3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
4 * Copyright (C) 2002-2012 The Nucleus Group
\r
6 * This program is free software; you can redistribute it and/or
\r
7 * modify it under the terms of the GNU General Public License
\r
8 * as published by the Free Software Foundation; either version 2
\r
9 * of the License, or (at your option) any later version.
\r
10 * (see nucleus/documentation/index.html#license for more info)
\r
13 * The code for the Nucleus admin area
\r
15 * @license http://nucleuscms.org/license.txt GNU General Public License
\r
16 * @copyright Copyright (C) 2002-2012 The Nucleus Group
\r
17 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
\r
21 if ( !function_exists('requestVar') ) exit;
\r
22 require_once dirname(__FILE__) . '/showlist.php';
\r
25 * Builds the admin area and executes admin actions
\r
29 private $xml_version_info = '1.0';
\r
30 private $formal_public_identifier = '-//W3C//DTD XHTML 1.0 Strict//EN';
\r
31 private $system_identifier = 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd';
\r
32 private $xhtml_namespace = 'http://www.w3.org/1999/xhtml';
\r
35 * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)
\r
40 * @var object $adminSkin
\r
45 * @var string $extrahead
\r
50 * @var bool $passvar
\r
55 * @var string $headMess
\r
64 /* function ADMIN() {
\r
66 function __construct()
\r
68 global $member, $DIR_LIBS;
\r
70 . ' COUNT(*) as result '
\r
72 . sql_table('adminskin_desc');
\r
73 if ( !(quickQuery($query)) )
\r
75 $this->action_importAdmin();
\r
77 if ( !isset($adminSkinid) || !($adminSkinid) )
\r
79 $adminSkinid = self::getAdminSkinID();
\r
81 if ( Skin::existsID($adminSkinid) )
\r
83 $this->adminSkin = new Skin($adminSkinid);
\r
87 $this->adminSkin = 0;
\r
91 static private function getAdminSkinID()
\r
93 global $CONF, $member, $manager;
\r
94 if (isset($member) && $member->isLoggedIn()) {
\r
95 $memskin = $member->getAdminSkin();
\r
100 return $CONF['DefaultAdminSkin'];
\r
103 function getAdminskinEditActions()
\r
106 'adminskinoverview',
\r
107 'adminskinieoverview',
\r
108 'adminskinedittype',
\r
109 'adminskinremovetype',
\r
112 'adminskinieimport',
\r
113 'adminskiniedoimport',
\r
114 'admintemplateedit',
\r
115 'admintemplateoverview',
\r
116 'admintemplatedelete',
\r
120 function getSkinlessActions()
\r
123 'plugindeleteconfirm',
\r
124 'pluginoptionsupdate',
\r
125 'skinremovetypeconfirm',
\r
127 'skindeleteconfirm',
\r
133 'templatedeleteconfirm',
\r
136 'adminskinremovetypeconfirm',
\r
138 'adminskindeleteconfirm',
\r
140 'adminskineditgeneral',
\r
141 'adminskinieexport',
\r
143 'admintemplateupdate',
\r
144 'admintemplatedeleteconfirm',
\r
145 'admintemplatenew',
\r
146 'admintemplateclone',
\r
147 'blogsettingsupdate',
\r
151 'itemdeleteconfirm',
\r
153 'changemembersettings',
\r
160 * Executes an action
\r
162 * @param string $action action to be performed
\r
164 function action($action)
\r
166 global $CONF, $manager;
\r
169 // list of action aliases
\r
171 'login' => 'overview',
\r
175 $customAction = postvar('customaction');
\r
176 if ( !empty($customAction) )
\r
179 'login' => $customAction,
\r
180 '' => $customAction
\r
183 if ( isset($alias[$action]) )
\r
185 $action = $alias[$action];
\r
187 $methodName = 'action_' . $action;
\r
189 $this->action = strtolower($action);
\r
191 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action
\r
192 // is an action that requires user interaction before something is actually done)
\r
193 // all safe actions are in this array:
\r
194 $aActionsNotToCheck = array(
\r
204 'editmembersettings',
\r
206 'browseowncomments',
\r
220 'templateoverview',
\r
225 'banlistnewfromitem',
\r
246 $synonimActions = array(
\r
247 'banlistnewfromitem',
\r
252 // the rest of the actions needs to be checked
\r
253 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');
\r
255 $adminskinEditActions = $this->getAdminskinEditActions();
\r
256 $skinLessActions = $this->getSkinlessActions();
\r
257 $allowActions = array_merge($synonimActions, $this->getSkinlessActions());
\r
258 $aActionsNotToCheck = array_merge($aActionsNotToCheck, $adminskinEditActions, $allowActions);
\r
259 if (!in_array($this->action, $aActionsNotToCheck) && !$this->existsSkinContents($action) )
\r
261 if (!$manager->checkTicket())
\r
263 $this->error(_ERROR_BADTICKET);
\r
266 if ( !$this->adminSkin && $CONF['DefaultAdminSkin'] )
\r
268 $this->adminSkin = new Skin($CONF['DefaultAdminSkin']);
\r
271 if ( !method_exists($this, $methodName) && !in_array($this->action, $allowActions) && $this->existsSkinContents($action) )
\r
273 $this->action_parseSpecialskin;
\r
276 elseif ( method_exists($this, $methodName) )
\r
278 call_user_func(array(&$this, $methodName));
\r
284 $id = self::getAdminSkinID();
\r
285 $this->adminSkin = new Skin($id);
\r
286 if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') )
\r
288 $this->error(_BADACTION . ENTITY::hsc($action));
\r
291 elseif ( $id != $CONF['DefaultAdminSkin'] )
\r
293 $this->adminSkin = new Skin($CONF['DefaultAdminSkin']);
\r
294 if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') )
\r
296 $this->error(_BADACTION . ENTITY::hsc($action));
\r
304 $this->error(_BADACTION . ENTITY::hsc($action));
\r
308 * Check skin contents
\r
310 * @param string action type
\r
313 function existsSkinContents($action)
\r
315 $nsActions = $this->getSkinlessActions();
\r
316 $in_array = in_array($action, $nsActions);
\r
321 . ' scontent as result '
\r
323 . sql_table('adminskin') . ' '
\r
326 . 'AND stype = "%s"';
\r
327 if ( is_object($this->adminSkin) )
\r
329 return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action)));
\r
333 return quickQuery(sprintf($query, 1, sql_real_escape_string($action)));
\r
339 * Check exists specialskinparts
\r
341 * @param string action type
\r
344 function specialActionsAllow($action)
\r
347 . ' sdesc as result '
\r
349 . sql_table('adminskin') . ' '
\r
352 . 'AND stype = "%s"';
\r
353 return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action)));
\r
357 * @todo document this
\r
359 function action_showlogin()
\r
362 $this->action_login($error);
\r
366 * @todo document this
\r
368 function action_login($msg = '', $passvars = 1)
\r
372 // skip to overview when allowed
\r
373 if ( $member->isLoggedIn() && $member->canLogin() )
\r
375 $this->action_overview();
\r
379 $this->passvar = $passvars;
\r
382 $this->headMess = $msg;
\r
386 $this->parse('showlogin');
\r
391 * provides a screen with the overview of the actions available
\r
392 * @todo document parameter
\r
394 function action_overview($msg = '')
\r
398 $this->headMess = $msg;
\r
402 $this->parse('overview');
\r
407 * @todo document this
\r
409 function action_manage($msg = '')
\r
415 $this->headMess = $msg;
\r
417 $member->isAdmin() or $this->disallow();
\r
420 $this->parse('manage');
\r
425 * @todo document this
\r
427 function action_itemlist($blogid = '')
\r
429 global $member, $manager, $CONF;
\r
431 if ( $blogid == '' )
\r
433 $blogid = intRequestVar('blogid');
\r
436 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
\r
439 $this->parse('itemlist');
\r
444 * @todo document this
\r
446 function action_batchitem()
\r
448 global $member, $manager;
\r
450 // check if logged in
\r
451 $member->isLoggedIn() or $this->disallow();
\r
453 // more precise check will be done for each performed operation
\r
455 // get array of itemids from request
\r
456 $selected = requestIntArray('batch');
\r
457 $action = requestVar('batchaction');
\r
459 // Show error when no items were selected
\r
460 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
462 $this->error(_BATCH_NOSELECTION);
\r
465 // On move: when no destination blog/category chosen, show choice now
\r
466 $destCatid = intRequestVar('destcatid');
\r
467 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
\r
469 $this->batchMoveSelectDestination('item', $selected);
\r
472 // On delete: check if confirmation has been given
\r
473 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
475 $this->batchAskDeleteConfirmation('item',$selected);
\r
479 $this->parse('batchitem');
\r
484 * @todo document this
\r
486 function action_batchcomment()
\r
490 // check if logged in
\r
491 $member->isLoggedIn() or $this->disallow();
\r
493 // more precise check will be done for each performed operation
\r
495 // get array of itemids from request
\r
496 $selected = requestIntArray('batch');
\r
497 $action = requestVar('batchaction');
\r
499 // Show error when no items were selected
\r
500 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
502 $this->error(_BATCH_NOSELECTION);
\r
505 // On delete: check if confirmation has been given
\r
506 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
508 $this->batchAskDeleteConfirmation('comment',$selected);
\r
512 $this->parse('batchcomment');
\r
517 * @todo document this
\r
519 function action_batchmember()
\r
523 // check if logged in and admin
\r
524 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
\r
526 // get array of itemids from request
\r
527 $selected = requestIntArray('batch');
\r
528 $action = requestVar('batchaction');
\r
530 // Show error when no members selected
\r
531 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
533 $this->error(_BATCH_NOSELECTION);
\r
536 // On delete: check if confirmation has been given
\r
537 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
539 $this->batchAskDeleteConfirmation('member',$selected);
\r
543 $this->parse('batchmember');
\r
548 * @todo document this
\r
550 function action_batchteam()
\r
554 $blogid = intRequestVar('blogid');
\r
556 // check if logged in and admin
\r
557 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
\r
559 // get array of itemids from request
\r
560 $selected = requestIntArray('batch');
\r
561 $action = requestVar('batchaction');
\r
563 // Show error when no members selected
\r
564 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
566 $this->error(_BATCH_NOSELECTION);
\r
569 // On delete: check if confirmation has been given
\r
570 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
572 $this->batchAskDeleteConfirmation('team',$selected);
\r
576 $this->parse('batchteam');
\r
581 * @todo document this
\r
583 function action_batchcategory()
\r
585 global $member, $manager;
\r
587 // check if logged in
\r
588 $member->isLoggedIn() or $this->disallow();
\r
590 // more precise check will be done for each performed operation
\r
592 // get array of itemids from request
\r
593 $selected = requestIntArray('batch');
\r
594 $action = requestVar('batchaction');
\r
596 // Show error when no items were selected
\r
597 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
599 $this->error(_BATCH_NOSELECTION);
\r
602 // On move: when no destination blog chosen, show choice now
\r
603 $destBlogId = intRequestVar('destblogid');
\r
604 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
\r
606 $this->batchMoveCategorySelectDestination('category', $selected);
\r
609 // On delete: check if confirmation has been given
\r
610 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
612 $this->batchAskDeleteConfirmation('category', $selected);
\r
616 $this->parse('batchcategory');
\r
621 * @todo document this
\r
623 function batchMoveSelectDestination($type, $ids)
\r
625 $_POST['batchmove'] = $type;
\r
627 $this->parse('batchmove');
\r
633 * @todo document this
\r
635 function batchMoveCategorySelectDestination($type, $ids)
\r
637 $_POST['batchmove'] = $type;
\r
640 $this->parse('batchmovecat');
\r
646 * @todo document this
\r
648 function batchAskDeleteConfirmation($type, $ids)
\r
651 $this->parse('batchdelete');
\r
658 * Inserts a HTML select element with choices for all categories to which the current
\r
659 * member has access
\r
660 * @see function selectBlog
\r
662 function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
\r
664 Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
\r
668 * Inserts a HTML select element with choices for all blogs to which the user has access
\r
669 * mode = 'blog' => shows blognames and values are blogids
\r
670 * mode = 'category' => show category names and values are catids
\r
672 * @param $iForcedBlogInclude
\r
673 * ID of a blog that always needs to be included, without checking if the
\r
674 * member is on the blog team (-1 = none)
\r
675 * @todo document parameters
\r
677 function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
\r
679 global $member, $CONF;
\r
681 // 0. get IDs of blogs to which member can post items (+ forced blog)
\r
682 $aBlogIds = array();
\r
683 if ( $iForcedBlogInclude != -1 )
\r
685 $aBlogIds[] = intval($iForcedBlogInclude);
\r
688 if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) )
\r
690 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';
\r
694 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
\r
696 $rblogids = sql_query($queryBlogs);
\r
697 while ($o = sql_fetch_object($rblogids))
\r
699 if ( $o->bnumber != $iForcedBlogInclude )
\r
701 $aBlogIds[] = intval($o->bnumber);
\r
705 if ( count($aBlogIds) == 0 )
\r
710 $_REQUEST['selectData'] = array(
\r
712 'tabindex' => $tabindex,
\r
714 'selected' => $selected,
\r
715 'showNewCat' => $showNewCat,
\r
716 'aBlogIds' => $aBlogIds,
\r
718 $this->parse('blogselectbox');
\r
722 * @todo document this
\r
724 function action_browseownitems() {
\r
725 global $member, $manager, $CONF;
\r
728 $this->parse('browseownitems');
\r
733 * Show all the comments for a given item
\r
734 * @param int $itemid
\r
736 function action_itemcommentlist($itemid = '') {
\r
737 global $member, $manager, $CONF;
\r
739 if ( $itemid == '' )
\r
741 $itemid = intRequestVar('itemid');
\r
743 $_REQUEST['itemid'] = $itemid;
\r
744 $_REQUEST['blogid'] = getBlogIdFromItemId($itemid);
\r
746 // only allow if user is allowed to alter item
\r
747 $member->canAlterItem($itemid) or $this->disallow();
\r
749 $blogid = getBlogIdFromItemId($itemid);
\r
752 $this->parse('itemcommentlist');
\r
757 * Browse own comments
\r
759 function action_browseowncomments() {
\r
761 $this->parse('browseowncomments');
\r
766 * Browse all comments for a weblog
\r
767 * @param int $blogid
\r
769 function action_blogcommentlist($blogid = '')
\r
771 global $member, $manager, $CONF;
\r
773 if ( $blogid == '' )
\r
775 $blogid = intRequestVar('blogid');
\r
779 $blogid = intval($blogid);
\r
782 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
\r
784 $_REQUEST['blogid'] = $blogid;
\r
787 $this->parse('blogcommentlist');
\r
792 * Provide a page to item a new item to the given blog
\r
794 function action_createitem()
\r
796 global $member, $manager;
\r
798 $blogid = intRequestVar('blogid');
\r
800 // check if allowed
\r
801 $member->teamRights($blogid) or $this->disallow();
\r
803 $memberid = $member->getID();
\r
805 $blog =& $manager->getBlog($blogid);
\r
808 $this->parse('createitem');
\r
813 * @todo document this
\r
815 function action_itemedit()
\r
817 global $member, $manager;
\r
819 $itemid = intRequestVar('itemid');
\r
821 // only allow if user is allowed to alter item
\r
822 $member->canAlterItem($itemid) or $this->disallow();
\r
824 $item =& $manager->getItem($itemid, 1, 1);
\r
825 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
\r
827 $this->parse('itemedit');
\r
832 * @todo document this
\r
834 function action_itemupdate()
\r
836 global $member, $manager, $CONF;
\r
838 $itemid = intRequestVar('itemid');
\r
839 $catid = postVar('catid');
\r
841 // only allow if user is allowed to alter item
\r
842 $member->canUpdateItem($itemid, $catid) or $this->disallow();
\r
844 $actiontype = postVar('actiontype');
\r
846 // delete actions are handled by itemdelete (which has confirmation)
\r
847 if ( $actiontype == 'delete' )
\r
849 $this->action_itemdelete();
\r
853 $body = postVar('body');
\r
854 $title = postVar('title');
\r
855 $more = postVar('more');
\r
856 $closed = intPostVar('closed');
\r
857 $draftid = intPostVar('draftid');
\r
859 // default action = add now
\r
860 if ( !$actiontype )
\r
862 $actiontype='addnow';
\r
865 // create new category if needed
\r
866 if ( strstr($catid,'newcat') )
\r
869 list($blogid) = sscanf($catid,"newcat-%d");
\r
872 $blog =& $manager->getBlog($blogid);
\r
873 $catid = $blog->createNewCategory();
\r
875 // show error when sth goes wrong
\r
878 $this->doError(_ERROR_CATCREATEFAIL);
\r
883 set some variables based on actiontype
\r
886 draft items -> addnow, addfuture, adddraft, delete
\r
887 non-draft items -> edit, changedate, delete
\r
890 $timestamp: set to a nonzero value for future dates or date changes
\r
891 $wasdraft: set to 1 when the item used to be a draft item
\r
892 $publish: set to 1 when the edited item is not a draft
\r
894 $blogid = getBlogIDFromItemID($itemid);
\r
895 $blog =& $manager->getBlog($blogid);
\r
897 $wasdrafts = array('adddraft', 'addfuture', 'addnow');
\r
898 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
\r
899 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
\r
900 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
\r
902 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
\r
909 // edit the item for real
\r
910 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
\r
912 $this->updateFuturePosted($blogid);
\r
914 if ( $draftid > 0 )
\r
916 // delete permission is checked inside Item::delete()
\r
917 Item::delete($draftid);
\r
920 // show category edit window when we created a new category
\r
921 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
\r
922 if ( $catid != intPostVar('catid') )
\r
924 $this->action_categoryedit(
\r
927 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
\r
932 // TODO: set start item correctly for itemlist
\r
933 $item = Item::getItem($itemid, 0, 0);
\r
934 $cnt = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']);
\r
935 $_REQUEST['start'] = $cnt + 1;
\r
936 $this->action_itemlist(getBlogIDFromItemID($itemid));
\r
941 * Admin::action_itemdelete()
\r
947 function action_itemdelete()
\r
949 global $member, $manager;
\r
951 $itemid = intRequestVar('itemid');
\r
953 // only allow if user is allowed to alter item
\r
954 $member->canAlterItem($itemid) or $this->disallow();
\r
956 if ( !$manager->existsItem($itemid,1,1) )
\r
958 $this->error(_ERROR_NOSUCHITEM);
\r
962 $this->parse('itemdelete');
\r
968 * @todo document this
\r
970 function action_itemdeleteconfirm()
\r
974 $itemid = intRequestVar('itemid');
\r
976 // only allow if user is allowed to alter item
\r
977 $member->canAlterItem($itemid) or $this->disallow();
\r
979 // get blogid first
\r
980 $blogid = getBlogIdFromItemId($itemid);
\r
982 // delete item (note: some checks will be performed twice)
\r
983 $this->deleteOneItem($itemid);
\r
985 $this->action_itemlist($blogid);
\r
989 * Deletes one item and returns error if something goes wrong
\r
990 * @param int $itemid
\r
992 function deleteOneItem($itemid)
\r
994 global $member, $manager;
\r
996 // only allow if user is allowed to alter item (also checks if itemid exists)
\r
997 if ( !$member->canAlterItem($itemid) )
\r
999 return _ERROR_DISALLOWED;
\r
1002 // need to get blogid before the item is deleted
\r
1003 $blogid = getBlogIDFromItemId($itemid);
\r
1005 $manager->loadClass('ITEM');
\r
1006 Item::delete($itemid);
\r
1008 // update blog's futureposted
\r
1009 $this->updateFuturePosted($blogid);
\r
1013 * Admin::updateFuturePosted()
\r
1014 * Update a blog's future posted flag
\r
1016 * @param integer $blogid
\r
1020 function updateFuturePosted($blogid)
\r
1024 $blogid = intval($blogid);
\r
1025 $blog =& $manager->getBlog($blogid);
\r
1026 $currenttime = $blog->getCorrectTime(time());
\r
1028 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
\r
1029 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
\r
1030 $result = sql_query($query);
\r
1032 if ( sql_num_rows($result) > 0 )
\r
1034 $blog->setFuturePost();
\r
1038 $blog->clearFuturePost();
\r
1044 * @todo document this
\r
1046 function action_itemmove()
\r
1048 global $member, $manager;
\r
1050 $itemid = intRequestVar('itemid');
\r
1052 // only allow if user is allowed to alter item
\r
1053 $member->canAlterItem($itemid) or $this->disallow();
\r
1055 $this->pagehead();
\r
1056 $this->parse('itemmove');
\r
1057 $this->pagefoot();
\r
1061 * @todo document this
\r
1063 function action_itemmoveto()
\r
1065 global $member, $manager;
\r
1067 $itemid = intRequestVar('itemid');
\r
1068 $catid = requestVar('catid');
\r
1070 // create new category if needed
\r
1071 if ( strstr($catid,'newcat') )
\r
1074 list($blogid) = sscanf($catid,'newcat-%d');
\r
1077 $blog =& $manager->getBlog($blogid);
\r
1078 $catid = $blog->createNewCategory();
\r
1080 // show error when sth goes wrong
\r
1083 $this->doError(_ERROR_CATCREATEFAIL);
\r
1087 // only allow if user is allowed to alter item
\r
1088 $member->canUpdateItem($itemid, $catid) or $this->disallow();
\r
1090 $old_blogid = getBlogIDFromItemId($itemid);
\r
1092 Item::move($itemid, $catid);
\r
1094 // set the futurePosted flag on the blog
\r
1095 $this->updateFuturePosted(getBlogIDFromItemId($itemid));
\r
1097 // reset the futurePosted in case the item is moved from one blog to another
\r
1098 $this->updateFuturePosted($old_blogid);
\r
1100 if ( $catid != intRequestVar('catid') )
\r
1102 $this->action_categoryedit($catid, $blog->getID());
\r
1106 $this->action_itemlist(getBlogIDFromCatID($catid));
\r
1111 * Moves one item to a given category (category existance should be checked by caller)
\r
1112 * errors are returned
\r
1113 * @param int $itemid
\r
1114 * @param int $destCatid category ID to which the item will be moved
\r
1116 function moveOneItem($itemid, $destCatid)
\r
1120 // only allow if user is allowed to move item
\r
1121 if ( !$member->canUpdateItem($itemid, $destCatid) )
\r
1123 return _ERROR_DISALLOWED;
\r
1126 Item::move($itemid, $destCatid);
\r
1130 * Adds a item to the chosen blog
\r
1132 function action_additem()
\r
1134 global $manager, $CONF;
\r
1136 $manager->loadClass('ITEM');
\r
1138 $result = Item::createFromRequest();
\r
1140 if ( $result['status'] == 'error' )
\r
1142 $this->error($result['message']);
\r
1145 $blogid = getBlogIDFromItemID($result['itemid']);
\r
1146 $blog =& $manager->getBlog($blogid);
\r
1147 $btimestamp = $blog->getCorrectTime();
\r
1148 $item = $manager->getItem(intval($result['itemid']), 1, 1);
\r
1150 if ( $result['status'] == 'newcategory' )
\r
1152 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
\r
1153 $this->action_categoryedit($result['catid'], $blogid, $distURI);
\r
1157 $methodName = 'action_itemList';
\r
1158 call_user_func(array(&$this, $methodName), $blogid);
\r
1163 * Allows to edit previously made comments
\r
1165 function action_commentedit()
\r
1168 global $member, $manager;
\r
1170 $commentid = intRequestVar('commentid');
\r
1172 $member->canAlterComment($commentid) or $this->disallow();
\r
1174 $this->pagehead();
\r
1175 $this->parse('commentedit');
\r
1176 $this->pagefoot();
\r
1180 * @todo document this
\r
1182 function action_commentupdate()
\r
1184 global $member, $manager;
\r
1186 $commentid = intRequestVar('commentid');
\r
1188 $member->canAlterComment($commentid) or $this->disallow();
\r
1190 $url = postVar('url');
\r
1191 $email = postVar('email');
\r
1192 $body = postVar('body');
\r
1194 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
\r
1195 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE
\r
1196 # important note that '\' must be matched with '\\\\' in preg* expressions
\r
1198 // intercept words that are too long
\r
1199 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
\r
1201 $this->error(_ERROR_COMMENT_LONGWORD);
\r
1205 if ( i18n::strlen($body) < 3 )
\r
1207 $this->error(_ERROR_COMMENT_NOCOMMENT);
\r
1210 if ( i18n::strlen($body) > 5000 )
\r
1212 $this->error(_ERROR_COMMENT_TOOLONG);
\r
1216 $body = Comment::prepareBody($body);
\r
1220 'PreUpdateComment',
\r
1226 $query = 'UPDATE ' . sql_table('comment')
\r
1228 . " cmail = '" . sql_real_escape_string($url) . "',"
\r
1229 . " cemail = '" . sql_real_escape_string($email) . "',"
\r
1230 . " cbody = '" . sql_real_escape_string($body) . "'"
\r
1232 . " cnumber = " . $commentid;
\r
1233 sql_query($query);
\r
1236 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
\r
1237 $o = sql_fetch_object($res);
\r
1238 $itemid = $o->citem;
\r
1240 if ( $member->canAlterItem($itemid) )
\r
1242 $this->action_itemcommentlist($itemid);
\r
1246 $this->action_browseowncomments();
\r
1251 * Admin::action_commentdelete()
\r
1257 function action_commentdelete()
\r
1259 global $member, $manager;
\r
1261 $commentid = intRequestVar('commentid');
\r
1262 $member->canAlterComment($commentid) or $this->disallow();
\r
1264 $this->pagehead();
\r
1265 $this->parse('commentdelete');
\r
1266 $this->pagefoot();
\r
1271 * @todo document this
\r
1273 function action_commentdeleteconfirm()
\r
1277 $commentid = intRequestVar('commentid');
\r
1279 // get item id first
\r
1280 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
\r
1281 $o = sql_fetch_object($res);
\r
1282 $itemid = $o->citem;
\r
1284 $error = $this->deleteOneComment($commentid);
\r
1287 $this->doError($error);
\r
1290 if ( $member->canAlterItem($itemid) )
\r
1292 $this->action_itemcommentlist($itemid);
\r
1296 $this->action_browseowncomments();
\r
1301 * @todo document this
\r
1303 function deleteOneComment($commentid) {
\r
1304 global $member, $manager;
\r
1306 $commentid = intval($commentid);
\r
1308 if ( !$member->canAlterComment($commentid) )
\r
1310 return _ERROR_DISALLOWED;
\r
1314 'PreDeleteComment',
\r
1316 'commentid' => $commentid
\r
1320 // delete the comments associated with the item
\r
1321 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cnumber=' . $commentid;
\r
1322 sql_query($query);
\r
1325 'PostDeleteComment',
\r
1327 'commentid' => $commentid
\r
1335 * Usermanagement main
\r
1337 function action_usermanagement()
\r
1339 global $member, $manager;
\r
1341 // check if allowed
\r
1342 $member->isAdmin() or $this->disallow();
\r
1344 $this->pagehead();
\r
1345 $this->parse('usermanagement');
\r
1346 $this->pagefoot();
\r
1350 * Edit member settings
\r
1352 function action_memberedit()
\r
1354 $this->action_editmembersettings(intRequestVar('memberid'));
\r
1358 * @todo document this
\r
1360 function action_editmembersettings($memberid = '') {
\r
1361 global $member, $manager, $CONF;
\r
1363 if ( $memberid == '' )
\r
1365 $memberid = $member->getID();
\r
1367 $_REQUEST['memberid'] = $memberid;
\r
1369 // check if allowed
\r
1370 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
1372 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
1373 $this->pagehead($extrahead);
\r
1374 $this->parse('editmembersettings');
\r
1375 $this->pagefoot();
\r
1379 * @todo document this
\r
1381 function action_changemembersettings() {
\r
1382 global $member, $CONF, $manager;
\r
1384 $memberid = intRequestVar('memberid');
\r
1386 // check if allowed
\r
1387 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
1389 $name = trim(strip_tags(postVar('name')));
\r
1390 $realname = trim(strip_tags(postVar('realname')));
\r
1391 $password = postVar('password');
\r
1392 $repeatpassword = postVar('repeatpassword');
\r
1393 $email = strip_tags(postVar('email'));
\r
1394 $url = strip_tags(postVar('url'));
\r
1395 $adminskin = intPostVar('adminskin');
\r
1397 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
\r
1398 # original eregi: !eregi("^https?://", $url)
\r
1400 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
\r
1401 if ( !preg_match('#^https?://#', $url) )
\r
1403 $url = 'http://' . $url;
\r
1406 $admin = postVar('admin');
\r
1407 $canlogin = postVar('canlogin');
\r
1408 $notes = strip_tags(postVar('notes'));
\r
1409 $locale = postVar('locale');
\r
1411 $mem = Member::createFromID($memberid);
\r
1413 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
\r
1415 if ( !isValidDisplayName($name) )
\r
1417 $this->error(_ERROR_BADNAME);
\r
1420 if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
\r
1422 $this->error(_ERROR_NICKNAMEINUSE);
\r
1425 if ( $password != $repeatpassword )
\r
1427 $this->error(_ERROR_PASSWORDMISMATCH);
\r
1430 if ( $password && (i18n::strlen($password) < 6) )
\r
1432 $this->error(_ERROR_PASSWORDTOOSHORT);
\r
1442 'password' => $password,
\r
1443 'errormessage' => &$pwderror,
\r
1444 'valid' => &$pwdvalid
\r
1449 $this->error($pwderror);
\r
1454 if ( !NOTIFICATION::address_validation($email) )
\r
1456 $this->error(_ERROR_BADMAILADDRESS);
\r
1460 $this->error(_ERROR_REALNAMEMISSING);
\r
1462 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
\r
1464 $this->error(_ERROR_NOSUCHTRANSLATION);
\r
1467 // check if there will remain at least one site member with both the logon and admin rights
\r
1468 // (check occurs when taking away one of these rights from such a member)
\r
1469 if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
\r
1470 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
\r
1473 $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
\r
1474 if ( sql_num_rows($r) < 2 )
\r
1476 $this->error(_ERROR_ATLEASTONEADMIN);
\r
1480 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
\r
1482 $mem->setDisplayName($name);
\r
1485 $mem->setPassword($password);
\r
1489 $oldEmail = $mem->getEmail();
\r
1491 $mem->setRealName($realname);
\r
1492 $mem->setEmail($email);
\r
1493 $mem->setURL($url);
\r
1494 $mem->setNotes($notes);
\r
1495 $mem->setLocale($locale);
\r
1498 // only allow super-admins to make changes to the admin status
\r
1499 if ( $member->isAdmin() )
\r
1501 $mem->setAdmin($admin);
\r
1502 $mem->setCanLogin($canlogin);
\r
1505 $autosave = postVar('autosave');
\r
1506 $mem->setAutosave($autosave);
\r
1510 // store plugin options
\r
1511 $aOptions = requestArray('plugoption');
\r
1512 NucleusPlugin::apply_plugin_options($aOptions);
\r
1514 'PostPluginOptionsUpdate',
\r
1516 'context' => 'member',
\r
1517 'memberid' => $memberid,
\r
1522 // if email changed, generate new password
\r
1523 if ( $oldEmail != $mem->getEmail() )
\r
1525 $mem->sendActivationLink('addresschange', $oldEmail);
\r
1527 $mem->newCookieKey();
\r
1529 // only log out if the member being edited is the current member.
\r
1530 if ( $member->getID() == $memberid )
\r
1532 $member->logout();
\r
1534 $this->action_login(_MSG_ACTIVATION_SENT, 0);
\r
1539 if ( ( $mem->getID() == $member->getID() )
\r
1540 && ( $mem->getDisplayName() != $member->getDisplayName() )
\r
1543 $mem->newCookieKey();
\r
1544 $member->logout();
\r
1545 $this->action_login(_MSG_LOGINAGAIN, 0);
\r
1549 $this->action_overview(_MSG_SETTINGSCHANGED);
\r
1554 * Admin::action_memberadd()
\r
1560 function action_memberadd()
\r
1562 global $member, $manager;
\r
1564 // check if allowed
\r
1565 $member->isAdmin() or $this->disallow();
\r
1567 if ( postVar('password') != postVar('repeatpassword') )
\r
1569 $this->error(_ERROR_PASSWORDMISMATCH);
\r
1572 if ( i18n::strlen(postVar('password')) < 6 )
\r
1574 $this->error(_ERROR_PASSWORDTOOSHORT);
\r
1577 $res = Member::create(
\r
1579 postVar('realname'),
\r
1580 postVar('password'),
\r
1584 postVar('canlogin'),
\r
1589 $this->error($res);
\r
1592 // fire PostRegister event
\r
1593 $newmem = new Member();
\r
1594 $newmem->readFromName(postVar('name'));
\r
1598 'member' => &$newmem
\r
1602 $this->action_usermanagement();
\r
1607 * Account activation
\r
1611 function action_activate()
\r
1614 $key = getVar('key');
\r
1615 $this->_showActivationPage($key);
\r
1619 * @todo document this
\r
1621 function _showActivationPage($key, $message = '')
\r
1625 // clean up old activation keys
\r
1626 Member::cleanupActivationTable();
\r
1628 // get activation info
\r
1629 $info = Member::getActivationInfo($key);
\r
1633 $this->error(_ERROR_ACTIVATE);
\r
1636 $mem = Member::createFromId($info->vmember);
\r
1640 $this->error(_ERROR_ACTIVATE);
\r
1642 $_POST['ackey'] = $key;
\r
1643 $this->headMess = $message;
\r
1644 $_POST['bNeedsPasswordChange'] = true;
\r
1645 $this->pagehead();
\r
1646 $this->parse('activate');
\r
1647 $this->pagefoot();
\r
1652 * Account activation - set password part
\r
1656 function action_activatesetpwd()
\r
1659 $key = postVar('key');
\r
1661 // clean up old activation keys
\r
1662 Member::cleanupActivationTable();
\r
1664 // get activation info
\r
1665 $info = Member::getActivationInfo($key);
\r
1667 if ( !$info || ($info->type == 'addresschange') )
\r
1669 return $this->_showActivationPage($key, _ERROR_ACTIVATE);
\r
1672 $mem = Member::createFromId($info->vmember);
\r
1676 return $this->_showActivationPage($key, _ERROR_ACTIVATE);
\r
1679 $password = postVar('password');
\r
1680 $repeatpassword = postVar('repeatpassword');
\r
1682 if ( $password != $repeatpassword )
\r
1684 return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
\r
1687 if ( $password && (i18n::strlen($password) < 6) )
\r
1689 return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
\r
1700 'password' => $password,
\r
1701 'errormessage' => &$pwderror,
\r
1702 'valid' => &$pwdvalid
\r
1707 return $this->_showActivationPage($key,$pwderror);
\r
1716 'type' => 'activation',
\r
1718 'error' => &$error
\r
1721 if ( $error != '' )
\r
1723 return $this->_showActivationPage($key, $error);
\r
1728 $mem->setPassword($password);
\r
1731 // do the activation
\r
1732 Member::activate($key);
\r
1734 $this->pagehead();
\r
1735 $this->parse('activatesetpwd');
\r
1736 $this->pagefoot();
\r
1742 function action_manageteam()
\r
1744 global $member, $manager;
\r
1746 $blogid = intRequestVar('blogid');
\r
1748 // check if allowed
\r
1749 $member->blogAdminRights($blogid) or $this->disallow();
\r
1751 $this->pagehead();
\r
1752 $this->parse('manageteam');
\r
1753 $this->pagefoot();
\r
1757 * Add member to team
\r
1759 function action_teamaddmember()
\r
1761 global $member, $manager;
\r
1763 $memberid = intPostVar('memberid');
\r
1764 $blogid = intPostVar('blogid');
\r
1765 $admin = intPostVar('admin');
\r
1767 // check if allowed
\r
1768 $member->blogAdminRights($blogid) or $this->disallow();
\r
1770 $blog =& $manager->getBlog($blogid);
\r
1771 if ( !$blog->addTeamMember($memberid, $admin) )
\r
1773 $this->error(_ERROR_ALREADYONTEAM);
\r
1776 $this->action_manageteam();
\r
1781 * @todo document this
\r
1783 function action_teamdelete()
\r
1785 global $member, $manager;
\r
1787 $memberid = intRequestVar('memberid');
\r
1788 $blogid = intRequestVar('blogid');
\r
1790 // check if allowed
\r
1791 $member->blogAdminRights($blogid) or $this->disallow();
\r
1793 $teammem = Member::createFromID($memberid);
\r
1794 $blog =& $manager->getBlog($blogid);
\r
1796 $this->pagehead();
\r
1797 $this->parse('teamdelete');
\r
1798 $this->pagefoot();
\r
1802 * @todo document this
\r
1804 function action_teamdeleteconfirm()
\r
1808 $memberid = intRequestVar('memberid');
\r
1809 $blogid = intRequestVar('blogid');
\r
1811 $error = $this->deleteOneTeamMember($blogid, $memberid);
\r
1814 $this->error($error);
\r
1816 $this->action_manageteam();
\r
1820 * @todo document this
\r
1822 function deleteOneTeamMember($blogid, $memberid)
\r
1824 global $member, $manager;
\r
1826 $blogid = intval($blogid);
\r
1827 $memberid = intval($memberid);
\r
1829 // check if allowed
\r
1830 if ( !$member->blogAdminRights($blogid) )
\r
1832 return _ERROR_DISALLOWED;
\r
1835 // check if: - there remains at least one blog admin
\r
1836 // - (there remains at least one team member)
\r
1837 $tmem = Member::createFromID($memberid);
\r
1840 'PreDeleteTeamMember',
\r
1842 'member' => &$tmem,
\r
1843 'blogid' => $blogid
\r
1847 if ( $tmem->isBlogAdmin($blogid) )
\r
1849 // check if there are more blog members left and at least one admin
\r
1850 // (check for at least two admins before deletion)
\r
1851 $query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid . ' and tadmin=1';
\r
1852 $r = sql_query($query);
\r
1853 if ( sql_num_rows($r) < 2 )
\r
1855 return _ERROR_ATLEASTONEBLOGADMIN;
\r
1859 $query = 'DELETE FROM ' . sql_table('team') . " WHERE tblog=$blogid and tmember=$memberid";
\r
1860 sql_query($query);
\r
1863 'PostDeleteTeamMember',
\r
1865 'member' => &$tmem,
\r
1866 'blogid' => $blogid
\r
1874 * @todo document this
\r
1876 function action_teamchangeadmin()
\r
1880 $blogid = intRequestVar('blogid');
\r
1881 $memberid = intRequestVar('memberid');
\r
1883 // check if allowed
\r
1884 $member->blogAdminRights($blogid) or $this->disallow();
\r
1886 $mem = Member::createFromID($memberid);
\r
1888 // don't allow when there is only one admin at this moment
\r
1889 if ( $mem->isBlogAdmin($blogid) )
\r
1891 $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
\r
1892 if ( sql_num_rows($r) == 1 )
\r
1894 $this->error(_ERROR_ATLEASTONEBLOGADMIN);
\r
1898 if ( $mem->isBlogAdmin($blogid) )
\r
1907 $query = 'UPDATE ' . sql_table('team') . " SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
\r
1908 sql_query($query);
\r
1910 // only show manageteam if member did not change its own admin privileges
\r
1911 if ( $member->isBlogAdmin($blogid) )
\r
1913 $this->action_manageteam();
\r
1917 $this->action_overview(_MSG_ADMINCHANGED);
\r
1922 * @todo document this
\r
1924 function action_blogsettings()
\r
1926 global $member, $manager;
\r
1928 $blogid = intRequestVar('blogid');
\r
1930 // check if allowed
\r
1931 $member->blogAdminRights($blogid) or $this->disallow();
\r
1933 $blog =& $manager->getBlog($blogid);
\r
1935 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
1936 $this->pagehead($extrahead);
\r
1937 $this->parse('blogsettings');
\r
1938 $this->pagefoot();
\r
1942 * @todo document this
\r
1944 function action_categorynew()
\r
1946 global $member, $manager;
\r
1948 $blogid = intRequestVar('blogid');
\r
1950 $member->blogAdminRights($blogid) or $this->disallow();
\r
1952 $cname = postVar('cname');
\r
1953 $cdesc = postVar('cdesc');
\r
1955 if ( !isValidCategoryName($cname) )
\r
1957 $this->error(_ERROR_BADCATEGORYNAME);
\r
1960 $query = 'SELECT * FROM ' . sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname) . '\' and cblog=' . intval($blogid);
\r
1961 $res = sql_query($query);
\r
1962 if ( sql_num_rows($res) > 0 )
\r
1964 $this->error(_ERROR_DUPCATEGORYNAME);
\r
1967 $blog =& $manager->getBlog($blogid);
\r
1968 $newCatID = $blog->createNewCategory($cname, $cdesc);
\r
1970 $this->action_blogsettings();
\r
1974 * @todo document this
\r
1976 function action_categoryedit($catid = '', $blogid = '', $desturl = '')
\r
1978 global $member, $manager;
\r
1980 if ( $blogid == '' )
\r
1982 $blogid = intGetVar('blogid');
\r
1986 $blogid = intval($blogid);
\r
1988 if ( $catid == '' )
\r
1990 $catid = intGetVar('catid');
\r
1994 $catid = intval($catid);
\r
1996 $_REQUEST['blogid'] = $blogid;
\r
1997 $_REQUEST['catid'] = $catid;
\r
1998 $_REQUEST['desturl'] = $desturl;
\r
1999 $member->blogAdminRights($blogid) or $this->disallow();
\r
2001 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
\r
2002 $this->pagehead($extrahead);
\r
2003 $this->parse('categoryedit');
\r
2004 $this->pagefoot();
\r
2008 * @todo document this
\r
2010 function action_categoryupdate()
\r
2012 global $member, $manager;
\r
2014 $blogid = intPostVar('blogid');
\r
2015 $catid = intPostVar('catid');
\r
2016 $cname = postVar('cname');
\r
2017 $cdesc = postVar('cdesc');
\r
2018 $desturl = postVar('desturl');
\r
2020 $member->blogAdminRights($blogid) or $this->disallow();
\r
2022 if ( !isValidCategoryName($cname) )
\r
2024 $this->error(_ERROR_BADCATEGORYNAME);
\r
2027 $query = "SELECT *"
\r
2028 . " FROM " . sql_table('category')
\r
2029 . " WHERE cname='" . sql_real_escape_string($cname) . "'"
\r
2030 . " and cblog=" . intval($blogid)
\r
2031 . " and not(catid=" . intval($catid) . ")";
\r
2032 $res = sql_query($query);
\r
2033 if ( sql_num_rows($res) > 0 )
\r
2035 $this->error(_ERROR_DUPCATEGORYNAME);
\r
2038 $query = 'UPDATE '.sql_table('category').' SET'
\r
2039 . " cname='" . sql_real_escape_string($cname) . "',"
\r
2040 . " cdesc='" . sql_real_escape_string($cdesc) . "'"
\r
2041 . " WHERE catid=" . intval($catid);
\r
2043 sql_query($query);
\r
2045 // store plugin options
\r
2046 $aOptions = requestArray('plugoption');
\r
2047 NucleusPlugin::apply_plugin_options($aOptions);
\r
2049 'PostPluginOptionsUpdate',
\r
2051 'context' => 'category',
\r
2059 redirect($desturl);
\r
2064 $this->action_blogsettings();
\r
2069 * @todo document this
\r
2071 function action_categorydelete()
\r
2073 global $member, $manager;
\r
2075 $blogid = intRequestVar('blogid');
\r
2076 $catid = intRequestVar('catid');
\r
2078 $member->blogAdminRights($blogid) or $this->disallow();
\r
2080 $blog =& $manager->getBlog($blogid);
\r
2082 // check if the category is valid
\r
2083 if ( !$blog->isValidCategory($catid) )
\r
2085 $this->error(_ERROR_NOSUCHCATEGORY);
\r
2088 // don't allow deletion of default category
\r
2089 if ( $blog->getDefaultCategory() == $catid )
\r
2091 $this->error(_ERROR_DELETEDEFCATEGORY);
\r
2094 // check if catid is the only category left for blogid
\r
2095 $query = 'SELECT catid FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
\r
2096 $res = sql_query($query);
\r
2097 if ( sql_num_rows($res) == 1 )
\r
2099 $this->error(_ERROR_DELETELASTCATEGORY);
\r
2103 $this->pagehead();
\r
2104 $this->parse('categorydelete');
\r
2105 $this->pagefoot();
\r
2109 * @todo document this
\r
2111 function action_categorydeleteconfirm()
\r
2113 global $member, $manager;
\r
2115 $blogid = intRequestVar('blogid');
\r
2116 $catid = intRequestVar('catid');
\r
2118 $member->blogAdminRights($blogid) or $this->disallow();
\r
2120 $error = $this->deleteOneCategory($catid);
\r
2123 $this->error($error);
\r
2126 $this->action_blogsettings();
\r
2130 * Admin::deleteOneCategory()
\r
2131 * Delete a category by its id
\r
2133 * @param String $catid category id for deleting
\r
2136 function deleteOneCategory($catid)
\r
2138 global $manager, $member;
\r
2140 $catid = intval($catid);
\r
2141 $blogid = getBlogIDFromCatID($catid);
\r
2143 if ( !$member->blogAdminRights($blogid) )
\r
2145 return ERROR_DISALLOWED;
\r
2149 $blog =& $manager->getBlog($blogid);
\r
2151 // check if the category is valid
\r
2152 if ( !$blog || !$blog->isValidCategory($catid) )
\r
2154 return _ERROR_NOSUCHCATEGORY;
\r
2157 $destcatid = $blog->getDefaultCategory();
\r
2159 // don't allow deletion of default category
\r
2160 if ( $blog->getDefaultCategory() == $catid )
\r
2162 return _ERROR_DELETEDEFCATEGORY;
\r
2165 // check if catid is the only category left for blogid
\r
2166 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
\r
2167 $res = sql_query($query);
\r
2168 if ( sql_num_rows($res) == 1 )
\r
2170 return _ERROR_DELETELASTCATEGORY;
\r
2174 'PreDeleteCategory',
\r
2180 // change category for all items to the default category
\r
2181 $query = 'UPDATE ' . sql_table('item') . " SET icat=$destcatid WHERE icat=$catid";
\r
2182 sql_query($query);
\r
2184 // delete all associated plugin options
\r
2185 NucleusPlugin::delete_option_values('category', $catid);
\r
2187 // delete category
\r
2188 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE catid=' . $catid;
\r
2189 sql_query($query);
\r
2192 'PostDeleteCategory',
\r
2201 * Admin::action_blogsettingsupdate
\r
2202 * Updating blog settings
\r
2207 function action_blogsettingsupdate()
\r
2209 global $member, $manager;
\r
2211 $blogid = intRequestVar('blogid');
\r
2213 $member->blogAdminRights($blogid) or $this->disallow();
\r
2215 $blog =& $manager->getBlog($blogid);
\r
2217 $notify_address = trim(postVar('notify'));
\r
2218 $shortname = trim(postVar('shortname'));
\r
2219 $updatefile = trim(postVar('update'));
\r
2221 $notifyComment = intPostVar('notifyComment');
\r
2222 $notifyVote = intPostVar('notifyVote');
\r
2223 $notifyNewItem = intPostVar('notifyNewItem');
\r
2225 if ( $notifyComment == 0 )
\r
2227 $notifyComment = 1;
\r
2229 if ( $notifyVote == 0 )
\r
2233 if ( $notifyNewItem == 0 )
\r
2235 $notifyNewItem = 1;
\r
2237 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
\r
2239 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
\r
2241 $this->error(_ERROR_BADNOTIFY);
\r
2244 if ( !isValidShortName($shortname) )
\r
2246 $this->error(_ERROR_BADSHORTBLOGNAME);
\r
2249 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
\r
2251 $this->error(_ERROR_DUPSHORTBLOGNAME);
\r
2253 // check if update file is writable
\r
2254 if ( $updatefile && !is_writeable($updatefile) )
\r
2256 $this->error(_ERROR_UPDATEFILE);
\r
2259 $blog->setName(trim(postVar('name')));
\r
2260 $blog->setShortName($shortname);
\r
2261 $blog->setNotifyAddress($notify_address);
\r
2262 $blog->setNotifyType($notifyType);
\r
2263 $blog->setMaxComments(postVar('maxcomments'));
\r
2264 $blog->setCommentsEnabled(postVar('comments'));
\r
2265 $blog->setTimeOffset(postVar('timeoffset'));
\r
2266 $blog->setUpdateFile($updatefile);
\r
2267 $blog->setURL(trim(postVar('url')));
\r
2268 $blog->setDefaultSkin(intPostVar('defskin'));
\r
2269 $blog->setDescription(trim(postVar('desc')));
\r
2270 $blog->setPublic(postVar('public'));
\r
2271 $blog->setConvertBreaks(intPostVar('convertbreaks'));
\r
2272 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
\r
2273 $blog->setDefaultCategory(intPostVar('defcat'));
\r
2274 $blog->setSearchable(intPostVar('searchable'));
\r
2275 $blog->setEmailRequired(intPostVar('reqemail'));
\r
2276 $blog->writeSettings();
\r
2278 // store plugin options
\r
2279 $aOptions = requestArray('plugoption');
\r
2280 NucleusPlugin::apply_plugin_options($aOptions);
\r
2282 'PostPluginOptionsUpdate',
\r
2284 'context' => 'blog',
\r
2285 'blogid' => $blogid,
\r
2290 $this->action_overview(_MSG_SETTINGSCHANGED);
\r
2295 * @todo document this
\r
2297 function action_deleteblog()
\r
2299 global $member, $CONF, $manager;
\r
2301 $blogid = intRequestVar('blogid');
\r
2303 $member->blogAdminRights($blogid) or $this->disallow();
\r
2305 // check if blog is default blog
\r
2306 if ( $CONF['DefaultBlog'] == $blogid )
\r
2308 $this->error(_ERROR_DELDEFBLOG);
\r
2311 $blog =& $manager->getBlog($blogid);
\r
2313 $this->pagehead();
\r
2314 $this->parse('deleteblog');
\r
2315 $this->pagefoot();
\r
2319 * Admin::action_deleteblogconfirm()
\r
2325 function action_deleteblogconfirm()
\r
2327 global $member, $CONF, $manager;
\r
2329 $blogid = intRequestVar('blogid');
\r
2333 'blogid' => $blogid
\r
2336 $member->blogAdminRights($blogid) or $this->disallow();
\r
2338 // check if blog is default blog
\r
2339 if ( $CONF['DefaultBlog'] == $blogid )
\r
2341 $this->error(_ERROR_DELDEFBLOG);
\r
2344 // delete all comments
\r
2345 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
\r
2346 sql_query($query);
\r
2348 // delete all items
\r
2349 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
\r
2350 sql_query($query);
\r
2352 // delete all team members
\r
2353 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
\r
2354 sql_query($query);
\r
2356 // delete all bans
\r
2357 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
\r
2358 sql_query($query);
\r
2360 // delete all categories
\r
2361 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
\r
2362 sql_query($query);
\r
2364 // delete all associated plugin options
\r
2365 NucleusPlugin::delete_option_values('blog', $blogid);
\r
2367 // delete the blog itself
\r
2368 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
\r
2369 sql_query($query);
\r
2374 'blogid' => $blogid
\r
2378 $this->action_overview(_DELETED_BLOG);
\r
2383 * @todo document this
\r
2385 function action_memberdelete()
\r
2387 global $member, $manager;
\r
2389 $memberid = intRequestVar('memberid');
\r
2391 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
2393 $mem = Member::createFromID($memberid);
\r
2395 $this->pagehead();
\r
2396 $this->parse('memberdelete');
\r
2397 $this->pagefoot();
\r
2401 * @todo document this
\r
2403 function action_memberdeleteconfirm()
\r
2407 $memberid = intRequestVar('memberid');
\r
2409 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
\r
2411 $error = $this->deleteOneMember($memberid);
\r
2414 $this->error($error);
\r
2417 if ( $member->isAdmin() )
\r
2419 $this->action_usermanagement();
\r
2423 $this->action_overview(_DELETED_MEMBER);
\r
2428 * Admin::deleteOneMember()
\r
2429 * Delete a member by id
\r
2432 * @params Integer $memberid member id
\r
2433 * @return String null string or error messages
\r
2435 function deleteOneMember($memberid)
\r
2439 $memberid = intval($memberid);
\r
2440 $mem = Member::createFromID($memberid);
\r
2442 if ( !$mem->canBeDeleted() )
\r
2444 return _ERROR_DELETEMEMBER;
\r
2448 'PreDeleteMember',
\r
2454 /* unlink comments from memberid */
\r
2457 $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d";
\r
2458 $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid);
\r
2459 sql_query($query);
\r
2462 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
\r
2463 sql_query($query);
\r
2465 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
\r
2466 sql_query($query);
\r
2468 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
\r
2469 sql_query($query);
\r
2471 // delete all associated plugin options
\r
2472 NucleusPlugin::delete_option_values('member', $memberid);
\r
2475 'PostDeleteMember',
\r
2485 * @todo document this
\r
2487 function action_createnewlog()
\r
2489 global $member, $CONF, $manager;
\r
2491 // Only Super-Admins can do this
\r
2492 $member->isAdmin() or $this->disallow();
\r
2494 $this->pagehead();
\r
2495 $this->parse('createnewlog');
\r
2496 $this->pagefoot();
\r
2500 * @todo document this
\r
2502 function action_addnewlog()
\r
2504 global $member, $manager, $CONF;
\r
2506 // Only Super-Admins can do this
\r
2507 $member->isAdmin() or $this->disallow();
\r
2509 $bname = trim(postVar('name'));
\r
2510 $bshortname = trim(postVar('shortname'));
\r
2511 $btimeoffset = postVar('timeoffset');
\r
2512 $bdesc = trim(postVar('desc'));
\r
2513 $bdefskin = postVar('defskin');
\r
2515 if ( !isValidShortName($bshortname) )
\r
2517 $this->error(_ERROR_BADSHORTBLOGNAME);
\r
2520 if ( $manager->existsBlog($bshortname) )
\r
2522 $this->error(_ERROR_DUPSHORTBLOGNAME);
\r
2528 'name' => &$bname,
\r
2529 'shortname' => &$bshortname,
\r
2530 'timeoffset' => &$btimeoffset,
\r
2531 'description' => &$bdesc,
\r
2532 'defaultskin' => &$bdefskin
\r
2537 // add slashes for sql queries
\r
2538 $bname = sql_real_escape_string($bname);
\r
2539 $bshortname = sql_real_escape_string($bshortname);
\r
2540 $btimeoffset = sql_real_escape_string($btimeoffset);
\r
2541 $bdesc = sql_real_escape_string($bdesc);
\r
2542 $bdefskin = sql_real_escape_string($bdefskin);
\r
2545 $query = 'INSERT '
\r
2547 . sql_table('blog')
\r
2552 . ' btimeoffset, '
\r
2555 . "'" . $bname . "',"
\r
2556 . "'" . $bshortname . "',"
\r
2557 . "'" . $bdesc . "',"
\r
2558 . "'" . $btimeoffset . "',"
\r
2559 . "'" . $bdefskin . "'"
\r
2561 sql_query($query);
\r
2562 $blogid = sql_insert_id();
\r
2563 $blog =& $manager->getBlog($blogid);
\r
2565 // create new category
\r
2566 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');
\r
2567 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');
\r
2568 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';
\r
2569 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));
\r
2570 $catid = sql_insert_id();
\r
2572 // set as default category
\r
2573 $blog->setDefaultCategory($catid);
\r
2574 $blog->writeSettings();
\r
2576 // create team member
\r
2577 $memberid = $member->getID();
\r
2578 $query = 'INSERT '
\r
2580 . sql_table('team')
\r
2590 sql_query(sprintf($query), $memberid, $blogid);
\r
2592 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
\r
2593 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
\r
2596 $blog->getDefaultCategory(),
\r
2597 $itemdeftitle,$itemdefbody,
\r
2601 $blog->getCorrectTime(),
\r
2614 'PostAddCategory',
\r
2617 'name' => _EBLOGDEFAULTCATEGORY_NAME,
\r
2618 'description' => _EBLOGDEFAULTCATEGORY_DESC,
\r
2623 $_REQUEST['blogid'] = $blogid;
\r
2624 $_REQUEST['catid'] = $catid;
\r
2625 $this->pagehead();
\r
2626 $this->parse('addnewlog');
\r
2627 $this->pagefoot();
\r
2631 * @todo document this
\r
2633 function action_addnewlog2()
\r
2635 global $member, $manager;
\r
2636 $blogid = intRequestVar('blogid');
\r
2638 $member->blogAdminRights($blogid) or $this->disallow();
\r
2640 $burl = requestVar('url');
\r
2642 $blog =& $manager->getBlog($blogid);
\r
2643 $blog->setURL(trim($burl));
\r
2644 $blog->writeSettings();
\r
2646 $this->action_overview(_MSG_NEWBLOG);
\r
2650 * @todo document this
\r
2652 function action_skinieoverview()
\r
2654 global $member, $DIR_LIBS, $manager;
\r
2656 $member->isAdmin() or $this->disallow();
\r
2658 // load skinie class
\r
2659 include_once($DIR_LIBS . 'skinie.php');
\r
2661 $this->pagehead();
\r
2662 $this->parse('skinieoverview');
\r
2663 $this->pagefoot();
\r
2668 * @todo document this
\r
2670 function action_skinieimport() {
\r
2671 global $member, $DIR_LIBS, $DIR_SKINS, $manager;
\r
2673 $member->isAdmin() or $this->disallow();
\r
2675 // load skinie class
\r
2676 include_once($DIR_LIBS . 'skinie.php');
\r
2678 $skinFileRaw = postVar('skinfile');
\r
2679 $mode = postVar('mode');
\r
2681 $importer = new SkinImport();
\r
2683 // get full filename
\r
2684 if ($mode == 'file')
\r
2686 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2688 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2689 if ( !file_exists($skinFile) )
\r
2691 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2694 $skinFile = $skinFileRaw;
\r
2697 // read only metadata
\r
2698 $error = $importer->readFile($skinFile, 1);
\r
2700 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2701 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2702 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2705 $skinNameClashes = $importer->checkSkinNameClashes();
\r
2706 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
2707 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
2709 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
2710 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
2711 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
2715 $this->error($error);
\r
2718 $this->pagehead();
\r
2719 $this->parse('skinieimport');
\r
2720 $this->pagefoot();
\r
2724 * @todo document this
\r
2726 function action_skiniedoimport()
\r
2728 global $member, $DIR_LIBS, $DIR_SKINS;
\r
2730 $member->isAdmin() or $this->disallow();
\r
2732 // load skinie class
\r
2733 include_once($DIR_LIBS . 'skinie.php');
\r
2735 $skinFileRaw= postVar('skinfile');
\r
2736 $mode = postVar('mode');
\r
2738 $allowOverwrite = intPostVar('overwrite');
\r
2740 // get full filename
\r
2741 if ( $mode == 'file' )
\r
2743 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2745 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2746 if ( !file_exists($skinFile) )
\r
2748 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2754 $skinFile = $skinFileRaw;
\r
2757 $importer = new SkinImport();
\r
2759 $error = $importer->readFile($skinFile);
\r
2763 $this->error($error);
\r
2766 $error = $importer->writeToDatabase($allowOverwrite);
\r
2770 $this->error($error);
\r
2773 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2774 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2775 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2777 $this->pagehead();
\r
2778 $this->parse('skiniedoimport');
\r
2779 $this->pagefoot();
\r
2783 * @todo document this
\r
2785 function action_skinieexport()
\r
2787 global $member, $DIR_LIBS;
\r
2789 $member->isAdmin() or $this->disallow();
\r
2791 // load skinie class
\r
2792 include_once($DIR_LIBS . 'skinie.php');
\r
2794 $aSkins = requestIntArray('skin');
\r
2795 $aTemplates = requestIntArray('template');
\r
2797 if ( !is_array($aTemplates) )
\r
2799 $aTemplates = array();
\r
2801 if ( !is_array($aSkins) )
\r
2803 $aSkins = array();
\r
2806 $skinList = array_keys($aSkins);
\r
2807 $templateList = array_keys($aTemplates);
\r
2809 $info = postVar('info');
\r
2811 $exporter = new SkinExport();
\r
2812 foreach ($skinList as $skinId)
\r
2814 $exporter->addSkin($skinId);
\r
2816 foreach ($templateList as $templateId)
\r
2818 $exporter->addTemplate($templateId);
\r
2820 $exporter->setInfo($info);
\r
2822 $exporter->export();
\r
2826 * @todo document this
\r
2828 function action_templateoverview()
\r
2830 global $member, $manager;
\r
2832 $member->isAdmin() or $this->disallow();
\r
2834 $this->pagehead();
\r
2835 $this->parse('templateoverview');
\r
2836 $this->pagefoot();
\r
2840 * @todo document this
\r
2842 function action_templateedit($msg = '')
\r
2844 global $member, $manager;
\r
2847 $this->headMess = $msg;
\r
2850 $templateid = intRequestVar('templateid');
\r
2852 $member->isAdmin() or $this->disallow();
\r
2854 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';
\r
2855 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';
\r
2857 $this->pagehead($extrahead);
\r
2858 $this->parse('templateedit');
\r
2859 $this->pagefoot();
\r
2863 * @todo document this
\r
2865 function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {
\r
2866 static $count = 1;
\r
2867 if (!isset($template[$name])) $template[$name] = '';
\r
2870 <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>
\r
2871 <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo Entity::hsc($template[$name]); ?></textarea></td>
\r
2877 * @todo document this
\r
2879 function action_templateupdate()
\r
2881 global $member,$manager;
\r
2883 $templateid = intRequestVar('templateid');
\r
2885 $member->isAdmin() or $this->disallow();
\r
2887 $name = postVar('tname');
\r
2888 $desc = postVar('tdesc');
\r
2890 if ( !isValidTemplateName($name) )
\r
2892 $this->error(_ERROR_BADTEMPLATENAME);
\r
2895 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
\r
2897 $this->error(_ERROR_DUPTEMPLATENAME);
\r
2900 $name = sql_real_escape_string($name);
\r
2901 $desc = sql_real_escape_string($desc);
\r
2903 // 1. Remove all template parts
\r
2904 $query = 'DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid;
\r
2905 sql_query($query);
\r
2907 // 2. Update description
\r
2908 $query = 'UPDATE '
\r
2909 . sql_table('template_desc')
\r
2911 . " tdname='" . $name . "',"
\r
2912 . " tddesc='" . $desc . "'"
\r
2914 . " tdnumber=" . $templateid;
\r
2915 sql_query($query);
\r
2917 // 3. Add non-empty template parts
\r
2918 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));
\r
2919 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM'));
\r
2920 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));
\r
2921 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));
\r
2922 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));
\r
2923 $this->addToTemplate($templateid, 'NEW', postVar('NEW'));
\r
2924 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));
\r
2925 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));
\r
2926 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));
\r
2927 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));
\r
2928 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));
\r
2929 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));
\r
2930 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));
\r
2931 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));
\r
2932 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));
\r
2933 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
\r
2934 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
\r
2935 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
\r
2936 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
\r
2937 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
\r
2938 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
\r
2939 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
\r
2940 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
\r
2941 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
\r
2942 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));
\r
2943 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));
\r
2944 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));
\r
2945 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));
\r
2946 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));
\r
2947 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));
\r
2948 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
\r
2949 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));
\r
2950 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
\r
2951 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
\r
2953 $pluginfields = array();
\r
2955 'TemplateExtraFields',
\r
2957 'fields'=>&$pluginfields
\r
2960 foreach ($pluginfields as $pfkey=>$pfvalue)
\r
2962 foreach ($pfvalue as $pffield=>$pfdesc)
\r
2964 $this->addToTemplate($templateid, $pffield, postVar($pffield));
\r
2968 // jump back to template edit
\r
2969 $this->action_templateedit(_TEMPLATE_UPDATED);
\r
2974 * Admin::addToTemplate()
\r
2976 * @param Integer $id ID for template
\r
2977 * @param String $partname parts name
\r
2978 * @param String $content template contents
\r
2979 * @return Integer record index
\r
2982 function addToTemplate($id, $partname, $content)
\r
2984 // don't add empty parts:
\r
2985 if ( !trim($content) )
\r
2990 $partname = sql_real_escape_string($partname);
\r
2991 $content = sql_real_escape_string($content);
\r
2993 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, '%s', '%s')";
\r
2994 $query = sprintf($query, sql_table('template'), (integer) $id, $partname, $content);
\r
2995 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
2996 return sql_insert_id();
\r
3000 * @todo document this
\r
3002 function action_templatedelete() {
\r
3003 global $member, $manager;
\r
3005 $member->isAdmin() or $this->disallow();
\r
3007 $templateid = intRequestVar('templateid');
\r
3008 // TODO: check if template can be deleted
\r
3010 $this->pagehead();
\r
3011 $this->parse('templatedelete');
\r
3012 $this->pagefoot();
\r
3016 * @todo document this
\r
3018 function action_templatedeleteconfirm() {
\r
3019 global $member, $manager;
\r
3021 $templateid = intRequestVar('templateid');
\r
3023 $member->isAdmin() or $this->disallow();
\r
3026 'PreDeleteTemplate',
\r
3028 'templateid' => $templateid
\r
3032 // 1. delete description
\r
3033 sql_query('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
\r
3035 // 2. delete parts
\r
3036 sql_query('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
\r
3039 'PostDeleteTemplate',
\r
3041 'templateid' => $templateid
\r
3045 $this->action_templateoverview();
\r
3049 * @todo document this
\r
3051 function action_templatenew()
\r
3055 $member->isAdmin() or $this->disallow();
\r
3057 $name = postVar('name');
\r
3058 $desc = postVar('desc');
\r
3060 if ( !isValidTemplateName($name) )
\r
3062 $this->error(_ERROR_BADTEMPLATENAME);
\r
3065 if ( Template::exists($name) )
\r
3067 $this->error(_ERROR_DUPTEMPLATENAME);
\r
3070 $newTemplateId = Template::createNew($name, $desc);
\r
3072 $this->action_templateoverview();
\r
3076 * @todo document this
\r
3078 function action_templateclone()
\r
3082 $templateid = intRequestVar('templateid');
\r
3084 $member->isAdmin() or $this->disallow();
\r
3086 // 1. read old template
\r
3087 $name = Template::getNameFromId($templateid);
\r
3088 $desc = Template::getDesc($templateid);
\r
3090 // 2. create desc thing
\r
3091 $name = "cloned" . $name;
\r
3093 // if a template with that name already exists:
\r
3094 if (Template::exists($name)) {
\r
3096 while (Template::exists($name . $i))
\r
3103 $newid = Template::createNew($name, $desc);
\r
3105 // 3. create clone
\r
3106 // go through parts of old template and add them to the new one
\r
3111 . sql_table('template')
\r
3113 . ' tdesc=' . intval($templateid);
\r
3114 $res = sql_query($que);
\r
3115 while ($o = sql_fetch_object($res)) {
\r
3116 $this->addToTemplate($newid, $o->tpartname, $o->tcontent);
\r
3119 $this->action_templateoverview();
\r
3123 * @todo document this
\r
3125 function action_admintemplateoverview()
\r
3127 global $member, $manager;
\r
3128 $member->isAdmin() or $this->disallow();
\r
3129 $this->pagehead();
\r
3130 $this->parse('admintemplateoverview');
\r
3131 $this->pagefoot();
\r
3135 * @todo document this
\r
3137 function action_admintemplateedit($msg = '')
\r
3139 global $member, $manager;
\r
3141 $this->headMess = $msg;
\r
3143 $member->isAdmin() or $this->disallow();
\r
3144 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>' . "\n";
\r
3145 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';
\r
3146 $this->pagehead($extrahead);
\r
3147 $this->parse('admintemplateedit');
\r
3148 $this->pagefoot();
\r
3152 * @todo document this
\r
3154 function action_admintemplateupdate()
\r
3156 global $member, $manager;
\r
3157 $templateid = intRequestVar('templateid');
\r
3158 $member->isAdmin() or $this->disallow();
\r
3159 $name = postVar('tname');
\r
3160 $desc = postVar('tdesc');
\r
3162 if (!isValidTemplateName($name)) {
\r
3163 $this->error(_ERROR_BADTEMPLATENAME);
\r
3165 // if (!class_exists('Template')) {
\r
3166 // NP_SkinableAdmin::loadSkinableClass('Template');
\r
3168 if ((Template::getNameFromId($templateid) != $name) && Template::exists($name)) {
\r
3169 $this->error(_ERROR_DUPTEMPLATENAME);
\r
3171 $name = sql_real_escape_string($name);
\r
3172 $desc = sql_real_escape_string($desc);
\r
3174 // 1. Remove all template parts
\r
3175 $query = 'DELETE '
\r
3177 . sql_table('admintemplate') . ' '
\r
3180 sql_query(sprintf($query, $templateid));
\r
3182 // 2. Update description
\r
3183 $query = 'UPDATE '
\r
3184 . sql_table('admintemplate_desc') . ' '
\r
3186 . ' tdname = "' . sql_real_escape_string($name) . '", '
\r
3187 . ' tddesc = "' . sql_real_escape_string($desc) . '" '
\r
3189 . ' tdnumber = %d';
\r
3190 sql_query(sprintf($query, $templateid));
\r
3192 // 3. Add non-empty template parts
\r
3193 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_HEAD', postVar('ADMINSKINTYPELIST_HEAD'));
\r
3194 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_BODY', postVar('ADMINSKINTYPELIST_BODY'));
\r
3195 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_FOOT', postVar('ADMINSKINTYPELIST_FOOT'));
\r
3196 $this->addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON', postVar('ADMIN_CUSTOMHELPLINK_ICON'));
\r
3197 $this->addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR', postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
\r
3198 $this->addToAdminTemplate($templateid, 'ADMIN_BLOGLINK', postVar('ADMIN_BLOGLINK'));
\r
3199 $this->addToAdminTemplate($templateid, 'ADMIN_BATCHLIST', postVar('ADMIN_BATCHLIST'));
\r
3200 $this->addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TITLE', postVar('ACTIVATE_FORGOT_TITLE'));
\r
3201 $this->addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TEXT', postVar('ACTIVATE_FORGOT_TEXT'));
\r
3202 $this->addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TITLE', postVar('ACTIVATE_REGISTER_TITLE'));
\r
3203 $this->addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TEXT', postVar('ACTIVATE_REGISTER_TEXT'));
\r
3204 $this->addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TITLE', postVar('ACTIVATE_CHANGE_TITLE'));
\r
3205 $this->addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TEXT', postVar('ACTIVATE_CHANGE_TEXT'));
\r
3206 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME', postVar('TEMPLATE_EDIT_EXPLUGNAME'));
\r
3207 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD', postVar('TEMPLATE_EDIT_ROW_HEAD'));
\r
3208 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL', postVar('TEMPLATE_EDIT_ROW_TAIL'));
\r
3209 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_HEAD', postVar('SPECIALSKINLIST_HEAD'));
\r
3210 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_BODY', postVar('SPECIALSKINLIST_BODY'));
\r
3211 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_FOOT', postVar('SPECIALSKINLIST_FOOT'));
\r
3212 $this->addToAdminTemplate($templateid, 'SYSTEMINFO_GDSETTINGS', postVar('SYSTEMINFO_GDSETTINGS'));
\r
3213 $this->addToAdminTemplate($templateid, 'BANLIST_DELETED_LIST', postVar('BANLIST_DELETED_LIST'));
\r
3214 $this->addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_TITLE', postVar('INSERT_PLUGOPTION_TITLE'));
\r
3215 $this->addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_BODY', postVar('INSERT_PLUGOPTION_BODY'));
\r
3216 $this->addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN', postVar('INPUTYESNO_TEMPLATE_ADMIN'));
\r
3217 $this->addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL', postVar('INPUTYESNO_TEMPLATE_NORMAL'));
\r
3218 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD', postVar('ADMIN_SPECIALSKINLIST_HEAD'));
\r
3219 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY', postVar('ADMIN_SPECIALSKINLIST_BODY'));
\r
3220 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT', postVar('ADMIN_SPECIALSKINLIST_FOOT'));
\r
3221 $this->addToAdminTemplate($templateid, 'SKINIE_EXPORT_LIST', postVar('SKINIE_EXPORT_LIST'));
\r
3222 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD', postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
\r
3223 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY', postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
\r
3224 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT', postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
\r
3225 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
\r
3226 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
\r
3227 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
\r
3228 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
\r
3229 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
\r
3230 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
\r
3231 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
\r
3232 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
\r
3233 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
\r
3234 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
\r
3235 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
\r
3236 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
\r
3237 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
\r
3238 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
\r
3239 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
\r
3240 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
\r
3241 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
\r
3242 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
\r
3243 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
\r
3244 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
\r
3245 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
\r
3246 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
\r
3247 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
\r
3248 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
\r
3249 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
\r
3250 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
\r
3251 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
\r
3252 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
\r
3253 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
\r
3254 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
\r
3255 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
\r
3256 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
\r
3257 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
\r
3258 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
\r
3259 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
\r
3260 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
\r
3261 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
\r
3262 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
\r
3263 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
\r
3264 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
\r
3265 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
\r
3266 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
\r
3267 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
\r
3268 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
\r
3269 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
\r
3270 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
\r
3271 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
\r
3272 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
\r
3273 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
\r
3274 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
\r
3275 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
\r
3276 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
\r
3277 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
\r
3278 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
\r
3279 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
\r
3280 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
\r
3281 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
\r
3282 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
\r
3283 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
\r
3284 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
\r
3285 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
\r
3286 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
\r
3287 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
\r
3288 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
\r
3289 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
\r
3290 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
\r
3291 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
\r
3292 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
\r
3293 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
\r
3294 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE', postVar('PLUGIN_QUICKMENU_TITLE'));
\r
3295 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD', postVar('PLUGIN_QUICKMENU_HEAD'));
\r
3296 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_BODY', postVar('PLUGIN_QUICKMENU_BODY'));
\r
3297 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT', postVar('PLUGIN_QUICKMENU_FOOT'));
\r
3299 $pluginfields = array();
\r
3301 'TemplateExtraFields',
\r
3303 'fields' => &$pluginfields
\r
3306 foreach ($pluginfields as $pfkey => $pfvalue) {
\r
3307 foreach ($pfvalue as $pffield => $pfdesc) {
\r
3308 $this->addToAdminTemplate($templateid, $pffield, postVar($pffield));
\r
3312 // jump back to template edit
\r
3313 $this->action_admintemplateedit(_TEMPLATE_UPDATED);
\r
3317 * @todo document this
\r
3319 function addToAdminTemplate($id, $partname, $content)
\r
3321 $partname = sql_real_escape_string($partname);
\r
3322 $content = sql_real_escape_string($content);
\r
3325 $id = intval($id);
\r
3327 // don't add empty parts:
\r
3328 if (!trim($content)) {
\r
3331 $query = 'INSERT '
\r
3333 . sql_table('admintemplate') . ' '
\r
3343 sql_query(sprintf($query, $id, $partname, $content)) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
3344 return sql_insert_id();
\r
3348 * @todo document this
\r
3350 function action_admintemplatedelete()
\r
3352 global $member, $manager;
\r
3353 $member->isAdmin() or $this->disallow();
\r
3354 // TODO: check if template can be deleted
\r
3355 $this->pagehead();
\r
3356 $this->parse('admintemplatedelete');
\r
3357 $this->pagefoot();
\r
3361 * @todo document this
\r
3363 function action_admintemplatedeleteconfirm()
\r
3365 global $member, $manager;
\r
3366 $templateid = intRequestVar('templateid');
\r
3367 $member->isAdmin() or $this->disallow();
\r
3369 'PreDeleteAdminTemplate',
\r
3371 'templateid' => $templateid
\r
3375 $query = 'DELETE '
\r
3379 . ' %s = ' .intval($templateid);
\r
3380 // 1. delete description
\r
3381 sql_query(sprintf($query, sql_table('admintemplate_desc'), 'tdnumber'));
\r
3382 // 2. delete parts
\r
3383 sql_query(sprintf($query, sql_table('admintemplate'), 'tdesc'));
\r
3386 'PostDeleteAdminTemplate',
\r
3388 'templateid' => $templateid
\r
3391 $this->action_admintemplateoverview();
\r
3395 * @todo document this
\r
3397 function action_admintemplatenew()
\r
3400 $member->isAdmin() or $this->disallow();
\r
3401 $name = postVar('name');
\r
3402 $desc = postVar('desc');
\r
3404 if (!isValidTemplateName($name)) {
\r
3405 $this->error(_ERROR_BADTEMPLATENAME);
\r
3407 if (Template::exists($name)) {
\r
3408 $this->error(_ERROR_DUPTEMPLATENAME);
\r
3411 $newTemplateId = Template::createNew($name, $desc);
\r
3412 $this->action_admintemplateoverview();
\r
3416 * @todo document this
\r
3418 function action_admintemplateclone()
\r
3421 $templateid = intRequestVar('templateid');
\r
3422 $member->isAdmin() or $this->disallow();
\r
3424 // if (!class_exists('Template')) {
\r
3425 // NP_SkinableAdmin::loadSkinableClass('Template');
\r
3428 // 1. read old template
\r
3429 $name = Template::getNameFromId($templateid);
\r
3430 $desc = Template::getDesc($templateid);
\r
3431 // 2. create desc thing
\r
3432 $name = "cloned" . $name;
\r
3434 // if a template with that name already exists:
\r
3435 if (Template::exists($name)) {
\r
3437 while (Template::exists($name . $i)) {
\r
3443 $newid = Template::admincreateNew($name, $desc);
\r
3445 // 3. create clone
\r
3446 // go through parts of old template and add them to the new one
\r
3451 . sql_table('admintemplate') . ' '
\r
3453 . ' tdesc = ' . intval($templateid);
\r
3454 $res = sql_query($que);
\r
3455 while ($o = sql_fetch_object($res)) {
\r
3456 $this->addToAdminTemplate($newid, $o->tpartname, $o->tcontent);
\r
3458 $this->action_admintemplateoverview();
\r
3462 * @todo document this
\r
3464 function action_skinoverview()
\r
3466 global $member, $manager;
\r
3468 $member->isAdmin() or $this->disallow();
\r
3470 $this->pagehead();
\r
3471 $this->parse('skinoverview');
\r
3472 $this->pagefoot();
\r
3476 * @todo document this
\r
3478 function action_skinnew()
\r
3482 $member->isAdmin() or $this->disallow();
\r
3484 $name = trim(postVar('name'));
\r
3485 $desc = trim(postVar('desc'));
\r
3487 if ( !isValidSkinName($name) )
\r
3489 $this->error(_ERROR_BADSKINNAME);
\r
3492 if ( SKIN::exists($name) )
\r
3494 $this->error(_ERROR_DUPSKINNAME);
\r
3497 $newId = SKIN::createNew($name, $desc);
\r
3499 $this->action_skinoverview();
\r
3503 * @todo document this
\r
3505 function action_skinedit()
\r
3507 global $member, $manager;
\r
3509 // $skinid = intRequestVar('skinid');
\r
3511 $member->isAdmin() or $this->disallow();
\r
3513 // $skin = new SKIN($skinid);
\r
3515 $this->pagehead();
\r
3516 $this->parse('skinedit');
\r
3517 $this->pagefoot();
\r
3521 * @todo document this
\r
3523 function action_skineditgeneral()
\r
3527 $skinid = intRequestVar('skinid');
\r
3529 $member->isAdmin() or $this->disallow();
\r
3531 $name = postVar('name');
\r
3532 $desc = postVar('desc');
\r
3533 $type = postVar('type');
\r
3534 $inc_mode = postVar('inc_mode');
\r
3535 $inc_prefix = postVar('inc_prefix');
\r
3537 $skin = new Skin($skinid);
\r
3540 if ( !isValidSkinName($name) )
\r
3542 $this->error(_ERROR_BADSKINNAME);
\r
3545 if ( ($skin->getName() != $name) && SKIN::exists($name) )
\r
3547 $this->error(_ERROR_DUPSKINNAME);
\r
3552 $type = 'text/html';
\r
3556 $inc_mode = 'normal';
\r
3559 // 2. Update description
\r
3560 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
3562 $this->action_skinedit();
\r
3567 * @todo document this
\r
3569 function action_skinedittype($msg = '')
\r
3571 global $member, $manager;
\r
3573 $member->isAdmin() or $this->disallow();
\r
3576 $this->headMess = $msg;
\r
3578 $skinid = intRequestVar('skinid');
\r
3579 $type = requestVar('type');
\r
3580 $type = trim($type);
\r
3581 $type = strtolower($type);
\r
3583 if ( !isValidShortName($type) )
\r
3585 $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
3588 $this->pagehead();
\r
3589 $this->parse('skinedittype');
\r
3590 $this->pagefoot();
\r
3594 * @todo document this
\r
3596 function action_skinupdate()
\r
3600 $skinid = intRequestVar('skinid');
\r
3601 $content = trim(postVar('content'));
\r
3602 $type = postVar('type');
\r
3604 $member->isAdmin() or $this->disallow();
\r
3606 $skin = new SKIN($skinid);
\r
3607 $skin->update($type, $content);
\r
3609 $this->action_skinedittype(_SKIN_UPDATED);
\r
3613 * @todo document this
\r
3615 function action_skindelete()
\r
3617 global $member, $manager, $CONF;
\r
3619 $skinid = intRequestVar('skinid');
\r
3621 $member->isAdmin() or $this->disallow();
\r
3623 // don't allow default skin to be deleted
\r
3624 if ( $skinid == $CONF['BaseSkin'] )
\r
3626 $this->error(_ERROR_DEFAULTSKIN);
\r
3629 // don't allow deletion of default skins for blogs
\r
3630 $query = 'SELECT bname FROM ' . sql_table('blog') . ' WHERE bdefskin=' . $skinid;
\r
3631 $r = sql_query($query);
\r
3632 if ( $o = sql_fetch_object($r) )
\r
3634 $this->error(_ERROR_SKINDEFDELETE . Entity::hsc($o->bname));
\r
3637 $this->pagehead();
\r
3638 $this->parse('skindelete');
\r
3639 $this->pagefoot();
\r
3643 * @todo document this
\r
3645 function action_skindeleteconfirm()
\r
3647 global $member, $CONF, $manager;
\r
3649 $skinid = intRequestVar('skinid');
\r
3651 $member->isAdmin() or $this->disallow();
\r
3653 // don't allow default skin to be deleted
\r
3654 if ( $skinid == $CONF['BaseSkin'] )
\r
3656 $this->error(_ERROR_DEFAULTSKIN);
\r
3659 // don't allow deletion of default skins for blogs
\r
3663 . sql_table('blog') . ' '
\r
3665 . ' bdefskin=' . $skinid;
\r
3666 $r = sql_query($query);
\r
3667 if ( $o = sql_fetch_object($r) )
\r
3669 $this->error(_ERROR_SKINDEFDELETE .$o->bname);
\r
3675 'skinid' => $skinid
\r
3679 // 1. delete description
\r
3680 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid);
\r
3682 // 2. delete parts
\r
3683 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid);
\r
3688 'skinid' => $skinid
\r
3692 $this->action_skinoverview();
\r
3696 * @todo document this
\r
3698 function action_skinremovetype() {
\r
3699 global $member, $manager, $CONF;
\r
3701 $member->isAdmin() or $this->disallow();
\r
3703 $skinid = intRequestVar('skinid');
\r
3704 $skintype = requestVar('type');
\r
3706 if ( !isValidShortName($skintype) )
\r
3708 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3712 // don't allow default skinparts to be deleted
\r
3713 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3715 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3718 $this->pagehead();
\r
3719 $this->parse('skinremovetype');
\r
3720 $this->pagefoot();
\r
3724 * @todo document this
\r
3726 function action_skinremovetypeconfirm() {
\r
3727 global $member, $CONF, $manager;
\r
3729 $member->isAdmin() or $this->disallow();
\r
3731 $skinid = intRequestVar('skinid');
\r
3732 $skintype = requestVar('type');
\r
3734 if ( !isValidShortName($skintype) )
\r
3736 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3739 // don't allow default skinparts to be deleted
\r
3740 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3742 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3746 'PreDeleteSkinPart',
\r
3748 'skinid' => $skinid,
\r
3749 'skintype' => $skintype
\r
3754 sql_query("DELETE FROM " . sql_table('skin') . " WHERE sdesc=" . $skinid . " AND stype='" . $skintype . "'");
\r
3757 'PostDeleteSkinPart',
\r
3759 'skinid' => $skinid,
\r
3760 'skintype' => $skintype
\r
3764 $this->action_skinedit();
\r
3768 * @todo document this
\r
3770 function action_skinclone()
\r
3774 $member->isAdmin() or $this->disallow();
\r
3776 $skinid = intRequestVar('skinid');
\r
3778 // 1. read skin to clone
\r
3779 $skin = new SKIN($skinid);
\r
3781 $name = "clone_" . $skin->getName();
\r
3783 // if a skin with that name already exists:
\r
3784 if (Skin::exists($name)) {
\r
3786 while (Skin::exists($name . $i))
\r
3791 // 2. create skin desc
\r
3792 $newid = Skin::createNew(
\r
3794 $skin->getDescription(),
\r
3795 $skin->getContentType(),
\r
3796 $skin->getIncludeMode(),
\r
3797 $skin->getIncludePrefix()
\r
3802 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;
\r
3803 $res = sql_query($query);
\r
3804 while ($row = sql_fetch_assoc($res)) {
\r
3805 $this->skinclonetype($skin, $newid, $row['stype']);
\r
3808 $this->action_skinoverview();
\r
3813 * Admin::skinclonetype()
\r
3815 * @param String $skin Skin object
\r
3816 * @param Integer $newid ID for this clone
\r
3817 * @param String $type type of skin
\r
3820 function skinclonetype($skin, $newid, $type)
\r
3822 $newid = intval($newid);
\r
3823 $content = $skin->getContent($type);
\r
3827 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')";
\r
3828 $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type);
\r
3829 sql_query($query);
\r
3835 * @todo document this
\r
3837 function action_adminskinoverview() {
\r
3838 global $member, $manager;
\r
3840 $member->isAdmin() or $this->disallow();
\r
3842 $this->pagehead();
\r
3843 $this->parse('adminskinoverview');
\r
3844 $this->pagefoot();
\r
3848 * @todo document this
\r
3850 function action_adminskinnew()
\r
3853 $member->isAdmin() or $this->disallow();
\r
3854 $name = trim(postVar('name'));
\r
3855 $desc = trim(postVar('desc'));
\r
3857 if (!isValidSkinName($name)) {
\r
3858 $this->error(_ERROR_BADSKINNAME);
\r
3860 if (SkinSKIN::exists($name)) {
\r
3861 $this->error(_ERROR_DUPSKINNAME);
\r
3863 $newId = Skin::createNew($name, $desc);
\r
3864 $this->action_adminskinoverview();
\r
3868 * @todo document this
\r
3870 function action_adminskinedit()
\r
3872 global $member, $manager;
\r
3874 $member->isAdmin() or $this->disallow();
\r
3875 $this->pagehead();
\r
3876 $this->parse('adminskinedit');
\r
3877 $this->pagefoot();
\r
3881 * @todo document this
\r
3883 function action_adminskineditgeneral()
\r
3887 $skinid = intRequestVar('skinid');
\r
3889 $member->isAdmin() or $this->disallow();
\r
3891 $name = postVar('name');
\r
3892 $desc = postVar('desc');
\r
3893 $type = postVar('type');
\r
3894 $inc_mode = postVar('inc_mode');
\r
3895 $inc_prefix = postVar('inc_prefix');
\r
3897 $skin = new Skin($skinid);
\r
3900 if (!isValidSkinName($name)) {
\r
3901 $this->error(_ERROR_BADSKINNAME);
\r
3903 if (($skin->getName() != $name) && Skin::exists($name)) {
\r
3904 $this->error(_ERROR_DUPSKINNAME);
\r
3907 $type = 'text/html';
\r
3910 $inc_mode = 'normal';
\r
3912 // 2. Update description
\r
3913 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
3914 $this->action_adminskinedit();
\r
3918 * @todo document this
\r
3920 function action_adminskinedittype($msg = '')
\r
3922 global $member, $manager;
\r
3924 $member->isAdmin() or $this->disallow();
\r
3926 $this->headMess = $msg;
\r
3928 $type = requestVar('type');
\r
3929 $type = trim($type);
\r
3930 $type = strtolower($type);
\r
3931 if (!isValidShortName($type)) {
\r
3932 $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
3934 $this->pagehead();
\r
3935 $this->parse('adminskinedittype');
\r
3936 $this->pagefoot();
\r
3940 * @todo document this
\r
3942 function action_adminskinupdate()
\r
3945 $skinid = intRequestVar('skinid');
\r
3946 $content = trim(postVar('content'));
\r
3947 $type = postVar('type');
\r
3949 $member->isAdmin() or $this->disallow();
\r
3951 $skin = new Skin($skinid);
\r
3952 $skin->update($type, $content);
\r
3953 $this->action_adminskinedittype(_SKIN_UPDATED);
\r
3957 * @todo document this
\r
3959 function action_adminskindelete()
\r
3961 global $member, $manager, $CONF;
\r
3962 $member->isAdmin() or $this->disallow();
\r
3963 $skinid = intRequestVar('skinid');
\r
3964 $this->pagehead();
\r
3965 $this->parse('adminskindelete');
\r
3966 $this->pagefoot();
\r
3970 * @todo document this
\r
3972 function action_adminskindeleteconfirm()
\r
3974 global $member, $CONF, $manager;
\r
3975 $member->isAdmin() or $this->disallow();
\r
3976 $skinid = intRequestVar('skinid');
\r
3977 // don't allow default skin to be deleted
\r
3978 if ($skinid == $CONF['DefaultAdminSkin']) {
\r
3979 $this->error(_ERROR_DEFAULTSKIN);
\r
3981 // don't allow deletion of default skins for members
\r
3982 $memberDefaults = $member->getAdminSkin();
\r
3983 foreach ($memberDefaults as $memID => $adminskin) {
\r
3984 if ($skinid == $adminskin) {
\r
3985 $mem = MEMBER::createFromID($memID);
\r
3986 $this->error(_ERROR_SKINDEFDELETE . $mem->displayname);
\r
3990 'PreDeleteAdminSkin',
\r
3992 'skinid' => intval($skinid)
\r
3995 $query = 'DELETE FROM %s WHERE %s = ' . intval($skinid);
\r
3996 // 1. delete description
\r
3997 sql_query(sprintf($query, sql_table('adminskin_desc'), 'sdnumber'));
\r
3998 // 2. delete parts
\r
3999 sql_query(sprintf($query, sql_table('adminskin'), 'sdesc'));
\r
4001 'PostDeleteAdminSkin',
\r
4003 'skinid' => intval($skinid)
\r
4006 $this->action_adminskinoverview();
\r
4010 * @todo document this
\r
4012 function action_adminskinremovetype()
\r
4014 global $member, $manager, $CONF;
\r
4016 $member->isAdmin() or $this->disallow();
\r
4017 $skinid = intRequestVar('skinid');
\r
4018 $skintype = requestVar('type');
\r
4019 if (!isValidShortName($skintype)) {
\r
4020 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4022 $this->pagehead();
\r
4023 $this->parse('adminskinremovetype');
\r
4024 $this->pagefoot();
\r
4028 * @todo document this
\r
4030 function action_adminskinremovetypeconfirm()
\r
4032 global $member, $CONF, $manager;
\r
4034 $member->isAdmin() or $this->disallow();
\r
4035 $skinid = intRequestVar('skinid');
\r
4036 $skintype = requestVar('type');
\r
4037 if (!isValidShortName($skintype)) {
\r
4038 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4041 'PreDeleteAdminSkinPart',
\r
4043 'skinid' => $skinid,
\r
4044 'skintype' => $skintype
\r
4048 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype ="%s"';
\r
4049 sql_query(sprintf($query, sql_table('adminskin'), intval($skinid), $skintype ));
\r
4051 'PostDeleteAdminSkinPart',
\r
4053 'skinid' => $skinid,
\r
4054 'skintype' => $skintype
\r
4057 $this->action_adminskinedit();
\r
4061 * @todo document this
\r
4063 function action_adminskinclone()
\r
4066 $member->isAdmin() or $this->disallow();
\r
4067 $skinid = intRequestVar('skinid');
\r
4068 // 1. read skin to clone
\r
4069 $skin = new Skin($skinid);
\r
4070 $name = "clone_" . $skin->getName();
\r
4071 // if a skin with that name already exists:
\r
4072 if (Skin::exists($name)) {
\r
4074 while (Skin::exists($name . $i)) {
\r
4079 // 2. create skin desc
\r
4080 $newid = Skin::createNew(
\r
4082 $skin->getDescription(),
\r
4083 $skin->getContentType(),
\r
4084 $skin->getIncludeMode(),
\r
4085 $skin->getIncludePrefix()
\r
4087 $query = 'SELECT '
\r
4090 . sql_table('adminskin') . ' '
\r
4092 . ' sdesc = ' . $skinid;
\r
4093 $res = sql_query($query);
\r
4094 while ($row = sql_fetch_assoc($res)) {
\r
4095 $this->adminskinclonetype($skin, $newid, $row['stype']);
\r
4097 $this->action_adminskinoverview();
\r
4101 * @todo document this
\r
4103 function adminskinclonetype($skin, $newid, $type)
\r
4105 $newid = intval($newid);
\r
4106 $content = $skin->getContent($type);
\r
4108 $query = 'INSERT '
\r
4110 . sql_table('adminskin') . ' '
\r
4116 . intval($newid) . ', '
\r
4117 . '"' . sql_real_escape_string($content) . '", '
\r
4118 . '"' . sql_real_escape_string($type) . '" '
\r
4120 sql_query($query);
\r
4125 * @todo document this
\r
4127 function action_adminskinieoverview()
\r
4129 global $member, $DIR_LIBS, $manager;
\r
4130 $member->isAdmin() or $this->disallow();
\r
4131 // load skinie class
\r
4132 include_once($DIR_LIBS . 'skinie.php');
\r
4133 $this->pagehead();
\r
4134 $this->parse('adminskinieoverview');
\r
4135 $this->pagefoot();
\r
4140 * @todo document this
\r
4142 function action_adminskinieimport()
\r
4144 global $DIR_LIBS, $DIR_ADMINSKINS, $manager, $member;
\r
4145 $member->isAdmin() or $this->disallow();
\r
4146 // load skinie class
\r
4147 include_once($DIR_LIBS . 'skinie.php');
\r
4148 $skinFileRaw= postVar('skinfile');
\r
4149 $mode = postVar('mode');
\r
4150 $importer = new SKINIMPORT();
\r
4151 // get full filename
\r
4152 if ($mode == 'file') {
\r
4153 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
4154 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4155 if (!file_exists($skinFile)) {
\r
4156 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
\r
4159 $skinFile = $skinFileRaw;
\r
4161 // read only metadata
\r
4162 $error = $importer->readFile($skinFile, 1);
\r
4164 $this->error($error);
\r
4167 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4168 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4169 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4172 $skinNameClashes = $importer->checkSkinNameClashes();
\r
4173 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
4174 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
4175 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
4176 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
4177 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
4179 $this->pagehead();
\r
4180 $this->parse('adminskinieimport');
\r
4181 $this->pagefoot();
\r
4185 * @todo document this
\r
4187 function action_adminskiniedoimport()
\r
4189 global $DIR_LIBS, $DIR_ADMINSKINS, $member;
\r
4190 $member->isAdmin() or $this->disallow();
\r
4191 // load skinie class
\r
4192 include_once($DIR_LIBS . 'skinie.php');
\r
4193 $skinFileRaw = postVar('skinfile');
\r
4194 $mode = postVar('mode');
\r
4195 $allowOverwrite = intPostVar('overwrite');
\r
4196 // get full filename
\r
4197 if ($mode == 'file') {
\r
4198 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
4199 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4200 if (!file_exists($skinFile)) {
\r
4201 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
\r
4204 $skinFile = $skinFileRaw;
\r
4206 $importer = new SKINIMPORT();
\r
4207 $error = $importer->readFile($skinFile);
\r
4209 $this->error($error);
\r
4211 $error = $importer->writeToDatabase($allowOverwrite);
\r
4213 $this->error($error);
\r
4216 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4217 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4218 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4220 $this->pagehead();
\r
4221 $this->parse('adminskiniedoimport');
\r
4222 $this->pagefoot();
\r
4227 * @todo document this
\r
4229 function action_adminskinieexport()
\r
4231 global $member, $DIR_PLUGINS;
\r
4232 $member->isAdmin() or $this->disallow();
\r
4233 // load skinie class
\r
4234 $aSkins = requestIntArray('skin');
\r
4235 $aTemplates = requestIntArray('template');
\r
4236 if (!is_array($aTemplates)) {
\r
4237 $aTemplates = array();
\r
4239 if (!is_array($aSkins)) {
\r
4240 $aSkins = array();
\r
4242 $skinList = array_keys($aSkins);
\r
4243 $templateList = array_keys($aTemplates);
\r
4245 $info = postVar('info');
\r
4247 $exporter = new SkinEXPORT();
\r
4248 foreach ($skinList as $skinId) {
\r
4249 $exporter->addSkin($skinId);
\r
4251 foreach ($templateList as $templateId) {
\r
4252 $exporter->addTemplate($templateId);
\r
4254 $exporter->setInfo($info);
\r
4255 $exporter->export();
\r
4260 * Admin::action_settingsedit()
\r
4265 function action_settingsedit() {
\r
4266 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
\r
4268 $member->isAdmin() or $this->disallow();
\r
4270 $this->pagehead();
\r
4271 $this->parse('settingsedit');
\r
4272 $this->pagefoot();
\r
4276 * Admin::action_settingsupdate()
\r
4277 * Update $CONFIG and redirect
\r
4282 function action_settingsupdate() {
\r
4283 global $member, $CONF;
\r
4285 $member->isAdmin() or $this->disallow();
\r
4287 // check if email address for admin is valid
\r
4288 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
\r
4290 $this->error(_ERROR_BADMAILADDRESS);
\r
4294 $this->updateConfig('DefaultBlog', postVar('DefaultBlog'));
\r
4295 $this->updateConfig('BaseSkin', postVar('BaseSkin'));
\r
4296 $this->updateConfig('IndexURL', postVar('IndexURL'));
\r
4297 $this->updateConfig('AdminURL', postVar('AdminURL'));
\r
4298 $this->updateConfig('PluginURL', postVar('PluginURL'));
\r
4299 $this->updateConfig('SkinsURL', postVar('SkinsURL'));
\r
4300 $this->updateConfig('ActionURL', postVar('ActionURL'));
\r
4301 $this->updateConfig('Locale', postVar('Locale'));
\r
4302 $this->updateConfig('AdminEmail', postVar('AdminEmail'));
\r
4303 $this->updateConfig('SessionCookie', postVar('SessionCookie'));
\r
4304 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));
\r
4305 $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
\r
4306 $this->updateConfig('NonmemberMail', postVar('NonmemberMail'));
\r
4307 $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
\r
4308 $this->updateConfig('SiteName', postVar('SiteName'));
\r
4309 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));
\r
4310 $this->updateConfig('DisableSite', postVar('DisableSite'));
\r
4311 $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
\r
4312 $this->updateConfig('LastVisit', postVar('LastVisit'));
\r
4313 $this->updateConfig('MediaURL', postVar('MediaURL'));
\r
4314 $this->updateConfig('AllowedTypes', postVar('AllowedTypes'));
\r
4315 $this->updateConfig('AllowUpload', postVar('AllowUpload'));
\r
4316 $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
\r
4317 $this->updateConfig('MediaPrefix', postVar('MediaPrefix'));
\r
4318 $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
\r
4319 $this->updateConfig('DisableJsTools', postVar('DisableJsTools'));
\r
4320 $this->updateConfig('CookieDomain', postVar('CookieDomain'));
\r
4321 $this->updateConfig('CookiePath', postVar('CookiePath'));
\r
4322 $this->updateConfig('CookieSecure', postVar('CookieSecure'));
\r
4323 $this->updateConfig('URLMode', postVar('URLMode'));
\r
4324 $this->updateConfig('CookiePrefix', postVar('CookiePrefix'));
\r
4325 $this->updateConfig('DebugVars', postVar('DebugVars'));
\r
4326 $this->updateConfig('DefaultListSize', postVar('DefaultListSize'));
\r
4327 $this->updateConfig('AdminCSS', postVar('AdminCSS'));
\r
4329 // load new config and redirect (this way, the new locale will be used is necessary)
\r
4330 // note that when changing cookie settings, this redirect might cause the user
\r
4331 // to have to log in again.
\r
4333 redirect($CONF['AdminURL'] . '?action=manage');
\r
4338 * Admin::action_systemoverview()
\r
4339 * Output system overview
\r
4344 function action_systemoverview()
\r
4346 $this->pagehead();
\r
4347 $this->parse('systemoverview');
\r
4348 $this->pagefoot();
\r
4352 * Admin::updateConfig()
\r
4354 * @param string $name
\r
4355 * @param string $val
\r
4356 * @return integer return the ID in which the latest query posted
\r
4358 function updateConfig($name, $val)
\r
4360 $name = sql_real_escape_string($name);
\r
4361 $val = trim(sql_real_escape_string($val));
\r
4363 $query = "UPDATE %s SET value='%s' WHERE name='%s'";
\r
4364 $query = sprintf($query, sql_table('config'), $val, $name);
\r
4365 // sql_query($query) or die("Query error: " . sql_error());
\r
4366 sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());
\r
4367 return sql_insert_id();
\r
4372 * @param string $msg message that will be shown
\r
4374 function error($msg)
\r
4376 $this->pagehead();
\r
4377 $this->parse('adminerrorpage');
\r
4378 $this->pagefoot();
\r
4383 * Admin::disallow()
\r
4384 * add error log and show error page
\r
4389 function disallow()
\r
4391 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
\r
4392 $this->error(_ERROR_DISALLOWED);
\r
4396 * Admin::pagehead()
\r
4397 * Output admin page head
\r
4402 function pagehead($extrahead = '')
\r
4404 if ( $this->existsSkinContents('pagehead') )
\r
4406 if ( isset($extrahead) && !empty($extrahead) )
\r
4408 $this->extrahead = $extrahead;
\r
4410 $this->parse('pagehead');
\r
4414 global $member, $nucleus, $CONF, $manager;
\r
4417 'AdminPrePageHead',
\r
4419 'extrahead' => &$extrahead,
\r
4420 'action' => $this->action
\r
4424 $baseUrl = Entity::hsc($CONF['AdminURL']);
\r
4425 if ( !array_key_exists('AdminCSS',$CONF) )
\r
4427 sql_query("INSERT INTO " . sql_table('config') . " VALUES ('AdminCSS', 'original')");
\r
4428 $CONF['AdminCSS'] = 'original';
\r
4431 /* HTTP 1.1 application for no caching */
\r
4432 header("Cache-Control: no-cache, must-revalidate");
\r
4433 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
\r
4435 $root_element = 'html';
\r
4436 $charset = i18n::get_current_charset();
\r
4437 $locale = preg_replace('#_#', '-', i18n::get_current_locale());
\r
4439 echo "<?xml version=\"{$this->xml_version_info}\" encoding=\"{$charset}\" ?>\n";
\r
4440 echo "<!DOCTYPE {$root_element} PUBLIC \"{$this->formal_public_identifier}\" \"{$this->system_identifier}\">\n";
\r
4441 echo "<{$root_element} xmlns=\"{$this->xhtml_namespace}\" xml:lang=\"{$locale}\" lang=\"{$locale}\">\n";
\r
4443 echo '<title>' . Entity::hsc($CONF['SiteName']) . " - Admin</title>\n";
\r
4444 echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/admin_{$CONF["AdminCSS"]}.css\" />\n";
\r
4445 echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/addedit.css\" />\n";
\r
4446 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/edit.js\"></script>\n";
\r
4447 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/admin.js\"></script>\n";
\r
4448 echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/compatibility.js\"></script>\n";
\r
4449 echo "{$extrahead}\n";
\r
4450 echo "</head>\n\n";
\r
4452 echo "<div id=\"adminwrapper\">\n";
\r
4453 echo "<div class=\"header\">\n";
\r
4454 echo '<h1>' . Entity::hsc($CONF['SiteName']) . "</h1>\n";
\r
4456 echo "<div id=\"container\">\n";
\r
4457 echo "<div id=\"content\">\n";
\r
4458 echo "<div class=\"loginname\">\n";
\r
4459 if ( $member->isLoggedIn() )
\r
4461 echo _LOGGEDINAS . ' ' . $member->getDisplayName() ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a><br />\n";
\r
4462 echo "<a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";
\r
4466 echo '<a href="index.php?action=showlogin" title="Log in">' . _NOTLOGGEDIN . "</a><br />\n";
\r
4468 echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a><br />\n";
\r
4471 if (array_key_exists('codename', $nucleus) && $nucleus['codename'] != '' )
\r
4473 $codenamestring = ' "' . $nucleus['codename'].'"';
\r
4477 $codenamestring = '';
\r
4480 if ( $member->isLoggedIn() && $member->isAdmin() )
\r
4482 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());
\r
4483 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';
\r
4485 $newestVersion = getLatestVersion();
\r
4486 $newestCompare = str_replace('/','.',$newestVersion);
\r
4487 $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);
\r
4488 if ( $newestVersion && version_compare($newestCompare, $currentVersion) > 0 )
\r
4491 echo '<a style="color:red" href="http://nucleuscms.org/upgrade.php" title="' . _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE . '">';
\r
4492 echo _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT . $newestVersion;
\r
4498 echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;
\r
4507 * Admin::pagefoot()
\r
4508 * Output admin page foot include quickmenu
\r
4513 function pagefoot()
\r
4515 if ($this->existsSkinContents('pagefoot')) {
\r
4516 $this->parse('pagefoot');
\r
4521 global $action, $member, $manager;
\r
4524 'AdminPrePageFoot',
\r
4526 'action' => $this->action
\r
4530 if ( $member->isLoggedIn() && ($action != 'showlogin') )
\r
4532 echo '<h2>' . _LOGOUT . "</h2>\n";
\r
4534 echo '<li><a href="index.php?action=overview">' . _BACKHOME . "</a></li>\n";
\r
4535 echo '<li><a href="index.php?action=logout">' . _LOGOUT . "</a></li>\n";
\r
4539 echo "<div class=\"foot\">\n";
\r
4540 echo '<a href="' . _ADMINPAGEFOOT_OFFICIALURL . '">Nucleus CMS</a> © 2002-' . date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT;
\r
4542 echo '<a href="' . _ADMINPAGEFOOT_DONATEURL . '">' . _ADMINPAGEFOOT_DONATE . "</a>\n";
\r
4545 echo "<!-- content -->\n";
\r
4546 echo "<div id=\"quickmenu\">\n";
\r
4548 if ( ($action != 'showlogin') && ($member->isLoggedIn()) )
\r
4551 echo '<li><a href="index.php?action=overview">' . _QMENU_HOME . "</a></li>\n";
\r
4554 echo '<h2>' . _QMENU_ADD . "</h2>\n";
\r
4555 echo "<form method=\"get\" action=\"index.php\">\n";
\r
4557 echo "<input type=\"hidden\" name=\"action\" value=\"createitem\" />\n";
\r
4559 $showAll = requestVar('showall');
\r
4561 if ( ($member->isAdmin()) && ($showAll == 'yes') )
\r
4563 // Super-Admins have access to all blogs! (no add item support though)
\r
4564 $query = 'SELECT bnumber as value, bname as text'
\r
4565 . ' FROM ' . sql_table('blog')
\r
4566 . ' ORDER BY bname';
\r
4570 $query = 'SELECT bnumber as value, bname as text'
\r
4571 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')
\r
4572 . ' WHERE tblog=bnumber and tmember=' . $member->getID()
\r
4573 . ' ORDER BY bname';
\r
4575 $template['name'] = 'blogid';
\r
4576 $template['tabindex'] = 15000;
\r
4577 $template['extra'] = _QMENU_ADD_SELECT;
\r
4578 $template['selected'] = -1;
\r
4579 $template['shorten'] = 10;
\r
4580 $template['shortenel'] = '';
\r
4581 $template['javascript'] = 'onchange="return form.submit()"';
\r
4582 showlist($query,'select',$template);
\r
4587 echo "<h2>{$member->getDisplayName()}</h2>\n";
\r
4589 echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . "</a></li>\n";
\r
4590 echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . "</a></li>\n";
\r
4591 echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . "</a></li>\n";
\r
4594 // ---- general settings ----
\r
4595 if ( $member->isAdmin() )
\r
4597 echo '<h2>' . _QMENU_MANAGE . "</h2>\n";
\r
4599 echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . "</a></li>\n";
\r
4600 echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . "</a></li>\n";
\r
4601 echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . "</a></li>\n";
\r
4602 echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . "</a></li>\n";
\r
4603 echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . "</a></li>\n";
\r
4604 echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . "</a></li>\n";
\r
4605 echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . "</a></li>\n";
\r
4608 echo "<h2>" . _QMENU_LAYOUT . "</h2>\n";
\r
4610 echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . "</a></li>\n";
\r
4611 echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . "</a></li>\n";
\r
4612 echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . "</a></li>\n";
\r
4616 $aPluginExtras = array();
\r
4620 'options' => &$aPluginExtras));
\r
4622 if ( count($aPluginExtras) > 0 )
\r
4624 echo "<h2>" . _QMENU_PLUGINS . "</h2>\n";
\r
4626 foreach ( $aPluginExtras as $aInfo )
\r
4628 echo '<li><a href="' . Entity::hsc($aInfo['url']) . '" title="' . Entity::hsc($aInfo['tooltip']) . '">' . Entity::hsc($aInfo['title']) . "</a></li>\n";
\r
4633 else if ( ($action == 'activate') || ($action == 'activatesetpwd') )
\r
4636 echo '<h2>' . _QMENU_ACTIVATE . '</h2>' . _QMENU_ACTIVATE_TEXT;
\r
4640 // introduction text on login screen
\r
4641 echo '<h2>' . _QMENU_INTRO . '</h2>' . _QMENU_INTRO_TEXT;
\r
4644 echo "<!-- quickmenu -->\n";
\r
4647 echo "<!-- content -->\n";
\r
4650 echo "<!-- container -->\n";
\r
4653 echo "<!-- adminwrapper -->\n";
\r
4663 * @todo document this
\r
4665 function action_regfile()
\r
4667 global $member, $CONF;
\r
4669 $blogid = intRequestVar('blogid');
\r
4671 $member->teamRights($blogid) or $this->disallow();
\r
4673 // header-code stolen from phpMyAdmin
\r
4674 // REGEDIT and bookmarklet code stolen from GreyMatter
\r
4676 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid));
\r
4679 header('Content-Type: application/octetstream');
\r
4680 header('Content-Disposition: filename="nucleus.reg"');
\r
4681 header('Pragma: no-cache');
\r
4682 header('Expires: 0');
\r
4684 echo "REGEDIT4\n";
\r
4685 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n";
\r
4686 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n";
\r
4687 echo '"contexts"=hex:31';
\r
4691 * @todo document this
\r
4693 function action_bookmarklet()
\r
4695 global $member, $manager;
\r
4697 $member->teamRights($blogid) or $this->disallow();
\r
4699 $blogid = intRequestVar('blogid');
\r
4701 $this->pagehead();
\r
4702 $this->parse('bookmarklet');
\r
4703 $this->pagefoot();
\r
4708 * @todo document this
\r
4710 function action_actionlog()
\r
4712 global $member, $manager;
\r
4714 $member->isAdmin() or $this->disallow();
\r
4716 $this->pagehead();
\r
4717 $this->parse('actionlog');
\r
4718 $this->pagefoot();
\r
4723 * @todo document this
\r
4725 function action_banlist() {
\r
4726 global $member, $manager;
\r
4728 $member->blogAdminRights($blogid) or $this->disallow();
\r
4730 $blogid = intRequestVar('blogid');
\r
4732 $this->pagehead();
\r
4733 $this->parse('banlist');
\r
4734 $this->pagefoot();
\r
4739 * @todo document this
\r
4741 function action_banlistdelete() {
\r
4742 global $member, $manager;
\r
4744 $blogid = intRequestVar('blogid');
\r
4745 $member->blogAdminRights($blogid) or $this->disallow();
\r
4747 $this->pagehead();
\r
4748 $this->parse('banlistdelete');
\r
4749 $this->pagefoot();
\r
4753 * @todo document this
\r
4755 function action_banlistdeleteconfirm()
\r
4757 global $member, $manager;
\r
4759 $member->blogAdminRights($blogid) or $this->disallow();
\r
4761 $blogid = intPostVar('blogid');
\r
4762 $allblogs = postVar('allblogs');
\r
4763 $iprange = postVar('iprange');
\r
4765 $deleted = array();
\r
4769 if ( Ban::removeBan($blogid, $iprange) )
\r
4771 array_push($deleted, $blogid);
\r
4776 // get blogs fot which member has admin rights
\r
4777 $adminblogs = $member->getAdminBlogs();
\r
4778 foreach ($adminblogs as $blogje)
\r
4780 if ( Ban::removeBan($blogje, $iprange) )
\r
4782 array_push($deleted, $blogje);
\r
4787 if ( sizeof($deleted) == 0 )
\r
4789 $this->error(_ERROR_DELETEBAN);
\r
4792 $this->pagehead();
\r
4793 $this->parse('banlistdeleteconfirm');
\r
4794 $this->pagefoot();
\r
4799 * @todo document this
\r
4801 function action_banlistnewfromitem()
\r
4803 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));
\r
4807 * @todo document this
\r
4809 function action_banlistnew($blogid = '')
\r
4811 global $member, $manager;
\r
4813 if ( $blogid == '' )
\r
4815 $blogid = intRequestVar('blogid');
\r
4818 $ip = requestVar('ip');
\r
4820 $member->blogAdminRights($blogid) or $this->disallow();
\r
4822 $_REQUEST['blogid'] = $blogid;
\r
4824 $this->pagehead();
\r
4825 $this->parse('banlistnew');
\r
4826 $this->pagefoot();
\r
4830 * @todo document this
\r
4832 function action_banlistadd() {
\r
4835 $blogid = intPostVar('blogid');
\r
4836 $allblogs = postVar('allblogs');
\r
4837 $iprange = postVar('iprange');
\r
4838 if ( $iprange == "custom" )
\r
4840 $iprange = postVar('customiprange');
\r
4842 $reason = postVar('reason');
\r
4844 $member->blogAdminRights($blogid) or $this->disallow();
\r
4846 // TODO: check IP range validity
\r
4850 if ( !Ban::addBan($blogid, $iprange, $reason) )
\r
4852 $this->error(_ERROR_ADDBAN);
\r
4857 // get blogs fot which member has admin rights
\r
4858 $adminblogs = $member->getAdminBlogs();
\r
4860 foreach ($adminblogs as $blogje)
\r
4862 if ( !Ban::addBan($blogje, $iprange, $reason) )
\r
4869 $this->error(_ERROR_ADDBAN);
\r
4872 $this->action_banlist();
\r
4876 * @todo document this
\r
4878 function action_clearactionlog()
\r
4882 $member->isAdmin() or $this->disallow();
\r
4884 ActionLog::clear();
\r
4886 $this->action_manage(_MSG_ACTIONLOGCLEARED);
\r
4890 * @todo document this
\r
4892 function action_backupoverview()
\r
4894 global $member, $manager;
\r
4896 $member->isAdmin() or $this->disallow();
\r
4898 $this->pagehead();
\r
4899 $this->parse('backupoverview');
\r
4900 $this->pagefoot();
\r
4904 * Admin::action_backupcreate()
\r
4905 * create file for backup
\r
4911 function action_backupcreate()
\r
4913 global $member, $DIR_LIBS;
\r
4915 $member->isAdmin() or $this->disallow();
\r
4917 // use compression ?
\r
4918 $useGzip = (integer) postVar('gzip');
\r
4920 include($DIR_LIBS . 'backup.php');
\r
4922 // try to extend time limit
\r
4923 // (creating/restoring dumps might take a while)
\r
4924 @set_time_limit(1200);
\r
4926 Backup::do_backup($useGzip);
\r
4931 * Admin::action_backuprestore()
\r
4932 * restoring from uploaded file
\r
4937 function action_backuprestore()
\r
4939 global $member, $DIR_LIBS;
\r
4941 $member->isAdmin() or $this->disallow();
\r
4943 if ( intPostVar('letsgo') != 1 )
\r
4945 $this->error(_ERROR_BACKUP_NOTSURE);
\r
4948 include($DIR_LIBS . 'backup.php');
\r
4950 // try to extend time limit
\r
4951 // (creating/restoring dumps might take a while)
\r
4952 @set_time_limit(1200);
\r
4954 $message = Backup::do_restore();
\r
4955 if ( $message != '' )
\r
4957 $this->error($message);
\r
4959 $this->pagehead();
\r
4960 $this->parse('backuprestore');
\r
4961 $this->pagefoot();
\r
4966 * Admin::action_pluginlist()
\r
4967 * output the list of installed plugins
\r
4973 function action_pluginlist()
\r
4975 global $DIR_PLUGINS, $member, $manager;
\r
4977 // check if allowed
\r
4978 $member->isAdmin() or $this->disallow();
\r
4980 $this->pagehead();
\r
4981 $this->parse('pluginlist');
\r
4982 $this->pagefoot();
\r
4987 * @todo document this
\r
4989 function action_pluginhelp()
\r
4991 global $member, $manager, $DIR_PLUGINS, $CONF;
\r
4993 // check if allowed
\r
4994 $member->isAdmin() or $this->disallow();
\r
4996 $plugid = intGetVar('plugid');
\r
4998 if ( !$manager->pidInstalled($plugid) )
\r
5000 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5003 $this->pagehead();
\r
5004 $this->parse('pluginhelp');
\r
5005 $this->pagefoot();
\r
5009 * Admin::action_pluginadd()
\r
5015 function action_pluginadd()
\r
5017 global $member, $manager, $DIR_PLUGINS;
\r
5019 // check if allowed
\r
5020 $member->isAdmin() or $this->disallow();
\r
5022 $name = postVar('filename');
\r
5024 if ( $manager->pluginInstalled($name) )
\r
5026 $this->error(_ERROR_DUPPLUGIN);
\r
5029 if ( !checkPlugin($name) )
\r
5031 $this->error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
\r
5034 // get number of currently installed plugins
\r
5035 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));
\r
5036 $numCurrent = sql_num_rows($res);
\r
5038 // plugin will be added as last one in the list
\r
5039 $newOrder = $numCurrent + 1;
\r
5048 // do this before calling getPlugin (in case the plugin id is used there)
\r
5049 $query = 'INSERT INTO '
\r
5050 . sql_table('plugin')
\r
5056 . '"' . sql_real_escape_string($name) . '"'
\r
5058 sql_query($query);
\r
5059 $iPid = sql_insert_id();
\r
5061 $manager->clearCachedInfo('installedPlugins');
\r
5063 // Load the plugin for condition checking and instalation
\r
5064 $plugin =& $manager->getPlugin($name);
\r
5066 // check if it got loaded (could have failed)
\r
5069 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));
\r
5070 $manager->clearCachedInfo('installedPlugins');
\r
5071 $this->error(_ERROR_PLUGIN_LOAD);
\r
5074 // check if plugin needs a newer Nucleus version
\r
5075 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
\r
5077 // uninstall plugin again...
\r
5078 $this->deleteOnePlugin($plugin->getID());
\r
5080 // ...and show error
\r
5081 $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
\r
5084 // check if plugin needs a newer Nucleus version
\r
5085 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
\r
5087 // uninstall plugin again...
\r
5088 $this->deleteOnePlugin($plugin->getID());
\r
5090 // ...and show error
\r
5091 $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
\r
5094 $pluginList = $plugin->getPluginDep();
\r
5095 foreach ( $pluginList as $pluginName )
\r
5097 $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
\r
5098 if (sql_num_rows($res) == 0)
\r
5100 // uninstall plugin again...
\r
5101 $this->deleteOnePlugin($plugin->getID());
\r
5102 $this->error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
\r
5106 // call the install method of the plugin
\r
5107 $plugin->install();
\r
5112 'plugin' => &$plugin
\r
5116 // update all events
\r
5117 $this->action_pluginupdate();
\r
5122 * ADMIN:action_pluginupdate():
\r
5128 function action_pluginupdate()
\r
5130 global $member, $manager, $CONF;
\r
5132 // check if allowed
\r
5133 $member->isAdmin() or $this->disallow();
\r
5135 // delete everything from plugin_events
\r
5136 sql_query('DELETE FROM '.sql_table('plugin_event'));
\r
5138 // loop over all installed plugins
\r
5139 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
\r
5140 while ( $o = sql_fetch_object($res) )
\r
5143 $plug =& $manager->getPlugin($o->pfile);
\r
5146 $eventList = $plug->getEventList();
\r
5147 foreach ( $eventList as $eventName )
\r
5149 $query = "INSERT INTO %s (pid, event) VALUES (%d, '%s')";
\r
5150 $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, sql_real_escape_string($eventName));
\r
5151 sql_query($query);
\r
5155 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5160 * @todo document this
\r
5162 function action_plugindelete()
\r
5164 global $member, $manager;
\r
5166 // check if allowed
\r
5167 $member->isAdmin() or $this->disallow();
\r
5169 $pid = intGetVar('plugid');
\r
5171 if ( !$manager->pidInstalled($pid) )
\r
5173 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5176 $this->pagehead();
\r
5177 $this->parse('plugindelete');
\r
5178 $this->pagefoot();
\r
5182 * @todo document this
\r
5184 function action_plugindeleteconfirm()
\r
5186 global $member, $manager, $CONF;
\r
5188 // check if allowed
\r
5189 $member->isAdmin() or $this->disallow();
\r
5191 $pid = intPostVar('plugid');
\r
5193 $error = $this->deleteOnePlugin($pid, 1);
\r
5195 $this->error($error);
\r
5198 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5199 // $this->action_pluginlist();
\r
5203 * @todo document this
\r
5205 function deleteOnePlugin($pid, $callUninstall = 0)
\r
5209 $pid = intval($pid);
\r
5211 if ( !$manager->pidInstalled($pid) )
\r
5213 return _ERROR_NOSUCHPLUGIN;
\r
5216 $name = quickQuery('SELECT pfile as result FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5218 /* // call the unInstall method of the plugin
\r
5219 if ($callUninstall) {
\r
5220 $plugin =& $manager->getPlugin($name);
\r
5221 if ($plugin) $plugin->unInstall();
\r
5224 // check dependency before delete
\r
5225 $res = sql_query('SELECT pfile FROM ' . sql_table('plugin'));
\r
5226 while ($o = sql_fetch_object($res))
\r
5228 $plug =& $manager->getPlugin($o->pfile);
\r
5231 $depList = $plug->getPluginDep();
\r
5232 foreach ($depList as $depName)
\r
5234 if ($name == $depName)
\r
5236 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);
\r
5243 'PreDeletePlugin',
\r
5249 // call the unInstall method of the plugin
\r
5250 if ( $callUninstall )
\r
5252 $plugin =& $manager->getPlugin($name);
\r
5255 $plugin->unInstall();
\r
5259 // delete all subscriptions
\r
5260 sql_query('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
\r
5262 // delete all options
\r
5263 // get OIDs from plugin_option_desc
\r
5264 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5266 while ($o = sql_fetch_object($res))
\r
5268 array_push($aOIDs, $o->oid);
\r
5271 // delete from plugin_option and plugin_option_desc
\r
5272 sql_query('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5273 if (count($aOIDs) > 0)
\r
5275 sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',',$aOIDs) . ')');
\r
5278 // update order numbers
\r
5279 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5280 $o = sql_fetch_object($res);
\r
5281 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $o->porder);
\r
5284 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5286 $manager->clearCachedInfo('installedPlugins');
\r
5288 'PostDeletePlugin',
\r
5298 * @todo document this
\r
5300 function action_pluginup()
\r
5302 global $member, $manager, $CONF;
\r
5304 // check if allowed
\r
5305 $member->isAdmin() or $this->disallow();
\r
5307 $plugid = intGetVar('plugid');
\r
5309 if ( !$manager->pidInstalled($plugid) )
\r
5311 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5314 // 1. get old order number
\r
5315 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5316 $o = sql_fetch_object($res);
\r
5317 $oldOrder = $o->porder;
\r
5319 // 2. calculate new order number
\r
5320 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
\r
5322 // 3. update plug numbers
\r
5323 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5324 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5326 //$this->action_pluginlist();
\r
5327 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5328 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5332 * @todo document this
\r
5334 function action_plugindown()
\r
5336 global $member, $manager, $CONF;
\r
5338 // check if allowed
\r
5339 $member->isAdmin() or $this->disallow();
\r
5341 $plugid = intGetVar('plugid');
\r
5342 if ( !$manager->pidInstalled($plugid) )
\r
5344 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5347 // 1. get old order number
\r
5348 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5349 $o = sql_fetch_object($res);
\r
5350 $oldOrder = $o->porder;
\r
5352 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));
\r
5353 $maxOrder = sql_num_rows($res);
\r
5355 // 2. calculate new order number
\r
5356 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
\r
5358 // 3. update plug numbers
\r
5359 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5360 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5362 //$this->action_pluginlist();
\r
5363 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5364 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5368 * Admin::action_pluginoptions()
\r
5370 * Output Plugin option page
\r
5373 * @param string $message message when fallbacked
\r
5377 public function action_pluginoptions($message = '')
\r
5379 global $member, $manager;
\r
5381 // check if allowed
\r
5382 $member->isAdmin() or $this->disallow();
\r
5384 // $pid = (integer) requestVar('plugid');
\r
5385 $pid = intRequestVar('plugid');
\r
5386 if ( !$manager->pidInstalled($pid) )
\r
5388 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5391 if ( isset($message) )
\r
5393 $this->headMess = $message;
\r
5395 $extrahead = "<script type=\"text/javascript\" src=\"javascript/numbercheck.js\"></script>\n";
\r
5396 $this->pagehead($extrahead);
\r
5397 $this->parse('pluginoptions');
\r
5398 $this->pagefoot();
\r
5403 * Admin::action_pluginoptionsupdate()
\r
5405 * Update plugin options and fallback to plugin option page
\r
5411 public function action_pluginoptionsupdate()
\r
5413 global $member, $manager;
\r
5415 // check if allowed
\r
5416 $member->isAdmin() or $this->disallow();
\r
5418 $pid = intRequestVar('plugid');
\r
5419 // $pid = (integer) requestVar('plugid');
\r
5420 if ( !$manager->pidInstalled($pid) )
\r
5422 $this->error(_ERROR_NOSUCHPLUGIN);
\r
5425 $aOptions = requestArray('plugoption');
\r
5426 NucleusPlugin::apply_plugin_options($aOptions);
\r
5429 'PostPluginOptionsUpdate',
\r
5431 'context' => 'global',
\r
5436 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
\r
5441 * Admin::_insertPluginOptions()
\r
5443 * Output plugin option field
\r
5446 * @param string $context plugin option context
\r
5447 * @param integer $contextid plugin option context id
\r
5450 public function _insertPluginOptions($context, $contextid = 0)
\r
5452 // get all current values for this contextid
\r
5453 // (note: this might contain doubles for overlapping contextids)
\r
5454 $aIdToValue = array();
\r
5455 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));
\r
5456 while ( $object = sql_fetch_object($res) )
\r
5458 $aIdToValue[$object->oid] = $object->ovalue;
\r
5461 // get list of oids per pid
\r
5462 $query = 'SELECT '
\r
5465 . sql_table('plugin_option_desc') . ', '
\r
5466 . sql_table('plugin') . ' '
\r
5469 . 'and ocontext = "' . sql_real_escape_string($context) . '" '
\r
5471 . ' porder, oid ASC';
\r
5472 $res = sql_query($query);
\r
5473 $aOptions = array();
\r
5474 while ( $object = sql_fetch_object($res) )
\r
5476 if (in_array($object->oid, array_keys($aIdToValue)))
\r
5478 $value = $aIdToValue[$object->oid];
\r
5482 $value = $object->odef;
\r
5488 'pid' => $object->pid,
\r
5489 'pfile' => $object->pfile,
\r
5490 'oid' => $object->oid,
\r
5491 'value' => $value,
\r
5492 'name' => $object->oname,
\r
5493 'description' => $object->odesc,
\r
5494 'type' => $object->otype,
\r
5495 'typeinfo' => $object->oextra,
\r
5496 'contextid' => $contextid,
\r
5504 'PrePluginOptionsEdit',
\r
5506 'context' => $context,
\r
5507 'contextid' => $contextid,
\r
5508 'options' =>& $aOptions
\r
5512 $this->aOptions = $aOptions;
\r
5513 $this->parse('insertpluginoptions');
\r
5518 * TODO: this document
\r
5520 function action_parseSpecialskin()
\r
5522 $this->pagehead();
\r
5523 $this->parse($this->action);
\r
5524 $this->pagefoot();
\r
5527 function parse($type)
\r
5529 global $manager, $CONF;
\r
5530 if ( $type == 'pagehead' )
\r
5533 'InitAdminSkinParse',
\r
5535 'skin' => &$this->adminSkin,
\r
5539 // set output type
\r
5540 sendContentType($this->adminSkin->getContentType(), 'skin', i18n::get_current_charset());
\r
5542 // set skin name as global var (so plugins can access it)
\r
5543 global $currentSkinName;
\r
5544 $currentSkinName = $this->adminSkin->getName();
\r
5546 $contents = $this->adminSkin->getContent($type);
\r
5550 // use base skin if this skin does not have contents
\r
5551 $defskin = new Skin($CONF['DefaultAdminSkin']);
\r
5552 $contents = $defskin->getContent($type);
\r
5560 $actions = $this->adminSkin->getAllowedActionsForType($type);
\r
5562 if ( $type == 'pagehead' )
\r
5565 'PreAdminSkinParse',
\r
5567 'skin' => &$this->adminSkin,
\r
5569 'contents' => &$contents
\r
5574 // set IncludeMode properties of parser
\r
5575 PARSER::setProperty('IncludeMode', $this->adminSkin->getIncludeMode());
\r
5576 PARSER::setProperty('IncludePrefix', $this->adminSkin->getIncludePrefix());
\r
5578 if ( $type == 'createitem' || $type == 'itemedit' )
\r
5580 $handler = new Factory(intRequestVar('blogid'), $type, $this->adminSkin, $this);
\r
5581 $actions = array_merge($actions, $handler->actions);
\r
5583 $handler = new AdminActions($type, $this->adminSkin, $this);
\r
5584 $actions = array_merge($actions, AdminActions::get_allowed_actions_for_type($type));
\r
5586 $parser = new Parser($actions, $handler);
\r
5587 $handler->setParser($parser);
\r
5588 $handler->setSkin($this->adminSkin);
\r
5589 $parser->parse($contents);
\r
5591 if ( $type == 'pagefoot' )
\r
5594 'PostAdminSkinParse',
\r
5596 'skin' => &$this->adminSkin,
\r
5603 function getAdminskinIDFromName($skinname)
\r
5605 $query = 'SELECT `sdnumber` as result FROM `%s` WHERE `sdname` = "%s"';
\r
5606 $admnSknID = quickQuery(sprintf($query, sql_table('nucleus_adminskin_desc'), mysql_real_escape_string($skinname)));
\r
5607 return intval($adminSkinID);
\r
5610 function getAdminskinNameFromID($skinid)
\r
5612 $query = 'SELECT `sdname` as result FROM `%s` WHERE `sdnumber` = "%d"';
\r
5613 $admnSknID = quickQuery(sprintf($query, sql_table('nucleus_adminskin_desc'), intval($skinid)));
\r
5614 return intval($adminSkinID);
\r
5617 function action_importAdmin()
\r
5619 global $DIR_ADMINSKINS, $action;
\r
5620 if ( $action == 'adminskinieimport' )
\r
5622 $this->_doAdminskinimport();
\r
5625 if ( $action == 'showlogin' )
\r
5627 $skinName = 'showlogin';
\r
5628 $actnName = 'showlogin';
\r
5632 $skinName = 'defaultimporter';
\r
5633 $actnName = 'importAdmin';
\r
5635 $contents = file_get_contents($DIR_ADMINSKINS . $skinName . '.skn');
\r
5637 $skn['description'] = $skinName;
\r
5638 $skn['contentType'] = 'importAdmin';
\r
5639 $skn['includeMode'] = 'normal';
\r
5640 $skn['includePrefix'] = '';
\r
5641 $skn['name'] = 'defaultinporter';
\r
5642 $this->adminSkin = (object)$skn;
\r
5643 $handler = new AdminActions($actnName, $this->adminSkin, $this);
\r
5644 $actions = Skin::getAllowedActionsForType($actnName);
\r
5645 $parser = new PARSER($actions, $handler);
\r
5646 $handler->setParser($parser);
\r
5647 $handler->setSkin($this->adminSkin);
\r
5648 $parser->parse($contents);
\r
5652 * @todo document this
\r
5654 private function _doAdminskinimport()
\r
5656 global $DIR_LIBS, $DIR_ADMINSKINS, $CONF, $member;
\r
5657 $member->isAdmin() or $this->disallow();
\r
5658 // load skinie class
\r
5659 include_once($DIR_LIBS . 'Skinie.php');
\r
5660 $skinFileRaw = postVar('skinfile');
\r
5661 $mode = postVar('mode');
\r
5662 $allowOverwrite = intPostVar('overwrite');
\r
5663 // get full filename
\r
5664 if ($mode == 'file') {
\r
5665 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
5667 $skinFile = $skinFileRaw;
\r
5669 $importer = new SKINIMPORT();
\r
5670 $error = $importer->readFile($skinFile);
\r
5672 $this->error($error);
\r
5674 $error = $importer->writeToDatabase($allowOverwrite);
\r
5676 $this->error($error);
\r
5679 $_REQUEST['skininfo'] = $importer->getInfo();
\r
5680 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
5681 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
5683 header('Location: ' . $CONF['AdminURL']);
\r
5689 * Returns a link to a weblog
\r
5690 * @param object BLOG
\r
5692 function bloglink(&$blog) {
\r
5693 return '<a href="'.Entity::hsc($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. Entity::hsc( $blog->getName() ) .'</a>';
\r