3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
4 * Copyright (C) 2002-2012 The Nucleus Group
\r
6 * This program is free software; you can redistribute it and/or
\r
7 * modify it under the terms of the GNU General Public License
\r
8 * as published by the Free Software Foundation; either version 2
\r
9 * of the License, or (at your option) any later version.
\r
10 * (see nucleus/documentation/index.html#license for more info)
\r
13 * The code for the Nucleus admin area
\r
15 * @license http://nucleuscms.org/license.txt GNU General Public License
\r
16 * @copyright Copyright (C) 2002-2012 The Nucleus Group
\r
17 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
\r
21 if ( !function_exists('requestVar') ) exit;
\r
22 require_once dirname(__FILE__) . '/showlist.php';
\r
25 * Builds the admin area and executes admin actions
\r
29 private $xml_version_info = '1.0';
\r
30 private $formal_public_identifier = '-//W3C//DTD XHTML 1.0 Strict//EN';
\r
31 private $system_identifier = 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd';
\r
32 private $xhtml_namespace = 'http://www.w3.org/1999/xhtml';
\r
35 * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)
\r
40 * @var object $adminSkin
\r
45 * @var string $extrahead
\r
50 * @var bool $passvar
\r
55 * @var string $headMess
\r
64 /* function ADMIN() {
\r
66 function __construct()
\r
68 global $member, $DIR_LIBS;
\r
70 . ' COUNT(*) as result '
\r
72 . sql_table('adminskin_desc');
\r
73 if ( !(quickQuery($query)) )
\r
75 $this->action_importAdmin();
\r
77 if ( !isset($adminSkinid) || !($adminSkinid) )
\r
79 $adminSkinid = self::getAdminSkinID();
\r
81 if ( Skin::existsID($adminSkinid) )
\r
83 $this->adminSkin = new Skin($adminSkinid);
\r
87 $this->adminSkin = 0;
\r
91 static private function getAdminSkinID()
\r
93 global $CONF, $member, $manager;
\r
94 if (isset($member) && $member->isLoggedIn()) {
\r
95 $memskin = $member->getAdminSkin();
\r
100 return $CONF['DefaultAdminSkin'];
\r
103 function getAdminskinEditActions()
\r
106 'adminskinoverview',
\r
107 'adminskinieoverview',
\r
108 'adminskinedittype',
\r
109 'adminskinremovetype',
\r
112 'adminskinieimport',
\r
113 'adminskiniedoimport',
\r
114 'admintemplateedit',
\r
115 'admintemplateoverview',
\r
116 'admintemplatedelete',
\r
120 function getSkinlessActions()
\r
123 'plugindeleteconfirm',
\r
124 'pluginoptionsupdate',
\r
125 'skinremovetypeconfirm',
\r
127 'skindeleteconfirm',
\r
133 'templatedeleteconfirm',
\r
136 'adminskinremovetypeconfirm',
\r
138 'adminskindeleteconfirm',
\r
140 'adminskineditgeneral',
\r
141 'adminskinieexport',
\r
143 'admintemplateupdate',
\r
144 'admintemplatedeleteconfirm',
\r
145 'admintemplatenew',
\r
146 'admintemplateclone',
\r
147 'blogsettingsupdate',
\r
151 'itemdeleteconfirm',
\r
153 'changemembersettings',
\r
160 * Executes an action
\r
162 * @param string $action action to be performed
\r
164 function action($action)
\r
166 global $CONF, $manager;
\r
169 // list of action aliases
\r
171 'login' => 'overview',
\r
175 $customAction = postvar('customaction');
\r
176 if ( !empty($customAction) )
\r
179 'login' => $customAction,
\r
180 '' => $customAction
\r
183 if ( isset($alias[$action]) )
\r
185 $action = $alias[$action];
\r
187 $methodName = 'action_' . $action;
\r
189 $this->action = strtolower($action);
\r
191 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
\r
192 // is an action that requires user interaction before something is actually done)
\r
193 // all safe actions are in this array:
\r
194 $aActionsNotToCheck = array(
\r
204 'editmembersettings',
\r
206 'browseowncomments',
\r
220 'templateoverview',
\r
225 'banlistnewfromitem',
\r
246 $synonimActions = array(
\r
247 'banlistnewfromitem',
\r
252 // the rest of the actions needs to be checked
\r
253 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');
\r
255 $adminskinEditActions = $this->getAdminskinEditActions();
\r
256 $skinLessActions = $this->getSkinlessActions();
\r
257 $allowActions = array_merge($synonimActions, $this->getSkinlessActions());
\r
258 $aActionsNotToCheck = array_merge($aActionsNotToCheck, $adminskinEditActions, $allowActions);
\r
259 if (!in_array($this->action, $aActionsNotToCheck) && !$this->existsSkinContents($action) )
\r
261 if (!$manager->checkTicket())
\r
263 $this->error(_ERROR_BADTICKET);
\r
266 if ( !$this->adminSkin && $CONF['DefaultAdminSkin'] )
\r
268 $this->adminSkin = new Skin($CONF['DefaultAdminSkin']);
\r
271 if ( !method_exists($this, $methodName) && !in_array($this->action, $allowActions) && $this->existsSkinContents($action) )
\r
273 $this->action_parseSpecialskin;
\r
276 elseif ( method_exists($this, $methodName) )
\r
278 call_user_func(array(&$this, $methodName));
\r
284 $id = self::getAdminSkinID();
\r
285 $this->adminSkin = new Skin($id);
\r
286 if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') )
\r
288 $this->error(_BADACTION . ENTITY::hsc($action));
\r
291 elseif ( $id != $CONF['DefaultAdminSkin'] )
\r
293 $this->adminSkin = new Skin($CONF['DefaultAdminSkin']);
\r
294 if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') )
\r
296 $this->error(_BADACTION . ENTITY::hsc($action));
\r
304 $this->error(_BADACTION . ENTITY::hsc($action));
\r
308 * Check skin contents
\r
310 * @param string action type
\r
313 function existsSkinContents($action)
\r
315 $nsActions = $this->getSkinlessActions();
\r
316 $in_array = in_array($action, $nsActions);
\r
321 . ' scontent as result '
\r
323 . sql_table('adminskin') . ' '
\r
326 . 'AND stype = "%s"';
\r
327 if ( is_object($this->adminSkin) )
\r
329 return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action)));
\r
333 return quickQuery(sprintf($query, 1, sql_real_escape_string($action)));
\r
339 * Check exists specialskinparts
\r
341 * @param string action type
\r
344 function specialActionsAllow($action)
\r
347 . ' sdesc as result '
\r
349 . sql_table('adminskin') . ' '
\r
352 . 'AND stype = "%s"';
\r
353 return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action)));
\r
357 * @todo document this
\r
359 function action_showlogin()
\r
362 $this->action_login($error);
\r
366 * @todo document this
\r
368 function action_login($msg = '', $passvars = 1)
\r
372 // skip to overview when allowed
\r
373 if ( $member->isLoggedIn() && $member->canLogin() )
\r
375 $this->action_overview();
\r
379 $this->passvar = $passvars;
\r
382 $this->headMess = $msg;
\r
386 $this->parse('showlogin');
\r
391 * provides a screen with the overview of the actions available
\r
392 * @todo document parameter
\r
394 function action_overview($msg = '')
\r
398 $this->headMess = $msg;
\r
402 $this->parse('overview');
\r
407 * @todo document this
\r
409 function action_manage($msg = '')
\r
415 $this->headMess = $msg;
\r
417 $member->isAdmin() or $this->disallow();
\r
420 $this->parse('manage');
\r
425 * @todo document this
\r
427 function action_itemlist($blogid = '')
\r
429 global $member, $manager, $CONF;
\r
431 if ( $blogid == '' )
\r
433 $blogid = intRequestVar('blogid');
\r
436 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
\r
439 $this->parse('itemlist');
\r
444 * @todo document this
\r
446 function action_batchitem()
\r
448 global $member, $manager;
\r
450 // check if logged in
\r
451 $member->isLoggedIn() or $this->disallow();
\r
453 // more precise check will be done for each performed operation
\r
455 // get array of itemids from request
\r
456 $selected = requestIntArray('batch');
\r
457 $action = requestVar('batchaction');
\r
459 // Show error when no items were selected
\r
460 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
462 $this->error(_BATCH_NOSELECTION);
\r
465 // On move: when no destination blog/category chosen, show choice now
\r
466 $destCatid = intRequestVar('destcatid');
\r
467 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
\r
469 $this->batchMoveSelectDestination('item', $selected);
\r
472 // On delete: check if confirmation has been given
\r
473 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
475 $this->batchAskDeleteConfirmation('item',$selected);
\r
479 $this->parse('batchitem');
\r
484 * @todo document this
\r
486 function action_batchcomment()
\r
490 // check if logged in
\r
491 $member->isLoggedIn() or $this->disallow();
\r
493 // more precise check will be done for each performed operation
\r
495 // get array of itemids from request
\r
496 $selected = requestIntArray('batch');
\r
497 $action = requestVar('batchaction');
\r
499 // Show error when no items were selected
\r
500 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
502 $this->error(_BATCH_NOSELECTION);
\r
505 // On delete: check if confirmation has been given
\r
506 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
508 $this->batchAskDeleteConfirmation('comment',$selected);
\r
512 $this->parse('batchcomment');
\r
517 * @todo document this
\r
519 function action_batchmember()
\r
523 // check if logged in and admin
\r
524 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
\r
526 // get array of itemids from request
\r
527 $selected = requestIntArray('batch');
\r
528 $action = requestVar('batchaction');
\r
530 // Show error when no members selected
\r
531 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
533 $this->error(_BATCH_NOSELECTION);
\r
536 // On delete: check if confirmation has been given
\r
537 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
539 $this->batchAskDeleteConfirmation('member',$selected);
\r
543 $this->parse('batchmember');
\r
548 * @todo document this
\r
550 function action_batchteam()
\r
554 $blogid = intRequestVar('blogid');
\r
556 // check if logged in and admin
\r
557 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
\r
559 // get array of itemids from request
\r
560 $selected = requestIntArray('batch');
\r
561 $action = requestVar('batchaction');
\r
563 // Show error when no members selected
\r
564 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
566 $this->error(_BATCH_NOSELECTION);
\r
569 // On delete: check if confirmation has been given
\r
570 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
572 $this->batchAskDeleteConfirmation('team',$selected);
\r
576 $this->parse('batchmember');
\r
581 * @todo document this
\r
583 function action_batchcategory()
\r
585 global $member, $manager;
\r
587 // check if logged in
\r
588 $member->isLoggedIn() or $this->disallow();
\r
590 // more precise check will be done for each performed operation
\r
592 // get array of itemids from request
\r
593 $selected = requestIntArray('batch');
\r
594 $action = requestVar('batchaction');
\r
596 // Show error when no items were selected
\r
597 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
599 $this->error(_BATCH_NOSELECTION);
\r
602 // On move: when no destination blog chosen, show choice now
\r
603 $destBlogId = intRequestVar('destblogid');
\r
604 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
\r
606 $this->batchMoveCategorySelectDestination('category', $selected);
\r
609 // On delete: check if confirmation has been given
\r
610 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
612 $this->batchAskDeleteConfirmation('category', $selected);
\r
616 $this->parse('batchcategory');
\r
621 * @todo document this
\r
623 function batchMoveSelectDestination($type, $ids)
\r
626 $this->parse('batchmove');
\r
632 * @todo document this
\r
634 function batchMoveCategorySelectDestination($type, $ids)
\r
638 $this->parse('batchmovecat');
\r
644 * @todo document this
\r
646 function batchAskDeleteConfirmation($type, $ids)
\r
649 $this->parse('batchdelete');
\r
656 * Inserts a HTML select element with choices for all categories to which the current
\r
657 * member has access
\r
658 * @see function selectBlog
\r
660 function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
\r
662 Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
\r
666 * Inserts a HTML select element with choices for all blogs to which the user has access
\r
667 * mode = 'blog' => shows blognames and values are blogids
\r
668 * mode = 'category' => show category names and values are catids
\r
670 * @param $iForcedBlogInclude
\r
671 * ID of a blog that always needs to be included, without checking if the
\r
672 * member is on the blog team (-1 = none)
\r
673 * @todo document parameters
\r
675 function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
\r
677 global $member, $CONF;
\r
679 // 0. get IDs of blogs to which member can post items (+ forced blog)
\r
680 $aBlogIds = array();
\r
681 if ( $iForcedBlogInclude != -1 )
\r
683 $aBlogIds[] = intval($iForcedBlogInclude);
\r
686 if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) )
\r
688 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
\r
692 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
\r
694 $rblogids = sql_query($queryBlogs);
\r
695 while ($o = sql_fetch_object($rblogids))
\r
697 if ( $o->bnumber != $iForcedBlogInclude )
\r
699 $aBlogIds[] = intval($o->bnumber);
\r
703 if ( count($aBlogIds) == 0 )
\r
708 $_REQUEST['selectData'] = array(
\r
710 'tabindex' => $tabindex,
\r
712 'selected' => $selected,
\r
713 'showNewCat' => $showNewCat,
\r
714 'aBlogIds' => $aBlogIds,
\r
716 $this->parse('blogselectbox');
\r
720 * @todo document this
\r
722 function action_browseownitems() {
\r
723 global $member, $manager, $CONF;
\r
726 $this->parse('browseownitems');
\r
731 * Show all the comments for a given item
\r
732 * @param int $itemid
\r
734 function action_itemcommentlist($itemid = '') {
\r
735 global $member, $manager, $CONF;
\r
737 if ( $itemid == '' )
\r
739 $itemid = intRequestVar('itemid');
\r
741 $_REQUEST['itemid'] = $itemid;
\r
742 $_REQUEST['blogid'] = getBlogIdFromItemId($itemid);
\r
744 // only allow if user is allowed to alter item
\r
745 $member->canAlterItem($itemid) or $this->disallow();
\r
747 $blogid = getBlogIdFromItemId($itemid);
\r
750 $this->parse('itemcommentlist');
\r
755 * Browse own comments
\r
757 function action_browseowncomments() {
\r
759 $this->parse('browseowncomments');
\r
764 * Browse all comments for a weblog
\r
765 * @param int $blogid
\r
767 function action_blogcommentlist($blogid = '')
\r
769 global $member, $manager, $CONF;
\r
771 if ( $blogid == '' )
\r
773 $blogid = intRequestVar('blogid');
\r
777 $blogid = intval($blogid);
\r
780 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
\r
782 $_REQUEST['blogid'] = $blogid;
\r
785 $this->parse('blogcommentlist');
\r
790 * Provide a page to item a new item to the given blog
\r
792 function action_createitem()
\r
794 global $member, $manager;
\r
796 $blogid = intRequestVar('blogid');
\r
798 // check if allowed
\r
799 $member->teamRights($blogid) or $this->disallow();
\r
801 $memberid = $member->getID();
\r
803 $blog =& $manager->getBlog($blogid);
\r
806 $this->parse('createitem');
\r
811 * @todo document this
\r
813 function action_itemedit()
\r
815 global $member, $manager;
\r
817 $itemid = intRequestVar('itemid');
\r
819 // only allow if user is allowed to alter item
\r
820 $member->canAlterItem($itemid) or $this->disallow();
\r
822 $item =& $manager->getItem($itemid, 1, 1);
\r
823 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
\r
825 $this->parse('itemedit');
\r
830 * @todo document this
\r
832 function action_itemupdate()
\r
834 global $member, $manager, $CONF;
\r
836 $itemid = intRequestVar('itemid');
\r
837 $catid = postVar('catid');
\r
839 // only allow if user is allowed to alter item
\r
840 $member->canUpdateItem($itemid, $catid) or $this->disallow();
\r
842 $actiontype = postVar('actiontype');
\r
844 // delete actions are handled by itemdelete (which has confirmation)
\r
845 if ( $actiontype == 'delete' )
\r
847 $this->action_itemdelete();
\r
851 $body = postVar('body');
\r
852 $title = postVar('title');
\r
853 $more = postVar('more');
\r
854 $closed = intPostVar('closed');
\r
855 $draftid = intPostVar('draftid');
\r
857 // default action = add now
\r
858 if ( !$actiontype )
\r
860 $actiontype='addnow';
\r
863 // create new category if needed
\r
864 if ( strstr($catid,'newcat') )
\r
867 list($blogid) = sscanf($catid,"newcat-%d");
\r
870 $blog =& $manager->getBlog($blogid);
\r
871 $catid = $blog->createNewCategory();
\r
873 // show error when sth goes wrong
\r
876 $this->doError(_ERROR_CATCREATEFAIL);
\r
881 set some variables based on actiontype
\r
884 draft items -> addnow, addfuture, adddraft, delete
\r
885 non-draft items -> edit, changedate, delete
\r
888 $timestamp: set to a nonzero value for future dates or date changes
\r
889 $wasdraft: set to 1 when the item used to be a draft item
\r
890 $publish: set to 1 when the edited item is not a draft
\r
892 $blogid = getBlogIDFromItemID($itemid);
\r
893 $blog =& $manager->getBlog($blogid);
\r
895 $wasdrafts = array('adddraft', 'addfuture', 'addnow');
\r
896 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
\r
897 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
\r
898 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
\r
900 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
\r
907 // edit the item for real
\r
908 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
\r
910 $this->updateFuturePosted($blogid);
\r
912 if ( $draftid > 0 )
\r
914 // delete permission is checked inside Item::delete()
\r
915 Item::delete($draftid);
\r
918 // show category edit window when we created a new category
\r
919 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
\r
920 if ( $catid != intPostVar('catid') )
\r
922 $this->action_categoryedit(
\r
925 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
\r
930 // TODO: set start item correctly for itemlist
\r
931 $item = Item::getItem($itemid, 0, 0);
\r
932 $cnt = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']);
\r
933 $_REQUEST['start'] = $cnt + 1;
\r
934 $this->action_itemlist(getBlogIDFromItemID($itemid));
\r
939 * Admin::action_itemdelete()
\r
945 function action_itemdelete()
\r
947 global $member, $manager;
\r
949 $itemid = intRequestVar('itemid');
\r
951 // only allow if user is allowed to alter item
\r
952 $member->canAlterItem($itemid) or $this->disallow();
\r
954 if ( !$manager->existsItem($itemid,1,1) )
\r
956 $this->error(_ERROR_NOSUCHITEM);
\r
960 $this->parse('itemdelete');
\r
966 * @todo document this
\r
968 function action_itemdeleteconfirm()
\r
972 $itemid = intRequestVar('itemid');
\r
974 // only allow if user is allowed to alter item
\r
975 $member->canAlterItem($itemid) or $this->disallow();
\r
977 // get blogid first
\r
978 $blogid = getBlogIdFromItemId($itemid);
\r
980 // delete item (note: some checks will be performed twice)
\r
981 $this->deleteOneItem($itemid);
\r
983 $this->action_itemlist($blogid);
\r
987 * Deletes one item and returns error if something goes wrong
\r
988 * @param int $itemid
\r
990 function deleteOneItem($itemid)
\r
992 global $member, $manager;
\r
994 // only allow if user is allowed to alter item (also checks if itemid exists)
\r
995 if ( !$member->canAlterItem($itemid) )
\r
997 return _ERROR_DISALLOWED;
\r
1000 // need to get blogid before the item is deleted
\r
1001 $blogid = getBlogIDFromItemId($itemid);
\r
1003 $manager->loadClass('ITEM');
\r
1004 Item::delete($itemid);
\r
1006 // update blog's futureposted
\r
1007 $this->updateFuturePosted($blogid);
\r
1011 * Admin::updateFuturePosted()
\r
1012 * Update a blog's future posted flag
\r
1014 * @param integer $blogid
\r
1018 function updateFuturePosted($blogid)
\r
1022 $blogid = intval($blogid);
\r
1023 $blog =& $manager->getBlog($blogid);
\r
1024 $currenttime = $blog->getCorrectTime(time());
\r
1026 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
\r
1027 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
\r
1028 $result = sql_query($query);
\r
1030 if ( sql_num_rows($result) > 0 )
\r
1032 $blog->setFuturePost();
\r
1036 $blog->clearFuturePost();
\r
1042 * @todo document this
\r
1044 function action_itemmove()
\r
1046 global $member, $manager;
\r
1048 $itemid = intRequestVar('itemid');
\r
1050 // only allow if user is allowed to alter item
\r
1051 $member->canAlterItem($itemid) or $this->disallow();
\r
1053 $this->pagehead();
\r
1054 $this->parse('itemmove');
\r
1055 $this->pagefoot();
\r
1059 * @todo document this
\r
1061 function action_itemmoveto()
\r
1063 global $member, $manager;
\r
1065 $itemid = intRequestVar('itemid');
\r
1066 $catid = requestVar('catid');
\r
1068 // create new category if needed
\r
1069 if ( strstr($catid,'newcat') )
\r
1072 list($blogid) = sscanf($catid,'newcat-%d');
\r
1075 $blog =& $manager->getBlog($blogid);
\r
1076 $catid = $blog->createNewCategory();
\r
1078 // show error when sth goes wrong
\r
1081 $this->doError(_ERROR_CATCREATEFAIL);
\r
1085 // only allow if user is allowed to alter item
\r
1086 $member->canUpdateItem($itemid, $catid) or $this->disallow();
\r
1088 $old_blogid = getBlogIDFromItemId($itemid);
\r
1090 Item::move($itemid, $catid);
\r
1092 // set the futurePosted flag on the blog
\r
1093 $this->updateFuturePosted(getBlogIDFromItemId($itemid));
\r
1095 // reset the futurePosted in case the item is moved from one blog to another
\r
1096 $this->updateFuturePosted($old_blogid);
\r
1098 if ( $catid != intRequestVar('catid') )
\r
1100 $this->action_categoryedit($catid, $blog->getID());
\r
1104 $this->action_itemlist(getBlogIDFromCatID($catid));
\r
1109 * Moves one item to a given category (category existance should be checked by caller)
\r
1110 * errors are returned
\r
1111 * @param int $itemid
\r
1112 * @param int $destCatid category ID to which the item will be moved
\r
1114 function moveOneItem($itemid, $destCatid)
\r
1118 // only allow if user is allowed to move item
\r
1119 if ( !$member->canUpdateItem($itemid, $destCatid) )
\r
1121 return _ERROR_DISALLOWED;
\r
1124 Item::move($itemid, $destCatid);
\r
1128 * Adds a item to the chosen blog
\r
1130 function action_additem()
\r
1132 global $manager, $CONF;
\r
1134 $manager->loadClass('ITEM');
\r
1136 $result = Item::createFromRequest();
\r
1138 if ( $result['status'] == 'error' )
\r
1140 $this->error($result['message']);
\r
1143 $blogid = getBlogIDFromItemID($result['itemid']);
\r
1144 $blog =& $manager->getBlog($blogid);
\r
1145 $btimestamp = $blog->getCorrectTime();
\r
1146 $item = $manager->getItem(intval($result['itemid']), 1, 1);
\r
1148 if ( $result['status'] == 'newcategory' )
\r
1150 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
\r
1151 $this->action_categoryedit($result['catid'], $blogid, $distURI);
\r
1155 $methodName = 'action_itemList';
\r
1156 call_user_func(array(&$this, $methodName), $blogid);
\r
1161 * Allows to edit previously made comments
\r
1163 function action_commentedit()
\r
1166 global $member, $manager;
\r
1168 $commentid = intRequestVar('commentid');
\r
1170 $member->canAlterComment($commentid) or $this->disallow();
\r
1172 $this->pagehead();
\r
1173 $this->parse('commentedit');
\r
1174 $this->pagefoot();
\r
1178 * @todo document this
\r
1180 function action_commentupdate()
\r
1182 global $member, $manager;
\r
1184 $commentid = intRequestVar('commentid');
\r
1186 $member->canAlterComment($commentid) or $this->disallow();
\r
1188 $url = postVar('url');
\r
1189 $email = postVar('email');
\r
1190 $body = postVar('body');
\r
1192 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
\r
1193 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE
\r
1194 # important note that '\' must be matched with '\\\\' in preg* expressions
\r
1196 // intercept words that are too long
\r
1197 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
\r
1199 $this->error(_ERROR_COMMENT_LONGWORD);
\r
1203 if ( i18n::strlen($body) < 3 )
\r
1205 $this->error(_ERROR_COMMENT_NOCOMMENT);
\r
1208 if ( i18n::strlen($body) > 5000 )
\r
1210 $this->error(_ERROR_COMMENT_TOOLONG);
\r
1214 $body = Comment::prepareBody($body);
\r
1218 'PreUpdateComment',
\r
1224 $query = 'UPDATE ' . sql_table('comment')
\r
1226 . " cmail = '" . sql_real_escape_string($url) . "',"
\r
1227 . " cemail = '" . sql_real_escape_string($email) . "',"
\r
1228 . " cbody = '" . sql_real_escape_string($body) . "'"
\r
1230 . " cnumber = " . $commentid;
\r
1231 sql_query($query);
\r
1234 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
\r
1235 $o = sql_fetch_object($res);
\r
1236 $itemid = $o->citem;
\r
1238 if ( $member->canAlterItem($itemid) )
\r
1240 $this->action_itemcommentlist($itemid);
\r
1244 $this->action_browseowncomments();
\r
1249 * Admin::action_commentdelete()
\r
1255 function action_commentdelete()
\r
1257 global $member, $manager;
\r
1259 $commentid = intRequestVar('commentid');
\r
1260 $member->canAlterComment($commentid) or $this->disallow();
\r
1262 $this->pagehead();
\r
1263 $this->parse('commentdelete');
\r
1264 $this->pagefoot();
\r
1269 * @todo document this
\r
1271 function action_commentdeleteconfirm()
\r
1275 $commentid = intRequestVar('commentid');
\r
1277 // get item id first
\r
1278 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
\r
1279 $o = sql_fetch_object($res);
\r
1280 $itemid = $o->citem;
\r
1282 $error = $this->deleteOneComment($commentid);
\r
1285 $this->doError($error);
\r
1288 if ( $member->canAlterItem($itemid) )
\r
1290 $this->action_itemcommentlist($itemid);
\r
1294 $this->action_browseowncomments();
\r
1299 * @todo document this
\r
1301 function deleteOneComment($commentid) {
\r
1302 global $member, $manager;
\r
1304 $commentid = intval($commentid);
\r
1306 if ( !$member->canAlterComment($commentid) )
\r
1308 return _ERROR_DISALLOWED;
\r
1312 'PreDeleteComment',
\r
1314 'commentid' => $commentid
\r
1318 // delete the comments associated with the item
\r
1319 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cnumber=' . $commentid;
\r
1320 sql_query($query);
\r
1323 'PostDeleteComment',
\r
1325 'commentid' => $commentid
\r
1333 * Usermanagement main
\r
1335 function action_usermanagement()
\r
1337 global $member, $manager;
\r
1339 // check if allowed
\r
1340 $member->isAdmin() or $this->disallow();
\r
1342 $this->pagehead();
\r
1343 $this->parse('usermanagement');
\r
1344 $this->pagefoot();
\r
1348 * Edit member settings
\r
1350 function action_memberedit()
\r
1352 $this->action_editmembersettings(intRequestVar('memberid'));
\r
1356 * @todo document this
\r
1358 function action_editmembersettings($memberid = '') {
\r
1359 global $member, $manager, $CONF;
\r
1361 if ( $memberid == '' )
\r
1363 $memberid = $member->getID();
\r
1365 $_REQUEST['memberid'] = $memberid;
\r
1367 // check if allowed
\r
1368 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
1370 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
1371 $this->pagehead($extrahead);
\r
1372 $this->parse('editmembersettings');
\r
1373 $this->pagefoot();
\r
1377 * @todo document this
\r
1379 function action_changemembersettings() {
\r
1380 global $member, $CONF, $manager;
\r
1382 $memberid = intRequestVar('memberid');
\r
1384 // check if allowed
\r
1385 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
1387 $name = trim(strip_tags(postVar('name')));
\r
1388 $realname = trim(strip_tags(postVar('realname')));
\r
1389 $password = postVar('password');
\r
1390 $repeatpassword = postVar('repeatpassword');
\r
1391 $email = strip_tags(postVar('email'));
\r
1392 $url = strip_tags(postVar('url'));
\r
1393 $adminskin = intPostVar('adminskin');
\r
1395 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
\r
1396 # original eregi: !eregi("^https?://", $url)
\r
1398 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
\r
1399 if ( !preg_match('#^https?://#', $url) )
\r
1401 $url = 'http://' . $url;
\r
1404 $admin = postVar('admin');
\r
1405 $canlogin = postVar('canlogin');
\r
1406 $notes = strip_tags(postVar('notes'));
\r
1407 $locale = postVar('locale');
\r
1409 $mem = Member::createFromID($memberid);
\r
1411 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
\r
1413 if ( !isValidDisplayName($name) )
\r
1415 $this->error(_ERROR_BADNAME);
\r
1418 if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
\r
1420 $this->error(_ERROR_NICKNAMEINUSE);
\r
1423 if ( $password != $repeatpassword )
\r
1425 $this->error(_ERROR_PASSWORDMISMATCH);
\r
1428 if ( $password && (i18n::strlen($password) < 6) )
\r
1430 $this->error(_ERROR_PASSWORDTOOSHORT);
\r
1440 'password' => $password,
\r
1441 'errormessage' => &$pwderror,
\r
1442 'valid' => &$pwdvalid
\r
1447 $this->error($pwderror);
\r
1452 if ( !NOTIFICATION::address_validation($email) )
\r
1454 $this->error(_ERROR_BADMAILADDRESS);
\r
1458 $this->error(_ERROR_REALNAMEMISSING);
\r
1460 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
\r
1462 $this->error(_ERROR_NOSUCHTRANSLATION);
\r
1465 // check if there will remain at least one site member with both the logon and admin rights
\r
1466 // (check occurs when taking away one of these rights from such a member)
\r
1467 if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
\r
1468 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
\r
1471 $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
\r
1472 if ( sql_num_rows($r) < 2 )
\r
1474 $this->error(_ERROR_ATLEASTONEADMIN);
\r
1478 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
\r
1480 $mem->setDisplayName($name);
\r
1483 $mem->setPassword($password);
\r
1487 $oldEmail = $mem->getEmail();
\r
1489 $mem->setRealName($realname);
\r
1490 $mem->setEmail($email);
\r
1491 $mem->setURL($url);
\r
1492 $mem->setNotes($notes);
\r
1493 $mem->setLocale($locale);
\r
1496 // only allow super-admins to make changes to the admin status
\r
1497 if ( $member->isAdmin() )
\r
1499 $mem->setAdmin($admin);
\r
1500 $mem->setCanLogin($canlogin);
\r
1503 $autosave = postVar('autosave');
\r
1504 $mem->setAutosave($autosave);
\r
1508 // store plugin options
\r
1509 $aOptions = requestArray('plugoption');
\r
1510 NucleusPlugin::apply_plugin_options($aOptions);
\r
1512 'PostPluginOptionsUpdate',
\r
1514 'context' => 'member',
\r
1515 'memberid' => $memberid,
\r
1520 // if email changed, generate new password
\r
1521 if ( $oldEmail != $mem->getEmail() )
\r
1523 $mem->sendActivationLink('addresschange', $oldEmail);
\r
1525 $mem->newCookieKey();
\r
1527 // only log out if the member being edited is the current member.
\r
1528 if ( $member->getID() == $memberid )
\r
1530 $member->logout();
\r
1532 $this->action_login(_MSG_ACTIVATION_SENT, 0);
\r
1537 if ( ( $mem->getID() == $member->getID() )
\r
1538 && ( $mem->getDisplayName() != $member->getDisplayName() )
\r
1541 $mem->newCookieKey();
\r
1542 $member->logout();
\r
1543 $this->action_login(_MSG_LOGINAGAIN, 0);
\r
1547 $this->action_overview(_MSG_SETTINGSCHANGED);
\r
1552 * Admin::action_memberadd()
\r
1558 function action_memberadd()
\r
1560 global $member, $manager;
\r
1562 // check if allowed
\r
1563 $member->isAdmin() or $this->disallow();
\r
1565 if ( postVar('password') != postVar('repeatpassword') )
\r
1567 $this->error(_ERROR_PASSWORDMISMATCH);
\r
1570 if ( i18n::strlen(postVar('password')) < 6 )
\r
1572 $this->error(_ERROR_PASSWORDTOOSHORT);
\r
1575 $res = Member::create(
\r
1577 postVar('realname'),
\r
1578 postVar('password'),
\r
1582 postVar('canlogin'),
\r
1587 $this->error($res);
\r
1590 // fire PostRegister event
\r
1591 $newmem = new Member();
\r
1592 $newmem->readFromName(postVar('name'));
\r
1596 'member' => &$newmem
\r
1600 $this->action_usermanagement();
\r
1605 * Account activation
\r
1609 function action_activate()
\r
1612 $key = getVar('key');
\r
1613 $this->_showActivationPage($key);
\r
1617 * @todo document this
\r
1619 function _showActivationPage($key, $message = '')
\r
1623 // clean up old activation keys
\r
1624 Member::cleanupActivationTable();
\r
1626 // get activation info
\r
1627 $info = Member::getActivationInfo($key);
\r
1631 $this->error(_ERROR_ACTIVATE);
\r
1634 $mem = Member::createFromId($info->vmember);
\r
1638 $this->error(_ERROR_ACTIVATE);
\r
1640 $_POST['ackey'] = $key;
\r
1641 $this->headMess = $message;
\r
1642 $_POST['bNeedsPasswordChange'] = true;
\r
1643 $this->pagehead();
\r
1644 $this->parse('activate');
\r
1645 $this->pagefoot();
\r
1650 * Account activation - set password part
\r
1654 function action_activatesetpwd()
\r
1657 $key = postVar('key');
\r
1659 // clean up old activation keys
\r
1660 Member::cleanupActivationTable();
\r
1662 // get activation info
\r
1663 $info = Member::getActivationInfo($key);
\r
1665 if ( !$info || ($info->type == 'addresschange') )
\r
1667 return $this->_showActivationPage($key, _ERROR_ACTIVATE);
\r
1670 $mem = Member::createFromId($info->vmember);
\r
1674 return $this->_showActivationPage($key, _ERROR_ACTIVATE);
\r
1677 $password = postVar('password');
\r
1678 $repeatpassword = postVar('repeatpassword');
\r
1680 if ( $password != $repeatpassword )
\r
1682 return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
\r
1685 if ( $password && (i18n::strlen($password) < 6) )
\r
1687 return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
\r
1698 'password' => $password,
\r
1699 'errormessage' => &$pwderror,
\r
1700 'valid' => &$pwdvalid
\r
1705 return $this->_showActivationPage($key,$pwderror);
\r
1714 'type' => 'activation',
\r
1716 'error' => &$error
\r
1719 if ( $error != '' )
\r
1721 return $this->_showActivationPage($key, $error);
\r
1726 $mem->setPassword($password);
\r
1729 // do the activation
\r
1730 Member::activate($key);
\r
1732 $this->pagehead();
\r
1733 $this->parse('activatesetpwd');
\r
1734 $this->pagefoot();
\r
1740 function action_manageteam()
\r
1742 global $member, $manager;
\r
1744 $blogid = intRequestVar('blogid');
\r
1746 // check if allowed
\r
1747 $member->blogAdminRights($blogid) or $this->disallow();
\r
1749 $this->pagehead();
\r
1750 $this->parse('manageteam');
\r
1751 $this->pagefoot();
\r
1755 * Add member to team
\r
1757 function action_teamaddmember()
\r
1759 global $member, $manager;
\r
1761 $memberid = intPostVar('memberid');
\r
1762 $blogid = intPostVar('blogid');
\r
1763 $admin = intPostVar('admin');
\r
1765 // check if allowed
\r
1766 $member->blogAdminRights($blogid) or $this->disallow();
\r
1768 $blog =& $manager->getBlog($blogid);
\r
1769 if ( !$blog->addTeamMember($memberid, $admin) )
\r
1771 $this->error(_ERROR_ALREADYONTEAM);
\r
1774 $this->action_manageteam();
\r
1779 * @todo document this
\r
1781 function action_teamdelete()
\r
1783 global $member, $manager;
\r
1785 $memberid = intRequestVar('memberid');
\r
1786 $blogid = intRequestVar('blogid');
\r
1788 // check if allowed
\r
1789 $member->blogAdminRights($blogid) or $this->disallow();
\r
1791 $teammem = Member::createFromID($memberid);
\r
1792 $blog =& $manager->getBlog($blogid);
\r
1794 $this->pagehead();
\r
1795 $this->parse('teamdelete');
\r
1796 $this->pagefoot();
\r
1800 * @todo document this
\r
1802 function action_teamdeleteconfirm()
\r
1806 $memberid = intRequestVar('memberid');
\r
1807 $blogid = intRequestVar('blogid');
\r
1809 $error = $this->deleteOneTeamMember($blogid, $memberid);
\r
1812 $this->error($error);
\r
1814 $this->action_manageteam();
\r
1818 * @todo document this
\r
1820 function deleteOneTeamMember($blogid, $memberid)
\r
1822 global $member, $manager;
\r
1824 $blogid = intval($blogid);
\r
1825 $memberid = intval($memberid);
\r
1827 // check if allowed
\r
1828 if ( !$member->blogAdminRights($blogid) )
\r
1830 return _ERROR_DISALLOWED;
\r
1833 // check if: - there remains at least one blog admin
\r
1834 // - (there remains at least one team member)
\r
1835 $tmem = Member::createFromID($memberid);
\r
1838 'PreDeleteTeamMember',
\r
1840 'member' => &$tmem,
\r
1841 'blogid' => $blogid
\r
1845 if ( $tmem->isBlogAdmin($blogid) )
\r
1847 // check if there are more blog members left and at least one admin
\r
1848 // (check for at least two admins before deletion)
\r
1849 $query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid . ' and tadmin=1';
\r
1850 $r = sql_query($query);
\r
1851 if ( sql_num_rows($r) < 2 )
\r
1853 return _ERROR_ATLEASTONEBLOGADMIN;
\r
1857 $query = 'DELETE FROM ' . sql_table('team') . " WHERE tblog=$blogid and tmember=$memberid";
\r
1858 sql_query($query);
\r
1861 'PostDeleteTeamMember',
\r
1863 'member' => &$tmem,
\r
1864 'blogid' => $blogid
\r
1872 * @todo document this
\r
1874 function action_teamchangeadmin()
\r
1878 $blogid = intRequestVar('blogid');
\r
1879 $memberid = intRequestVar('memberid');
\r
1881 // check if allowed
\r
1882 $member->blogAdminRights($blogid) or $this->disallow();
\r
1884 $mem = Member::createFromID($memberid);
\r
1886 // don't allow when there is only one admin at this moment
\r
1887 if ( $mem->isBlogAdmin($blogid) )
\r
1889 $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
\r
1890 if ( sql_num_rows($r) == 1 )
\r
1892 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
\r
1896 if ( $mem->isBlogAdmin($blogid) )
\r
1905 $query = 'UPDATE ' . sql_table('team') . " SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
\r
1906 sql_query($query);
\r
1908 // only show manageteam if member did not change its own admin privileges
\r
1909 if ( $member->isBlogAdmin($blogid) )
\r
1911 $this->action_manageteam();
\r
1915 $this->action_overview(_MSG_ADMINCHANGED);
\r
1920 * @todo document this
\r
1922 function action_blogsettings()
\r
1924 global $member, $manager;
\r
1926 $blogid = intRequestVar('blogid');
\r
1928 // check if allowed
\r
1929 $member->blogAdminRights($blogid) or $this->disallow();
\r
1931 $blog =& $manager->getBlog($blogid);
\r
1933 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
1934 $this->pagehead($extrahead);
\r
1935 $this->parse('blogsettings');
\r
1936 $this->pagefoot();
\r
1940 * @todo document this
\r
1942 function action_categorynew()
\r
1944 global $member, $manager;
\r
1946 $blogid = intRequestVar('blogid');
\r
1948 $member->blogAdminRights($blogid) or $this->disallow();
\r
1950 $cname = postVar('cname');
\r
1951 $cdesc = postVar('cdesc');
\r
1953 if ( !isValidCategoryName($cname) )
\r
1955 $this->error(_ERROR_BADCATEGORYNAME);
\r
1958 $query = 'SELECT * FROM ' . sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname) . '\' and cblog=' . intval($blogid);
\r
1959 $res = sql_query($query);
\r
1960 if ( sql_num_rows($res) > 0 )
\r
1962 $this->error(_ERROR_DUPCATEGORYNAME);
\r
1965 $blog =& $manager->getBlog($blogid);
\r
1966 $newCatID = $blog->createNewCategory($cname, $cdesc);
\r
1968 $this->action_blogsettings();
\r
1972 * @todo document this
\r
1974 function action_categoryedit($catid = '', $blogid = '', $desturl = '')
\r
1976 global $member, $manager;
\r
1978 if ( $blogid == '' )
\r
1980 $blogid = intGetVar('blogid');
\r
1984 $blogid = intval($blogid);
\r
1986 if ( $catid == '' )
\r
1988 $catid = intGetVar('catid');
\r
1992 $catid = intval($catid);
\r
1994 $_REQUEST['blogid'] = $blogid;
\r
1995 $_REQUEST['catid'] = $catid;
\r
1996 $_REQUEST['desturl'] = $desturl;
\r
1997 $member->blogAdminRights($blogid) or $this->disallow();
\r
1999 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
2000 $this->pagehead($extrahead);
\r
2001 $this->parse('categoryedit');
\r
2002 $this->pagefoot();
\r
2006 * @todo document this
\r
2008 function action_categoryupdate()
\r
2010 global $member, $manager;
\r
2012 $blogid = intPostVar('blogid');
\r
2013 $catid = intPostVar('catid');
\r
2014 $cname = postVar('cname');
\r
2015 $cdesc = postVar('cdesc');
\r
2016 $desturl = postVar('desturl');
\r
2018 $member->blogAdminRights($blogid) or $this->disallow();
\r
2020 if ( !isValidCategoryName($cname) )
\r
2022 $this->error(_ERROR_BADCATEGORYNAME);
\r
2025 $query = "SELECT *"
\r
2026 . " FROM " . sql_table('category')
\r
2027 . " WHERE cname='" . sql_real_escape_string($cname) . "'"
\r
2028 . " and cblog=" . intval($blogid)
\r
2029 . " and not(catid=" . intval($catid) . ")";
\r
2030 $res = sql_query($query);
\r
2031 if ( sql_num_rows($res) > 0 )
\r
2033 $this->error(_ERROR_DUPCATEGORYNAME);
\r
2036 $query = 'UPDATE '.sql_table('category').' SET'
\r
2037 . " cname='" . sql_real_escape_string($cname) . "',"
\r
2038 . " cdesc='" . sql_real_escape_string($cdesc) . "'"
\r
2039 . " WHERE catid=" . intval($catid);
\r
2041 sql_query($query);
\r
2043 // store plugin options
\r
2044 $aOptions = requestArray('plugoption');
\r
2045 NucleusPlugin::apply_plugin_options($aOptions);
\r
2047 'PostPluginOptionsUpdate',
\r
2049 'context' => 'category',
\r
2057 redirect($desturl);
\r
2062 $this->action_blogsettings();
\r
2067 * @todo document this
\r
2069 function action_categorydelete()
\r
2071 global $member, $manager;
\r
2073 $blogid = intRequestVar('blogid');
\r
2074 $catid = intRequestVar('catid');
\r
2076 $member->blogAdminRights($blogid) or $this->disallow();
\r
2078 $blog =& $manager->getBlog($blogid);
\r
2080 // check if the category is valid
\r
2081 if ( !$blog->isValidCategory($catid) )
\r
2083 $this->error(_ERROR_NOSUCHCATEGORY);
\r
2086 // don't allow deletion of default category
\r
2087 if ( $blog->getDefaultCategory() == $catid )
\r
2089 $this->error(_ERROR_DELETEDEFCATEGORY);
\r
2092 // check if catid is the only category left for blogid
\r
2093 $query = 'SELECT catid FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
\r
2094 $res = sql_query($query);
\r
2095 if ( sql_num_rows($res) == 1 )
\r
2097 $this->error(_ERROR_DELETELASTCATEGORY);
\r
2101 $this->pagehead();
\r
2102 $this->parse('categorydelete');
\r
2103 $this->pagefoot();
\r
2107 * @todo document this
\r
2109 function action_categorydeleteconfirm()
\r
2111 global $member, $manager;
\r
2113 $blogid = intRequestVar('blogid');
\r
2114 $catid = intRequestVar('catid');
\r
2116 $member->blogAdminRights($blogid) or $this->disallow();
\r
2118 $error = $this->deleteOneCategory($catid);
\r
2121 $this->error($error);
\r
2124 $this->action_blogsettings();
\r
2128 * Admin::deleteOneCategory()
\r
2129 * Delete a category by its id
\r
2131 * @param String $catid category id for deleting
\r
2134 function deleteOneCategory($catid)
\r
2136 global $manager, $member;
\r
2138 $catid = intval($catid);
\r
2139 $blogid = getBlogIDFromCatID($catid);
\r
2141 if ( !$member->blogAdminRights($blogid) )
\r
2143 return ERROR_DISALLOWED;
\r
2147 $blog =& $manager->getBlog($blogid);
\r
2149 // check if the category is valid
\r
2150 if ( !$blog || !$blog->isValidCategory($catid) )
\r
2152 return _ERROR_NOSUCHCATEGORY;
\r
2155 $destcatid = $blog->getDefaultCategory();
\r
2157 // don't allow deletion of default category
\r
2158 if ( $blog->getDefaultCategory() == $catid )
\r
2160 return _ERROR_DELETEDEFCATEGORY;
\r
2163 // check if catid is the only category left for blogid
\r
2164 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
\r
2165 $res = sql_query($query);
\r
2166 if ( sql_num_rows($res) == 1 )
\r
2168 return _ERROR_DELETELASTCATEGORY;
\r
2172 'PreDeleteCategory',
\r
2178 // change category for all items to the default category
\r
2179 $query = 'UPDATE ' . sql_table('item') . " SET icat=$destcatid WHERE icat=$catid";
\r
2180 sql_query($query);
\r
2182 // delete all associated plugin options
\r
2183 NucleusPlugin::delete_option_values('category', $catid);
\r
2185 // delete category
\r
2186 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE catid=' . $catid;
\r
2187 sql_query($query);
\r
2190 'PostDeleteCategory',
\r
2199 * Admin::action_blogsettingsupdate
\r
2200 * Updating blog settings
\r
2205 function action_blogsettingsupdate()
\r
2207 global $member, $manager;
\r
2209 $blogid = intRequestVar('blogid');
\r
2211 $member->blogAdminRights($blogid) or $this->disallow();
\r
2213 $blog =& $manager->getBlog($blogid);
\r
2215 $notify_address = trim(postVar('notify'));
\r
2216 $shortname = trim(postVar('shortname'));
\r
2217 $updatefile = trim(postVar('update'));
\r
2219 $notifyComment = intPostVar('notifyComment');
\r
2220 $notifyVote = intPostVar('notifyVote');
\r
2221 $notifyNewItem = intPostVar('notifyNewItem');
\r
2223 if ( $notifyComment == 0 )
\r
2225 $notifyComment = 1;
\r
2227 if ( $notifyVote == 0 )
\r
2231 if ( $notifyNewItem == 0 )
\r
2233 $notifyNewItem = 1;
\r
2235 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
\r
2237 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
\r
2239 $this->error(_ERROR_BADNOTIFY);
\r
2242 if ( !isValidShortName($shortname) )
\r
2244 $this->error(_ERROR_BADSHORTBLOGNAME);
\r
2247 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
\r
2249 $this->error(_ERROR_DUPSHORTBLOGNAME);
\r
2251 // check if update file is writable
\r
2252 if ( $updatefile && !is_writeable($updatefile) )
\r
2254 $this->error(_ERROR_UPDATEFILE);
\r
2257 $blog->setName(trim(postVar('name')));
\r
2258 $blog->setShortName($shortname);
\r
2259 $blog->setNotifyAddress($notify_address);
\r
2260 $blog->setNotifyType($notifyType);
\r
2261 $blog->setMaxComments(postVar('maxcomments'));
\r
2262 $blog->setCommentsEnabled(postVar('comments'));
\r
2263 $blog->setTimeOffset(postVar('timeoffset'));
\r
2264 $blog->setUpdateFile($updatefile);
\r
2265 $blog->setURL(trim(postVar('url')));
\r
2266 $blog->setDefaultSkin(intPostVar('defskin'));
\r
2267 $blog->setDescription(trim(postVar('desc')));
\r
2268 $blog->setPublic(postVar('public'));
\r
2269 $blog->setConvertBreaks(intPostVar('convertbreaks'));
\r
2270 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
\r
2271 $blog->setDefaultCategory(intPostVar('defcat'));
\r
2272 $blog->setSearchable(intPostVar('searchable'));
\r
2273 $blog->setEmailRequired(intPostVar('reqemail'));
\r
2274 $blog->writeSettings();
\r
2276 // store plugin options
\r
2277 $aOptions = requestArray('plugoption');
\r
2278 NucleusPlugin::apply_plugin_options($aOptions);
\r
2280 'PostPluginOptionsUpdate',
\r
2282 'context' => 'blog',
\r
2283 'blogid' => $blogid,
\r
2288 $this->action_overview(_MSG_SETTINGSCHANGED);
\r
2293 * @todo document this
\r
2295 function action_deleteblog()
\r
2297 global $member, $CONF, $manager;
\r
2299 $blogid = intRequestVar('blogid');
\r
2301 $member->blogAdminRights($blogid) or $this->disallow();
\r
2303 // check if blog is default blog
\r
2304 if ( $CONF['DefaultBlog'] == $blogid )
\r
2306 $this->error(_ERROR_DELDEFBLOG);
\r
2309 $blog =& $manager->getBlog($blogid);
\r
2311 $this->pagehead();
\r
2312 $this->parse('deleteblog');
\r
2313 $this->pagefoot();
\r
2317 * Admin::action_deleteblogconfirm()
\r
2323 function action_deleteblogconfirm()
\r
2325 global $member, $CONF, $manager;
\r
2327 $blogid = intRequestVar('blogid');
\r
2331 'blogid' => $blogid
\r
2334 $member->blogAdminRights($blogid) or $this->disallow();
\r
2336 // check if blog is default blog
\r
2337 if ( $CONF['DefaultBlog'] == $blogid )
\r
2339 $this->error(_ERROR_DELDEFBLOG);
\r
2342 // delete all comments
\r
2343 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
\r
2344 sql_query($query);
\r
2346 // delete all items
\r
2347 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
\r
2348 sql_query($query);
\r
2350 // delete all team members
\r
2351 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
\r
2352 sql_query($query);
\r
2354 // delete all bans
\r
2355 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
\r
2356 sql_query($query);
\r
2358 // delete all categories
\r
2359 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
\r
2360 sql_query($query);
\r
2362 // delete all associated plugin options
\r
2363 NucleusPlugin::delete_option_values('blog', $blogid);
\r
2365 // delete the blog itself
\r
2366 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
\r
2367 sql_query($query);
\r
2372 'blogid' => $blogid
\r
2376 $this->action_overview(_DELETED_BLOG);
\r
2381 * @todo document this
\r
2383 function action_memberdelete()
\r
2385 global $member, $manager;
\r
2387 $memberid = intRequestVar('memberid');
\r
2389 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
2391 $mem = Member::createFromID($memberid);
\r
2393 $this->pagehead();
\r
2394 $this->parse('memberdelete');
\r
2395 $this->pagefoot();
\r
2399 * @todo document this
\r
2401 function action_memberdeleteconfirm()
\r
2405 $memberid = intRequestVar('memberid');
\r
2407 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
2409 $error = $this->deleteOneMember($memberid);
\r
2412 $this->error($error);
\r
2415 if ( $member->isAdmin() )
\r
2417 $this->action_usermanagement();
\r
2421 $this->action_overview(_DELETED_MEMBER);
\r
2426 * Admin::deleteOneMember()
\r
2427 * Delete a member by id
\r
2430 * @params Integer $memberid member id
\r
2431 * @return String null string or error messages
\r
2433 function deleteOneMember($memberid)
\r
2437 $memberid = intval($memberid);
\r
2438 $mem = Member::createFromID($memberid);
\r
2440 if ( !$mem->canBeDeleted() )
\r
2442 return _ERROR_DELETEMEMBER;
\r
2446 'PreDeleteMember',
\r
2452 /* unlink comments from memberid */
\r
2455 $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d";
\r
2456 $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid);
\r
2457 sql_query($query);
\r
2460 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
\r
2461 sql_query($query);
\r
2463 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
\r
2464 sql_query($query);
\r
2466 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
\r
2467 sql_query($query);
\r
2469 // delete all associated plugin options
\r
2470 NucleusPlugin::delete_option_values('member', $memberid);
\r
2473 'PostDeleteMember',
\r
2483 * @todo document this
\r
2485 function action_createnewlog()
\r
2487 global $member, $CONF, $manager;
\r
2489 // Only Super-Admins can do this
\r
2490 $member->isAdmin() or $this->disallow();
\r
2492 $this->pagehead();
\r
2493 $this->parse('createnewlog');
\r
2494 $this->pagefoot();
\r
2498 * @todo document this
\r
2500 function action_addnewlog()
\r
2502 global $member, $manager, $CONF;
\r
2504 // Only Super-Admins can do this
\r
2505 $member->isAdmin() or $this->disallow();
\r
2507 $bname = trim(postVar('name'));
\r
2508 $bshortname = trim(postVar('shortname'));
\r
2509 $btimeoffset = postVar('timeoffset');
\r
2510 $bdesc = trim(postVar('desc'));
\r
2511 $bdefskin = postVar('defskin');
\r
2513 if ( !isValidShortName($bshortname) )
\r
2515 $this->error(_ERROR_BADSHORTBLOGNAME);
\r
2518 if ( $manager->existsBlog($bshortname) )
\r
2520 $this->error(_ERROR_DUPSHORTBLOGNAME);
\r
2526 'name' => &$bname,
\r
2527 'shortname' => &$bshortname,
\r
2528 'timeoffset' => &$btimeoffset,
\r
2529 'description' => &$bdesc,
\r
2530 'defaultskin' => &$bdefskin
\r
2535 // add slashes for sql queries
\r
2536 $bname = sql_real_escape_string($bname);
\r
2537 $bshortname = sql_real_escape_string($bshortname);
\r
2538 $btimeoffset = sql_real_escape_string($btimeoffset);
\r
2539 $bdesc = sql_real_escape_string($bdesc);
\r
2540 $bdefskin = sql_real_escape_string($bdefskin);
\r
2543 $query = 'INSERT '
\r
2545 . sql_table('blog')
\r
2550 . ' btimeoffset, '
\r
2553 . "'" . $bname . "',"
\r
2554 . "'" . $bshortname . "',"
\r
2555 . "'" . $bdesc . "',"
\r
2556 . "'" . $btimeoffset . "',"
\r
2557 . "'" . $bdefskin . "'"
\r
2559 sql_query($query);
\r
2560 $blogid = sql_insert_id();
\r
2561 $blog =& $manager->getBlog($blogid);
\r
2563 // create new category
\r
2564 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');
\r
2565 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');
\r
2566 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';
\r
2567 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));
\r
2568 $catid = sql_insert_id();
\r
2570 // set as default category
\r
2571 $blog->setDefaultCategory($catid);
\r
2572 $blog->writeSettings();
\r
2574 // create team member
\r
2575 $memberid = $member->getID();
\r
2576 $query = 'INSERT '
\r
2578 . sql_table('team')
\r
2588 sql_query(sprintf($query), $memberid, $blogid);
\r
2590 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
\r
2591 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
\r
2594 $blog->getDefaultCategory(),
\r
2595 $itemdeftitle,$itemdefbody,
\r
2599 $blog->getCorrectTime(),
\r
2612 'PostAddCategory',
\r
2615 'name' => _EBLOGDEFAULTCATEGORY_NAME,
\r
2616 'description' => _EBLOGDEFAULTCATEGORY_DESC,
\r
2621 $_REQUEST['blogid'] = $blogid;
\r
2622 $_REQUEST['catid'] = $catid;
\r
2623 $this->pagehead();
\r
2624 $this->parse('addnewlog');
\r
2625 $this->pagefoot();
\r
2629 * @todo document this
\r
2631 function action_addnewlog2()
\r
2633 global $member, $manager;
\r
2634 $blogid = intRequestVar('blogid');
\r
2636 $member->blogAdminRights($blogid) or $this->disallow();
\r
2638 $burl = requestVar('url');
\r
2640 $blog =& $manager->getBlog($blogid);
\r
2641 $blog->setURL(trim($burl));
\r
2642 $blog->writeSettings();
\r
2644 $this->action_overview(_MSG_NEWBLOG);
\r
2648 * @todo document this
\r
2650 function action_skinieoverview()
\r
2652 global $member, $DIR_LIBS, $manager;
\r
2654 $member->isAdmin() or $this->disallow();
\r
2656 // load skinie class
\r
2657 include_once($DIR_LIBS . 'skinie.php');
\r
2659 $this->pagehead();
\r
2660 $this->parse('skinieoverview');
\r
2661 $this->pagefoot();
\r
2666 * @todo document this
\r
2668 function action_skinieimport() {
\r
2669 global $member, $DIR_LIBS, $DIR_SKINS, $manager;
\r
2671 $member->isAdmin() or $this->disallow();
\r
2673 // load skinie class
\r
2674 include_once($DIR_LIBS . 'skinie.php');
\r
2676 $skinFileRaw = postVar('skinfile');
\r
2677 $mode = postVar('mode');
\r
2679 $importer = new SkinImport();
\r
2681 // get full filename
\r
2682 if ($mode == 'file')
\r
2684 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2686 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2687 if ( !file_exists($skinFile) )
\r
2689 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2692 $skinFile = $skinFileRaw;
\r
2695 // read only metadata
\r
2696 $error = $importer->readFile($skinFile, 1);
\r
2698 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2699 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2700 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2703 $skinNameClashes = $importer->checkSkinNameClashes();
\r
2704 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
2705 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
2707 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
2708 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
2709 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
2713 $this->error($error);
\r
2716 $this->pagehead();
\r
2717 $this->parse('skinieimport');
\r
2718 $this->pagefoot();
\r
2722 * @todo document this
\r
2724 function action_skiniedoimport()
\r
2726 global $member, $DIR_LIBS, $DIR_SKINS;
\r
2728 $member->isAdmin() or $this->disallow();
\r
2730 // load skinie class
\r
2731 include_once($DIR_LIBS . 'skinie.php');
\r
2733 $skinFileRaw= postVar('skinfile');
\r
2734 $mode = postVar('mode');
\r
2736 $allowOverwrite = intPostVar('overwrite');
\r
2738 // get full filename
\r
2739 if ( $mode == 'file' )
\r
2741 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2743 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2744 if ( !file_exists($skinFile) )
\r
2746 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2752 $skinFile = $skinFileRaw;
\r
2755 $importer = new SkinImport();
\r
2757 $error = $importer->readFile($skinFile);
\r
2761 $this->error($error);
\r
2764 $error = $importer->writeToDatabase($allowOverwrite);
\r
2768 $this->error($error);
\r
2771 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2772 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2773 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2775 $this->pagehead();
\r
2776 $this->parse('skiniedoimport');
\r
2777 $this->pagefoot();
\r
2781 * @todo document this
\r
2783 function action_skinieexport()
\r
2785 global $member, $DIR_LIBS;
\r
2787 $member->isAdmin() or $this->disallow();
\r
2789 // load skinie class
\r
2790 include_once($DIR_LIBS . 'skinie.php');
\r
2792 $aSkins = requestIntArray('skin');
\r
2793 $aTemplates = requestIntArray('template');
\r
2795 if ( !is_array($aTemplates) )
\r
2797 $aTemplates = array();
\r
2799 if ( !is_array($aSkins) )
\r
2801 $aSkins = array();
\r
2804 $skinList = array_keys($aSkins);
\r
2805 $templateList = array_keys($aTemplates);
\r
2807 $info = postVar('info');
\r
2809 $exporter = new SkinExport();
\r
2810 foreach ($skinList as $skinId)
\r
2812 $exporter->addSkin($skinId);
\r
2814 foreach ($templateList as $templateId)
\r
2816 $exporter->addTemplate($templateId);
\r
2818 $exporter->setInfo($info);
\r
2820 $exporter->export();
\r
2824 * @todo document this
\r
2826 function action_templateoverview()
\r
2828 global $member, $manager;
\r
2830 $member->isAdmin() or $this->disallow();
\r
2832 $this->pagehead();
\r
2833 $this->parse('templateoverview');
\r
2834 $this->pagefoot();
\r
2838 * @todo document this
\r
2840 function action_templateedit($msg = '')
\r
2842 global $member, $manager;
\r
2845 $this->headMess = $msg;
\r
2848 $templateid = intRequestVar('templateid');
\r
2850 $member->isAdmin() or $this->disallow();
\r
2852 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';
\r
2853 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';
\r
2855 $this->pagehead($extrahead);
\r
2856 $this->parse('templateedit');
\r
2857 $this->pagefoot();
\r
2861 * @todo document this
\r
2863 function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {
\r
2864 static $count = 1;
\r
2865 if (!isset($template[$name])) $template[$name] = '';
\r
2868 <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>
\r
2869 <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo Entity::hsc($template[$name]); ?></textarea></td>
\r
2875 * @todo document this
\r
2877 function action_templateupdate()
\r
2879 global $member,$manager;
\r
2881 $templateid = intRequestVar('templateid');
\r
2883 $member->isAdmin() or $this->disallow();
\r
2885 $name = postVar('tname');
\r
2886 $desc = postVar('tdesc');
\r
2888 if ( !isValidTemplateName($name) )
\r
2890 $this->error(_ERROR_BADTEMPLATENAME);
\r
2893 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
\r
2895 $this->error(_ERROR_DUPTEMPLATENAME);
\r
2898 $name = sql_real_escape_string($name);
\r
2899 $desc = sql_real_escape_string($desc);
\r
2901 // 1. Remove all template parts
\r
2902 $query = 'DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid;
\r
2903 sql_query($query);
\r
2905 // 2. Update description
\r
2906 $query = 'UPDATE '
\r
2907 . sql_table('template_desc')
\r
2909 . " tdname='" . $name . "',"
\r
2910 . " tddesc='" . $desc . "'"
\r
2912 . " tdnumber=" . $templateid;
\r
2913 sql_query($query);
\r
2915 // 3. Add non-empty template parts
\r
2916 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));
\r
2917 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM'));
\r
2918 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));
\r
2919 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));
\r
2920 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));
\r
2921 $this->addToTemplate($templateid, 'NEW', postVar('NEW'));
\r
2922 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));
\r
2923 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));
\r
2924 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));
\r
2925 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));
\r
2926 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));
\r
2927 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));
\r
2928 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));
\r
2929 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));
\r
2930 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));
\r
2931 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
\r
2932 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
\r
2933 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
\r
2934 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
\r
2935 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
\r
2936 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
\r
2937 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
\r
2938 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
\r
2939 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
\r
2940 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));
\r
2941 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));
\r
2942 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));
\r
2943 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));
\r
2944 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));
\r
2945 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));
\r
2946 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
\r
2947 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));
\r
2948 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
\r
2949 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
\r
2951 $pluginfields = array();
\r
2953 'TemplateExtraFields',
\r
2955 'fields'=>&$pluginfields
\r
2958 foreach ($pluginfields as $pfkey=>$pfvalue)
\r
2960 foreach ($pfvalue as $pffield=>$pfdesc)
\r
2962 $this->addToTemplate($templateid, $pffield, postVar($pffield));
\r
2966 // jump back to template edit
\r
2967 $this->action_templateedit(_TEMPLATE_UPDATED);
\r
2972 * Admin::addToTemplate()
\r
2974 * @param Integer $id ID for template
\r
2975 * @param String $partname parts name
\r
2976 * @param String $content template contents
\r
2977 * @return Integer record index
\r
2980 function addToTemplate($id, $partname, $content)
\r
2982 // don't add empty parts:
\r
2983 if ( !trim($content) )
\r
2988 $partname = sql_real_escape_string($partname);
\r
2989 $content = sql_real_escape_string($content);
\r
2991 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, '%s', '%s')";
\r
2992 $query = sprintf($query, sql_table('template'), (integer) $id, $partname, $content);
\r
2993 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
2994 return sql_insert_id();
\r
2998 * @todo document this
\r
3000 function action_templatedelete() {
\r
3001 global $member, $manager;
\r
3003 $member->isAdmin() or $this->disallow();
\r
3005 $templateid = intRequestVar('templateid');
\r
3006 // TODO: check if template can be deleted
\r
3008 $this->pagehead();
\r
3009 $this->parse('templatedelete');
\r
3010 $this->pagefoot();
\r
3014 * @todo document this
\r
3016 function action_templatedeleteconfirm() {
\r
3017 global $member, $manager;
\r
3019 $templateid = intRequestVar('templateid');
\r
3021 $member->isAdmin() or $this->disallow();
\r
3024 'PreDeleteTemplate',
\r
3026 'templateid' => $templateid
\r
3030 // 1. delete description
\r
3031 sql_query('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
\r
3033 // 2. delete parts
\r
3034 sql_query('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
\r
3037 'PostDeleteTemplate',
\r
3039 'templateid' => $templateid
\r
3043 $this->action_templateoverview();
\r
3047 * @todo document this
\r
3049 function action_templatenew()
\r
3053 $member->isAdmin() or $this->disallow();
\r
3055 $name = postVar('name');
\r
3056 $desc = postVar('desc');
\r
3058 if ( !isValidTemplateName($name) )
\r
3060 $this->error(_ERROR_BADTEMPLATENAME);
\r
3063 if ( Template::exists($name) )
\r
3065 $this->error(_ERROR_DUPTEMPLATENAME);
\r
3068 $newTemplateId = Template::createNew($name, $desc);
\r
3070 $this->action_templateoverview();
\r
3074 * @todo document this
\r
3076 function action_templateclone()
\r
3080 $templateid = intRequestVar('templateid');
\r
3082 $member->isAdmin() or $this->disallow();
\r
3084 // 1. read old template
\r
3085 $name = Template::getNameFromId($templateid);
\r
3086 $desc = Template::getDesc($templateid);
\r
3088 // 2. create desc thing
\r
3089 $name = "cloned" . $name;
\r
3091 // if a template with that name already exists:
\r
3092 if (Template::exists($name)) {
\r
3094 while (Template::exists($name . $i))
\r
3101 $newid = Template::createNew($name, $desc);
\r
3103 // 3. create clone
\r
3104 // go through parts of old template and add them to the new one
\r
3109 . sql_table('template')
\r
3111 . ' tdesc=' . intval($templateid);
\r
3112 $res = sql_query($que);
\r
3113 while ($o = sql_fetch_object($res)) {
\r
3114 $this->addToTemplate($newid, $o->tpartname, $o->tcontent);
\r
3117 $this->action_templateoverview();
\r
3121 * @todo document this
\r
3123 function action_admintemplateoverview()
\r
3125 global $member, $manager;
\r
3126 $member->isAdmin() or $this->disallow();
\r
3127 $this->pagehead();
\r
3128 $this->parse('admintemplateoverview');
\r
3129 $this->pagefoot();
\r
3133 * @todo document this
\r
3135 function action_admintemplateedit($msg = '')
\r
3137 global $member, $manager;
\r
3139 $this->headMess = $msg;
\r
3141 $member->isAdmin() or $this->disallow();
\r
3142 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>' . "\n";
\r
3143 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';
\r
3144 $this->pagehead($extrahead);
\r
3145 $this->parse('admintemplateedit');
\r
3146 $this->pagefoot();
\r
3150 * @todo document this
\r
3152 function action_admintemplateupdate()
\r
3154 global $member, $manager;
\r
3155 $templateid = intRequestVar('templateid');
\r
3156 $member->isAdmin() or $this->disallow();
\r
3157 $name = postVar('tname');
\r
3158 $desc = postVar('tdesc');
\r
3160 if (!isValidTemplateName($name)) {
\r
3161 $this->error(_ERROR_BADTEMPLATENAME);
\r
3163 // if (!class_exists('Template')) {
\r
3164 // NP_SkinableAdmin::loadSkinableClass('Template');
\r
3166 if ((Template::getNameFromId($templateid) != $name) && Template::exists($name)) {
\r
3167 $this->error(_ERROR_DUPTEMPLATENAME);
\r
3169 $name = sql_real_escape_string($name);
\r
3170 $desc = sql_real_escape_string($desc);
\r
3172 // 1. Remove all template parts
\r
3173 $query = 'DELETE '
\r
3175 . sql_table('admintemplate') . ' '
\r
3178 sql_query(sprintf($query, $templateid));
\r
3180 // 2. Update description
\r
3181 $query = 'UPDATE '
\r
3182 . sql_table('admintemplate_desc') . ' '
\r
3184 . ' tdname = "' . sql_real_escape_string($name) . '", '
\r
3185 . ' tddesc = "' . sql_real_escape_string($desc) . '" '
\r
3187 . ' tdnumber = %d';
\r
3188 sql_query(sprintf($query, $templateid));
\r
3190 // 3. Add non-empty template parts
\r
3191 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_HEAD', postVar('ADMINSKINTYPELIST_HEAD'));
\r
3192 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_BODY', postVar('ADMINSKINTYPELIST_BODY'));
\r
3193 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_FOOT', postVar('ADMINSKINTYPELIST_FOOT'));
\r
3194 $this->addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON', postVar('ADMIN_CUSTOMHELPLINK_ICON'));
\r
3195 $this->addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR', postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
\r
3196 $this->addToAdminTemplate($templateid, 'ADMIN_BLOGLINK', postVar('ADMIN_BLOGLINK'));
\r
3197 $this->addToAdminTemplate($templateid, 'ADMIN_BATCHLIST', postVar('ADMIN_BATCHLIST'));
\r
3198 $this->addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TITLE', postVar('ACTIVATE_FORGOT_TITLE'));
\r
3199 $this->addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TEXT', postVar('ACTIVATE_FORGOT_TEXT'));
\r
3200 $this->addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TITLE', postVar('ACTIVATE_REGISTER_TITLE'));
\r
3201 $this->addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TEXT', postVar('ACTIVATE_REGISTER_TEXT'));
\r
3202 $this->addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TITLE', postVar('ACTIVATE_CHANGE_TITLE'));
\r
3203 $this->addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TEXT', postVar('ACTIVATE_CHANGE_TEXT'));
\r
3204 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME', postVar('TEMPLATE_EDIT_EXPLUGNAME'));
\r
3205 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD', postVar('TEMPLATE_EDIT_ROW_HEAD'));
\r
3206 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL', postVar('TEMPLATE_EDIT_ROW_TAIL'));
\r
3207 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_HEAD', postVar('SPECIALSKINLIST_HEAD'));
\r
3208 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_BODY', postVar('SPECIALSKINLIST_BODY'));
\r
3209 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_FOOT', postVar('SPECIALSKINLIST_FOOT'));
\r
3210 $this->addToAdminTemplate($templateid, 'SYSTEMINFO_GDSETTINGS', postVar('SYSTEMINFO_GDSETTINGS'));
\r
3211 $this->addToAdminTemplate($templateid, 'BANLIST_DELETED_LIST', postVar('BANLIST_DELETED_LIST'));
\r
3212 $this->addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_TITLE', postVar('INSERT_PLUGOPTION_TITLE'));
\r
3213 $this->addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_BODY', postVar('INSERT_PLUGOPTION_BODY'));
\r
3214 $this->addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN', postVar('INPUTYESNO_TEMPLATE_ADMIN'));
\r
3215 $this->addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL', postVar('INPUTYESNO_TEMPLATE_NORMAL'));
\r
3216 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD', postVar('ADMIN_SPECIALSKINLIST_HEAD'));
\r
3217 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY', postVar('ADMIN_SPECIALSKINLIST_BODY'));
\r
3218 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT', postVar('ADMIN_SPECIALSKINLIST_FOOT'));
\r
3219 $this->addToAdminTemplate($templateid, 'SKINIE_EXPORT_LIST', postVar('SKINIE_EXPORT_LIST'));
\r
3220 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD', postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
\r
3221 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY', postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
\r
3222 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT', postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
\r
3223 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
\r
3224 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
\r
3225 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
\r
3226 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
\r
3227 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
\r
3228 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
\r
3229 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
\r
3230 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
\r
3231 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
\r
3232 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
\r
3233 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
\r
3234 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
\r
3235 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
\r
3236 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
\r
3237 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
\r
3238 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
\r
3239 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
\r
3240 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
\r
3241 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
\r
3242 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
\r
3243 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
\r
3244 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
\r
3245 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
\r
3246 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
\r
3247 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
\r
3248 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
\r
3249 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
\r
3250 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
\r
3251 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
\r
3252 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
\r
3253 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
\r
3254 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
\r
3255 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
\r
3256 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
\r
3257 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
\r
3258 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
\r
3259 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
\r
3260 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
\r
3261 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
\r
3262 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
\r
3263 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
\r
3264 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
\r
3265 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
\r
3266 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
\r
3267 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
\r
3268 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
\r
3269 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
\r
3270 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
\r
3271 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
\r
3272 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
\r
3273 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
\r
3274 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
\r
3275 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
\r
3276 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
\r
3277 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
\r
3278 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
\r
3279 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
\r
3280 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
\r
3281 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
\r
3282 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
\r
3283 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
\r
3284 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
\r
3285 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
\r
3286 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
\r
3287 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
\r
3288 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
\r
3289 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
\r
3290 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
\r
3291 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
\r
3292 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE', postVar('PLUGIN_QUICKMENU_TITLE'));
\r
3293 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD', postVar('PLUGIN_QUICKMENU_HEAD'));
\r
3294 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_BODY', postVar('PLUGIN_QUICKMENU_BODY'));
\r
3295 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT', postVar('PLUGIN_QUICKMENU_FOOT'));
\r
3297 $pluginfields = array();
\r
3299 'TemplateExtraFields',
\r
3301 'fields' => &$pluginfields
\r
3304 foreach ($pluginfields as $pfkey => $pfvalue) {
\r
3305 foreach ($pfvalue as $pffield => $pfdesc) {
\r
3306 $this->addToAdminTemplate($templateid, $pffield, postVar($pffield));
\r
3310 // jump back to template edit
\r
3311 $this->action_admintemplateedit(_TEMPLATE_UPDATED);
\r
3315 * @todo document this
\r
3317 function addToAdminTemplate($id, $partname, $content)
\r
3319 $partname = sql_real_escape_string($partname);
\r
3320 $content = sql_real_escape_string($content);
\r
3323 $id = intval($id);
\r
3325 // don't add empty parts:
\r
3326 if (!trim($content)) {
\r
3329 $query = 'INSERT '
\r
3331 . sql_table('admintemplate') . ' '
\r
3341 sql_query(sprintf($query, $id, $partname, $content)) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
3342 return sql_insert_id();
\r
3346 * @todo document this
\r
3348 function action_admintemplatedelete()
\r
3350 global $member, $manager;
\r
3351 $member->isAdmin() or $this->disallow();
\r
3352 // TODO: check if template can be deleted
\r
3353 $this->pagehead();
\r
3354 $this->parse('admintemplatedelete');
\r
3355 $this->pagefoot();
\r
3359 * @todo document this
\r
3361 function action_admintemplatedeleteconfirm()
\r
3363 global $member, $manager;
\r
3364 $templateid = intRequestVar('templateid');
\r
3365 $member->isAdmin() or $this->disallow();
\r
3367 'PreDeleteAdminTemplate',
\r
3369 'templateid' => $templateid
\r
3373 $query = 'DELETE '
\r
3377 . ' %s = ' .intval($templateid);
\r
3378 // 1. delete description
\r
3379 sql_query(sprintf($query, sql_table('admintemplate_desc'), 'tdnumber'));
\r
3380 // 2. delete parts
\r
3381 sql_query(sprintf($query, sql_table('admintemplate'), 'tdesc'));
\r
3384 'PostDeleteAdminTemplate',
\r
3386 'templateid' => $templateid
\r
3389 $this->action_admintemplateoverview();
\r
3393 * @todo document this
\r
3395 function action_admintemplatenew()
\r
3398 $member->isAdmin() or $this->disallow();
\r
3399 $name = postVar('name');
\r
3400 $desc = postVar('desc');
\r
3402 if (!isValidTemplateName($name)) {
\r
3403 $this->error(_ERROR_BADTEMPLATENAME);
\r
3405 if (Template::exists($name)) {
\r
3406 $this->error(_ERROR_DUPTEMPLATENAME);
\r
3409 $newTemplateId = Template::createNew($name, $desc);
\r
3410 $this->action_admintemplateoverview();
\r
3414 * @todo document this
\r
3416 function action_admintemplateclone()
\r
3419 $templateid = intRequestVar('templateid');
\r
3420 $member->isAdmin() or $this->disallow();
\r
3422 // if (!class_exists('Template')) {
\r
3423 // NP_SkinableAdmin::loadSkinableClass('Template');
\r
3426 // 1. read old template
\r
3427 $name = Template::getNameFromId($templateid);
\r
3428 $desc = Template::getDesc($templateid);
\r
3429 // 2. create desc thing
\r
3430 $name = "cloned" . $name;
\r
3432 // if a template with that name already exists:
\r
3433 if (Template::exists($name)) {
\r
3435 while (Template::exists($name . $i)) {
\r
3441 $newid = Template::admincreateNew($name, $desc);
\r
3443 // 3. create clone
\r
3444 // go through parts of old template and add them to the new one
\r
3449 . sql_table('admintemplate') . ' '
\r
3451 . ' tdesc = ' . intval($templateid);
\r
3452 $res = sql_query($que);
\r
3453 while ($o = sql_fetch_object($res)) {
\r
3454 $this->addToAdminTemplate($newid, $o->tpartname, $o->tcontent);
\r
3456 $this->action_admintemplateoverview();
\r
3460 * @todo document this
\r
3462 function action_skinoverview()
\r
3464 global $member, $manager;
\r
3466 $member->isAdmin() or $this->disallow();
\r
3468 $this->pagehead();
\r
3469 $this->parse('skinoverview');
\r
3470 $this->pagefoot();
\r
3474 * @todo document this
\r
3476 function action_skinnew()
\r
3480 $member->isAdmin() or $this->disallow();
\r
3482 $name = trim(postVar('name'));
\r
3483 $desc = trim(postVar('desc'));
\r
3485 if ( !isValidSkinName($name) )
\r
3487 $this->error(_ERROR_BADSKINNAME);
\r
3490 if ( SKIN::exists($name) )
\r
3492 $this->error(_ERROR_DUPSKINNAME);
\r
3495 $newId = SKIN::createNew($name, $desc);
\r
3497 $this->action_skinoverview();
\r
3501 * @todo document this
\r
3503 function action_skinedit()
\r
3505 global $member, $manager;
\r
3507 // $skinid = intRequestVar('skinid');
\r
3509 $member->isAdmin() or $this->disallow();
\r
3511 // $skin = new SKIN($skinid);
\r
3513 $this->pagehead();
\r
3514 $this->parse('skinedit');
\r
3515 $this->pagefoot();
\r
3519 * @todo document this
\r
3521 function action_skineditgeneral()
\r
3525 $skinid = intRequestVar('skinid');
\r
3527 $member->isAdmin() or $this->disallow();
\r
3529 $name = postVar('name');
\r
3530 $desc = postVar('desc');
\r
3531 $type = postVar('type');
\r
3532 $inc_mode = postVar('inc_mode');
\r
3533 $inc_prefix = postVar('inc_prefix');
\r
3535 $skin = new Skin($skinid);
\r
3538 if ( !isValidSkinName($name) )
\r
3540 $this->error(_ERROR_BADSKINNAME);
\r
3543 if ( ($skin->getName() != $name) && SKIN::exists($name) )
\r
3545 $this->error(_ERROR_DUPSKINNAME);
\r
3550 $type = 'text/html';
\r
3554 $inc_mode = 'normal';
\r
3557 // 2. Update description
\r
3558 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
3560 $this->action_skinedit();
\r
3565 * @todo document this
\r
3567 function action_skinedittype($msg = '')
\r
3569 global $member, $manager;
\r
3571 $member->isAdmin() or $this->disallow();
\r
3574 $this->headMess = $msg;
\r
3576 $skinid = intRequestVar('skinid');
\r
3577 $type = requestVar('type');
\r
3578 $type = trim($type);
\r
3579 $type = strtolower($type);
\r
3581 if ( !isValidShortName($type) )
\r
3583 $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
3586 $this->pagehead();
\r
3587 $this->parse('skinedittype');
\r
3588 $this->pagefoot();
\r
3592 * @todo document this
\r
3594 function action_skinupdate()
\r
3598 $skinid = intRequestVar('skinid');
\r
3599 $content = trim(postVar('content'));
\r
3600 $type = postVar('type');
\r
3602 $member->isAdmin() or $this->disallow();
\r
3604 $skin = new SKIN($skinid);
\r
3605 $skin->update($type, $content);
\r
3607 $this->action_skinedittype(_SKIN_UPDATED);
\r
3611 * @todo document this
\r
3613 function action_skindelete()
\r
3615 global $member, $manager, $CONF;
\r
3617 $skinid = intRequestVar('skinid');
\r
3619 $member->isAdmin() or $this->disallow();
\r
3621 // don't allow default skin to be deleted
\r
3622 if ( $skinid == $CONF['BaseSkin'] )
\r
3624 $this->error(_ERROR_DEFAULTSKIN);
\r
3627 // don't allow deletion of default skins for blogs
\r
3628 $query = 'SELECT bname FROM ' . sql_table('blog') . ' WHERE bdefskin=' . $skinid;
\r
3629 $r = sql_query($query);
\r
3630 if ( $o = sql_fetch_object($r) )
\r
3632 $this->error(_ERROR_SKINDEFDELETE . Entity::hsc($o->bname));
\r
3635 $this->pagehead();
\r
3636 $this->parse('skindelete');
\r
3637 $this->pagefoot();
\r
3641 * @todo document this
\r
3643 function action_skindeleteconfirm()
\r
3645 global $member, $CONF, $manager;
\r
3647 $skinid = intRequestVar('skinid');
\r
3649 $member->isAdmin() or $this->disallow();
\r
3651 // don't allow default skin to be deleted
\r
3652 if ( $skinid == $CONF['BaseSkin'] )
\r
3654 $this->error(_ERROR_DEFAULTSKIN);
\r
3657 // don't allow deletion of default skins for blogs
\r
3661 . sql_table('blog') . ' '
\r
3663 . ' bdefskin=' . $skinid;
\r
3664 $r = sql_query($query);
\r
3665 if ( $o = sql_fetch_object($r) )
\r
3667 $this->error(_ERROR_SKINDEFDELETE .$o->bname);
\r
3673 'skinid' => $skinid
\r
3677 // 1. delete description
\r
3678 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid);
\r
3680 // 2. delete parts
\r
3681 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid);
\r
3686 'skinid' => $skinid
\r
3690 $this->action_skinoverview();
\r
3694 * @todo document this
\r
3696 function action_skinremovetype() {
\r
3697 global $member, $manager, $CONF;
\r
3699 $member->isAdmin() or $this->disallow();
\r
3701 $skinid = intRequestVar('skinid');
\r
3702 $skintype = requestVar('type');
\r
3704 if ( !isValidShortName($skintype) )
\r
3706 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3710 // don't allow default skinparts to be deleted
\r
3711 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3713 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3716 $this->pagehead();
\r
3717 $this->parse('skinremovetype');
\r
3718 $this->pagefoot();
\r
3722 * @todo document this
\r
3724 function action_skinremovetypeconfirm() {
\r
3725 global $member, $CONF, $manager;
\r
3727 $member->isAdmin() or $this->disallow();
\r
3729 $skinid = intRequestVar('skinid');
\r
3730 $skintype = requestVar('type');
\r
3732 if ( !isValidShortName($skintype) )
\r
3734 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3737 // don't allow default skinparts to be deleted
\r
3738 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3740 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3744 'PreDeleteSkinPart',
\r
3746 'skinid' => $skinid,
\r
3747 'skintype' => $skintype
\r
3752 sql_query("DELETE FROM " . sql_table('skin') . " WHERE sdesc=" . $skinid . " AND stype='" . $skintype . "'");
\r
3755 'PostDeleteSkinPart',
\r
3757 'skinid' => $skinid,
\r
3758 'skintype' => $skintype
\r
3762 $this->action_skinedit();
\r
3766 * @todo document this
\r
3768 function action_skinclone()
\r
3772 $member->isAdmin() or $this->disallow();
\r
3774 $skinid = intRequestVar('skinid');
\r
3776 // 1. read skin to clone
\r
3777 $skin = new SKIN($skinid);
\r
3779 $name = "clone_" . $skin->getName();
\r
3781 // if a skin with that name already exists:
\r
3782 if (Skin::exists($name)) {
\r
3784 while (Skin::exists($name . $i))
\r
3789 // 2. create skin desc
\r
3790 $newid = Skin::createNew(
\r
3792 $skin->getDescription(),
\r
3793 $skin->getContentType(),
\r
3794 $skin->getIncludeMode(),
\r
3795 $skin->getIncludePrefix()
\r
3800 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;
\r
3801 $res = sql_query($query);
\r
3802 while ($row = sql_fetch_assoc($res)) {
\r
3803 $this->skinclonetype($skin, $newid, $row['stype']);
\r
3806 $this->action_skinoverview();
\r
3811 * Admin::skinclonetype()
\r
3813 * @param String $skin Skin object
\r
3814 * @param Integer $newid ID for this clone
\r
3815 * @param String $type type of skin
\r
3818 function skinclonetype($skin, $newid, $type)
\r
3820 $newid = intval($newid);
\r
3821 $content = $skin->getContent($type);
\r
3825 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')";
\r
3826 $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type);
\r
3827 sql_query($query);
\r
3833 * @todo document this
\r
3835 function action_adminskinoverview() {
\r
3836 global $member, $manager;
\r
3838 $member->isAdmin() or $this->disallow();
\r
3840 $this->pagehead();
\r
3841 $this->parse('adminskinoverview');
\r
3842 $this->pagefoot();
\r
3846 * @todo document this
\r
3848 function action_adminskinnew()
\r
3851 $member->isAdmin() or $this->disallow();
\r
3852 $name = trim(postVar('name'));
\r
3853 $desc = trim(postVar('desc'));
\r
3855 if (!isValidSkinName($name)) {
\r
3856 $this->error(_ERROR_BADSKINNAME);
\r
3858 if (SkinSKIN::exists($name)) {
\r
3859 $this->error(_ERROR_DUPSKINNAME);
\r
3861 $newId = Skin::createNew($name, $desc);
\r
3862 $this->action_adminskinoverview();
\r
3866 * @todo document this
\r
3868 function action_adminskinedit()
\r
3870 global $member, $manager;
\r
3872 $member->isAdmin() or $this->disallow();
\r
3873 $this->pagehead();
\r
3874 $this->parse('adminskinedit');
\r
3875 $this->pagefoot();
\r
3879 * @todo document this
\r
3881 function action_adminskineditgeneral()
\r
3885 $skinid = intRequestVar('skinid');
\r
3887 $member->isAdmin() or $this->disallow();
\r
3889 $name = postVar('name');
\r
3890 $desc = postVar('desc');
\r
3891 $type = postVar('type');
\r
3892 $inc_mode = postVar('inc_mode');
\r
3893 $inc_prefix = postVar('inc_prefix');
\r
3895 $skin = new Skin($skinid);
\r
3898 if (!isValidSkinName($name)) {
\r
3899 $this->error(_ERROR_BADSKINNAME);
\r
3901 if (($skin->getName() != $name) && Skin::exists($name)) {
\r
3902 $this->error(_ERROR_DUPSKINNAME);
\r
3905 $type = 'text/html';
\r
3908 $inc_mode = 'normal';
\r
3910 // 2. Update description
\r
3911 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
3912 $this->action_adminskinedit();
\r
3916 * @todo document this
\r
3918 function action_adminskinedittype($msg = '')
\r
3920 global $member, $manager;
\r
3922 $member->isAdmin() or $this->disallow();
\r
3924 $this->headMess = $msg;
\r
3926 $type = requestVar('type');
\r
3927 $type = trim($type);
\r
3928 $type = strtolower($type);
\r
3929 if (!isValidShortName($type)) {
\r
3930 $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
3932 $this->pagehead();
\r
3933 $this->parse('adminskinedittype');
\r
3934 $this->pagefoot();
\r
3938 * @todo document this
\r
3940 function action_adminskinupdate()
\r
3943 $skinid = intRequestVar('skinid');
\r
3944 $content = trim(postVar('content'));
\r
3945 $type = postVar('type');
\r
3947 $member->isAdmin() or $this->disallow();
\r
3949 $skin = new Skin($skinid);
\r
3950 $skin->update($type, $content);
\r
3951 $this->action_adminskinedittype(_SKIN_UPDATED);
\r
3955 * @todo document this
\r
3957 function action_adminskindelete()
\r
3959 global $member, $manager, $CONF;
\r
3960 $member->isAdmin() or $this->disallow();
\r
3961 $skinid = intRequestVar('skinid');
\r
3962 $this->pagehead();
\r
3963 $this->parse('adminskindelete');
\r
3964 $this->pagefoot();
\r
3968 * @todo document this
\r
3970 function action_adminskindeleteconfirm()
\r
3972 global $member, $CONF, $manager;
\r
3973 $member->isAdmin() or $this->disallow();
\r
3974 $skinid = intRequestVar('skinid');
\r
3975 // don't allow default skin to be deleted
\r
3976 if ($skinid == $CONF['DefaultAdminSkin']) {
\r
3977 $this->error(_ERROR_DEFAULTSKIN);
\r
3979 // don't allow deletion of default skins for members
\r
3980 $memberDefaults = $member->getAdminSkin();
\r
3981 foreach ($memberDefaults as $memID => $adminskin) {
\r
3982 if ($skinid == $adminskin) {
\r
3983 $mem = MEMBER::createFromID($memID);
\r
3984 $this->error(_ERROR_SKINDEFDELETE . $mem->displayname);
\r
3988 'PreDeleteAdminSkin',
\r
3990 'skinid' => intval($skinid)
\r
3993 $query = 'DELETE FROM %s WHERE %s = ' . intval($skinid);
\r
3994 // 1. delete description
\r
3995 sql_query(sprintf($query, sql_table('adminskin_desc'), 'sdnumber'));
\r
3996 // 2. delete parts
\r
3997 sql_query(sprintf($query, sql_table('adminskin'), 'sdesc'));
\r
3999 'PostDeleteAdminSkin',
\r
4001 'skinid' => intval($skinid)
\r
4004 $this->action_adminskinoverview();
\r
4008 * @todo document this
\r
4010 function action_adminskinremovetype()
\r
4012 global $member, $manager, $CONF;
\r
4014 $member->isAdmin() or $this->disallow();
\r
4015 $skinid = intRequestVar('skinid');
\r
4016 $skintype = requestVar('type');
\r
4017 if (!isValidShortName($skintype)) {
\r
4018 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4020 $this->pagehead();
\r
4021 $this->parse('adminskinremovetype');
\r
4022 $this->pagefoot();
\r
4026 * @todo document this
\r
4028 function action_adminskinremovetypeconfirm()
\r
4030 global $member, $CONF, $manager;
\r
4032 $member->isAdmin() or $this->disallow();
\r
4033 $skinid = intRequestVar('skinid');
\r
4034 $skintype = requestVar('type');
\r
4035 if (!isValidShortName($skintype)) {
\r
4036 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4039 'PreDeleteAdminSkinPart',
\r
4041 'skinid' => $skinid,
\r
4042 'skintype' => $skintype
\r
4046 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype ="%s"';
\r
4047 sql_query(sprintf($query, sql_table('adminskin'), intval($skinid), $skintype ));
\r
4049 'PostDeleteAdminSkinPart',
\r
4051 'skinid' => $skinid,
\r
4052 'skintype' => $skintype
\r
4055 $this->action_adminskinedit();
\r
4059 * @todo document this
\r
4061 function action_adminskinclone()
\r
4064 $member->isAdmin() or $this->disallow();
\r
4065 $skinid = intRequestVar('skinid');
\r
4066 // 1. read skin to clone
\r
4067 $skin = new Skin($skinid);
\r
4068 $name = "clone_" . $skin->getName();
\r
4069 // if a skin with that name already exists:
\r
4070 if (Skin::exists($name)) {
\r
4072 while (Skin::exists($name . $i)) {
\r
4077 // 2. create skin desc
\r
4078 $newid = Skin::createNew(
\r
4080 $skin->getDescription(),
\r
4081 $skin->getContentType(),
\r
4082 $skin->getIncludeMode(),
\r
4083 $skin->getIncludePrefix()
\r
4085 $query = 'SELECT '
\r
4088 . sql_table('adminskin') . ' '
\r
4090 . ' sdesc = ' . $skinid;
\r
4091 $res = sql_query($query);
\r
4092 while ($row = sql_fetch_assoc($res)) {
\r
4093 $this->adminskinclonetype($skin, $newid, $row['stype']);
\r
4095 $this->action_adminskinoverview();
\r
4099 * @todo document this
\r
4101 function adminskinclonetype($skin, $newid, $type)
\r
4103 $newid = intval($newid);
\r
4104 $content = $skin->getContent($type);
\r
4106 $query = 'INSERT '
\r
4108 . sql_table('adminskin') . ' '
\r
4114 . intval($newid) . ', '
\r
4115 . '"' . sql_real_escape_string($content) . '", '
\r
4116 . '"' . sql_real_escape_string($type) . '" '
\r
4118 sql_query($query);
\r
4123 * @todo document this
\r
4125 function action_adminskinieoverview()
\r
4127 global $member, $DIR_LIBS, $manager;
\r
4128 $member->isAdmin() or $this->disallow();
\r
4129 // load skinie class
\r
4130 include_once($DIR_LIBS . 'skinie.php');
\r
4131 $this->pagehead();
\r
4132 $this->parse('adminskinieoverview');
\r
4133 $this->pagefoot();
\r
4138 * @todo document this
\r
4140 function action_adminskinieimport()
\r
4142 global $DIR_LIBS, $DIR_ADMINSKINS, $manager, $member;
\r
4143 $member->isAdmin() or $this->disallow();
\r
4144 // load skinie class
\r
4145 include_once($DIR_LIBS . 'skinie.php');
\r
4146 $skinFileRaw= postVar('skinfile');
\r
4147 $mode = postVar('mode');
\r
4148 $importer = new SKINIMPORT();
\r
4149 // get full filename
\r
4150 if ($mode == 'file') {
\r
4151 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
4152 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4153 if (!file_exists($skinFile)) {
\r
4154 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
\r
4157 $skinFile = $skinFileRaw;
\r
4159 // read only metadata
\r
4160 $error = $importer->readFile($skinFile, 1);
\r
4162 $this->error($error);
\r
4165 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4166 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4167 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4170 $skinNameClashes = $importer->checkSkinNameClashes();
\r
4171 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
4172 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
4173 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
4174 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
4175 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
4177 $this->pagehead();
\r
4178 $this->parse('adminskinieimport');
\r
4179 $this->pagefoot();
\r
4183 * @todo document this
\r
4185 function action_adminskiniedoimport()
\r
4187 global $DIR_LIBS, $DIR_ADMINSKINS, $member;
\r
4188 $member->isAdmin() or $this->disallow();
\r
4189 // load skinie class
\r
4190 include_once($DIR_LIBS . 'skinie.php');
\r
4191 $skinFileRaw = postVar('skinfile');
\r
4192 $mode = postVar('mode');
\r
4193 $allowOverwrite = intPostVar('overwrite');
\r
4194 // get full filename
\r
4195 if ($mode == 'file') {
\r
4196 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
4197 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4198 if (!file_exists($skinFile)) {
\r
4199 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
\r
4202 $skinFile = $skinFileRaw;
\r
4204 $importer = new SKINIMPORT();
\r
4205 $error = $importer->readFile($skinFile);
\r
4207 $this->error($error);
\r
4209 $error = $importer->writeToDatabase($allowOverwrite);
\r
4211 $this->error($error);
\r
4214 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4215 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4216 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4218 $this->pagehead();
\r
4219 $this->parse('adminskiniedoimport');
\r
4220 $this->pagefoot();
\r
4225 * @todo document this
\r
4227 function action_adminskinieexport()
\r
4229 global $member, $DIR_PLUGINS;
\r
4230 $member->isAdmin() or $this->disallow();
\r
4231 // load skinie class
\r
4232 $aSkins = requestIntArray('skin');
\r
4233 $aTemplates = requestIntArray('template');
\r
4234 if (!is_array($aTemplates)) {
\r
4235 $aTemplates = array();
\r
4237 if (!is_array($aSkins)) {
\r
4238 $aSkins = array();
\r
4240 $skinList = array_keys($aSkins);
\r
4241 $templateList = array_keys($aTemplates);
\r
4243 $info = postVar('info');
\r
4245 $exporter = new SkinEXPORT();
\r
4246 foreach ($skinList as $skinId) {
\r
4247 $exporter->addSkin($skinId);
\r
4249 foreach ($templateList as $templateId) {
\r
4250 $exporter->addTemplate($templateId);
\r
4252 $exporter->setInfo($info);
\r
4253 $exporter->export();
\r
4258 * Admin::action_settingsedit()
\r
4263 function action_settingsedit() {
\r
4264 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
\r
4266 $member->isAdmin() or $this->disallow();
\r
4268 $this->pagehead();
\r
4269 $this->parse('settingsedit');
\r
4270 $this->pagefoot();
\r
4274 * Admin::action_settingsupdate()
\r
4275 * Update $CONFIG and redirect
\r
4280 function action_settingsupdate() {
\r
4281 global $member, $CONF;
\r
4283 $member->isAdmin() or $this->disallow();
\r
4285 // check if email address for admin is valid
\r
4286 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
\r
4288 $this->error(_ERROR_BADMAILADDRESS);
\r
4292 $this->updateConfig('DefaultBlog', postVar('DefaultBlog'));
\r
4293 $this->updateConfig('BaseSkin', postVar('BaseSkin'));
\r
4294 $this->updateConfig('IndexURL', postVar('IndexURL'));
\r
4295 $this->updateConfig('AdminURL', postVar('AdminURL'));
\r
4296 $this->updateConfig('PluginURL', postVar('PluginURL'));
\r
4297 $this->updateConfig('SkinsURL', postVar('SkinsURL'));
\r
4298 $this->updateConfig('ActionURL', postVar('ActionURL'));
\r
4299 $this->updateConfig('Locale', postVar('Locale'));
\r
4300 $this->updateConfig('AdminEmail', postVar('AdminEmail'));
\r
4301 $this->updateConfig('SessionCookie', postVar('SessionCookie'));
\r
4302 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));
\r
4303 $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
\r
4304 $this->updateConfig('NonmemberMail', postVar('NonmemberMail'));
\r
4305 $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
\r
4306 $this->updateConfig('SiteName', postVar('SiteName'));
\r
4307 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));
\r
4308 $this->updateConfig('DisableSite', postVar('DisableSite'));
\r
4309 $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
\r
4310 $this->updateConfig('LastVisit', postVar('LastVisit'));
\r
4311 $this->updateConfig('MediaURL', postVar('MediaURL'));
\r
4312 $this->updateConfig('AllowedTypes', postVar('AllowedTypes'));
\r
4313 $this->updateConfig('AllowUpload', postVar('AllowUpload'));
\r
4314 $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
\r
4315 $this->updateConfig('MediaPrefix', postVar('MediaPrefix'));
\r
4316 $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
\r
4317 $this->updateConfig('DisableJsTools', postVar('DisableJsTools'));
\r
4318 $this->updateConfig('CookieDomain', postVar('CookieDomain'));
\r
4319 $this->updateConfig('CookiePath', postVar('CookiePath'));
\r
4320 $this->updateConfig('CookieSecure', postVar('CookieSecure'));
\r
4321 $this->updateConfig('URLMode', postVar('URLMode'));
\r
4322 $this->updateConfig('CookiePrefix', postVar('CookiePrefix'));
\r
4323 $this->updateConfig('DebugVars', postVar('DebugVars'));
\r
4324 $this->updateConfig('DefaultListSize', postVar('DefaultListSize'));
\r
4325 $this->updateConfig('AdminCSS', postVar('AdminCSS'));
\r
4327 // load new config and redirect (this way, the new locale will be used is necessary)
\r
4328 // note that when changing cookie settings, this redirect might cause the user
\r
4329 // to have to log in again.
\r
4331 redirect($CONF['AdminURL'] . '?action=manage');
\r
4336 * Admin::action_systemoverview()
\r
4337 * Output system overview
\r
4342 function action_systemoverview()
\r
4344 $this->pagehead();
\r
4345 $this->parse('systemoverview');
\r
4346 $this->pagefoot();
\r
4350 * Admin::updateConfig()
\r
4352 * @param string $name
\r
4353 * @param string $val
\r
4354 * @return integer return the ID in which the latest query posted
\r
4356 function updateConfig($name, $val)
\r
4358 $name = sql_real_escape_string($name);
\r
4359 $val = trim(sql_real_escape_string($val));
\r
4361 $query = "UPDATE %s SET value='%s' WHERE name='%s'";
\r
4362 $query = sprintf($query, sql_table('config'), $val, $name);
\r
4363 // sql_query($query) or die("Query error: " . sql_error());
\r
4364 sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
4365 return sql_insert_id();
\r
4370 * @param string $msg message that will be shown
\r
4372 function error($msg)
\r
4374 $this->pagehead();
\r
4375 $this->parse('adminerrorpage');
\r
4376 $this->pagefoot();
\r
4381 * Admin::disallow()
\r
4382 * add error log and show error page
\r
4387 function disallow()
\r
4389 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
\r
4390 $this->error(_ERROR_DISALLOWED);
\r
4394 * Admin::pagehead()
\r
4395 * Output admin page head
\r
4400 function pagehead($extrahead = '')
\r
4402 if ( $this->existsSkinContents('pagehead') )
\r
4404 if ( isset($extrahead) && !empty($extrahead) )
\r
4406 $this->extrahead = $extrahead;
\r
4408 $this->parse('pagehead');
\r
4412 global $member, $nucleus, $CONF, $manager;
\r
4415 'AdminPrePageHead',
\r
4417 'extrahead' => &$extrahead,
\r
4418 'action' => $this->action
\r
4422 $baseUrl = Entity::hsc($CONF['AdminURL']);
\r
4423 if ( !array_key_exists('AdminCSS',$CONF) )
\r
4425 sql_query("INSERT INTO " . sql_table('config') . " VALUES ('AdminCSS', 'original')");
\r
4426 $CONF['AdminCSS'] = 'original';
\r
4429 /* HTTP 1.1 application for no caching */
\r
4430 header("Cache-Control: no-cache, must-revalidate");
\r
4431 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
\r
4433 $root_element = 'html';
\r
4434 $charset = i18n::get_current_charset();
\r
4435 $locale = preg_replace('#_#', '-', i18n::get_current_locale());
\r
4437 echo "<?xml version=\"{$this->xml_version_info}\" encoding=\"{$charset}\" ?>\n";
\r
4438 echo "<!DOCTYPE {$root_element} PUBLIC \"{$this->formal_public_identifier}\" \"{$this->system_identifier}\">\n";
\r
4439 echo "<{$root_element} xmlns=\"{$this->xhtml_namespace}\" xml:lang=\"{$locale}\" lang=\"{$locale}\">\n";
\r
4441 echo '<title>' . Entity::hsc($CONF['SiteName']) . " - Admin</title>\n";
\r
4442 echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/admin_{$CONF["AdminCSS"]}.css\" />\n";
\r
4443 echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/addedit.css\" />\n";
\r
4444 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/edit.js\"></script>\n";
\r
4445 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/admin.js\"></script>\n";
\r
4446 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/compatibility.js\"></script>\n";
\r
4447 echo "{$extrahead}\n";
\r
4448 echo "</head>\n\n";
\r
4450 echo "<div id=\"adminwrapper\">\n";
\r
4451 echo "<div class=\"header\">\n";
\r
4452 echo '<h1>' . Entity::hsc($CONF['SiteName']) . "</h1>\n";
\r
4454 echo "<div id=\"container\">\n";
\r
4455 echo "<div id=\"content\">\n";
\r
4456 echo "<div class=\"loginname\">\n";
\r
4457 if ( $member->isLoggedIn() )
\r
4459 echo _LOGGEDINAS . ' ' . $member->getDisplayName() ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a><br />\n";
\r
4460 echo "<a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";
\r
4464 echo '<a href="index.php?action=showlogin" title="Log in">' . _NOTLOGGEDIN . "</a><br />\n";
\r
4466 echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a><br />\n";
\r
4469 if (array_key_exists('codename', $nucleus) && $nucleus['codename'] != '' )
\r
4471 $codenamestring = ' "' . $nucleus['codename'].'"';
\r
4475 $codenamestring = '';
\r
4478 if ( $member->isLoggedIn() && $member->isAdmin() )
\r
4480 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());
\r
4481 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';
\r
4483 $newestVersion = getLatestVersion();
\r
4484 $newestCompare = str_replace('/','.',$newestVersion);
\r
4485 $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);
\r
4486 if ( $newestVersion && version_compare($newestCompare, $currentVersion) > 0 )
\r
4489 echo '<a style="color:red" href="http://nucleuscms.org/upgrade.php" title="' . _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE . '">';
\r
4490 echo _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT . $newestVersion;
\r
4496 echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;
\r
4505 * Admin::pagefoot()
\r
4506 * Output admin page foot include quickmenu
\r
4511 function pagefoot()
\r
4513 if ($this->existsSkinContents('pagefoot')) {
\r
4514 $this->parse('pagefoot');
\r
4519 global $action, $member, $manager;
\r
4522 'AdminPrePageFoot',
\r
4524 'action' => $this->action
\r
4528 if ( $member->isLoggedIn() && ($action != 'showlogin') )
\r
4530 echo '<h2>' . _LOGOUT . "</h2>\n";
\r
4532 echo '<li><a href="index.php?action=overview">' . _BACKHOME . "</a></li>\n";
\r
4533 echo '<li><a href="index.php?action=logout">' . _LOGOUT . "</a></li>\n";
\r
4537 echo "<div class=\"foot\">\n";
\r
4538 echo '<a href="' . _ADMINPAGEFOOT_OFFICIALURL . '">Nucleus CMS</a> © 2002-' . date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT;
\r
4540 echo '<a href="' . _ADMINPAGEFOOT_DONATEURL . '">' . _ADMINPAGEFOOT_DONATE . "</a>\n";
\r
4543 echo "<!-- content -->\n";
\r
4544 echo "<div id=\"quickmenu\">\n";
\r
4546 if ( ($action != 'showlogin') && ($member->isLoggedIn()) )
\r
4549 echo '<li><a href="index.php?action=overview">' . _QMENU_HOME . "</a></li>\n";
\r
4552 echo '<h2>' . _QMENU_ADD . "</h2>\n";
\r
4553 echo "<form method=\"get\" action=\"index.php\">\n";
\r
4555 echo "<input type=\"hidden\" name=\"action\" value=\"createitem\" />\n";
\r
4557 $showAll = requestVar('showall');
\r
4559 if ( ($member->isAdmin()) && ($showAll == 'yes') )
\r
4561 // Super-Admins have access to all blogs! (no add item support though)
\r
4562 $query = 'SELECT bnumber as value, bname as text'
\r
4563 . ' FROM ' . sql_table('blog')
\r
4564 . ' ORDER BY bname';
\r
4568 $query = 'SELECT bnumber as value, bname as text'
\r
4569 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
\r
4570 . ' WHERE tblog=bnumber and tmember=' . $member->getID()
\r
4571 . ' ORDER BY bname';
\r
4573 $template['name'] = 'blogid';
\r
4574 $template['tabindex'] = 15000;
\r
4575 $template['extra'] = _QMENU_ADD_SELECT;
\r
4576 $template['selected'] = -1;
\r
4577 $template['shorten'] = 10;
\r
4578 $template['shortenel'] = '';
\r
4579 $template['javascript'] = 'onchange="return form.submit()"';
\r
4580 showlist($query,'select',$template);
\r
4585 echo "<h2>{$member->getDisplayName()}</h2>\n";
\r
4587 echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . "</a></li>\n";
\r
4588 echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . "</a></li>\n";
\r
4589 echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . "</a></li>\n";
\r
4592 // ---- general settings ----
\r
4593 if ( $member->isAdmin() )
\r
4595 echo '<h2>' . _QMENU_MANAGE . "</h2>\n";
\r
4597 echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . "</a></li>\n";
\r
4598 echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . "</a></li>\n";
\r
4599 echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . "</a></li>\n";
\r
4600 echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . "</a></li>\n";
\r
4601 echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . "</a></li>\n";
\r
4602 echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . "</a></li>\n";
\r
4603 echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . "</a></li>\n";
\r
4606 echo "<h2>" . _QMENU_LAYOUT . "</h2>\n";
\r
4608 echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . "</a></li>\n";
\r
4609 echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . "</a></li>\n";
\r
4610 echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . "</a></li>\n";
\r
4614 $aPluginExtras = array();
\r
4618 'options' => &$aPluginExtras));
\r
4620 if ( count($aPluginExtras) > 0 )
\r
4622 echo "<h2>" . _QMENU_PLUGINS . "</h2>\n";
\r
4624 foreach ( $aPluginExtras as $aInfo )
\r
4626 echo '<li><a href="' . Entity::hsc($aInfo['url']) . '" title="' . Entity::hsc($aInfo['tooltip']) . '">' . Entity::hsc($aInfo['title']) . "</a></li>\n";
\r
4631 else if ( ($action == 'activate') || ($action == 'activatesetpwd') )
\r
4634 echo '<h2>' . _QMENU_ACTIVATE . '</h2>' . _QMENU_ACTIVATE_TEXT;
\r
4638 // introduction text on login screen
\r
4639 echo '<h2>' . _QMENU_INTRO . '</h2>' . _QMENU_INTRO_TEXT;
\r
4642 echo "<!-- quickmenu -->\n";
\r
4645 echo "<!-- content -->\n";
\r
4648 echo "<!-- container -->\n";
\r
4651 echo "<!-- adminwrapper -->\n";
\r
4661 * @todo document this
\r
4663 function action_regfile()
\r
4665 global $member, $CONF;
\r
4667 $blogid = intRequestVar('blogid');
\r
4669 $member->teamRights($blogid) or $this->disallow();
\r
4671 // header-code stolen from phpMyAdmin
\r
4672 // REGEDIT and bookmarklet code stolen from GreyMatter
\r
4674 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid));
\r
4677 header('Content-Type: application/octetstream');
\r
4678 header('Content-Disposition: filename="nucleus.reg"');
\r
4679 header('Pragma: no-cache');
\r
4680 header('Expires: 0');
\r
4682 echo "REGEDIT4\n";
\r
4683 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n";
\r
4684 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n";
\r
4685 echo '"contexts"=hex:31';
\r
4689 * @todo document this
\r
4691 function action_bookmarklet()
\r
4693 global $member, $manager;
\r
4695 $member->teamRights($blogid) or $this->disallow();
\r
4697 $blogid = intRequestVar('blogid');
\r
4699 $this->pagehead();
\r
4700 $this->parse('bookmarklet');
\r
4701 $this->pagefoot();
\r
4706 * @todo document this
\r
4708 function action_actionlog()
\r
4710 global $member, $manager;
\r
4712 $member->isAdmin() or $this->disallow();
\r
4714 $this->pagehead();
\r
4715 $this->parse('actionlog');
\r
4716 $this->pagefoot();
\r
4721 * @todo document this
\r
4723 function action_banlist() {
\r
4724 global $member, $manager;
\r
4726 $member->blogAdminRights($blogid) or $this->disallow();
\r
4728 $blogid = intRequestVar('blogid');
\r
4730 $this->pagehead();
\r
4731 $this->parse('banlist');
\r
4732 $this->pagefoot();
\r
4737 * @todo document this
\r
4739 function action_banlistdelete() {
\r
4740 global $member, $manager;
\r
4742 $blogid = intRequestVar('blogid');
\r
4743 $member->blogAdminRights($blogid) or $this->disallow();
\r
4745 $this->pagehead();
\r
4746 $this->parse('banlistdelete');
\r
4747 $this->pagefoot();
\r
4751 * @todo document this
\r
4753 function action_banlistdeleteconfirm()
\r
4755 global $member, $manager;
\r
4757 $member->blogAdminRights($blogid) or $this->disallow();
\r
4759 $blogid = intPostVar('blogid');
\r
4760 $allblogs = postVar('allblogs');
\r
4761 $iprange = postVar('iprange');
\r
4763 $deleted = array();
\r
4767 if ( Ban::removeBan($blogid, $iprange) )
\r
4769 array_push($deleted, $blogid);
\r
4774 // get blogs fot which member has admin rights
\r
4775 $adminblogs = $member->getAdminBlogs();
\r
4776 foreach ($adminblogs as $blogje)
\r
4778 if ( Ban::removeBan($blogje, $iprange) )
\r
4780 array_push($deleted, $blogje);
\r
4785 if ( sizeof($deleted) == 0 )
\r
4787 $this->error(_ERROR_DELETEBAN);
\r
4790 $this->pagehead();
\r
4791 $this->parse('banlistdeleteconfirm');
\r
4792 $this->pagefoot();
\r
4797 * @todo document this
\r
4799 function action_banlistnewfromitem()
\r
4801 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));
\r
4805 * @todo document this
\r
4807 function action_banlistnew($blogid = '')
\r
4809 global $member, $manager;
\r
4811 if ( $blogid == '' )
\r
4813 $blogid = intRequestVar('blogid');
\r
4816 $ip = requestVar('ip');
\r
4818 $member->blogAdminRights($blogid) or $this->disallow();
\r
4820 $_REQUEST['blogid'] = $blogid;
\r
4822 $this->pagehead();
\r
4823 $this->parse('banlistnew');
\r
4824 $this->pagefoot();
\r
4828 * @todo document this
\r
4830 function action_banlistadd() {
\r
4833 $blogid = intPostVar('blogid');
\r
4834 $allblogs = postVar('allblogs');
\r
4835 $iprange = postVar('iprange');
\r
4836 if ( $iprange == "custom" )
\r
4838 $iprange = postVar('customiprange');
\r
4840 $reason = postVar('reason');
\r
4842 $member->blogAdminRights($blogid) or $this->disallow();
\r
4844 // TODO: check IP range validity
\r
4848 if ( !Ban::addBan($blogid, $iprange, $reason) )
\r
4850 $this->error(_ERROR_ADDBAN);
\r
4855 // get blogs fot which member has admin rights
\r
4856 $adminblogs = $member->getAdminBlogs();
\r
4858 foreach ($adminblogs as $blogje)
\r
4860 if ( !Ban::addBan($blogje, $iprange, $reason) )
\r
4867 $this->error(_ERROR_ADDBAN);
\r
4870 $this->action_banlist();
\r
4874 * @todo document this
\r
4876 function action_clearactionlog()
\r
4880 $member->isAdmin() or $this->disallow();
\r
4882 ActionLog::clear();
\r
4884 $this->action_manage(_MSG_ACTIONLOGCLEARED);
\r
4888 * @todo document this
\r
4890 function action_backupoverview()
\r
4892 global $member, $manager;
\r
4894 $member->isAdmin() or $this->disallow();
\r
4896 $this->pagehead();
\r
4897 $this->parse('backupoverview');
\r
4898 $this->pagefoot();
\r
4902 * Admin::action_backupcreate()
\r
4903 * create file for backup
\r
4909 function action_backupcreate()
\r
4911 global $member, $DIR_LIBS;
\r
4913 $member->isAdmin() or $this->disallow();
\r
4915 // use compression ?
\r
4916 $useGzip = (integer) postVar('gzip');
\r
4918 include($DIR_LIBS . 'backup.php');
\r
4920 // try to extend time limit
\r
4921 // (creating/restoring dumps might take a while)
\r
4922 @set_time_limit(1200);
\r
4924 Backup::do_backup($useGzip);
\r
4929 * Admin::action_backuprestore()
\r
4930 * restoring from uploaded file
\r
4935 function action_backuprestore()
\r
4937 global $member, $DIR_LIBS;
\r
4939 $member->isAdmin() or $this->disallow();
\r
4941 if ( intPostVar('letsgo') != 1 )
\r
4943 $this->error(_ERROR_BACKUP_NOTSURE);
\r
4946 include($DIR_LIBS . 'backup.php');
\r
4948 // try to extend time limit
\r
4949 // (creating/restoring dumps might take a while)
\r
4950 @set_time_limit(1200);
\r
4952 $message = Backup::do_restore();
\r
4953 if ( $message != '' )
\r
4955 $this->error($message);
\r
4957 $this->pagehead();
\r
4958 $this->parse('backuprestore');
\r
4959 $this->pagefoot();
\r
4964 * Admin::action_pluginlist()
\r
4965 * output the list of installed plugins
\r
4971 function action_pluginlist()
\r
4973 global $DIR_PLUGINS, $member, $manager;
\r
4975 // check if allowed
\r
4976 $member->isAdmin() or $this->disallow();
\r
4978 $this->pagehead();
\r
4979 $this->parse('pluginlist');
\r
4980 $this->pagefoot();
\r
4985 * @todo document this
\r
4987 function action_pluginhelp()
\r
4989 global $member, $manager, $DIR_PLUGINS, $CONF;
\r
4991 // check if allowed
\r
4992 $member->isAdmin() or $this->disallow();
\r
4994 $plugid = intGetVar('plugid');
\r
4996 if ( !$manager->pidInstalled($plugid) )
\r
4998 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5001 $this->pagehead();
\r
5002 $this->parse('pluginhelp');
\r
5003 $this->pagefoot();
\r
5007 * Admin::action_pluginadd()
\r
5013 function action_pluginadd()
\r
5015 global $member, $manager, $DIR_PLUGINS;
\r
5017 // check if allowed
\r
5018 $member->isAdmin() or $this->disallow();
\r
5020 $name = postVar('filename');
\r
5022 if ( $manager->pluginInstalled($name) )
\r
5024 $this->error(_ERROR_DUPPLUGIN);
\r
5027 if ( !checkPlugin($name) )
\r
5029 $this->error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
\r
5032 // get number of currently installed plugins
\r
5033 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));
\r
5034 $numCurrent = sql_num_rows($res);
\r
5036 // plugin will be added as last one in the list
\r
5037 $newOrder = $numCurrent + 1;
\r
5046 // do this before calling getPlugin (in case the plugin id is used there)
\r
5047 $query = 'INSERT INTO '
\r
5048 . sql_table('plugin')
\r
5054 . '"' . sql_real_escape_string($name) . '"'
\r
5056 sql_query($query);
\r
5057 $iPid = sql_insert_id();
\r
5059 $manager->clearCachedInfo('installedPlugins');
\r
5061 // Load the plugin for condition checking and instalation
\r
5062 $plugin =& $manager->getPlugin($name);
\r
5064 // check if it got loaded (could have failed)
\r
5067 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));
\r
5068 $manager->clearCachedInfo('installedPlugins');
\r
5069 $this->error(_ERROR_PLUGIN_LOAD);
\r
5072 // check if plugin needs a newer Nucleus version
\r
5073 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
\r
5075 // uninstall plugin again...
\r
5076 $this->deleteOnePlugin($plugin->getID());
\r
5078 // ...and show error
\r
5079 $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
\r
5082 // check if plugin needs a newer Nucleus version
\r
5083 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
\r
5085 // uninstall plugin again...
\r
5086 $this->deleteOnePlugin($plugin->getID());
\r
5088 // ...and show error
\r
5089 $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
\r
5092 $pluginList = $plugin->getPluginDep();
\r
5093 foreach ( $pluginList as $pluginName )
\r
5095 $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
\r
5096 if (sql_num_rows($res) == 0)
\r
5098 // uninstall plugin again...
\r
5099 $this->deleteOnePlugin($plugin->getID());
\r
5100 $this->error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
\r
5104 // call the install method of the plugin
\r
5105 $plugin->install();
\r
5110 'plugin' => &$plugin
\r
5114 // update all events
\r
5115 $this->action_pluginupdate();
\r
5120 * ADMIN:action_pluginupdate():
\r
5126 function action_pluginupdate()
\r
5128 global $member, $manager, $CONF;
\r
5130 // check if allowed
\r
5131 $member->isAdmin() or $this->disallow();
\r
5133 // delete everything from plugin_events
\r
5134 sql_query('DELETE FROM '.sql_table('plugin_event'));
\r
5136 // loop over all installed plugins
\r
5137 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
\r
5138 while ( $o = sql_fetch_object($res) )
\r
5141 $plug =& $manager->getPlugin($o->pfile);
\r
5144 $eventList = $plug->getEventList();
\r
5145 foreach ( $eventList as $eventName )
\r
5147 $query = "INSERT INTO %s (pid, event) VALUES (%d, '%s')";
\r
5148 $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, sql_real_escape_string($eventName));
\r
5149 sql_query($query);
\r
5153 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5158 * @todo document this
\r
5160 function action_plugindelete()
\r
5162 global $member, $manager;
\r
5164 // check if allowed
\r
5165 $member->isAdmin() or $this->disallow();
\r
5167 $pid = intGetVar('plugid');
\r
5169 if ( !$manager->pidInstalled($pid) )
\r
5171 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5174 $this->pagehead();
\r
5175 $this->parse('plugindelete');
\r
5176 $this->pagefoot();
\r
5180 * @todo document this
\r
5182 function action_plugindeleteconfirm()
\r
5184 global $member, $manager, $CONF;
\r
5186 // check if allowed
\r
5187 $member->isAdmin() or $this->disallow();
\r
5189 $pid = intPostVar('plugid');
\r
5191 $error = $this->deleteOnePlugin($pid, 1);
\r
5193 $this->error($error);
\r
5196 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5197 // $this->action_pluginlist();
\r
5201 * @todo document this
\r
5203 function deleteOnePlugin($pid, $callUninstall = 0)
\r
5207 $pid = intval($pid);
\r
5209 if ( !$manager->pidInstalled($pid) )
\r
5211 return _ERROR_NOSUCHPLUGIN;
\r
5214 $name = quickQuery('SELECT pfile as result FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5216 /* // call the unInstall method of the plugin
\r
5217 if ($callUninstall) {
\r
5218 $plugin =& $manager->getPlugin($name);
\r
5219 if ($plugin) $plugin->unInstall();
\r
5222 // check dependency before delete
\r
5223 $res = sql_query('SELECT pfile FROM ' . sql_table('plugin'));
\r
5224 while ($o = sql_fetch_object($res))
\r
5226 $plug =& $manager->getPlugin($o->pfile);
\r
5229 $depList = $plug->getPluginDep();
\r
5230 foreach ($depList as $depName)
\r
5232 if ($name == $depName)
\r
5234 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);
\r
5241 'PreDeletePlugin',
\r
5247 // call the unInstall method of the plugin
\r
5248 if ( $callUninstall )
\r
5250 $plugin =& $manager->getPlugin($name);
\r
5253 $plugin->unInstall();
\r
5257 // delete all subscriptions
\r
5258 sql_query('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
\r
5260 // delete all options
\r
5261 // get OIDs from plugin_option_desc
\r
5262 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5264 while ($o = sql_fetch_object($res))
\r
5266 array_push($aOIDs, $o->oid);
\r
5269 // delete from plugin_option and plugin_option_desc
\r
5270 sql_query('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5271 if (count($aOIDs) > 0)
\r
5273 sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',',$aOIDs) . ')');
\r
5276 // update order numbers
\r
5277 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5278 $o = sql_fetch_object($res);
\r
5279 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $o->porder);
\r
5282 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5284 $manager->clearCachedInfo('installedPlugins');
\r
5286 'PostDeletePlugin',
\r
5296 * @todo document this
\r
5298 function action_pluginup()
\r
5300 global $member, $manager, $CONF;
\r
5302 // check if allowed
\r
5303 $member->isAdmin() or $this->disallow();
\r
5305 $plugid = intGetVar('plugid');
\r
5307 if ( !$manager->pidInstalled($plugid) )
\r
5309 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5312 // 1. get old order number
\r
5313 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5314 $o = sql_fetch_object($res);
\r
5315 $oldOrder = $o->porder;
\r
5317 // 2. calculate new order number
\r
5318 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
\r
5320 // 3. update plug numbers
\r
5321 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5322 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5324 //$this->action_pluginlist();
\r
5325 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5326 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5330 * @todo document this
\r
5332 function action_plugindown()
\r
5334 global $member, $manager, $CONF;
\r
5336 // check if allowed
\r
5337 $member->isAdmin() or $this->disallow();
\r
5339 $plugid = intGetVar('plugid');
\r
5340 if ( !$manager->pidInstalled($plugid) )
\r
5342 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5345 // 1. get old order number
\r
5346 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5347 $o = sql_fetch_object($res);
\r
5348 $oldOrder = $o->porder;
\r
5350 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));
\r
5351 $maxOrder = sql_num_rows($res);
\r
5353 // 2. calculate new order number
\r
5354 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
\r
5356 // 3. update plug numbers
\r
5357 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5358 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5360 //$this->action_pluginlist();
\r
5361 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5362 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5366 * Admin::action_pluginoptions()
\r
5368 * Output Plugin option page
\r
5371 * @param string $message message when fallbacked
\r
5375 public function action_pluginoptions($message = '')
\r
5377 global $member, $manager;
\r
5379 // check if allowed
\r
5380 $member->isAdmin() or $this->disallow();
\r
5382 // $pid = (integer) requestVar('plugid');
\r
5383 $pid = intRequestVar('plugid');
\r
5384 if ( !$manager->pidInstalled($pid) )
\r
5386 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5389 if ( isset($message) )
\r
5391 $this->headMess = $message;
\r
5393 $extrahead = "<script type=\"text/javascript\" src=\"javascript/numbercheck.js\"></script>\n";
\r
5394 $this->pagehead($extrahead);
\r
5395 $this->parse('pluginoptions');
\r
5396 $this->pagefoot();
\r
5401 * Admin::action_pluginoptionsupdate()
\r
5403 * Update plugin options and fallback to plugin option page
\r
5409 public function action_pluginoptionsupdate()
\r
5411 global $member, $manager;
\r
5413 // check if allowed
\r
5414 $member->isAdmin() or $this->disallow();
\r
5416 $pid = intRequestVar('plugid');
\r
5417 // $pid = (integer) requestVar('plugid');
\r
5418 if ( !$manager->pidInstalled($pid) )
\r
5420 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5423 $aOptions = requestArray('plugoption');
\r
5424 NucleusPlugin::apply_plugin_options($aOptions);
\r
5427 'PostPluginOptionsUpdate',
\r
5429 'context' => 'global',
\r
5434 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
\r
5439 * Admin::_insertPluginOptions()
\r
5441 * Output plugin option field
\r
5444 * @param string $context plugin option context
\r
5445 * @param integer $contextid plugin option context id
\r
5448 public function _insertPluginOptions($context, $contextid = 0)
\r
5450 // get all current values for this contextid
\r
5451 // (note: this might contain doubles for overlapping contextids)
\r
5452 $aIdToValue = array();
\r
5453 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));
\r
5454 while ( $object = sql_fetch_object($res) )
\r
5456 $aIdToValue[$object->oid] = $object->ovalue;
\r
5459 // get list of oids per pid
\r
5460 $query = 'SELECT '
\r
5463 . sql_table('plugin_option_desc') . ', '
\r
5464 . sql_table('plugin') . ' '
\r
5467 . 'and ocontext = "' . sql_real_escape_string($context) . '" '
\r
5469 . ' porder, oid ASC';
\r
5470 $res = sql_query($query);
\r
5471 $aOptions = array();
\r
5472 while ( $object = sql_fetch_object($res) )
\r
5474 if (in_array($object->oid, array_keys($aIdToValue)))
\r
5476 $value = $aIdToValue[$object->oid];
\r
5480 $value = $object->odef;
\r
5486 'pid' => $object->pid,
\r
5487 'pfile' => $object->pfile,
\r
5488 'oid' => $object->oid,
\r
5489 'value' => $value,
\r
5490 'name' => $object->oname,
\r
5491 'description' => $object->odesc,
\r
5492 'type' => $object->otype,
\r
5493 'typeinfo' => $object->oextra,
\r
5494 'contextid' => $contextid,
\r
5502 'PrePluginOptionsEdit',
\r
5504 'context' => $context,
\r
5505 'contextid' => $contextid,
\r
5506 'options' =>& $aOptions
\r
5510 $this->aOptions = $aOptions;
\r
5511 $this->parse('insertpluginoptions');
\r
5516 * TODO: this document
\r
5518 function action_parseSpecialskin()
\r
5520 $this->pagehead();
\r
5521 $this->parse($this->action);
\r
5522 $this->pagefoot();
\r
5525 function parse($type)
\r
5527 global $manager, $CONF;
\r
5528 if ( $type == 'pagehead' )
\r
5531 'InitAdminSkinParse',
\r
5533 'skin' => &$this->adminSkin,
\r
5537 // set output type
\r
5538 sendContentType($this->adminSkin->getContentType(), 'skin', i18n::get_current_charset());
\r
5540 // set skin name as global var (so plugins can access it)
\r
5541 global $currentSkinName;
\r
5542 $currentSkinName = $this->adminSkin->getName();
\r
5544 $contents = $this->adminSkin->getContent($type);
\r
5548 // use base skin if this skin does not have contents
\r
5549 $defskin = new Skin($CONF['DefaultAdminSkin']);
\r
5550 $contents = $defskin->getContent($type);
\r
5558 $actions = $this->adminSkin->getAllowedActionsForType($type);
\r
5560 if ( $type == 'pagehead' )
\r
5563 'PreAdminSkinParse',
\r
5565 'skin' => &$this->adminSkin,
\r
5567 'contents' => &$contents
\r
5572 // set IncludeMode properties of parser
\r
5573 PARSER::setProperty('IncludeMode', $this->adminSkin->getIncludeMode());
\r
5574 PARSER::setProperty('IncludePrefix', $this->adminSkin->getIncludePrefix());
\r
5576 if ( $type == 'createitem' || $type == 'itemedit' )
\r
5578 $handler = new Factory(intRequestVar('blogid'), $type, $this->adminSkin, $this);
\r
5579 $actions = array_merge($actions, $handler->actions);
\r
5581 $handler = new AdminActions($type, $this->adminSkin, $this);
\r
5582 $actions = array_merge($actions, AdminActions::get_allowed_actions_for_type($type));
\r
5584 $parser = new Parser($actions, $handler);
\r
5585 $handler->setParser($parser);
\r
5586 $handler->setSkin($this->adminSkin);
\r
5587 $parser->parse($contents);
\r
5589 if ( $type == 'pagefoot' )
\r
5592 'PostAdminSkinParse',
\r
5594 'skin' => &$this->adminSkin,
\r
5601 function getAdminskinIDFromName($skinname)
\r
5603 $query = 'SELECT `sdnumber` as result FROM `%s` WHERE `sdname` = "%s"';
\r
5604 $admnSknID = quickQuery(sprintf($query, sql_table('nucleus_adminskin_desc'), mysql_real_escape_string($skinname)));
\r
5605 return intval($adminSkinID);
\r
5608 function getAdminskinNameFromID($skinid)
\r
5610 $query = 'SELECT `sdname` as result FROM `%s` WHERE `sdnumber` = "%d"';
\r
5611 $admnSknID = quickQuery(sprintf($query, sql_table('nucleus_adminskin_desc'), intval($skinid)));
\r
5612 return intval($adminSkinID);
\r
5615 function action_importAdmin()
\r
5617 global $DIR_ADMINSKINS, $action;
\r
5618 if ( $action == 'adminskinieimport' )
\r
5620 $this->_doAdminskinimport();
\r
5623 if ( $action == 'showlogin' )
\r
5625 $skinName = 'showlogin';
\r
5626 $actnName = 'showlogin';
\r
5630 $skinName = 'defaultimporter';
\r
5631 $actnName = 'importAdmin';
\r
5633 $contents = file_get_contents($DIR_ADMINSKINS . $skinName . '.skn');
\r
5635 $skn['description'] = $skinName;
\r
5636 $skn['contentType'] = 'importAdmin';
\r
5637 $skn['includeMode'] = 'normal';
\r
5638 $skn['includePrefix'] = '';
\r
5639 $skn['name'] = 'defaultinporter';
\r
5640 $this->adminSkin = (object)$skn;
\r
5641 $handler = new AdminActions($actnName, $this->adminSkin, $this);
\r
5642 $actions = Skin::getAllowedActionsForType($actnName);
\r
5643 $parser = new PARSER($actions, $handler);
\r
5644 $handler->setParser($parser);
\r
5645 $handler->setSkin($this->adminSkin);
\r
5646 $parser->parse($contents);
\r
5650 * @todo document this
\r
5652 private function _doAdminskinimport()
\r
5654 global $DIR_LIBS, $DIR_ADMINSKINS, $CONF, $member;
\r
5655 $member->isAdmin() or $this->disallow();
\r
5656 // load skinie class
\r
5657 include_once($DIR_LIBS . 'Skinie.php');
\r
5658 $skinFileRaw = postVar('skinfile');
\r
5659 $mode = postVar('mode');
\r
5660 $allowOverwrite = intPostVar('overwrite');
\r
5661 // get full filename
\r
5662 if ($mode == 'file') {
\r
5663 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
5665 $skinFile = $skinFileRaw;
\r
5667 $importer = new SKINIMPORT();
\r
5668 $error = $importer->readFile($skinFile);
\r
5670 $this->error($error);
\r
5672 $error = $importer->writeToDatabase($allowOverwrite);
\r
5674 $this->error($error);
\r
5677 $_REQUEST['skininfo'] = $importer->getInfo();
\r
5678 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
5679 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
5681 header('Location: ' . $CONF['AdminURL']);
\r
5687 * Returns a link to a weblog
\r
5688 * @param object BLOG
\r
5690 function bloglink(&$blog) {
\r
5691 return '<a href="'.Entity::hsc($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. Entity::hsc( $blog->getName() ) .'</a>';
\r