3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
4 * Copyright (C) 2002-2012 The Nucleus Group
\r
6 * This program is free software; you can redistribute it and/or
\r
7 * modify it under the terms of the GNU General Public License
\r
8 * as published by the Free Software Foundation; either version 2
\r
9 * of the License, or (at your option) any later version.
\r
10 * (see nucleus/documentation/index.html#license for more info)
\r
13 * The code for the Nucleus admin area
\r
15 * @license http://nucleuscms.org/license.txt GNU General Public License
\r
16 * @copyright Copyright (C) 2002-2012 The Nucleus Group
\r
17 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
\r
21 if ( !function_exists('requestVar') ) exit;
\r
22 require_once dirname(__FILE__) . '/showlist.php';
\r
25 * Builds the admin area and executes admin actions
\r
29 private $xml_version_info = '1.0';
\r
30 private $formal_public_identifier = '-//W3C//DTD XHTML 1.0 Strict//EN';
\r
31 private $system_identifier = 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd';
\r
32 private $xhtml_namespace = 'http://www.w3.org/1999/xhtml';
\r
34 static private $action;
\r
35 static private $skin;
\r
36 static private $extrahead;
\r
37 static private $passvar;
\r
38 static private $headMess;
\r
39 static private $aOptions;
\r
42 * Admin::$edit_actions
\r
44 static private $edit_actions = array(
\r
45 'adminskinoverview',
\r
46 'adminskinieoverview',
\r
47 'adminskinedittype',
\r
48 'adminskinremovetype',
\r
51 'adminskinieimport',
\r
52 'adminskiniedoimport',
\r
53 'admintemplateedit',
\r
54 'admintemplateoverview',
\r
55 'admintemplatedelete'
\r
59 * Admin::$skinless_actions
\r
61 static private $skinless_actions = array(
\r
62 'plugindeleteconfirm',
\r
63 'pluginoptionsupdate',
\r
64 'skinremovetypeconfirm',
\r
66 'skindeleteconfirm',
\r
72 'templatedeleteconfirm',
\r
75 'adminskinremovetypeconfirm',
\r
77 'adminskindeleteconfirm',
\r
79 'adminskineditgeneral',
\r
80 'adminskinieexport',
\r
82 'admintemplateupdate',
\r
83 'admintemplatedeleteconfirm',
\r
85 'admintemplateclone',
\r
86 'blogsettingsupdate',
\r
90 'itemdeleteconfirm',
\r
92 'changemembersettings',
\r
97 static private $actions_needless_to_check = array(
\r
107 'editmembersettings',
\r
109 'browseowncomments',
\r
123 'templateoverview',
\r
128 'banlistnewfromitem',
\r
151 * Admin::__construct()
\r
152 * Class constructor
\r
157 static public function __construct()
\r
159 global $CONF, $member, $DIR_LIBS;
\r
161 /* 1. decide skinid to use */
\r
162 $skinid = $CONF['DefaultAdminSkin'];
\r
163 if (isset($member) && $member->isLoggedIn())
\r
165 $memskin = $member->getAdminSkin();
\r
168 $skinid = $memskin;
\r
172 /* 2. make an instance of skin object */
\r
173 if ( Skin::existsID($skinid) )
\r
175 self::$skin = new Skin($skinid);
\r
186 * Executes an action
\r
188 * @param string $action action to be performed
\r
190 static public function action($action)
\r
192 global $CONF, $manager;
\r
195 // list of action aliases
\r
197 'login' => 'overview',
\r
201 $customAction = postvar('customaction');
\r
202 if ( !empty($customAction) )
\r
205 'login' => $customAction,
\r
206 '' => $customAction
\r
209 if ( isset($alias[$action]) )
\r
211 $action = $alias[$action];
\r
213 $methodName = "action_{$action}";
\r
215 self::$action = strtolower($action);
\r
217 $synonimActions = array(
\r
218 'banlistnewfromitem',
\r
223 $allowActions = array_merge($synonimActions, self::$skinless_actions);
\r
224 $aActionsNotToCheck = array_merge(self::$actions_needless_to_check, self::$edit_actions, $allowActions);
\r
226 if ( !in_array(self::$action, $aActionsNotToCheck) && !self::existsSkinContents($action) )
\r
228 if (!$manager->checkTicket())
\r
230 self::error(_ERROR_BADTICKET);
\r
234 if ( !method_exists(self, $methodName) && !in_array(self::$action, $allowActions) && self::existsSkinContents($action) )
\r
236 self::$action_parseSpecialskin;
\r
239 elseif ( method_exists(self, $methodName) )
\r
241 call_user_func(array(self, $methodName));
\r
250 $id = self::getAdminSkinID();
\r
251 self::$skin = new Skin($id);
\r
253 if ( self::$skin && self::existsSkinContents('adminerrorpage') )
\r
255 self::error(_BADACTION . ENTITY::hsc($action));
\r
258 elseif ( $id != $CONF['DefaultAdminSkin'] )
\r
260 self::$skin = new Skin($CONF['DefaultAdminSkin']);
\r
261 if ( self::$skin && self::existsSkinContents('adminerrorpage') )
\r
263 self::error(_BADACTION . ENTITY::hsc($action));
\r
271 self::error(_BADACTION . ENTITY::hsc($action));
\r
276 * Action::existsSkinContents()
\r
277 * Check skin contents
\r
279 * @param string $action action type
\r
282 static private function existsSkinContents($action)
\r
284 $in_array = in_array($action, self::$skinless_actions);
\r
292 $query = "SELECT scontent as result FROM %s WHERE sdesc=%d AND stype='%s';";
\r
293 /* TODO: skinid should be a default */
\r
294 if ( !is_object(self::$skin) )
\r
296 return quickQuery(sprintf($query, 1, sql_real_escape_string($action)));
\r
300 return quickQuery(sprintf($query, self::$skin->id, sql_real_escape_string($action)));
\r
307 * Action::specialActionsAllow()
\r
308 * Check exists specialskinparts
\r
310 * @param string $action action type
\r
313 static private function specialActionsAllow($action)
\r
315 $query = "SELECT sdesc as result FROM %s WHERE sdesc = %d AND stype = '%s';";
\r
316 $query = sprintf($query, sql_table('adminskin'), (integer) self::$skin->id, sql_real_escape_string($action));
\r
317 return quickQuery($query);
\r
321 * Action::action_showlogin()
\r
326 static private function action_showlogin()
\r
329 self::$action_login($error);
\r
334 * Action::action_login()
\r
336 * @param string $msg message for pageheader
\r
337 * @param integer $passvars ???
\r
339 static private function action_login($msg = '', $passvars = 1)
\r
343 // skip to overview when allowed
\r
344 if ( $member->isLoggedIn() && $member->canLogin() )
\r
346 self::$action_overview();
\r
350 /* TODO: needless variable??? */
\r
351 self::$passvar = $passvars;
\r
354 self::$headMess = $msg;
\r
358 self::$skin->parse('showlogin');
\r
363 * Action::action_overview()
\r
364 * provides a screen with the overview of the actions available
\r
366 * @param string $msg message for pageheader
\r
369 static private function action_overview($msg = '')
\r
373 self::$headMess = $msg;
\r
377 self::$skin->parse('overview');
\r
383 * Admin::action_manage()
\r
385 * @param string $msg message for pageheader
\r
388 static private function action_manage($msg = '')
\r
394 self::$headMess = $msg;
\r
396 $member->isAdmin() or self::disallow();
\r
399 self::$skin->parse('manage');
\r
405 * Action::action_itemlist()
\r
407 * @param integer id for weblod
\r
410 static private function action_itemlist($blogid = '')
\r
412 global $member, $manager, $CONF;
\r
414 if ( $blogid == '' )
\r
416 $blogid = intRequestVar('blogid');
\r
419 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
\r
422 self::$skin->parse('itemlist');
\r
428 * Action::action_batchitem()
\r
433 static private function action_batchitem()
\r
435 global $member, $manager;
\r
437 $member->isLoggedIn() or self::disallow();
\r
439 $selected = requestIntArray('batch');
\r
440 $action = requestVar('batchaction');
\r
442 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
444 self::error(_BATCH_NOSELECTION);
\r
447 // On move: when no destination blog/category chosen, show choice now
\r
448 $destCatid = intRequestVar('destcatid');
\r
449 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
\r
451 self::batchMoveSelectDestination('item', $selected);
\r
454 // On delete: check if confirmation has been given
\r
455 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
457 self::batchAskDeleteConfirmation('item', $selected);
\r
461 self::$skin->parse('batchitem');
\r
467 * Action::action_batchcomment()
\r
472 static private function action_batchcomment()
\r
476 $member->isLoggedIn() or self::disallow();
\r
478 $selected = requestIntArray('batch');
\r
479 $action = requestVar('batchaction');
\r
481 // Show error when no items were selected
\r
482 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
484 self::error(_BATCH_NOSELECTION);
\r
487 // On delete: check if confirmation has been given
\r
488 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
490 self::batchAskDeleteConfirmation('comment',$selected);
\r
494 self::$skin->parse('batchcomment');
\r
500 * Admin::action_batchmember()
\r
505 static private function action_batchmember()
\r
509 ($member->isLoggedIn() && $member->isAdmin()) or self::disallow();
\r
511 $selected = requestIntArray('batch');
\r
512 $action = requestVar('batchaction');
\r
514 // Show error when no members selected
\r
515 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
517 self::error(_BATCH_NOSELECTION);
\r
520 // On delete: check if confirmation has been given
\r
521 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
523 self::batchAskDeleteConfirmation('member',$selected);
\r
527 self::$skin->parse('batchmember');
\r
533 * Admin::action_batchteam()
\r
538 static private function action_batchteam()
\r
542 $blogid = intRequestVar('blogid');
\r
544 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or self::disallow();
\r
546 $selected = requestIntArray('batch');
\r
547 $action = requestVar('batchaction');
\r
549 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
551 self::error(_BATCH_NOSELECTION);
\r
554 // On delete: check if confirmation has been given
\r
555 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
557 self::batchAskDeleteConfirmation('team',$selected);
\r
561 self::$skin->parse('batchteam');
\r
567 * Admin::action_batchcategory()
\r
572 static private function action_batchcategory()
\r
574 global $member, $manager;
\r
576 $member->isLoggedIn() or self::disallow();
\r
578 $selected = requestIntArray('batch');
\r
579 $action = requestVar('batchaction');
\r
581 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
583 self::error(_BATCH_NOSELECTION);
\r
586 // On move: when no destination blog chosen, show choice now
\r
587 $destBlogId = intRequestVar('destblogid');
\r
588 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
\r
590 self::batchMoveCategorySelectDestination('category', $selected);
\r
593 // On delete: check if confirmation has been given
\r
594 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
596 self::batchAskDeleteConfirmation('category', $selected);
\r
600 self::$skin->parse('batchcategory');
\r
606 * Admin::batchMoveSelectDestination()
\r
608 * @param string $type type of batch action
\r
609 * @param integer $ids needless???
\r
612 * TODO: remove needless argument
\r
614 static private function batchMoveSelectDestination($type, $ids)
\r
616 $_POST['batchmove'] = $type;
\r
618 self::$skin->parse('batchmove');
\r
624 * Admin::batchMoveCategorySelectDestination()
\r
626 * @param string $type type of batch action
\r
627 * @param integer $ids needless???
\r
630 * TODO: remove needless argument
\r
632 static private function batchMoveCategorySelectDestination($type, $ids)
\r
634 $_POST['batchmove'] = $type;
\r
637 self::$skin->parse('batchmovecat');
\r
643 * Admin::batchAskDeleteConfirmation()
\r
645 * @param string $type type of batch action
\r
646 * @param integer $ids needless???
\r
649 * TODO: remove needless argument
\r
651 static private function batchAskDeleteConfirmation($type, $ids)
\r
654 self::$skin->parse('batchdelete');
\r
660 * Admin::selectBlogCategory()
\r
661 * Inserts a HTML select element with choices for all categories to which the current
\r
662 * member has access
\r
664 * @see function selectBlog
\r
665 * @param string $name name of weblod
\r
666 * @param integer $selected
\r
667 * @param integer $tabindex
\r
668 * @param integer $showNewCat
\r
669 * @param integer $iForcedBlogInclude ID for weblog always included
\r
672 * NOTE: callback from AdminAction
\r
674 static private function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
\r
676 Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
\r
681 * Admin::selectBlog()
\r
682 * Inserts a HTML select element with choices for all blogs to which the user has access
\r
683 * mode = 'blog' => shows blognames and values are blogids
\r
684 * mode = 'category' => show category names and values are catids
\r
686 * @param string $name name of weblod
\r
687 * @param string $mode
\r
688 * @param integer $selected
\r
689 * @param integer $tabindex
\r
690 * @param integer $showNewCat
\r
691 * @param integer $iForcedBlogInclude ID for weblog always included
\r
692 * @param $iForcedBlogInclude
\r
693 * ID of a blog that always needs to be included, without checking if the
\r
694 * member is on the blog team (-1 = none)
\r
697 static private function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
\r
699 global $member, $CONF;
\r
701 // 0. get IDs of blogs to which member can post items (+ forced blog)
\r
702 $aBlogIds = array();
\r
703 if ( $iForcedBlogInclude != -1 )
\r
705 $aBlogIds[] = intval($iForcedBlogInclude);
\r
708 if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) )
\r
710 $query = "SELECT bnumber FROM %s ORDER BY bname;";
\r
711 $query = sprintf($query, sql_table('blog'));
\r
715 $query = "SELECT bnumber FROM %s, %s WHERE tblog=bnumber AND tmember=%d;";
\r
716 $query = sprintf($query, sql_table('blog'), sql_table('team'), (integer) $member->getID());
\r
719 $rblogids = sql_query($query);
\r
720 while ($o = sql_fetch_object($rblogids))
\r
722 if ( $o->bnumber != $iForcedBlogInclude )
\r
724 $aBlogIds[] = intval($o->bnumber);
\r
728 if ( count($aBlogIds) == 0 )
\r
733 /* TODO: we should consider to use the other way instead of this */
\r
734 $_REQUEST['selectData'] = array(
\r
736 'tabindex' => $tabindex,
\r
738 'selected' => $selected,
\r
739 'showNewCat' => $showNewCat,
\r
740 'aBlogIds' => $aBlogIds,
\r
742 self::$skin->parse('blogselectbox');
\r
747 * Admin::action_browseownitems()
\r
752 static private function action_browseownitems()
\r
754 global $member, $manager, $CONF;
\r
757 self::$skin->parse('browseownitems');
\r
763 * Admin::action_itemcommentlist()
\r
764 * Show all the comments for a given item
\r
766 * @param integer $itemid ID for item
\r
769 static private function action_itemcommentlist($itemid = '')
\r
771 global $member, $manager, $CONF;
\r
773 if ( $itemid == '' )
\r
775 $itemid = intRequestVar('itemid');
\r
778 /* TODO: we consider to use the other way insterad of this */
\r
779 $_REQUEST['itemid'] = $itemid;
\r
780 $_REQUEST['blogid'] = getBlogIdFromItemId($itemid);
\r
782 // only allow if user is allowed to alter item
\r
783 $member->canAlterItem($itemid) or self::disallow();
\r
785 $blogid = getBlogIdFromItemId($itemid);
\r
788 self::$skin->parse('itemcommentlist');
\r
794 * Admin::action_browseowncomments()
\r
795 * Browse own comments
\r
800 static private function action_browseowncomments()
\r
803 self::$skin->parse('browseowncomments');
\r
809 * Admin::action_blogcommentlist()
\r
810 * Browse all comments for a weblog
\r
812 * @param integer $blogid ID for weblog
\r
815 static private function action_blogcommentlist($blogid = '')
\r
817 global $member, $manager, $CONF;
\r
819 if ( $blogid == '' )
\r
821 $blogid = intRequestVar('blogid');
\r
825 $blogid = intval($blogid);
\r
828 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
\r
830 /* TODO: we consider to use the other way insterad of this */
\r
831 $_REQUEST['blogid'] = $blogid;
\r
834 self::$skin->parse('blogcommentlist');
\r
840 * Admin::action_createitem()
\r
841 * Provide a page to item a new item to the given blog
\r
846 static private function action_createitem()
\r
848 global $member, $manager;
\r
850 $blogid = intRequestVar('blogid');
\r
852 // check if allowed
\r
853 $member->teamRights($blogid) or self::disallow();
\r
855 $memberid = $member->getID();
\r
857 $blog =& $manager->getBlog($blogid);
\r
860 self::$skin->parse('createitem');
\r
866 * Admin::action_itemedit()
\r
871 static private function action_itemedit()
\r
873 global $member, $manager;
\r
875 $itemid = intRequestVar('itemid');
\r
877 // only allow if user is allowed to alter item
\r
878 $member->canAlterItem($itemid) or self::disallow();
\r
880 $item =& $manager->getItem($itemid, 1, 1);
\r
881 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
\r
884 self::$skin->parse('itemedit');
\r
890 * Admin::action_itemupdate()
\r
895 static private function action_itemupdate()
\r
897 global $member, $manager, $CONF;
\r
899 $itemid = intRequestVar('itemid');
\r
900 $catid = postVar('catid');
\r
902 // only allow if user is allowed to alter item
\r
903 $member->canUpdateItem($itemid, $catid) or self::disallow();
\r
905 $actiontype = postVar('actiontype');
\r
907 // delete actions are handled by itemdelete (which has confirmation)
\r
908 if ( $actiontype == 'delete' )
\r
910 self::$action_itemdelete();
\r
914 $body = postVar('body');
\r
915 $title = postVar('title');
\r
916 $more = postVar('more');
\r
917 $closed = intPostVar('closed');
\r
918 $draftid = intPostVar('draftid');
\r
920 // default action = add now
\r
921 if ( !$actiontype )
\r
923 $actiontype='addnow';
\r
926 // create new category if needed
\r
927 if ( strstr($catid,'newcat') )
\r
930 list($blogid) = sscanf($catid,"newcat-%d");
\r
933 $blog =& $manager->getBlog($blogid);
\r
934 $catid = $blog->createNewCategory();
\r
936 // show error when sth goes wrong
\r
939 self::doError(_ERROR_CATCREATEFAIL);
\r
944 set some variables based on actiontype
\r
947 draft items -> addnow, addfuture, adddraft, delete
\r
948 non-draft items -> edit, changedate, delete
\r
951 $timestamp: set to a nonzero value for future dates or date changes
\r
952 $wasdraft: set to 1 when the item used to be a draft item
\r
953 $publish: set to 1 when the edited item is not a draft
\r
955 $blogid = getBlogIDFromItemID($itemid);
\r
956 $blog =& $manager->getBlog($blogid);
\r
958 $wasdrafts = array('adddraft', 'addfuture', 'addnow');
\r
959 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
\r
960 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
\r
961 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
\r
963 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
\r
970 // edit the item for real
\r
971 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
\r
973 self::updateFuturePosted($blogid);
\r
975 if ( $draftid > 0 )
\r
977 // delete permission is checked inside Item::delete()
\r
978 Item::delete($draftid);
\r
981 if ( $catid != intPostVar('catid') )
\r
983 self::$action_categoryedit(
\r
986 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
\r
991 // TODO: set start item correctly for itemlist
\r
992 $item = Item::getItem($itemid, 0, 0);
\r
993 $cnt = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']);
\r
994 $_REQUEST['start'] = $cnt + 1;
\r
995 self::$action_itemlist(getBlogIDFromItemID($itemid));
\r
1001 * Admin::action_itemdelete()
\r
1007 static private function action_itemdelete()
\r
1009 global $member, $manager;
\r
1011 $itemid = intRequestVar('itemid');
\r
1013 // only allow if user is allowed to alter item
\r
1014 $member->canAlterItem($itemid) or self::disallow();
\r
1016 if ( !$manager->existsItem($itemid,1,1) )
\r
1018 self::error(_ERROR_NOSUCHITEM);
\r
1022 self::$skin->parse('itemdelete');
\r
1028 * Admin::action_itemdeleteconfirm()
\r
1033 static private function action_itemdeleteconfirm()
\r
1037 $itemid = intRequestVar('itemid');
\r
1039 // only allow if user is allowed to alter item
\r
1040 $member->canAlterItem($itemid) or self::disallow();
\r
1042 // get blogid first
\r
1043 $blogid = getBlogIdFromItemId($itemid);
\r
1045 // delete item (note: some checks will be performed twice)
\r
1046 self::deleteOneItem($itemid);
\r
1048 self::$action_itemlist($blogid);
\r
1053 * Admin::deleteOneItem()
\r
1054 * Deletes one item and returns error if something goes wrong
\r
1056 * @param integer $itemid ID for item
\r
1059 static private function deleteOneItem($itemid)
\r
1061 global $member, $manager;
\r
1063 // only allow if user is allowed to alter item (also checks if itemid exists)
\r
1064 if ( !$member->canAlterItem($itemid) )
\r
1066 return _ERROR_DISALLOWED;
\r
1069 // need to get blogid before the item is deleted
\r
1070 $blogid = getBlogIDFromItemId($itemid);
\r
1072 $manager->loadClass('ITEM');
\r
1073 Item::delete($itemid);
\r
1075 // update blog's futureposted
\r
1076 self::updateFuturePosted($blogid);
\r
1081 * Admin::updateFuturePosted()
\r
1082 * Update a blog's future posted flag
\r
1084 * @param integer $blogid
\r
1087 static private function updateFuturePosted($blogid)
\r
1091 $blogid = intval($blogid);
\r
1092 $blog =& $manager->getBlog($blogid);
\r
1093 $currenttime = $blog->getCorrectTime(time());
\r
1095 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
\r
1096 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
\r
1097 $result = sql_query($query);
\r
1099 if ( sql_num_rows($result) > 0 )
\r
1101 $blog->setFuturePost();
\r
1105 $blog->clearFuturePost();
\r
1111 * Admin::action_itemmove()
\r
1116 static private function action_itemmove()
\r
1118 global $member, $manager;
\r
1120 $itemid = intRequestVar('itemid');
\r
1122 $member->canAlterItem($itemid) or self::disallow();
\r
1125 self::$skin->parse('itemmove');
\r
1131 * Admin::action_itemmoveto()
\r
1136 static private function action_itemmoveto()
\r
1138 global $member, $manager;
\r
1140 $itemid = intRequestVar('itemid');
\r
1141 $catid = requestVar('catid');
\r
1143 // create new category if needed
\r
1144 if ( strstr($catid,'newcat') )
\r
1147 list($blogid) = sscanf($catid,'newcat-%d');
\r
1150 $blog =& $manager->getBlog($blogid);
\r
1151 $catid = $blog->createNewCategory();
\r
1153 // show error when sth goes wrong
\r
1156 self::doError(_ERROR_CATCREATEFAIL);
\r
1160 // only allow if user is allowed to alter item
\r
1161 $member->canUpdateItem($itemid, $catid) or self::disallow();
\r
1163 $old_blogid = getBlogIDFromItemId($itemid);
\r
1165 Item::move($itemid, $catid);
\r
1167 // set the futurePosted flag on the blog
\r
1168 self::updateFuturePosted(getBlogIDFromItemId($itemid));
\r
1170 // reset the futurePosted in case the item is moved from one blog to another
\r
1171 self::updateFuturePosted($old_blogid);
\r
1173 if ( $catid != intRequestVar('catid') )
\r
1175 self::$action_categoryedit($catid, $blog->getID());
\r
1179 self::$action_itemlist(getBlogIDFromCatID($catid));
\r
1185 * Admin::moveOneItem()
\r
1186 * Moves one item to a given category (category existance should be checked by caller)
\r
1187 * errors are returned
\r
1189 * @param integer $itemid ID for item
\r
1190 * @param integer $destCatid ID for category to which the item will be moved
\r
1193 static private function moveOneItem($itemid, $destCatid)
\r
1197 // only allow if user is allowed to move item
\r
1198 if ( !$member->canUpdateItem($itemid, $destCatid) )
\r
1200 return _ERROR_DISALLOWED;
\r
1203 Item::move($itemid, $destCatid);
\r
1208 * Admin::action_additem()
\r
1209 * Adds a item to the chosen blog
\r
1214 static private function action_additem()
\r
1216 global $manager, $CONF;
\r
1218 $manager->loadClass('ITEM');
\r
1220 $result = Item::createFromRequest();
\r
1222 if ( $result['status'] == 'error' )
\r
1224 self::error($result['message']);
\r
1227 $blogid = getBlogIDFromItemID($result['itemid']);
\r
1228 $blog =& $manager->getBlog($blogid);
\r
1229 $btimestamp = $blog->getCorrectTime();
\r
1230 $item = $manager->getItem(intval($result['itemid']), 1, 1);
\r
1232 if ( $result['status'] == 'newcategory' )
\r
1234 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
\r
1235 self::$action_categoryedit($result['catid'], $blogid, $distURI);
\r
1239 $methodName = 'action_itemList';
\r
1240 call_user_func(array(&$this, $methodName), $blogid);
\r
1246 * Admin::action_commentedit()
\r
1247 * Allows to edit previously made comments
\r
1252 static private function action_commentedit()
\r
1254 global $member, $manager;
\r
1256 $commentid = intRequestVar('commentid');
\r
1258 $member->canAlterComment($commentid) or self::disallow();
\r
1261 self::$skin->parse('commentedit');
\r
1267 * Admin::action_commentupdate()
\r
1272 static private function action_commentupdate()
\r
1274 global $member, $manager;
\r
1276 $commentid = intRequestVar('commentid');
\r
1278 $member->canAlterComment($commentid) or self::disallow();
\r
1280 $url = postVar('url');
\r
1281 $email = postVar('email');
\r
1282 $body = postVar('body');
\r
1284 // intercept words that are too long
\r
1285 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
\r
1287 self::error(_ERROR_COMMENT_LONGWORD);
\r
1291 if ( i18n::strlen($body) < 3 )
\r
1293 self::error(_ERROR_COMMENT_NOCOMMENT);
\r
1296 if ( i18n::strlen($body) > 5000 )
\r
1298 self::error(_ERROR_COMMENT_TOOLONG);
\r
1302 $body = Comment::prepareBody($body);
\r
1308 $manager->notify('PreUpdateComment', $data);
\r
1310 $query = "UPDATE %s SET cmail='%s', cemail = '%s', cbody= '%s' WHERE cnumber=%d;";
\r
1311 $query = sprintf($query, sql_real_escape_string($url), sql_real_escape_string($url), sql_real_escape_string($url), (integer) $commentid);
\r
1312 sql_query($query);
\r
1315 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
\r
1316 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
\r
1318 $res = sql_query($query);
\r
1319 $o = sql_fetch_object($res);
\r
1320 $itemid = $o->citem;
\r
1322 if ( $member->canAlterItem($itemid) )
\r
1324 self::$action_itemcommentlist($itemid);
\r
1328 self::$action_browseowncomments();
\r
1334 * Admin::action_commentdelete()
\r
1340 static private function action_commentdelete()
\r
1342 global $member, $manager;
\r
1344 $commentid = intRequestVar('commentid');
\r
1345 $member->canAlterComment($commentid) or self::disallow();
\r
1348 self::$skin->parse('commentdelete');
\r
1354 * Admin::action_commentdeleteconfirm()
\r
1359 static private function action_commentdeleteconfirm()
\r
1363 $commentid = intRequestVar('commentid');
\r
1365 // get item id first
\r
1366 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
\r
1367 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
\r
1369 $res = sql_query($query);
\r
1370 $o = sql_fetch_object($res);
\r
1371 $itemid = $o->citem;
\r
1373 $error = self::deleteOneComment($commentid);
\r
1376 self::doError($error);
\r
1379 if ( $member->canAlterItem($itemid) )
\r
1381 self::$action_itemcommentlist($itemid);
\r
1385 self::$action_browseowncomments();
\r
1391 * Admin::deleteOneComment()
\r
1393 * @param integer $commentid ID for comment
\r
1396 static private function deleteOneComment($commentid)
\r
1398 global $member, $manager;
\r
1400 $commentid = (integer) $commentid;
\r
1402 if ( !$member->canAlterComment($commentid) )
\r
1404 return _ERROR_DISALLOWED;
\r
1408 'commentid' => $commentid
\r
1411 $manager->notify('PreDeleteComment', $data);
\r
1413 // delete the comments associated with the item
\r
1414 $query = "DELETE FROM %s WHERE cnumber=%d;";
\r
1415 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
\r
1416 sql_query($query);
\r
1419 'commentid' => $commentid
\r
1422 $manager->notify('PostDeleteComment', $data);
\r
1428 * Admin::action_usermanagement()
\r
1429 * Usermanagement main
\r
1434 static private function action_usermanagement()
\r
1436 global $member, $manager;
\r
1438 // check if allowed
\r
1439 $member->isAdmin() or self::disallow();
\r
1442 self::$skin->parse('usermanagement');
\r
1449 * Edit member settings
\r
1454 static private function action_memberedit()
\r
1456 self::$action_editmembersettings(intRequestVar('memberid'));
\r
1461 * Admin::action_editmembersettings()
\r
1463 * @param integer $memberid ID for member
\r
1467 static private function action_editmembersettings($memberid = '')
\r
1469 global $member, $manager, $CONF;
\r
1471 if ( $memberid == '' )
\r
1473 $memberid = $member->getID();
\r
1476 /* TODO: we should consider to use the other way insterad of this */
\r
1477 $_REQUEST['memberid'] = $memberid;
\r
1479 // check if allowed
\r
1480 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
1482 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
1483 self::pagehead($extrahead);
\r
1484 self::$skin->parse('editmembersettings');
\r
1490 * Admin::action_changemembersettings()
\r
1495 static private function action_changemembersettings()
\r
1497 global $member, $CONF, $manager;
\r
1499 $memberid = intRequestVar('memberid');
\r
1501 // check if allowed
\r
1502 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
1504 $name = trim(strip_tags(postVar('name')));
\r
1505 $realname = trim(strip_tags(postVar('realname')));
\r
1506 $password = postVar('password');
\r
1507 $repeatpassword = postVar('repeatpassword');
\r
1508 $email = strip_tags(postVar('email'));
\r
1509 $url = strip_tags(postVar('url'));
\r
1510 $adminskin = intPostVar('adminskin');
\r
1512 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
\r
1513 if ( !preg_match('#^https?://#', $url) )
\r
1515 $url = 'http://' . $url;
\r
1518 $admin = postVar('admin');
\r
1519 $canlogin = postVar('canlogin');
\r
1520 $notes = strip_tags(postVar('notes'));
\r
1521 $locale = postVar('locale');
\r
1523 $mem = Member::createFromID($memberid);
\r
1525 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
\r
1527 if ( !isValidDisplayName($name) )
\r
1529 self::error(_ERROR_BADNAME);
\r
1532 if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
\r
1534 self::error(_ERROR_NICKNAMEINUSE);
\r
1537 if ( $password != $repeatpassword )
\r
1539 self::error(_ERROR_PASSWORDMISMATCH);
\r
1542 if ( $password && (i18n::strlen($password) < 6) )
\r
1544 self::error(_ERROR_PASSWORDTOOSHORT);
\r
1553 'password' => $password,
\r
1554 'errormessage' => &$pwderror,
\r
1555 'valid' => &$pwdvalid
\r
1557 $manager->notify('PrePasswordSet', $data);
\r
1561 self::error($pwderror);
\r
1566 if ( !NOTIFICATION::address_validation($email) )
\r
1568 self::error(_ERROR_BADMAILADDRESS);
\r
1572 self::error(_ERROR_REALNAMEMISSING);
\r
1574 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
\r
1576 self::error(_ERROR_NOSUCHTRANSLATION);
\r
1579 // check if there will remain at least one site member with both the logon and admin rights
\r
1580 // (check occurs when taking away one of these rights from such a member)
\r
1581 if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
\r
1582 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
\r
1585 $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
\r
1586 if ( sql_num_rows($r) < 2 )
\r
1588 self::error(_ERROR_ATLEASTONEADMIN);
\r
1592 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
\r
1594 $mem->setDisplayName($name);
\r
1597 $mem->setPassword($password);
\r
1601 $oldEmail = $mem->getEmail();
\r
1603 $mem->setRealName($realname);
\r
1604 $mem->setEmail($email);
\r
1605 $mem->setURL($url);
\r
1606 $mem->setNotes($notes);
\r
1607 $mem->setLocale($locale);
\r
1609 // only allow super-admins to make changes to the admin status
\r
1610 if ( $member->isAdmin() )
\r
1612 $mem->setAdmin($admin);
\r
1613 $mem->setCanLogin($canlogin);
\r
1616 $autosave = postVar('autosave');
\r
1617 $mem->setAutosave($autosave);
\r
1621 // store plugin options
\r
1622 $aOptions = requestArray('plugoption');
\r
1623 NucleusPlugin::apply_plugin_options($aOptions);
\r
1625 'context' => 'member',
\r
1626 'memberid' => $memberid,
\r
1629 $manager->notify('PostPluginOptionsUpdate', $data);
\r
1631 // if email changed, generate new password
\r
1632 if ( $oldEmail != $mem->getEmail() )
\r
1634 $mem->sendActivationLink('addresschange', $oldEmail);
\r
1636 $mem->newCookieKey();
\r
1638 // only log out if the member being edited is the current member.
\r
1639 if ( $member->getID() == $memberid )
\r
1641 $member->logout();
\r
1643 self::$action_login(_MSG_ACTIVATION_SENT, 0);
\r
1647 if ( ($mem->getID() == $member->getID())
\r
1648 && ($mem->getDisplayName() != $member->getDisplayName()) )
\r
1650 $mem->newCookieKey();
\r
1651 $member->logout();
\r
1652 self::$action_login(_MSG_LOGINAGAIN, 0);
\r
1656 self::$action_overview(_MSG_SETTINGSCHANGED);
\r
1662 * Admin::action_memberadd()
\r
1668 static private function action_memberadd()
\r
1670 global $member, $manager;
\r
1672 // check if allowed
\r
1673 $member->isAdmin() or self::disallow();
\r
1675 if ( postVar('password') != postVar('repeatpassword') )
\r
1677 self::error(_ERROR_PASSWORDMISMATCH);
\r
1680 if ( i18n::strlen(postVar('password')) < 6 )
\r
1682 self::error(_ERROR_PASSWORDTOOSHORT);
\r
1685 $res = Member::create(
\r
1687 postVar('realname'),
\r
1688 postVar('password'),
\r
1692 postVar('canlogin'),
\r
1698 self::error($res);
\r
1701 // fire PostRegister event
\r
1702 $newmem = new Member();
\r
1703 $newmem->readFromName(postVar('name'));
\r
1705 'member' => &$newmem
\r
1707 $manager->notify('PostRegister', $data);
\r
1709 self::$action_usermanagement();
\r
1714 * Admin::action_activate()
\r
1715 * Account activation
\r
1720 static private function action_activate()
\r
1722 $key = getVar('key');
\r
1723 self::showActivationPage($key);
\r
1728 * Admin::showActivationPage()
\r
1733 static private function showActivationPage($key, $message = '')
\r
1737 // clean up old activation keys
\r
1738 Member::cleanupActivationTable();
\r
1740 // get activation info
\r
1741 $info = Member::getActivationInfo($key);
\r
1745 self::error(_ERROR_ACTIVATE);
\r
1748 $mem = Member::createFromId($info->vmember);
\r
1752 self::error(_ERROR_ACTIVATE);
\r
1755 /* TODO: we should consider to use the other way insterad of this */
\r
1756 $_POST['ackey'] = $key;
\r
1757 $_POST['bNeedsPasswordChange'] = TRUE;
\r
1759 self::$headMess = $message;
\r
1761 self::$skin->parse('activate');
\r
1767 * Admin::action_activatesetpwd()
\r
1768 * Account activation - set password part
\r
1773 static private function action_activatesetpwd()
\r
1776 $key = postVar('key');
\r
1778 // clean up old activation keys
\r
1779 Member::cleanupActivationTable();
\r
1781 // get activation info
\r
1782 $info = Member::getActivationInfo($key);
\r
1784 if ( !$info || ($info->type == 'addresschange') )
\r
1786 return self::showActivationPage($key, _ERROR_ACTIVATE);
\r
1789 $mem = Member::createFromId($info->vmember);
\r
1793 return self::showActivationPage($key, _ERROR_ACTIVATE);
\r
1796 $password = postVar('password');
\r
1797 $repeatpassword = postVar('repeatpassword');
\r
1799 if ( $password != $repeatpassword )
\r
1801 return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH);
\r
1804 if ( $password && (i18n::strlen($password) < 6) )
\r
1806 return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
\r
1815 'password' => $password,
\r
1816 'errormessage' => &$pwderror,
\r
1817 'valid' => &$pwdvalid
\r
1819 $manager->notify('PrePasswordSet', $data);
\r
1822 return self::showActivationPage($key,$pwderror);
\r
1829 'type' => 'activation',
\r
1831 'error' => &$error
\r
1833 $manager->notify('ValidateForm', $data);
\r
1834 if ( $error != '' )
\r
1836 return self::showActivationPage($key, $error);
\r
1840 $mem->setPassword($password);
\r
1843 // do the activation
\r
1844 Member::activate($key);
\r
1847 self::$skin->parse('activatesetpwd');
\r
1853 * Admin::action_manageteam()
\r
1859 static private function action_manageteam()
\r
1861 global $member, $manager;
\r
1863 $blogid = intRequestVar('blogid');
\r
1865 // check if allowed
\r
1866 $member->blogAdminRights($blogid) or self::disallow();
\r
1869 self::$skin->parse('manageteam');
\r
1875 * Admin::action_teamaddmember()
\r
1876 * Add member to team
\r
1881 static private function action_teamaddmember()
\r
1883 global $member, $manager;
\r
1885 $memberid = intPostVar('memberid');
\r
1886 $blogid = intPostVar('blogid');
\r
1887 $admin = intPostVar('admin');
\r
1889 // check if allowed
\r
1890 $member->blogAdminRights($blogid) or self::disallow();
\r
1892 $blog =& $manager->getBlog($blogid);
\r
1893 if ( !$blog->addTeamMember($memberid, $admin) )
\r
1895 self::error(_ERROR_ALREADYONTEAM);
\r
1898 self::$action_manageteam();
\r
1903 * Admin::action_teamdelete()
\r
1908 static private function action_teamdelete()
\r
1910 global $member, $manager;
\r
1912 $memberid = intRequestVar('memberid');
\r
1913 $blogid = intRequestVar('blogid');
\r
1915 // check if allowed
\r
1916 $member->blogAdminRights($blogid) or self::disallow();
\r
1918 $teammem = Member::createFromID($memberid);
\r
1919 $blog =& $manager->getBlog($blogid);
\r
1922 self::$skin->parse('teamdelete');
\r
1928 * Admin::action_teamdeleteconfirm()
\r
1933 static private function action_teamdeleteconfirm()
\r
1937 $memberid = intRequestVar('memberid');
\r
1938 $blogid = intRequestVar('blogid');
\r
1940 $error = self::deleteOneTeamMember($blogid, $memberid);
\r
1943 self::error($error);
\r
1945 self::$action_manageteam();
\r
1950 * Admin::deleteOneTeamMember()
\r
1955 static private function deleteOneTeamMember($blogid, $memberid)
\r
1957 global $member, $manager;
\r
1959 $blogid = intval($blogid);
\r
1960 $memberid = intval($memberid);
\r
1962 // check if allowed
\r
1963 if ( !$member->blogAdminRights($blogid) )
\r
1965 return _ERROR_DISALLOWED;
\r
1968 // check if: - there remains at least one blog admin
\r
1969 // - (there remains at least one team member)
\r
1970 $tmem = Member::createFromID($memberid);
\r
1974 'member' => &$tmem,
\r
1975 'blogid' => $blogid
\r
1976 );
\r $manager->notify('PreDeleteTeamMember', $data);
\r
1978 if ( $tmem->isBlogAdmin($blogid) )
\r
1980 /* TODO: why we did double check? */
\r
1981 // check if there are more blog members left and at least one admin
\r
1982 // (check for at least two admins before deletion)
\r
1983 $query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;";
\r
1984 $query = sprintf($query, sql_table('team'), (integer) $blogid);
\r
1985 $r = sql_query($query);
\r
1986 if ( sql_num_rows($r) < 2 )
\r
1988 return _ERROR_ATLEASTONEBLOGADMIN;
\r
1992 $query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;";
\r
1993 $query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid);
\r
1994 sql_query($query);
\r
1997 'member' => &$tmem,
\r
1998 'blogid' => $blogid
\r
2000 $manager->notify('PostDeleteTeamMember', $data);
\r
2006 * Admin::action_teamchangeadmin()
\r
2011 static private function action_teamchangeadmin()
\r
2015 $blogid = intRequestVar('blogid');
\r
2016 $memberid = intRequestVar('memberid');
\r
2018 // check if allowed
\r
2019 $member->blogAdminRights($blogid) or self::disallow();
\r
2021 $mem = Member::createFromID($memberid);
\r
2023 // don't allow when there is only one admin at this moment
\r
2024 if ( $mem->isBlogAdmin($blogid) )
\r
2026 $query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;";
\r
2027 $query = sprintf($query, sql_table('team'), (integer) $blogid);
\r
2028 $r = sql_query($query);
\r
2029 if ( sql_num_rows($r) == 1 )
\r
2031 self::error(_ERROR_ATLEASTONEBLOGADMIN);
\r
2035 if ( $mem->isBlogAdmin($blogid) )
\r
2044 $query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;";
\r
2045 $query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid);
\r
2046 sql_query($query);
\r
2048 // only show manageteam if member did not change its own admin privileges
\r
2049 if ( $member->isBlogAdmin($blogid) )
\r
2051 self::$action_manageteam();
\r
2055 self::$action_overview(_MSG_ADMINCHANGED);
\r
2061 * Admin::action_blogsettings()
\r
2066 static private function action_blogsettings()
\r
2068 global $member, $manager;
\r
2070 $blogid = intRequestVar('blogid');
\r
2072 // check if allowed
\r
2073 $member->blogAdminRights($blogid) or self::disallow();
\r
2075 $blog =& $manager->getBlog($blogid);
\r
2077 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
2078 self::pagehead($extrahead);
\r
2079 self::$skin->parse('blogsettings');
\r
2085 * Admin::action_categorynew()
\r
2090 static private function action_categorynew()
\r
2092 global $member, $manager;
\r
2094 $blogid = intRequestVar('blogid');
\r
2096 $member->blogAdminRights($blogid) or self::disallow();
\r
2098 $cname = postVar('cname');
\r
2099 $cdesc = postVar('cdesc');
\r
2101 if ( !isValidCategoryName($cname) )
\r
2103 self::error(_ERROR_BADCATEGORYNAME);
\r
2106 $query = "SELECT * FROM %s WHERE cname='%s' AND cblog=%d;";
\r
2107 $query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), (integer) $blogid);
\r
2108 $res = sql_query($query);
\r
2109 if ( sql_num_rows($res) > 0 )
\r
2111 self::error(_ERROR_DUPCATEGORYNAME);
\r
2114 $blog =& $manager->getBlog($blogid);
\r
2115 $newCatID = $blog->createNewCategory($cname, $cdesc);
\r
2117 self::$action_blogsettings();
\r
2122 * Admin::action_categoryedit()
\r
2127 static private function action_categoryedit($catid = '', $blogid = '', $desturl = '')
\r
2129 global $member, $manager;
\r
2131 if ( $blogid == '' )
\r
2133 $blogid = intGetVar('blogid');
\r
2137 $blogid = intval($blogid);
\r
2139 if ( $catid == '' )
\r
2141 $catid = intGetVar('catid');
\r
2145 $catid = intval($catid);
\r
2148 /* TODO: we should consider to use the other way insterad of this */
\r
2149 $_REQUEST['blogid'] = $blogid;
\r
2150 $_REQUEST['catid'] = $catid;
\r
2151 $_REQUEST['desturl'] = $desturl;
\r
2152 $member->blogAdminRights($blogid) or self::disallow();
\r
2154 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
2155 self::pagehead($extrahead);
\r
2156 self::$skin->parse('categoryedit');
\r
2162 * Admin::action_categoryupdate()
\r
2167 static private function action_categoryupdate()
\r
2169 global $member, $manager;
\r
2171 $blogid = intPostVar('blogid');
\r
2172 $catid = intPostVar('catid');
\r
2173 $cname = postVar('cname');
\r
2174 $cdesc = postVar('cdesc');
\r
2175 $desturl = postVar('desturl');
\r
2177 $member->blogAdminRights($blogid) or self::disallow();
\r
2179 if ( !isValidCategoryName($cname) )
\r
2181 self::error(_ERROR_BADCATEGORYNAME);
\r
2184 $query = "SELECT * FROM %s WHERE cname='%s' AND cblog=%d AND not(catid=%d);";
\r
2185 $query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), (integer) $blogid, (integer) $catid);
\r
2186 $res = sql_query($query);
\r
2187 if ( sql_num_rows($res) > 0 )
\r
2189 self::error(_ERROR_DUPCATEGORYNAME);
\r
2192 $query = "UPDATE %s SET cname='%s', cdesc='%s' WHERE catid=%d;";
\r
2193 $query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), sql_real_escape_string($cdesc), (integer) $catid);
\r
2194 sql_query($query);
\r
2196 // store plugin options
\r
2197 $aOptions = requestArray('plugoption');
\r
2198 NucleusPlugin::apply_plugin_options($aOptions);
\r
2200 'context' => 'category',
\r
2203 $manager->notify('PostPluginOptionsUpdate', $data);
\r
2207 redirect($desturl);
\r
2212 self::$action_blogsettings();
\r
2218 * Admin::action_categorydelete()
\r
2223 static private function action_categorydelete()
\r
2225 global $member, $manager;
\r
2227 $blogid = intRequestVar('blogid');
\r
2228 $catid = intRequestVar('catid');
\r
2230 $member->blogAdminRights($blogid) or self::disallow();
\r
2232 $blog =& $manager->getBlog($blogid);
\r
2234 // check if the category is valid
\r
2235 if ( !$blog->isValidCategory($catid) )
\r
2237 self::error(_ERROR_NOSUCHCATEGORY);
\r
2240 // don't allow deletion of default category
\r
2241 if ( $blog->getDefaultCategory() == $catid )
\r
2243 self::error(_ERROR_DELETEDEFCATEGORY);
\r
2246 // check if catid is the only category left for blogid
\r
2247 $query = "SELECT catid FROM %s WHERE cblog=%d;";
\r
2248 $query = sprintf($query, sql_table('category'), $blogid);
\r
2249 $res = sql_query($query);
\r
2250 if ( sql_num_rows($res) == 1 )
\r
2252 self::error(_ERROR_DELETELASTCATEGORY);
\r
2256 self::$skin->parse('categorydelete');
\r
2262 * Admin::action_categorydeleteconfirm()
\r
2267 static private function action_categorydeleteconfirm()
\r
2269 global $member, $manager;
\r
2271 $blogid = intRequestVar('blogid');
\r
2272 $catid = intRequestVar('catid');
\r
2274 $member->blogAdminRights($blogid) or self::disallow();
\r
2276 $error = self::deleteOneCategory($catid);
\r
2279 self::error($error);
\r
2282 self::$action_blogsettings();
\r
2287 * Admin::deleteOneCategory()
\r
2288 * Delete a category by its id
\r
2290 * @param String $catid category id for deleting
\r
2293 static private function deleteOneCategory($catid)
\r
2295 global $manager, $member;
\r
2297 $catid = intval($catid);
\r
2298 $blogid = getBlogIDFromCatID($catid);
\r
2300 if ( !$member->blogAdminRights($blogid) )
\r
2302 return ERROR_DISALLOWED;
\r
2306 $blog =& $manager->getBlog($blogid);
\r
2308 // check if the category is valid
\r
2309 if ( !$blog || !$blog->isValidCategory($catid) )
\r
2311 return _ERROR_NOSUCHCATEGORY;
\r
2314 $destcatid = $blog->getDefaultCategory();
\r
2316 // don't allow deletion of default category
\r
2317 if ( $blog->getDefaultCategory() == $catid )
\r
2319 return _ERROR_DELETEDEFCATEGORY;
\r
2322 // check if catid is the only category left for blogid
\r
2323 $query = "SELECT catid FROM %s WHERE cblog=%d;";
\r
2324 $query = sprintf(sql_table('category'), (integer) $blogid);
\r
2326 $res = sql_query($query);
\r
2327 if ( sql_num_rows($res) == 1 )
\r
2329 return _ERROR_DELETELASTCATEGORY;
\r
2332 $data = array('catid' => $catid);
\r
2333 $manager->notify('PreDeleteCategory', $data);
\r
2335 // change category for all items to the default category
\r
2336 $query = "UPDATE %s SET icat=%d WHERE icat=%d;";
\r
2337 $query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid);
\r
2338 sql_query($query);
\r
2340 // delete all associated plugin options
\r
2341 NucleusPlugin::delete_option_values('category', $catid);
\r
2343 // delete category
\r
2344 $query = "DELETE FROM %s WHERE catid=%d;";
\r
2345 $query = sprintf($query, (integer) $catid);
\r
2346 sql_query($query);
\r
2348 $data = array('catid' => $catid);
\r
2349 $manager->notify('PostDeleteCategory', $data);
\r
2354 * Admin::action_blogsettingsupdate
\r
2355 * Updating blog settings
\r
2360 static private function action_blogsettingsupdate()
\r
2362 global $member, $manager;
\r
2364 $blogid = intRequestVar('blogid');
\r
2366 $member->blogAdminRights($blogid) or self::disallow();
\r
2368 $blog =& $manager->getBlog($blogid);
\r
2370 $notify_address = trim(postVar('notify'));
\r
2371 $shortname = trim(postVar('shortname'));
\r
2372 $updatefile = trim(postVar('update'));
\r
2374 $notifyComment = intPostVar('notifyComment');
\r
2375 $notifyVote = intPostVar('notifyVote');
\r
2376 $notifyNewItem = intPostVar('notifyNewItem');
\r
2378 if ( $notifyComment == 0 )
\r
2380 $notifyComment = 1;
\r
2382 if ( $notifyVote == 0 )
\r
2386 if ( $notifyNewItem == 0 )
\r
2388 $notifyNewItem = 1;
\r
2390 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
\r
2392 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
\r
2394 self::error(_ERROR_BADNOTIFY);
\r
2397 if ( !isValidShortName($shortname) )
\r
2399 self::error(_ERROR_BADSHORTBLOGNAME);
\r
2402 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
\r
2404 self::error(_ERROR_DUPSHORTBLOGNAME);
\r
2406 // check if update file is writable
\r
2407 if ( $updatefile && !is_writeable($updatefile) )
\r
2409 self::error(_ERROR_UPDATEFILE);
\r
2412 $blog->setName(trim(postVar('name')));
\r
2413 $blog->setShortName($shortname);
\r
2414 $blog->setNotifyAddress($notify_address);
\r
2415 $blog->setNotifyType($notifyType);
\r
2416 $blog->setMaxComments(postVar('maxcomments'));
\r
2417 $blog->setCommentsEnabled(postVar('comments'));
\r
2418 $blog->setTimeOffset(postVar('timeoffset'));
\r
2419 $blog->setUpdateFile($updatefile);
\r
2420 $blog->setURL(trim(postVar('url')));
\r
2421 $blog->setDefaultSkin(intPostVar('defskin'));
\r
2422 $blog->setDescription(trim(postVar('desc')));
\r
2423 $blog->setPublic(postVar('public'));
\r
2424 $blog->setConvertBreaks(intPostVar('convertbreaks'));
\r
2425 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
\r
2426 $blog->setDefaultCategory(intPostVar('defcat'));
\r
2427 $blog->setSearchable(intPostVar('searchable'));
\r
2428 $blog->setEmailRequired(intPostVar('reqemail'));
\r
2429 $blog->writeSettings();
\r
2431 // store plugin options
\r
2432 $aOptions = requestArray('plugoption');
\r
2433 NucleusPlugin::apply_plugin_options($aOptions);
\r
2436 'context' => 'blog',
\r
2437 'blogid' => $blogid,
\r
2440 $manager->notify('PostPluginOptionsUpdate', $data);
\r
2442 self::$action_overview(_MSG_SETTINGSCHANGED);
\r
2447 * Admin::action_deleteblog()
\r
2452 static private function action_deleteblog()
\r
2454 global $member, $CONF, $manager;
\r
2456 $blogid = intRequestVar('blogid');
\r
2458 $member->blogAdminRights($blogid) or self::disallow();
\r
2460 // check if blog is default blog
\r
2461 if ( $CONF['DefaultBlog'] == $blogid )
\r
2463 self::error(_ERROR_DELDEFBLOG);
\r
2466 $blog =& $manager->getBlog($blogid);
\r
2469 self::$skin->parse('deleteblog');
\r
2475 * Admin::action_deleteblogconfirm()
\r
2481 static private function action_deleteblogconfirm()
\r
2483 global $member, $CONF, $manager;
\r
2485 $blogid = intRequestVar('blogid');
\r
2487 $data = array('blogid' => $blogid);
\r
2488 $manager->notify('PreDeleteBlog', $data);
\r
2490 $member->blogAdminRights($blogid) or self::disallow();
\r
2492 // check if blog is default blog
\r
2493 if ( $CONF['DefaultBlog'] == $blogid )
\r
2495 self::error(_ERROR_DELDEFBLOG);
\r
2498 // delete all comments
\r
2499 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
\r
2500 sql_query($query);
\r
2502 // delete all items
\r
2503 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
\r
2504 sql_query($query);
\r
2506 // delete all team members
\r
2507 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
\r
2508 sql_query($query);
\r
2510 // delete all bans
\r
2511 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
\r
2512 sql_query($query);
\r
2514 // delete all categories
\r
2515 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
\r
2516 sql_query($query);
\r
2518 // delete all associated plugin options
\r
2519 NucleusPlugin::delete_option_values('blog', $blogid);
\r
2521 // delete the blog itself
\r
2522 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
\r
2523 sql_query($query);
\r
2525 $data = array('blogid' => $blogid);
\r
2526 $manager->notify('PostDeleteBlog', $data);
\r
2528 self::$action_overview(_DELETED_BLOG);
\r
2533 * Admin::action_memberdelete()
\r
2538 static private function action_memberdelete()
\r
2540 global $member, $manager;
\r
2542 $memberid = intRequestVar('memberid');
\r
2544 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
2546 $mem = Member::createFromID($memberid);
\r
2549 self::$skin->parse('memberdelete');
\r
2555 * Admin::action_memberdeleteconfirm()
\r
2560 static private function action_memberdeleteconfirm()
\r
2564 $memberid = intRequestVar('memberid');
\r
2566 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
2568 $error = self::deleteOneMember($memberid);
\r
2571 self::error($error);
\r
2574 if ( $member->isAdmin() )
\r
2576 self::$action_usermanagement();
\r
2580 self::$action_overview(_DELETED_MEMBER);
\r
2586 * Admin::deleteOneMember()
\r
2587 * Delete a member by id
\r
2590 * @params Integer $memberid member id
\r
2591 * @return String null string or error messages
\r
2593 static private function deleteOneMember($memberid)
\r
2597 $memberid = intval($memberid);
\r
2598 $mem = Member::createFromID($memberid);
\r
2600 if ( !$mem->canBeDeleted() )
\r
2602 return _ERROR_DELETEMEMBER;
\r
2605 $data = array('member' => &$mem);
\r
2606 $manager->notify('PreDeleteMember', $data);
\r
2608 /* unlink comments from memberid */
\r
2611 $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d;";
\r
2612 $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid);
\r
2613 sql_query($query);
\r
2616 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
\r
2617 sql_query($query);
\r
2619 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
\r
2620 sql_query($query);
\r
2622 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
\r
2623 sql_query($query);
\r
2625 // delete all associated plugin options
\r
2626 NucleusPlugin::delete_option_values('member', $memberid);
\r
2628 $data = array('member' => &$mem);
\r
2629 $manager->notify('PostDeleteMember', $data);
\r
2635 * Admin::action_createnewlog()
\r
2640 static private function action_createnewlog()
\r
2642 global $member, $CONF, $manager;
\r
2644 // Only Super-Admins can do this
\r
2645 $member->isAdmin() or self::disallow();
\r
2648 self::$skin->parse('createnewlog');
\r
2654 * Admin::action_addnewlog()
\r
2659 static private function action_addnewlog()
\r
2661 global $member, $manager, $CONF;
\r
2663 // Only Super-Admins can do this
\r
2664 $member->isAdmin() or self::disallow();
\r
2666 $bname = trim(postVar('name'));
\r
2667 $bshortname = trim(postVar('shortname'));
\r
2668 $btimeoffset = postVar('timeoffset');
\r
2669 $bdesc = trim(postVar('desc'));
\r
2670 $bdefskin = postVar('defskin');
\r
2672 if ( !isValidShortName($bshortname) )
\r
2674 self::error(_ERROR_BADSHORTBLOGNAME);
\r
2677 if ( $manager->existsBlog($bshortname) )
\r
2679 self::error(_ERROR_DUPSHORTBLOGNAME);
\r
2683 'name' => &$bname,
\r
2684 'shortname' => &$bshortname,
\r
2685 'timeoffset' => &$btimeoffset,
\r
2686 'description' => &$bdesc,
\r
2687 'defaultskin' => &$bdefskin
\r
2689 $manager->notify('PreAddBlog', $data);
\r
2691 // add slashes for sql queries
\r
2692 $bname = sql_real_escape_string($bname);
\r
2693 $bshortname = sql_real_escape_string($bshortname);
\r
2694 $btimeoffset = sql_real_escape_string($btimeoffset);
\r
2695 $bdesc = sql_real_escape_string($bdesc);
\r
2696 $bdefskin = sql_real_escape_string($bdefskin);
\r
2699 $query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('%s', '%s', '%s', '%s', '%s');";
\r
2700 $query = sprintf(sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin);
\r
2701 sql_query($query);
\r
2703 $blogid = sql_insert_id();
\r
2704 $blog =& $manager->getBlog($blogid);
\r
2706 // create new category
\r
2707 $catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME);
\r
2708 $catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC);
\r
2710 $query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';
\r
2711 sql_query(sprintf($query, sql_table('category'), (integer) $blogid, $catdefname, $catdefdesc));
\r
2712 $catid = sql_insert_id();
\r
2714 // set as default category
\r
2715 $blog->setDefaultCategory($catid);
\r
2716 $blog->writeSettings();
\r
2718 // create team member
\r
2719 $query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);";
\r
2720 $query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid);
\r
2721 sql_query($query);
\r
2723 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
\r
2724 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
\r
2727 $blog->getDefaultCategory(),
\r
2728 $itemdeftitle,$itemdefbody,
\r
2732 $blog->getCorrectTime(),
\r
2738 $data = array('blog' => &$blog);
\r
2739 $manager->notify('PostAddBlog', $data);
\r
2743 'name' => _EBLOGDEFAULTCATEGORY_NAME,
\r
2744 'description' => _EBLOGDEFAULTCATEGORY_DESC,
\r
2747 $manager->notify('PostAddCategory', $data);
\r
2749 /* TODO: we should consider to use the other way insterad of this */
\r
2750 $_REQUEST['blogid'] = $blogid;
\r
2751 $_REQUEST['catid'] = $catid;
\r
2753 self::$skin->parse('addnewlog');
\r
2759 * Admin::action_addnewlog2()
\r
2764 static private function action_addnewlog2()
\r
2766 global $member, $manager;
\r
2767 $blogid = intRequestVar('blogid');
\r
2769 $member->blogAdminRights($blogid) or self::disallow();
\r
2771 $burl = requestVar('url');
\r
2773 $blog =& $manager->getBlog($blogid);
\r
2774 $blog->setURL(trim($burl));
\r
2775 $blog->writeSettings();
\r
2777 self::$action_overview(_MSG_NEWBLOG);
\r
2782 * Admin::action_skinieoverview()
\r
2787 static private function action_skinieoverview()
\r
2789 global $member, $DIR_LIBS, $manager;
\r
2791 $member->isAdmin() or self::disallow();
\r
2793 include_once($DIR_LIBS . 'skinie.php');
\r
2796 self::$skin->parse('skinieoverview');
\r
2802 * Admin::action_skinieimport()
\r
2807 static private function action_skinieimport()
\r
2809 global $member, $DIR_LIBS, $DIR_SKINS, $manager;
\r
2811 $member->isAdmin() or self::disallow();
\r
2813 // load skinie class
\r
2814 include_once($DIR_LIBS . 'skinie.php');
\r
2816 $skinFileRaw = postVar('skinfile');
\r
2817 $mode = postVar('mode');
\r
2819 $importer = new SkinImport();
\r
2821 // get full filename
\r
2822 if ($mode == 'file')
\r
2824 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2826 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2827 /* TODO: remove this */
\r
2828 if ( !file_exists($skinFile) )
\r
2830 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2835 $skinFile = $skinFileRaw;
\r
2838 // read only metadata
\r
2839 $error = $importer->readFile($skinFile, 1);
\r
2841 /* TODO: we should consider to use the other way insterad of this */
\r
2842 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2843 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2844 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2847 $skinNameClashe = $importer->checkSkinNameClashes();
\r
2848 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
2849 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
2851 /* TODO: we should consider to use the other way insterad of this */
\r
2852 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
2853 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
2854 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
2858 self::error($error);
\r
2862 self::$skin->parse('skinieimport');
\r
2873 static private function action_skiniedoimport()
\r
2875 global $member, $DIR_LIBS, $DIR_SKINS;
\r
2877 $member->isAdmin() or self::disallow();
\r
2879 // load skinie class
\r
2880 include_once($DIR_LIBS . 'skinie.php');
\r
2882 $skinFileRaw= postVar('skinfile');
\r
2883 $mode = postVar('mode');
\r
2885 $allowOverwrite = intPostVar('overwrite');
\r
2887 // get full filename
\r
2888 if ( $mode == 'file' )
\r
2890 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2892 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2893 if ( !file_exists($skinFile) )
\r
2895 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2901 $skinFile = $skinFileRaw;
\r
2904 $importer = new SkinImport();
\r
2906 $error = $importer->readFile($skinFile);
\r
2910 self::error($error);
\r
2913 $error = $importer->writeToDatabase($allowOverwrite);
\r
2917 self::error($error);
\r
2920 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2921 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2922 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2925 self::$skin->parse('skiniedoimport');
\r
2935 static private function action_skinieexport()
\r
2937 global $member, $DIR_LIBS;
\r
2939 $member->isAdmin() or self::disallow();
\r
2941 // load skinie class
\r
2942 include_once($DIR_LIBS . 'skinie.php');
\r
2944 $aSkins = requestIntArray('skin');
\r
2945 $aTemplates = requestIntArray('template');
\r
2947 if ( !is_array($aTemplates) )
\r
2949 $aTemplates = array();
\r
2951 if ( !is_array($aSkins) )
\r
2953 $aSkins = array();
\r
2956 $skinList = array_keys($aSkins);
\r
2957 $templateList = array_keys($aTemplates);
\r
2959 $info = postVar('info');
\r
2961 $exporter = new SkinExport();
\r
2962 foreach ($skinList as $skinId)
\r
2964 $exporter->addSkin($skinId);
\r
2966 foreach ($templateList as $templateId)
\r
2968 $exporter->addTemplate($templateId);
\r
2970 $exporter->setInfo($info);
\r
2972 $exporter->export();
\r
2981 static private function action_templateoverview()
\r
2983 global $member, $manager;
\r
2985 $member->isAdmin() or self::disallow();
\r
2988 self::$skin->parse('templateoverview');
\r
2998 static private function action_templateedit($msg = '')
\r
3000 global $member, $manager;
\r
3003 self::$headMess = $msg;
\r
3006 $templateid = intRequestVar('templateid');
\r
3008 $member->isAdmin() or self::disallow();
\r
3010 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';
\r
3011 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';
\r
3013 self::pagehead($extrahead);
\r
3014 self::$skin->parse('templateedit');
\r
3020 static private function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {
\r
3021 static $count = 1;
\r
3022 if (!isset($template[$name])) $template[$name] = '';
\r
3025 <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>
\r
3026 <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo Entity::hsc($template[$name]); ?></textarea></td>
\r
3037 static private function action_templateupdate()
\r
3039 global $member,$manager;
\r
3041 $templateid = intRequestVar('templateid');
\r
3043 $member->isAdmin() or self::disallow();
\r
3045 $name = postVar('tname');
\r
3046 $desc = postVar('tdesc');
\r
3048 if ( !isValidTemplateName($name) )
\r
3050 self::error(_ERROR_BADTEMPLATENAME);
\r
3053 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
\r
3055 self::error(_ERROR_DUPTEMPLATENAME);
\r
3058 $name = sql_real_escape_string($name);
\r
3059 $desc = sql_real_escape_string($desc);
\r
3061 // 1. Remove all template parts
\r
3062 $query = 'DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid;
\r
3063 sql_query($query);
\r
3065 // 2. Update description
\r
3066 $query = 'UPDATE '
\r
3067 . sql_table('template_desc')
\r
3069 . " tdname='" . $name . "',"
\r
3070 . " tddesc='" . $desc . "'"
\r
3072 . " tdnumber=" . $templateid;
\r
3073 sql_query($query);
\r
3075 // 3. Add non-empty template parts
\r
3076 self::addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));
\r
3077 self::addToTemplate($templateid, 'ITEM', postVar('ITEM'));
\r
3078 self::addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));
\r
3079 self::addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));
\r
3080 self::addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));
\r
3081 self::addToTemplate($templateid, 'NEW', postVar('NEW'));
\r
3082 self::addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));
\r
3083 self::addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));
\r
3084 self::addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));
\r
3085 self::addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));
\r
3086 self::addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));
\r
3087 self::addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));
\r
3088 self::addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));
\r
3089 self::addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));
\r
3090 self::addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));
\r
3091 self::addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
\r
3092 self::addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
\r
3093 self::addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
\r
3094 self::addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
\r
3095 self::addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
\r
3096 self::addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
\r
3097 self::addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
\r
3098 self::addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
\r
3099 self::addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
\r
3100 self::addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));
\r
3101 self::addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));
\r
3102 self::addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));
\r
3103 self::addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));
\r
3104 self::addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));
\r
3105 self::addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));
\r
3106 self::addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
\r
3107 self::addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));
\r
3108 self::addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
\r
3109 self::addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
\r
3111 $pluginfields = array();
\r
3113 'TemplateExtraFields',
\r
3115 'fields'=>&$pluginfields
\r
3118 foreach ($pluginfields as $pfkey=>$pfvalue)
\r
3120 foreach ($pfvalue as $pffield=>$pfdesc)
\r
3122 self::addToTemplate($templateid, $pffield, postVar($pffield));
\r
3126 // jump back to template edit
\r
3127 self::$action_templateedit(_TEMPLATE_UPDATED);
\r
3132 * Admin::addToTemplate()
\r
3134 * @param Integer $id ID for template
\r
3135 * @param String $partname parts name
\r
3136 * @param String $content template contents
\r
3137 * @return Integer record index
\r
3140 static private function addToTemplate($id, $partname, $content)
\r
3142 // don't add empty parts:
\r
3143 if ( !trim($content) )
\r
3148 $partname = sql_real_escape_string($partname);
\r
3149 $content = sql_real_escape_string($content);
\r
3151 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, '%s', '%s')";
\r
3152 $query = sprintf($query, sql_table('template'), (integer) $id, $partname, $content);
\r
3153 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
3154 return sql_insert_id();
\r
3163 static private function action_templatedelete() {
\r
3164 global $member, $manager;
\r
3166 $member->isAdmin() or self::disallow();
\r
3168 $templateid = intRequestVar('templateid');
\r
3169 // TODO: check if template can be deleted
\r
3172 self::$skin->parse('templatedelete');
\r
3182 static private function action_templatedeleteconfirm() {
\r
3183 global $member, $manager;
\r
3185 $templateid = intRequestVar('templateid');
\r
3187 $member->isAdmin() or self::disallow();
\r
3190 'PreDeleteTemplate',
\r
3192 'templateid' => $templateid
\r
3196 // 1. delete description
\r
3197 sql_query('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
\r
3199 // 2. delete parts
\r
3200 sql_query('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
\r
3203 'PostDeleteTemplate',
\r
3205 'templateid' => $templateid
\r
3209 self::$action_templateoverview();
\r
3218 static private function action_templatenew()
\r
3222 $member->isAdmin() or self::disallow();
\r
3224 $name = postVar('name');
\r
3225 $desc = postVar('desc');
\r
3227 if ( !isValidTemplateName($name) )
\r
3229 self::error(_ERROR_BADTEMPLATENAME);
\r
3232 if ( Template::exists($name) )
\r
3234 self::error(_ERROR_DUPTEMPLATENAME);
\r
3237 $newTemplateId = Template::createNew($name, $desc);
\r
3239 self::$action_templateoverview();
\r
3248 static private function action_templateclone()
\r
3252 $templateid = intRequestVar('templateid');
\r
3254 $member->isAdmin() or self::disallow();
\r
3256 // 1. read old template
\r
3257 $name = Template::getNameFromId($templateid);
\r
3258 $desc = Template::getDesc($templateid);
\r
3260 // 2. create desc thing
\r
3261 $name = "cloned" . $name;
\r
3263 // if a template with that name already exists:
\r
3264 if (Template::exists($name)) {
\r
3266 while (Template::exists($name . $i))
\r
3273 $newid = Template::createNew($name, $desc);
\r
3275 // 3. create clone
\r
3276 // go through parts of old template and add them to the new one
\r
3281 . sql_table('template')
\r
3283 . ' tdesc=' . intval($templateid);
\r
3284 $res = sql_query($que);
\r
3285 while ($o = sql_fetch_object($res)) {
\r
3286 self::addToTemplate($newid, $o->tpartname, $o->tcontent);
\r
3289 self::$action_templateoverview();
\r
3298 static private function action_admintemplateoverview()
\r
3300 global $member, $manager;
\r
3301 $member->isAdmin() or self::disallow();
\r
3303 self::$skin->parse('admintemplateoverview');
\r
3313 static private function action_admintemplateedit($msg = '')
\r
3315 global $member, $manager;
\r
3317 self::$headMess = $msg;
\r
3319 $member->isAdmin() or self::disallow();
\r
3320 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>' . "\n";
\r
3321 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';
\r
3322 self::pagehead($extrahead);
\r
3323 self::$skin->parse('admintemplateedit');
\r
3333 static private function action_admintemplateupdate()
\r
3335 global $member, $manager;
\r
3336 $templateid = intRequestVar('templateid');
\r
3337 $member->isAdmin() or self::disallow();
\r
3338 $name = postVar('tname');
\r
3339 $desc = postVar('tdesc');
\r
3341 if (!isValidTemplateName($name)) {
\r
3342 self::error(_ERROR_BADTEMPLATENAME);
\r
3344 // if (!class_exists('Template')) {
\r
3345 // NP_SkinableAdmin::loadSkinableClass('Template');
\r
3347 if ((Template::getNameFromId($templateid) != $name) && Template::exists($name)) {
\r
3348 self::error(_ERROR_DUPTEMPLATENAME);
\r
3350 $name = sql_real_escape_string($name);
\r
3351 $desc = sql_real_escape_string($desc);
\r
3353 // 1. Remove all template parts
\r
3354 $query = 'DELETE '
\r
3356 . sql_table('admintemplate') . ' '
\r
3359 sql_query(sprintf($query, $templateid));
\r
3361 // 2. Update description
\r
3362 $query = 'UPDATE '
\r
3363 . sql_table('admintemplate_desc') . ' '
\r
3365 . ' tdname = "' . sql_real_escape_string($name) . '", '
\r
3366 . ' tddesc = "' . sql_real_escape_string($desc) . '" '
\r
3368 . ' tdnumber = %d';
\r
3369 sql_query(sprintf($query, $templateid));
\r
3371 // 3. Add non-empty template parts
\r
3372 self::addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_HEAD', postVar('ADMINSKINTYPELIST_HEAD'));
\r
3373 self::addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_BODY', postVar('ADMINSKINTYPELIST_BODY'));
\r
3374 self::addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_FOOT', postVar('ADMINSKINTYPELIST_FOOT'));
\r
3375 self::addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON', postVar('ADMIN_CUSTOMHELPLINK_ICON'));
\r
3376 self::addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR', postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
\r
3377 self::addToAdminTemplate($templateid, 'ADMIN_BLOGLINK', postVar('ADMIN_BLOGLINK'));
\r
3378 self::addToAdminTemplate($templateid, 'ADMIN_BATCHLIST', postVar('ADMIN_BATCHLIST'));
\r
3379 self::addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TITLE', postVar('ACTIVATE_FORGOT_TITLE'));
\r
3380 self::addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TEXT', postVar('ACTIVATE_FORGOT_TEXT'));
\r
3381 self::addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TITLE', postVar('ACTIVATE_REGISTER_TITLE'));
\r
3382 self::addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TEXT', postVar('ACTIVATE_REGISTER_TEXT'));
\r
3383 self::addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TITLE', postVar('ACTIVATE_CHANGE_TITLE'));
\r
3384 self::addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TEXT', postVar('ACTIVATE_CHANGE_TEXT'));
\r
3385 self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME', postVar('TEMPLATE_EDIT_EXPLUGNAME'));
\r
3386 self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD', postVar('TEMPLATE_EDIT_ROW_HEAD'));
\r
3387 self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL', postVar('TEMPLATE_EDIT_ROW_TAIL'));
\r
3388 self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_HEAD', postVar('SPECIALSKINLIST_HEAD'));
\r
3389 self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_BODY', postVar('SPECIALSKINLIST_BODY'));
\r
3390 self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_FOOT', postVar('SPECIALSKINLIST_FOOT'));
\r
3391 self::addToAdminTemplate($templateid, 'SYSTEMINFO_GDSETTINGS', postVar('SYSTEMINFO_GDSETTINGS'));
\r
3392 self::addToAdminTemplate($templateid, 'BANLIST_DELETED_LIST', postVar('BANLIST_DELETED_LIST'));
\r
3393 self::addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_TITLE', postVar('INSERT_PLUGOPTION_TITLE'));
\r
3394 self::addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_BODY', postVar('INSERT_PLUGOPTION_BODY'));
\r
3395 self::addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN', postVar('INPUTYESNO_TEMPLATE_ADMIN'));
\r
3396 self::addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL', postVar('INPUTYESNO_TEMPLATE_NORMAL'));
\r
3397 self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD', postVar('ADMIN_SPECIALSKINLIST_HEAD'));
\r
3398 self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY', postVar('ADMIN_SPECIALSKINLIST_BODY'));
\r
3399 self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT', postVar('ADMIN_SPECIALSKINLIST_FOOT'));
\r
3400 self::addToAdminTemplate($templateid, 'SKINIE_EXPORT_LIST', postVar('SKINIE_EXPORT_LIST'));
\r
3401 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD', postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
\r
3402 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY', postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
\r
3403 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT', postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
\r
3404 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
\r
3405 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
\r
3406 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
\r
3407 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
\r
3408 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
\r
3409 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
\r
3410 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
\r
3411 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
\r
3412 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
\r
3413 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
\r
3414 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
\r
3415 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
\r
3416 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
\r
3417 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
\r
3418 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
\r
3419 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
\r
3420 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
\r
3421 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
\r
3422 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
\r
3423 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
\r
3424 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
\r
3425 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
\r
3426 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
\r
3427 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
\r
3428 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
\r
3429 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
\r
3430 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
\r
3431 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
\r
3432 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
\r
3433 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
\r
3434 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
\r
3435 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
\r
3436 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
\r
3437 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
\r
3438 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
\r
3439 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
\r
3440 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
\r
3441 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
\r
3442 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
\r
3443 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
\r
3444 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
\r
3445 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
\r
3446 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
\r
3447 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
\r
3448 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
\r
3449 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
\r
3450 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
\r
3451 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
\r
3452 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
\r
3453 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
\r
3454 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
\r
3455 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
\r
3456 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
\r
3457 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
\r
3458 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
\r
3459 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
\r
3460 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
\r
3461 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
\r
3462 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
\r
3463 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
\r
3464 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
\r
3465 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
\r
3466 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
\r
3467 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
\r
3468 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
\r
3469 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
\r
3470 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
\r
3471 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
\r
3472 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
\r
3473 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE', postVar('PLUGIN_QUICKMENU_TITLE'));
\r
3474 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD', postVar('PLUGIN_QUICKMENU_HEAD'));
\r
3475 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_BODY', postVar('PLUGIN_QUICKMENU_BODY'));
\r
3476 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT', postVar('PLUGIN_QUICKMENU_FOOT'));
\r
3478 $pluginfields = array();
\r
3480 'TemplateExtraFields',
\r
3482 'fields' => &$pluginfields
\r
3485 foreach ($pluginfields as $pfkey => $pfvalue) {
\r
3486 foreach ($pfvalue as $pffield => $pfdesc) {
\r
3487 self::addToAdminTemplate($templateid, $pffield, postVar($pffield));
\r
3491 // jump back to template edit
\r
3492 self::$action_admintemplateedit(_TEMPLATE_UPDATED);
\r
3501 static private function addToAdminTemplate($id, $partname, $content)
\r
3503 $partname = sql_real_escape_string($partname);
\r
3504 $content = sql_real_escape_string($content);
\r
3507 $id = intval($id);
\r
3509 // don't add empty parts:
\r
3510 if (!trim($content)) {
\r
3513 $query = 'INSERT '
\r
3515 . sql_table('admintemplate') . ' '
\r
3525 sql_query(sprintf($query, $id, $partname, $content)) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
3526 return sql_insert_id();
\r
3535 static private function action_admintemplatedelete()
\r
3537 global $member, $manager;
\r
3538 $member->isAdmin() or self::disallow();
\r
3539 // TODO: check if template can be deleted
\r
3541 self::$skin->parse('admintemplatedelete');
\r
3551 static private function action_admintemplatedeleteconfirm()
\r
3553 global $member, $manager;
\r
3554 $templateid = intRequestVar('templateid');
\r
3555 $member->isAdmin() or self::disallow();
\r
3557 'PreDeleteAdminTemplate',
\r
3559 'templateid' => $templateid
\r
3563 $query = 'DELETE '
\r
3567 . ' %s = ' .intval($templateid);
\r
3568 // 1. delete description
\r
3569 sql_query(sprintf($query, sql_table('admintemplate_desc'), 'tdnumber'));
\r
3570 // 2. delete parts
\r
3571 sql_query(sprintf($query, sql_table('admintemplate'), 'tdesc'));
\r
3574 'PostDeleteAdminTemplate',
\r
3576 'templateid' => $templateid
\r
3579 self::$action_admintemplateoverview();
\r
3588 static private function action_admintemplatenew()
\r
3591 $member->isAdmin() or self::disallow();
\r
3592 $name = postVar('name');
\r
3593 $desc = postVar('desc');
\r
3595 if (!isValidTemplateName($name)) {
\r
3596 self::error(_ERROR_BADTEMPLATENAME);
\r
3598 if (Template::exists($name)) {
\r
3599 self::error(_ERROR_DUPTEMPLATENAME);
\r
3602 $newTemplateId = Template::createNew($name, $desc);
\r
3603 self::$action_admintemplateoverview();
\r
3612 static private function action_admintemplateclone()
\r
3615 $templateid = intRequestVar('templateid');
\r
3616 $member->isAdmin() or self::disallow();
\r
3618 // if (!class_exists('Template')) {
\r
3619 // NP_SkinableAdmin::loadSkinableClass('Template');
\r
3622 // 1. read old template
\r
3623 $name = Template::getNameFromId($templateid);
\r
3624 $desc = Template::getDesc($templateid);
\r
3625 // 2. create desc thing
\r
3626 $name = "cloned" . $name;
\r
3628 // if a template with that name already exists:
\r
3629 if (Template::exists($name)) {
\r
3631 while (Template::exists($name . $i)) {
\r
3637 $newid = Template::admincreateNew($name, $desc);
\r
3639 // 3. create clone
\r
3640 // go through parts of old template and add them to the new one
\r
3645 . sql_table('admintemplate') . ' '
\r
3647 . ' tdesc = ' . intval($templateid);
\r
3648 $res = sql_query($que);
\r
3649 while ($o = sql_fetch_object($res)) {
\r
3650 self::addToAdminTemplate($newid, $o->tpartname, $o->tcontent);
\r
3652 self::$action_admintemplateoverview();
\r
3661 static private function action_skinoverview()
\r
3663 global $member, $manager;
\r
3665 $member->isAdmin() or self::disallow();
\r
3668 self::$skin->parse('skinoverview');
\r
3678 static private function action_skinnew()
\r
3682 $member->isAdmin() or self::disallow();
\r
3684 $name = trim(postVar('name'));
\r
3685 $desc = trim(postVar('desc'));
\r
3687 if ( !isValidSkinName($name) )
\r
3689 self::error(_ERROR_BADSKINNAME);
\r
3692 if ( SKIN::exists($name) )
\r
3694 self::error(_ERROR_DUPSKINNAME);
\r
3697 $newId = SKIN::createNew($name, $desc);
\r
3699 self::$action_skinoverview();
\r
3708 static private function action_skinedit()
\r
3710 global $member, $manager;
\r
3712 // $skinid = intRequestVar('skinid');
\r
3714 $member->isAdmin() or self::disallow();
\r
3716 // $skin = new SKIN($skinid);
\r
3719 self::$skin->parse('skinedit');
\r
3729 static private function action_skineditgeneral()
\r
3733 $skinid = intRequestVar('skinid');
\r
3735 $member->isAdmin() or self::disallow();
\r
3737 $name = postVar('name');
\r
3738 $desc = postVar('desc');
\r
3739 $type = postVar('type');
\r
3740 $inc_mode = postVar('inc_mode');
\r
3741 $inc_prefix = postVar('inc_prefix');
\r
3743 $skin = new Skin($skinid);
\r
3746 if ( !isValidSkinName($name) )
\r
3748 self::error(_ERROR_BADSKINNAME);
\r
3751 if ( ($skin->getName() != $name) && SKIN::exists($name) )
\r
3753 self::error(_ERROR_DUPSKINNAME);
\r
3758 $type = 'text/html';
\r
3762 $inc_mode = 'normal';
\r
3765 // 2. Update description
\r
3766 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
3768 self::$action_skinedit();
\r
3772 static private function action_skinedittype($msg = '')
\r
3774 global $member, $manager;
\r
3776 $member->isAdmin() or self::disallow();
\r
3779 self::$headMess = $msg;
\r
3781 $skinid = intRequestVar('skinid');
\r
3782 $type = requestVar('type');
\r
3783 $type = trim($type);
\r
3784 $type = strtolower($type);
\r
3786 if ( !isValidShortName($type) )
\r
3788 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
3792 self::$skin->parse('skinedittype');
\r
3802 static private function action_skinupdate()
\r
3806 $skinid = intRequestVar('skinid');
\r
3807 $content = trim(postVar('content'));
\r
3808 $type = postVar('type');
\r
3810 $member->isAdmin() or self::disallow();
\r
3812 $skin = new SKIN($skinid);
\r
3813 $skin->update($type, $content);
\r
3815 self::$action_skinedittype(_SKIN_UPDATED);
\r
3824 static private function action_skindelete()
\r
3826 global $member, $manager, $CONF;
\r
3828 $skinid = intRequestVar('skinid');
\r
3830 $member->isAdmin() or self::disallow();
\r
3832 // don't allow default skin to be deleted
\r
3833 if ( $skinid == $CONF['BaseSkin'] )
\r
3835 self::error(_ERROR_DEFAULTSKIN);
\r
3838 // don't allow deletion of default skins for blogs
\r
3839 $query = 'SELECT bname FROM ' . sql_table('blog') . ' WHERE bdefskin=' . $skinid;
\r
3840 $r = sql_query($query);
\r
3841 if ( $o = sql_fetch_object($r) )
\r
3843 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($o->bname));
\r
3847 self::$skin->parse('skindelete');
\r
3857 static private function action_skindeleteconfirm()
\r
3859 global $member, $CONF, $manager;
\r
3861 $skinid = intRequestVar('skinid');
\r
3863 $member->isAdmin() or self::disallow();
\r
3865 // don't allow default skin to be deleted
\r
3866 if ( $skinid == $CONF['BaseSkin'] )
\r
3868 self::error(_ERROR_DEFAULTSKIN);
\r
3871 // don't allow deletion of default skins for blogs
\r
3875 . sql_table('blog') . ' '
\r
3877 . ' bdefskin=' . $skinid;
\r
3878 $r = sql_query($query);
\r
3879 if ( $o = sql_fetch_object($r) )
\r
3881 self::error(_ERROR_SKINDEFDELETE .$o->bname);
\r
3887 'skinid' => $skinid
\r
3891 // 1. delete description
\r
3892 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid);
\r
3894 // 2. delete parts
\r
3895 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid);
\r
3900 'skinid' => $skinid
\r
3904 self::$action_skinoverview();
\r
3913 static private function action_skinremovetype() {
\r
3914 global $member, $manager, $CONF;
\r
3916 $member->isAdmin() or self::disallow();
\r
3918 $skinid = intRequestVar('skinid');
\r
3919 $skintype = requestVar('type');
\r
3921 if ( !isValidShortName($skintype) )
\r
3923 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3927 // don't allow default skinparts to be deleted
\r
3928 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3930 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3934 self::$skin->parse('skinremovetype');
\r
3944 static private function action_skinremovetypeconfirm() {
\r
3945 global $member, $CONF, $manager;
\r
3947 $member->isAdmin() or self::disallow();
\r
3949 $skinid = intRequestVar('skinid');
\r
3950 $skintype = requestVar('type');
\r
3952 if ( !isValidShortName($skintype) )
\r
3954 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3957 // don't allow default skinparts to be deleted
\r
3958 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3960 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3964 'PreDeleteSkinPart',
\r
3966 'skinid' => $skinid,
\r
3967 'skintype' => $skintype
\r
3972 sql_query("DELETE FROM " . sql_table('skin') . " WHERE sdesc=" . $skinid . " AND stype='" . $skintype . "'");
\r
3975 'PostDeleteSkinPart',
\r
3977 'skinid' => $skinid,
\r
3978 'skintype' => $skintype
\r
3982 self::$action_skinedit();
\r
3991 static private function action_skinclone()
\r
3995 $member->isAdmin() or self::disallow();
\r
3997 $skinid = intRequestVar('skinid');
\r
3999 // 1. read skin to clone
\r
4000 $skin = new SKIN($skinid);
\r
4002 $name = "clone_" . $skin->getName();
\r
4004 // if a skin with that name already exists:
\r
4005 if (Skin::exists($name)) {
\r
4007 while (Skin::exists($name . $i))
\r
4012 // 2. create skin desc
\r
4013 $newid = Skin::createNew(
\r
4015 $skin->getDescription(),
\r
4016 $skin->getContentType(),
\r
4017 $skin->getIncludeMode(),
\r
4018 $skin->getIncludePrefix()
\r
4023 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;
\r
4024 $res = sql_query($query);
\r
4025 while ($row = sql_fetch_assoc($res)) {
\r
4026 self::$skinclonetype($skin, $newid, $row['stype']);
\r
4029 self::$action_skinoverview();
\r
4034 * Admin::skinclonetype()
\r
4036 * @param String $skin Skin object
\r
4037 * @param Integer $newid ID for this clone
\r
4038 * @param String $type type of skin
\r
4041 static private function skinclonetype($skin, $newid, $type)
\r
4043 $newid = intval($newid);
\r
4044 $content = $skin->getContent($type);
\r
4048 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')";
\r
4049 $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type);
\r
4050 sql_query($query);
\r
4061 static private function action_adminskinoverview() {
\r
4062 global $member, $manager;
\r
4064 $member->isAdmin() or self::disallow();
\r
4067 self::$skin->parse('adminskinoverview');
\r
4077 static private function action_adminskinnew()
\r
4080 $member->isAdmin() or self::disallow();
\r
4081 $name = trim(postVar('name'));
\r
4082 $desc = trim(postVar('desc'));
\r
4084 if (!isValidSkinName($name)) {
\r
4085 self::error(_ERROR_BADSKINNAME);
\r
4087 if (SkinSKIN::exists($name)) {
\r
4088 self::error(_ERROR_DUPSKINNAME);
\r
4090 $newId = Skin::createNew($name, $desc);
\r
4091 self::$action_adminskinoverview();
\r
4100 static private function action_adminskinedit()
\r
4102 global $member, $manager;
\r
4104 $member->isAdmin() or self::disallow();
\r
4106 self::$skin->parse('adminskinedit');
\r
4116 static private function action_adminskineditgeneral()
\r
4120 $skinid = intRequestVar('skinid');
\r
4122 $member->isAdmin() or self::disallow();
\r
4124 $name = postVar('name');
\r
4125 $desc = postVar('desc');
\r
4126 $type = postVar('type');
\r
4127 $inc_mode = postVar('inc_mode');
\r
4128 $inc_prefix = postVar('inc_prefix');
\r
4130 $skin = new Skin($skinid);
\r
4133 if (!isValidSkinName($name)) {
\r
4134 self::error(_ERROR_BADSKINNAME);
\r
4136 if (($skin->getName() != $name) && Skin::exists($name)) {
\r
4137 self::error(_ERROR_DUPSKINNAME);
\r
4140 $type = 'text/html';
\r
4143 $inc_mode = 'normal';
\r
4145 // 2. Update description
\r
4146 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
4147 self::$action_adminskinedit();
\r
4156 static private function action_adminskinedittype($msg = '')
\r
4158 global $member, $manager;
\r
4160 $member->isAdmin() or self::disallow();
\r
4162 self::$headMess = $msg;
\r
4164 $type = requestVar('type');
\r
4165 $type = trim($type);
\r
4166 $type = strtolower($type);
\r
4167 if (!isValidShortName($type)) {
\r
4168 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
4171 self::$skin->parse('adminskinedittype');
\r
4181 static private function action_adminskinupdate()
\r
4184 $skinid = intRequestVar('skinid');
\r
4185 $content = trim(postVar('content'));
\r
4186 $type = postVar('type');
\r
4188 $member->isAdmin() or self::disallow();
\r
4190 $skin = new Skin($skinid);
\r
4191 $skin->update($type, $content);
\r
4192 self::$action_adminskinedittype(_SKIN_UPDATED);
\r
4201 static private function action_adminskindelete()
\r
4203 global $member, $manager, $CONF;
\r
4204 $member->isAdmin() or self::disallow();
\r
4205 $skinid = intRequestVar('skinid');
\r
4207 self::$skin->parse('adminskindelete');
\r
4217 static private function action_adminskindeleteconfirm()
\r
4219 global $member, $CONF, $manager;
\r
4220 $member->isAdmin() or self::disallow();
\r
4221 $skinid = intRequestVar('skinid');
\r
4222 // don't allow default skin to be deleted
\r
4223 if ($skinid == $CONF['DefaultAdminSkin']) {
\r
4224 self::error(_ERROR_DEFAULTSKIN);
\r
4226 // don't allow deletion of default skins for members
\r
4227 $memberDefaults = $member->getAdminSkin();
\r
4228 foreach ($memberDefaults as $memID => $adminskin) {
\r
4229 if ($skinid == $adminskin) {
\r
4230 $mem = MEMBER::createFromID($memID);
\r
4231 self::error(_ERROR_SKINDEFDELETE . $mem->displayname);
\r
4235 'PreDeleteAdminSkin',
\r
4237 'skinid' => intval($skinid)
\r
4240 $query = 'DELETE FROM %s WHERE %s = ' . intval($skinid);
\r
4241 // 1. delete description
\r
4242 sql_query(sprintf($query, sql_table('adminskin_desc'), 'sdnumber'));
\r
4243 // 2. delete parts
\r
4244 sql_query(sprintf($query, sql_table('adminskin'), 'sdesc'));
\r
4246 'PostDeleteAdminSkin',
\r
4248 'skinid' => intval($skinid)
\r
4251 self::$action_adminskinoverview();
\r
4260 static private function action_adminskinremovetype()
\r
4262 global $member, $manager, $CONF;
\r
4264 $member->isAdmin() or self::disallow();
\r
4265 $skinid = intRequestVar('skinid');
\r
4266 $skintype = requestVar('type');
\r
4267 if (!isValidShortName($skintype)) {
\r
4268 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4271 self::$skin->parse('adminskinremovetype');
\r
4281 static private function action_adminskinremovetypeconfirm()
\r
4283 global $member, $CONF, $manager;
\r
4285 $member->isAdmin() or self::disallow();
\r
4286 $skinid = intRequestVar('skinid');
\r
4287 $skintype = requestVar('type');
\r
4288 if (!isValidShortName($skintype)) {
\r
4289 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4292 'PreDeleteAdminSkinPart',
\r
4294 'skinid' => $skinid,
\r
4295 'skintype' => $skintype
\r
4299 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype ="%s"';
\r
4300 sql_query(sprintf($query, sql_table('adminskin'), intval($skinid), $skintype ));
\r
4302 'PostDeleteAdminSkinPart',
\r
4304 'skinid' => $skinid,
\r
4305 'skintype' => $skintype
\r
4308 self::$action_adminskinedit();
\r
4317 static private function action_adminskinclone()
\r
4320 $member->isAdmin() or self::disallow();
\r
4321 $skinid = intRequestVar('skinid');
\r
4322 // 1. read skin to clone
\r
4323 $skin = new Skin($skinid);
\r
4324 $name = "clone_" . $skin->getName();
\r
4325 // if a skin with that name already exists:
\r
4326 if (Skin::exists($name)) {
\r
4328 while (Skin::exists($name . $i)) {
\r
4333 // 2. create skin desc
\r
4334 $newid = Skin::createNew(
\r
4336 $skin->getDescription(),
\r
4337 $skin->getContentType(),
\r
4338 $skin->getIncludeMode(),
\r
4339 $skin->getIncludePrefix()
\r
4341 $query = 'SELECT '
\r
4344 . sql_table('adminskin') . ' '
\r
4346 . ' sdesc = ' . $skinid;
\r
4347 $res = sql_query($query);
\r
4348 while ($row = sql_fetch_assoc($res)) {
\r
4349 self::$skinclonetype($skin, $newid, $row['stype']);
\r
4351 self::$action_adminskinoverview();
\r
4360 static private function adminskinclonetype($skin, $newid, $type)
\r
4362 $newid = intval($newid);
\r
4363 $content = $skin->getContent($type);
\r
4365 $query = 'INSERT '
\r
4367 . sql_table('adminskin') . ' '
\r
4373 . intval($newid) . ', '
\r
4374 . '"' . sql_real_escape_string($content) . '", '
\r
4375 . '"' . sql_real_escape_string($type) . '" '
\r
4377 sql_query($query);
\r
4387 static private function action_adminskinieoverview()
\r
4389 global $member, $DIR_LIBS, $manager;
\r
4390 $member->isAdmin() or self::disallow();
\r
4391 // load skinie class
\r
4392 include_once($DIR_LIBS . 'skinie.php');
\r
4394 self::$skin->parse('adminskinieoverview');
\r
4405 static private function action_adminskinieimport()
\r
4407 global $DIR_LIBS, $DIR_ADMINSKINS, $manager, $member;
\r
4408 $member->isAdmin() or self::disallow();
\r
4409 // load skinie class
\r
4410 include_once($DIR_LIBS . 'skinie.php');
\r
4411 $skinFileRaw= postVar('skinfile');
\r
4412 $mode = postVar('mode');
\r
4413 $importer = new SKINIMPORT();
\r
4414 // get full filename
\r
4415 if ($mode == 'file') {
\r
4416 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
4417 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4418 if (!file_exists($skinFile)) {
\r
4419 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
\r
4422 $skinFile = $skinFileRaw;
\r
4424 // read only metadata
\r
4425 $error = $importer->readFile($skinFile, 1);
\r
4427 self::error($error);
\r
4430 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4431 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4432 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4435 $skinNameClashes = $importer->checkSkinNameClashes();
\r
4436 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
4437 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
4438 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
4439 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
4440 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
4443 self::$skin->parse('adminskinieimport');
\r
4453 static private function action_adminskiniedoimport()
\r
4455 global $DIR_LIBS, $DIR_ADMINSKINS, $member;
\r
4456 $member->isAdmin() or self::disallow();
\r
4457 // load skinie class
\r
4458 include_once($DIR_LIBS . 'skinie.php');
\r
4459 $skinFileRaw = postVar('skinfile');
\r
4460 $mode = postVar('mode');
\r
4461 $allowOverwrite = intPostVar('overwrite');
\r
4462 // get full filename
\r
4463 if ($mode == 'file') {
\r
4464 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
4465 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4466 if (!file_exists($skinFile)) {
\r
4467 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
\r
4470 $skinFile = $skinFileRaw;
\r
4472 $importer = new SKINIMPORT();
\r
4473 $error = $importer->readFile($skinFile);
\r
4475 self::error($error);
\r
4477 $error = $importer->writeToDatabase($allowOverwrite);
\r
4479 self::error($error);
\r
4482 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4483 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4484 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4487 self::$skin->parse('adminskiniedoimport');
\r
4498 static private function action_adminskinieexport()
\r
4500 global $member, $DIR_PLUGINS;
\r
4501 $member->isAdmin() or self::disallow();
\r
4502 // load skinie class
\r
4503 $aSkins = requestIntArray('skin');
\r
4504 $aTemplates = requestIntArray('template');
\r
4505 if (!is_array($aTemplates)) {
\r
4506 $aTemplates = array();
\r
4508 if (!is_array($aSkins)) {
\r
4509 $aSkins = array();
\r
4511 $skinList = array_keys($aSkins);
\r
4512 $templateList = array_keys($aTemplates);
\r
4514 $info = postVar('info');
\r
4516 $exporter = new SkinEXPORT();
\r
4517 foreach ($skinList as $skinId) {
\r
4518 $exporter->addSkin($skinId);
\r
4520 foreach ($templateList as $templateId) {
\r
4521 $exporter->addTemplate($templateId);
\r
4523 $exporter->setInfo($info);
\r
4524 $exporter->export();
\r
4529 * Admin::action_settingsedit()
\r
4534 static private function action_settingsedit() {
\r
4535 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
\r
4537 $member->isAdmin() or self::disallow();
\r
4540 self::$skin->parse('settingsedit');
\r
4545 * Admin::action_settingsupdate()
\r
4546 * Update $CONFIG and redirect
\r
4551 static private function action_settingsupdate() {
\r
4552 global $member, $CONF;
\r
4554 $member->isAdmin() or self::disallow();
\r
4556 // check if email address for admin is valid
\r
4557 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
\r
4559 self::error(_ERROR_BADMAILADDRESS);
\r
4563 self::updateConfig('DefaultBlog', postVar('DefaultBlog'));
\r
4564 self::updateConfig('BaseSkin', postVar('BaseSkin'));
\r
4565 self::updateConfig('IndexURL', postVar('IndexURL'));
\r
4566 self::updateConfig('AdminURL', postVar('AdminURL'));
\r
4567 self::updateConfig('PluginURL', postVar('PluginURL'));
\r
4568 self::updateConfig('SkinsURL', postVar('SkinsURL'));
\r
4569 self::updateConfig('ActionURL', postVar('ActionURL'));
\r
4570 self::updateConfig('Locale', postVar('Locale'));
\r
4571 self::updateConfig('AdminEmail', postVar('AdminEmail'));
\r
4572 self::updateConfig('SessionCookie', postVar('SessionCookie'));
\r
4573 self::updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));
\r
4574 self::updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
\r
4575 self::updateConfig('NonmemberMail', postVar('NonmemberMail'));
\r
4576 self::updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
\r
4577 self::updateConfig('SiteName', postVar('SiteName'));
\r
4578 self::updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));
\r
4579 self::updateConfig('DisableSite', postVar('DisableSite'));
\r
4580 self::updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
\r
4581 self::updateConfig('LastVisit', postVar('LastVisit'));
\r
4582 self::updateConfig('MediaURL', postVar('MediaURL'));
\r
4583 self::updateConfig('AllowedTypes', postVar('AllowedTypes'));
\r
4584 self::updateConfig('AllowUpload', postVar('AllowUpload'));
\r
4585 self::updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
\r
4586 self::updateConfig('MediaPrefix', postVar('MediaPrefix'));
\r
4587 self::updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
\r
4588 self::updateConfig('DisableJsTools', postVar('DisableJsTools'));
\r
4589 self::updateConfig('CookieDomain', postVar('CookieDomain'));
\r
4590 self::updateConfig('CookiePath', postVar('CookiePath'));
\r
4591 self::updateConfig('CookieSecure', postVar('CookieSecure'));
\r
4592 self::updateConfig('URLMode', postVar('URLMode'));
\r
4593 self::updateConfig('CookiePrefix', postVar('CookiePrefix'));
\r
4594 self::updateConfig('DebugVars', postVar('DebugVars'));
\r
4595 self::updateConfig('DefaultListSize', postVar('DefaultListSize'));
\r
4596 self::updateConfig('AdminCSS', postVar('AdminCSS'));
\r
4598 // load new config and redirect (this way, the new locale will be used is necessary)
\r
4599 // note that when changing cookie settings, this redirect might cause the user
\r
4600 // to have to log in again.
\r
4602 redirect($CONF['AdminURL'] . '?action=manage');
\r
4607 * Admin::action_systemoverview()
\r
4608 * Output system overview
\r
4613 static private function action_systemoverview()
\r
4616 self::$skin->parse('systemoverview');
\r
4621 * Admin::updateConfig()
\r
4623 * @param string $name
\r
4624 * @param string $val
\r
4625 * @return integer return the ID in which the latest query posted
\r
4627 static private function updateConfig($name, $val)
\r
4629 $name = sql_real_escape_string($name);
\r
4630 $val = trim(sql_real_escape_string($val));
\r
4632 $query = "UPDATE %s SET value='%s' WHERE name='%s'";
\r
4633 $query = sprintf($query, sql_table('config'), $val, $name);
\r
4634 // sql_query($query) or die("Query error: " . sql_error());
\r
4635 sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
4636 return sql_insert_id();
\r
4643 * @param string $msg message that will be shown
\r
4646 static private function error($msg)
\r
4649 self::parse('adminerrorpage');
\r
4655 * Admin::disallow()
\r
4656 * add error log and show error page
\r
4661 static private function disallow()
\r
4663 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
\r
4664 self::error(_ERROR_DISALLOWED);
\r
4669 * Admin::pagehead()
\r
4670 * Output admin page head
\r
4675 static private function pagehead($extrahead = '')
\r
4677 global $member, $nucleus, $CONF, $manager;
\r
4679 if ( self::existsSkinContents('pagehead') )
\r
4681 if ( isset($extrahead) && !empty($extrahead) )
\r
4683 self::$extrahead = $extrahead;
\r
4685 self::parse('pagehead');
\r
4690 'extrahead' => &$extrahead,
\r
4691 'action' => self::$action
\r
4694 $manager->notify('AdminPrePageHead', $data);
\r
4696 $baseUrl = Entity::hsc($CONF['AdminURL']);
\r
4700 if ( !array_key_exists('AdminCSS', $CONF) )
\r
4702 sql_query("INSERT INTO " . sql_table('config') . " VALUES ('AdminCSS', 'original')");
\r
4703 $CONF['AdminCSS'] = 'original';
\r
4707 /* HTTP 1.1 application for no caching */
\r
4708 header("Cache-Control: no-cache, must-revalidate");
\r
4709 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
\r
4711 $root_element = 'html';
\r
4712 $charset = i18n::get_current_charset();
\r
4713 $locale = preg_replace('#_#', '-', i18n::get_current_locale());
\r
4714 $xml_version_info = self::xml_version_info;
\r
4715 $formal_public_identifier = self::formal_public_identifier;
\r
4716 $system_identifier = self::system_identifier;
\r
4717 $xhtml_namespace = self::xhtml_namespace;
\r
4719 echo "<?xml version=\"{$xml_version_info}\" encoding=\"{$charset}\" ?>\n";
\r
4720 echo "<!DOCTYPE {$root_element} PUBLIC \"{$formal_public_identifier}\" \"{$system_identifier}\">\n";
\r
4721 echo "<{$root_element} xmlns=\"{$xhtml_namespace}\" xml:lang=\"{$locale}\" lang=\"{$locale}\">\n";
\r
4723 echo '<title>' . Entity::hsc($CONF['SiteName']) . " - Admin</title>\n";
\r
4726 echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/admin_{$CONF["AdminCSS"]}.css\" />\n";
\r
4728 echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/addedit.css\" />\n";
\r
4729 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/edit.js\"></script>\n";
\r
4730 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/admin.js\"></script>\n";
\r
4731 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/compatibility.js\"></script>\n";
\r
4732 echo "{$extrahead}\n";
\r
4733 echo "</head>\n\n";
\r
4735 echo "<div id=\"adminwrapper\">\n";
\r
4736 echo "<div class=\"header\">\n";
\r
4737 echo '<h1>' . Entity::hsc($CONF['SiteName']) . "</h1>\n";
\r
4739 echo "<div id=\"container\">\n";
\r
4740 echo "<div id=\"content\">\n";
\r
4741 echo "<div class=\"loginname\">\n";
\r
4742 if ( $member->isLoggedIn() )
\r
4744 echo _LOGGEDINAS . ' ' . $member->getDisplayName() ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a><br />\n";
\r
4745 echo "<a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";
\r
4749 echo '<a href="index.php?action=showlogin" title="Log in">' . _NOTLOGGEDIN . "</a><br />\n";
\r
4751 echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a><br />\n";
\r
4754 if (array_key_exists('codename', $nucleus) && $nucleus['codename'] != '' )
\r
4756 $codenamestring = ' "' . $nucleus['codename'].'"';
\r
4760 $codenamestring = '';
\r
4763 if ( $member->isLoggedIn() && $member->isAdmin() )
\r
4765 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());
\r
4766 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';
\r
4768 $newestVersion = getLatestVersion();
\r
4769 $newestCompare = str_replace('/', '.', $newestVersion);
\r
4770 $currentVersion = str_replace(array('/','v'), array('.',''), $nucleus['version']);
\r
4772 if ( $newestVersion && version_compare($newestCompare, $currentVersion) > 0 )
\r
4775 echo '<a style="color:red" href="http://nucleuscms.org/upgrade.php" title="' . _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE . '">';
\r
4776 echo _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT . $newestVersion;
\r
4782 echo "Nucleus CMS {$nucleus['version']}{$codenamestring}";
\r
4791 * Admin::pagefoot()
\r
4792 * Output admin page foot include quickmenu
\r
4797 static private function pagefoot()
\r
4799 global $action, $member, $manager;
\r
4801 if ( self::existsSkinContents('pagefoot') )
\r
4803 self::parse('pagefoot');
\r
4809 'action' => self::$action
\r
4812 $manager->notify('AdminPrePageFoot', $data);
\r
4814 if ( $member->isLoggedIn() && ($action != 'showlogin') )
\r
4816 echo '<h2>' . _LOGOUT . "</h2>\n";
\r
4818 echo '<li><a href="index.php?action=overview">' . _BACKHOME . "</a></li>\n";
\r
4819 echo '<li><a href="index.php?action=logout">' . _LOGOUT . "</a></li>\n";
\r
4823 echo "<div class=\"foot\">\n";
\r
4824 echo '<a href="' . _ADMINPAGEFOOT_OFFICIALURL . '">Nucleus CMS</a> © 2002-' . date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT;
\r
4826 echo '<a href="' . _ADMINPAGEFOOT_DONATEURL . '">' . _ADMINPAGEFOOT_DONATE . "</a>\n";
\r
4829 echo "<div id=\"quickmenu\">\n";
\r
4831 if ( ($action != 'showlogin') && ($member->isLoggedIn()) )
\r
4834 echo '<li><a href="index.php?action=overview">' . _QMENU_HOME . "</a></li>\n";
\r
4837 echo '<h2>' . _QMENU_ADD . "</h2>\n";
\r
4838 echo "<form method=\"get\" action=\"index.php\">\n";
\r
4840 echo "<input type=\"hidden\" name=\"action\" value=\"createitem\" />\n";
\r
4842 $showAll = requestVar('showall');
\r
4844 if ( ($member->isAdmin()) && ($showAll == 'yes') )
\r
4846 // Super-Admins have access to all blogs! (no add item support though)
\r
4847 $query = "SELECT bnumber as value, bname as text FROM %s ORDER BY bname;";
\r
4848 $query = sprintf($query, sql_table('blog'));
\r
4852 $query = "SELECT bnumber as value, bname as text FROM %s, %s WHERE tblog=bnumber and tmember=%d ORDER BY bname;";
\r
4853 $query = sprintf($query, sql_table('blog'), sql_table('team'), (integer) $member->getID());
\r
4855 $template['name'] = 'blogid';
\r
4856 $template['tabindex'] = 15000;
\r
4857 $template['extra'] = _QMENU_ADD_SELECT;
\r
4858 $template['selected'] = -1;
\r
4859 $template['shorten'] = 10;
\r
4860 $template['shortenel'] = '';
\r
4861 $template['javascript'] = 'onchange="return form.submit()"';
\r
4862 showlist($query, 'select', $template);
\r
4867 echo "<h2>{$member->getDisplayName()}</h2>\n";
\r
4869 echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . "</a></li>\n";
\r
4870 echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . "</a></li>\n";
\r
4871 echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . "</a></li>\n";
\r
4874 if ( $member->isAdmin() )
\r
4876 echo '<h2>' . _QMENU_MANAGE . "</h2>\n";
\r
4878 echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . "</a></li>\n";
\r
4879 echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . "</a></li>\n";
\r
4880 echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . "</a></li>\n";
\r
4881 echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . "</a></li>\n";
\r
4882 echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . "</a></li>\n";
\r
4883 echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . "</a></li>\n";
\r
4884 echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . "</a></li>\n";
\r
4887 echo "<h2>" . _QMENU_LAYOUT . "</h2>\n";
\r
4889 echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . "</a></li>\n";
\r
4890 echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . "</a></li>\n";
\r
4891 echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . "</a></li>\n";
\r
4895 $data = array('options' => array());
\r
4897 $manager->notify('QuickMenu', $data);
\r
4899 if ( count($data['options']) > 0 )
\r
4901 echo "<h2>" . _QMENU_PLUGINS . "</h2>\n";
\r
4903 foreach ( $data['options'] as $option )
\r
4905 echo '<li><a href="' . Entity::hsc($option['url']) . '" title="' . Entity::hsc($option['tooltip']) . '">' . Entity::hsc($option['title']) . "</a></li>\n";
\r
4910 else if ( ($action == 'activate') || ($action == 'activatesetpwd') )
\r
4913 echo '<h2>' . _QMENU_ACTIVATE . '</h2>' . _QMENU_ACTIVATE_TEXT;
\r
4917 echo '<h2>' . _QMENU_INTRO . '</h2>' . _QMENU_INTRO_TEXT;
\r
4920 echo "<!-- quickmenu -->\n";
\r
4923 echo "<!-- content -->\n";
\r
4926 echo "<!-- container -->\n";
\r
4929 echo "<!-- adminwrapper -->\n";
\r
4944 static private function action_regfile()
\r
4946 global $member, $CONF;
\r
4948 $blogid = intRequestVar('blogid');
\r
4950 $member->teamRights($blogid) or self::disallow();
\r
4952 // header-code stolen from phpMyAdmin
\r
4953 // REGEDIT and bookmarklet code stolen from GreyMatter
\r
4955 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid));
\r
4958 header('Content-Type: application/octetstream');
\r
4959 header('Content-Disposition: filename="nucleus.reg"');
\r
4960 header('Pragma: no-cache');
\r
4961 header('Expires: 0');
\r
4963 echo "REGEDIT4\n";
\r
4964 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n";
\r
4965 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n";
\r
4966 echo '"contexts"=hex:31';
\r
4975 static private function action_bookmarklet()
\r
4977 global $member, $manager;
\r
4979 $member->teamRights($blogid) or self::disallow();
\r
4981 $blogid = intRequestVar('blogid');
\r
4984 self::$skin->parse('bookmarklet');
\r
4995 static private function action_actionlog()
\r
4997 global $member, $manager;
\r
4999 $member->isAdmin() or self::disallow();
\r
5002 self::$skin->parse('actionlog');
\r
5013 static private function action_banlist() {
\r
5014 global $member, $manager;
\r
5016 $member->blogAdminRights($blogid) or self::disallow();
\r
5018 $blogid = intRequestVar('blogid');
\r
5021 self::$skin->parse('banlist');
\r
5032 static private function action_banlistdelete() {
\r
5033 global $member, $manager;
\r
5035 $blogid = intRequestVar('blogid');
\r
5036 $member->blogAdminRights($blogid) or self::disallow();
\r
5039 self::$skin->parse('banlistdelete');
\r
5049 static private function action_banlistdeleteconfirm()
\r
5051 global $member, $manager;
\r
5053 $member->blogAdminRights($blogid) or self::disallow();
\r
5055 $blogid = intPostVar('blogid');
\r
5056 $allblogs = postVar('allblogs');
\r
5057 $iprange = postVar('iprange');
\r
5059 $deleted = array();
\r
5063 if ( Ban::removeBan($blogid, $iprange) )
\r
5065 array_push($deleted, $blogid);
\r
5070 // get blogs fot which member has admin rights
\r
5071 $adminblogs = $member->getAdminBlogs();
\r
5072 foreach ($adminblogs as $blogje)
\r
5074 if ( Ban::removeBan($blogje, $iprange) )
\r
5076 array_push($deleted, $blogje);
\r
5081 if ( sizeof($deleted) == 0 )
\r
5083 self::error(_ERROR_DELETEBAN);
\r
5087 self::$skin->parse('banlistdeleteconfirm');
\r
5098 static private function action_banlistnewfromitem()
\r
5100 self::$action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));
\r
5109 static private function action_banlistnew($blogid = '')
\r
5111 global $member, $manager;
\r
5113 if ( $blogid == '' )
\r
5115 $blogid = intRequestVar('blogid');
\r
5118 $ip = requestVar('ip');
\r
5120 $member->blogAdminRights($blogid) or self::disallow();
\r
5122 $_REQUEST['blogid'] = $blogid;
\r
5125 self::$skin->parse('banlistnew');
\r
5135 static private function action_banlistadd() {
\r
5138 $blogid = intPostVar('blogid');
\r
5139 $allblogs = postVar('allblogs');
\r
5140 $iprange = postVar('iprange');
\r
5141 if ( $iprange == "custom" )
\r
5143 $iprange = postVar('customiprange');
\r
5145 $reason = postVar('reason');
\r
5147 $member->blogAdminRights($blogid) or self::disallow();
\r
5149 // TODO: check IP range validity
\r
5153 if ( !Ban::addBan($blogid, $iprange, $reason) )
\r
5155 self::error(_ERROR_ADDBAN);
\r
5160 // get blogs fot which member has admin rights
\r
5161 $adminblogs = $member->getAdminBlogs();
\r
5163 foreach ($adminblogs as $blogje)
\r
5165 if ( !Ban::addBan($blogje, $iprange, $reason) )
\r
5172 self::error(_ERROR_ADDBAN);
\r
5175 self::$action_banlist();
\r
5184 static private function action_clearactionlog()
\r
5188 $member->isAdmin() or self::disallow();
\r
5190 ActionLog::clear();
\r
5192 self::$action_manage(_MSG_ACTIONLOGCLEARED);
\r
5201 static private function action_backupoverview()
\r
5203 global $member, $manager;
\r
5205 $member->isAdmin() or self::disallow();
\r
5208 self::$skin->parse('backupoverview');
\r
5213 * Admin::action_backupcreate()
\r
5214 * create file for backup
\r
5220 static private function action_backupcreate()
\r
5222 global $member, $DIR_LIBS;
\r
5224 $member->isAdmin() or self::disallow();
\r
5226 // use compression ?
\r
5227 $useGzip = (integer) postVar('gzip');
\r
5229 include($DIR_LIBS . 'backup.php');
\r
5231 // try to extend time limit
\r
5232 // (creating/restoring dumps might take a while)
\r
5233 @set_time_limit(1200);
\r
5235 Backup::do_backup($useGzip);
\r
5240 * Admin::action_backuprestore()
\r
5241 * restoring from uploaded file
\r
5246 static private function action_backuprestore()
\r
5248 global $member, $DIR_LIBS;
\r
5250 $member->isAdmin() or self::disallow();
\r
5252 if ( intPostVar('letsgo') != 1 )
\r
5254 self::error(_ERROR_BACKUP_NOTSURE);
\r
5257 include($DIR_LIBS . 'backup.php');
\r
5259 // try to extend time limit
\r
5260 // (creating/restoring dumps might take a while)
\r
5261 @set_time_limit(1200);
\r
5263 $message = Backup::do_restore();
\r
5264 if ( $message != '' )
\r
5266 self::error($message);
\r
5269 self::$skin->parse('backuprestore');
\r
5275 * Admin::action_pluginlist()
\r
5276 * output the list of installed plugins
\r
5282 static private function action_pluginlist()
\r
5284 global $DIR_PLUGINS, $member, $manager;
\r
5286 // check if allowed
\r
5287 $member->isAdmin() or self::disallow();
\r
5290 self::$skin->parse('pluginlist');
\r
5301 static private function action_pluginhelp()
\r
5303 global $member, $manager, $DIR_PLUGINS, $CONF;
\r
5305 // check if allowed
\r
5306 $member->isAdmin() or self::disallow();
\r
5308 $plugid = intGetVar('plugid');
\r
5310 if ( !$manager->pidInstalled($plugid) )
\r
5312 self::error(_ERROR_NOSUCHPLUGIN);
\r
5316 self::$skin->parse('pluginhelp');
\r
5321 * Admin::action_pluginadd()
\r
5327 static private function action_pluginadd()
\r
5329 global $member, $manager, $DIR_PLUGINS;
\r
5331 // check if allowed
\r
5332 $member->isAdmin() or self::disallow();
\r
5334 $name = postVar('filename');
\r
5336 if ( $manager->pluginInstalled($name) )
\r
5338 self::error(_ERROR_DUPPLUGIN);
\r
5341 if ( !checkPlugin($name) )
\r
5343 self::error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
\r
5346 // get number of currently installed plugins
\r
5347 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));
\r
5348 $numCurrent = sql_num_rows($res);
\r
5350 // plugin will be added as last one in the list
\r
5351 $newOrder = $numCurrent + 1;
\r
5360 // do this before calling getPlugin (in case the plugin id is used there)
\r
5361 $query = 'INSERT INTO '
\r
5362 . sql_table('plugin')
\r
5368 . '"' . sql_real_escape_string($name) . '"'
\r
5370 sql_query($query);
\r
5371 $iPid = sql_insert_id();
\r
5373 $manager->clearCachedInfo('installedPlugins');
\r
5375 // Load the plugin for condition checking and instalation
\r
5376 $plugin =& $manager->getPlugin($name);
\r
5378 // check if it got loaded (could have failed)
\r
5381 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));
\r
5382 $manager->clearCachedInfo('installedPlugins');
\r
5383 self::error(_ERROR_PLUGIN_LOAD);
\r
5386 // check if plugin needs a newer Nucleus version
\r
5387 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
\r
5389 // uninstall plugin again...
\r
5390 self::deleteOnePlugin($plugin->getID());
\r
5392 // ...and show error
\r
5393 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
\r
5396 // check if plugin needs a newer Nucleus version
\r
5397 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
\r
5399 // uninstall plugin again...
\r
5400 self::deleteOnePlugin($plugin->getID());
\r
5402 // ...and show error
\r
5403 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
\r
5406 $pluginList = $plugin->getPluginDep();
\r
5407 foreach ( $pluginList as $pluginName )
\r
5409 $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
\r
5410 if (sql_num_rows($res) == 0)
\r
5412 // uninstall plugin again...
\r
5413 self::deleteOnePlugin($plugin->getID());
\r
5414 self::error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
\r
5418 // call the install method of the plugin
\r
5419 $plugin->install();
\r
5424 'plugin' => &$plugin
\r
5428 // update all events
\r
5429 self::$action_pluginupdate();
\r
5434 * ADMIN:action_pluginupdate():
\r
5440 static private function action_pluginupdate()
\r
5442 global $member, $manager, $CONF;
\r
5444 // check if allowed
\r
5445 $member->isAdmin() or self::disallow();
\r
5447 // delete everything from plugin_events
\r
5448 sql_query('DELETE FROM '.sql_table('plugin_event'));
\r
5450 // loop over all installed plugins
\r
5451 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
\r
5452 while ( $o = sql_fetch_object($res) )
\r
5455 $plug =& $manager->getPlugin($o->pfile);
\r
5458 $eventList = $plug->getEventList();
\r
5459 foreach ( $eventList as $eventName )
\r
5461 $query = "INSERT INTO %s (pid, event) VALUES (%d, '%s')";
\r
5462 $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, sql_real_escape_string($eventName));
\r
5463 sql_query($query);
\r
5467 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5477 static private function action_plugindelete()
\r
5479 global $member, $manager;
\r
5481 // check if allowed
\r
5482 $member->isAdmin() or self::disallow();
\r
5484 $pid = intGetVar('plugid');
\r
5486 if ( !$manager->pidInstalled($pid) )
\r
5488 self::error(_ERROR_NOSUCHPLUGIN);
\r
5492 self::$skin->parse('plugindelete');
\r
5502 static private function action_plugindeleteconfirm()
\r
5504 global $member, $manager, $CONF;
\r
5506 // check if allowed
\r
5507 $member->isAdmin() or self::disallow();
\r
5509 $pid = intPostVar('plugid');
\r
5511 $error = self::deleteOnePlugin($pid, 1);
\r
5513 self::error($error);
\r
5516 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5517 // self::$action_pluginlist();
\r
5526 static private function deleteOnePlugin($pid, $callUninstall = 0)
\r
5530 $pid = intval($pid);
\r
5532 if ( !$manager->pidInstalled($pid) )
\r
5534 return _ERROR_NOSUCHPLUGIN;
\r
5537 $name = quickQuery('SELECT pfile as result FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5539 /* // call the unInstall method of the plugin
\r
5540 if ($callUninstall) {
\r
5541 $plugin =& $manager->getPlugin($name);
\r
5542 if ($plugin) $plugin->unInstall();
\r
5545 // check dependency before delete
\r
5546 $res = sql_query('SELECT pfile FROM ' . sql_table('plugin'));
\r
5547 while ($o = sql_fetch_object($res))
\r
5549 $plug =& $manager->getPlugin($o->pfile);
\r
5552 $depList = $plug->getPluginDep();
\r
5553 foreach ($depList as $depName)
\r
5555 if ($name == $depName)
\r
5557 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);
\r
5564 'PreDeletePlugin',
\r
5570 // call the unInstall method of the plugin
\r
5571 if ( $callUninstall )
\r
5573 $plugin =& $manager->getPlugin($name);
\r
5576 $plugin->unInstall();
\r
5580 // delete all subscriptions
\r
5581 sql_query('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
\r
5583 // delete all options
\r
5584 // get OIDs from plugin_option_desc
\r
5585 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5587 while ($o = sql_fetch_object($res))
\r
5589 array_push($aOIDs, $o->oid);
\r
5592 // delete from plugin_option and plugin_option_desc
\r
5593 sql_query('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5594 if (count($aOIDs) > 0)
\r
5596 sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',',$aOIDs) . ')');
\r
5599 // update order numbers
\r
5600 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5601 $o = sql_fetch_object($res);
\r
5602 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $o->porder);
\r
5605 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5607 $manager->clearCachedInfo('installedPlugins');
\r
5609 'PostDeletePlugin',
\r
5624 static private function action_pluginup()
\r
5626 global $member, $manager, $CONF;
\r
5628 // check if allowed
\r
5629 $member->isAdmin() or self::disallow();
\r
5631 $plugid = intGetVar('plugid');
\r
5633 if ( !$manager->pidInstalled($plugid) )
\r
5635 self::error(_ERROR_NOSUCHPLUGIN);
\r
5638 // 1. get old order number
\r
5639 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5640 $o = sql_fetch_object($res);
\r
5641 $oldOrder = $o->porder;
\r
5643 // 2. calculate new order number
\r
5644 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
\r
5646 // 3. update plug numbers
\r
5647 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5648 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5650 //self::$action_pluginlist();
\r
5651 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5652 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5661 static private function action_plugindown()
\r
5663 global $member, $manager, $CONF;
\r
5665 // check if allowed
\r
5666 $member->isAdmin() or self::disallow();
\r
5668 $plugid = intGetVar('plugid');
\r
5669 if ( !$manager->pidInstalled($plugid) )
\r
5671 self::error(_ERROR_NOSUCHPLUGIN);
\r
5674 // 1. get old order number
\r
5675 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5676 $o = sql_fetch_object($res);
\r
5677 $oldOrder = $o->porder;
\r
5679 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));
\r
5680 $maxOrder = sql_num_rows($res);
\r
5682 // 2. calculate new order number
\r
5683 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
\r
5685 // 3. update plug numbers
\r
5686 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5687 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5689 //self::$action_pluginlist();
\r
5690 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5691 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5695 * Admin::action_pluginoptions()
\r
5697 * Output Plugin option page
\r
5700 * @param string $message message when fallbacked
\r
5704 static public function action_pluginoptions($message = '')
\r
5706 global $member, $manager;
\r
5708 // check if allowed
\r
5709 $member->isAdmin() or self::disallow();
\r
5711 // $pid = (integer) requestVar('plugid');
\r
5712 $pid = intRequestVar('plugid');
\r
5713 if ( !$manager->pidInstalled($pid) )
\r
5715 self::error(_ERROR_NOSUCHPLUGIN);
\r
5718 if ( isset($message) )
\r
5720 self::$headMess = $message;
\r
5722 $extrahead = "<script type=\"text/javascript\" src=\"javascript/numbercheck.js\"></script>\n";
\r
5723 self::pagehead($extrahead);
\r
5724 self::$skin->parse('pluginoptions');
\r
5730 * Admin::action_pluginoptionsupdate()
\r
5732 * Update plugin options and fallback to plugin option page
\r
5738 static public function action_pluginoptionsupdate()
\r
5740 global $member, $manager;
\r
5742 // check if allowed
\r
5743 $member->isAdmin() or self::disallow();
\r
5745 $pid = intRequestVar('plugid');
\r
5746 // $pid = (integer) requestVar('plugid');
\r
5747 if ( !$manager->pidInstalled($pid) )
\r
5749 self::error(_ERROR_NOSUCHPLUGIN);
\r
5752 $aOptions = requestArray('plugoption');
\r
5753 NucleusPlugin::apply_plugin_options($aOptions);
\r
5756 'PostPluginOptionsUpdate',
\r
5758 'context' => 'global',
\r
5763 self::$action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
\r
5768 * Admin::_insertPluginOptions()
\r
5770 * Output plugin option field
\r
5773 * @param string $context plugin option context
\r
5774 * @param integer $contextid plugin option context id
\r
5777 static public function _insertPluginOptions($context, $contextid = 0)
\r
5779 // get all current values for this contextid
\r
5780 // (note: this might contain doubles for overlapping contextids)
\r
5781 $aIdToValue = array();
\r
5782 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));
\r
5783 while ( $object = sql_fetch_object($res) )
\r
5785 $aIdToValue[$object->oid] = $object->ovalue;
\r
5788 // get list of oids per pid
\r
5789 $query = 'SELECT '
\r
5792 . sql_table('plugin_option_desc') . ', '
\r
5793 . sql_table('plugin') . ' '
\r
5796 . 'and ocontext = "' . sql_real_escape_string($context) . '" '
\r
5798 . ' porder, oid ASC';
\r
5799 $res = sql_query($query);
\r
5800 $aOptions = array();
\r
5801 while ( $object = sql_fetch_object($res) )
\r
5803 if ( !in_array($object->oid, array_keys($aIdToValue)) )
\r
5805 $value = $object->odef;
\r
5809 $value = $aIdToValue[$object->oid];
\r
5815 'pid' => $object->pid,
\r
5816 'pfile' => $object->pfile,
\r
5817 'oid' => $object->oid,
\r
5818 'value' => $value,
\r
5819 'name' => $object->oname,
\r
5820 'description' => $object->odesc,
\r
5821 'type' => $object->otype,
\r
5822 'typeinfo' => $object->oextra,
\r
5823 'contextid' => $contextid,
\r
5831 'PrePluginOptionsEdit',
\r
5833 'context' => $context,
\r
5834 'contextid' => $contextid,
\r
5835 'options' =>& $aOptions
\r
5839 self::$aOptions = $aOptions;
\r
5840 self::$skin->parse('insertpluginoptions');
\r
5850 static private function action_parseSpecialskin()
\r
5853 self::$skin->parse(self::$action);
\r
5858 * TODO: I guess this method was simply copied from Skin class...
\r
5859 static private function parse($type)
\r
5861 global $manager, $CONF;
\r
5863 if ( $type == 'pagehead' )
\r
5866 'skin' => &self::$skin,
\r
5870 $manager->notify('InitAdminSkinParse', $data);
\r
5871 sendContentType(self::$skin->getContentType(), 'skin', i18n::get_current_charset());
\r
5874 $contents = self::$skin->getContent($type);
\r
5882 $actions = self::$skin->getAllowedActionsForType($type);
\r
5884 if ( $type == 'pagehead' )
\r
5887 'skin' => &self::$skin,
\r
5889 'contents' => &$contents
\r
5892 $manager->notify('PreAdminSkinParse', $data);
\r
5895 PARSER::setProperty('IncludeMode', self::$skin->getIncludeMode());
\r
5896 PARSER::setProperty('IncludePrefix', self::$skin->getIncludePrefix());
\r
5898 if ( $type == 'createitem' || $type == 'itemedit' )
\r
5900 // TODO: where is this class???
\r
5901 $handler = new Factory(intRequestVar('blogid'), $type, self::$skin, $this);
\r
5902 $actions = array_merge($actions, $handler->actions);
\r
5907 $actions = array_merge($actions, self::$skin->getAllowedActionsForType($type));
\r
5910 $parser = new Parser($actions, $handler);
\r
5911 $handler->setParser($parser);
\r
5912 $handler->setSkin(self::$skin);
\r
5913 $parser->parse($contents);
\r
5915 if ( $type == 'pagefoot' )
\r
5918 'skin' => &self::$skin,
\r
5922 $manager->notify('PostAdminSkinParse', $data);
\r
5934 static private function getAdminskinIDFromName($skinname)
\r
5936 $query = "SELECT 'sdnumber' as result FROM %s WHERE sdname = '%s';";
\r
5937 $admnSknID = quickQuery(sprintf($query, sql_table('skin_desc'), mysql_real_escape_string($skinname)));
\r
5938 return (integer) $adminSkinID;
\r
5947 static private function getAdminskinNameFromID($skinid)
\r
5949 $query = "SELECT sdname as result FROM %s WHERE sdnumber = '%d';";
\r
5950 $admnSknID = quickQuery(sprintf($query, sql_table('skin_desc'), (integer) $skinid));
\r
5951 return (integer) $adminSkinID;
\r
5960 static private function action_importAdmin()
\r
5962 global $DIR_ADMINSKINS, $action;
\r
5963 if ( $action == 'adminskinieimport' )
\r
5965 self::_doAdminskinimport();
\r
5968 if ( $action == 'showlogin' )
\r
5970 $skinName = 'showlogin';
\r
5971 $actnName = 'showlogin';
\r
5975 $skinName = 'defaultimporter';
\r
5976 $actnName = 'importAdmin';
\r
5979 /* TODO: why??? */
\r
5980 $contents = file_get_contents($DIR_ADMINSKINS . $skinName . '.skn');
\r
5982 $skn['description'] = $skinName;
\r
5983 $skn['contentType'] = 'importAdmin';
\r
5984 $skn['includeMode'] = 'normal';
\r
5985 $skn['includePrefix'] = '';
\r
5986 $skn['name'] = 'defaultinporter';
\r
5988 self::$skin = (object) $skn;
\r
5989 $handler = new AdminActions($actnName, self::$skin, $this);
\r
5990 $actions = Skin::getAllowedActionsForType($actnName);
\r
5992 $parser = new PARSER($actions, $handler);
\r
5993 $handler->setParser($parser);
\r
5994 $handler->setSkin(self::$skin);
\r
5995 $parser->parse($contents);
\r
6004 static private function _doAdminskinimport()
\r
6006 global $DIR_LIBS, $DIR_ADMINSKINS, $CONF, $member;
\r
6008 $member->isAdmin() or self::disallow();
\r
6010 include_once($DIR_LIBS . 'Skinie.php');
\r
6011 $skinFileRaw = postVar('skinfile');
\r
6012 $mode = postVar('mode');
\r
6013 $allowOverwrite = intPostVar('overwrite');
\r
6015 if ( $mode == 'file' )
\r
6017 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
6021 $skinFile = $skinFileRaw;
\r
6024 $importer = new SKINIMPORT();
\r
6025 $error = $importer->readFile($skinFile);
\r
6028 self::error($error);
\r
6030 $error = $importer->writeToDatabase($allowOverwrite);
\r
6033 self::error($error);
\r
6036 $_REQUEST['skininfo'] = $importer->getInfo();
\r
6037 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
6038 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
6040 header('Location: ' . $CONF['AdminURL']);
\r
6045 * Returns a link to a weblog
\r
6046 * @param object BLOG
\r
6048 static private function bloglink(&$blog) {
\r
6049 return '<a href="'.Entity::hsc($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. Entity::hsc( $blog->getName() ) .'</a>';
\r