catid) )
2282 return _ERROR_NOSUCHCATEGORY;
2285 $destcatid = $blog->getDefaultCategory();
2287 // don't allow deletion of default category
2288 if ( $blog->getDefaultCategory() == $catid )
2290 return _ERROR_DELETEDEFCATEGORY;
2293 // check if catid is the only category left for blogid
2294 $query = "SELECT catid FROM %s WHERE cblog=%d;";
2295 $query = sprintf($query, sql_table('category'), (integer) $blogid);
2297 $res = DB::getResult($query);
2298 if ( $res->rowCount() == 1 )
2300 return _ERROR_DELETELASTCATEGORY;
2303 $data = array('catid' => $catid);
2304 $manager->notify('PreDeleteCategory', $data);
2306 // change category for all items to the default category
2307 $query = "UPDATE %s SET icat=%d WHERE icat=%d;";
2308 $query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid);
2309 DB::execute($query);
2311 // delete all associated plugin options
2312 NucleusPlugin::delete_option_values('category', (integer) $catid);
2315 $query = "DELETE FROM %s WHERE catid=%d;";
2316 $query = sprintf($query, sql_table('category'), (integer) $catid);
2317 DB::execute($query);
2319 $data = array('catid' => $catid);
2320 $manager->notify('PostDeleteCategory', $data);
2325 * Admin::moveOneCategory()
2326 * Delete a category by its id
2328 * @param int $catid category id for move
2329 * @param int $destblogid blog id for destination
2332 static public function moveOneCategory($catid, $destblogid)
2334 global $manager, $member;
2335 $catid = intval($catid);
2336 $destblogid = intval($destblogid);
2337 $blogid = getBlogIDFromCatID($catid);
2338 // mover should have admin rights on both blogs
2339 if (!$member->blogAdminRights($blogid)) {
2340 return _ERROR_DISALLOWED;
2342 if (!$member->blogAdminRights($destblogid)) {
2343 return _ERROR_DISALLOWED;
2345 // cannot move to self
2346 if ($blogid == $destblogid) {
2347 return _ERROR_MOVETOSELF;
2350 $blog =& $manager->getBlog($blogid);
2351 $destblog =& $manager->getBlog($destblogid);
2352 // check if the category is valid
2353 if (!$blog || !$blog->isValidCategory($catid)) {
2354 return _ERROR_NOSUCHCATEGORY;
2356 // don't allow default category to be moved
2357 if ($blog->getDefaultCategory() == $catid) {
2358 return _ERROR_MOVEDEFCATEGORY;
2362 'sourceblog' => &$blog,
2363 'destblog' => &$destblog
2365 $manager->notify('PreMoveCategory', $data);
2366 // update comments table (cblog)
2370 . sql_table('item') . ' '
2373 $items = sql_query(sprintf($query, $catid));
2374 while ($oItem = sql_fetch_object($items)) {
2376 . sql_table('comment') . ' '
2378 . ' cblog = %d' . ' '
2381 sql_query(sprintf($query, $destblogid, $oItem->inumber));
2384 // update items (iblog)
2386 . sql_table('item') . ' '
2391 sql_query(sprintf($query, $destblogid, $catid));
2395 . sql_table('category') . ' '
2397 . ' cblog = %d' . ' '
2400 sql_query(sprintf($query, $destblogid, $catid));
2404 'sourceblog' => &$blog,
2405 'destblog' => $destblog
2407 $manager->notify('PostMoveCategory', $data);
2412 * Admin::action_blogsettingsupdate
2413 * Updating blog settings
2418 static private function action_blogsettingsupdate()
2420 global $member, $manager;
2422 $blogid = intRequestVar('blogid');
2424 $member->blogAdminRights($blogid) or self::disallow();
2426 $blog =& $manager->getBlog($blogid);
2428 $notify_address = trim(postVar('notify'));
2429 $shortname = trim(postVar('shortname'));
2430 $updatefile = trim(postVar('update'));
2432 $notifyComment = intPostVar('notifyComment');
2433 $notifyVote = intPostVar('notifyVote');
2434 $notifyNewItem = intPostVar('notifyNewItem');
2436 if ( $notifyComment == 0 )
2440 if ( $notifyVote == 0 )
2444 if ( $notifyNewItem == 0 )
2448 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2450 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
2452 self::error(_ERROR_BADNOTIFY);
2456 if ( !isValidShortName($shortname) )
2458 self::error(_ERROR_BADSHORTBLOGNAME);
2462 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
2464 self::error(_ERROR_DUPSHORTBLOGNAME);
2467 // check if update file is writable
2468 if ( $updatefile && !is_writeable($updatefile) )
2470 self::error(_ERROR_UPDATEFILE);
2474 $blog->setName(trim(postVar('name')));
2475 $blog->setShortName($shortname);
2476 $blog->setNotifyAddress($notify_address);
2477 $blog->setNotifyType($notifyType);
2478 $blog->setMaxComments(postVar('maxcomments'));
2479 $blog->setCommentsEnabled(postVar('comments'));
2480 $blog->setTimeOffset(postVar('timeoffset'));
2481 $blog->setUpdateFile($updatefile);
2482 $blog->setURL(trim(postVar('url')));
2483 $blog->setDefaultSkin(intPostVar('defskin'));
2484 $blog->setDescription(trim(postVar('desc')));
2485 $blog->setPublic(postVar('public'));
2486 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2487 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
2488 $blog->setDefaultCategory(intPostVar('defcat'));
2489 $blog->setSearchable(intPostVar('searchable'));
2490 $blog->setEmailRequired(intPostVar('reqemail'));
2491 $blog->writeSettings();
2493 // store plugin options
2494 $aOptions = requestArray('plugoption');
2495 NucleusPlugin::apply_plugin_options($aOptions);
2498 'context' => 'blog',
2499 'blogid' => $blogid,
2502 $manager->notify('PostPluginOptionsUpdate', $data);
2504 self::action_overview(_MSG_SETTINGSCHANGED);
2509 * Admin::action_deleteblog()
2514 static private function action_deleteblog()
2516 global $member, $CONF, $manager;
2518 $blogid = intRequestVar('blogid');
2520 $member->blogAdminRights($blogid) or self::disallow();
2522 // check if blog is default blog
2523 if ( $CONF['DefaultBlog'] == $blogid )
2525 self::error(_ERROR_DELDEFBLOG);
2529 $blog =& $manager->getBlog($blogid);
2531 self::$skin->parse('deleteblog');
2536 * Admin::action_deleteblogconfirm()
2542 static private function action_deleteblogconfirm()
2544 global $member, $CONF, $manager;
2546 $blogid = intRequestVar('blogid');
2548 $data = array('blogid' => $blogid);
2549 $manager->notify('PreDeleteBlog', $data);
2551 $member->blogAdminRights($blogid) or self::disallow();
2553 // check if blog is default blog
2554 if ( $CONF['DefaultBlog'] == $blogid )
2556 self::error(_ERROR_DELDEFBLOG);
2560 // delete all comments
2561 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
2562 DB::execute($query);
2565 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
2566 DB::execute($query);
2568 // delete all team members
2569 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
2570 DB::execute($query);
2573 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
2574 DB::execute($query);
2576 // delete all categories
2577 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
2578 DB::execute($query);
2580 // delete all associated plugin options
2581 NucleusPlugin::delete_option_values('blog', $blogid);
2583 // delete the blog itself
2584 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
2585 DB::execute($query);
2587 $data = array('blogid' => $blogid);
2588 $manager->notify('PostDeleteBlog', $data);
2590 self::action_overview(_DELETED_BLOG);
2595 * Admin::action_memberdelete()
2600 static private function action_memberdelete()
2602 global $member, $manager;
2604 $memberid = intRequestVar('memberid');
2606 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
2608 $mem =& $manager->getMember($memberid);
2610 self::$skin->parse('memberdelete');
2615 * Admin::action_memberdeleteconfirm()
2620 static private function action_memberdeleteconfirm()
2624 $memberid = intRequestVar('memberid');
2626 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
2628 $error = self::deleteOneMember($memberid);
2631 self::error($error);
2635 if ( $member->isAdmin() )
2637 self::action_usermanagement();
2642 self::action_overview(_DELETED_MEMBER);
2649 * Admin::deleteOneMember()
2650 * Delete a member by id
2653 * @params Integer $memberid member id
2654 * @return String null string or error messages
2656 static public function deleteOneMember($memberid)
2660 $memberid = intval($memberid);
2661 $mem =& $manager->getMember($memberid);
2663 if ( !$mem->canBeDeleted() )
2665 return _ERROR_DELETEMEMBER;
2668 $data = array('member' => &$mem);
2669 $manager->notify('PreDeleteMember', $data);
2671 /* unlink comments from memberid */
2674 $query = "UPDATE %s SET cmember=0, cuser=%s WHERE cmember=%d;";
2675 $query = sprintf($query, sql_table('comment'), DB::quoteValue($mem->getDisplayName()), $memberid);
2676 DB::execute($query);
2679 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
2680 DB::execute($query);
2682 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
2683 DB::execute($query);
2685 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
2686 DB::execute($query);
2688 // delete all associated plugin options
2689 NucleusPlugin::delete_option_values('member', $memberid);
2691 $data = array('member' => &$mem);
2692 $manager->notify('PostDeleteMember', $data);
2698 * Admin::action_createnewlog()
2703 static private function action_createnewlog()
2705 global $member, $CONF, $manager;
2707 // Only Super-Admins can do this
2708 $member->isAdmin() or self::disallow();
2710 self::$skin->parse('createnewlog');
2715 * Admin::action_addnewlog()
2720 static private function action_addnewlog()
2722 global $member, $manager, $CONF;
2724 // Only Super-Admins can do this
2725 $member->isAdmin() or self::disallow();
2727 $bname = trim(postVar('name'));
2728 $bshortname = trim(postVar('shortname'));
2729 $btimeoffset = postVar('timeoffset');
2730 $bdesc = trim(postVar('desc'));
2731 $bdefskin = postVar('defskin');
2733 if ( !isValidShortName($bshortname) )
2735 self::error(_ERROR_BADSHORTBLOGNAME);
2739 if ( $manager->existsBlog($bshortname) )
2741 self::error(_ERROR_DUPSHORTBLOGNAME);
2747 'shortname' => &$bshortname,
2748 'timeoffset' => &$btimeoffset,
2749 'description' => &$bdesc,
2750 'defaultskin' => &$bdefskin
2752 $manager->notify('PreAddBlog', $data);
2754 // add slashes for sql queries
2755 $bname = DB::quoteValue($bname);
2756 $bshortname = DB::quoteValue($bshortname);
2757 $btimeoffset = DB::quoteValue($btimeoffset);
2758 $bdesc = DB::quoteValue($bdesc);
2759 $bdefskin = DB::quoteValue($bdefskin);
2762 $query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES (%s, %s, %s, %s, %s);";
2763 $query = sprintf($query, sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin);
2764 DB::execute($query);
2766 $blogid = DB::getInsertId();
2767 $blog =& $manager->getBlog($blogid);
2769 // create new category
2770 $catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME);
2771 $catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC);
2773 $query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)';
2774 DB::execute(sprintf($query, sql_table('category'), (integer) $blogid, DB::quoteValue($catdefname), DB::quoteValue($catdefdesc)));
2775 $catid = DB::getInsertId();
2777 // set as default category
2778 $blog->setDefaultCategory($catid);
2779 $blog->writeSettings();
2781 // create team member
2782 $query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);";
2783 $query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid);
2784 DB::execute($query);
2786 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
2787 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
2790 $blog->getDefaultCategory(),
2791 $itemdeftitle,$itemdefbody,
2795 $blog->getCorrectTime(),
2801 $data = array('blog' => &$blog);
2802 $manager->notify('PostAddBlog', $data);
2806 'name' => _EBLOGDEFAULTCATEGORY_NAME,
2807 'description' => _EBLOGDEFAULTCATEGORY_DESC,
2810 $manager->notify('PostAddCategory', $data);
2812 /* TODO: we should consider to use the other way insterad of this */
2813 $_REQUEST['blogid'] = $blogid;
2814 $_REQUEST['catid'] = $catid;
2815 self::$skin->parse('addnewlog');
2820 * Admin::action_addnewlog2()
2825 static private function action_addnewlog2()
2827 global $member, $manager;
2828 $blogid = intRequestVar('blogid');
2830 $member->blogAdminRights($blogid) or self::disallow();
2832 $burl = requestVar('url');
2834 $blog =& $manager->getBlog($blogid);
2835 $blog->setURL(trim($burl));
2836 $blog->writeSettings();
2838 self::action_overview(_MSG_NEWBLOG);
2843 * Admin::action_skinieoverview()
2848 static private function action_skinieoverview()
2850 global $member, $DIR_LIBS, $manager;
2852 $member->isAdmin() or self::disallow();
2854 include_once($DIR_LIBS . 'skinie.php');
2856 self::$skin->parse('skinieoverview');
2861 * Admin::action_skinieimport()
2866 static private function action_skinieimport()
2870 $member->isAdmin() or self::disallow();
2872 $skinFileRaw = postVar('skinfile');
2873 $mode = postVar('mode');
2875 $error = self::skinieimport($mode, $skinFileRaw);
2878 self::error($error);
2882 self::$skin->parse('skinieimport');
2887 * Admin::action_skiniedoimport()
2892 static private function action_skiniedoimport()
2894 global $member, $DIR_LIBS, $DIR_SKINS;
2896 $member->isAdmin() or self::disallow();
2898 // load skinie class
2899 include_once($DIR_LIBS . 'skinie.php');
2901 $mode = postVar('mode');
2902 $skinFileRaw = postVar('skinfile');
2903 $allowOverwrite = intPostVar('overwrite');
2905 $error = self::skiniedoimport($mode, $skinFileRaw, $allowOverwrite);
2912 self::$skin->parse('skiniedoimport');
2917 * Admin::action_skinieexport()
2922 static private function action_skinieexport()
2926 $member->isAdmin() or self::disallow();
2928 $aSkins = requestIntArray('skin');
2929 $aTemplates = requestIntArray('template');
2930 $info = postVar('info');
2932 self::skinieexport($aSkins, $aTemplates, $info);
2938 * Admin::action_templateoverview()
2943 static private function action_templateoverview()
2945 global $member, $manager;
2947 $member->isAdmin() or self::disallow();
2949 self::$skin->parse('templateoverview');
2954 * Admin::action_templateedit()
2956 * @param string $msg message for pageheader
2959 static private function action_templateedit($msg = '')
2961 global $member, $manager;
2964 self::$headMess = $msg;
2967 $templateid = intRequestVar('templateid');
2969 $member->isAdmin() or self::disallow();
2971 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/templateEdit.js)%>\"></script>\n";
2972 self::$extrahead .= "<script type=\"text/javascript\">setTemplateEditText('" . Entity::hsc(_EDITTEMPLATE_EMPTY) . "');</script>\n";
2974 self::$skin->parse('templateedit');
2979 * Admin::action_templateupdate()
2984 static private function action_templateupdate()
2986 global $member,$manager;
2988 $templateid = intRequestVar('templateid');
2990 $member->isAdmin() or self::disallow();
2992 $name = postVar('tname');
2993 $desc = postVar('tdesc');
2995 if ( !isValidTemplateName($name) )
2997 self::error(_ERROR_BADTEMPLATENAME);
3001 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
3003 self::error(_ERROR_DUPTEMPLATENAME);
3007 // 1. Remove all template parts
3008 $query = "DELETE FROM %s WHERE tdesc=%d;";
3009 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3010 DB::execute($query);
3012 // 2. Update description
3013 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
3014 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
3015 DB::execute($query);
3017 // 3. Add non-empty template parts
3018 self::addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));
3019 self::addToTemplate($templateid, 'ITEM', postVar('ITEM'));
3020 self::addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));
3021 self::addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));
3022 self::addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));
3023 self::addToTemplate($templateid, 'NEW', postVar('NEW'));
3024 self::addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));
3025 self::addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));
3026 self::addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));
3027 self::addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));
3028 self::addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));
3029 self::addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));
3030 self::addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));
3031 self::addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));
3032 self::addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));
3033 self::addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
3034 self::addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
3035 self::addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
3036 self::addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
3037 self::addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
3038 self::addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
3039 self::addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
3040 self::addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
3041 self::addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
3042 self::addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));
3043 self::addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));
3044 self::addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));
3045 self::addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));
3046 self::addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));
3047 self::addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
3048 self::addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));
3049 self::addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
3050 self::addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
3052 $data = array('fields' => array());
3053 $manager->notify('TemplateExtraFields', $data);
3054 foreach ( $data['fields'] as $pfkey=>$pfvalue )
3056 foreach ( $pfvalue as $pffield => $pfdesc )
3058 self::addToTemplate($templateid, $pffield, postVar($pffield));
3062 // jump back to template edit
3063 self::action_templateedit(_TEMPLATE_UPDATED);
3068 * Admin::addToTemplate()
3070 * @param Integer $id ID for template
3071 * @param String $partname parts name
3072 * @param String $content template contents
3073 * @return Integer record index
3076 static private function addToTemplate($id, $partname, $content)
3078 // don't add empty parts:
3079 if ( !trim($content) )
3084 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, %s, %s);";
3085 $query = sprintf($query, sql_table('template'), (integer) $id, DB::quoteValue($partname), DB::quoteValue($content));
3086 if ( DB::execute($query) === FALSE )
3088 $err = DB::getError();
3089 exit(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
3091 return DB::getInsertId();
3095 * Admin::action_templatedelete()
3100 static private function action_templatedelete()
3102 global $member, $manager;
3104 $member->isAdmin() or self::disallow();
3106 $templateid = intRequestVar('templateid');
3107 // TODO: check if template can be deleted
3109 self::$skin->parse('templatedelete');
3114 * Admin::action_templatedeleteconfirm()
3119 static private function action_templatedeleteconfirm()
3121 global $member, $manager;
3123 $templateid = intRequestVar('templateid');
3125 $member->isAdmin() or self::disallow();
3127 $data = array('templateid' => $templateid);
3128 $manager->notify('PreDeleteTemplate', $data);
3130 // 1. delete description
3131 DB::execute('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
3134 DB::execute('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
3137 $data = array('templateid' => $templateid);
3138 $manager->notify('PostDeleteTemplate', $data);
3140 self::action_templateoverview();
3145 * Admin::action_templatenew()
3150 static private function action_templatenew()
3154 $member->isAdmin() or self::disallow();
3156 $name = postVar('name');
3157 $desc = postVar('desc');
3159 if ( !isValidTemplateName($name) )
3161 self::error(_ERROR_BADTEMPLATENAME);
3165 if ( Template::exists($name) )
3167 self::error(_ERROR_DUPTEMPLATENAME);
3171 $newTemplateId = Template::createNew($name, $desc);
3173 self::action_templateoverview();
3178 * Admin::action_templateclone()
3183 static private function action_templateclone()
3187 $templateid = intRequestVar('templateid');
3189 $member->isAdmin() or self::disallow();
3191 // 1. read old template
3192 $name = Template::getNameFromId($templateid);
3193 $desc = Template::getDesc($templateid);
3195 // 2. create desc thing
3196 $name = "cloned" . $name;
3198 // if a template with that name already exists:
3199 if ( Template::exists($name) )
3202 while (Template::exists($name . $i))
3209 $newid = Template::createNew($name, $desc);
3212 // go through parts of old template and add them to the new one
3213 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
3214 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3216 $res = DB::getResult($query);
3217 foreach ( $res as $row)
3219 self::addToTemplate($newid, $row['tpartname'], $row['tcontent']);
3222 self::action_templateoverview();
3227 * Admin::action_admintemplateoverview()
3232 static private function action_admintemplateoverview()
3235 $member->isAdmin() or self::disallow();
3236 self::$skin->parse('admntemplateoverview');
3241 * Admin::action_admintemplateedit()
3243 * @param string $msg message for pageheader
3246 static private function action_admintemplateedit($msg = '')
3248 global $member, $manager;
3251 self::$headMess = $msg;
3253 $member->isAdmin() or self::disallow();
3255 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/templateEdit.js)%>\"></script>\n";
3256 self::$extrahead .= '<script type="text/javascript">setTemplateEditText("' . Entity::hsc(_EDITTEMPLATE_EMPTY) . '");</script>' . "\n";
3258 self::$skin->parse('admintemplateedit');
3263 * Admin::action_admintemplateupdate()
3268 static private function action_admintemplateupdate()
3270 global $member, $manager;
3271 $templateid = intRequestVar('templateid');
3272 $member->isAdmin() or self::disallow();
3273 $name = postVar('tname');
3274 $desc = postVar('tdesc');
3276 if ( !isValidTemplateName($name) )
3278 self::error(_ERROR_BADTEMPLATENAME);
3282 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
3284 self::error(_ERROR_DUPTEMPLATENAME);
3288 // 1. Remove all template parts
3289 $query = "DELETE FROM %s WHERE tdesc=%d;";
3290 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3291 DB::execute($query);
3293 // 2. Update description
3294 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
3295 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
3296 DB::execute($query);
3298 // 3. Add non-empty template parts
3299 self::addToTemplate($templateid, 'NORMALSKINLIST_HEAD', postVar('NORMALSKINLIST_HEAD'));
3300 self::addToTemplate($templateid, 'NORMALSKINLIST_BODY', postVar('NORMALSKINLIST_BODY'));
3301 self::addToTemplate($templateid, 'NORMALSKINLIST_FOOT', postVar('NORMALSKINLIST_FOOT'));
3302 self::addToTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON', postVar('ADMIN_CUSTOMHELPLINK_ICON'));
3303 self::addToTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR', postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
3304 self::addToTemplate($templateid, 'ADMIN_BLOGLINK', postVar('ADMIN_BLOGLINK'));
3305 self::addToTemplate($templateid, 'ADMIN_BATCHLIST', postVar('ADMIN_BATCHLIST'));
3306 self::addToTemplate($templateid, 'ACTIVATE_FORGOT_TITLE', postVar('ACTIVATE_FORGOT_TITLE'));
3307 self::addToTemplate($templateid, 'ACTIVATE_FORGOT_TEXT', postVar('ACTIVATE_FORGOT_TEXT'));
3308 self::addToTemplate($templateid, 'ACTIVATE_REGISTER_TITLE', postVar('ACTIVATE_REGISTER_TITLE'));
3309 self::addToTemplate($templateid, 'ACTIVATE_REGISTER_TEXT', postVar('ACTIVATE_REGISTER_TEXT'));
3310 self::addToTemplate($templateid, 'ACTIVATE_CHANGE_TITLE', postVar('ACTIVATE_CHANGE_TITLE'));
3311 self::addToTemplate($templateid, 'ACTIVATE_CHANGE_TEXT', postVar('ACTIVATE_CHANGE_TEXT'));
3312 self::addToTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME', postVar('TEMPLATE_EDIT_EXPLUGNAME'));
3313 self::addToTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD', postVar('TEMPLATE_EDIT_ROW_HEAD'));
3314 self::addToTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL', postVar('TEMPLATE_EDIT_ROW_TAIL'));
3315 self::addToTemplate($templateid, 'SPECIALSKINLIST_HEAD', postVar('SPECIALSKINLIST_HEAD'));
3316 self::addToTemplate($templateid, 'SPECIALSKINLIST_BODY', postVar('SPECIALSKINLIST_BODY'));
3317 self::addToTemplate($templateid, 'SPECIALSKINLIST_FOOT', postVar('SPECIALSKINLIST_FOOT'));
3318 self::addToTemplate($templateid, 'SYSTEMINFO_GDSETTINGS', postVar('SYSTEMINFO_GDSETTINGS'));
3319 self::addToTemplate($templateid, 'BANLIST_DELETED_LIST', postVar('BANLIST_DELETED_LIST'));
3320 self::addToTemplate($templateid, 'INSERT_PLUGOPTION_TITLE', postVar('INSERT_PLUGOPTION_TITLE'));
3321 self::addToTemplate($templateid, 'INSERT_PLUGOPTION_BODY', postVar('INSERT_PLUGOPTION_BODY'));
3322 self::addToTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN', postVar('INPUTYESNO_TEMPLATE_ADMIN'));
3323 self::addToTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL', postVar('INPUTYESNO_TEMPLATE_NORMAL'));
3324 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD', postVar('ADMIN_SPECIALSKINLIST_HEAD'));
3325 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY', postVar('ADMIN_SPECIALSKINLIST_BODY'));
3326 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT', postVar('ADMIN_SPECIALSKINLIST_FOOT'));
3327 self::addToTemplate($templateid, 'SKINIE_EXPORT_LIST', postVar('SKINIE_EXPORT_LIST'));
3328 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD', postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
3329 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY', postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
3330 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT', postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
3331 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
3332 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
3333 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
3334 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
3335 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
3336 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
3337 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
3338 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
3339 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
3340 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
3341 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
3342 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
3343 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
3344 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
3345 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
3346 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
3347 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
3348 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
3349 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
3350 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
3351 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
3352 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
3353 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
3354 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
3355 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
3356 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
3357 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
3358 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
3359 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
3360 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
3361 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
3362 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
3363 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
3364 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
3365 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
3366 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
3367 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
3368 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
3369 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
3370 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
3371 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
3372 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
3373 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
3374 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
3375 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
3376 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
3377 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
3378 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
3379 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
3380 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
3381 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
3382 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
3383 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
3384 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
3385 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
3386 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
3387 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
3388 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
3389 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
3390 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
3391 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
3392 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
3393 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
3394 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
3395 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
3396 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
3397 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
3398 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
3399 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
3400 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE', postVar('PLUGIN_QUICKMENU_TITLE'));
3401 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD', postVar('PLUGIN_QUICKMENU_HEAD'));
3402 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_BODY', postVar('PLUGIN_QUICKMENU_BODY'));
3403 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT', postVar('PLUGIN_QUICKMENU_FOOT'));
3405 $data = array('fields' => array());
3406 $manager->notify('AdminTemplateExtraFields', $data);
3407 foreach ( $data['fields'] as $pfkey => $pfvalue )
3409 foreach ( $pfvalue as $pffield => $pfdesc )
3411 self::addToTemplate($templateid, $pffield, postVar($pffield));
3415 // jump back to template edit
3416 self::action_admintemplateedit(_TEMPLATE_UPDATED);
3421 * Admin::action_admintemplatedelete()
3426 static private function action_admintemplatedelete()
3428 global $member, $manager;
3429 $member->isAdmin() or self::disallow();
3431 // TODO: check if template can be deleted
3432 self::$skin->parse('admintemplatedelete');
3437 * Admin::action_admintemplatedeleteconfirm()
3442 static private function action_admintemplatedeleteconfirm()
3444 global $member, $manager;
3446 $templateid = intRequestVar('templateid');
3447 $member->isAdmin() or self::disallow();
3449 $data = array('templateid' => $templateid);
3450 $manager->notify('PreDeleteAdminTemplate', $data);
3452 // 1. delete description
3453 $query = "DELETE FROM %s WHERE tdnumber=%s;";
3454 $query = sprintf($query, sql_table('template_desc'), (integer) $templateid);
3455 DB::execute($query);
3458 $query = "DELETE FROM %s WHERE tdesc=%d;";
3459 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3460 DB::execute($query);
3462 $data = array('templateid' => $templateid);
3463 $manager->notify('PostDeleteAdminTemplate', $data);
3465 self::action_admintemplateoverview();
3470 * Admin::action_admintemplatenew()
3475 static private function action_admintemplatenew()
3478 $member->isAdmin() or self::disallow();
3479 $name = postVar('name');
3480 $desc = postVar('desc');
3482 if ( !isValidTemplateName($name) )
3484 self::error(_ERROR_BADTEMPLATENAME);
3487 else if ( !preg_match('#^admin/#', $name) )
3489 self::error(_ERROR_BADADMINTEMPLATENAME);
3492 else if ( Template::exists($name) )
3494 self::error(_ERROR_DUPTEMPLATENAME);
3498 $newTemplateId = Template::createNew($name, $desc);
3499 self::action_admintemplateoverview();
3504 * Admin::action_admintemplateclone()
3509 static private function action_admintemplateclone()
3512 $templateid = intRequestVar('templateid');
3513 $member->isAdmin() or self::disallow();
3515 // 1. read old template
3516 $name = Template::getNameFromId($templateid);
3517 $desc = Template::getDesc($templateid);
3519 // 2. create desc thing
3520 $name = $name . "cloned";
3522 // if a template with that name already exists:
3523 if ( Template::exists($name) )
3526 while ( Template::exists($name . $i) )
3533 $newid = Template::createNew($name, $desc);
3536 // go through parts of old template and add them to the new one
3537 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
3538 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3540 $res = DB::getResult($query);
3541 foreach ( $res as $row )
3543 self::addToTemplate($newid, $row['tpartname'], $row['tcontent']);
3546 self::action_admintemplateoverview();
3551 * Admin::action_skinoverview()
3556 static private function action_skinoverview()
3558 global $member, $manager;
3560 $member->isAdmin() or self::disallow();
3562 self::$skin->parse('skinoverview');
3567 * Admin::action_skinnew()
3572 static private function action_skinnew()
3576 $member->isAdmin() or self::disallow();
3578 $name = trim(postVar('name'));
3579 $desc = trim(postVar('desc'));
3581 if ( !isValidSkinName($name) )
3583 self::error(_ERROR_BADSKINNAME);
3586 else if ( SKIN::exists($name) )
3588 self::error(_ERROR_DUPSKINNAME);
3592 SKIN::createNew($name, $desc);
3594 self::action_skinoverview();
3599 * Admin::action_skinedit()
3604 static private function action_skinedit()
3608 $member->isAdmin() or self::disallow();
3610 self::$skin->parse('skinedit');
3615 * Admin::action_skineditgeneral()
3620 static private function action_skineditgeneral()
3624 $skinid = intRequestVar('skinid');
3626 $member->isAdmin() or self::disallow();
3628 $error = self::skineditgeneral($skinid);
3631 self::error($error);
3635 self::action_skinedit();
3639 static private function action_skinedittype($msg = '')
3643 $member->isAdmin() or self::disallow();
3647 self::$headMess = $msg;
3650 $type = requestVar('type');
3651 $type = trim($type);
3652 $type = strtolower($type);
3654 if ( !isValidShortName($type) )
3656 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
3660 self::$skin->parse('skinedittype');
3665 * Admin::action_skinupdate()
3670 static private function action_skinupdate()
3672 global $manager, $member;
3674 $skinid = intRequestVar('skinid');
3675 $content = trim(postVar('content'));
3676 $type = postVar('type');
3678 $member->isAdmin() or self::disallow();
3680 $skin =& $manager->getSKIN($skinid);
3681 $skin->update($type, $content);
3683 self::action_skinedittype(_SKIN_UPDATED);
3688 * Admin::action_skindelete()
3693 static private function action_skindelete()
3695 global $CONF, $member;
3697 $member->isAdmin() or self::disallow();
3699 $skinid = intRequestVar('skinid');
3701 // don't allow default skin to be deleted
3702 if ( $skinid == $CONF['BaseSkin'] )
3704 self::error(_ERROR_DEFAULTSKIN);
3708 // don't allow deletion of default skins for blogs
3709 $query = "SELECT bname FROM %s WHERE bdefskin=%d";
3710 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
3712 $name = DB::getValue($query);
3715 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
3719 self::$skin->parse('skindelete');
3724 * Admin::action_skindeleteconfirm()
3729 static private function action_skindeleteconfirm()
3731 global $member, $CONF;
3733 $member->isAdmin() or self::disallow();
3735 $skinid = intRequestVar('skinid');
3737 // don't allow default skin to be deleted
3738 if ( $skinid == $CONF['BaseSkin'] )
3740 self::error(_ERROR_DEFAULTSKIN);
3744 // don't allow deletion of default skins for blogs
3745 $query = "SELECT bname FROM %s WHERE bdefskin=%d;";
3746 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
3748 $name = DB::getValue($query);
3751 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
3755 self::skindeleteconfirm($skinid);
3757 self::action_skinoverview();
3762 * Admin::action_skinremovetype()
3767 static private function action_skinremovetype()
3769 global $member, $CONF;
3771 $member->isAdmin() or self::disallow();
3773 $skinid = intRequestVar('skinid');
3774 $skintype = requestVar('type');
3776 if ( !isValidShortName($skintype) )
3778 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
3782 self::$skin->parse('skinremovetype');
3787 * Admin::action_skinremovetypeconfirm()
3792 static private function action_skinremovetypeconfirm()
3796 $member->isAdmin() or self::disallow();
3798 $skinid = intRequestVar('skinid');
3799 $skintype = requestVar('type');
3801 $error = self::skinremovetypeconfirm($skinid, $skintype);
3804 self::error($error);
3808 self::action_skinedit();
3813 * Admin::action_skinclone()
3818 static private function action_skinclone()
3822 $member->isAdmin() or self::disallow();
3824 $skinid = intRequestVar('skinid');
3826 self::skinclone($skinid);
3828 self::action_skinoverview();
3833 * Admin::action_adminskinoverview()
3838 static private function action_adminskinoverview()
3842 $member->isAdmin() or self::disallow();
3844 self::$skin->parse('adminskinoverview');
3849 * Admin::action_adminskinnew()
3854 static private function action_adminskinnew()
3858 $member->isAdmin() or self::disallow();
3860 $name = trim(postVar('name'));
3861 $desc = trim(postVar('desc'));
3863 if ( !isValidSkinName($name) )
3865 self::error(_ERROR_BADSKINNAME);
3868 else if ( !preg_match('#^admin/#', $name) )
3870 self::error(_ERROR_BADADMINSKINNAME);
3873 else if ( Skin::exists($name) )
3875 self::error(_ERROR_DUPSKINNAME);
3879 Skin::createNew($name, $desc);
3881 self::action_adminskinoverview();
3886 * Admin::action_adminskinedit()
3891 static private function action_adminskinedit()
3895 $member->isAdmin() or self::disallow();
3897 self::$skin->parse('adminskinedit');
3903 * Admin::action_adminskineditgeneral()
3908 static private function action_adminskineditgeneral()
3912 $skinid = intRequestVar('skinid');
3914 $member->isAdmin() or self::disallow();
3916 $error = self::skineditgeneral($skinid, 'AdminActions');
3919 self::error($error);
3923 self::action_adminskinedit();
3928 * Admin::action_adminskinedittype()
3930 * @param string $msg message for pageheader
3933 static private function action_adminskinedittype($msg = '')
3937 $member->isAdmin() or self::disallow();
3941 self::$headMess = $msg;
3943 $type = requestVar('type');
3944 $type = trim($type);
3945 $type = strtolower($type);
3947 if ( !isValidShortName($type) )
3949 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
3953 self::$skin->parse('adminskinedittype');
3958 * Admin::action_adminskinupdate()
3963 static private function action_adminskinupdate()
3965 global $manager, $member;
3967 $skinid = intRequestVar('skinid');
3968 $content = trim(postVar('content'));
3969 $type = postVar('type');
3971 $member->isAdmin() or self::disallow();
3973 $skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
3974 $skin->update($type, $content);
3976 self::action_adminskinedittype(_SKIN_UPDATED);
3981 * Admin::action_adminskindelete()
3986 static private function action_adminskindelete()
3988 global $CONF, $member;
3990 $member->isAdmin() or self::disallow();
3992 $skinid = intRequestVar('skinid');
3994 // don't allow default skin to be deleted
3995 if ( $skinid == $CONF['AdminSkin'] || $skinid == $CONF['BookmarkletSkin'] )
3997 self::error(_ERROR_DEFAULTSKIN);
4001 /* don't allow if someone use it as a default*/
4002 $query = 'SELECT * FROM %s WHERE madminskin = %d or mbkmklt = %d;';
4003 $res = DB::getResult(sprintf($query, sql_table('member'), $skinid, $skinid));
4006 while ( $row = $res->fetch() ) {
4007 $members[] = $row['mrealname'];
4009 if ( count($members) )
4011 self::error(_ERROR_SKINDEFDELETE . implode(' ' . _AND . ' ', $members));
4015 self::$skin->parse('adminskindelete');
4020 * Admin::action_adminskindeleteconfirm()
4025 static private function action_adminskindeleteconfirm()
4027 global $member, $CONF;
4029 $member->isAdmin() or self::disallow();
4031 $skinid = intRequestVar('skinid');
4033 // don't allow default skin to be deleted
4034 if ( $skinid == $CONF['AdminSkin'] || $skinid == $CONF['BookmarkletSkin'] )
4036 self::error(_ERROR_DEFAULTSKIN);
4040 /* don't allow if someone use it as a default*/
4041 $query = 'SELECT * FROM %s WHERE madminskin = %d or mbkmklt = %d;';
4042 $res = DB::getResult(sprintf($query, sql_table('member'), $skinid, $skinid));
4045 while ( $row = $res->fetch() ) {
4046 $members[] = $row['mrealname'];
4048 if ( count($members) )
4050 self::error(_ERROR_SKINDEFDELETE . implode(' ' . _AND . ' ', $members));
4054 self::skindeleteconfirm($skinid);
4056 self::action_adminskinoverview();
4061 * Admin::action_adminskinremovetype()
4066 static private function action_adminskinremovetype()
4068 global $member, $CONF;
4070 $member->isAdmin() or self::disallow();
4072 $skinid = intRequestVar('skinid');
4073 $skintype = requestVar('type');
4075 if ( !isValidShortName($skintype) )
4077 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
4081 self::$skin->parse('adminskinremovetype');
4086 * Admin::action_adminskinremovetypeconfirm()
4091 static private function action_adminskinremovetypeconfirm()
4095 $member->isAdmin() or self::disallow();
4097 $skinid = intRequestVar('skinid');
4098 $skintype = requestVar('type');
4100 $error = self::skinremovetypeconfirm($skinid, $skintype);
4103 self::error($error);
4107 self::action_adminskinedit();
4112 * Admin::action_adminskinclone()
4117 static private function action_adminskinclone()
4121 $member->isAdmin() or self::disallow();
4123 $skinid = intRequestVar('skinid');
4125 self::skinclone($skinid, 'AdminActions');
4127 self::action_adminskinoverview();
4132 * Admin::action_adminskinieoverview()
4137 static private function action_adminskinieoverview()
4141 $member->isAdmin() or self::disallow();
4143 self::$skin->parse('adminskinieoverview');
4148 * Admin::action_adminskinieimport()
4153 static private function action_adminskinieimport()
4157 $member->isAdmin() or self::disallow();
4159 $skinFileRaw = postVar('skinfile');
4160 $mode = postVar('mode');
4162 $error = self::skinieimport($mode, $skinFileRaw);
4165 self::error($error);
4169 if ( !is_object(self::$skin) )
4171 self::action_adminskiniedoimport();
4175 self::$skin->parse('adminskinieimport');
4181 * Admin::action_adminskiniedoimport()
4186 static private function action_adminskiniedoimport()
4188 global $DIR_SKINS, $member;
4190 $member->isAdmin() or self::disallow();
4192 $mode = postVar('mode');
4193 $skinFileRaw = postVar('skinfile');
4194 $allowOverwrite = intPostVar('overwrite');
4196 $error = self::skiniedoimport($mode, $skinFileRaw, $allowOverwrite);
4199 self::error($error);
4203 if ( !is_object(self::$skin) )
4206 $query = "SELECT min(sdnumber) FROM %s WHERE sdname != 'admin/bookmarklet' AND sdname LIKE 'admin/%%'";
4207 $query = sprintf($query, sql_table('skin_desc'));
4208 $res = intval(DB::getValue($query));
4209 $query = "UPDATE %s SET value = %d WHERE name = 'AdminSkin'";
4210 $query = sprintf($query, sql_table('config'), $res);
4211 DB::execute($query);
4212 $skin = new Skin(0, 'AdminActions', 'AdminSkin');
4213 $skin->parse('importAdmin', $DIR_SKINS . 'admin/defaultimporter.skn');
4217 self::$skin->parse('adminskiniedoimport');
4223 * Admin::action_adminskinieexport()
4228 static private function action_adminskinieexport()
4232 $member->isAdmin() or self::disallow();
4234 // load skinie class
4235 $aSkins = requestIntArray('skin');
4236 $aTemplates = requestIntArray('template');
4237 $info = postVar('info');
4239 self::skinieexport($aSkins, $aTemplates, $info);
4245 * Admin::action_settingsedit()
4250 static private function action_settingsedit()
4252 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
4254 $member->isAdmin() or self::disallow();
4256 self::$skin->parse('settingsedit');
4261 * Admin::action_settingsupdate()
4262 * Update $CONFIG and redirect
4267 static private function action_settingsupdate()
4269 global $member, $CONF;
4271 $member->isAdmin() or self::disallow();
4273 // check if email address for admin is valid
4274 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
4276 self::error(_ERROR_BADMAILADDRESS);
4281 self::updateConfig('DefaultBlog', postVar('DefaultBlog'));
4282 self::updateConfig('BaseSkin', postVar('BaseSkin'));
4283 self::updateConfig('IndexURL', postVar('IndexURL'));
4284 self::updateConfig('AdminURL', postVar('AdminURL'));
4285 self::updateConfig('PluginURL', postVar('PluginURL'));
4286 self::updateConfig('SkinsURL', postVar('SkinsURL'));
4287 self::updateConfig('ActionURL', postVar('ActionURL'));
4288 self::updateConfig('Locale', postVar('Locale'));
4289 self::updateConfig('AdminEmail', postVar('AdminEmail'));
4290 self::updateConfig('SessionCookie', postVar('SessionCookie'));
4291 self::updateConfig('AllowMemberCreate', postVar('AllowMemberCreate'));
4292 self::updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
4293 self::updateConfig('NonmemberMail', postVar('NonmemberMail'));
4294 self::updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
4295 self::updateConfig('SiteName', postVar('SiteName'));
4296 self::updateConfig('NewMemberCanLogon', postVar('NewMemberCanLogon'));
4297 self::updateConfig('DisableSite', postVar('DisableSite'));
4298 self::updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
4299 self::updateConfig('LastVisit', postVar('LastVisit'));
4300 self::updateConfig('MediaURL', postVar('MediaURL'));
4301 self::updateConfig('AllowedTypes', postVar('AllowedTypes'));
4302 self::updateConfig('AllowUpload', postVar('AllowUpload'));
4303 self::updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
4304 self::updateConfig('MediaPrefix', postVar('MediaPrefix'));
4305 self::updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
4306 self::updateConfig('DisableJsTools', postVar('DisableJsTools'));
4307 self::updateConfig('CookieDomain', postVar('CookieDomain'));
4308 self::updateConfig('CookiePath', postVar('CookiePath'));
4309 self::updateConfig('CookieSecure', postVar('CookieSecure'));
4310 self::updateConfig('URLMode', postVar('URLMode'));
4311 self::updateConfig('CookiePrefix', postVar('CookiePrefix'));
4312 self::updateConfig('DebugVars', postVar('DebugVars'));
4313 self::updateConfig('DefaultListSize', postVar('DefaultListSize'));
4314 self::updateConfig('AdminCSS', postVar('AdminCSS'));
4315 self::updateConfig('AdminSkin', postVar('adminskin'));
4316 self::updateConfig('BookmarkletSkin', postVar('bookmarklet'));
4318 // load new config and redirect (this way, the new locale will be used is necessary)
4319 // note that when changing cookie settings, this redirect might cause the user
4320 // to have to log in again.
4322 redirect($CONF['AdminURL'] . '?action=manage');
4327 * Admin::action_systemoverview()
4328 * Output system overview
4333 static private function action_systemoverview()
4335 self::$skin->parse('systemoverview');
4340 * Admin::updateConfig()
4342 * @param string $name
4343 * @param string $val
4344 * @return integer return the ID in which the latest query posted
4346 static private function updateConfig($name, $val)
4348 $query = "UPDATE %s SET value=%s WHERE name=%s";
4349 $query = sprintf($query, sql_table('config'), DB::quoteValue($val), DB::quoteValue($name));
4350 if ( DB::execute($query) === FALSE )
4352 $err = DB::getError();
4353 die(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
4355 return DB::getInsertId();
4362 * @param string $msg message that will be shown
4365 static public function error($msg)
4367 self::$headMess = $msg;
4368 self::$skin->parse('adminerrorpage');
4374 * add error log and show error page
4379 static public function disallow()
4381 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
4382 self::error(_ERROR_DISALLOWED);
4387 * Admin::action_PluginAdmin()
4388 * Output pluginadmin
4390 * @param string $skinContents
4391 * @param string $extrahead
4394 static public function action_PluginAdmin($skinContents, $extrahead = '')
4396 self::$extrahead .= $extrahead;
4397 self::$skin->parse('pluginadmin', $skinContents);
4402 * Admin::action_bookmarklet()
4407 static private function action_bookmarklet()
4409 global $member, $manager;
4411 $blogid = intRequestVar('blogid');
4412 $member->teamRights($blogid) or self::disallow();
4414 self::$skin->parse('bookmarklet');
4419 * Admin::action_actionlog()
4424 static private function action_actionlog()
4426 global $member, $manager;
4428 $member->isAdmin() or self::disallow();
4430 self::$skin->parse('actionlog');
4435 * Admin::action_banlist()
4440 static private function action_banlist()
4442 global $member, $manager;
4444 $blogid = intRequestVar('blogid');
4445 $member->blogAdminRights($blogid) or self::disallow();
4447 self::$skin->parse('banlist');
4452 * Admin::action_banlistdelete()
4457 static private function action_banlistdelete()
4459 global $member, $manager;
4461 $blogid = intRequestVar('blogid');
4462 $member->blogAdminRights($blogid) or self::disallow();
4464 self::$skin->parse('banlistdelete');
4469 * Admin::action_banlistdeleteconfirm()
4474 static private function action_banlistdeleteconfirm()
4476 global $member, $manager;
4478 $blogid = intPostVar('blogid');
4479 $allblogs = postVar('allblogs');
4480 $iprange = postVar('iprange');
4482 $member->blogAdminRights($blogid) or self::disallow();
4488 if ( Ban::removeBan($blogid, $iprange) )
4490 $deleted[] = $blogid;
4495 // get blogs fot which member has admin rights
4496 $adminblogs = $member->getAdminBlogs();
4497 foreach ($adminblogs as $blogje)
4499 if ( Ban::removeBan($blogje, $iprange) )
4501 $deleted[] = $blogje;
4506 if ( sizeof($deleted) == 0 )
4508 self::error(_ERROR_DELETEBAN);
4512 /* TODO: we should use other ways */
4513 $_REQUEST['delblogs'] = $deleted;
4515 self::$skin->parse('banlistdeleteconfirm');
4520 * Admin::action_banlistnewfromitem()
4525 static private function action_banlistnewfromitem()
4529 $itemid = intRequestVar('itemid');
4530 $item =& $manager->getItem($itemid, 1, 1);
4531 self::action_banlistnew($item['blogid']);
4536 * Admin::action_banlistnew()
4538 * @param integer $blogid ID for weblog
4541 static private function action_banlistnew($blogid = '')
4543 global $member, $manager;
4545 if ( $blogid == '' )
4547 $blogid = intRequestVar('blogid');
4550 $ip = requestVar('ip');
4552 $member->blogAdminRights($blogid) or self::disallow();
4554 /* TODO: we should consider to use the other way instead of this */
4555 $_REQUEST['blogid'] = $blogid;
4557 self::$skin->parse('banlistnew');
4563 * Admin::action_banlistadd()
4568 static private function action_banlistadd()
4572 $blogid = intPostVar('blogid');
4573 $allblogs = postVar('allblogs');
4574 $iprange = postVar('iprange');
4576 if ( $iprange == "custom" )
4578 $iprange = postVar('customiprange');
4580 $reason = postVar('reason');
4582 $member->blogAdminRights($blogid) or self::disallow();
4584 // TODO: check IP range validity
4588 if ( !Ban::addBan($blogid, $iprange, $reason) )
4590 self::error(_ERROR_ADDBAN);
4596 // get blogs fot which member has admin rights
4597 $adminblogs = $member->getAdminBlogs();
4599 foreach ($adminblogs as $blogje)
4601 if ( !Ban::addBan($blogje, $iprange, $reason) )
4608 self::error(_ERROR_ADDBAN);
4612 self::action_banlist();
4617 * Admin::action_clearactionlog()
4622 static private function action_clearactionlog()
4626 $member->isAdmin() or self::disallow();
4630 self::action_manage(_MSG_ACTIONLOGCLEARED);
4635 * Admin::action_backupoverview()
4640 static private function action_backupoverview()
4642 global $member, $manager;
4644 $member->isAdmin() or self::disallow();
4646 self::$skin->parse('backupoverview');
4651 * Admin::action_backupcreate()
4652 * create file for backup
4658 static private function action_backupcreate()
4660 global $member, $DIR_LIBS;
4662 $member->isAdmin() or self::disallow();
4664 // use compression ?
4665 $useGzip = (integer) postVar('gzip');
4667 include($DIR_LIBS . 'backup.php');
4669 // try to extend time limit
4670 // (creating/restoring dumps might take a while)
4671 @set_time_limit(1200);
4673 Backup::do_backup($useGzip);
4678 * Admin::action_backuprestore()
4679 * restoring from uploaded file
4684 static private function action_backuprestore()
4686 global $member, $DIR_LIBS;
4688 $member->isAdmin() or self::disallow();
4690 if ( intPostVar('letsgo') != 1 )
4692 self::error(_ERROR_BACKUP_NOTSURE);
4696 include($DIR_LIBS . 'backup.php');
4698 // try to extend time limit
4699 // (creating/restoring dumps might take a while)
4700 @set_time_limit(1200);
4702 $message = Backup::do_restore();
4703 if ( $message != '' )
4705 self::error($message);
4708 self::$skin->parse('backuprestore');
4713 * Admin::action_pluginlist()
4714 * output the list of installed plugins
4720 static private function action_pluginlist()
4722 global $DIR_PLUGINS, $member, $manager;
4725 $member->isAdmin() or self::disallow();
4727 self::$skin->parse('pluginlist');
4732 * Admin::action_pluginhelp()
4737 static private function action_pluginhelp()
4739 global $member, $manager, $DIR_PLUGINS, $CONF;
4742 $member->isAdmin() or self::disallow();
4744 $plugid = intGetVar('plugid');
4746 if ( !$manager->pidInstalled($plugid) )
4748 self::error(_ERROR_NOSUCHPLUGIN);
4752 self::$skin->parse('pluginhelp');
4757 * Admin::action_pluginadd()
4763 static private function action_pluginadd()
4765 global $member, $manager, $DIR_PLUGINS;
4768 $member->isAdmin() or self::disallow();
4770 $name = postVar('filename');
4772 if ( $manager->pluginInstalled($name) )
4774 self::error(_ERROR_DUPPLUGIN);
4778 if ( !checkPlugin($name) )
4780 self::error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
4784 // get number of currently installed plugins
4785 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
4786 $numCurrent = $res->rowCount();
4788 // plugin will be added as last one in the list
4789 $newOrder = $numCurrent + 1;
4791 $data = array('file' => &$name);
4792 $manager->notify('PreAddPlugin', $data);
4794 // do this before calling getPlugin (in case the plugin id is used there)
4795 $query = "INSERT INTO %s (porder, pfile) VALUES (%d, %s);";
4796 $query = sprintf($query, sql_table('plugin'), (integer) $newOrder, DB::quoteValue($name));
4797 DB::execute($query);
4798 $iPid = DB::getInsertId();
4800 $manager->clearCachedInfo('installedPlugins');
4802 // Load the plugin for condition checking and instalation
4803 $plugin =& $manager->getPlugin($name);
4805 // check if it got loaded (could have failed)
4808 $query = "DELETE FROM %s WHERE pid=%d;";
4809 $query = sprintf($query, sql_table('plugin'), (integer) $iPid);
4811 DB::execute($query);
4813 $manager->clearCachedInfo('installedPlugins');
4814 self::error(_ERROR_PLUGIN_LOAD);
4818 // check if plugin needs a newer Nucleus version
4819 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
4821 // uninstall plugin again...
4822 self::deleteOnePlugin($plugin->getID());
4824 // ...and show error
4825 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
4829 // check if plugin needs a newer Nucleus version
4830 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
4832 // uninstall plugin again...
4833 self::deleteOnePlugin($plugin->getID());
4835 // ...and show error
4836 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
4840 $pluginList = $plugin->getPluginDep();
4841 foreach ( $pluginList as $pluginName )
4843 $res = DB::getResult('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile=' . DB::quoteValue($pluginName));
4844 if ($res->rowCount() == 0)
4846 // uninstall plugin again...
4847 self::deleteOnePlugin($plugin->getID());
4848 self::error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
4853 // call the install method of the plugin
4856 $data = array('plugin' => &$plugin);
4857 $manager->notify('PostAddPlugin', $data);
4859 // update all events
4860 self::action_pluginupdate();
4865 * ADMIN:action_pluginupdate():
4871 static private function action_pluginupdate()
4873 global $member, $manager, $CONF;
4876 $member->isAdmin() or self::disallow();
4878 // delete everything from plugin_events
4879 DB::execute('DELETE FROM '.sql_table('plugin_event'));
4881 // loop over all installed plugins
4882 $res = DB::getResult('SELECT pid, pfile FROM '.sql_table('plugin'));
4883 foreach ( $res as $row )
4886 $plug =& $manager->getPlugin($row['pfile']);
4889 $eventList = $plug->getEventList();
4890 foreach ( $eventList as $eventName )
4892 $query = "INSERT INTO %s (pid, event) VALUES (%d, %s)";
4893 $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, DB::quoteValue($eventName));
4894 DB::execute($query);
4898 redirect($CONF['AdminURL'] . '?action=pluginlist');
4903 * Admin::action_plugindelete()
4908 static private function action_plugindelete()
4910 global $member, $manager;
4913 $member->isAdmin() or self::disallow();
4915 $pid = intGetVar('plugid');
4917 if ( !$manager->pidInstalled($pid) )
4919 self::error(_ERROR_NOSUCHPLUGIN);
4923 self::$skin->parse('plugindelete');
4928 * Admin::action_plugindeleteconfirm()
4933 static private function action_plugindeleteconfirm()
4935 global $member, $manager, $CONF;
4938 $member->isAdmin() or self::disallow();
4940 $pid = intPostVar('plugid');
4942 $error = self::deleteOnePlugin($pid, 1);
4945 self::error($error);
4949 redirect($CONF['AdminURL'] . '?action=pluginlist');
4954 * Admin::deleteOnePlugin()
4956 * @param integer $pid
4957 * @param boolean $callUninstall
4958 * @return string empty or message if failed
4960 static public function deleteOnePlugin($pid, $callUninstall = 0)
4964 $pid = intval($pid);
4966 if ( !$manager->pidInstalled($pid) )
4968 return _ERROR_NOSUCHPLUGIN;
4971 $query = "SELECT pfile as result FROM %s WHERE pid=%d;";
4972 $query = sprintf($query, sql_table('plugin'), (integer) $pid);
4973 $name = DB::getValue($query);
4975 // check dependency before delete
4976 $res = DB::getResult('SELECT pfile FROM ' . sql_table('plugin'));
4977 foreach ( $res as $row )
4979 $plug =& $manager->getPlugin($row['pfile']);
4982 $depList = $plug->getPluginDep();
4983 foreach ( $depList as $depName )
4985 if ( $name == $depName )
4987 return sprintf(_ERROR_DELREQPLUGIN, $row['pfile']);
4993 $data = array('plugid' => $pid);
4994 $manager->notify('PreDeletePlugin', $data);
4996 // call the unInstall method of the plugin
4997 if ( $callUninstall )
4999 $plugin =& $manager->getPlugin($name);
5002 $plugin->unInstall();
5006 // delete all subscriptions
5007 DB::execute('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
5009 // delete all options
5010 // get OIDs from plugin_option_desc
5011 $res = DB::getResult('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
5013 foreach ( $res as $row )
5015 array_push($aOIDs, $row['oid']);
5018 // delete from plugin_option and plugin_option_desc
5019 DB::execute('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
5020 if (count($aOIDs) > 0)
5022 DB::execute('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')');
5025 // update order numbers
5026 $res = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
5027 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $res);
5030 DB::execute('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
5032 $manager->clearCachedInfo('installedPlugins');
5033 $data = array('plugid' => $pid);
5034 $manager->notify('PostDeletePlugin', $data);
5040 * Admin::action_pluginup()
5045 static private function action_pluginup()
5047 global $member, $manager, $CONF;
5050 $member->isAdmin() or self::disallow();
5052 $plugid = intGetVar('plugid');
5054 if ( !$manager->pidInstalled($plugid) )
5056 self::error(_ERROR_NOSUCHPLUGIN);
5060 // 1. get old order number
5061 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
5063 // 2. calculate new order number
5064 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
5066 // 3. update plug numbers
5067 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
5068 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
5070 //self::action_pluginlist();
5071 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
5072 redirect($CONF['AdminURL'] . '?action=pluginlist');
5077 * Admin::action_plugindown()
5082 static private function action_plugindown()
5084 global $member, $manager, $CONF;
5087 $member->isAdmin() or self::disallow();
5089 $plugid = intGetVar('plugid');
5090 if ( !$manager->pidInstalled($plugid) )
5092 self::error(_ERROR_NOSUCHPLUGIN);
5096 // 1. get old order number
5097 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
5099 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
5100 $maxOrder = $res->rowCount();
5102 // 2. calculate new order number
5103 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
5105 // 3. update plug numbers
5106 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
5107 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
5109 //self::action_pluginlist();
5110 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
5111 redirect($CONF['AdminURL'] . '?action=pluginlist');
5116 * Admin::action_pluginoptions()
5118 * Output Plugin option page
5121 * @param string $message message when fallbacked
5125 static private function action_pluginoptions($message = '')
5127 global $member, $manager;
5130 $member->isAdmin() or self::disallow();
5132 $pid = intRequestVar('plugid');
5133 if ( !$manager->pidInstalled($pid) )
5135 self::error(_ERROR_NOSUCHPLUGIN);
5139 if ( isset($message) )
5141 self::$headMess = $message;
5143 $plugname = $manager->getPluginNameFromPid($pid);
5144 $plugin = $manager->getPlugin($plugname);
5145 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
5147 self::$skin->parse('pluginoptions');
5152 * Admin::action_pluginoptionsupdate()
5154 * Update plugin options and fallback to plugin option page
5160 static private function action_pluginoptionsupdate()
5162 global $member, $manager;
5165 $member->isAdmin() or self::disallow();
5167 $pid = intRequestVar('plugid');
5169 if ( !$manager->pidInstalled($pid) )
5171 self::error(_ERROR_NOSUCHPLUGIN);
5175 $aOptions = requestArray('plugoption');
5176 NucleusPlugin::apply_plugin_options($aOptions);
5179 'context' => 'global',
5182 $manager->notify('PostPluginOptionsUpdate', $data);
5184 self::action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
5189 * Admin::skineditgeneral()
5191 * @param integer $skinid
5192 * @param string $handler
5193 * @return string empty or message if failed
5195 static private function skineditgeneral($skinid, $handler='')
5199 $name = postVar('name');
5200 $desc = postVar('desc');
5201 $type = postVar('type');
5202 $inc_mode = postVar('inc_mode');
5203 $inc_prefix = postVar('inc_prefix');
5205 $skin =& $manager->getSkin($skinid, $handler);
5208 if ( !isValidSkinName($name) )
5210 return _ERROR_BADSKINNAME;
5213 if ( ($skin->getName() != $name) && SKIN::exists($name) )
5215 return _ERROR_DUPSKINNAME;
5220 $type = 'text/html';
5225 $inc_mode = 'normal';
5228 // 2. Update description
5229 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
5234 * Admin::skindeleteconfirm()
5236 * @param integer $skinid
5239 static private function skindeleteconfirm($skinid)
5243 if ( !in_array(self::$action, self::$adminskin_actions) )
5245 $event_identifier = 'Skin';
5249 $event_identifier = 'AdminSkin';
5252 $data = array('skinid' => $skinid);
5253 $manager->notify("PreDelete{$event_identifier}", $data);
5255 // 1. delete description
5256 $query = "DELETE FROM %s WHERE sdnumber=%d;";
5257 $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid);
5258 DB::execute($query);
5261 $query = "DELETE FROM %s WHERE sdesc=%d;";
5262 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
5263 DB::execute($query);
5265 $manager->notify("PostDelete{$event_identifier}", $data);
5271 * Admin::skinremovetypeconfirm()
5273 * @param integer $skinid
5274 * @param string $skintype
5275 * @return string empty or message if failed
5277 static private function skinremovetypeconfirm($skinid, $skintype)
5281 if ( !in_array(self::$action, self::$adminskin_actions) )
5283 $event_identifier = 'Skin';
5287 $event_identifier = 'AdminSkin';
5290 if ( !isValidShortName($skintype) )
5292 return _ERROR_SKIN_PARTS_SPECIAL_DELETE;
5296 'skinid' => $skinid,
5297 'skintype' => $skintype
5299 $manager->notify("PreDelete{$event_identifier}Part", $data);
5302 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype = %s;';
5303 $query = sprintf($query, sql_table('skin'), (integer) $skinid, DB::quoteValue($skintype) );
5304 DB::execute($query);
5307 'skinid' => $skinid,
5308 'skintype' => $skintype
5310 $manager->notify("PostDelete{$event_identifier}Part", $data);
5316 * Admin::skinclone()
5318 * @param integer $skinid
5319 * @param string $handler
5322 static private function skinclone($skinid, $handler='')
5326 // 1. read skin to clone
5327 $skin =& $manager->getSkin($skinid, $handler);
5328 $name = "{$skin->getName()}_clone";
5330 // if a skin with that name already exists:
5331 if ( Skin::exists($name) )
5334 while ( Skin::exists($name . $i) )
5341 // 2. create skin desc
5342 $newid = Skin::createNew(
5344 $skin->getDescription(),
5345 $skin->getContentType(),
5346 $skin->getIncludeMode(),
5347 $skin->getIncludePrefix()
5351 $query = "SELECT stype FROM %s WHERE sdesc=%d;";
5352 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
5354 $res = DB::getResult($query);
5355 foreach ( $res as $row )
5357 $content = $skin->getContentFromDB($row['stype']);
5360 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, %s, %s)";
5361 $query = sprintf($query, sql_table('skin'), (integer) $newid, DB::quoteValue($content), DB::quoteValue($row['stype']));
5362 DB::execute($query);
5369 * Admin::skinieimport()
5371 * @param string $mode
5372 * @param string $skinFileRaw
5373 * @return string empty or message if failed
5375 static private function skinieimport($mode, $skinFileRaw)
5377 global $DIR_LIBS, $DIR_SKINS;
5379 // load skinie class
5380 include_once($DIR_LIBS . 'skinie.php');
5382 $importer = new SkinImport();
5384 // get full filename
5385 if ( $mode == 'file' )
5387 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
5391 $skinFile = $skinFileRaw;
5394 // read only metadata
5395 $error = $importer->readFile($skinFile, 1);
5402 self::$contents['mode'] = $mode;
5403 self::$contents['skinfile'] = $skinFileRaw;
5404 self::$contents['skininfo'] = $importer->getInfo();
5405 self::$contents['skinnames'] = $importer->getSkinNames();
5406 self::$contents['tpltnames'] = $importer->getTemplateNames();
5409 $skinNameClashes = $importer->checkSkinNameClashes();
5410 $templateNameClashes = $importer->checkTemplateNameClashes();
5411 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
5413 self::$contents['skinclashes'] = $skinNameClashes;
5414 self::$contents['tpltclashes'] = $templateNameClashes;
5415 self::$contents['nameclashes'] = $hasNameClashes ? 1 : 0;
5422 * Admin::skinieedoimport()
5424 * @param string $mode
5425 * @param string $skinFileRaw
5426 * @param boolean $allowOverwrite
5427 * @return string empty or message if failed
5429 static private function skiniedoimport($mode, $skinFileRaw, $allowOverwrite)
5431 global $DIR_LIBS, $DIR_SKINS;
5433 // load skinie class
5434 include_once($DIR_LIBS . 'skinie.php');
5436 $importer = new SkinImport();
5438 // get full filename
5439 if ( $mode == 'file' )
5441 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
5445 $skinFile = $skinFileRaw;
5448 $error = $importer->readFile($skinFile);
5455 $error = $importer->writeToDatabase($allowOverwrite);
5462 self::$contents['mode'] = $mode;
5463 self::$contents['skinfile'] = $skinFileRaw;
5464 self::$contents['skininfo'] = $importer->getInfo();
5465 self::$contents['skinnames'] = $importer->getSkinNames();
5466 self::$contents['tpltnames'] = $importer->getTemplateNames();
5473 * Admin::skinieexport()
5475 * @param array $aSkins
5476 * @param array $aTemplates
5477 * @param string $info
5480 static private function skinieexport($aSkins, $aTemplates, $info)
5484 // load skinie class
5485 include_once($DIR_LIBS . 'skinie.php');
5487 if ( !is_array($aSkins) )
5492 if (!is_array($aTemplates))
5494 $aTemplates = array();
5497 $skinList = array_keys($aSkins);
5498 $templateList = array_keys($aTemplates);
5500 $exporter = new SkinExport();
5501 foreach ( $skinList as $skinId )
5503 $exporter->addSkin($skinId);
5505 foreach ( $templateList as $templateId )
5507 $exporter->addTemplate($templateId);
5509 $exporter->setInfo($info);
5510 $exporter->export();
5516 * Admin::action_parseSpecialskin()
5521 static private function action_parseSpecialskin()
5523 self::$skin->parse(self::$action);