nucleus/libs/ADMIN.php

   1 <?php\r
   2 /**\r
   3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
   4  * Copyright (C) 2002-2012 The Nucleus Group\r
   5  *\r
   6  * This program is free software; you can redistribute it and/or\r
   7  * modify it under the terms of the GNU General Public License\r
   8  * as published by the Free Software Foundation; either version 2\r
   9  * of the License, or (at your option) any later version.\r
  10  * (see nucleus/documentation/index.html#license for more info)\r
  11  */\r
  12 /**\r
  13  * The code for the Nucleus admin area\r
  14  *\r
  15  * @license http://nucleuscms.org/license.txt GNU General Public License\r
  16  * @copyright Copyright (C) 2002-2012 The Nucleus Group\r
  17  * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $\r
  18  *\r
  19  */\r
  20 \r
  21 if ( !function_exists('requestVar') ) exit;\r
  22 require_once dirname(__FILE__) . '/showlist.php';\r
  23 \r
  24 /**\r
  25  * Builds the admin area and executes admin actions\r
  26  */\r
  27 class Admin\r
  28 {\r
  29         private $xml_version_info         = '1.0';\r
  30         private $formal_public_identifier = '-//W3C//DTD XHTML 1.0 Strict//EN';\r
  31         private $system_identifier        = 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd';\r
  32         private $xhtml_namespace          = 'http://www.w3.org/1999/xhtml';\r
  33         \r
  34         /**\r
  35          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)\r
  36          */\r
  37         public $action;\r
  38 \r
  39         /**\r
  40          * @var object $adminSkin\r
  41          */\r
  42         public $adminSkin;\r
  43 \r
  44         /**\r
  45          * @var string $extrahead\r
  46          */\r
  47         public $extrahead;\r
  48 \r
  49         /**\r
  50          * @var bool $passvar\r
  51          */\r
  52         public $passvar;\r
  53 \r
  54         /**\r
  55          * @var string $headMess\r
  56          */\r
  57         public $headMess;\r
  58 \r
  59         public $aOptions;\r
  60 \r
  61         /**\r
  62          * Class constructor\r
  63          */\r
  64         /* function ADMIN() {\r
  65         } */\r
  66         function __construct()\r
  67         {\r
  68                 global $member, $DIR_LIBS;\r
  69                         $query = 'SELECT '\r
  70                                    . '    COUNT(*) as result '\r
  71                                    . 'FROM '\r
  72                                    .      sql_table('adminskin_desc');\r
  73                 if ( !(quickQuery($query)) )\r
  74                 {\r
  75                         $this->action_importAdmin();\r
  76                 }\r
  77                 if ( !isset($adminSkinid) || !($adminSkinid) )\r
  78                 {\r
  79                         $adminSkinid = self::getAdminSkinID();\r
  80                 }\r
  81                 if ( Skin::existsID($adminSkinid) )\r
  82                 {\r
  83                         $this->adminSkin = new Skin($adminSkinid);\r
  84                 }\r
  85                 else\r
  86                 {\r
  87                         $this->adminSkin = 0;\r
  88                 }\r
  89         }\r
  90         \r
  91         static private function getAdminSkinID()\r
  92         {\r
  93                 global $CONF, $member, $manager;\r
  94                 if (isset($member) && $member->isLoggedIn()) {\r
  95                         $memskin = $member->getAdminSkin();\r
  96                         if ($memskin) {\r
  97                                 return $memskin;\r
  98                         }\r
  99                 }\r
 100                 return $CONF['DefaultAdminSkin'];\r
 101         }\r
 102         \r
 103         function getAdminskinEditActions()\r
 104         {\r
 105                 return array(\r
 106                                 'adminskinoverview',\r
 107                                 'adminskinieoverview',\r
 108                                 'adminskinedittype',\r
 109                                 'adminskinremovetype',\r
 110                                 'adminskindelete',\r
 111                                 'adminskinedit',\r
 112                                 'adminskinieimport',\r
 113                                 'adminskiniedoimport',\r
 114                                 'admintemplateedit',\r
 115                                 'admintemplateoverview',\r
 116                                 'admintemplatedelete',\r
 117                 );\r
 118         }\r
 119         \r
 120         function getSkinlessActions()\r
 121         {\r
 122                 return array(\r
 123                                 'plugindeleteconfirm',\r
 124                                 'pluginoptionsupdate',\r
 125                                 'skinremovetypeconfirm',\r
 126                                 'skinclone',\r
 127                                 'skindeleteconfirm',\r
 128                                 'skinnew',\r
 129                                 'skineditgeneral',\r
 130                                 'skinieexport',\r
 131                                 'skinupdate',\r
 132                                 'templateupdate',\r
 133                                 'templatedeleteconfirm',\r
 134                                 'templatenew',\r
 135                                 'templateclone',\r
 136                                 'adminskinremovetypeconfirm',\r
 137                                 'adminskinclone',\r
 138                                 'adminskindeleteconfirm',\r
 139                                 'adminskinnew',\r
 140                                 'adminskineditgeneral',\r
 141                                 'adminskinieexport',\r
 142                                 'adminskinupdate',\r
 143                                 'admintemplateupdate',\r
 144                                 'admintemplatedeleteconfirm',\r
 145                                 'admintemplatenew',\r
 146                                 'admintemplateclone',\r
 147                                 'blogsettingsupdate',\r
 148                                 'settingsupdate',\r
 149                                 'addnewlog2',\r
 150                                 'additem',\r
 151                                 'itemdeleteconfirm',\r
 152                                 'itemupdate',\r
 153                                 'changemembersettings',\r
 154                                 'clearactionlog',\r
 155                                 'memberedit',\r
 156                 );\r
 157         }\r
 158         \r
 159         /**\r
 160          * Executes an action\r
 161          *\r
 162          * @param string $action action to be performed\r
 163          */\r
 164         function action($action)\r
 165         {\r
 166                 global $CONF, $manager;\r
 167                 $f = false;\r
 168                 \r
 169                 // list of action aliases\r
 170                 $alias = array(\r
 171                         'login' => 'overview',\r
 172                         ''      => 'overview'\r
 173                 );\r
 174 \r
 175                 $customAction = postvar('customaction');\r
 176                 if ( !empty($customAction) )\r
 177                 {\r
 178                         $alias = array(\r
 179                                 'login' => $customAction,\r
 180                                 ''      => $customAction\r
 181                         );\r
 182                 }\r
 183                 if ( isset($alias[$action]) )\r
 184                 {\r
 185                         $action = $alias[$action];\r
 186                 }\r
 187                 $methodName = 'action_' . $action;\r
 188 \r
 189                 $this->action = strtolower($action);\r
 190 \r
 191                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
 192                 // is an action that requires user interaction before something is actually done)\r
 193                 // all safe actions are in this array:\r
 194                 $aActionsNotToCheck = array(\r
 195                         'showlogin',\r
 196                         'login',\r
 197                         'overview',\r
 198                         'itemlist',\r
 199                         'blogcommentlist',\r
 200                         'bookmarklet',\r
 201                         'blogsettings',\r
 202                         'banlist',\r
 203                         'deleteblog',\r
 204                         'editmembersettings',\r
 205                         'browseownitems',\r
 206                         'browseowncomments',\r
 207                         'createitem',\r
 208                         'itemedit',\r
 209                         'itemmove',\r
 210                         'categoryedit',\r
 211                         'categorydelete',\r
 212                         'manage',\r
 213                         'actionlog',\r
 214                         'settingsedit',\r
 215                         'backupoverview',\r
 216                         'pluginlist',\r
 217                         'createnewlog',\r
 218                         'usermanagement',\r
 219                         'skinoverview',\r
 220                         'templateoverview',\r
 221                         'skinieoverview',\r
 222                         'itemcommentlist',\r
 223                         'commentedit',\r
 224                         'commentdelete',\r
 225                         'banlistnewfromitem',\r
 226                         'banlistdelete',\r
 227                         'itemdelete',\r
 228                         'manageteam',\r
 229                         'teamdelete',\r
 230                         'banlistnew',\r
 231                         'memberedit',\r
 232                         'memberdelete',\r
 233                         'pluginhelp',\r
 234                         'pluginoptions',\r
 235                         'plugindelete',\r
 236                         'skinedittype',\r
 237                         'skinremovetype',\r
 238                         'skindelete',\r
 239                         'skinedit',\r
 240                         'templateedit',\r
 241                         'templatedelete',\r
 242                         'activate',\r
 243                         'systemoverview',\r
 244             'activatesetpwd',\r
 245                 );\r
 246         $synonimActions = array(\r
 247             'banlistnewfromitem',\r
 248             'memberedit',\r
 249             'login',\r
 250         );\r
 251 /*\r
 252                 // the rest of the actions needs to be checked\r
 253                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');\r
 254 */\r
 255         $adminskinEditActions = $this->getAdminskinEditActions();\r
 256         $skinLessActions      = $this->getSkinlessActions();\r
 257         $allowActions         = array_merge($synonimActions, $this->getSkinlessActions());\r
 258         $aActionsNotToCheck   = array_merge($aActionsNotToCheck, $adminskinEditActions, $allowActions);\r
 259                 if (!in_array($this->action, $aActionsNotToCheck) && !$this->existsSkinContents($action) )\r
 260                 {\r
 261                         if (!$manager->checkTicket())\r
 262                         {\r
 263                                 $this->error(_ERROR_BADTICKET);\r
 264                         }\r
 265                 }\r
 266                 if ( !$this->adminSkin && $CONF['DefaultAdminSkin'] )\r
 267                 {\r
 268                         $this->adminSkin = new Skin($CONF['DefaultAdminSkin']);\r
 269                 }\r
 270         \r
 271                 if ( !method_exists($this, $methodName) && !in_array($this->action, $allowActions) && $this->existsSkinContents($action) )\r
 272                 {\r
 273                         $this->action_parseSpecialskin;\r
 274                         $f = true;\r
 275                 }\r
 276                 elseif ( method_exists($this, $methodName) )\r
 277                 {\r
 278                         call_user_func(array(&$this, $methodName));\r
 279                         $f = true;\r
 280                 }\r
 281                 if ($f) {\r
 282                         exit;\r
 283                 }\r
 284                 $id              = self::getAdminSkinID();\r
 285                 $this->adminSkin = new Skin($id);\r
 286                 if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') )\r
 287                 {\r
 288                         $this->error(_BADACTION . ENTITY::hsc($action));\r
 289                         $f = true;\r
 290                 }\r
 291                 elseif ( $id != $CONF['DefaultAdminSkin'] )\r
 292                 {\r
 293                         $this->adminSkin = new Skin($CONF['DefaultAdminSkin']);\r
 294                         if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') )\r
 295                         {\r
 296                                 $this->error(_BADACTION . ENTITY::hsc($action));\r
 297                                 $f = true;\r
 298                         }\r
 299                 }\r
 300                 if ($f)\r
 301                 {\r
 302                         exit;\r
 303                 }\r
 304                 $this->error(_BADACTION . ENTITY::hsc($action));\r
 305         }\r
 306 \r
 307         /**\r
 308          * Check skin contents\r
 309          *\r
 310          * @param  string action type\r
 311          * @return bool\r
 312          */\r
 313         function existsSkinContents($action)\r
 314         {\r
 315                 $nsActions = $this->getSkinlessActions();\r
 316                         $in_array  = in_array($action, $nsActions);\r
 317                 if ($in_array) {\r
 318                         return $in_array;\r
 319                 } else {\r
 320                         $query = 'SELECT '\r
 321                                    . '    scontent as result '\r
 322                                    . 'FROM '\r
 323                                    .      sql_table('adminskin') . ' '\r
 324                                    . 'WHERE '\r
 325                                    . '    sdesc = %d '\r
 326                                    . 'AND stype = "%s"';\r
 327                         if ( is_object($this->adminSkin) )\r
 328                         {\r
 329                                 return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action)));\r
 330                         }\r
 331                         else\r
 332                         {\r
 333                                 return quickQuery(sprintf($query, 1, sql_real_escape_string($action)));\r
 334                         }\r
 335                 }\r
 336         }\r
 337         \r
 338         /**\r
 339          * Check exists specialskinparts\r
 340          *\r
 341          * @param string action type\r
 342          * @return bool\r
 343          */\r
 344         function specialActionsAllow($action)\r
 345         {\r
 346                 $query = 'SELECT '\r
 347                 . '    sdesc as result '\r
 348                 . 'FROM '\r
 349                 .      sql_table('adminskin') . ' '\r
 350                 . 'WHERE '\r
 351                 . '    sdesc = %d '\r
 352                 . 'AND stype = "%s"';\r
 353                 return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action)));\r
 354         }\r
 355         \r
 356         /**\r
 357          * @todo document this\r
 358          */\r
 359         function action_showlogin()\r
 360         {\r
 361                 global $error;\r
 362                 $this->action_login($error);\r
 363         }\r
 364 \r
 365         /**\r
 366          * @todo document this\r
 367          */\r
 368         function action_login($msg = '', $passvars = 1)\r
 369         {\r
 370                 global $member;\r
 371 \r
 372                 // skip to overview when allowed\r
 373                 if ( $member->isLoggedIn() && $member->canLogin() )\r
 374                 {\r
 375                         $this->action_overview();\r
 376                         exit;\r
 377                 }\r
 378 \r
 379                 $this->passvar = $passvars;\r
 380                 if ( $msg )\r
 381                 {\r
 382                         $this->headMess = $msg;\r
 383                 }\r
 384 \r
 385                 $this->pagehead();\r
 386                 $this->parse('showlogin');\r
 387                 $this->pagefoot();\r
 388         }\r
 389 \r
 390         /**\r
 391          * provides a screen with the overview of the actions available\r
 392          * @todo document parameter\r
 393          */\r
 394         function action_overview($msg = '')\r
 395         {\r
 396                 if ( $msg )\r
 397                 {\r
 398                         $this->headMess = $msg;\r
 399                 }\r
 400 \r
 401                 $this->pagehead();\r
 402                 $this->parse('overview');\r
 403                 $this->pagefoot();\r
 404         }\r
 405 \r
 406         /**\r
 407          * @todo document this\r
 408          */\r
 409         function action_manage($msg = '')\r
 410         {\r
 411                 global $member;\r
 412 \r
 413                 if ( $msg )\r
 414                 {\r
 415                         $this->headMess = $msg;\r
 416                 }\r
 417                 $member->isAdmin() or $this->disallow();\r
 418 \r
 419                 $this->pagehead();\r
 420                 $this->parse('manage');\r
 421                 $this->pagefoot();\r
 422         }\r
 423 \r
 424         /**\r
 425          * @todo document this\r
 426          */\r
 427         function action_itemlist($blogid = '')\r
 428         {\r
 429                 global $member, $manager, $CONF;\r
 430 \r
 431                 if ( $blogid == '' )\r
 432                 {\r
 433                         $blogid = intRequestVar('blogid');\r
 434                 }\r
 435 \r
 436                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
 437 \r
 438                 $this->pagehead();\r
 439                 $this->parse('itemlist');\r
 440                 $this->pagefoot();\r
 441         }\r
 442 \r
 443         /**\r
 444          * @todo document this\r
 445          */\r
 446         function action_batchitem()\r
 447         {\r
 448                 global $member, $manager;\r
 449 \r
 450                 // check if logged in\r
 451                 $member->isLoggedIn() or $this->disallow();\r
 452 \r
 453                 // more precise check will be done for each performed operation\r
 454 \r
 455                 // get array of itemids from request\r
 456                 $selected = requestIntArray('batch');\r
 457                 $action   = requestVar('batchaction');\r
 458 \r
 459                 // Show error when no items were selected\r
 460                 if ( !is_array($selected) || sizeof($selected) == 0 )\r
 461                 {\r
 462                         $this->error(_BATCH_NOSELECTION);\r
 463                 }\r
 464 \r
 465                 // On move: when no destination blog/category chosen, show choice now\r
 466                 $destCatid = intRequestVar('destcatid');\r
 467                 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )\r
 468                 {\r
 469                         $this->batchMoveSelectDestination('item', $selected);\r
 470                 }\r
 471 \r
 472                 // On delete: check if confirmation has been given\r
 473                 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )\r
 474                 {\r
 475                         $this->batchAskDeleteConfirmation('item',$selected);\r
 476                 }\r
 477 \r
 478                 $this->pagehead();\r
 479                 $this->parse('batchitem');\r
 480                 $this->pagefoot();\r
 481         }\r
 482 \r
 483         /**\r
 484          * @todo document this\r
 485          */\r
 486         function action_batchcomment()\r
 487         {\r
 488                 global $member;\r
 489 \r
 490                 // check if logged in\r
 491                 $member->isLoggedIn() or $this->disallow();\r
 492 \r
 493                 // more precise check will be done for each performed operation\r
 494 \r
 495                 // get array of itemids from request\r
 496                 $selected = requestIntArray('batch');\r
 497                 $action   = requestVar('batchaction');\r
 498 \r
 499                 // Show error when no items were selected\r
 500                 if ( !is_array($selected) || sizeof($selected) == 0 )\r
 501                 {\r
 502                         $this->error(_BATCH_NOSELECTION);\r
 503                 }\r
 504 \r
 505                 // On delete: check if confirmation has been given\r
 506                 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )\r
 507                 {\r
 508                         $this->batchAskDeleteConfirmation('comment',$selected);\r
 509                 }\r
 510 \r
 511                 $this->pagehead();\r
 512                 $this->parse('batchcomment');\r
 513                 $this->pagefoot();\r
 514         }\r
 515 \r
 516         /**\r
 517          * @todo document this\r
 518          */\r
 519         function action_batchmember()\r
 520         {\r
 521                 global $member;\r
 522 \r
 523                 // check if logged in and admin\r
 524                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
 525 \r
 526                 // get array of itemids from request\r
 527                 $selected = requestIntArray('batch');\r
 528                 $action   = requestVar('batchaction');\r
 529 \r
 530                 // Show error when no members selected\r
 531                 if ( !is_array($selected) || sizeof($selected) == 0 )\r
 532                 {\r
 533                         $this->error(_BATCH_NOSELECTION);\r
 534                 }\r
 535 \r
 536                 // On delete: check if confirmation has been given\r
 537                 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )\r
 538                 {\r
 539                         $this->batchAskDeleteConfirmation('member',$selected);\r
 540                 }\r
 541 \r
 542                 $this->pagehead();\r
 543                 $this->parse('batchmember');\r
 544                 $this->pagefoot();\r
 545         }\r
 546 \r
 547         /**\r
 548          * @todo document this\r
 549          */\r
 550         function action_batchteam()\r
 551         {\r
 552                 global $member;\r
 553 \r
 554                 $blogid = intRequestVar('blogid');\r
 555 \r
 556                 // check if logged in and admin\r
 557                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
 558 \r
 559                 // get array of itemids from request\r
 560                 $selected = requestIntArray('batch');\r
 561                 $action   = requestVar('batchaction');\r
 562 \r
 563                 // Show error when no members selected\r
 564                 if ( !is_array($selected) || sizeof($selected) == 0 )\r
 565                 {\r
 566                         $this->error(_BATCH_NOSELECTION);\r
 567                 }\r
 568 \r
 569                 // On delete: check if confirmation has been given\r
 570                 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )\r
 571                 {\r
 572                         $this->batchAskDeleteConfirmation('team',$selected);\r
 573                 }\r
 574 \r
 575                 $this->pagehead();\r
 576                 $this->parse('batchteam');\r
 577                 $this->pagefoot();\r
 578         }\r
 579 \r
 580         /**\r
 581          * @todo document this\r
 582          */\r
 583         function action_batchcategory()\r
 584         {\r
 585                 global $member, $manager;\r
 586 \r
 587                 // check if logged in\r
 588                 $member->isLoggedIn() or $this->disallow();\r
 589 \r
 590                 // more precise check will be done for each performed operation\r
 591 \r
 592                 // get array of itemids from request\r
 593                 $selected = requestIntArray('batch');\r
 594                 $action   = requestVar('batchaction');\r
 595 \r
 596                 // Show error when no items were selected\r
 597                 if ( !is_array($selected) || sizeof($selected) == 0 )\r
 598                 {\r
 599                         $this->error(_BATCH_NOSELECTION);\r
 600                 }\r
 601 \r
 602                 // On move: when no destination blog chosen, show choice now\r
 603                 $destBlogId = intRequestVar('destblogid');\r
 604                 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )\r
 605                 {\r
 606                         $this->batchMoveCategorySelectDestination('category', $selected);\r
 607                 }\r
 608 \r
 609                 // On delete: check if confirmation has been given\r
 610                 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )\r
 611                 {\r
 612                         $this->batchAskDeleteConfirmation('category', $selected);\r
 613                 }\r
 614 \r
 615                 $this->pagehead();\r
 616                 $this->parse('batchcategory');\r
 617                 $this->pagefoot();\r
 618         }\r
 619 \r
 620         /**\r
 621          * @todo document this\r
 622          */\r
 623         function batchMoveSelectDestination($type, $ids)\r
 624         {\r
 625                 $_POST['batchmove'] = $type;\r
 626                 $this->pagehead();\r
 627                 $this->parse('batchmove');\r
 628                 $this->pagefoot();\r
 629                 exit;\r
 630         }\r
 631 \r
 632         /**\r
 633          * @todo document this\r
 634          */\r
 635         function batchMoveCategorySelectDestination($type, $ids)\r
 636         {\r
 637                 $_POST['batchmove'] = $type;\r
 638                 global $manager;\r
 639                 $this->pagehead();\r
 640                 $this->parse('batchmovecat');\r
 641                 $this->pagefoot();\r
 642                 exit;\r
 643         }\r
 644 \r
 645         /**\r
 646          * @todo document this\r
 647          */\r
 648         function batchAskDeleteConfirmation($type, $ids)\r
 649         {\r
 650         $this->pagehead();\r
 651         $this->parse('batchdelete');\r
 652         $this->pagefoot();\r
 653                 exit;\r
 654         }\r
 655 \r
 656 \r
 657         /**\r
 658          * Inserts a HTML select element with choices for all categories to which the current\r
 659          * member has access\r
 660          * @see function selectBlog\r
 661          */\r
 662         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)\r
 663         {\r
 664                 Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
 665         }\r
 666 \r
 667         /**\r
 668          * Inserts a HTML select element with choices for all blogs to which the user has access\r
 669          *      mode = 'blog' => shows blognames and values are blogids\r
 670          *      mode = 'category' => show category names and values are catids\r
 671          *\r
 672          * @param $iForcedBlogInclude\r
 673          *      ID of a blog that always needs to be included, without checking if the\r
 674          *      member is on the blog team (-1 = none)\r
 675          * @todo document parameters\r
 676          */\r
 677         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)\r
 678         {\r
 679                 global $member, $CONF;\r
 680 \r
 681                 // 0. get IDs of blogs to which member can post items (+ forced blog)\r
 682                 $aBlogIds = array();\r
 683                 if ( $iForcedBlogInclude != -1 )\r
 684                 {\r
 685                         $aBlogIds[] = intval($iForcedBlogInclude);\r
 686                 }\r
 687 \r
 688                 if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) )\r
 689                 {\r
 690                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
 691                 }\r
 692                 else\r
 693                 {\r
 694                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
 695                 }\r
 696                 $rblogids = sql_query($queryBlogs);\r
 697                 while ($o = sql_fetch_object($rblogids))\r
 698                 {\r
 699                         if ( $o->bnumber != $iForcedBlogInclude )\r
 700                         {\r
 701                                 $aBlogIds[] = intval($o->bnumber);\r
 702                         }\r
 703                 }\r
 704 \r
 705                 if ( count($aBlogIds) == 0 )\r
 706                 {\r
 707                         return;\r
 708                 }\r
 709 \r
 710                 $_REQUEST['selectData'] = array(\r
 711                         'name'       => $name,\r
 712                         'tabindex'   => $tabindex,\r
 713                         'mode'       => $mode,\r
 714                         'selected'   => $selected,\r
 715                         'showNewCat' => $showNewCat,\r
 716                         'aBlogIds'   => $aBlogIds,\r
 717                 );\r
 718                 $this->parse('blogselectbox');\r
 719         }\r
 720 \r
 721         /**\r
 722          * @todo document this\r
 723          */\r
 724         function action_browseownitems() {\r
 725                 global $member, $manager, $CONF;\r
 726 \r
 727                 $this->pagehead();\r
 728                 $this->parse('browseownitems');\r
 729                 $this->pagefoot();\r
 730         }\r
 731 \r
 732         /**\r
 733          * Show all the comments for a given item\r
 734          * @param int $itemid\r
 735          */\r
 736         function action_itemcommentlist($itemid = '') {\r
 737                 global $member, $manager, $CONF;\r
 738 \r
 739                 if ( $itemid == '' )\r
 740                 {\r
 741                         $itemid = intRequestVar('itemid');\r
 742                 }\r
 743                 $_REQUEST['itemid'] = $itemid;\r
 744                 $_REQUEST['blogid'] = getBlogIdFromItemId($itemid);\r
 745                 \r
 746                 // only allow if user is allowed to alter item\r
 747                 $member->canAlterItem($itemid) or $this->disallow();\r
 748 \r
 749                 $blogid = getBlogIdFromItemId($itemid);\r
 750 \r
 751                 $this->pagehead();\r
 752                 $this->parse('itemcommentlist');\r
 753                 $this->pagefoot();\r
 754         }\r
 755 \r
 756         /**\r
 757          * Browse own comments\r
 758          */\r
 759         function action_browseowncomments() {\r
 760                 $this->pagehead();\r
 761                 $this->parse('browseowncomments');\r
 762                 $this->pagefoot();\r
 763         }\r
 764 \r
 765         /**\r
 766          * Browse all comments for a weblog\r
 767          * @param int $blogid\r
 768          */\r
 769         function action_blogcommentlist($blogid = '')\r
 770         {\r
 771                 global $member, $manager, $CONF;\r
 772 \r
 773                 if ( $blogid == '' )\r
 774                 {\r
 775                         $blogid = intRequestVar('blogid');\r
 776                 }\r
 777                 else\r
 778                 {\r
 779                         $blogid = intval($blogid);\r
 780                 }\r
 781 \r
 782                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
 783 \r
 784                 $_REQUEST['blogid'] = $blogid;\r
 785 \r
 786                 $this->pagehead();\r
 787                 $this->parse('blogcommentlist');\r
 788                 $this->pagefoot();\r
 789         }\r
 790 \r
 791         /**\r
 792          * Provide a page to item a new item to the given blog\r
 793          */\r
 794         function action_createitem()\r
 795         {\r
 796                 global $member, $manager;\r
 797 \r
 798                 $blogid = intRequestVar('blogid');\r
 799 \r
 800                 // check if allowed\r
 801                 $member->teamRights($blogid) or $this->disallow();\r
 802 \r
 803                 $memberid = $member->getID();\r
 804 \r
 805                 $blog =& $manager->getBlog($blogid);\r
 806 \r
 807                 $this->pagehead();\r
 808                 $this->parse('createitem');\r
 809                 $this->pagefoot();\r
 810         }\r
 811 \r
 812         /**\r
 813          * @todo document this\r
 814          */\r
 815         function action_itemedit()\r
 816         {\r
 817                 global $member, $manager;\r
 818 \r
 819                 $itemid = intRequestVar('itemid');\r
 820 \r
 821                 // only allow if user is allowed to alter item\r
 822                 $member->canAlterItem($itemid) or $this->disallow();\r
 823 \r
 824                 $item =& $manager->getItem($itemid, 1, 1);\r
 825                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
 826                 $this->pagehead();\r
 827                 $this->parse('itemedit');\r
 828                 $this->pagefoot();\r
 829         }\r
 830 \r
 831         /**\r
 832          * @todo document this\r
 833          */\r
 834         function action_itemupdate()\r
 835         {\r
 836                 global $member, $manager, $CONF;\r
 837 \r
 838                 $itemid = intRequestVar('itemid');\r
 839                 $catid  = postVar('catid');\r
 840 \r
 841                 // only allow if user is allowed to alter item\r
 842                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
 843 \r
 844                 $actiontype = postVar('actiontype');\r
 845 \r
 846                 // delete actions are handled by itemdelete (which has confirmation)\r
 847                 if ( $actiontype == 'delete' )\r
 848                 {\r
 849                         $this->action_itemdelete();\r
 850                         return;\r
 851                 }\r
 852 \r
 853                 $body    = postVar('body');\r
 854                 $title   = postVar('title');\r
 855                 $more    = postVar('more');\r
 856                 $closed  = intPostVar('closed');\r
 857                 $draftid = intPostVar('draftid');\r
 858 \r
 859                 // default action = add now\r
 860                 if ( !$actiontype )\r
 861                 {\r
 862                         $actiontype='addnow';\r
 863                 }\r
 864 \r
 865                 // create new category if needed\r
 866                 if ( strstr($catid,'newcat') )\r
 867                 {\r
 868                         // get blogid\r
 869                         list($blogid) = sscanf($catid,"newcat-%d");\r
 870 \r
 871                         // create\r
 872                         $blog =& $manager->getBlog($blogid);\r
 873                         $catid = $blog->createNewCategory();\r
 874 \r
 875                         // show error when sth goes wrong\r
 876                         if ( !$catid )\r
 877                         {\r
 878                                 $this->doError(_ERROR_CATCREATEFAIL);\r
 879                         }\r
 880                 }\r
 881 \r
 882                 /*\r
 883                         set some variables based on actiontype\r
 884 \r
 885                         actiontypes:\r
 886                                 draft items -> addnow, addfuture, adddraft, delete\r
 887                                 non-draft items -> edit, changedate, delete\r
 888 \r
 889                         variables set:\r
 890                                 $timestamp: set to a nonzero value for future dates or date changes\r
 891                                 $wasdraft: set to 1 when the item used to be a draft item\r
 892                                 $publish: set to 1 when the edited item is not a draft\r
 893          */\r
 894                 $blogid =  getBlogIDFromItemID($itemid);\r
 895                 $blog   =& $manager->getBlog($blogid);\r
 896 \r
 897                 $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
 898                 $wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
 899                 $publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
 900                 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )\r
 901                 {\r
 902                         $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
 903                 }\r
 904                 else\r
 905                 {\r
 906                         $timestamp =0;\r
 907                 }\r
 908 \r
 909                 // edit the item for real\r
 910                 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
 911 \r
 912                 $this->updateFuturePosted($blogid);\r
 913 \r
 914                 if ( $draftid > 0 )\r
 915                 {\r
 916                         // delete permission is checked inside Item::delete()\r
 917                         Item::delete($draftid);\r
 918                 }\r
 919 \r
 920                 // show category edit window when we created a new category\r
 921                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
 922                 if ( $catid != intPostVar('catid') )\r
 923                 {\r
 924                         $this->action_categoryedit(\r
 925                                 $catid,\r
 926                                 $blog->getID(),\r
 927                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
 928                         );\r
 929                 }\r
 930                 else\r
 931                 {\r
 932                         // TODO: set start item correctly for itemlist\r
 933                         $item = Item::getItem($itemid, 0, 0);\r
 934                         $cnt  = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']);\r
 935                         $_REQUEST['start'] = $cnt + 1;\r
 936                         $this->action_itemlist(getBlogIDFromItemID($itemid));\r
 937                 }\r
 938         }\r
 939         \r
 940         /**\r
 941          * Admin::action_itemdelete()\r
 942          * Delete item\r
 943          * \r
 944          * @param       Void\r
 945          * @return      Void\r
 946          */\r
 947         function action_itemdelete()\r
 948         {\r
 949                 global $member, $manager;\r
 950                 \r
 951                 $itemid = intRequestVar('itemid');\r
 952                 \r
 953                 // only allow if user is allowed to alter item\r
 954                 $member->canAlterItem($itemid) or $this->disallow();\r
 955                 \r
 956                 if ( !$manager->existsItem($itemid,1,1) )\r
 957                 {\r
 958                         $this->error(_ERROR_NOSUCHITEM);\r
 959                 }\r
 960                 \r
 961                 $this->pagehead();\r
 962                 $this->parse('itemdelete');\r
 963                 $this->pagefoot();\r
 964                 return;\r
 965         }\r
 966         \r
 967         /**\r
 968          * @todo document this\r
 969          */\r
 970         function action_itemdeleteconfirm()\r
 971         {\r
 972                 global $member;\r
 973 \r
 974                 $itemid = intRequestVar('itemid');\r
 975 \r
 976                 // only allow if user is allowed to alter item\r
 977                 $member->canAlterItem($itemid) or $this->disallow();\r
 978 \r
 979                 // get blogid first\r
 980                 $blogid = getBlogIdFromItemId($itemid);\r
 981 \r
 982                 // delete item (note: some checks will be performed twice)\r
 983                 $this->deleteOneItem($itemid);\r
 984 \r
 985                 $this->action_itemlist($blogid);\r
 986         }\r
 987 \r
 988         /**\r
 989          * Deletes one item and returns error if something goes wrong\r
 990          * @param int $itemid\r
 991          */\r
 992         function deleteOneItem($itemid)\r
 993         {\r
 994                 global $member, $manager;\r
 995 \r
 996                 // only allow if user is allowed to alter item (also checks if itemid exists)\r
 997                 if ( !$member->canAlterItem($itemid) )\r
 998                 {\r
 999                         return _ERROR_DISALLOWED;\r
1000                 }\r
1001 \r
1002                 // need to get blogid before the item is deleted\r
1003                 $blogid = getBlogIDFromItemId($itemid);\r
1004 \r
1005                 $manager->loadClass('ITEM');\r
1006                 Item::delete($itemid);\r
1007 \r
1008                 // update blog's futureposted\r
1009                 $this->updateFuturePosted($blogid);\r
1010         }\r
1011 \r
1012         /**\r
1013          * Admin::updateFuturePosted()\r
1014          * Update a blog's future posted flag\r
1015          * \r
1016          * @param integer $blogid\r
1017          * @return      void\r
1018          * \r
1019          */\r
1020         function updateFuturePosted($blogid)\r
1021         {\r
1022                 global $manager;\r
1023                 \r
1024                 $blogid      =  intval($blogid);\r
1025                 $blog        =& $manager->getBlog($blogid);\r
1026                 $currenttime =  $blog->getCorrectTime(time());\r
1027                 \r
1028                 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";\r
1029                 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));\r
1030                 $result = sql_query($query);\r
1031                 \r
1032                 if ( sql_num_rows($result) > 0 )\r
1033                 {\r
1034                                 $blog->setFuturePost();\r
1035                 }\r
1036                 else\r
1037                 {\r
1038                                 $blog->clearFuturePost();\r
1039                 }\r
1040                 return;\r
1041         }\r
1042 \r
1043         /**\r
1044          * @todo document this\r
1045          */\r
1046         function action_itemmove()\r
1047         {\r
1048                 global $member, $manager;\r
1049 \r
1050                 $itemid = intRequestVar('itemid');\r
1051 \r
1052                 // only allow if user is allowed to alter item\r
1053                 $member->canAlterItem($itemid) or $this->disallow();\r
1054 \r
1055                 $this->pagehead();\r
1056                 $this->parse('itemmove');\r
1057                 $this->pagefoot();\r
1058         }\r
1059 \r
1060         /**\r
1061          * @todo document this\r
1062          */\r
1063         function action_itemmoveto()\r
1064         {\r
1065                 global $member, $manager;\r
1066 \r
1067                 $itemid = intRequestVar('itemid');\r
1068                 $catid = requestVar('catid');\r
1069 \r
1070                 // create new category if needed\r
1071                 if ( strstr($catid,'newcat') )\r
1072                 {\r
1073                         // get blogid\r
1074                         list($blogid) = sscanf($catid,'newcat-%d');\r
1075 \r
1076                         // create\r
1077                         $blog =& $manager->getBlog($blogid);\r
1078                         $catid = $blog->createNewCategory();\r
1079 \r
1080                         // show error when sth goes wrong\r
1081                         if ( !$catid )\r
1082                         {\r
1083                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1084                         }\r
1085                 }\r
1086 \r
1087                 // only allow if user is allowed to alter item\r
1088                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1089 \r
1090                 $old_blogid = getBlogIDFromItemId($itemid);\r
1091 \r
1092                 Item::move($itemid, $catid);\r
1093 \r
1094                 // set the futurePosted flag on the blog\r
1095                 $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
1096 \r
1097                 // reset the futurePosted in case the item is moved from one blog to another\r
1098                 $this->updateFuturePosted($old_blogid);\r
1099 \r
1100                 if ( $catid != intRequestVar('catid') )\r
1101                 {\r
1102                         $this->action_categoryedit($catid, $blog->getID());\r
1103                 }\r
1104                 else\r
1105                 {\r
1106                         $this->action_itemlist(getBlogIDFromCatID($catid));\r
1107                 }\r
1108         }\r
1109 \r
1110         /**\r
1111          * Moves one item to a given category (category existance should be checked by caller)\r
1112          * errors are returned\r
1113          * @param int $itemid\r
1114          * @param int $destCatid category ID to which the item will be moved\r
1115          */\r
1116         function moveOneItem($itemid, $destCatid)\r
1117         {\r
1118                 global $member;\r
1119 \r
1120                 // only allow if user is allowed to move item\r
1121                 if ( !$member->canUpdateItem($itemid, $destCatid) )\r
1122                 {\r
1123                         return _ERROR_DISALLOWED;\r
1124                 }\r
1125 \r
1126                 Item::move($itemid, $destCatid);\r
1127         }\r
1128 \r
1129         /**\r
1130          * Adds a item to the chosen blog\r
1131          */\r
1132         function action_additem()\r
1133         {\r
1134                 global $manager, $CONF;\r
1135 \r
1136                 $manager->loadClass('ITEM');\r
1137 \r
1138                 $result = Item::createFromRequest();\r
1139 \r
1140                 if ( $result['status'] == 'error' )\r
1141                 {\r
1142                         $this->error($result['message']);\r
1143                 }\r
1144 \r
1145                 $blogid     =  getBlogIDFromItemID($result['itemid']);\r
1146                 $blog       =& $manager->getBlog($blogid);\r
1147                 $btimestamp =  $blog->getCorrectTime();\r
1148                 $item       =  $manager->getItem(intval($result['itemid']), 1, 1);\r
1149 \r
1150                 if ( $result['status'] == 'newcategory' )\r
1151                 {\r
1152                         $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));\r
1153                         $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
1154                 }\r
1155                 else\r
1156                 {\r
1157                         $methodName = 'action_itemList';\r
1158                         call_user_func(array(&$this, $methodName), $blogid);\r
1159                 }\r
1160         }\r
1161 \r
1162         /**\r
1163          * Allows to edit previously made comments\r
1164          **/\r
1165         function action_commentedit()\r
1166         {\r
1167 \r
1168                 global $member, $manager;\r
1169 \r
1170                 $commentid = intRequestVar('commentid');\r
1171 \r
1172                 $member->canAlterComment($commentid) or $this->disallow();\r
1173 \r
1174                 $this->pagehead();\r
1175                 $this->parse('commentedit');\r
1176                 $this->pagefoot();\r
1177         }\r
1178 \r
1179         /**\r
1180          * @todo document this\r
1181          */\r
1182         function action_commentupdate()\r
1183         {\r
1184                 global $member, $manager;\r
1185 \r
1186                 $commentid = intRequestVar('commentid');\r
1187 \r
1188                 $member->canAlterComment($commentid) or $this->disallow();\r
1189 \r
1190                 $url   = postVar('url');\r
1191                 $email = postVar('email');\r
1192                 $body  = postVar('body');\r
1193 \r
1194                 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1195                 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE\r
1196                 # important note that '\' must be matched with '\\\\' in preg* expressions\r
1197 \r
1198                 // intercept words that are too long\r
1199                 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)\r
1200                 {\r
1201                         $this->error(_ERROR_COMMENT_LONGWORD);\r
1202                 }\r
1203 \r
1204                 // check length\r
1205                 if ( i18n::strlen($body) < 3 )\r
1206                 {\r
1207                         $this->error(_ERROR_COMMENT_NOCOMMENT);\r
1208                 }\r
1209 \r
1210                 if ( i18n::strlen($body) > 5000 )\r
1211                 {\r
1212                         $this->error(_ERROR_COMMENT_TOOLONG);\r
1213                 }\r
1214 \r
1215                 // prepare body\r
1216                 $body = Comment::prepareBody($body);\r
1217 \r
1218                 // call plugins\r
1219                 $manager->notify(\r
1220                         'PreUpdateComment',\r
1221                         array(\r
1222                                         'body' => &$body\r
1223                         )\r
1224                 );\r
1225 \r
1226                 $query = 'UPDATE ' . sql_table('comment')\r
1227                            . " SET "\r
1228                            . "    cmail   = '" . sql_real_escape_string($url) . "',"\r
1229                            . "    cemail  = '" . sql_real_escape_string($email) . "',"\r
1230                            . "    cbody   = '" . sql_real_escape_string($body) . "'"\r
1231                            . " WHERE "\r
1232                            . "    cnumber = " . $commentid;\r
1233                 sql_query($query);\r
1234 \r
1235                 // get itemid\r
1236                 $res    = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
1237                 $o      = sql_fetch_object($res);\r
1238                 $itemid = $o->citem;\r
1239 \r
1240                 if ( $member->canAlterItem($itemid) )\r
1241                 {\r
1242                         $this->action_itemcommentlist($itemid);\r
1243                 }\r
1244                 else\r
1245                 {\r
1246                         $this->action_browseowncomments();\r
1247                 }\r
1248         }\r
1249         \r
1250         /**\r
1251          * Admin::action_commentdelete()\r
1252          * Update comment\r
1253          * \r
1254          * @param       Void\r
1255          * @return      Void\r
1256          */\r
1257         function action_commentdelete()\r
1258         {\r
1259                 global $member, $manager;\r
1260                 \r
1261                 $commentid = intRequestVar('commentid');\r
1262                 $member->canAlterComment($commentid) or $this->disallow();\r
1263 \r
1264                 $this->pagehead();\r
1265                 $this->parse('commentdelete');\r
1266                 $this->pagefoot();\r
1267                 return;\r
1268         }\r
1269         \r
1270         /**\r
1271          * @todo document this\r
1272          */\r
1273         function action_commentdeleteconfirm()\r
1274         {\r
1275                 global $member;\r
1276 \r
1277                 $commentid = intRequestVar('commentid');\r
1278 \r
1279                 // get item id first\r
1280                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
1281                 $o = sql_fetch_object($res);\r
1282                 $itemid = $o->citem;\r
1283 \r
1284                 $error = $this->deleteOneComment($commentid);\r
1285                 if ( $error )\r
1286                 {\r
1287                         $this->doError($error);\r
1288                 }\r
1289 \r
1290                 if ( $member->canAlterItem($itemid) )\r
1291                 {\r
1292                         $this->action_itemcommentlist($itemid);\r
1293                 }\r
1294                 else\r
1295                 {\r
1296                         $this->action_browseowncomments();\r
1297                 }\r
1298         }\r
1299 \r
1300         /**\r
1301          * @todo document this\r
1302          */\r
1303         function deleteOneComment($commentid) {\r
1304                 global $member, $manager;\r
1305 \r
1306                 $commentid = intval($commentid);\r
1307 \r
1308                 if ( !$member->canAlterComment($commentid) )\r
1309                 {\r
1310                         return _ERROR_DISALLOWED;\r
1311                 }\r
1312 \r
1313                 $manager->notify(\r
1314                         'PreDeleteComment',\r
1315                         array(\r
1316                                 'commentid' => $commentid\r
1317                         )\r
1318                 );\r
1319 \r
1320                 // delete the comments associated with the item\r
1321                 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cnumber=' . $commentid;\r
1322                 sql_query($query);\r
1323 \r
1324                 $manager->notify(\r
1325                         'PostDeleteComment',\r
1326                         array(\r
1327                                 'commentid' => $commentid\r
1328                         )\r
1329                 );\r
1330 \r
1331                 return '';\r
1332         }\r
1333 \r
1334         /**\r
1335          * Usermanagement main\r
1336          */\r
1337         function action_usermanagement()\r
1338         {\r
1339                 global $member, $manager;\r
1340 \r
1341                 // check if allowed\r
1342                 $member->isAdmin() or $this->disallow();\r
1343 \r
1344                 $this->pagehead();\r
1345                 $this->parse('usermanagement');\r
1346                 $this->pagefoot();\r
1347         }\r
1348 \r
1349         /**\r
1350          * Edit member settings\r
1351          */\r
1352         function action_memberedit()\r
1353         {\r
1354                 $this->action_editmembersettings(intRequestVar('memberid'));\r
1355         }\r
1356 \r
1357         /**\r
1358          * @todo document this\r
1359          */\r
1360         function action_editmembersettings($memberid = '') {\r
1361                 global $member, $manager, $CONF;\r
1362                 \r
1363                 if ( $memberid == '' )\r
1364                 {\r
1365                         $memberid = $member->getID();\r
1366                 }\r
1367                 $_REQUEST['memberid'] = $memberid;\r
1368 \r
1369                 // check if allowed\r
1370                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1371                 \r
1372                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
1373                 $this->pagehead($extrahead);\r
1374                 $this->parse('editmembersettings');\r
1375                 $this->pagefoot();\r
1376         }\r
1377         \r
1378         /**\r
1379          * @todo document this\r
1380          */\r
1381         function action_changemembersettings() {\r
1382                 global $member, $CONF, $manager;\r
1383 \r
1384                 $memberid = intRequestVar('memberid');\r
1385 \r
1386                 // check if allowed\r
1387                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1388 \r
1389                 $name           = trim(strip_tags(postVar('name')));\r
1390                 $realname       = trim(strip_tags(postVar('realname')));\r
1391                 $password       = postVar('password');\r
1392                 $repeatpassword = postVar('repeatpassword');\r
1393                 $email          = strip_tags(postVar('email'));\r
1394                 $url            = strip_tags(postVar('url'));\r
1395                 $adminskin      = intPostVar('adminskin');\r
1396                 \r
1397                 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1398                 # original eregi: !eregi("^https?://", $url)\r
1399 \r
1400                 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.\r
1401                 if ( !preg_match('#^https?://#', $url) )\r
1402                 {\r
1403                         $url = 'http://' . $url;\r
1404                 }\r
1405 \r
1406                 $admin          = postVar('admin');\r
1407                 $canlogin       = postVar('canlogin');\r
1408                 $notes          = strip_tags(postVar('notes'));\r
1409                 $locale         = postVar('locale');\r
1410 \r
1411                 $mem = Member::createFromID($memberid);\r
1412 \r
1413                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1414 \r
1415                         if ( !isValidDisplayName($name) )\r
1416                         {\r
1417                                 $this->error(_ERROR_BADNAME);\r
1418                         }\r
1419 \r
1420                         if ( ($name != $mem->getDisplayName()) && Member::exists($name) )\r
1421                         {\r
1422                                 $this->error(_ERROR_NICKNAMEINUSE);\r
1423                         }\r
1424 \r
1425                         if ( $password != $repeatpassword )\r
1426                         {\r
1427                                 $this->error(_ERROR_PASSWORDMISMATCH);\r
1428                         }\r
1429 \r
1430                         if ( $password && (i18n::strlen($password) < 6) )\r
1431                         {\r
1432                                 $this->error(_ERROR_PASSWORDTOOSHORT);\r
1433                         }\r
1434                                 \r
1435                         if ( $password )\r
1436                         {\r
1437                                 $pwdvalid = true;\r
1438                                 $pwderror = '';\r
1439                                 $manager->notify(\r
1440                                         'PrePasswordSet',\r
1441                                         array(\r
1442                                                 'password'     => $password,\r
1443                                                 'errormessage' => &$pwderror,\r
1444                                                 'valid'        => &$pwdvalid\r
1445                                         )\r
1446                                 );\r
1447                                 if ( !$pwdvalid )\r
1448                                 {\r
1449                                         $this->error($pwderror);\r
1450                                 }\r
1451                         }\r
1452                 }\r
1453                 \r
1454                 if ( !NOTIFICATION::address_validation($email) )\r
1455                 {\r
1456                         $this->error(_ERROR_BADMAILADDRESS);\r
1457                 }\r
1458                 if ( !$realname )\r
1459                 {\r
1460                         $this->error(_ERROR_REALNAMEMISSING);\r
1461                 }\r
1462                 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )\r
1463                 {\r
1464                         $this->error(_ERROR_NOSUCHTRANSLATION);\r
1465                 }\r
1466 \r
1467                 // check if there will remain at least one site member with both the logon and admin rights\r
1468                 // (check occurs when taking away one of these rights from such a member)\r
1469                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
1470                         ||      (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
1471                         )\r
1472                 {\r
1473                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
1474                         if ( sql_num_rows($r) < 2 )\r
1475                         {\r
1476                                 $this->error(_ERROR_ATLEASTONEADMIN);\r
1477                         }\r
1478                 }\r
1479 \r
1480                 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )\r
1481                 {\r
1482                         $mem->setDisplayName($name);\r
1483                         if ( $password )\r
1484                         {\r
1485                                 $mem->setPassword($password);\r
1486                         }\r
1487                 }\r
1488 \r
1489                 $oldEmail = $mem->getEmail();\r
1490 \r
1491                 $mem->setRealName($realname);\r
1492                 $mem->setEmail($email);\r
1493                 $mem->setURL($url);\r
1494                 $mem->setNotes($notes);\r
1495                 $mem->setLocale($locale);\r
1496 \r
1497 \r
1498                 // only allow super-admins to make changes to the admin status\r
1499                 if ( $member->isAdmin() )\r
1500                 {\r
1501                         $mem->setAdmin($admin);\r
1502                         $mem->setCanLogin($canlogin);\r
1503                 }\r
1504 \r
1505                 $autosave = postVar('autosave');\r
1506                 $mem->setAutosave($autosave);\r
1507 \r
1508                 $mem->write();\r
1509 \r
1510                 // store plugin options\r
1511                 $aOptions = requestArray('plugoption');\r
1512                 NucleusPlugin::apply_plugin_options($aOptions);\r
1513                 $manager->notify(\r
1514                         'PostPluginOptionsUpdate',\r
1515                         array(\r
1516                                 'context'  => 'member',\r
1517                                 'memberid' => $memberid,\r
1518                                 'member'   => &$mem\r
1519                         )\r
1520                 );\r
1521 \r
1522                 // if email changed, generate new password\r
1523                 if ( $oldEmail != $mem->getEmail() )\r
1524                 {\r
1525                         $mem->sendActivationLink('addresschange', $oldEmail);\r
1526                         // logout member\r
1527                         $mem->newCookieKey();\r
1528 \r
1529                         // only log out if the member being edited is the current member.\r
1530                         if ( $member->getID() == $memberid )\r
1531                         {\r
1532                                 $member->logout();\r
1533                         }\r
1534                         $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
1535                         return;\r
1536                 }\r
1537 \r
1538 \r
1539                 if (    ( $mem->getID() == $member->getID() )\r
1540                         &&      ( $mem->getDisplayName() != $member->getDisplayName() )\r
1541                         )\r
1542                 {\r
1543                         $mem->newCookieKey();\r
1544                         $member->logout();\r
1545                         $this->action_login(_MSG_LOGINAGAIN, 0);\r
1546                 }\r
1547                 else\r
1548                 {\r
1549                         $this->action_overview(_MSG_SETTINGSCHANGED);\r
1550                 }\r
1551         }\r
1552 \r
1553         /**\r
1554          * Admin::action_memberadd()\r
1555          * \r
1556          * @param       void\r
1557          * @return      void\r
1558          * \r
1559         */\r
1560         function action_memberadd()\r
1561         {\r
1562                 global $member, $manager;\r
1563                 \r
1564                 // check if allowed\r
1565                 $member->isAdmin() or $this->disallow();\r
1566                 \r
1567                 if ( postVar('password') != postVar('repeatpassword') )\r
1568                 {\r
1569                         $this->error(_ERROR_PASSWORDMISMATCH);\r
1570                 }\r
1571                 \r
1572                 if ( i18n::strlen(postVar('password')) < 6 )\r
1573                 {\r
1574                         $this->error(_ERROR_PASSWORDTOOSHORT);\r
1575                 }\r
1576                 \r
1577                 $res = Member::create(\r
1578                                         postVar('name'),\r
1579                                         postVar('realname'),\r
1580                                         postVar('password'),\r
1581                                         postVar('email'),\r
1582                                         postVar('url'),\r
1583                                         postVar('admin'),\r
1584                                         postVar('canlogin'),\r
1585                                         postVar('notes')\r
1586                                 );\r
1587                 if ( $res != 1 )\r
1588                 {\r
1589                         $this->error($res);\r
1590                 }\r
1591                 \r
1592                 // fire PostRegister event\r
1593                 $newmem = new Member();\r
1594                 $newmem->readFromName(postVar('name'));\r
1595                 $manager->notify(\r
1596                         'PostRegister',\r
1597                         array(\r
1598                                 'member' => &$newmem\r
1599                         )\r
1600                 );\r
1601                 \r
1602                 $this->action_usermanagement();\r
1603                 return;\r
1604         }\r
1605 \r
1606         /**\r
1607          * Account activation\r
1608          *\r
1609          * @author dekarma\r
1610          */\r
1611         function action_activate()\r
1612         {\r
1613 \r
1614                 $key = getVar('key');\r
1615                 $this->_showActivationPage($key);\r
1616         }\r
1617 \r
1618         /**\r
1619          * @todo document this\r
1620          */\r
1621         function _showActivationPage($key, $message = '')\r
1622         {\r
1623                 global $manager;\r
1624 \r
1625                 // clean up old activation keys\r
1626                 Member::cleanupActivationTable();\r
1627 \r
1628                 // get activation info\r
1629                 $info = Member::getActivationInfo($key);\r
1630 \r
1631                 if ( !$info )\r
1632                 {\r
1633                         $this->error(_ERROR_ACTIVATE);\r
1634                 }\r
1635 \r
1636                 $mem = Member::createFromId($info->vmember);\r
1637 \r
1638                 if ( !$mem )\r
1639                 {\r
1640                         $this->error(_ERROR_ACTIVATE);\r
1641                 }\r
1642                 $_POST['ackey']                = $key;\r
1643                 $this->headMess                = $message;\r
1644                 $_POST['bNeedsPasswordChange'] = true;\r
1645                 $this->pagehead();\r
1646                 $this->parse('activate');\r
1647                 $this->pagefoot();\r
1648 \r
1649         }\r
1650 \r
1651         /**\r
1652          * Account activation - set password part\r
1653          *\r
1654          * @author dekarma\r
1655          */\r
1656         function action_activatesetpwd()\r
1657         {\r
1658 \r
1659                 $key = postVar('key');\r
1660 \r
1661                 // clean up old activation keys\r
1662                 Member::cleanupActivationTable();\r
1663 \r
1664                 // get activation info\r
1665                 $info = Member::getActivationInfo($key);\r
1666 \r
1667                 if ( !$info || ($info->type == 'addresschange') )\r
1668                 {\r
1669                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
1670                 }\r
1671 \r
1672                 $mem = Member::createFromId($info->vmember);\r
1673 \r
1674                 if ( !$mem )\r
1675                 {\r
1676                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
1677                 }\r
1678 \r
1679                 $password       = postVar('password');\r
1680                 $repeatpassword = postVar('repeatpassword');\r
1681 \r
1682                 if ( $password != $repeatpassword )\r
1683                 {\r
1684                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
1685                 }\r
1686 \r
1687                 if ( $password && (i18n::strlen($password) < 6) )\r
1688                 {\r
1689                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
1690                 }\r
1691                         \r
1692                 if ( $password )\r
1693                 {\r
1694                         $pwdvalid = true;\r
1695                         $pwderror = '';\r
1696                         global $manager;\r
1697                         $manager->notify(\r
1698                                 'PrePasswordSet',\r
1699                                 array(\r
1700                                         'password'     => $password,\r
1701                                         'errormessage' => &$pwderror,\r
1702                                         'valid'        => &$pwdvalid\r
1703                                 )\r
1704                         );\r
1705                         if ( !$pwdvalid )\r
1706                         {\r
1707                                 return $this->_showActivationPage($key,$pwderror);\r
1708                         }\r
1709                 }\r
1710 \r
1711                 $error = '';\r
1712                 \r
1713                 $manager->notify(\r
1714                         'ValidateForm',\r
1715                         array(\r
1716                                 'type'   => 'activation',\r
1717                                 'member' => $mem,\r
1718                                 'error'  => &$error\r
1719                         )\r
1720                 );\r
1721                 if ( $error != '' )\r
1722                 {\r
1723                         return $this->_showActivationPage($key, $error);\r
1724                 }\r
1725 \r
1726 \r
1727                 // set password\r
1728                 $mem->setPassword($password);\r
1729                 $mem->write();\r
1730 \r
1731                 // do the activation\r
1732                 Member::activate($key);\r
1733 \r
1734                 $this->pagehead();\r
1735                 $this->parse('activatesetpwd');\r
1736                 $this->pagefoot();\r
1737         }\r
1738 \r
1739         /**\r
1740          * Manage team\r
1741          */\r
1742         function action_manageteam()\r
1743         {\r
1744                 global $member, $manager;\r
1745 \r
1746                 $blogid = intRequestVar('blogid');\r
1747 \r
1748                 // check if allowed\r
1749                 $member->blogAdminRights($blogid) or $this->disallow();\r
1750 \r
1751                 $this->pagehead();\r
1752                 $this->parse('manageteam');\r
1753                 $this->pagefoot();\r
1754         }\r
1755 \r
1756         /**\r
1757          * Add member to team\r
1758          */\r
1759         function action_teamaddmember()\r
1760         {\r
1761                 global $member, $manager;\r
1762 \r
1763                 $memberid = intPostVar('memberid');\r
1764                 $blogid = intPostVar('blogid');\r
1765                 $admin = intPostVar('admin');\r
1766 \r
1767                 // check if allowed\r
1768                 $member->blogAdminRights($blogid) or $this->disallow();\r
1769 \r
1770                 $blog =& $manager->getBlog($blogid);\r
1771                 if ( !$blog->addTeamMember($memberid, $admin) )\r
1772                 {\r
1773                         $this->error(_ERROR_ALREADYONTEAM);\r
1774                 }\r
1775 \r
1776                 $this->action_manageteam();\r
1777 \r
1778         }\r
1779 \r
1780         /**\r
1781          * @todo document this\r
1782          */\r
1783         function action_teamdelete()\r
1784         {\r
1785                 global $member, $manager;\r
1786 \r
1787                 $memberid = intRequestVar('memberid');\r
1788                 $blogid   = intRequestVar('blogid');\r
1789 \r
1790                 // check if allowed\r
1791                 $member->blogAdminRights($blogid) or $this->disallow();\r
1792 \r
1793                 $teammem =  Member::createFromID($memberid);\r
1794                 $blog    =& $manager->getBlog($blogid);\r
1795 \r
1796                 $this->pagehead();\r
1797                 $this->parse('teamdelete');\r
1798                 $this->pagefoot();\r
1799         }\r
1800 \r
1801         /**\r
1802          * @todo document this\r
1803          */\r
1804         function action_teamdeleteconfirm()\r
1805         {\r
1806                 global $member;\r
1807 \r
1808                 $memberid = intRequestVar('memberid');\r
1809                 $blogid = intRequestVar('blogid');\r
1810 \r
1811                 $error = $this->deleteOneTeamMember($blogid, $memberid);\r
1812                 if ( $error )\r
1813                 {\r
1814                         $this->error($error);\r
1815                 }\r
1816                 $this->action_manageteam();\r
1817         }\r
1818 \r
1819         /**\r
1820          * @todo document this\r
1821          */\r
1822         function deleteOneTeamMember($blogid, $memberid)\r
1823         {\r
1824                 global $member, $manager;\r
1825 \r
1826                 $blogid   = intval($blogid);\r
1827                 $memberid = intval($memberid);\r
1828 \r
1829                 // check if allowed\r
1830                 if ( !$member->blogAdminRights($blogid) )\r
1831                 {\r
1832                         return _ERROR_DISALLOWED;\r
1833                 }\r
1834 \r
1835                 // check if: - there remains at least one blog admin\r
1836                 //           - (there remains at least one team member)\r
1837                 $tmem = Member::createFromID($memberid);\r
1838 \r
1839                 $manager->notify(\r
1840                         'PreDeleteTeamMember',\r
1841                         array(\r
1842                                 'member' => &$tmem,\r
1843                                 'blogid' => $blogid\r
1844                         )\r
1845                 );\r
1846 \r
1847                 if ( $tmem->isBlogAdmin($blogid) )\r
1848                 {\r
1849                         // check if there are more blog members left and at least one admin\r
1850                         // (check for at least two admins before deletion)\r
1851                         $query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid . ' and tadmin=1';\r
1852                         $r     = sql_query($query);\r
1853                         if ( sql_num_rows($r) < 2 )\r
1854                         {\r
1855                                 return _ERROR_ATLEASTONEBLOGADMIN;\r
1856                         }\r
1857                 }\r
1858 \r
1859                 $query = 'DELETE FROM ' . sql_table('team') . " WHERE tblog=$blogid and tmember=$memberid";\r
1860                 sql_query($query);\r
1861 \r
1862                 $manager->notify(\r
1863                         'PostDeleteTeamMember',\r
1864                         array(\r
1865                                 'member' => &$tmem,\r
1866                                 'blogid' => $blogid\r
1867                         )\r
1868                 );\r
1869 \r
1870                 return '';\r
1871         }\r
1872 \r
1873         /**\r
1874          * @todo document this\r
1875          */\r
1876         function action_teamchangeadmin()\r
1877         {\r
1878                 global $member;\r
1879 \r
1880                 $blogid   = intRequestVar('blogid');\r
1881                 $memberid = intRequestVar('memberid');\r
1882 \r
1883                 // check if allowed\r
1884                 $member->blogAdminRights($blogid) or $this->disallow();\r
1885 \r
1886                 $mem = Member::createFromID($memberid);\r
1887 \r
1888                 // don't allow when there is only one admin at this moment\r
1889                 if ( $mem->isBlogAdmin($blogid) )\r
1890                 {\r
1891                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
1892                         if ( sql_num_rows($r) == 1 )\r
1893                         {\r
1894                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
1895                         }\r
1896                 }\r
1897 \r
1898                 if ( $mem->isBlogAdmin($blogid) )\r
1899                 {\r
1900                         $newval = 0;\r
1901                 }\r
1902                 else\r
1903                 {\r
1904                         $newval = 1;\r
1905                 }\r
1906 \r
1907                 $query = 'UPDATE ' . sql_table('team') . " SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
1908                 sql_query($query);\r
1909 \r
1910                 // only show manageteam if member did not change its own admin privileges\r
1911                 if ( $member->isBlogAdmin($blogid) )\r
1912                 {\r
1913                         $this->action_manageteam();\r
1914                 }\r
1915                 else\r
1916                 {\r
1917                         $this->action_overview(_MSG_ADMINCHANGED);\r
1918                 }\r
1919         }\r
1920 \r
1921         /**\r
1922          * @todo document this\r
1923          */\r
1924         function action_blogsettings()\r
1925         {\r
1926                 global $member, $manager;\r
1927 \r
1928                 $blogid = intRequestVar('blogid');\r
1929 \r
1930                 // check if allowed\r
1931                 $member->blogAdminRights($blogid) or $this->disallow();\r
1932 \r
1933                 $blog =& $manager->getBlog($blogid);\r
1934 \r
1935                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
1936                 $this->pagehead($extrahead);\r
1937                 $this->parse('blogsettings');\r
1938                 $this->pagefoot();\r
1939         }\r
1940 \r
1941         /**\r
1942          * @todo document this\r
1943          */\r
1944         function action_categorynew()\r
1945         {\r
1946                 global $member, $manager;\r
1947 \r
1948                 $blogid = intRequestVar('blogid');\r
1949 \r
1950                 $member->blogAdminRights($blogid) or $this->disallow();\r
1951 \r
1952                 $cname = postVar('cname');\r
1953                 $cdesc = postVar('cdesc');\r
1954 \r
1955                 if ( !isValidCategoryName($cname) )\r
1956                 {\r
1957                         $this->error(_ERROR_BADCATEGORYNAME);\r
1958                 }\r
1959 \r
1960                 $query = 'SELECT * FROM ' . sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname) . '\' and cblog=' . intval($blogid);\r
1961                 $res = sql_query($query);\r
1962                 if ( sql_num_rows($res) > 0 )\r
1963                 {\r
1964                         $this->error(_ERROR_DUPCATEGORYNAME);\r
1965                 }\r
1966 \r
1967                 $blog       =& $manager->getBlog($blogid);\r
1968                 $newCatID   =  $blog->createNewCategory($cname, $cdesc);\r
1969 \r
1970                 $this->action_blogsettings();\r
1971         }\r
1972 \r
1973         /**\r
1974          * @todo document this\r
1975          */\r
1976         function action_categoryedit($catid = '', $blogid = '', $desturl = '')\r
1977         {\r
1978                 global $member, $manager;\r
1979 \r
1980                 if ( $blogid == '' )\r
1981                 {\r
1982                         $blogid = intGetVar('blogid');\r
1983                 }\r
1984                 else\r
1985                 {\r
1986                         $blogid = intval($blogid);\r
1987                 }\r
1988                 if ( $catid == '' )\r
1989                 {\r
1990                         $catid = intGetVar('catid');\r
1991                 }\r
1992                 else\r
1993                 {\r
1994                         $catid = intval($catid);\r
1995                 }\r
1996                 $_REQUEST['blogid']  = $blogid;\r
1997                 $_REQUEST['catid']   = $catid;\r
1998                 $_REQUEST['desturl'] = $desturl;\r
1999                 $member->blogAdminRights($blogid) or $this->disallow();\r
2000 \r
2001                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2002                 $this->pagehead($extrahead);\r
2003                 $this->parse('categoryedit');\r
2004                 $this->pagefoot();\r
2005         }\r
2006 \r
2007         /**\r
2008          * @todo document this\r
2009          */\r
2010         function action_categoryupdate()\r
2011         {\r
2012                 global $member, $manager;\r
2013 \r
2014                 $blogid  = intPostVar('blogid');\r
2015                 $catid   = intPostVar('catid');\r
2016                 $cname   = postVar('cname');\r
2017                 $cdesc   = postVar('cdesc');\r
2018                 $desturl = postVar('desturl');\r
2019 \r
2020                 $member->blogAdminRights($blogid) or $this->disallow();\r
2021 \r
2022                 if ( !isValidCategoryName($cname) )\r
2023                 {\r
2024                         $this->error(_ERROR_BADCATEGORYNAME);\r
2025                 }\r
2026 \r
2027                 $query = "SELECT *"\r
2028                            . " FROM " . sql_table('category')\r
2029                            . " WHERE cname='" . sql_real_escape_string($cname) . "'"\r
2030                            . " and cblog=" . intval($blogid)\r
2031                            . " and not(catid=" . intval($catid) . ")";\r
2032                 $res   = sql_query($query);\r
2033                 if ( sql_num_rows($res) > 0 )\r
2034                 {\r
2035                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2036                 }\r
2037 \r
2038                 $query =  'UPDATE '.sql_table('category').' SET'\r
2039                                 . " cname='" . sql_real_escape_string($cname) . "',"\r
2040                                 . " cdesc='" . sql_real_escape_string($cdesc) . "'"\r
2041                                 . " WHERE catid=" . intval($catid);\r
2042 \r
2043                 sql_query($query);\r
2044 \r
2045                 // store plugin options\r
2046                 $aOptions = requestArray('plugoption');\r
2047                 NucleusPlugin::apply_plugin_options($aOptions);\r
2048                 $manager->notify(\r
2049                         'PostPluginOptionsUpdate',\r
2050                         array(\r
2051                                 'context' => 'category',\r
2052                                 'catid'   => $catid\r
2053                         )\r
2054                 );\r
2055 \r
2056 \r
2057                 if ( $desturl )\r
2058                 {\r
2059                         redirect($desturl);\r
2060                         exit;\r
2061                 }\r
2062                 else\r
2063                 {\r
2064                         $this->action_blogsettings();\r
2065                 }\r
2066         }\r
2067 \r
2068         /**\r
2069          * @todo document this\r
2070          */\r
2071         function action_categorydelete()\r
2072         {\r
2073                 global $member, $manager;\r
2074 \r
2075                 $blogid = intRequestVar('blogid');\r
2076                 $catid  = intRequestVar('catid');\r
2077 \r
2078                 $member->blogAdminRights($blogid) or $this->disallow();\r
2079 \r
2080                 $blog =& $manager->getBlog($blogid);\r
2081 \r
2082                 // check if the category is valid\r
2083                 if ( !$blog->isValidCategory($catid) )\r
2084                 {\r
2085                         $this->error(_ERROR_NOSUCHCATEGORY);\r
2086                 }\r
2087 \r
2088                 // don't allow deletion of default category\r
2089                 if ( $blog->getDefaultCategory() == $catid )\r
2090                 {\r
2091                         $this->error(_ERROR_DELETEDEFCATEGORY);\r
2092                 }\r
2093 \r
2094                 // check if catid is the only category left for blogid\r
2095                 $query = 'SELECT catid FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;\r
2096                 $res = sql_query($query);\r
2097                 if ( sql_num_rows($res) == 1 )\r
2098                 {\r
2099                         $this->error(_ERROR_DELETELASTCATEGORY);\r
2100                 }\r
2101 \r
2102 \r
2103                 $this->pagehead();\r
2104                 $this->parse('categorydelete');\r
2105                 $this->pagefoot();\r
2106         }\r
2107 \r
2108         /**\r
2109          * @todo document this\r
2110          */\r
2111         function action_categorydeleteconfirm()\r
2112         {\r
2113                 global $member, $manager;\r
2114 \r
2115                 $blogid = intRequestVar('blogid');\r
2116                 $catid  = intRequestVar('catid');\r
2117 \r
2118                 $member->blogAdminRights($blogid) or $this->disallow();\r
2119 \r
2120                 $error = $this->deleteOneCategory($catid);\r
2121                 if ( $error )\r
2122                 {\r
2123                         $this->error($error);\r
2124                 }\r
2125 \r
2126                 $this->action_blogsettings();\r
2127         }\r
2128         \r
2129         /**\r
2130          * Admin::deleteOneCategory()\r
2131          * Delete a category by its id\r
2132          * \r
2133          * @param       String  $catid  category id for deleting\r
2134          * @return      Void\r
2135          */\r
2136         function deleteOneCategory($catid)\r
2137         {\r
2138                 global $manager, $member;\r
2139                 \r
2140                 $catid  = intval($catid);\r
2141                 $blogid = getBlogIDFromCatID($catid);\r
2142 \r
2143                 if ( !$member->blogAdminRights($blogid) )\r
2144                 {\r
2145                         return ERROR_DISALLOWED;\r
2146                 }\r
2147 \r
2148                 // get blog\r
2149                 $blog =& $manager->getBlog($blogid);\r
2150 \r
2151                 // check if the category is valid\r
2152                 if ( !$blog || !$blog->isValidCategory($catid) )\r
2153                 {\r
2154                         return _ERROR_NOSUCHCATEGORY;\r
2155                 }\r
2156 \r
2157                 $destcatid = $blog->getDefaultCategory();\r
2158 \r
2159                 // don't allow deletion of default category\r
2160                 if ( $blog->getDefaultCategory() == $catid )\r
2161                 {\r
2162                         return _ERROR_DELETEDEFCATEGORY;\r
2163                 }\r
2164 \r
2165                 // check if catid is the only category left for blogid\r
2166                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2167                 $res = sql_query($query);\r
2168                 if ( sql_num_rows($res) == 1 )\r
2169                 {\r
2170                         return _ERROR_DELETELASTCATEGORY;\r
2171                 }\r
2172 \r
2173                 $manager->notify(\r
2174                         'PreDeleteCategory',\r
2175                         array(\r
2176                                 'catid' => $catid\r
2177                         )\r
2178                 );\r
2179 \r
2180                 // change category for all items to the default category\r
2181                 $query = 'UPDATE ' . sql_table('item') . " SET icat=$destcatid WHERE icat=$catid";\r
2182                 sql_query($query);\r
2183                 \r
2184                 // delete all associated plugin options\r
2185                 NucleusPlugin::delete_option_values('category', $catid);\r
2186                 \r
2187                 // delete category\r
2188                 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE catid=' . $catid;\r
2189                 sql_query($query);\r
2190                 \r
2191                 $manager->notify(\r
2192                         'PostDeleteCategory',\r
2193                         array(\r
2194                                 'catid' => $catid\r
2195                         )\r
2196                 );\r
2197                 return;\r
2198         }\r
2199         \r
2200         /**\r
2201          * Admin::action_blogsettingsupdate\r
2202          * Updating blog settings\r
2203          * \r
2204          * @param       Void\r
2205          * @return      Void\r
2206          */\r
2207         function action_blogsettingsupdate()\r
2208         {\r
2209                 global $member, $manager;\r
2210                 \r
2211                 $blogid = intRequestVar('blogid');\r
2212                 \r
2213                 $member->blogAdminRights($blogid) or $this->disallow();\r
2214                 \r
2215                 $blog =& $manager->getBlog($blogid);\r
2216                 \r
2217                 $notify_address = trim(postVar('notify'));\r
2218                 $shortname              = trim(postVar('shortname'));\r
2219                 $updatefile     = trim(postVar('update'));\r
2220                 \r
2221                 $notifyComment  = intPostVar('notifyComment');\r
2222                 $notifyVote             = intPostVar('notifyVote');\r
2223                 $notifyNewItem  = intPostVar('notifyNewItem');\r
2224                 \r
2225                 if ( $notifyComment == 0 )\r
2226                 {\r
2227                         $notifyComment = 1;\r
2228                 }\r
2229                 if ( $notifyVote == 0 )\r
2230                 {\r
2231                         $notifyVote = 1;\r
2232                 }\r
2233                 if ( $notifyNewItem == 0 )\r
2234                 {\r
2235                         $notifyNewItem = 1;\r
2236                 }\r
2237                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
2238                 \r
2239                 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )\r
2240                 {\r
2241                         $this->error(_ERROR_BADNOTIFY);\r
2242                 }\r
2243                 \r
2244                 if ( !isValidShortName($shortname) )\r
2245                 {\r
2246                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
2247                 }\r
2248                 \r
2249                 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )\r
2250                 {\r
2251                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
2252                 }\r
2253                 // check if update file is writable\r
2254                 if ( $updatefile && !is_writeable($updatefile) )\r
2255                 {\r
2256                         $this->error(_ERROR_UPDATEFILE);\r
2257                 }\r
2258                 \r
2259                 $blog->setName(trim(postVar('name')));\r
2260                 $blog->setShortName($shortname);\r
2261                 $blog->setNotifyAddress($notify_address);\r
2262                 $blog->setNotifyType($notifyType);\r
2263                 $blog->setMaxComments(postVar('maxcomments'));\r
2264                 $blog->setCommentsEnabled(postVar('comments'));\r
2265                 $blog->setTimeOffset(postVar('timeoffset'));\r
2266                 $blog->setUpdateFile($updatefile);\r
2267                 $blog->setURL(trim(postVar('url')));\r
2268                 $blog->setDefaultSkin(intPostVar('defskin'));\r
2269                 $blog->setDescription(trim(postVar('desc')));\r
2270                 $blog->setPublic(postVar('public'));\r
2271                 $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
2272                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
2273                 $blog->setDefaultCategory(intPostVar('defcat'));\r
2274                 $blog->setSearchable(intPostVar('searchable'));\r
2275                 $blog->setEmailRequired(intPostVar('reqemail'));\r
2276                 $blog->writeSettings();\r
2277                 \r
2278                 // store plugin options\r
2279                 $aOptions = requestArray('plugoption');\r
2280                 NucleusPlugin::apply_plugin_options($aOptions);\r
2281                 $manager->notify(\r
2282                         'PostPluginOptionsUpdate',\r
2283                         array(\r
2284                                 'context' => 'blog',\r
2285                                 'blogid'  => $blogid,\r
2286                                 'blog'    => &$blog\r
2287                         )\r
2288                 );\r
2289                 \r
2290                 $this->action_overview(_MSG_SETTINGSCHANGED);\r
2291                 return;\r
2292         }\r
2293 \r
2294         /**\r
2295          * @todo document this\r
2296          */\r
2297         function action_deleteblog()\r
2298         {\r
2299                 global $member, $CONF, $manager;\r
2300 \r
2301                 $blogid = intRequestVar('blogid');\r
2302 \r
2303                 $member->blogAdminRights($blogid) or $this->disallow();\r
2304 \r
2305                 // check if blog is default blog\r
2306                 if ( $CONF['DefaultBlog'] == $blogid )\r
2307                 {\r
2308                         $this->error(_ERROR_DELDEFBLOG);\r
2309                 }\r
2310 \r
2311                 $blog =& $manager->getBlog($blogid);\r
2312 \r
2313                 $this->pagehead();\r
2314                 $this->parse('deleteblog');\r
2315                 $this->pagefoot();\r
2316         }\r
2317         \r
2318         /**\r
2319          * Admin::action_deleteblogconfirm()\r
2320          * Delete Blog\r
2321          * \r
2322          * @param       Void\r
2323          * @return      Void\r
2324          */\r
2325         function action_deleteblogconfirm()\r
2326         {\r
2327                 global $member, $CONF, $manager;\r
2328                 \r
2329                 $blogid = intRequestVar('blogid');\r
2330                 $manager->notify(\r
2331                         'PreDeleteBlog',\r
2332                         array(\r
2333                                 'blogid' => $blogid\r
2334                         )\r
2335                 );\r
2336                 $member->blogAdminRights($blogid) or $this->disallow();\r
2337                 \r
2338                 // check if blog is default blog\r
2339                 if ( $CONF['DefaultBlog'] == $blogid )\r
2340                 {\r
2341                         $this->error(_ERROR_DELDEFBLOG);\r
2342                 }\r
2343                 \r
2344                 // delete all comments\r
2345                 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;\r
2346                 sql_query($query);\r
2347                 \r
2348                 // delete all items\r
2349                 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;\r
2350                 sql_query($query);\r
2351                 \r
2352                 // delete all team members\r
2353                 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;\r
2354                 sql_query($query);\r
2355                 \r
2356                 // delete all bans\r
2357                 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;\r
2358                 sql_query($query);\r
2359                 \r
2360                 // delete all categories\r
2361                 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;\r
2362                 sql_query($query);\r
2363                 \r
2364                 // delete all associated plugin options\r
2365                 NucleusPlugin::delete_option_values('blog', $blogid);\r
2366                 \r
2367                 // delete the blog itself\r
2368                 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;\r
2369                 sql_query($query);\r
2370                 \r
2371                 $manager->notify(\r
2372                         'PostDeleteBlog',\r
2373                         array(\r
2374                                 'blogid' => $blogid\r
2375                         )\r
2376                 );\r
2377                 \r
2378                 $this->action_overview(_DELETED_BLOG);\r
2379                 return;\r
2380         }\r
2381         \r
2382         /**\r
2383          * @todo document this\r
2384          */\r
2385         function action_memberdelete()\r
2386         {\r
2387                 global $member, $manager;\r
2388 \r
2389                 $memberid = intRequestVar('memberid');\r
2390 \r
2391                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
2392 \r
2393                 $mem = Member::createFromID($memberid);\r
2394 \r
2395                 $this->pagehead();\r
2396                 $this->parse('memberdelete');\r
2397                 $this->pagefoot();\r
2398         }\r
2399 \r
2400         /**\r
2401          * @todo document this\r
2402          */\r
2403         function action_memberdeleteconfirm()\r
2404         {\r
2405                 global $member;\r
2406 \r
2407                 $memberid = intRequestVar('memberid');\r
2408 \r
2409                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
2410 \r
2411                 $error = $this->deleteOneMember($memberid);\r
2412                 if ( $error )\r
2413                 {\r
2414                         $this->error($error);\r
2415                 }\r
2416 \r
2417                 if ( $member->isAdmin() )\r
2418                 {\r
2419                         $this->action_usermanagement();\r
2420                 }\r
2421                 else\r
2422                 {\r
2423                         $this->action_overview(_DELETED_MEMBER);\r
2424                 }\r
2425         }\r
2426         \r
2427         /**\r
2428          * Admin::deleteOneMember()\r
2429          * Delete a member by id\r
2430          * \r
2431          * @static\r
2432          * @params      Integer $memberid       member id\r
2433          * @return      String  null string or error messages\r
2434          */\r
2435         function deleteOneMember($memberid)\r
2436         {\r
2437                 global $manager;\r
2438                 \r
2439                 $memberid = intval($memberid);\r
2440                 $mem = Member::createFromID($memberid);\r
2441                 \r
2442                 if ( !$mem->canBeDeleted() )\r
2443                 {\r
2444                         return _ERROR_DELETEMEMBER;\r
2445                 }\r
2446                 \r
2447                 $manager->notify(\r
2448                         'PreDeleteMember',\r
2449                         array(\r
2450                                 'member' => &$mem\r
2451                         )\r
2452                 );\r
2453                 \r
2454                 /* unlink comments from memberid */\r
2455                 if ( $memberid )\r
2456                 {\r
2457                         $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d";\r
2458                         $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid);\r
2459                         sql_query($query);\r
2460                 }\r
2461                 \r
2462                 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;\r
2463                 sql_query($query);\r
2464                 \r
2465                 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;\r
2466                 sql_query($query);\r
2467                 \r
2468                 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;\r
2469                 sql_query($query);\r
2470                 \r
2471                 // delete all associated plugin options\r
2472                 NucleusPlugin::delete_option_values('member', $memberid);\r
2473                 \r
2474                 $manager->notify(\r
2475                         'PostDeleteMember',\r
2476                         array(\r
2477                                 'member' => &$mem\r
2478                         )\r
2479                 );\r
2480                 \r
2481                 return '';\r
2482         }\r
2483         \r
2484         /**\r
2485          * @todo document this\r
2486          */\r
2487         function action_createnewlog()\r
2488         {\r
2489                 global $member, $CONF, $manager;\r
2490 \r
2491                 // Only Super-Admins can do this\r
2492                 $member->isAdmin() or $this->disallow();\r
2493 \r
2494                 $this->pagehead();\r
2495                 $this->parse('createnewlog');\r
2496                 $this->pagefoot();\r
2497         }\r
2498 \r
2499         /**\r
2500          * @todo document this\r
2501          */\r
2502         function action_addnewlog()\r
2503         {\r
2504                 global $member, $manager, $CONF;\r
2505 \r
2506                 // Only Super-Admins can do this\r
2507                 $member->isAdmin() or $this->disallow();\r
2508 \r
2509                 $bname          = trim(postVar('name'));\r
2510                 $bshortname     = trim(postVar('shortname'));\r
2511                 $btimeoffset    = postVar('timeoffset');\r
2512                 $bdesc          = trim(postVar('desc'));\r
2513                 $bdefskin       = postVar('defskin');\r
2514 \r
2515                 if ( !isValidShortName($bshortname) )\r
2516                 {\r
2517                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
2518                 }\r
2519 \r
2520                 if ( $manager->existsBlog($bshortname) )\r
2521                 {\r
2522                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
2523                 }\r
2524 \r
2525                 $manager->notify(\r
2526                         'PreAddBlog',\r
2527                         array(\r
2528                                 'name'        => &$bname,\r
2529                                 'shortname'   => &$bshortname,\r
2530                                 'timeoffset'  => &$btimeoffset,\r
2531                                 'description' => &$bdesc,\r
2532                                 'defaultskin' => &$bdefskin\r
2533                         )\r
2534                 );\r
2535 \r
2536 \r
2537                 // add slashes for sql queries\r
2538                 $bname       = sql_real_escape_string($bname);\r
2539                 $bshortname  = sql_real_escape_string($bshortname);\r
2540                 $btimeoffset = sql_real_escape_string($btimeoffset);\r
2541                 $bdesc       = sql_real_escape_string($bdesc);\r
2542                 $bdefskin    = sql_real_escape_string($bdefskin);\r
2543 \r
2544                 // create blog\r
2545                 $query = 'INSERT '\r
2546                            . 'INTO '\r
2547                            .      sql_table('blog')\r
2548                            . '('\r
2549                            . '    bname, '\r
2550                            . '    bshortname, '\r
2551                            . '    bdesc, '\r
2552                            . '    btimeoffset, '\r
2553                            . '    bdefskin'\r
2554                            . ') VALUES ('\r
2555                            . "'" . $bname . "'," \r
2556                            . "'" . $bshortname . "'," \r
2557                            . "'" . $bdesc . "'," \r
2558                            . "'" . $btimeoffset . "'," \r
2559                            . "'" . $bdefskin . "'" \r
2560                            . ")";\r
2561                 sql_query($query);\r
2562                 $blogid =  sql_insert_id();\r
2563                 $blog   =& $manager->getBlog($blogid);\r
2564 \r
2565                 // create new category\r
2566                 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');\r
2567                 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');\r
2568                 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';\r
2569                 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));\r
2570                 $catid = sql_insert_id();\r
2571 \r
2572                 // set as default category\r
2573                 $blog->setDefaultCategory($catid);\r
2574                 $blog->writeSettings();\r
2575 \r
2576                 // create team member\r
2577                 $memberid = $member->getID();\r
2578                 $query    = 'INSERT '\r
2579                                   . 'INTO '\r
2580                                   .      sql_table('team')\r
2581                                   . '('\r
2582                                   . '    tmember, '\r
2583                                   . '    tblog, '\r
2584                                   . '    tadmin'\r
2585                                   . ') VALUES ('\r
2586                                   . '%d, '\r
2587                                   . '%d, '\r
2588                                   . '    1'\r
2589                                   . ')';\r
2590                 sql_query(sprintf($query), $memberid, $blogid);\r
2591 \r
2592                 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');\r
2593                 $itemdefbody  = (defined('_EBLOG_FIRSTITEM_BODY')  ? _EBLOG_FIRSTITEM_BODY  : 'This is the first item in your weblog. Feel free to delete it.');\r
2594 \r
2595                 $blog->additem(\r
2596                         $blog->getDefaultCategory(),\r
2597                         $itemdeftitle,$itemdefbody,\r
2598                         '',\r
2599                         $blogid,\r
2600                         $memberid,\r
2601                         $blog->getCorrectTime(),\r
2602                         0,\r
2603                         0,\r
2604                         0\r
2605                 );\r
2606                 $manager->notify(\r
2607                         'PostAddBlog',\r
2608                         array(\r
2609                                 'blog' => &$blog\r
2610                         )\r
2611                 );\r
2612 \r
2613                 $manager->notify(\r
2614                         'PostAddCategory',\r
2615                         array(\r
2616                                 'blog'        => &$blog,\r
2617                                 'name'        => _EBLOGDEFAULTCATEGORY_NAME,\r
2618                                 'description' => _EBLOGDEFAULTCATEGORY_DESC,\r
2619                                 'catid'       => $catid\r
2620                         )\r
2621                 );\r
2622 \r
2623                 $_REQUEST['blogid'] = $blogid;\r
2624                 $_REQUEST['catid']  = $catid;\r
2625                 $this->pagehead();\r
2626                 $this->parse('addnewlog');\r
2627                 $this->pagefoot();\r
2628         }\r
2629 \r
2630         /**\r
2631          * @todo document this\r
2632          */\r
2633         function action_addnewlog2()\r
2634         {\r
2635                 global $member, $manager;\r
2636                 $blogid = intRequestVar('blogid');\r
2637 \r
2638                 $member->blogAdminRights($blogid) or $this->disallow();\r
2639 \r
2640                 $burl   = requestVar('url');\r
2641 \r
2642                 $blog =& $manager->getBlog($blogid);\r
2643                 $blog->setURL(trim($burl));\r
2644                 $blog->writeSettings();\r
2645 \r
2646                 $this->action_overview(_MSG_NEWBLOG);\r
2647         }\r
2648 \r
2649         /**\r
2650          * @todo document this\r
2651          */\r
2652         function action_skinieoverview()\r
2653         {\r
2654                 global $member, $DIR_LIBS, $manager;\r
2655 \r
2656                 $member->isAdmin() or $this->disallow();\r
2657 \r
2658                 // load skinie class\r
2659                 include_once($DIR_LIBS . 'skinie.php');\r
2660 \r
2661                 $this->pagehead();\r
2662                 $this->parse('skinieoverview');\r
2663                 $this->pagefoot();\r
2664 \r
2665         }\r
2666 \r
2667         /**\r
2668          * @todo document this\r
2669          */\r
2670         function action_skinieimport() {\r
2671                 global $member, $DIR_LIBS, $DIR_SKINS, $manager;\r
2672 \r
2673                 $member->isAdmin() or $this->disallow();\r
2674 \r
2675                 // load skinie class\r
2676                 include_once($DIR_LIBS . 'skinie.php');\r
2677 \r
2678                 $skinFileRaw = postVar('skinfile');\r
2679                 $mode        = postVar('mode');\r
2680 \r
2681                 $importer = new SkinImport();\r
2682 \r
2683                 // get full filename\r
2684                 if ($mode == 'file')\r
2685                 {\r
2686                         $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';\r
2687 \r
2688                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
2689                         if ( !file_exists($skinFile) )\r
2690                         {\r
2691                                 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';\r
2692                         }\r
2693                 } else {\r
2694                         $skinFile = $skinFileRaw;\r
2695                 }\r
2696 \r
2697                 // read only metadata\r
2698                 $error = $importer->readFile($skinFile, 1);\r
2699 \r
2700                 $_REQUEST['skininfo']  = $importer->getInfo();\r
2701                 $_REQUEST['skinnames'] = $importer->getSkinNames();\r
2702                 $_REQUEST['tpltnames'] = $importer->getTemplateNames();\r
2703 \r
2704                 // clashes\r
2705                 $skinNameClashes     = $importer->checkSkinNameClashes();\r
2706                 $templateNameClashes = $importer->checkTemplateNameClashes();\r
2707                 $hasNameClashes      = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);\r
2708 \r
2709                 $_REQUEST['skinclashes'] = $skinNameClashes;\r
2710                 $_REQUEST['tpltclashes'] = $templateNameClashes;\r
2711                 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;\r
2712                 \r
2713                 if ( $error )\r
2714                 {\r
2715                         $this->error($error);\r
2716                 }\r
2717 \r
2718                 $this->pagehead();\r
2719                 $this->parse('skinieimport');\r
2720                 $this->pagefoot();\r
2721         }\r
2722 \r
2723         /**\r
2724          * @todo document this\r
2725          */\r
2726         function action_skiniedoimport()\r
2727         {\r
2728                 global $member, $DIR_LIBS, $DIR_SKINS;\r
2729 \r
2730                 $member->isAdmin() or $this->disallow();\r
2731 \r
2732                 // load skinie class\r
2733                 include_once($DIR_LIBS . 'skinie.php');\r
2734 \r
2735                 $skinFileRaw= postVar('skinfile');\r
2736                 $mode       = postVar('mode');\r
2737 \r
2738                 $allowOverwrite = intPostVar('overwrite');\r
2739 \r
2740                 // get full filename\r
2741                 if ( $mode == 'file' )\r
2742                 {\r
2743                         $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';\r
2744 \r
2745                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
2746                         if ( !file_exists($skinFile) )\r
2747                         {\r
2748                                 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';\r
2749                         }\r
2750 \r
2751                 }\r
2752                 else\r
2753                 {\r
2754                         $skinFile = $skinFileRaw;\r
2755                 }\r
2756 \r
2757                 $importer = new SkinImport();\r
2758 \r
2759                 $error    = $importer->readFile($skinFile);\r
2760 \r
2761                 if ( $error )\r
2762                 {\r
2763                         $this->error($error);\r
2764                 }\r
2765 \r
2766                 $error = $importer->writeToDatabase($allowOverwrite);\r
2767 \r
2768                 if ( $error )\r
2769                 {\r
2770                         $this->error($error);\r
2771                 }\r
2772 \r
2773                 $_REQUEST['skininfo']  = $importer->getInfo();\r
2774                 $_REQUEST['skinnames'] = $importer->getSkinNames();\r
2775                 $_REQUEST['tpltnames'] = $importer->getTemplateNames();\r
2776 \r
2777                 $this->pagehead();\r
2778                 $this->parse('skiniedoimport');\r
2779                 $this->pagefoot();\r
2780         }\r
2781 \r
2782         /**\r
2783          * @todo document this\r
2784          */\r
2785         function action_skinieexport()\r
2786         {\r
2787                 global $member, $DIR_LIBS;\r
2788 \r
2789                 $member->isAdmin() or $this->disallow();\r
2790 \r
2791                 // load skinie class\r
2792                 include_once($DIR_LIBS . 'skinie.php');\r
2793 \r
2794                 $aSkins     = requestIntArray('skin');\r
2795                 $aTemplates = requestIntArray('template');\r
2796 \r
2797                 if ( !is_array($aTemplates) )\r
2798                 {\r
2799                         $aTemplates = array();\r
2800                 }\r
2801                 if ( !is_array($aSkins) )\r
2802                 {\r
2803                         $aSkins = array();\r
2804                 }\r
2805 \r
2806                 $skinList     = array_keys($aSkins);\r
2807                 $templateList = array_keys($aTemplates);\r
2808 \r
2809                 $info = postVar('info');\r
2810 \r
2811                 $exporter = new SkinExport();\r
2812                 foreach ($skinList as $skinId)\r
2813                 {\r
2814                         $exporter->addSkin($skinId);\r
2815                 }\r
2816                 foreach ($templateList as $templateId)\r
2817                 {\r
2818                         $exporter->addTemplate($templateId);\r
2819                 }\r
2820                 $exporter->setInfo($info);\r
2821 \r
2822                 $exporter->export();\r
2823         }\r
2824 \r
2825         /**\r
2826          * @todo document this\r
2827          */\r
2828         function action_templateoverview()\r
2829         {\r
2830                 global $member, $manager;\r
2831 \r
2832                 $member->isAdmin() or $this->disallow();\r
2833 \r
2834                 $this->pagehead();\r
2835                 $this->parse('templateoverview');\r
2836                 $this->pagefoot();\r
2837         }\r
2838 \r
2839         /**\r
2840          * @todo document this\r
2841          */\r
2842         function action_templateedit($msg = '')\r
2843         {\r
2844                 global $member, $manager;\r
2845                 if ( $msg )\r
2846                 {\r
2847                         $this->headMess = $msg;\r
2848                 }\r
2849                 \r
2850                 $templateid = intRequestVar('templateid');\r
2851 \r
2852                 $member->isAdmin() or $this->disallow();\r
2853 \r
2854                 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';\r
2855                 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';\r
2856 \r
2857                 $this->pagehead($extrahead);\r
2858                 $this->parse('templateedit');\r
2859                 $this->pagefoot();\r
2860         }\r
2861 \r
2862         /**\r
2863          * @todo document this\r
2864          *\r
2865         function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {\r
2866                 static $count = 1;\r
2867                 if (!isset($template[$name])) $template[$name] = '';\r
2868         ?>\r
2869                 </tr><tr>\r
2870                         <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>\r
2871                         <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo  Entity::hsc($template[$name]); ?></textarea></td>\r
2872         <?php       $count++;\r
2873         }\r
2874         */\r
2875 \r
2876         /**\r
2877          * @todo document this\r
2878          */\r
2879         function action_templateupdate()\r
2880         {\r
2881                 global $member,$manager;\r
2882 \r
2883                 $templateid = intRequestVar('templateid');\r
2884 \r
2885                 $member->isAdmin() or $this->disallow();\r
2886 \r
2887                 $name = postVar('tname');\r
2888                 $desc = postVar('tdesc');\r
2889 \r
2890                 if ( !isValidTemplateName($name) )\r
2891                 {\r
2892                         $this->error(_ERROR_BADTEMPLATENAME);\r
2893                 }\r
2894 \r
2895                 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )\r
2896                 {\r
2897                         $this->error(_ERROR_DUPTEMPLATENAME);\r
2898                 }\r
2899 \r
2900                 $name = sql_real_escape_string($name);\r
2901                 $desc = sql_real_escape_string($desc);\r
2902 \r
2903                 // 1. Remove all template parts\r
2904                 $query = 'DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid;\r
2905                 sql_query($query);\r
2906 \r
2907                 // 2. Update description\r
2908                 $query = 'UPDATE '\r
2909                            .      sql_table('template_desc')\r
2910                            . ' SET'\r
2911                            . "    tdname='" . $name . "',"\r
2912                            . "    tddesc='" . $desc . "'"\r
2913                            . " WHERE"\r
2914                            . "    tdnumber=" . $templateid;\r
2915                 sql_query($query);\r
2916 \r
2917                 // 3. Add non-empty template parts\r
2918                 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));\r
2919                 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM'));\r
2920                 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));\r
2921                 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));\r
2922                 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));\r
2923                 $this->addToTemplate($templateid, 'NEW', postVar('NEW'));\r
2924                 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));\r
2925                 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));\r
2926                 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));\r
2927                 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));\r
2928                 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));\r
2929                 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));\r
2930                 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));\r
2931                 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));\r
2932                 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));\r
2933                 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));\r
2934                 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));\r
2935                 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));\r
2936                 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));\r
2937                 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));\r
2938                 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));\r
2939                 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));\r
2940                 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));\r
2941                 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));\r
2942                 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));\r
2943                 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));\r
2944                 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));\r
2945                 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));\r
2946                 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));\r
2947                 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));\r
2948                 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));\r
2949                 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));\r
2950                 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));\r
2951                 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));\r
2952 \r
2953                 $pluginfields = array();\r
2954                 $manager->notify(\r
2955                         'TemplateExtraFields',\r
2956                         array(\r
2957                                 'fields'=>&$pluginfields\r
2958                         )\r
2959                 );\r
2960                 foreach ($pluginfields as $pfkey=>$pfvalue)\r
2961                 {\r
2962                         foreach ($pfvalue as $pffield=>$pfdesc)\r
2963                         {\r
2964                                 $this->addToTemplate($templateid, $pffield, postVar($pffield));\r
2965                         }\r
2966                 }\r
2967 \r
2968                 // jump back to template edit\r
2969                 $this->action_templateedit(_TEMPLATE_UPDATED);\r
2970 \r
2971         }\r
2972 \r
2973         /**\r
2974          * Admin::addToTemplate()\r
2975          * \r
2976          * @param       Integer $id     ID for template\r
2977          * @param       String  $partname       parts name\r
2978          * @param       String  $content        template contents\r
2979          * @return      Integer record index\r
2980          * \r
2981          */\r
2982         function addToTemplate($id, $partname, $content)\r
2983         {\r
2984                 // don't add empty parts:\r
2985                 if ( !trim($content) )\r
2986                 {\r
2987                         return -1;\r
2988                 }\r
2989                 \r
2990                 $partname = sql_real_escape_string($partname);\r
2991                 $content  = sql_real_escape_string($content);\r
2992                 \r
2993                 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, '%s', '%s')";\r
2994                 $query = sprintf($query, sql_table('template'), (integer) $id, $partname, $content);\r
2995                 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
2996                 return sql_insert_id();\r
2997         }\r
2998         \r
2999         /**\r
3000          * @todo document this\r
3001          */\r
3002         function action_templatedelete() {\r
3003                 global $member, $manager;\r
3004 \r
3005                 $member->isAdmin() or $this->disallow();\r
3006 \r
3007                 $templateid = intRequestVar('templateid');\r
3008                 // TODO: check if template can be deleted\r
3009 \r
3010                 $this->pagehead();\r
3011                 $this->parse('templatedelete');\r
3012                 $this->pagefoot();\r
3013         }\r
3014 \r
3015         /**\r
3016          * @todo document this\r
3017          */\r
3018         function action_templatedeleteconfirm() {\r
3019                 global $member, $manager;\r
3020 \r
3021                 $templateid = intRequestVar('templateid');\r
3022 \r
3023                 $member->isAdmin() or $this->disallow();\r
3024 \r
3025                 $manager->notify(\r
3026                         'PreDeleteTemplate',\r
3027                         array(\r
3028                                 'templateid' => $templateid\r
3029                         )\r
3030                 );\r
3031 \r
3032                 // 1. delete description\r
3033                 sql_query('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);\r
3034 \r
3035                 // 2. delete parts\r
3036                 sql_query('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);\r
3037 \r
3038                 $manager->notify(\r
3039                         'PostDeleteTemplate',\r
3040                         array(\r
3041                                 'templateid' => $templateid\r
3042                         )\r
3043                 );\r
3044 \r
3045                 $this->action_templateoverview();\r
3046         }\r
3047 \r
3048         /**\r
3049          * @todo document this\r
3050          */\r
3051         function action_templatenew()\r
3052         {\r
3053                 global $member;\r
3054 \r
3055                 $member->isAdmin() or $this->disallow();\r
3056 \r
3057                 $name = postVar('name');\r
3058                 $desc = postVar('desc');\r
3059 \r
3060                 if ( !isValidTemplateName($name) )\r
3061                 {\r
3062                         $this->error(_ERROR_BADTEMPLATENAME);\r
3063                 }\r
3064 \r
3065                 if ( Template::exists($name) )\r
3066                 {\r
3067                         $this->error(_ERROR_DUPTEMPLATENAME);\r
3068                 }\r
3069 \r
3070                 $newTemplateId = Template::createNew($name, $desc);\r
3071 \r
3072                 $this->action_templateoverview();\r
3073         }\r
3074 \r
3075         /**\r
3076          * @todo document this\r
3077          */\r
3078         function action_templateclone()\r
3079         {\r
3080                 global $member;\r
3081 \r
3082                 $templateid = intRequestVar('templateid');\r
3083 \r
3084                 $member->isAdmin() or $this->disallow();\r
3085 \r
3086                 // 1. read old template\r
3087                 $name = Template::getNameFromId($templateid);\r
3088                 $desc = Template::getDesc($templateid);\r
3089 \r
3090                 // 2. create desc thing\r
3091                 $name = "cloned" . $name;\r
3092 \r
3093                 // if a template with that name already exists:\r
3094                 if (Template::exists($name)) {\r
3095                         $i = 1;\r
3096                         while (Template::exists($name . $i))\r
3097                         {\r
3098                                 $i++;\r
3099                         }\r
3100                         $name .= $i;\r
3101                 }\r
3102 \r
3103                 $newid = Template::createNew($name, $desc);\r
3104 \r
3105                 // 3. create clone\r
3106                 // go through parts of old template and add them to the new one\r
3107                 $que = 'SELECT '\r
3108                          . '    tpartname,'\r
3109                          . '    tcontent '\r
3110                          . 'FROM '\r
3111                          .      sql_table('template')\r
3112                          . ' WHERE'\r
3113                          . '    tdesc=' . intval($templateid);\r
3114                 $res = sql_query($que);\r
3115                 while ($o = sql_fetch_object($res)) {\r
3116                         $this->addToTemplate($newid, $o->tpartname, $o->tcontent);\r
3117                 }\r
3118 \r
3119                 $this->action_templateoverview();\r
3120         }\r
3121         \r
3122         /**\r
3123          * @todo document this\r
3124          */\r
3125         function action_admintemplateoverview()\r
3126         {\r
3127                 global $member, $manager;\r
3128                 $member->isAdmin() or $this->disallow();\r
3129                 $this->pagehead();\r
3130                 $this->parse('admintemplateoverview');\r
3131                 $this->pagefoot();\r
3132         }\r
3133         \r
3134         /**\r
3135          * @todo document this\r
3136          */\r
3137         function action_admintemplateedit($msg = '')\r
3138         {\r
3139                 global $member, $manager;\r
3140                 if ($msg) {\r
3141                         $this->headMess = $msg;\r
3142                 }\r
3143                 $member->isAdmin() or $this->disallow();\r
3144                 $extrahead  = '<script type="text/javascript" src="javascript/templateEdit.js"></script>' . "\n";\r
3145                 $extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>';\r
3146                 $this->pagehead($extrahead);\r
3147                 $this->parse('admintemplateedit');\r
3148                 $this->pagefoot();\r
3149         }\r
3150         \r
3151         /**\r
3152          * @todo document this\r
3153          */\r
3154         function action_admintemplateupdate()\r
3155         {\r
3156                 global $member, $manager;\r
3157                 $templateid = intRequestVar('templateid');\r
3158                 $member->isAdmin() or $this->disallow();\r
3159                 $name = postVar('tname');\r
3160                 $desc = postVar('tdesc');\r
3161         \r
3162                 if (!isValidTemplateName($name)) {\r
3163                         $this->error(_ERROR_BADTEMPLATENAME);\r
3164                 }\r
3165                 //        if (!class_exists('Template')) {\r
3166                 //            NP_SkinableAdmin::loadSkinableClass('Template');\r
3167                 //        }\r
3168                 if ((Template::getNameFromId($templateid) != $name) && Template::exists($name)) {\r
3169                         $this->error(_ERROR_DUPTEMPLATENAME);\r
3170                 }\r
3171                 $name = sql_real_escape_string($name);\r
3172                 $desc = sql_real_escape_string($desc);\r
3173         \r
3174                 // 1. Remove all template parts\r
3175                 $query = 'DELETE '\r
3176                 . 'FROM '\r
3177                 .      sql_table('admintemplate') . ' '\r
3178                 . 'WHERE '\r
3179                 . '    tdesc = %d';\r
3180                 sql_query(sprintf($query, $templateid));\r
3181         \r
3182                 // 2. Update description\r
3183                 $query = 'UPDATE '\r
3184                 .      sql_table('admintemplate_desc') . ' '\r
3185                 . 'SET '\r
3186                 . '    tdname = "' . sql_real_escape_string($name) . '", '\r
3187                 . '    tddesc = "' . sql_real_escape_string($desc) . '" '\r
3188                 . 'WHERE '\r
3189                 . '    tdnumber = %d';\r
3190                 sql_query(sprintf($query, $templateid));\r
3191         \r
3192                 // 3. Add non-empty template parts\r
3193                 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_HEAD',                 postVar('ADMINSKINTYPELIST_HEAD'));\r
3194                 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_BODY',                 postVar('ADMINSKINTYPELIST_BODY'));\r
3195                 $this->addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_FOOT',                 postVar('ADMINSKINTYPELIST_FOOT'));\r
3196                 $this->addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON',              postVar('ADMIN_CUSTOMHELPLINK_ICON'));\r
3197                 $this->addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR',            postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));\r
3198                 $this->addToAdminTemplate($templateid, 'ADMIN_BLOGLINK',                         postVar('ADMIN_BLOGLINK'));\r
3199                 $this->addToAdminTemplate($templateid, 'ADMIN_BATCHLIST',                        postVar('ADMIN_BATCHLIST'));\r
3200                 $this->addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TITLE',                  postVar('ACTIVATE_FORGOT_TITLE'));\r
3201                 $this->addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TEXT',                   postVar('ACTIVATE_FORGOT_TEXT'));\r
3202                 $this->addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TITLE',                postVar('ACTIVATE_REGISTER_TITLE'));\r
3203                 $this->addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TEXT',                 postVar('ACTIVATE_REGISTER_TEXT'));\r
3204                 $this->addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TITLE',                  postVar('ACTIVATE_CHANGE_TITLE'));\r
3205                 $this->addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TEXT',                   postVar('ACTIVATE_CHANGE_TEXT'));\r
3206                 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME',               postVar('TEMPLATE_EDIT_EXPLUGNAME'));\r
3207                 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD',                 postVar('TEMPLATE_EDIT_ROW_HEAD'));\r
3208                 $this->addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL',                 postVar('TEMPLATE_EDIT_ROW_TAIL'));\r
3209                 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_HEAD',                   postVar('SPECIALSKINLIST_HEAD'));\r
3210                 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_BODY',                   postVar('SPECIALSKINLIST_BODY'));\r
3211                 $this->addToAdminTemplate($templateid, 'SPECIALSKINLIST_FOOT',                   postVar('SPECIALSKINLIST_FOOT'));\r
3212                 $this->addToAdminTemplate($templateid, 'SYSTEMINFO_GDSETTINGS',                  postVar('SYSTEMINFO_GDSETTINGS'));\r
3213                 $this->addToAdminTemplate($templateid, 'BANLIST_DELETED_LIST',                   postVar('BANLIST_DELETED_LIST'));\r
3214                 $this->addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_TITLE',                postVar('INSERT_PLUGOPTION_TITLE'));\r
3215                 $this->addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_BODY',                 postVar('INSERT_PLUGOPTION_BODY'));\r
3216                 $this->addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN',              postVar('INPUTYESNO_TEMPLATE_ADMIN'));\r
3217                 $this->addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL',             postVar('INPUTYESNO_TEMPLATE_NORMAL'));\r
3218                 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD',             postVar('ADMIN_SPECIALSKINLIST_HEAD'));\r
3219                 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY',             postVar('ADMIN_SPECIALSKINLIST_BODY'));\r
3220                 $this->addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT',             postVar('ADMIN_SPECIALSKINLIST_FOOT'));\r
3221                 $this->addToAdminTemplate($templateid, 'SKINIE_EXPORT_LIST',                     postVar('SKINIE_EXPORT_LIST'));\r
3222                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD',          postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));\r
3223                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY',          postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));\r
3224                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT',          postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));\r
3225                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD',           postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));\r
3226                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY',           postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));\r
3227                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT',           postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));\r
3228                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));\r
3229                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));\r
3230                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));\r
3231                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));\r
3232                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));\r
3233                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));\r
3234                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));\r
3235                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));\r
3236                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));\r
3237                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));\r
3238                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));\r
3239                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));\r
3240                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));\r
3241                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));\r
3242                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));\r
3243                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));\r
3244                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));\r
3245                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));\r
3246                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));\r
3247                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));\r
3248                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));\r
3249                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO',  postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));\r
3250                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD',  postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));\r
3251                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP',  postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));\r
3252                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO',  postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));\r
3253                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC',  postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));\r
3254                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA',  postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));\r
3255                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT',  postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));\r
3256                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));\r
3257                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));\r
3258                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));\r
3259                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));\r
3260                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));\r
3261                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));\r
3262                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));\r
3263                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN',  postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));\r
3264                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));\r
3265                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));\r
3266                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));\r
3267                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM',  postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));\r
3268                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM',  postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));\r
3269                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));\r
3270                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));\r
3271                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));\r
3272                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));\r
3273                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));\r
3274                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));\r
3275                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));\r
3276                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));\r
3277                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));\r
3278                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));\r
3279                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));\r
3280                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));\r
3281                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));\r
3282                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));\r
3283                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));\r
3284                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));\r
3285                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));\r
3286                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));\r
3287                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));\r
3288                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));\r
3289                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));\r
3290                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));\r
3291                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD',  postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));\r
3292                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY',  postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));\r
3293                 $this->addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT',  postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));\r
3294                 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE',                 postVar('PLUGIN_QUICKMENU_TITLE'));\r
3295                 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD',                  postVar('PLUGIN_QUICKMENU_HEAD'));\r
3296                 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_BODY',                  postVar('PLUGIN_QUICKMENU_BODY'));\r
3297                 $this->addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT',                  postVar('PLUGIN_QUICKMENU_FOOT'));\r
3298         \r
3299                 $pluginfields = array();\r
3300                 $manager->notify(\r
3301                                 'TemplateExtraFields',\r
3302                                 array(\r
3303                                                 'fields' => &$pluginfields\r
3304                                 )\r
3305                 );\r
3306                 foreach ($pluginfields as $pfkey => $pfvalue) {\r
3307                         foreach ($pfvalue as $pffield => $pfdesc) {\r
3308                                 $this->addToAdminTemplate($templateid, $pffield, postVar($pffield));\r
3309                         }\r
3310                 }\r
3311         \r
3312                 // jump back to template edit\r
3313                 $this->action_admintemplateedit(_TEMPLATE_UPDATED);\r
3314         }\r
3315         \r
3316         /**\r
3317          * @todo document this\r
3318          */\r
3319         function addToAdminTemplate($id, $partname, $content)\r
3320         {\r
3321                 $partname = sql_real_escape_string($partname);\r
3322                 $content  = sql_real_escape_string($content);\r
3323         \r
3324         \r
3325                 $id = intval($id);\r
3326         \r
3327                 // don't add empty parts:\r
3328                 if (!trim($content)) {\r
3329                         return -1;\r
3330                 }\r
3331                 $query = 'INSERT '\r
3332                 . 'INTO '\r
3333                 .      sql_table('admintemplate') . ' '\r
3334                 . '('\r
3335                 . '    tdesc, '\r
3336                 . '    tpartname, '\r
3337                 . '    tcontent '\r
3338                 . ') VALUES ('\r
3339                 . '    %d, '\r
3340                 . '    "%s", '\r
3341                 . '    "%s"'\r
3342                 . ')';\r
3343                 sql_query(sprintf($query, $id, $partname, $content)) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
3344                 return sql_insert_id();\r
3345         }\r
3346         \r
3347         /**\r
3348          * @todo document this\r
3349          */\r
3350         function action_admintemplatedelete()\r
3351         {\r
3352                 global $member, $manager;\r
3353                 $member->isAdmin() or $this->disallow();\r
3354                 // TODO: check if template can be deleted\r
3355                 $this->pagehead();\r
3356                 $this->parse('admintemplatedelete');\r
3357                 $this->pagefoot();\r
3358         }\r
3359         \r
3360         /**\r
3361          * @todo document this\r
3362          */\r
3363         function action_admintemplatedeleteconfirm()\r
3364         {\r
3365                 global $member, $manager;\r
3366                 $templateid = intRequestVar('templateid');\r
3367                 $member->isAdmin() or $this->disallow();\r
3368                 $manager->notify(\r
3369                                 'PreDeleteAdminTemplate',\r
3370                                 array(\r
3371                                                 'templateid' => $templateid\r
3372                                 )\r
3373                 );\r
3374         \r
3375                 $query = 'DELETE '\r
3376                 . 'FROM '\r
3377                 . '    %s '\r
3378                 . 'WHERE '\r
3379                 . '    %s = ' .intval($templateid);\r
3380                 // 1. delete description\r
3381                 sql_query(sprintf($query, sql_table('admintemplate_desc'), 'tdnumber'));\r
3382                 // 2. delete parts\r
3383                 sql_query(sprintf($query, sql_table('admintemplate'), 'tdesc'));\r
3384         \r
3385                 $manager->notify(\r
3386                                 'PostDeleteAdminTemplate',\r
3387                                 array(\r
3388                                                 'templateid' => $templateid\r
3389                                 )\r
3390                 );\r
3391                 $this->action_admintemplateoverview();\r
3392         }\r
3393         \r
3394         /**\r
3395          * @todo document this\r
3396          */\r
3397         function action_admintemplatenew()\r
3398         {\r
3399                 global $member;\r
3400                 $member->isAdmin() or $this->disallow();\r
3401                 $name = postVar('name');\r
3402                 $desc = postVar('desc');\r
3403         \r
3404                 if (!isValidTemplateName($name)) {\r
3405                         $this->error(_ERROR_BADTEMPLATENAME);\r
3406                 }\r
3407                 if (Template::exists($name)) {\r
3408                         $this->error(_ERROR_DUPTEMPLATENAME);\r
3409                 }\r
3410         \r
3411                 $newTemplateId = Template::createNew($name, $desc);\r
3412                 $this->action_admintemplateoverview();\r
3413         }\r
3414         \r
3415         /**\r
3416          * @todo document this\r
3417          */\r
3418         function action_admintemplateclone()\r
3419         {\r
3420                 global $member;\r
3421                 $templateid = intRequestVar('templateid');\r
3422                 $member->isAdmin() or $this->disallow();\r
3423         \r
3424                 //        if (!class_exists('Template')) {\r
3425                 //            NP_SkinableAdmin::loadSkinableClass('Template');\r
3426                 //        }\r
3427         \r
3428                 // 1. read old template\r
3429                 $name = Template::getNameFromId($templateid);\r
3430                 $desc = Template::getDesc($templateid);\r
3431                 // 2. create desc thing\r
3432                 $name = "cloned" . $name;\r
3433         \r
3434                 // if a template with that name already exists:\r
3435                 if (Template::exists($name)) {\r
3436                         $i = 1;\r
3437                         while (Template::exists($name . $i)) {\r
3438                                 $i++;\r
3439                         }\r
3440                         $name .= $i;\r
3441                 }\r
3442         \r
3443                 $newid = Template::admincreateNew($name, $desc);\r
3444         \r
3445                 // 3. create clone\r
3446                 // go through parts of old template and add them to the new one\r
3447                 $que = 'SELECT '\r
3448                 . '    tpartname, '\r
3449                 . '    tcontent '\r
3450                 . 'FROM '\r
3451                 .      sql_table('admintemplate') . ' '\r
3452                 . 'WHERE '\r
3453                 . '    tdesc = ' . intval($templateid);\r
3454                 $res = sql_query($que);\r
3455                 while ($o = sql_fetch_object($res)) {\r
3456                         $this->addToAdminTemplate($newid, $o->tpartname, $o->tcontent);\r
3457                 }\r
3458                 $this->action_admintemplateoverview();\r
3459         }\r
3460 \r
3461         /**\r
3462          * @todo document this\r
3463          */\r
3464         function action_skinoverview()\r
3465         {\r
3466                 global $member, $manager;\r
3467 \r
3468                 $member->isAdmin() or $this->disallow();\r
3469 \r
3470                 $this->pagehead();\r
3471                 $this->parse('skinoverview');\r
3472                 $this->pagefoot();\r
3473         }\r
3474 \r
3475         /**\r
3476          * @todo document this\r
3477          */\r
3478         function action_skinnew()\r
3479         {\r
3480                 global $member;\r
3481 \r
3482                 $member->isAdmin() or $this->disallow();\r
3483 \r
3484                 $name = trim(postVar('name'));\r
3485                 $desc = trim(postVar('desc'));\r
3486 \r
3487                 if ( !isValidSkinName($name) )\r
3488                 {\r
3489                         $this->error(_ERROR_BADSKINNAME);\r
3490                 }\r
3491 \r
3492                 if ( SKIN::exists($name) )\r
3493                 {\r
3494                         $this->error(_ERROR_DUPSKINNAME);\r
3495                 }\r
3496 \r
3497                 $newId = SKIN::createNew($name, $desc);\r
3498 \r
3499                 $this->action_skinoverview();\r
3500         }\r
3501 \r
3502         /**\r
3503          * @todo document this\r
3504          */\r
3505         function action_skinedit()\r
3506         {\r
3507                 global $member, $manager;\r
3508 \r
3509 //              $skinid = intRequestVar('skinid');\r
3510 \r
3511                 $member->isAdmin() or $this->disallow();\r
3512 \r
3513 //              $skin = new SKIN($skinid);\r
3514 \r
3515                 $this->pagehead();\r
3516                 $this->parse('skinedit');\r
3517                 $this->pagefoot();\r
3518         }\r
3519 \r
3520         /**\r
3521          * @todo document this\r
3522          */\r
3523         function action_skineditgeneral()\r
3524         {\r
3525                 global $member;\r
3526 \r
3527                 $skinid = intRequestVar('skinid');\r
3528 \r
3529                 $member->isAdmin() or $this->disallow();\r
3530 \r
3531                 $name = postVar('name');\r
3532                 $desc = postVar('desc');\r
3533                 $type = postVar('type');\r
3534                 $inc_mode = postVar('inc_mode');\r
3535                 $inc_prefix = postVar('inc_prefix');\r
3536 \r
3537                 $skin = new Skin($skinid);\r
3538 \r
3539                 // 1. Some checks\r
3540                 if ( !isValidSkinName($name) )\r
3541                 {\r
3542                         $this->error(_ERROR_BADSKINNAME);\r
3543                 }\r
3544 \r
3545                 if ( ($skin->getName() != $name) && SKIN::exists($name) )\r
3546                 {\r
3547                         $this->error(_ERROR_DUPSKINNAME);\r
3548                 }\r
3549 \r
3550                 if ( !$type )\r
3551                 {\r
3552                         $type = 'text/html';\r
3553                 }\r
3554                 if ( !$inc_mode )\r
3555                 {\r
3556                         $inc_mode = 'normal';\r
3557                 }\r
3558 \r
3559                 // 2. Update description\r
3560                 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);\r
3561 \r
3562                 $this->action_skinedit();\r
3563 \r
3564         }\r
3565 \r
3566         /**\r
3567          * @todo document this\r
3568          */\r
3569         function action_skinedittype($msg = '')\r
3570         {\r
3571                 global $member, $manager;\r
3572 \r
3573                 $member->isAdmin() or $this->disallow();\r
3574 \r
3575                 if ($msg) {\r
3576                         $this->headMess = $msg;\r
3577                 }\r
3578                 $skinid = intRequestVar('skinid');\r
3579                 $type   = requestVar('type');\r
3580                 $type   = trim($type);\r
3581                 $type   = strtolower($type);\r
3582 \r
3583                 if ( !isValidShortName($type) )\r
3584                 {\r
3585                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);\r
3586                 }\r
3587 \r
3588                 $this->pagehead();\r
3589                 $this->parse('skinedittype');\r
3590                 $this->pagefoot();\r
3591         }\r
3592 \r
3593         /**\r
3594          * @todo document this\r
3595          */\r
3596         function action_skinupdate()\r
3597         {\r
3598                 global $member;\r
3599 \r
3600                 $skinid = intRequestVar('skinid');\r
3601                 $content = trim(postVar('content'));\r
3602                 $type = postVar('type');\r
3603 \r
3604                 $member->isAdmin() or $this->disallow();\r
3605 \r
3606                 $skin = new SKIN($skinid);\r
3607                 $skin->update($type, $content);\r
3608 \r
3609                 $this->action_skinedittype(_SKIN_UPDATED);\r
3610         }\r
3611 \r
3612         /**\r
3613          * @todo document this\r
3614          */\r
3615         function action_skindelete()\r
3616         {\r
3617                 global $member, $manager, $CONF;\r
3618 \r
3619                 $skinid = intRequestVar('skinid');\r
3620 \r
3621                 $member->isAdmin() or $this->disallow();\r
3622 \r
3623                 // don't allow default skin to be deleted\r
3624                 if ( $skinid == $CONF['BaseSkin'] )\r
3625                 {\r
3626                         $this->error(_ERROR_DEFAULTSKIN);\r
3627                 }\r
3628 \r
3629                 // don't allow deletion of default skins for blogs\r
3630                 $query = 'SELECT bname FROM ' . sql_table('blog') . ' WHERE bdefskin=' . $skinid;\r
3631                 $r = sql_query($query);\r
3632                 if ( $o = sql_fetch_object($r) )\r
3633                 {\r
3634                         $this->error(_ERROR_SKINDEFDELETE . Entity::hsc($o->bname));\r
3635                 }\r
3636 \r
3637                 $this->pagehead();\r
3638                 $this->parse('skindelete');\r
3639                 $this->pagefoot();\r
3640         }\r
3641 \r
3642         /**\r
3643          * @todo document this\r
3644          */\r
3645         function action_skindeleteconfirm()\r
3646         {\r
3647                 global $member, $CONF, $manager;\r
3648 \r
3649                 $skinid = intRequestVar('skinid');\r
3650 \r
3651                 $member->isAdmin() or $this->disallow();\r
3652 \r
3653                 // don't allow default skin to be deleted\r
3654                 if ( $skinid == $CONF['BaseSkin'] )\r
3655                 {\r
3656                         $this->error(_ERROR_DEFAULTSKIN);\r
3657                 }\r
3658 \r
3659                 // don't allow deletion of default skins for blogs\r
3660                 $query = 'SELECT'\r
3661                            . '    bname '\r
3662                            . 'FROM '\r
3663                            .      sql_table('blog') . ' '\r
3664                            . 'WHERE'\r
3665                            . '    bdefskin=' . $skinid;\r
3666                 $r = sql_query($query);\r
3667                 if ( $o = sql_fetch_object($r) )\r
3668                 {\r
3669                         $this->error(_ERROR_SKINDEFDELETE .$o->bname);\r
3670                 }\r
3671 \r
3672                 $manager->notify(\r
3673                         'PreDeleteSkin',\r
3674                         array(\r
3675                                 'skinid' => $skinid\r
3676                         )\r
3677                 );\r
3678 \r
3679                 // 1. delete description\r
3680                 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid);\r
3681 \r
3682                 // 2. delete parts\r
3683                 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid);\r
3684 \r
3685                 $manager->notify(\r
3686                         'PostDeleteSkin',\r
3687                         array(\r
3688                                 'skinid' => $skinid\r
3689                         )\r
3690                 );\r
3691 \r
3692                 $this->action_skinoverview();\r
3693         }\r
3694 \r
3695         /**\r
3696          * @todo document this\r
3697          */\r
3698         function action_skinremovetype() {\r
3699                 global $member, $manager, $CONF;\r
3700 \r
3701                 $member->isAdmin() or $this->disallow();\r
3702 \r
3703                 $skinid = intRequestVar('skinid');\r
3704                 $skintype = requestVar('type');\r
3705 \r
3706                 if ( !isValidShortName($skintype) )\r
3707                 {\r
3708                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
3709                 }\r
3710 \r
3711 \r
3712                 // don't allow default skinparts to be deleted\r
3713                 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )\r
3714                 {\r
3715                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
3716                 }\r
3717 \r
3718                 $this->pagehead();\r
3719                 $this->parse('skinremovetype');\r
3720                 $this->pagefoot();\r
3721         }\r
3722 \r
3723         /**\r
3724          * @todo document this\r
3725          */\r
3726         function action_skinremovetypeconfirm() {\r
3727                 global $member, $CONF, $manager;\r
3728 \r
3729                 $member->isAdmin() or $this->disallow();\r
3730 \r
3731                 $skinid = intRequestVar('skinid');\r
3732                 $skintype = requestVar('type');\r
3733 \r
3734                 if ( !isValidShortName($skintype) )\r
3735                 {\r
3736                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
3737                 }\r
3738 \r
3739                 // don't allow default skinparts to be deleted\r
3740                 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )\r
3741                 {\r
3742                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
3743                 }\r
3744 \r
3745                 $manager->notify(\r
3746                         'PreDeleteSkinPart',\r
3747                         array(\r
3748                                 'skinid'   => $skinid,\r
3749                                 'skintype' => $skintype\r
3750                         )\r
3751                 );\r
3752 \r
3753                 // delete part\r
3754                 sql_query("DELETE FROM " . sql_table('skin') . " WHERE sdesc=" . $skinid . " AND stype='" . $skintype . "'");\r
3755 \r
3756                 $manager->notify(\r
3757                         'PostDeleteSkinPart',\r
3758                         array(\r
3759                                 'skinid'   => $skinid,\r
3760                                 'skintype' => $skintype\r
3761                         )\r
3762                 );\r
3763 \r
3764                 $this->action_skinedit();\r
3765         }\r
3766 \r
3767         /**\r
3768          * @todo document this\r
3769          */\r
3770         function action_skinclone()\r
3771         {\r
3772                 global $member;\r
3773 \r
3774                 $member->isAdmin() or $this->disallow();\r
3775 \r
3776                 $skinid = intRequestVar('skinid');\r
3777 \r
3778                 // 1. read skin to clone\r
3779                 $skin = new SKIN($skinid);\r
3780 \r
3781                 $name = "clone_" . $skin->getName();\r
3782 \r
3783                 // if a skin with that name already exists:\r
3784                 if (Skin::exists($name)) {\r
3785                         $i = 1;\r
3786                         while (Skin::exists($name . $i))\r
3787                                 $i++;\r
3788                         $name .= $i;\r
3789                 }\r
3790 \r
3791                 // 2. create skin desc\r
3792                 $newid = Skin::createNew(\r
3793                         $name,\r
3794                         $skin->getDescription(),\r
3795                         $skin->getContentType(),\r
3796                         $skin->getIncludeMode(),\r
3797                         $skin->getIncludePrefix()\r
3798                 );\r
3799 \r
3800 \r
3801                 // 3. clone\r
3802                 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;\r
3803                 $res = sql_query($query);\r
3804                 while ($row = sql_fetch_assoc($res)) {\r
3805                         $this->skinclonetype($skin, $newid, $row['stype']);\r
3806                 }\r
3807 \r
3808                 $this->action_skinoverview();\r
3809 \r
3810         }\r
3811 \r
3812         /**\r
3813          * Admin::skinclonetype()\r
3814          * \r
3815          * @param       String  $skin   Skin object\r
3816          * @param       Integer $newid  ID for this clone\r
3817          * @param       String  $type   type of skin\r
3818          * @return      Void\r
3819          */\r
3820         function skinclonetype($skin, $newid, $type)\r
3821         {\r
3822                 $newid = intval($newid);\r
3823                 $content = $skin->getContent($type);\r
3824                 \r
3825                 if ( $content )\r
3826                 {\r
3827                         $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')";\r
3828                         $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type);\r
3829                         sql_query($query);\r
3830                 }\r
3831                 return;\r
3832         }\r
3833         \r
3834         /**\r
3835          * @todo document this\r
3836          */\r
3837         function action_adminskinoverview() {\r
3838                 global $member, $manager;\r
3839 \r
3840                 $member->isAdmin() or $this->disallow();\r
3841 \r
3842                 $this->pagehead();\r
3843                 $this->parse('adminskinoverview');\r
3844                 $this->pagefoot();\r
3845         }\r
3846 \r
3847         /**\r
3848          * @todo document this\r
3849          */\r
3850         function action_adminskinnew()\r
3851         {\r
3852                 global $member;\r
3853                 $member->isAdmin() or $this->disallow();\r
3854                 $name = trim(postVar('name'));\r
3855                 $desc = trim(postVar('desc'));\r
3856 \r
3857                 if (!isValidSkinName($name)) {\r
3858                         $this->error(_ERROR_BADSKINNAME);\r
3859                 }\r
3860                 if (SkinSKIN::exists($name)) {\r
3861                         $this->error(_ERROR_DUPSKINNAME);\r
3862                 }\r
3863                 $newId = Skin::createNew($name, $desc);\r
3864                 $this->action_adminskinoverview();\r
3865         }\r
3866 \r
3867         /**\r
3868          * @todo document this\r
3869          */\r
3870         function action_adminskinedit()\r
3871         {\r
3872                 global $member, $manager;\r
3873 \r
3874                 $member->isAdmin() or $this->disallow();\r
3875                 $this->pagehead();\r
3876                 $this->parse('adminskinedit');\r
3877                 $this->pagefoot();\r
3878         }\r
3879 \r
3880         /**\r
3881          * @todo document this\r
3882          */\r
3883         function action_adminskineditgeneral()\r
3884         {\r
3885                 global $member;\r
3886 \r
3887                 $skinid = intRequestVar('skinid');\r
3888 \r
3889                 $member->isAdmin() or $this->disallow();\r
3890 \r
3891                 $name       = postVar('name');\r
3892                 $desc       = postVar('desc');\r
3893                 $type       = postVar('type');\r
3894                 $inc_mode   = postVar('inc_mode');\r
3895                 $inc_prefix = postVar('inc_prefix');\r
3896 \r
3897                 $skin = new Skin($skinid);\r
3898 \r
3899                 // 1. Some checks\r
3900                 if (!isValidSkinName($name)) {\r
3901                         $this->error(_ERROR_BADSKINNAME);\r
3902                 }\r
3903                 if (($skin->getName() != $name) && Skin::exists($name)) {\r
3904                         $this->error(_ERROR_DUPSKINNAME);\r
3905                 }\r
3906                 if (!$type) {\r
3907                         $type = 'text/html';\r
3908                 }\r
3909                 if (!$inc_mode) {\r
3910                         $inc_mode = 'normal';\r
3911                 }\r
3912                 // 2. Update description\r
3913                 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);\r
3914                 $this->action_adminskinedit();\r
3915         }\r
3916 \r
3917         /**\r
3918          * @todo document this\r
3919          */\r
3920         function action_adminskinedittype($msg = '')\r
3921         {\r
3922                 global $member, $manager;\r
3923 \r
3924                 $member->isAdmin() or $this->disallow();\r
3925                 if ($msg) {\r
3926                         $this->headMess = $msg;\r
3927                 }\r
3928                 $type = requestVar('type');\r
3929                 $type = trim($type);\r
3930                 $type = strtolower($type);\r
3931                 if (!isValidShortName($type)) {\r
3932                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);\r
3933                 }\r
3934                 $this->pagehead();\r
3935                 $this->parse('adminskinedittype');\r
3936                 $this->pagefoot();\r
3937         }\r
3938 \r
3939         /**\r
3940          * @todo document this\r
3941          */\r
3942         function action_adminskinupdate()\r
3943         {\r
3944                 global $member;\r
3945                 $skinid  = intRequestVar('skinid');\r
3946                 $content = trim(postVar('content'));\r
3947                 $type    = postVar('type');\r
3948 \r
3949                 $member->isAdmin() or $this->disallow();\r
3950 \r
3951                 $skin = new Skin($skinid);\r
3952                 $skin->update($type, $content);\r
3953                 $this->action_adminskinedittype(_SKIN_UPDATED);\r
3954         }\r
3955 \r
3956         /**\r
3957          * @todo document this\r
3958          */\r
3959         function action_adminskindelete()\r
3960         {\r
3961                 global $member, $manager, $CONF;\r
3962                 $member->isAdmin() or $this->disallow();\r
3963                 $skinid = intRequestVar('skinid');\r
3964                 $this->pagehead();\r
3965                 $this->parse('adminskindelete');\r
3966                 $this->pagefoot();\r
3967         }\r
3968 \r
3969         /**\r
3970          * @todo document this\r
3971          */\r
3972         function action_adminskindeleteconfirm()\r
3973         {\r
3974                 global $member, $CONF, $manager;\r
3975                 $member->isAdmin() or $this->disallow();\r
3976                 $skinid = intRequestVar('skinid');\r
3977                 // don't allow default skin to be deleted\r
3978                 if ($skinid == $CONF['DefaultAdminSkin']) {\r
3979                         $this->error(_ERROR_DEFAULTSKIN);\r
3980                 }\r
3981                 // don't allow deletion of default skins for members\r
3982                 $memberDefaults =  $member->getAdminSkin();\r
3983                 foreach ($memberDefaults as $memID => $adminskin) {\r
3984                         if ($skinid == $adminskin) {\r
3985                                 $mem = MEMBER::createFromID($memID);\r
3986                                 $this->error(_ERROR_SKINDEFDELETE . $mem->displayname);\r
3987                         }\r
3988                 }\r
3989                 $manager->notify(\r
3990                         'PreDeleteAdminSkin',\r
3991                         array(\r
3992                                 'skinid' => intval($skinid)\r
3993                         )\r
3994                 );\r
3995                 $query = 'DELETE FROM %s WHERE %s = ' . intval($skinid);\r
3996                 // 1. delete description\r
3997                 sql_query(sprintf($query, sql_table('adminskin_desc'), 'sdnumber'));\r
3998                 // 2. delete parts\r
3999                 sql_query(sprintf($query, sql_table('adminskin'), 'sdesc'));\r
4000                 $manager->notify(\r
4001                         'PostDeleteAdminSkin',\r
4002                         array(\r
4003                                 'skinid' => intval($skinid)\r
4004                         )\r
4005                 );\r
4006                 $this->action_adminskinoverview();\r
4007         }\r
4008 \r
4009         /**\r
4010          * @todo document this\r
4011          */\r
4012         function action_adminskinremovetype()\r
4013         {\r
4014                 global $member, $manager, $CONF;\r
4015 \r
4016                 $member->isAdmin() or $this->disallow();\r
4017                 $skinid   = intRequestVar('skinid');\r
4018                 $skintype = requestVar('type');\r
4019                 if (!isValidShortName($skintype)) {\r
4020                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4021                 }\r
4022                 $this->pagehead();\r
4023                 $this->parse('adminskinremovetype');\r
4024                 $this->pagefoot();\r
4025         }\r
4026 \r
4027         /**\r
4028          * @todo document this\r
4029          */\r
4030         function action_adminskinremovetypeconfirm()\r
4031         {\r
4032                 global $member, $CONF, $manager;\r
4033 \r
4034                 $member->isAdmin() or $this->disallow();\r
4035                 $skinid   = intRequestVar('skinid');\r
4036                 $skintype = requestVar('type');\r
4037                 if (!isValidShortName($skintype)) {\r
4038                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4039                 }\r
4040                 $manager->notify(\r
4041                         'PreDeleteAdminSkinPart',\r
4042                         array(\r
4043                                 'skinid'   => $skinid,\r
4044                                 'skintype' => $skintype\r
4045                         )\r
4046                 );\r
4047                 // delete part\r
4048                 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype ="%s"';\r
4049                 sql_query(sprintf($query, sql_table('adminskin'), intval($skinid), $skintype ));\r
4050                 $manager->notify(\r
4051                         'PostDeleteAdminSkinPart',\r
4052                         array(\r
4053                                 'skinid'   => $skinid,\r
4054                                 'skintype' => $skintype\r
4055                         )\r
4056                 );\r
4057                 $this->action_adminskinedit();\r
4058         }\r
4059 \r
4060         /**\r
4061          * @todo document this\r
4062          */\r
4063         function action_adminskinclone()\r
4064         {\r
4065                 global $member;\r
4066                 $member->isAdmin() or $this->disallow();\r
4067                 $skinid = intRequestVar('skinid');\r
4068                 // 1. read skin to clone\r
4069                 $skin = new Skin($skinid);\r
4070                 $name = "clone_" . $skin->getName();\r
4071                 // if a skin with that name already exists:\r
4072                 if (Skin::exists($name)) {\r
4073                         $i = 1;\r
4074                         while (Skin::exists($name . $i)) {\r
4075                                 $i++;\r
4076                         }\r
4077                         $name .= $i;\r
4078                 }\r
4079                 // 2. create skin desc\r
4080                 $newid = Skin::createNew(\r
4081                         $name,\r
4082                         $skin->getDescription(),\r
4083                         $skin->getContentType(),\r
4084                         $skin->getIncludeMode(),\r
4085                         $skin->getIncludePrefix()\r
4086                 );\r
4087                 $query = 'SELECT '\r
4088                                 . '    stype '\r
4089                                 . 'FROM '\r
4090                                 .      sql_table('adminskin') . ' '\r
4091                                 . 'WHERE '\r
4092                                 . '    sdesc = ' . $skinid;\r
4093                 $res   = sql_query($query);\r
4094                 while ($row = sql_fetch_assoc($res)) {\r
4095                         $this->adminskinclonetype($skin, $newid, $row['stype']);\r
4096                 }\r
4097                 $this->action_adminskinoverview();\r
4098         }\r
4099 \r
4100         /**\r
4101          * @todo document this\r
4102          */\r
4103         function adminskinclonetype($skin, $newid, $type)\r
4104         {\r
4105                 $newid   = intval($newid);\r
4106                 $content = $skin->getContent($type);\r
4107                 if ($content) {\r
4108                         $query = 'INSERT '\r
4109                                         . 'INTO '\r
4110                                         .      sql_table('adminskin') . ' '\r
4111                                         . '('\r
4112                                         . '    sdesc, '\r
4113                                         . '    scontent, '\r
4114                                         . '    stype'\r
4115                                         . ') VALUES ('\r
4116                                         .      intval($newid) . ', '\r
4117                                         . '"' . sql_real_escape_string($content) . '", '\r
4118                                         . '"' . sql_real_escape_string($type) . '" '\r
4119                                         . ')';\r
4120                         sql_query($query);\r
4121                 }\r
4122         }\r
4123 \r
4124         /**\r
4125          * @todo document this\r
4126          */\r
4127         function action_adminskinieoverview()\r
4128         {\r
4129                 global $member, $DIR_LIBS, $manager;\r
4130                 $member->isAdmin() or $this->disallow();\r
4131                 // load skinie class\r
4132                 include_once($DIR_LIBS . 'skinie.php');\r
4133                 $this->pagehead();\r
4134                 $this->parse('adminskinieoverview');\r
4135                 $this->pagefoot();\r
4136 \r
4137         }\r
4138 \r
4139         /**\r
4140          * @todo document this\r
4141          */\r
4142         function action_adminskinieimport()\r
4143         {\r
4144                 global $DIR_LIBS, $DIR_ADMINSKINS, $manager, $member;\r
4145                 $member->isAdmin() or $this->disallow();\r
4146                 // load skinie class\r
4147                 include_once($DIR_LIBS . 'skinie.php');\r
4148                 $skinFileRaw= postVar('skinfile');\r
4149                 $mode       = postVar('mode');\r
4150                 $importer   = new SKINIMPORT();\r
4151                 // get full filename\r
4152                 if ($mode == 'file') {\r
4153                         $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';\r
4154                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
4155                         if (!file_exists($skinFile)) {\r
4156                                 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';\r
4157                         }\r
4158                 } else {\r
4159                         $skinFile = $skinFileRaw;\r
4160                 }\r
4161                 // read only metadata\r
4162                 $error = $importer->readFile($skinFile, 1);\r
4163                 if ($error) {\r
4164                         $this->error($error);\r
4165                 }\r
4166 \r
4167                 $_REQUEST['skininfo']  = $importer->getInfo();\r
4168                 $_REQUEST['skinnames'] = $importer->getSkinNames();\r
4169                 $_REQUEST['tpltnames'] = $importer->getTemplateNames();\r
4170 \r
4171                 // clashes\r
4172                 $skinNameClashes         = $importer->checkSkinNameClashes();\r
4173                 $templateNameClashes     = $importer->checkTemplateNameClashes();\r
4174                 $hasNameClashes          = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);\r
4175                 $_REQUEST['skinclashes'] = $skinNameClashes;\r
4176                 $_REQUEST['tpltclashes'] = $templateNameClashes;\r
4177                 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;\r
4178 \r
4179                 $this->pagehead();\r
4180                 $this->parse('adminskinieimport');\r
4181                 $this->pagefoot();\r
4182         }\r
4183 \r
4184         /**\r
4185          * @todo document this\r
4186          */\r
4187         function action_adminskiniedoimport()\r
4188         {\r
4189                 global $DIR_LIBS, $DIR_ADMINSKINS, $member;\r
4190                 $member->isAdmin() or $this->disallow();\r
4191                 // load skinie class\r
4192                 include_once($DIR_LIBS . 'skinie.php');\r
4193                 $skinFileRaw    = postVar('skinfile');\r
4194                 $mode           = postVar('mode');\r
4195                 $allowOverwrite = intPostVar('overwrite');\r
4196                 // get full filename\r
4197                 if ($mode == 'file') {\r
4198                         $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';\r
4199                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
4200                         if (!file_exists($skinFile)) {\r
4201                                 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';\r
4202                         }\r
4203                 } else {\r
4204                         $skinFile = $skinFileRaw;\r
4205                 }\r
4206                 $importer = new SKINIMPORT();\r
4207                 $error    = $importer->readFile($skinFile);\r
4208                 if ($error) {\r
4209                         $this->error($error);\r
4210                 }\r
4211                 $error = $importer->writeToDatabase($allowOverwrite);\r
4212                 if ($error) {\r
4213                         $this->error($error);\r
4214                 }\r
4215 \r
4216                 $_REQUEST['skininfo']  = $importer->getInfo();\r
4217                 $_REQUEST['skinnames'] = $importer->getSkinNames();\r
4218                 $_REQUEST['tpltnames'] = $importer->getTemplateNames();\r
4219 \r
4220                 $this->pagehead();\r
4221                 $this->parse('adminskiniedoimport');\r
4222                 $this->pagefoot();\r
4223 \r
4224         }\r
4225 \r
4226         /**\r
4227          * @todo document this\r
4228          */\r
4229         function action_adminskinieexport()\r
4230         {\r
4231                 global $member, $DIR_PLUGINS;\r
4232                 $member->isAdmin() or $this->disallow();\r
4233                 // load skinie class\r
4234                 $aSkins     = requestIntArray('skin');\r
4235                 $aTemplates = requestIntArray('template');\r
4236                 if (!is_array($aTemplates)) {\r
4237                         $aTemplates = array();\r
4238                 }\r
4239                 if (!is_array($aSkins)) {\r
4240                         $aSkins = array();\r
4241                 }\r
4242                 $skinList     = array_keys($aSkins);\r
4243                 $templateList = array_keys($aTemplates);\r
4244 \r
4245                 $info = postVar('info');\r
4246 \r
4247                 $exporter = new SkinEXPORT();\r
4248                 foreach ($skinList as $skinId) {\r
4249                         $exporter->addSkin($skinId);\r
4250                 }\r
4251                 foreach ($templateList as $templateId) {\r
4252                         $exporter->addTemplate($templateId);\r
4253                 }\r
4254                 $exporter->setInfo($info);\r
4255                 $exporter->export();\r
4256                 \r
4257         }\r
4258 \r
4259         /**\r
4260          * Admin::action_settingsedit()\r
4261          * \r
4262          * @param       Void\r
4263          * @return      Void\r
4264          */\r
4265         function action_settingsedit() {\r
4266                 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;\r
4267 \r
4268                 $member->isAdmin() or $this->disallow();\r
4269 \r
4270                 $this->pagehead();\r
4271                 $this->parse('settingsedit');\r
4272                 $this->pagefoot();\r
4273         }\r
4274         \r
4275         /**\r
4276          * Admin::action_settingsupdate()\r
4277          * Update $CONFIG and redirect\r
4278          * \r
4279          * @param       void\r
4280          * @return      void\r
4281          */\r
4282         function action_settingsupdate() {\r
4283                 global $member, $CONF;\r
4284                 \r
4285                 $member->isAdmin() or $this->disallow();\r
4286                 \r
4287                 // check if email address for admin is valid\r
4288                 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )\r
4289                 {\r
4290                         $this->error(_ERROR_BADMAILADDRESS);\r
4291                 }\r
4292                 \r
4293                 // save settings\r
4294                 $this->updateConfig('DefaultBlog',        postVar('DefaultBlog'));\r
4295                 $this->updateConfig('BaseSkin',          postVar('BaseSkin'));\r
4296                 $this->updateConfig('IndexURL',          postVar('IndexURL'));\r
4297                 $this->updateConfig('AdminURL',          postVar('AdminURL'));\r
4298                 $this->updateConfig('PluginURL',                postVar('PluginURL'));\r
4299                 $this->updateConfig('SkinsURL',          postVar('SkinsURL'));\r
4300                 $this->updateConfig('ActionURL',                postVar('ActionURL'));\r
4301                 $this->updateConfig('Locale',              postVar('Locale'));\r
4302                 $this->updateConfig('AdminEmail',          postVar('AdminEmail'));\r
4303                 $this->updateConfig('SessionCookie',    postVar('SessionCookie'));\r
4304                 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));\r
4305                 $this->updateConfig('AllowMemberMail',  postVar('AllowMemberMail'));\r
4306                 $this->updateConfig('NonmemberMail',    postVar('NonmemberMail'));\r
4307                 $this->updateConfig('ProtectMemNames',  postVar('ProtectMemNames'));\r
4308                 $this->updateConfig('SiteName',          postVar('SiteName'));\r
4309                 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));\r
4310                 $this->updateConfig('DisableSite',        postVar('DisableSite'));\r
4311                 $this->updateConfig('DisableSiteURL',   postVar('DisableSiteURL'));\r
4312                 $this->updateConfig('LastVisit',                postVar('LastVisit'));\r
4313                 $this->updateConfig('MediaURL',          postVar('MediaURL'));\r
4314                 $this->updateConfig('AllowedTypes',      postVar('AllowedTypes'));\r
4315                 $this->updateConfig('AllowUpload',        postVar('AllowUpload'));\r
4316                 $this->updateConfig('MaxUploadSize',    postVar('MaxUploadSize'));\r
4317                 $this->updateConfig('MediaPrefix',        postVar('MediaPrefix'));\r
4318                 $this->updateConfig('AllowLoginEdit',   postVar('AllowLoginEdit'));\r
4319                 $this->updateConfig('DisableJsTools',   postVar('DisableJsTools'));\r
4320                 $this->updateConfig('CookieDomain',      postVar('CookieDomain'));\r
4321                 $this->updateConfig('CookiePath',          postVar('CookiePath'));\r
4322                 $this->updateConfig('CookieSecure',      postVar('CookieSecure'));\r
4323                 $this->updateConfig('URLMode',            postVar('URLMode'));\r
4324                 $this->updateConfig('CookiePrefix',      postVar('CookiePrefix'));\r
4325                 $this->updateConfig('DebugVars',                        postVar('DebugVars'));\r
4326                 $this->updateConfig('DefaultListSize',            postVar('DefaultListSize'));\r
4327                 $this->updateConfig('AdminCSS',           postVar('AdminCSS'));\r
4328                 \r
4329                 // load new config and redirect (this way, the new locale will be used is necessary)\r
4330                 // note that when changing cookie settings, this redirect might cause the user\r
4331                 // to have to log in again.\r
4332                 getConfig();\r
4333                 redirect($CONF['AdminURL'] . '?action=manage');\r
4334                 exit;\r
4335         }\r
4336 \r
4337         /**\r
4338          * Admin::action_systemoverview()\r
4339          * Output system overview\r
4340          * \r
4341          * @param       void\r
4342          * @return      void\r
4343          */\r
4344         function action_systemoverview()\r
4345         {\r
4346                 $this->pagehead();\r
4347                 $this->parse('systemoverview');\r
4348                 $this->pagefoot();\r
4349         }\r
4350 \r
4351         /**\r
4352          * Admin::updateConfig()\r
4353          * \r
4354          * @param       string  $name   \r
4355          * @param       string  $val    \r
4356          * @return      integer return the ID in which the latest query posted\r
4357          */\r
4358         function updateConfig($name, $val)\r
4359         {\r
4360                 $name = sql_real_escape_string($name);\r
4361                 $val = trim(sql_real_escape_string($val));\r
4362                 \r
4363                 $query = "UPDATE %s SET value='%s' WHERE name='%s'";\r
4364                 $query = sprintf($query, sql_table('config'), $val, $name);\r
4365 //              sql_query($query) or die("Query error: " . sql_error());\r
4366         sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
4367                 return sql_insert_id();\r
4368         }\r
4369         \r
4370         /**\r
4371          * Error message\r
4372          * @param string $msg message that will be shown\r
4373          */\r
4374         function error($msg)\r
4375         {\r
4376                 $this->pagehead();\r
4377                 $this->parse('adminerrorpage');\r
4378                 $this->pagefoot();\r
4379                 exit;\r
4380         }\r
4381         \r
4382         /**\r
4383          * Admin::disallow()\r
4384          * add error log and show error page \r
4385          * \r
4386          * @param       void\r
4387          * @return      void\r
4388          */\r
4389         function disallow()\r
4390         {\r
4391                 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));\r
4392                 $this->error(_ERROR_DISALLOWED);\r
4393         }\r
4394         \r
4395         /**\r
4396          * Admin::pagehead()\r
4397          * Output admin page head\r
4398          * \r
4399          * @param       void\r
4400          * @return      void\r
4401          */\r
4402         function pagehead($extrahead = '')\r
4403         {\r
4404                 if ( $this->existsSkinContents('pagehead') )\r
4405                 {\r
4406                         if ( isset($extrahead) && !empty($extrahead) )\r
4407                         {\r
4408                         $this->extrahead = $extrahead;\r
4409                         }\r
4410                         $this->parse('pagehead');\r
4411                 }\r
4412                 else\r
4413                 {\r
4414                         global $member, $nucleus, $CONF, $manager;\r
4415                         \r
4416                         $manager->notify(\r
4417                                 'AdminPrePageHead',\r
4418                                 array(\r
4419                                         'extrahead' => &$extrahead,\r
4420                                         'action'    => $this->action\r
4421                                 )\r
4422                         );\r
4423                         \r
4424                         $baseUrl = Entity::hsc($CONF['AdminURL']);\r
4425                         if ( !array_key_exists('AdminCSS',$CONF) )\r
4426                         {\r
4427                                 sql_query("INSERT INTO " . sql_table('config') . " VALUES ('AdminCSS', 'original')");\r
4428                                 $CONF['AdminCSS'] = 'original';\r
4429                         }\r
4430                         \r
4431                         /* HTTP 1.1 application for no caching */\r
4432                         header("Cache-Control: no-cache, must-revalidate");\r
4433                         header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");\r
4434                         \r
4435                         $root_element = 'html';\r
4436                         $charset = i18n::get_current_charset();\r
4437                         $locale = preg_replace('#_#', '-', i18n::get_current_locale());\r
4438         \r
4439                         echo "<?xml version=\"{$this->xml_version_info}\" encoding=\"{$charset}\" ?>\n";\r
4440                         echo "<!DOCTYPE {$root_element} PUBLIC \"{$this->formal_public_identifier}\" \"{$this->system_identifier}\">\n";\r
4441                         echo "<{$root_element} xmlns=\"{$this->xhtml_namespace}\" xml:lang=\"{$locale}\" lang=\"{$locale}\">\n";\r
4442                         echo "<head>\n";\r
4443                         echo '<title>' . Entity::hsc($CONF['SiteName']) . " - Admin</title>\n";\r
4444                         echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/admin_{$CONF["AdminCSS"]}.css\" />\n";\r
4445                         echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}styles/addedit.css\" />\n";\r
4446                         echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/edit.js\"></script>\n";\r
4447                         echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/admin.js\"></script>\n";\r
4448                         echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/compatibility.js\"></script>\n";\r
4449                         echo "{$extrahead}\n";\r
4450                         echo "</head>\n\n";\r
4451                         echo "<body>\n";\r
4452                         echo "<div id=\"adminwrapper\">\n";\r
4453                         echo "<div class=\"header\">\n";\r
4454                         echo '<h1>' . Entity::hsc($CONF['SiteName']) . "</h1>\n";\r
4455                         echo "</div>\n";\r
4456                         echo "<div id=\"container\">\n";\r
4457                         echo "<div id=\"content\">\n";\r
4458                         echo "<div class=\"loginname\">\n";\r
4459                         if ( $member->isLoggedIn() )\r
4460                         {\r
4461                                 echo _LOGGEDINAS . ' ' . $member->getDisplayName() ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a><br />\n";\r
4462                                 echo "<a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";\r
4463                         }\r
4464                         else\r
4465                         {\r
4466                                 echo '<a href="index.php?action=showlogin" title="Log in">' . _NOTLOGGEDIN . "</a><br />\n";\r
4467                         }\r
4468                         echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a><br />\n";\r
4469                         echo '(';\r
4470                         \r
4471                         if (array_key_exists('codename', $nucleus) && $nucleus['codename'] != '' )\r
4472                         {\r
4473                                 $codenamestring = ' &quot;' . $nucleus['codename'].'&quot;';\r
4474                         }\r
4475                         else\r
4476                         {\r
4477                                 $codenamestring = '';\r
4478                         }\r
4479                         \r
4480                         if ( $member->isLoggedIn() && $member->isAdmin() )\r
4481                         {\r
4482                                 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());\r
4483                                 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';\r
4484                                 \r
4485                                 $newestVersion = getLatestVersion();\r
4486                                 $newestCompare = str_replace('/','.',$newestVersion);\r
4487                                 $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);\r
4488                                 if ( $newestVersion && version_compare($newestCompare, $currentVersion) > 0 )\r
4489                                 {\r
4490                                         echo "<br />\n";\r
4491                                         echo '<a style="color:red" href="http://nucleuscms.org/upgrade.php" title="' . _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE . '">';\r
4492                                         echo _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT . $newestVersion;\r
4493                                         echo "</a>";\r
4494                                 }\r
4495                         }\r
4496                         else\r
4497                         {\r
4498                                 echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;\r
4499                         }\r
4500                         echo ')';\r
4501                         echo '</div>';\r
4502                 }\r
4503                 return;\r
4504         }\r
4505         \r
4506         /**\r
4507          * Admin::pagefoot()\r
4508          * Output admin page foot include quickmenu\r
4509          * \r
4510          * @param       void\r
4511          * @return      void\r
4512          */\r
4513         function pagefoot()\r
4514         {\r
4515                 if ($this->existsSkinContents('pagefoot')) {\r
4516                         $this->parse('pagefoot');\r
4517                         exit;\r
4518                 }\r
4519                 else\r
4520                 {\r
4521                         global $action, $member, $manager;\r
4522                         \r
4523                         $manager->notify(\r
4524                                 'AdminPrePageFoot',\r
4525                                 array(\r
4526                                         'action' => $this->action\r
4527                                 )\r
4528                         );\r
4529                         \r
4530                         if ( $member->isLoggedIn() && ($action != 'showlogin') )\r
4531                         {\r
4532                                 echo '<h2>' . _LOGOUT . "</h2>\n";\r
4533                                 echo "<ul>\n";\r
4534                                 echo '<li><a href="index.php?action=overview">' . _BACKHOME . "</a></li>\n";\r
4535                                 echo '<li><a href="index.php?action=logout">' .  _LOGOUT . "</a></li>\n";\r
4536                                 echo "</ul>\n";\r
4537                         }\r
4538                         \r
4539                         echo "<div class=\"foot\">\n";\r
4540                         echo '<a href="' . _ADMINPAGEFOOT_OFFICIALURL . '">Nucleus CMS</a> &copy; 2002-' . date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT;\r
4541                         echo '-';\r
4542                         echo '<a href="' . _ADMINPAGEFOOT_DONATEURL . '">' . _ADMINPAGEFOOT_DONATE . "</a>\n";\r
4543                         echo "</div>\n";\r
4544                         \r
4545                         echo "<!-- content -->\n";\r
4546                         echo "<div id=\"quickmenu\">\n";\r
4547                         \r
4548                         if ( ($action != 'showlogin') && ($member->isLoggedIn()) )\r
4549                         {\r
4550                                 echo "<ul>\n";\r
4551                                 echo '<li><a href="index.php?action=overview">' . _QMENU_HOME . "</a></li>\n";\r
4552                                 echo "</ul>\n";\r
4553                                 \r
4554                                 echo '<h2>' . _QMENU_ADD . "</h2>\n";\r
4555                                 echo "<form method=\"get\" action=\"index.php\">\n";\r
4556                                 echo "<p>\n";\r
4557                                 echo "<input type=\"hidden\" name=\"action\" value=\"createitem\" />\n";\r
4558                                 \r
4559                                 $showAll = requestVar('showall');\r
4560                                 \r
4561                                 if ( ($member->isAdmin()) && ($showAll == 'yes') )\r
4562                                 {\r
4563                                         // Super-Admins have access to all blogs! (no add item support though)\r
4564                                         $query =  'SELECT bnumber as value, bname as text'\r
4565                                                         . ' FROM ' . sql_table('blog')\r
4566                                                         . ' ORDER BY bname';\r
4567                                 }\r
4568                                 else\r
4569                                 {\r
4570                                         $query =  'SELECT bnumber as value, bname as text'\r
4571                                                         . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
4572                                                         . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
4573                                                         . ' ORDER BY bname';\r
4574                                 }\r
4575                                 $template['name'] = 'blogid';\r
4576                                 $template['tabindex'] = 15000;\r
4577                                 $template['extra'] = _QMENU_ADD_SELECT;\r
4578                                 $template['selected'] = -1;\r
4579                                 $template['shorten'] = 10;\r
4580                                 $template['shortenel'] = '';\r
4581                                 $template['javascript'] = 'onchange="return form.submit()"';\r
4582                                 showlist($query,'select',$template);\r
4583                                 \r
4584                                 echo "</p>\n";\r
4585                                 echo "</form>\n";\r
4586                                 \r
4587                                 echo "<h2>{$member->getDisplayName()}</h2>\n";\r
4588                                 echo "<ul>\n";\r
4589                                 echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . "</a></li>\n";\r
4590                                 echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . "</a></li>\n";\r
4591                                 echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . "</a></li>\n";\r
4592                                 echo "</ul>\n";\r
4593                                 \r
4594                                 // ---- general settings ----\r
4595                                 if ( $member->isAdmin() )\r
4596                                 {\r
4597                                         echo '<h2>' . _QMENU_MANAGE . "</h2>\n";\r
4598                                         echo "<ul>\n";\r
4599                                         echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . "</a></li>\n";\r
4600                                         echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . "</a></li>\n";\r
4601                                         echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . "</a></li>\n";\r
4602                                         echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . "</a></li>\n";\r
4603                                         echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . "</a></li>\n";\r
4604                                         echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . "</a></li>\n";\r
4605                                         echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . "</a></li>\n";\r
4606                                         echo "</ul>\n";\r
4607                                         \r
4608                                         echo "<h2>" . _QMENU_LAYOUT . "</h2>\n";\r
4609                                         echo "<ul>\n";\r
4610                                         echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . "</a></li>\n";\r
4611                                         echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . "</a></li>\n";\r
4612                                         echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . "</a></li>\n";\r
4613                                         echo "</ul>\n";\r
4614                                 }\r
4615                                 \r
4616                                 $aPluginExtras = array();\r
4617                                 $manager->notify(\r
4618                                         'QuickMenu',\r
4619                                         array(\r
4620                                                 'options' => &$aPluginExtras));\r
4621                                 \r
4622                                 if ( count($aPluginExtras) > 0 )\r
4623                                 {\r
4624                                         echo "<h2>" . _QMENU_PLUGINS . "</h2>\n";\r
4625                                         echo "<ul>\n";\r
4626                                         foreach ( $aPluginExtras as $aInfo )\r
4627                                         {\r
4628                                                 echo '<li><a href="' . Entity::hsc($aInfo['url']) . '" title="' . Entity::hsc($aInfo['tooltip']) . '">' . Entity::hsc($aInfo['title']) . "</a></li>\n";\r
4629                                         }\r
4630                                         echo "</ul>\n";\r
4631                                 }\r
4632                         }\r
4633                         else if ( ($action == 'activate') || ($action == 'activatesetpwd') )\r
4634                         {\r
4635                         \r
4636                                 echo '<h2>' . _QMENU_ACTIVATE . '</h2>' . _QMENU_ACTIVATE_TEXT;\r
4637                         }\r
4638                         else\r
4639                         {\r
4640                                 // introduction text on login screen\r
4641                                 echo '<h2>' . _QMENU_INTRO . '</h2>' . _QMENU_INTRO_TEXT;\r
4642                         }\r
4643                         \r
4644                         echo "<!-- quickmenu -->\n";\r
4645                         echo "</div>\n";\r
4646                         \r
4647                         echo "<!-- content -->\n";\r
4648                         echo "</div>\n";\r
4649                         \r
4650                         echo "<!-- container -->\n";\r
4651                         echo "</div>\n";\r
4652                         \r
4653                         echo "<!-- adminwrapper -->\n";\r
4654                         echo "</div>\n";\r
4655                         \r
4656                         echo "</body>\n";\r
4657                         echo "</html>\n";\r
4658                 }\r
4659                 return;\r
4660         }\r
4661         \r
4662         /**\r
4663          * @todo document this\r
4664          */\r
4665         function action_regfile()\r
4666         {\r
4667                 global $member, $CONF;\r
4668 \r
4669                 $blogid = intRequestVar('blogid');\r
4670 \r
4671                 $member->teamRights($blogid) or $this->disallow();\r
4672 \r
4673                 // header-code stolen from phpMyAdmin\r
4674                 // REGEDIT and bookmarklet code stolen from GreyMatter\r
4675 \r
4676                 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid));\r
4677 \r
4678 \r
4679                 header('Content-Type: application/octetstream');\r
4680                 header('Content-Disposition: filename="nucleus.reg"');\r
4681                 header('Pragma: no-cache');\r
4682                 header('Expires: 0');\r
4683 \r
4684                 echo "REGEDIT4\n";\r
4685                 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n";\r
4686                 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n";\r
4687                 echo '"contexts"=hex:31';\r
4688         }\r
4689 \r
4690         /**\r
4691          * @todo document this\r
4692          */\r
4693         function action_bookmarklet()\r
4694         {\r
4695                 global $member, $manager;\r
4696 \r
4697                 $member->teamRights($blogid) or $this->disallow();\r
4698 \r
4699                 $blogid = intRequestVar('blogid');\r
4700 \r
4701                 $this->pagehead();\r
4702                 $this->parse('bookmarklet');\r
4703                 $this->pagefoot();\r
4704 \r
4705         }\r
4706 \r
4707         /**\r
4708          * @todo document this\r
4709          */\r
4710         function action_actionlog()\r
4711         {\r
4712                 global $member, $manager;\r
4713 \r
4714                 $member->isAdmin() or $this->disallow();\r
4715 \r
4716                 $this->pagehead();\r
4717                 $this->parse('actionlog');\r
4718                 $this->pagefoot();\r
4719 \r
4720         }\r
4721 \r
4722         /**\r
4723          * @todo document this\r
4724          */\r
4725         function action_banlist() {\r
4726                 global $member, $manager;\r
4727 \r
4728                 $member->blogAdminRights($blogid) or $this->disallow();\r
4729 \r
4730                 $blogid = intRequestVar('blogid');\r
4731 \r
4732                 $this->pagehead();\r
4733                 $this->parse('banlist');\r
4734                 $this->pagefoot();\r
4735 \r
4736         }\r
4737 \r
4738         /**\r
4739          * @todo document this\r
4740          */\r
4741         function action_banlistdelete() {\r
4742                 global $member, $manager;\r
4743 \r
4744                 $blogid = intRequestVar('blogid');\r
4745                 $member->blogAdminRights($blogid) or $this->disallow();\r
4746 \r
4747                 $this->pagehead();\r
4748                 $this->parse('banlistdelete');\r
4749                 $this->pagefoot();\r
4750         }\r
4751 \r
4752         /**\r
4753          * @todo document this\r
4754          */\r
4755         function action_banlistdeleteconfirm()\r
4756         {\r
4757                 global $member, $manager;\r
4758 \r
4759                 $member->blogAdminRights($blogid) or $this->disallow();\r
4760 \r
4761                 $blogid = intPostVar('blogid');\r
4762                 $allblogs = postVar('allblogs');\r
4763                 $iprange = postVar('iprange');\r
4764 \r
4765                 $deleted = array();\r
4766 \r
4767                 if ( !$allblogs )\r
4768                 {\r
4769                         if ( Ban::removeBan($blogid, $iprange) )\r
4770                         {\r
4771                                 array_push($deleted, $blogid);\r
4772                         }\r
4773                 }\r
4774                 else\r
4775                 {\r
4776                         // get blogs fot which member has admin rights\r
4777                         $adminblogs = $member->getAdminBlogs();\r
4778                         foreach ($adminblogs as $blogje)\r
4779                         {\r
4780                                 if ( Ban::removeBan($blogje, $iprange) )\r
4781                                 {\r
4782                                         array_push($deleted, $blogje);\r
4783                                 }\r
4784                         }\r
4785                 }\r
4786 \r
4787                 if ( sizeof($deleted) == 0 )\r
4788                 {\r
4789                         $this->error(_ERROR_DELETEBAN);\r
4790                 }\r
4791 \r
4792                 $this->pagehead();\r
4793                 $this->parse('banlistdeleteconfirm');\r
4794                 $this->pagefoot();\r
4795 \r
4796         }\r
4797 \r
4798         /**\r
4799          * @todo document this\r
4800          */\r
4801         function action_banlistnewfromitem()\r
4802         {\r
4803                 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));\r
4804         }\r
4805 \r
4806         /**\r
4807          * @todo document this\r
4808          */\r
4809         function action_banlistnew($blogid = '')\r
4810         {\r
4811                 global $member, $manager;\r
4812 \r
4813                 if ( $blogid == '' )\r
4814                 {\r
4815                         $blogid = intRequestVar('blogid');\r
4816                 }\r
4817 \r
4818                 $ip = requestVar('ip');\r
4819 \r
4820                 $member->blogAdminRights($blogid) or $this->disallow();\r
4821 \r
4822                 $_REQUEST['blogid'] = $blogid;          \r
4823 \r
4824                 $this->pagehead();\r
4825                 $this->parse('banlistnew');\r
4826                 $this->pagefoot();\r
4827         }\r
4828 \r
4829         /**\r
4830          * @todo document this\r
4831          */\r
4832         function action_banlistadd() {\r
4833                 global $member;\r
4834 \r
4835                 $blogid   = intPostVar('blogid');\r
4836                 $allblogs = postVar('allblogs');\r
4837                 $iprange  = postVar('iprange');\r
4838                 if ( $iprange == "custom" )\r
4839                 {\r
4840                         $iprange = postVar('customiprange');\r
4841                 }\r
4842                 $reason   = postVar('reason');\r
4843 \r
4844                 $member->blogAdminRights($blogid) or $this->disallow();\r
4845 \r
4846                 // TODO: check IP range validity\r
4847 \r
4848                 if ( !$allblogs )\r
4849                 {\r
4850                         if ( !Ban::addBan($blogid, $iprange, $reason) )\r
4851                         {\r
4852                                 $this->error(_ERROR_ADDBAN);\r
4853                         }\r
4854                 }\r
4855                 else\r
4856                 {\r
4857                         // get blogs fot which member has admin rights\r
4858                         $adminblogs = $member->getAdminBlogs();\r
4859                         $failed = 0;\r
4860                         foreach ($adminblogs as $blogje)\r
4861                         {\r
4862                                 if ( !Ban::addBan($blogje, $iprange, $reason) )\r
4863                                 {\r
4864                                         $failed = 1;\r
4865                                 }\r
4866                         }\r
4867                         if ( $failed )\r
4868                         {\r
4869                                 $this->error(_ERROR_ADDBAN);\r
4870                         }\r
4871                 }\r
4872                 $this->action_banlist();\r
4873         }\r
4874 \r
4875         /**\r
4876          * @todo document this\r
4877          */\r
4878         function action_clearactionlog()\r
4879         {\r
4880                 global $member;\r
4881 \r
4882                 $member->isAdmin() or $this->disallow();\r
4883 \r
4884                 ActionLog::clear();\r
4885 \r
4886                 $this->action_manage(_MSG_ACTIONLOGCLEARED);\r
4887         }\r
4888 \r
4889         /**\r
4890          * @todo document this\r
4891          */\r
4892         function action_backupoverview()\r
4893         {\r
4894                 global $member, $manager;\r
4895 \r
4896                 $member->isAdmin() or $this->disallow();\r
4897 \r
4898                 $this->pagehead();\r
4899                 $this->parse('backupoverview');\r
4900                 $this->pagefoot();\r
4901         }\r
4902 \r
4903         /**\r
4904          * Admin::action_backupcreate()\r
4905          * create file for backup\r
4906          * \r
4907          * @param               void\r
4908          * @return      void\r
4909          * \r
4910          */\r
4911         function action_backupcreate()\r
4912         {\r
4913                 global $member, $DIR_LIBS;\r
4914                 \r
4915                 $member->isAdmin() or $this->disallow();\r
4916                 \r
4917                 // use compression ?\r
4918                 $useGzip = (integer) postVar('gzip');\r
4919                 \r
4920                 include($DIR_LIBS . 'backup.php');\r
4921                 \r
4922                 // try to extend time limit\r
4923                 // (creating/restoring dumps might take a while)\r
4924                 @set_time_limit(1200);\r
4925                 \r
4926                 Backup::do_backup($useGzip);\r
4927                 exit;\r
4928         }\r
4929         \r
4930         /**\r
4931          * Admin::action_backuprestore()\r
4932          * restoring from uploaded file\r
4933          * \r
4934          * @param               void\r
4935          * @return      void\r
4936          */\r
4937         function action_backuprestore()\r
4938         {\r
4939                 global $member, $DIR_LIBS;\r
4940                 \r
4941                 $member->isAdmin() or $this->disallow();\r
4942                 \r
4943                 if ( intPostVar('letsgo') != 1 )\r
4944                 {\r
4945                         $this->error(_ERROR_BACKUP_NOTSURE);\r
4946                 }\r
4947                 \r
4948                 include($DIR_LIBS . 'backup.php');\r
4949                 \r
4950                 // try to extend time limit\r
4951                 // (creating/restoring dumps might take a while)\r
4952                 @set_time_limit(1200);\r
4953                 \r
4954                 $message = Backup::do_restore();\r
4955                 if ( $message != '' )\r
4956                 {\r
4957                         $this->error($message);\r
4958                 }\r
4959                 $this->pagehead();\r
4960                 $this->parse('backuprestore');\r
4961                 $this->pagefoot();\r
4962                 return;\r
4963         }\r
4964         \r
4965         /**\r
4966          * Admin::action_pluginlist()\r
4967          * output the list of installed plugins\r
4968          * \r
4969          * @param       void\r
4970          * @return      void\r
4971          * \r
4972          */\r
4973         function action_pluginlist()\r
4974         {\r
4975                 global $DIR_PLUGINS, $member, $manager;\r
4976                 \r
4977                 // check if allowed\r
4978                 $member->isAdmin() or $this->disallow();\r
4979                 \r
4980                 $this->pagehead();\r
4981                 $this->parse('pluginlist');\r
4982                 $this->pagefoot();\r
4983                 return;\r
4984         }\r
4985         \r
4986         /**\r
4987          * @todo document this\r
4988          */\r
4989         function action_pluginhelp()\r
4990         {\r
4991                 global $member, $manager, $DIR_PLUGINS, $CONF;\r
4992 \r
4993                 // check if allowed\r
4994                 $member->isAdmin() or $this->disallow();\r
4995 \r
4996                 $plugid = intGetVar('plugid');\r
4997 \r
4998                 if ( !$manager->pidInstalled($plugid) )\r
4999                 {\r
5000                         $this->error(_ERROR_NOSUCHPLUGIN);\r
5001                 }\r
5002 \r
5003                 $this->pagehead();\r
5004                 $this->parse('pluginhelp');\r
5005                 $this->pagefoot();\r
5006         }\r
5007 \r
5008         /**\r
5009          * Admin::action_pluginadd()\r
5010          * \r
5011          * @param       Void\r
5012          * @return      Void\r
5013          * \r
5014          */\r
5015         function action_pluginadd()\r
5016         {\r
5017                 global $member, $manager, $DIR_PLUGINS;\r
5018                 \r
5019                 // check if allowed\r
5020                 $member->isAdmin() or $this->disallow();\r
5021                 \r
5022                 $name = postVar('filename');\r
5023                 \r
5024                 if ( $manager->pluginInstalled($name) )\r
5025                 {\r
5026                         $this->error(_ERROR_DUPPLUGIN);\r
5027                 }\r
5028                 \r
5029                 if ( !checkPlugin($name) )\r
5030                 {\r
5031                         $this->error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');\r
5032                 }\r
5033                 \r
5034                 // get number of currently installed plugins\r
5035                 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));\r
5036                 $numCurrent = sql_num_rows($res);\r
5037                 \r
5038                 // plugin will be added as last one in the list\r
5039                 $newOrder = $numCurrent + 1;\r
5040                 \r
5041                 $manager->notify(\r
5042                         'PreAddPlugin',\r
5043                         array(\r
5044                                 'file' => &$name\r
5045                         )\r
5046                 );\r
5047                 \r
5048                 // do this before calling getPlugin (in case the plugin id is used there)\r
5049                 $query = 'INSERT INTO '\r
5050                            .      sql_table('plugin')\r
5051                            . ' ('\r
5052                            . '    porder,'\r
5053                            . '    pfile'\r
5054                            . ') VALUES ('\r
5055                            .      $newOrder . ','\r
5056                            . '"' . sql_real_escape_string($name) . '"'\r
5057                            . ')';\r
5058                 sql_query($query);\r
5059                 $iPid = sql_insert_id();\r
5060                 \r
5061                 $manager->clearCachedInfo('installedPlugins');\r
5062                 \r
5063                 // Load the plugin for condition checking and instalation\r
5064                 $plugin =& $manager->getPlugin($name);\r
5065                 \r
5066                 // check if it got loaded (could have failed)\r
5067                 if ( !$plugin )\r
5068                 {\r
5069                         sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));\r
5070                         $manager->clearCachedInfo('installedPlugins');\r
5071                         $this->error(_ERROR_PLUGIN_LOAD);\r
5072                 }\r
5073                 \r
5074                 // check if plugin needs a newer Nucleus version\r
5075                 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )\r
5076                 {\r
5077                         // uninstall plugin again...\r
5078                         $this->deleteOnePlugin($plugin->getID());\r
5079                         \r
5080                         // ...and show error\r
5081                         $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));\r
5082                 }\r
5083                 \r
5084                 // check if plugin needs a newer Nucleus version\r
5085                 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )\r
5086                 {\r
5087                         // uninstall plugin again...\r
5088                         $this->deleteOnePlugin($plugin->getID());\r
5089                         \r
5090                         // ...and show error\r
5091                         $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );\r
5092                 }\r
5093                 \r
5094                 $pluginList = $plugin->getPluginDep();\r
5095                 foreach ( $pluginList as $pluginName )\r
5096                 {\r
5097                         $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');\r
5098                         if (sql_num_rows($res) == 0)\r
5099                         {\r
5100                                 // uninstall plugin again...\r
5101                                 $this->deleteOnePlugin($plugin->getID());\r
5102                                 $this->error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));\r
5103                         }\r
5104                 }\r
5105                 \r
5106                 // call the install method of the plugin\r
5107                 $plugin->install();\r
5108                 \r
5109                 $manager->notify(\r
5110                         'PostAddPlugin',\r
5111                         array(\r
5112                                 'plugin' => &$plugin\r
5113                         )\r
5114                 );\r
5115                 \r
5116                 // update all events\r
5117                 $this->action_pluginupdate();\r
5118                 return;\r
5119         }\r
5120         \r
5121         /**\r
5122          * ADMIN:action_pluginupdate():\r
5123          * \r
5124          * @param       Void\r
5125          * @return      Void\r
5126          * \r
5127          */\r
5128         function action_pluginupdate()\r
5129         {\r
5130                 global $member, $manager, $CONF;\r
5131                 \r
5132                 // check if allowed\r
5133                 $member->isAdmin() or $this->disallow();\r
5134                 \r
5135                 // delete everything from plugin_events\r
5136                 sql_query('DELETE FROM '.sql_table('plugin_event'));\r
5137                 \r
5138                 // loop over all installed plugins\r
5139                 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));\r
5140                 while ( $o = sql_fetch_object($res) )\r
5141                 {\r
5142                         $pid  =  $o->pid;\r
5143                         $plug =& $manager->getPlugin($o->pfile);\r
5144                         if ( $plug )\r
5145                         {\r
5146                                 $eventList = $plug->getEventList();\r
5147                                 foreach ( $eventList as $eventName )\r
5148                                 {\r
5149                                         $query = "INSERT INTO %s (pid, event) VALUES (%d, '%s')";\r
5150                                         $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, sql_real_escape_string($eventName));\r
5151                                         sql_query($query);\r
5152                                 }\r
5153                         }\r
5154                 }\r
5155                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
5156                 return;\r
5157         }\r
5158         \r
5159         /**\r
5160          * @todo document this\r
5161          */\r
5162         function action_plugindelete()\r
5163         {\r
5164                 global $member, $manager;\r
5165 \r
5166                 // check if allowed\r
5167                 $member->isAdmin() or $this->disallow();\r
5168 \r
5169                 $pid = intGetVar('plugid');\r
5170 \r
5171                 if ( !$manager->pidInstalled($pid) )\r
5172                 {\r
5173                         $this->error(_ERROR_NOSUCHPLUGIN);\r
5174                 }\r
5175 \r
5176                 $this->pagehead();\r
5177                 $this->parse('plugindelete');\r
5178                 $this->pagefoot();\r
5179         }\r
5180 \r
5181         /**\r
5182          * @todo document this\r
5183          */\r
5184         function action_plugindeleteconfirm()\r
5185         {\r
5186                 global $member, $manager, $CONF;\r
5187 \r
5188                 // check if allowed\r
5189                 $member->isAdmin() or $this->disallow();\r
5190 \r
5191                 $pid = intPostVar('plugid');\r
5192 \r
5193                 $error = $this->deleteOnePlugin($pid, 1);\r
5194                 if ($error) {\r
5195                         $this->error($error);\r
5196                 }\r
5197 \r
5198                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
5199 //              $this->action_pluginlist();\r
5200         }\r
5201 \r
5202         /**\r
5203          * @todo document this\r
5204          */\r
5205         function deleteOnePlugin($pid, $callUninstall = 0)\r
5206         {\r
5207                 global $manager;\r
5208 \r
5209                 $pid = intval($pid);\r
5210 \r
5211                 if ( !$manager->pidInstalled($pid) )\r
5212                 {\r
5213                         return _ERROR_NOSUCHPLUGIN;\r
5214                 }\r
5215 \r
5216                 $name = quickQuery('SELECT pfile as result FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);\r
5217 \r
5218 /*              // call the unInstall method of the plugin\r
5219                 if ($callUninstall) {\r
5220                         $plugin =& $manager->getPlugin($name);\r
5221                         if ($plugin) $plugin->unInstall();\r
5222                 }*/\r
5223 \r
5224                 // check dependency before delete\r
5225                 $res = sql_query('SELECT pfile FROM ' . sql_table('plugin'));\r
5226                 while ($o = sql_fetch_object($res))\r
5227                 {\r
5228                         $plug =& $manager->getPlugin($o->pfile);\r
5229                         if ($plug)\r
5230                         {\r
5231                                 $depList = $plug->getPluginDep();\r
5232                                 foreach ($depList as $depName)\r
5233                                 {\r
5234                                         if ($name == $depName)\r
5235                                         {\r
5236                                                 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);\r
5237                                         }\r
5238                                 }\r
5239                         }\r
5240                 }\r
5241 \r
5242                 $manager->notify(\r
5243                         'PreDeletePlugin',\r
5244                         array(\r
5245                                 'plugid' => $pid\r
5246                         )\r
5247                 );\r
5248 \r
5249                 // call the unInstall method of the plugin\r
5250                 if ( $callUninstall )\r
5251                 {\r
5252                         $plugin =& $manager->getPlugin($name);\r
5253                         if ( $plugin )\r
5254                         {\r
5255                                 $plugin->unInstall();\r
5256                         }\r
5257                 }\r
5258 \r
5259                 // delete all subscriptions\r
5260                 sql_query('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);\r
5261 \r
5262                 // delete all options\r
5263                 // get OIDs from plugin_option_desc\r
5264                 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);\r
5265                 $aOIDs = array();\r
5266                 while ($o = sql_fetch_object($res))\r
5267                 {\r
5268                         array_push($aOIDs, $o->oid);\r
5269                 }\r
5270 \r
5271                 // delete from plugin_option and plugin_option_desc\r
5272                 sql_query('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);\r
5273                 if (count($aOIDs) > 0)\r
5274                 {\r
5275                         sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',',$aOIDs) . ')');\r
5276                 }\r
5277 \r
5278                 // update order numbers\r
5279                 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);\r
5280                 $o = sql_fetch_object($res);\r
5281                 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $o->porder);\r
5282 \r
5283                 // delete row\r
5284                 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);\r
5285 \r
5286                 $manager->clearCachedInfo('installedPlugins');\r
5287                 $manager->notify(\r
5288                         'PostDeletePlugin',\r
5289                         array(\r
5290                                 'plugid' => $pid\r
5291                         )\r
5292                 );\r
5293 \r
5294                 return '';\r
5295         }\r
5296 \r
5297         /**\r
5298          * @todo document this\r
5299          */\r
5300         function action_pluginup()\r
5301         {\r
5302                 global $member, $manager, $CONF;\r
5303 \r
5304                 // check if allowed\r
5305                 $member->isAdmin() or $this->disallow();\r
5306 \r
5307                 $plugid = intGetVar('plugid');\r
5308 \r
5309                 if ( !$manager->pidInstalled($plugid) )\r
5310                 {\r
5311                         $this->error(_ERROR_NOSUCHPLUGIN);\r
5312                 }\r
5313 \r
5314                 // 1. get old order number\r
5315                 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);\r
5316                 $o = sql_fetch_object($res);\r
5317                 $oldOrder = $o->porder;\r
5318 \r
5319                 // 2. calculate new order number\r
5320                 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;\r
5321 \r
5322                 // 3. update plug numbers\r
5323                 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);\r
5324                 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);\r
5325 \r
5326                 //$this->action_pluginlist();\r
5327                 // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
5328                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
5329         }\r
5330 \r
5331         /**\r
5332          * @todo document this\r
5333          */\r
5334         function action_plugindown()\r
5335         {\r
5336                 global $member, $manager, $CONF;\r
5337 \r
5338                 // check if allowed\r
5339                 $member->isAdmin() or $this->disallow();\r
5340 \r
5341                 $plugid = intGetVar('plugid');\r
5342                 if ( !$manager->pidInstalled($plugid) )\r
5343                 {\r
5344                         $this->error(_ERROR_NOSUCHPLUGIN);\r
5345                 }\r
5346 \r
5347                 // 1. get old order number\r
5348                 $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);\r
5349                 $o   = sql_fetch_object($res);\r
5350                 $oldOrder = $o->porder;\r
5351 \r
5352                 $res = sql_query('SELECT * FROM ' . sql_table('plugin'));\r
5353                 $maxOrder = sql_num_rows($res);\r
5354 \r
5355                 // 2. calculate new order number\r
5356                 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;\r
5357 \r
5358                 // 3. update plug numbers\r
5359                 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);\r
5360                 sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);\r
5361 \r
5362                 //$this->action_pluginlist();\r
5363                 // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
5364                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
5365         }\r
5366         \r
5367         /**\r
5368          * Admin::action_pluginoptions()\r
5369          * \r
5370          * Output Plugin option page\r
5371          * \r
5372          * @access      public\r
5373          * @param       string $message message when fallbacked\r
5374          * @return      void\r
5375          * \r
5376          */\r
5377         public function action_pluginoptions($message = '')\r
5378         {\r
5379                 global $member, $manager;\r
5380                 \r
5381                 // check if allowed\r
5382                 $member->isAdmin() or $this->disallow();\r
5383                 \r
5384 //              $pid = (integer) requestVar('plugid');\r
5385                 $pid = intRequestVar('plugid');\r
5386                 if ( !$manager->pidInstalled($pid) )\r
5387                 {\r
5388                         $this->error(_ERROR_NOSUCHPLUGIN);\r
5389                 }\r
5390 \r
5391                 if ( isset($message) )\r
5392                 {\r
5393                         $this->headMess = $message;\r
5394                 }\r
5395                 $extrahead = "<script type=\"text/javascript\" src=\"javascript/numbercheck.js\"></script>\n";\r
5396                 $this->pagehead($extrahead);\r
5397                 $this->parse('pluginoptions');\r
5398                 $this->pagefoot();\r
5399                 return;\r
5400         }\r
5401         \r
5402         /**\r
5403          * Admin::action_pluginoptionsupdate()\r
5404          * \r
5405          * Update plugin options and fallback to plugin option page\r
5406          * \r
5407          * @access      public\r
5408          * @param       void\r
5409          * @return      void\r
5410          */\r
5411         public function action_pluginoptionsupdate()\r
5412         {\r
5413                 global $member, $manager;\r
5414                 \r
5415                 // check if allowed\r
5416                 $member->isAdmin() or $this->disallow();\r
5417                 \r
5418                 $pid = intRequestVar('plugid');\r
5419 //              $pid = (integer) requestVar('plugid');\r
5420                 if ( !$manager->pidInstalled($pid) )\r
5421                 {\r
5422                         $this->error(_ERROR_NOSUCHPLUGIN);\r
5423                 }\r
5424                 \r
5425                 $aOptions = requestArray('plugoption');\r
5426                 NucleusPlugin::apply_plugin_options($aOptions);\r
5427 \r
5428                 $manager->notify(\r
5429                         'PostPluginOptionsUpdate',\r
5430                         array(\r
5431                                 'context' => 'global',\r
5432                                 'plugid' => $pid\r
5433                         )\r
5434                 );\r
5435                 \r
5436                 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED);\r
5437                 return;\r
5438         }\r
5439         \r
5440         /**\r
5441          * Admin::_insertPluginOptions()\r
5442          * \r
5443          * Output plugin option field\r
5444          * \r
5445          * @access      public\r
5446          * @param string        $context        plugin option context\r
5447          * @param integer       $contextid      plugin option context id\r
5448          * @return      void\r
5449          */\r
5450         public function _insertPluginOptions($context, $contextid = 0)\r
5451         {\r
5452                 // get all current values for this contextid\r
5453                 // (note: this might contain doubles for overlapping contextids)\r
5454                 $aIdToValue = array();\r
5455                 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));\r
5456                 while ( $object = sql_fetch_object($res) )\r
5457                 {\r
5458                         $aIdToValue[$object->oid] = $object->ovalue;\r
5459                 }\r
5460                 \r
5461                 // get list of oids per pid\r
5462                 $query = 'SELECT '\r
5463                            . '    * '\r
5464                            . 'FROM '\r
5465                            .      sql_table('plugin_option_desc') . ', '\r
5466                            .      sql_table('plugin') . ' '\r
5467                            . 'WHERE '\r
5468                            . '    opid     = pid '\r
5469                            . 'and ocontext = "' . sql_real_escape_string($context) . '" '\r
5470                            . 'ORDER BY '\r
5471                            . '    porder, oid ASC';\r
5472                 $res   = sql_query($query);\r
5473                 $aOptions = array();\r
5474                 while ( $object = sql_fetch_object($res) )\r
5475                 {\r
5476                         if (in_array($object->oid, array_keys($aIdToValue)))\r
5477                         {\r
5478                                 $value = $aIdToValue[$object->oid];\r
5479                         }\r
5480                         else\r
5481                         {\r
5482                                 $value = $object->odef;\r
5483                         }\r
5484                         \r
5485                         array_push(\r
5486                                 $aOptions,\r
5487                                 array(\r
5488                                         'pid'         => $object->pid,\r
5489                                         'pfile'       => $object->pfile,\r
5490                                         'oid'         => $object->oid,\r
5491                                         'value'       => $value,\r
5492                                         'name'        => $object->oname,\r
5493                                         'description' => $object->odesc,\r
5494                                         'type'        => $object->otype,\r
5495                                         'typeinfo'    => $object->oextra,\r
5496                                         'contextid'   => $contextid,\r
5497                                         'extra'       => ''\r
5498                                 )\r
5499                         );\r
5500                 }\r
5501                 \r
5502                 global $manager;\r
5503                 $manager->notify(\r
5504                         'PrePluginOptionsEdit',\r
5505                         array(\r
5506                                 'context'   =>  $context,\r
5507                                 'contextid' =>  $contextid,\r
5508                                 'options'   =>& $aOptions\r
5509                         )\r
5510                 );\r
5511                 \r
5512                 $this->aOptions = $aOptions;\r
5513                 $this->parse('insertpluginoptions');\r
5514                 return;\r
5515         }\r
5516         \r
5517         /**\r
5518          * TODO: this document\r
5519          */\r
5520         function action_parseSpecialskin()\r
5521         {\r
5522                 $this->pagehead();\r
5523                 $this->parse($this->action);\r
5524                 $this->pagefoot();\r
5525         }\r
5526         \r
5527         function parse($type)\r
5528         {\r
5529                 global $manager, $CONF;\r
5530                 if ( $type == 'pagehead' )\r
5531                 {\r
5532                         $manager->notify(\r
5533                                         'InitAdminSkinParse',\r
5534                                         array(\r
5535                                                         'skin' => &$this->adminSkin,\r
5536                                                         'type' => $type\r
5537                                         )\r
5538                         );\r
5539                         // set output type\r
5540                         sendContentType($this->adminSkin->getContentType(), 'skin', i18n::get_current_charset());\r
5541                 }\r
5542                 // set skin name as global var (so plugins can access it)\r
5543                 global $currentSkinName;\r
5544                 $currentSkinName = $this->adminSkin->getName();\r
5545         \r
5546                 $contents = $this->adminSkin->getContent($type);\r
5547         \r
5548                 if ( !$contents )\r
5549                 {\r
5550                         // use base skin if this skin does not have contents\r
5551                         $defskin  = new Skin($CONF['DefaultAdminSkin']);\r
5552                         $contents = $defskin->getContent($type);\r
5553                         if ( !$contents )\r
5554                         {\r
5555                                 echo _ERROR_SKIN;\r
5556                                 return;\r
5557                         }\r
5558                 }\r
5559         \r
5560                 $actions = $this->adminSkin->getAllowedActionsForType($type);\r
5561         \r
5562                 if ( $type == 'pagehead' )\r
5563                 {\r
5564                         $manager->notify(\r
5565                                         'PreAdminSkinParse',\r
5566                                         array(\r
5567                                                         'skin'     => &$this->adminSkin,\r
5568                                                         'type'     => $type,\r
5569                                                         'contents' => &$contents\r
5570                                         )\r
5571                         );\r
5572                 }\r
5573         \r
5574                 // set IncludeMode properties of parser\r
5575                 PARSER::setProperty('IncludeMode', $this->adminSkin->getIncludeMode());\r
5576                 PARSER::setProperty('IncludePrefix', $this->adminSkin->getIncludePrefix());\r
5577         \r
5578                 if ( $type == 'createitem' || $type == 'itemedit' )\r
5579                 {\r
5580                         $handler = new Factory(intRequestVar('blogid'), $type, $this->adminSkin, $this);\r
5581                         $actions = array_merge($actions, $handler->actions);\r
5582                 } else {\r
5583                         $handler = new AdminActions($type, $this->adminSkin, $this);\r
5584                         $actions = array_merge($actions, AdminActions::get_allowed_actions_for_type($type));\r
5585                 }\r
5586                 $parser = new Parser($actions, $handler);\r
5587                 $handler->setParser($parser);\r
5588                 $handler->setSkin($this->adminSkin);\r
5589                 $parser->parse($contents);\r
5590         \r
5591                 if ( $type == 'pagefoot' )\r
5592                 {\r
5593                         $manager->notify(\r
5594                                 'PostAdminSkinParse',\r
5595                                 array(\r
5596                                         'skin' => &$this->adminSkin,\r
5597                                         'type' => $type,\r
5598                                 )\r
5599                         );\r
5600                 }\r
5601         }\r
5602         \r
5603         function getAdminskinIDFromName($skinname)\r
5604         {\r
5605                 $query     = 'SELECT `sdnumber` as result FROM `%s` WHERE `sdname` = "%s"';\r
5606                 $admnSknID = quickQuery(sprintf($query, sql_table('nucleus_adminskin_desc'), mysql_real_escape_string($skinname)));\r
5607                 return intval($adminSkinID);\r
5608         }\r
5609         \r
5610         function getAdminskinNameFromID($skinid)\r
5611         {\r
5612                 $query     = 'SELECT `sdname` as result FROM `%s` WHERE `sdnumber` = "%d"';\r
5613                 $admnSknID = quickQuery(sprintf($query, sql_table('nucleus_adminskin_desc'), intval($skinid)));\r
5614                 return intval($adminSkinID);\r
5615         }\r
5616         \r
5617         function action_importAdmin()\r
5618         {\r
5619                 global $DIR_ADMINSKINS, $action;\r
5620                 if ( $action == 'adminskinieimport' )\r
5621                 {\r
5622                         $this->_doAdminskinimport();\r
5623                 }\r
5624                 $skn = array();\r
5625                 if ( $action == 'showlogin' )\r
5626                 {\r
5627                         $skinName = 'showlogin';\r
5628                         $actnName = 'showlogin';\r
5629                 }\r
5630                 else\r
5631                 {\r
5632                         $skinName = 'defaultimporter';\r
5633                         $actnName = 'importAdmin';\r
5634                 }\r
5635                 $contents             = file_get_contents($DIR_ADMINSKINS . $skinName . '.skn');\r
5636                 $skn['id']            = 0;\r
5637                 $skn['description']   = $skinName;\r
5638                 $skn['contentType']   = 'importAdmin';\r
5639                 $skn['includeMode']   = 'normal';\r
5640                 $skn['includePrefix'] = '';\r
5641                 $skn['name']          = 'defaultinporter';\r
5642                 $this->adminSkin      = (object)$skn;\r
5643                 $handler              = new AdminActions($actnName, $this->adminSkin, $this);\r
5644                 $actions              = Skin::getAllowedActionsForType($actnName);\r
5645                 $parser = new PARSER($actions, $handler);\r
5646                 $handler->setParser($parser);\r
5647                 $handler->setSkin($this->adminSkin);\r
5648                 $parser->parse($contents);\r
5649         }\r
5650         \r
5651         /**\r
5652          * @todo document this\r
5653          */\r
5654         private function _doAdminskinimport()\r
5655         {\r
5656                 global $DIR_LIBS, $DIR_ADMINSKINS, $CONF, $member;\r
5657                 $member->isAdmin() or $this->disallow();\r
5658                 // load skinie class\r
5659                 include_once($DIR_LIBS . 'Skinie.php');\r
5660                 $skinFileRaw    = postVar('skinfile');\r
5661                 $mode           = postVar('mode');\r
5662                 $allowOverwrite = intPostVar('overwrite');\r
5663                 // get full filename\r
5664                 if ($mode == 'file') {\r
5665                         $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';\r
5666                 } else {\r
5667                         $skinFile = $skinFileRaw;\r
5668                 }\r
5669                 $importer = new SKINIMPORT();\r
5670                 $error    = $importer->readFile($skinFile);\r
5671                 if ($error) {\r
5672                         $this->error($error);\r
5673                 }\r
5674                 $error = $importer->writeToDatabase($allowOverwrite);\r
5675                 if ($error) {\r
5676                         $this->error($error);\r
5677                 }\r
5678         \r
5679                 $_REQUEST['skininfo']  = $importer->getInfo();\r
5680                 $_REQUEST['skinnames'] = $importer->getSkinNames();\r
5681                 $_REQUEST['tpltnames'] = $importer->getTemplateNames();\r
5682         \r
5683                 header('Location: ' . $CONF['AdminURL']);\r
5684                 exit;\r
5685         \r
5686         }\r
5687 \r
5688         /**\r
5689          * Returns a link to a weblog\r
5690          * @param object BLOG\r
5691          */\r
5692         function bloglink(&$blog) {\r
5693                 return '<a href="'.Entity::hsc($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. Entity::hsc( $blog->getName() ) .'</a>';\r
5694         }\r
5695 }\r