action_xxxx method) */ public $action; /** * @var object $adminSkin */ public $adminSkin; /** * @var string $extrahead */ public $extrahead; /** * @var bool $passvar */ public $passvar; /** * @var string $headMess */ public $headMess; public $aOptions; /** * Class constructor */ /* function ADMIN() { } */ function __construct() { global $member, $DIR_LIBS; $query = 'SELECT ' . ' COUNT(*) as result ' . 'FROM ' . sql_table('adminskin_desc'); if ( !(quickQuery($query)) ) { $this->action_importAdmin(); } if ( !isset($adminSkinid) || !($adminSkinid) ) { $adminSkinid = self::getAdminSkinID(); } if ( skinableSKIN::existsID($adminSkinid) ) { $this->adminSkin = new skinableSKIN($adminSkinid); } else { $this->adminSkin = 0; } } static private function getAdminSkinID() { global $CONF, $member, $manager; if (isset($member) && $member->isLoggedIn()) { $memskin = $member->getAdminSkin(); if ($memskin) { return $memskin; } } return $CONF['DefaultAdminSkin']; } function getAdminskinEditActions() { return array( 'adminskinoverview', 'adminskinieoverview', 'adminskinedittype', 'adminskinremovetype', 'adminskindelete', 'adminskinedit', 'adminskinieimport', 'adminskiniedoimport', 'admintemplateedit', 'admintemplateoverview', 'admintemplatedelete', ); } function getSkinlessActions() { return array( 'plugindeleteconfirm', 'pluginoptionsupdate', 'skinremovetypeconfirm', 'skinclone', 'skindeleteconfirm', 'skinnew', 'skineditgeneral', 'skinieexport', 'skinupdate', 'templateupdate', 'templatedeleteconfirm', 'templatenew', 'templateclone', 'adminskinremovetypeconfirm', 'adminskinclone', 'adminskindeleteconfirm', 'adminskinnew', 'adminskineditgeneral', 'adminskinieexport', 'adminskinupdate', 'admintemplateupdate', 'admintemplatedeleteconfirm', 'admintemplatenew', 'admintemplateclone', 'blogsettingsupdate', 'settingsupdate', 'addnewlog2', 'additem', 'itemdeleteconfirm', 'itemupdate', 'changemembersettings', 'clearactionlog', 'memberedit', ); } /** * Executes an action * * @param string $action action to be performed */ function action($action) { global $CONF, $manager; $f = false; // list of action aliases $alias = array( 'login' => 'overview', '' => 'overview' ); $customAction = postvar('customaction'); if ( !empty($customAction) ) { $alias = array( 'login' => $customAction, '' => $customAction ); } if ( isset($alias[$action]) ) { $action = $alias[$action]; } $methodName = 'action_' . $action; $this->action = strtolower($action); // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action // is an action that requires user interaction before something is actually done) // all safe actions are in this array: $aActionsNotToCheck = array( 'showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate', 'systemoverview', 'activatesetpwd', ); $synonimActions = array( 'banlistnewfromitem', 'memberedit', 'login', ); /* // the rest of the actions needs to be checked $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd'); */ $adminskinEditActions = $this->getAdminskinEditActions(); $skinLessActions = $this->getSkinlessActions(); $allowActions = array_merge($synonimActions, $this->getSkinlessActions()); $aActionsNotToCheck = array_merge($aActionsNotToCheck, $adminskinEditActions, $allowActions); if (!in_array($this->action, $aActionsNotToCheck) && !$this->existsSkinContents($action) ) { if (!$manager->checkTicket()) { $this->error(_ERROR_BADTICKET); } } if ( !$this->adminSkin && $CONF['DefaultAdminSkin'] ) { $this->adminSkin = new Skin($CONF['DefaultAdminSkin']); } if ( !method_exists($this, $methodName) && !in_array($this->action, $allowActions) && $this->existsSkinContents($action) ) { $this->action_parseSpecialskin; $f = true; } elseif ( method_exists($this, $methodName) ) { call_user_func(array(&$this, $methodName)); $f = true; } if ($f) { exit; } $id = self::getAdminSkinID(); $this->adminSkin = new skinableSKIN($id); if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') ) { $this->error(_BADACTION . ENTITY::hsc($action)); $f = true; } elseif ( $id != $CONF['DefaultAdminSkin'] ) { $this->adminSkin = new Skin($CONF['DefaultAdminSkin']); if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') ) { $this->error(_BADACTION . ENTITY::hsc($action)); $f = true; } } if ($f) { exit; } $this->error(_BADACTION . ENTITY::hsc($action)); } /** * Check skin contents * * @param string action type * @return bool */ function existsSkinContents($action) { $nsActions = $this->getSkinlessActions(); $in_array = in_array($action, $nsActions); if ($in_array) { return $in_array; } else { $query = 'SELECT ' . ' scontent as result ' . 'FROM ' . sql_table('adminskin') . ' ' . 'WHERE ' . ' sdesc = %d ' . 'AND stype = "%s"'; if ( is_object($this->adminSkin) ) { return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action))); } else { return quickQuery(sprintf($query, 1, sql_real_escape_string($action))); } } } /** * Check exists specialskinparts * * @param string action type * @return bool */ function specialActionsAllow($action) { $query = 'SELECT ' . ' sdesc as result ' . 'FROM ' . sql_table('adminskin') . ' ' . 'WHERE ' . ' sdesc = %d ' . 'AND stype = "%s"'; return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action))); } /** * @todo document this */ function action_showlogin() { global $error; $this->action_login($error); } /** * @todo document this */ function action_login($msg = '', $passvars = 1) { global $member; // skip to overview when allowed if ( $member->isLoggedIn() && $member->canLogin() ) { $this->action_overview(); exit; } $this->passvar = $passvars; if ( $msg ) { $this->headMess = $msg; } $this->pagehead(); $this->parse('showlogin'); $this->pagefoot(); } /** * provides a screen with the overview of the actions available * @todo document parameter */ function action_overview($msg = '') { if ( $msg ) { $this->headMess = $msg; } $this->pagehead(); $this->parse('overview'); $this->pagefoot(); } /** * @todo document this */ function action_manage($msg = '') { global $member; if ( $msg ) { $this->headMess = $msg; } $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('manage'); $this->pagefoot(); } /** * @todo document this */ function action_itemlist($blogid = '') { global $member, $manager, $CONF; if ( $blogid == '' ) { $blogid = intRequestVar('blogid'); } $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('itemlist'); $this->pagefoot(); } /** * @todo document this */ function action_batchitem() { global $member, $manager; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On move: when no destination blog/category chosen, show choice now $destCatid = intRequestVar('destcatid'); if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) ) { $this->batchMoveSelectDestination('item', $selected); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('item',$selected); } $this->pagehead(); $this->parse('batchitem'); $this->pagefoot(); } /** * @todo document this */ function action_batchcomment() { global $member; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('comment',$selected); } $this->pagehead(); $this->parse('batchcomment'); $this->pagefoot(); } /** * @todo document this */ function action_batchmember() { global $member; // check if logged in and admin ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no members selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('member',$selected); } $this->pagehead(); $this->parse('batchmember'); $this->pagefoot(); } /** * @todo document this */ function action_batchteam() { global $member; $blogid = intRequestVar('blogid'); // check if logged in and admin ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no members selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('team',$selected); } $this->pagehead(); $this->parse('batchmember'); $this->pagefoot(); } /** * @todo document this */ function action_batchcategory() { global $member, $manager; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On move: when no destination blog chosen, show choice now $destBlogId = intRequestVar('destblogid'); if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) ) { $this->batchMoveCategorySelectDestination('category', $selected); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('category', $selected); } $this->pagehead(); $this->parse('batchcategory'); $this->pagefoot(); } /** * @todo document this */ function batchMoveSelectDestination($type, $ids) { $this->pagehead(); $this->parse('batchmove'); $this->pagefoot(); exit; } /** * @todo document this */ function batchMoveCategorySelectDestination($type, $ids) { global $manager; $this->pagehead(); $this->parse('batchmovecat'); $this->pagefoot(); exit; } /** * @todo document this */ function batchAskDeleteConfirmation($type, $ids) { $this->pagehead(); $this->parse('batchdelete'); $this->pagefoot(); exit; } /** * Inserts a HTML select element with choices for all categories to which the current * member has access * @see function selectBlog */ function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); } /** * Inserts a HTML select element with choices for all blogs to which the user has access * mode = 'blog' => shows blognames and values are blogids * mode = 'category' => show category names and values are catids * * @param $iForcedBlogInclude * ID of a blog that always needs to be included, without checking if the * member is on the blog team (-1 = none) * @todo document parameters */ function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { global $member, $CONF; // 0. get IDs of blogs to which member can post items (+ forced blog) $aBlogIds = array(); if ( $iForcedBlogInclude != -1 ) { $aBlogIds[] = intval($iForcedBlogInclude); } if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) ) { $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; } else { $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); } $rblogids = sql_query($queryBlogs); while ($o = sql_fetch_object($rblogids)) { if ( $o->bnumber != $iForcedBlogInclude ) { $aBlogIds[] = intval($o->bnumber); } } if ( count($aBlogIds) == 0 ) { return; } $_REQUEST['selectData'] = array( 'name' => $name, 'tabindex' => $tabindex, 'mode' => $mode, 'selected' => $selected, 'showNewCat' => $showNewCat, 'aBlogIds' => $aBlogIds, ); $this->parse('blogselectbox'); } /** * @todo document this */ function action_browseownitems() { global $member, $manager, $CONF; $this->pagehead(); $this->parse('browseownitems'); $this->pagefoot(); } /** * Show all the comments for a given item * @param int $itemid */ function action_itemcommentlist($itemid = '') { global $member, $manager, $CONF; if ( $itemid == '' ) { $itemid = intRequestVar('itemid'); } $_REQUEST['itemid'] = $itemid; $_REQUEST['blogid'] = getBlogIdFromItemId($itemid); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $blogid = getBlogIdFromItemId($itemid); $this->pagehead(); $this->parse('itemcommentlist'); $this->pagefoot(); } /** * Browse own comments */ function action_browseowncomments() { $this->pagehead(); $this->parse('browseowncomments'); $this->pagefoot(); } /** * Browse all comments for a weblog * @param int $blogid */ function action_blogcommentlist($blogid = '') { global $member, $manager, $CONF; if ( $blogid == '' ) { $blogid = intRequestVar('blogid'); } else { $blogid = intval($blogid); } $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); $_REQUEST['blogid'] = $blogid; $this->pagehead(); $this->parse('blogcommentlist'); $this->pagefoot(); } /** * Provide a page to item a new item to the given blog */ function action_createitem() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->teamRights($blogid) or $this->disallow(); $memberid = $member->getID(); $blog =& $manager->getBlog($blogid); $this->pagehead(); $this->parse('createitem'); $this->pagefoot(); } /** * @todo document this */ function action_itemedit() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $item =& $manager->getItem($itemid, 1, 1); $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); $this->pagehead(); $this->parse('itemedit'); $this->pagefoot(); } /** * @todo document this */ function action_itemupdate() { global $member, $manager, $CONF; $itemid = intRequestVar('itemid'); $catid = postVar('catid'); // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); $actiontype = postVar('actiontype'); // delete actions are handled by itemdelete (which has confirmation) if ( $actiontype == 'delete' ) { $this->action_itemdelete(); return; } $body = postVar('body'); $title = postVar('title'); $more = postVar('more'); $closed = intPostVar('closed'); $draftid = intPostVar('draftid'); // default action = add now if ( !$actiontype ) { $actiontype='addnow'; } // create new category if needed if ( strstr($catid,'newcat') ) { // get blogid list($blogid) = sscanf($catid,"newcat-%d"); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if ( !$catid ) { $this->doError(_ERROR_CATCREATEFAIL); } } /* set some variables based on actiontype actiontypes: draft items -> addnow, addfuture, adddraft, delete non-draft items -> edit, changedate, delete variables set: $timestamp: set to a nonzero value for future dates or date changes $wasdraft: set to 1 when the item used to be a draft item $publish: set to 1 when the edited item is not a draft */ $blogid = getBlogIDFromItemID($itemid); $blog =& $manager->getBlog($blogid); $wasdrafts = array('adddraft', 'addfuture', 'addnow'); $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0; $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0; if ( $actiontype == 'addfuture' || $actiontype == 'changedate' ) { $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); } else { $timestamp =0; } // edit the item for real Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); $this->updateFuturePosted($blogid); if ( $draftid > 0 ) { // delete permission is checked inside Item::delete() Item::delete($draftid); } // show category edit window when we created a new category // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') if ( $catid != intPostVar('catid') ) { $this->action_categoryedit( $catid, $blog->getID(), $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) ); } else { // TODO: set start item correctly for itemlist $item = Item::getItem($itemid, 0, 0); $cnt = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']); $_REQUEST['start'] = $cnt + 1; $this->action_itemlist(getBlogIDFromItemID($itemid)); } } /** * Admin::action_itemdelete() * Delete item * * @param Void * @return Void */ function action_itemdelete() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); if ( !$manager->existsItem($itemid,1,1) ) { $this->error(_ERROR_NOSUCHITEM); } $this->pagehead(); $this->parse('itemdelete'); $this->pagefoot(); return; } /** * @todo document this */ function action_itemdeleteconfirm() { global $member; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); // get blogid first $blogid = getBlogIdFromItemId($itemid); // delete item (note: some checks will be performed twice) $this->deleteOneItem($itemid); $this->action_itemlist($blogid); } /** * Deletes one item and returns error if something goes wrong * @param int $itemid */ function deleteOneItem($itemid) { global $member, $manager; // only allow if user is allowed to alter item (also checks if itemid exists) if ( !$member->canAlterItem($itemid) ) { return _ERROR_DISALLOWED; } // need to get blogid before the item is deleted $blogid = getBlogIDFromItemId($itemid); $manager->loadClass('ITEM'); Item::delete($itemid); // update blog's futureposted $this->updateFuturePosted($blogid); } /** * Admin::updateFuturePosted() * Update a blog's future posted flag * * @param integer $blogid * @return void * */ function updateFuturePosted($blogid) { global $manager; $blogid = intval($blogid); $blog =& $manager->getBlog($blogid); $currenttime = $blog->getCorrectTime(time()); $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'"; $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime)); $result = sql_query($query); if ( sql_num_rows($result) > 0 ) { $blog->setFuturePost(); } else { $blog->clearFuturePost(); } return; } /** * @todo document this */ function action_itemmove() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $this->pagehead(); $this->parse('itemmove'); $this->pagefoot(); } /** * @todo document this */ function action_itemmoveto() { global $member, $manager; $itemid = intRequestVar('itemid'); $catid = requestVar('catid'); // create new category if needed if ( strstr($catid,'newcat') ) { // get blogid list($blogid) = sscanf($catid,'newcat-%d'); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if ( !$catid ) { $this->doError(_ERROR_CATCREATEFAIL); } } // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); $old_blogid = getBlogIDFromItemId($itemid); Item::move($itemid, $catid); // set the futurePosted flag on the blog $this->updateFuturePosted(getBlogIDFromItemId($itemid)); // reset the futurePosted in case the item is moved from one blog to another $this->updateFuturePosted($old_blogid); if ( $catid != intRequestVar('catid') ) { $this->action_categoryedit($catid, $blog->getID()); } else { $this->action_itemlist(getBlogIDFromCatID($catid)); } } /** * Moves one item to a given category (category existance should be checked by caller) * errors are returned * @param int $itemid * @param int $destCatid category ID to which the item will be moved */ function moveOneItem($itemid, $destCatid) { global $member; // only allow if user is allowed to move item if ( !$member->canUpdateItem($itemid, $destCatid) ) { return _ERROR_DISALLOWED; } Item::move($itemid, $destCatid); } /** * Adds a item to the chosen blog */ function action_additem() { global $manager, $CONF; $manager->loadClass('ITEM'); $result = Item::createFromRequest(); if ( $result['status'] == 'error' ) { $this->error($result['message']); } $blogid = getBlogIDFromItemID($result['itemid']); $blog =& $manager->getBlog($blogid); $btimestamp = $blog->getCorrectTime(); $item = $manager->getItem(intval($result['itemid']), 1, 1); if ( $result['status'] == 'newcategory' ) { $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid)); $this->action_categoryedit($result['catid'], $blogid, $distURI); } else { $methodName = 'action_itemList'; call_user_func(array(&$this, $methodName), $blogid); } } /** * Allows to edit previously made comments **/ function action_commentedit() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $this->pagehead(); $this->parse('commentedit'); $this->pagefoot(); } /** * @todo document this */ function action_commentupdate() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $url = postVar('url'); $email = postVar('email'); $body = postVar('body'); # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE # important note that '\' must be matched with '\\\\' in preg* expressions // intercept words that are too long if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE) { $this->error(_ERROR_COMMENT_LONGWORD); } // check length if ( i18n::strlen($body) < 3 ) { $this->error(_ERROR_COMMENT_NOCOMMENT); } if ( i18n::strlen($body) > 5000 ) { $this->error(_ERROR_COMMENT_TOOLONG); } // prepare body $body = Comment::prepareBody($body); // call plugins $manager->notify( 'PreUpdateComment', array( 'body' => &$body ) ); $query = 'UPDATE ' . sql_table('comment') . " SET " . " cmail = '" . sql_real_escape_string($url) . "'," . " cemail = '" . sql_real_escape_string($email) . "'," . " cbody = '" . sql_real_escape_string($body) . "'" . " WHERE " . " cnumber = " . $commentid; sql_query($query); // get itemid $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); $o = sql_fetch_object($res); $itemid = $o->citem; if ( $member->canAlterItem($itemid) ) { $this->action_itemcommentlist($itemid); } else { $this->action_browseowncomments(); } } /** * Admin::action_commentdelete() * Update comment * * @param Void * @return Void */ function action_commentdelete() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $this->pagehead(); $this->parse('commentdelete'); $this->pagefoot(); return; } /** * @todo document this */ function action_commentdeleteconfirm() { global $member; $commentid = intRequestVar('commentid'); // get item id first $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); $o = sql_fetch_object($res); $itemid = $o->citem; $error = $this->deleteOneComment($commentid); if ( $error ) { $this->doError($error); } if ( $member->canAlterItem($itemid) ) { $this->action_itemcommentlist($itemid); } else { $this->action_browseowncomments(); } } /** * @todo document this */ function deleteOneComment($commentid) { global $member, $manager; $commentid = intval($commentid); if ( !$member->canAlterComment($commentid) ) { return _ERROR_DISALLOWED; } $manager->notify( 'PreDeleteComment', array( 'commentid' => $commentid ) ); // delete the comments associated with the item $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cnumber=' . $commentid; sql_query($query); $manager->notify( 'PostDeleteComment', array( 'commentid' => $commentid ) ); return ''; } /** * Usermanagement main */ function action_usermanagement() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('usermanagement'); $this->pagefoot(); } /** * Edit member settings */ function action_memberedit() { $this->action_editmembersettings(intRequestVar('memberid')); } /** * @todo document this */ function action_editmembersettings($memberid = '') { global $member, $manager, $CONF; if ( $memberid == '' ) { $memberid = $member->getID(); } $_REQUEST['memberid'] = $memberid; // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $extrahead = ''; $this->pagehead($extrahead); $this->parse('editmembersettings'); $this->pagefoot(); } /** * @todo document this */ function action_changemembersettings() { global $member, $CONF, $manager; $memberid = intRequestVar('memberid'); // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $name = trim(strip_tags(postVar('name'))); $realname = trim(strip_tags(postVar('realname'))); $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); $email = strip_tags(postVar('email')); $url = strip_tags(postVar('url')); $adminskin = intPostVar('adminskin'); # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi: !eregi("^https?://", $url) // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. if ( !preg_match('#^https?://#', $url) ) { $url = 'http://' . $url; } $admin = postVar('admin'); $canlogin = postVar('canlogin'); $notes = strip_tags(postVar('notes')); $locale = postVar('locale'); $mem = Member::createFromID($memberid); if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { if ( !isValidDisplayName($name) ) { $this->error(_ERROR_BADNAME); } if ( ($name != $mem->getDisplayName()) && Member::exists($name) ) { $this->error(_ERROR_NICKNAMEINUSE); } if ( $password != $repeatpassword ) { $this->error(_ERROR_PASSWORDMISMATCH); } if ( $password && (i18n::strlen($password) < 6) ) { $this->error(_ERROR_PASSWORDTOOSHORT); } if ( $password ) { $pwdvalid = true; $pwderror = ''; $manager->notify( 'PrePasswordSet', array( 'password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid ) ); if ( !$pwdvalid ) { $this->error($pwderror); } } } if ( !NOTIFICATION::address_validation($email) ) { $this->error(_ERROR_BADMAILADDRESS); } if ( !$realname ) { $this->error(_ERROR_REALNAMEMISSING); } if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) ) { $this->error(_ERROR_NOSUCHTRANSLATION); } // check if there will remain at least one site member with both the logon and admin rights // (check occurs when taking away one of these rights from such a member) if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) ) { $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); if ( sql_num_rows($r) < 2 ) { $this->error(_ERROR_ATLEASTONEADMIN); } } if ( $CONF['AllowLoginEdit'] || $member->isAdmin() ) { $mem->setDisplayName($name); if ( $password ) { $mem->setPassword($password); } } $oldEmail = $mem->getEmail(); $mem->setRealName($realname); $mem->setEmail($email); $mem->setURL($url); $mem->setNotes($notes); $mem->setLocale($locale); // only allow super-admins to make changes to the admin status if ( $member->isAdmin() ) { $mem->setAdmin($admin); $mem->setCanLogin($canlogin); } $autosave = postVar('autosave'); $mem->setAutosave($autosave); $mem->write(); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::apply_plugin_options($aOptions); $manager->notify( 'PostPluginOptionsUpdate', array( 'context' => 'member', 'memberid' => $memberid, 'member' => &$mem ) ); // if email changed, generate new password if ( $oldEmail != $mem->getEmail() ) { $mem->sendActivationLink('addresschange', $oldEmail); // logout member $mem->newCookieKey(); // only log out if the member being edited is the current member. if ( $member->getID() == $memberid ) { $member->logout(); } $this->action_login(_MSG_ACTIVATION_SENT, 0); return; } if ( ( $mem->getID() == $member->getID() ) && ( $mem->getDisplayName() != $member->getDisplayName() ) ) { $mem->newCookieKey(); $member->logout(); $this->action_login(_MSG_LOGINAGAIN, 0); } else { $this->action_overview(_MSG_SETTINGSCHANGED); } } /** * Admin::action_memberadd() * * @param void * @return void * */ function action_memberadd() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); if ( postVar('password') != postVar('repeatpassword') ) { $this->error(_ERROR_PASSWORDMISMATCH); } if ( i18n::strlen(postVar('password')) < 6 ) { $this->error(_ERROR_PASSWORDTOOSHORT); } $res = Member::create( postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes') ); if ( $res != 1 ) { $this->error($res); } // fire PostRegister event $newmem = new Member(); $newmem->readFromName(postVar('name')); $manager->notify( 'PostRegister', array( 'member' => &$newmem ) ); $this->action_usermanagement(); return; } /** * Account activation * * @author dekarma */ function action_activate() { $key = getVar('key'); $this->_showActivationPage($key); } /** * @todo document this */ function _showActivationPage($key, $message = '') { global $manager; // clean up old activation keys Member::cleanupActivationTable(); // get activation info $info = Member::getActivationInfo($key); if ( !$info ) { $this->error(_ERROR_ACTIVATE); } $mem = Member::createFromId($info->vmember); if ( !$mem ) { $this->error(_ERROR_ACTIVATE); } $_POST['ackey'] = $key; $this->headMess = $message; $_POST['bNeedsPasswordChange'] = true; $this->pagehead(); $this->parse('activate'); $this->pagefoot(); } /** * Account activation - set password part * * @author dekarma */ function action_activatesetpwd() { $key = postVar('key'); // clean up old activation keys Member::cleanupActivationTable(); // get activation info $info = Member::getActivationInfo($key); if ( !$info || ($info->type == 'addresschange') ) { return $this->_showActivationPage($key, _ERROR_ACTIVATE); } $mem = Member::createFromId($info->vmember); if ( !$mem ) { return $this->_showActivationPage($key, _ERROR_ACTIVATE); } $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); if ( $password != $repeatpassword ) { return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); } if ( $password && (i18n::strlen($password) < 6) ) { return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); } if ( $password ) { $pwdvalid = true; $pwderror = ''; global $manager; $manager->notify( 'PrePasswordSet', array( 'password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid ) ); if ( !$pwdvalid ) { return $this->_showActivationPage($key,$pwderror); } } $error = ''; $manager->notify( 'ValidateForm', array( 'type' => 'activation', 'member' => $mem, 'error' => &$error ) ); if ( $error != '' ) { return $this->_showActivationPage($key, $error); } // set password $mem->setPassword($password); $mem->write(); // do the activation Member::activate($key); $this->pagehead(); $this->parse('activatesetpwd'); $this->pagefoot(); } /** * Manage team */ function action_manageteam() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $this->pagehead(); $this->parse('manageteam'); $this->pagefoot(); } /** * Add member to team */ function action_teamaddmember() { global $member, $manager; $memberid = intPostVar('memberid'); $blogid = intPostVar('blogid'); $admin = intPostVar('admin'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); if ( !$blog->addTeamMember($memberid, $admin) ) { $this->error(_ERROR_ALREADYONTEAM); } $this->action_manageteam(); } /** * @todo document this */ function action_teamdelete() { global $member, $manager; $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $teammem = Member::createFromID($memberid); $blog =& $manager->getBlog($blogid); $this->pagehead(); $this->parse('teamdelete'); $this->pagefoot(); } /** * @todo document this */ function action_teamdeleteconfirm() { global $member; $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); $error = $this->deleteOneTeamMember($blogid, $memberid); if ( $error ) { $this->error($error); } $this->action_manageteam(); } /** * @todo document this */ function deleteOneTeamMember($blogid, $memberid) { global $member, $manager; $blogid = intval($blogid); $memberid = intval($memberid); // check if allowed if ( !$member->blogAdminRights($blogid) ) { return _ERROR_DISALLOWED; } // check if: - there remains at least one blog admin // - (there remains at least one team member) $tmem = Member::createFromID($memberid); $manager->notify( 'PreDeleteTeamMember', array( 'member' => &$tmem, 'blogid' => $blogid ) ); if ( $tmem->isBlogAdmin($blogid) ) { // check if there are more blog members left and at least one admin // (check for at least two admins before deletion) $query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid . ' and tadmin=1'; $r = sql_query($query); if ( sql_num_rows($r) < 2 ) { return _ERROR_ATLEASTONEBLOGADMIN; } } $query = 'DELETE FROM ' . sql_table('team') . " WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); $manager->notify( 'PostDeleteTeamMember', array( 'member' => &$tmem, 'blogid' => $blogid ) ); return ''; } /** * @todo document this */ function action_teamchangeadmin() { global $member; $blogid = intRequestVar('blogid'); $memberid = intRequestVar('memberid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $mem = Member::createFromID($memberid); // don't allow when there is only one admin at this moment if ( $mem->isBlogAdmin($blogid) ) { $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); if ( sql_num_rows($r) == 1 ) { $this->error(_ERROR_ATLEASTONEBLOGADMIN); } } if ( $mem->isBlogAdmin($blogid) ) { $newval = 0; } else { $newval = 1; } $query = 'UPDATE ' . sql_table('team') . " SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); // only show manageteam if member did not change its own admin privileges if ( $member->isBlogAdmin($blogid) ) { $this->action_manageteam(); } else { $this->action_overview(_MSG_ADMINCHANGED); } } /** * @todo document this */ function action_blogsettings() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $extrahead = ''; $this->pagehead($extrahead); $this->parse('blogsettings'); $this->pagefoot(); } /** * @todo document this */ function action_categorynew() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $cname = postVar('cname'); $cdesc = postVar('cdesc'); if ( !isValidCategoryName($cname) ) { $this->error(_ERROR_BADCATEGORYNAME); } $query = 'SELECT * FROM ' . sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname) . '\' and cblog=' . intval($blogid); $res = sql_query($query); if ( sql_num_rows($res) > 0 ) { $this->error(_ERROR_DUPCATEGORYNAME); } $blog =& $manager->getBlog($blogid); $newCatID = $blog->createNewCategory($cname, $cdesc); $this->action_blogsettings(); } /** * @todo document this */ function action_categoryedit($catid = '', $blogid = '', $desturl = '') { global $member, $manager; if ( $blogid == '' ) { $blogid = intGetVar('blogid'); } else { $blogid = intval($blogid); } if ( $catid == '' ) { $catid = intGetVar('catid'); } else { $catid = intval($catid); } $_REQUEST['blogid'] = $blogid; $_REQUEST['catid'] = $catid; $_REQUEST['desturl'] = $desturl; $member->blogAdminRights($blogid) or $this->disallow(); $extrahead = ''; $this->pagehead($extrahead); $this->parse('categoryedit'); $this->pagefoot(); } /** * @todo document this */ function action_categoryupdate() { global $member, $manager; $blogid = intPostVar('blogid'); $catid = intPostVar('catid'); $cname = postVar('cname'); $cdesc = postVar('cdesc'); $desturl = postVar('desturl'); $member->blogAdminRights($blogid) or $this->disallow(); if ( !isValidCategoryName($cname) ) { $this->error(_ERROR_BADCATEGORYNAME); } $query = "SELECT *" . " FROM " . sql_table('category') . " WHERE cname='" . sql_real_escape_string($cname) . "'" . " and cblog=" . intval($blogid) . " and not(catid=" . intval($catid) . ")"; $res = sql_query($query); if ( sql_num_rows($res) > 0 ) { $this->error(_ERROR_DUPCATEGORYNAME); } $query = 'UPDATE '.sql_table('category').' SET' . " cname='" . sql_real_escape_string($cname) . "'," . " cdesc='" . sql_real_escape_string($cdesc) . "'" . " WHERE catid=" . intval($catid); sql_query($query); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::apply_plugin_options($aOptions); $manager->notify( 'PostPluginOptionsUpdate', array( 'context' => 'category', 'catid' => $catid ) ); if ( $desturl ) { redirect($desturl); exit; } else { $this->action_blogsettings(); } } /** * @todo document this */ function action_categorydelete() { global $member, $manager; $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); // check if the category is valid if ( !$blog->isValidCategory($catid) ) { $this->error(_ERROR_NOSUCHCATEGORY); } // don't allow deletion of default category if ( $blog->getDefaultCategory() == $catid ) { $this->error(_ERROR_DELETEDEFCATEGORY); } // check if catid is the only category left for blogid $query = 'SELECT catid FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid; $res = sql_query($query); if ( sql_num_rows($res) == 1 ) { $this->error(_ERROR_DELETELASTCATEGORY); } $this->pagehead(); $this->parse('categorydelete'); $this->pagefoot(); } /** * @todo document this */ function action_categorydeleteconfirm() { global $member, $manager; $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); $member->blogAdminRights($blogid) or $this->disallow(); $error = $this->deleteOneCategory($catid); if ( $error ) { $this->error($error); } $this->action_blogsettings(); } /** * Admin::deleteOneCategory() * Delete a category by its id * * @param String $catid category id for deleting * @return Void */ function deleteOneCategory($catid) { global $manager, $member; $catid = intval($catid); $blogid = getBlogIDFromCatID($catid); if ( !$member->blogAdminRights($blogid) ) { return ERROR_DISALLOWED; } // get blog $blog =& $manager->getBlog($blogid); // check if the category is valid if ( !$blog || !$blog->isValidCategory($catid) ) { return _ERROR_NOSUCHCATEGORY; } $destcatid = $blog->getDefaultCategory(); // don't allow deletion of default category if ( $blog->getDefaultCategory() == $catid ) { return _ERROR_DELETEDEFCATEGORY; } // check if catid is the only category left for blogid $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; $res = sql_query($query); if ( sql_num_rows($res) == 1 ) { return _ERROR_DELETELASTCATEGORY; } $manager->notify( 'PreDeleteCategory', array( 'catid' => $catid ) ); // change category for all items to the default category $query = 'UPDATE ' . sql_table('item') . " SET icat=$destcatid WHERE icat=$catid"; sql_query($query); // delete all associated plugin options NucleusPlugin::delete_option_values('category', $catid); // delete category $query = 'DELETE FROM ' . sql_table('category') . ' WHERE catid=' . $catid; sql_query($query); $manager->notify( 'PostDeleteCategory', array( 'catid' => $catid ) ); return; } /** * Admin::action_blogsettingsupdate * Updating blog settings * * @param Void * @return Void */ function action_blogsettingsupdate() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $notify_address = trim(postVar('notify')); $shortname = trim(postVar('shortname')); $updatefile = trim(postVar('update')); $notifyComment = intPostVar('notifyComment'); $notifyVote = intPostVar('notifyVote'); $notifyNewItem = intPostVar('notifyNewItem'); if ( $notifyComment == 0 ) { $notifyComment = 1; } if ( $notifyVote == 0 ) { $notifyVote = 1; } if ( $notifyNewItem == 0 ) { $notifyNewItem = 1; } $notifyType = $notifyComment * $notifyVote * $notifyNewItem; if ( $notify_address && !NOTIFICATION::address_validation($notify_address) ) { $this->error(_ERROR_BADNOTIFY); } if ( !isValidShortName($shortname) ) { $this->error(_ERROR_BADSHORTBLOGNAME); } if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) ) { $this->error(_ERROR_DUPSHORTBLOGNAME); } // check if update file is writable if ( $updatefile && !is_writeable($updatefile) ) { $this->error(_ERROR_UPDATEFILE); } $blog->setName(trim(postVar('name'))); $blog->setShortName($shortname); $blog->setNotifyAddress($notify_address); $blog->setNotifyType($notifyType); $blog->setMaxComments(postVar('maxcomments')); $blog->setCommentsEnabled(postVar('comments')); $blog->setTimeOffset(postVar('timeoffset')); $blog->setUpdateFile($updatefile); $blog->setURL(trim(postVar('url'))); $blog->setDefaultSkin(intPostVar('defskin')); $blog->setDescription(trim(postVar('desc'))); $blog->setPublic(postVar('public')); $blog->setConvertBreaks(intPostVar('convertbreaks')); $blog->setAllowPastPosting(intPostVar('allowpastposting')); $blog->setDefaultCategory(intPostVar('defcat')); $blog->setSearchable(intPostVar('searchable')); $blog->setEmailRequired(intPostVar('reqemail')); $blog->writeSettings(); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::apply_plugin_options($aOptions); $manager->notify( 'PostPluginOptionsUpdate', array( 'context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog ) ); $this->action_overview(_MSG_SETTINGSCHANGED); return; } /** * @todo document this */ function action_deleteblog() { global $member, $CONF, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); // check if blog is default blog if ( $CONF['DefaultBlog'] == $blogid ) { $this->error(_ERROR_DELDEFBLOG); } $blog =& $manager->getBlog($blogid); $this->pagehead(); $this->parse('deleteblog'); $this->pagefoot(); } /** * Admin::action_deleteblogconfirm() * Delete Blog * * @param Void * @return Void */ function action_deleteblogconfirm() { global $member, $CONF, $manager; $blogid = intRequestVar('blogid'); $manager->notify( 'PreDeleteBlog', array( 'blogid' => $blogid ) ); $member->blogAdminRights($blogid) or $this->disallow(); // check if blog is default blog if ( $CONF['DefaultBlog'] == $blogid ) { $this->error(_ERROR_DELDEFBLOG); } // delete all comments $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid; sql_query($query); // delete all items $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid; sql_query($query); // delete all team members $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid; sql_query($query); // delete all bans $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid; sql_query($query); // delete all categories $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid; sql_query($query); // delete all associated plugin options NucleusPlugin::delete_option_values('blog', $blogid); // delete the blog itself $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid; sql_query($query); $manager->notify( 'PostDeleteBlog', array( 'blogid' => $blogid ) ); $this->action_overview(_DELETED_BLOG); return; } /** * @todo document this */ function action_memberdelete() { global $member, $manager; $memberid = intRequestVar('memberid'); ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $mem = Member::createFromID($memberid); $this->pagehead(); $this->parse('memberdelete'); $this->pagefoot(); } /** * @todo document this */ function action_memberdeleteconfirm() { global $member; $memberid = intRequestVar('memberid'); ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $error = $this->deleteOneMember($memberid); if ( $error ) { $this->error($error); } if ( $member->isAdmin() ) { $this->action_usermanagement(); } else { $this->action_overview(_DELETED_MEMBER); } } /** * Admin::deleteOneMember() * Delete a member by id * * @static * @params Integer $memberid member id * @return String null string or error messages */ function deleteOneMember($memberid) { global $manager; $memberid = intval($memberid); $mem = Member::createFromID($memberid); if ( !$mem->canBeDeleted() ) { return _ERROR_DELETEMEMBER; } $manager->notify( 'PreDeleteMember', array( 'member' => &$mem ) ); /* unlink comments from memberid */ if ( $memberid ) { $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d"; $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid); sql_query($query); } $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid; sql_query($query); $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid; sql_query($query); $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid; sql_query($query); // delete all associated plugin options NucleusPlugin::delete_option_values('member', $memberid); $manager->notify( 'PostDeleteMember', array( 'member' => &$mem ) ); return ''; } /** * @todo document this */ function action_createnewlog() { global $member, $CONF, $manager; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('createnewlog'); $this->pagefoot(); } /** * @todo document this */ function action_addnewlog() { global $member, $manager, $CONF; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $bname = trim(postVar('name')); $bshortname = trim(postVar('shortname')); $btimeoffset = postVar('timeoffset'); $bdesc = trim(postVar('desc')); $bdefskin = postVar('defskin'); if ( !isValidShortName($bshortname) ) { $this->error(_ERROR_BADSHORTBLOGNAME); } if ( $manager->existsBlog($bshortname) ) { $this->error(_ERROR_DUPSHORTBLOGNAME); } $manager->notify( 'PreAddBlog', array( 'name' => &$bname, 'shortname' => &$bshortname, 'timeoffset' => &$btimeoffset, 'description' => &$bdesc, 'defaultskin' => &$bdefskin ) ); // add slashes for sql queries $bname = sql_real_escape_string($bname); $bshortname = sql_real_escape_string($bshortname); $btimeoffset = sql_real_escape_string($btimeoffset); $bdesc = sql_real_escape_string($bdesc); $bdefskin = sql_real_escape_string($bdefskin); // create blog $query = 'INSERT ' . 'INTO ' . sql_table('blog') . '(' . ' bname, ' . ' bshortname, ' . ' bdesc, ' . ' btimeoffset, ' . ' bdefskin' . ') VALUES (' . "'" . $bname . "'," . "'" . $bshortname . "'," . "'" . $bdesc . "'," . "'" . $btimeoffset . "'," . "'" . $bdefskin . "'" . ")"; sql_query($query); $blogid = sql_insert_id(); $blog =& $manager->getBlog($blogid); // create new category $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General'); $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories'); $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")'; sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc)); $catid = sql_insert_id(); // set as default category $blog->setDefaultCategory($catid); $blog->writeSettings(); // create team member $memberid = $member->getID(); $query = 'INSERT ' . 'INTO ' . sql_table('team') . '(' . ' tmember, ' . ' tblog, ' . ' tadmin' . ') VALUES (' . '%d, ' . '%d, ' . ' 1' . ')'; sql_query(sprintf($query), $memberid, $blogid); $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); $blog->additem( $blog->getDefaultCategory(), $itemdeftitle,$itemdefbody, '', $blogid, $memberid, $blog->getCorrectTime(), 0, 0, 0 ); $manager->notify( 'PostAddBlog', array( 'blog' => &$blog ) ); $manager->notify( 'PostAddCategory', array( 'blog' => &$blog, 'name' => _EBLOGDEFAULTCATEGORY_NAME, 'description' => _EBLOGDEFAULTCATEGORY_DESC, 'catid' => $catid ) ); $_REQUEST['blogid'] = $blogid; $_REQUEST['catid'] = $catid; $this->pagehead(); $this->parse('addnewlog'); $this->pagefoot(); } /** * @todo document this */ function action_addnewlog2() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $burl = requestVar('url'); $blog =& $manager->getBlog($blogid); $blog->setURL(trim($burl)); $blog->writeSettings(); $this->action_overview(_MSG_NEWBLOG); } /** * @todo document this */ function action_skinieoverview() { global $member, $DIR_LIBS, $manager; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $this->pagehead(); $this->parse('skinieoverview'); $this->pagefoot(); } /** * @todo document this */ function action_skinieimport() { global $member, $DIR_LIBS, $DIR_SKINS, $manager; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $skinFileRaw= postVar('skinfile'); $mode = postVar('mode'); $importer = new SkinImport(); // get full filename if ($mode == 'file') { $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; } else { $skinFile = $skinFileRaw; } // read only metadata $error = $importer->readFile($skinFile, 1); // clashes $skinNameClashes = $importer->checkSkinNameClashes(); $templateNameClashes = $importer->checkTemplateNameClashes(); $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); if ($error) $this->error($error); $this->pagehead(); echo '

(',_BACK,')

'; ?>

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_skiniedoimport() { global $member, $DIR_LIBS, $DIR_SKINS; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $skinFileRaw= postVar('skinfile'); $mode = postVar('mode'); $allowOverwrite = intPostVar('overwrite'); // get full filename if ($mode == 'file') { $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; } else { $skinFile = $skinFileRaw; } $importer = new SkinImport(); $error = $importer->readFile($skinFile); if ($error) $this->error($error); $error = $importer->writeToDatabase($allowOverwrite); if ($error) $this->error($error); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; ?>

pagefoot(); } /** * @todo document this */ function action_skinieexport() { global $member, $DIR_LIBS; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $aSkins = requestIntArray('skin'); $aTemplates = requestIntArray('template'); if (!is_array($aTemplates)) $aTemplates = array(); if (!is_array($aSkins)) $aSkins = array(); $skinList = array_keys($aSkins); $templateList = array_keys($aTemplates); $info = postVar('info'); $exporter = new SkinExport(); foreach ($skinList as $skinId) { $exporter->addSkin($skinId); } foreach ($templateList as $templateId) { $exporter->addTemplate($templateId); } $exporter->setInfo($info); $exporter->export(); } /** * @todo document this */ function action_templateoverview() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; echo '

' . _TEMPLATE_TITLE . '

'; echo '

' . _TEMPLATE_AVAILABLE_TITLE . '

'; $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname'; $template['content'] = 'templatelist'; $template['tabindex'] = 10; showlist($query,'table',$template); echo '

' . _TEMPLATE_NEW_TITLE . '

'; ?>
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_templateedit($msg = '') { global $member, $manager; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); $extrahead = ''; $extrahead .= ''; $this->pagehead($extrahead); $templatename = Template::getNameFromId($templateid); $templatedescription = Template::getDesc($templateid); $template =& $manager->getTemplate($templatename); ?>

()

''

"._MESSAGE.": $msg

"; ?>

addTicketHidden() ?> _templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); ?> _templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); ?> _templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); ?> _templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); ?> _templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); ?> _templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160); $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170); $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180); ?> _templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190); $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200); $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210); ?> _templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220); $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230); $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240); $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250); $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260); ?> _templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270); $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280); $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290); ?> _templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300); $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310); ?> notify('TemplateExtraFields',array('fields'=>&$pluginfields)); foreach ($pluginfields as $pfkey=>$pfvalue) { echo "\n"; echo '\n"; foreach ($pfvalue as $pffield=>$pfdesc) { $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0); } } ?>
' . Entity::hen($pfkey) . "
pagefoot(); } /** * @todo document this */ function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { static $count = 1; if (!isset($template[$name])) $template[$name] = ''; ?> isAdmin() or $this->disallow(); $name = postVar('tname'); $desc = postVar('tdesc'); if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); if ((Template::getNameFromId($templateid) != $name) && Template::exists($name)) $this->error(_ERROR_DUPTEMPLATENAME); $name = sql_real_escape_string($name); $desc = sql_real_escape_string($desc); // 1. Remove all template parts $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid; sql_query($query); // 2. Update description $query = 'UPDATE '.sql_table('template_desc').' SET' . " tdname='" . $name . "'," . " tddesc='" . $desc . "'" . " WHERE tdnumber=" . $templateid; sql_query($query); // 3. Add non-empty template parts $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); $this->addToTemplate($templateid, 'ITEM', postVar('ITEM')); $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER')); $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK')); $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); $this->addToTemplate($templateid, 'NEW', postVar('NEW')); $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER')); $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY')); $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER')); $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED')); $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH')); $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH')); $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE')); $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY')); $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE')); $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER')); $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM')); $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER')); $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER')); $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM')); $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER')); $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER')); $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM')); $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER')); $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER')); $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER')); $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE')); $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME')); $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE')); $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT')); $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND')); $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE')); $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE')); $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE')); $pluginfields = array(); $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields)); foreach ($pluginfields as $pfkey=>$pfvalue) { foreach ($pfvalue as $pffield=>$pfdesc) { $this->addToTemplate($templateid, $pffield, postVar($pffield)); } } // jump back to template edit $this->action_templateedit(_TEMPLATE_UPDATED); } /** * Admin::addToTemplate() * * @param Integer $id ID for template * @param String $partname parts name * @param String $content template contents * @return Integer record index * */ function addToTemplate($id, $partname, $content) { // don't add empty parts: if ( !trim($content) ) { return -1; } $partname = sql_real_escape_string($partname); $content = sql_real_escape_string($content); $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, '%s', '%s')"; $query = sprintf($query, sql_table('template'), (integer) $id, $partname, $content); sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error()); return sql_insert_id(); } /** * @todo document this */ function action_templatedelete() { global $member, $manager; $member->isAdmin() or $this->disallow(); $templateid = intRequestVar('templateid'); // TODO: check if template can be deleted $this->pagehead(); $name = Template::getNameFromId($templateid); $desc = Template::getDesc($templateid); ?>

()

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_templatedeleteconfirm() { global $member, $manager; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); // 1. delete description sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); // 2. delete parts sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); $this->action_templateoverview(); } /** * @todo document this */ function action_templatenew() { global $member; $member->isAdmin() or $this->disallow(); $name = postVar('name'); $desc = postVar('desc'); if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); if (Template::exists($name)) $this->error(_ERROR_DUPTEMPLATENAME); $newTemplateId = Template::createNew($name, $desc); $this->action_templateoverview(); } /** * @todo document this */ function action_templateclone() { global $member; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); // 1. read old template $name = Template::getNameFromId($templateid); $desc = Template::getDesc($templateid); // 2. create desc thing $name = "cloned" . $name; // if a template with that name already exists: if (Template::exists($name)) { $i = 1; while (Template::exists($name . $i)) $i++; $name .= $i; } $newid = Template::createNew($name, $desc); // 3. create clone // go through parts of old template and add them to the new one $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); while ($o = sql_fetch_object($res)) { $this->addToTemplate($newid, $o->tpartname, $o->tcontent); } $this->action_templateoverview(); } /** * @todo document this */ function action_skinoverview() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; echo '

' . _SKIN_EDIT_TITLE . '

'; echo '

' . _SKIN_AVAILABLE_TITLE . '

'; $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname'; $template['content'] = 'skinlist'; $template['tabindex'] = 10; showlist($query,'table',$template); echo '

' . _SKIN_NEW_TITLE . '

'; ?>
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_skinnew() { global $member; $member->isAdmin() or $this->disallow(); $name = trim(postVar('name')); $desc = trim(postVar('desc')); if (!isValidSkinName($name)) $this->error(_ERROR_BADSKINNAME); if (SKIN::exists($name)) $this->error(_ERROR_DUPSKINNAME); $newId = SKIN::createNew($name, $desc); $this->action_skinoverview(); } /** * @todo document this */ function action_skinedit() { global $member, $manager; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); $skin = new SKIN($skinid); $this->pagehead(); ?>

()

'getName() ?>'

' . _SKIN_PARTS_SPECIAL . ''; echo '
' . "\r\n"; echo '' . "\r\n"; echo '' . "\r\n"; echo '' . "\r\n"; echo '' . "\r\n"; echo '
' . "\r\n"; if ($res && sql_num_rows($res) > 0) { echo ''; } ?>

addTicketHidden() ?>
input_yesno('inc_mode',$skin->getIncludeMode(),120,'skindir','normal',_PARSER_INCMODE_SKINDIR,_PARSER_INCMODE_NORMAL);?>
pagefoot(); } /** * @todo document this */ function action_skineditgeneral() { global $member; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); $name = postVar('name'); $desc = postVar('desc'); $type = postVar('type'); $inc_mode = postVar('inc_mode'); $inc_prefix = postVar('inc_prefix'); $skin = new SKIN($skinid); // 1. Some checks if (!isValidSkinName($name)) $this->error(_ERROR_BADSKINNAME); if (($skin->getName() != $name) && SKIN::exists($name)) $this->error(_ERROR_DUPSKINNAME); if (!$type) $type = 'text/html'; if (!$inc_mode) $inc_mode = 'normal'; // 2. Update description $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix); $this->action_skinedit(); } /** * @todo document this */ function action_skinedittype($msg = '') { global $member, $manager; $skinid = intRequestVar('skinid'); $type = requestVar('type'); $member->isAdmin() or $this->disallow(); $type = trim($type); $type = strtolower($type); if (!isValidShortName($type)) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT); } $skin = new SKIN($skinid); $friendlyNames = SKIN::getFriendlyNames(); $this->pagehead(); ?>

()

'getName()) ?>':

"._MESSAGE.": $msg

"; ?>
addTicketHidden() ?> (skin type: )

(skin type: )

"; if (count($actions) != 0) echo ", "; } echo '

' . _SKINEDIT_ALLOWEDBLOGS; $query = 'SELECT bshortname, bname FROM '.sql_table('blog'); showlist($query,'table',array('content'=>'shortblognames')); echo '
' . _SKINEDIT_ALLOWEDTEMPLATESS; $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc'); showlist($query,'table',array('content'=>'shortnames')); echo '
'; $this->pagefoot(); } /** * @todo document this */ function action_skinupdate() { global $member; $skinid = intRequestVar('skinid'); $content = trim(postVar('content')); $type = postVar('type'); $member->isAdmin() or $this->disallow(); $skin = new SKIN($skinid); $skin->update($type, $content); $this->action_skinedittype(_SKIN_UPDATED); } /** * @todo document this */ function action_skindelete() { global $member, $manager, $CONF; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // don't allow default skin to be deleted if ($skinid == $CONF['BaseSkin']) $this->error(_ERROR_DEFAULTSKIN); // don't allow deletion of default skins for blogs $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; $r = sql_query($query); if ($o = sql_fetch_object($r)) $this->error(_ERROR_SKINDEFDELETE . Entity::hsc($o->bname)); $this->pagehead(); $skin = new SKIN($skinid); $name = $skin->getName(); $desc = $skin->getDescription(); ?>

()

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_skindeleteconfirm() { global $member, $CONF, $manager; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // don't allow default skin to be deleted if ($skinid == $CONF['BaseSkin']) $this->error(_ERROR_DEFAULTSKIN); // don't allow deletion of default skins for blogs $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; $r = sql_query($query); if ($o = sql_fetch_object($r)) $this->error(_ERROR_SKINDEFDELETE .$o->bname); $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); // 1. delete description sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); // 2. delete parts sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); $this->action_skinoverview(); } /** * @todo document this */ function action_skinremovetype() { global $member, $manager, $CONF; $skinid = intRequestVar('skinid'); $skintype = requestVar('type'); if (!isValidShortName($skintype)) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $member->isAdmin() or $this->disallow(); // don't allow default skinparts to be deleted if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $this->pagehead(); $skin = new SKIN($skinid); $name = $skin->getName(); $desc = $skin->getDescription(); ?>

() ()

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_skinremovetypeconfirm() { global $member, $CONF, $manager; $skinid = intRequestVar('skinid'); $skintype = requestVar('type'); if (!isValidShortName($skintype)) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $member->isAdmin() or $this->disallow(); // don't allow default skinparts to be deleted if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); // delete part sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\''); $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); $this->action_skinedit(); } /** * @todo document this */ function action_skinclone() { global $member; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // 1. read skin to clone $skin = new SKIN($skinid); $name = "clone_" . $skin->getName(); // if a skin with that name already exists: if (SKIN::exists($name)) { $i = 1; while (SKIN::exists($name . $i)) $i++; $name .= $i; } // 2. create skin desc $newid = SKIN::createNew( $name, $skin->getDescription(), $skin->getContentType(), $skin->getIncludeMode(), $skin->getIncludePrefix() ); // 3. clone /* $this->skinclonetype($skin, $newid, 'index'); $this->skinclonetype($skin, $newid, 'item'); $this->skinclonetype($skin, $newid, 'archivelist'); $this->skinclonetype($skin, $newid, 'archive'); $this->skinclonetype($skin, $newid, 'search'); $this->skinclonetype($skin, $newid, 'error'); $this->skinclonetype($skin, $newid, 'member'); $this->skinclonetype($skin, $newid, 'imagepopup'); */ $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid; $res = sql_query($query); while ($row = sql_fetch_assoc($res)) { $this->skinclonetype($skin, $newid, $row['stype']); } $this->action_skinoverview(); } /** * Admin::skinclonetype() * * @param String $skin Skin object * @param Integer $newid ID for this clone * @param String $type type of skin * @return Void */ function skinclonetype($skin, $newid, $type) { $newid = intval($newid); $content = $skin->getContent($type); if ( $content ) { $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')"; $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type); sql_query($query); } return; } /** * Admin::action_settingsedit() * * @param Void * @return Void */ function action_settingsedit() { global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; ?>

addTicketHidden() ?>
input_yesno('DisableSite',$CONF['DisableSite'],10060); ?>
input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?>
input_yesno('URLMode',$CONF['URLMode'],10077, 'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO); echo ' ', _SETTINGS_URLMODE_HELP; ?>
input_yesno('DebugVars',$CONF['DebugVars'],10078); ?>
" . _WARNING_NOTADIR . ""; if (!is_readable($DIR_MEDIA)) echo "
" . _WARNING_NOTREADABLE . ""; if (!is_writeable($DIR_MEDIA)) echo "
" . _WARNING_NOTWRITABLE . ""; ?>
input_yesno('AllowUpload',$CONF['AllowUpload'],10090); ?>
input_yesno('MediaPrefix',$CONF['MediaPrefix'],10110); ?>
input_yesno('AllowLoginEdit',$CONF['AllowLoginEdit'],10120); ?>
input_yesno('AllowMemberCreate',$CONF['AllowMemberCreate'],10130); ?>

input_yesno('NewMemberCanLogon',$CONF['NewMemberCanLogon'],10140); ?>
input_yesno('AllowMemberMail',$CONF['AllowMemberMail'],10150); ?>
input_yesno('NonmemberMail',$CONF['NonmemberMail'],10155); ?>
input_yesno('ProtectMemNames',$CONF['ProtectMemNames'],10156); ?>
input_yesno('CookieSecure',$CONF['CookieSecure'],10180); ?>
input_yesno('SessionCookie',$CONF['SessionCookie'],10190, 1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?>
input_yesno('LastVisit',$CONF['LastVisit'],10200); ?>
',_PLUGINS_EXTRA,''; $manager->notify( 'GeneralSettingsFormExtras', array() ); $this->pagefoot(); } /** * Admin::action_settingsupdate() * Update $CONFIG and redirect * * @param void * @return void */ function action_settingsupdate() { global $member, $CONF; $member->isAdmin() or $this->disallow(); // check if email address for admin is valid if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) ) { $this->error(_ERROR_BADMAILADDRESS); } // save settings $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); $this->updateConfig('BaseSkin', postVar('BaseSkin')); $this->updateConfig('IndexURL', postVar('IndexURL')); $this->updateConfig('AdminURL', postVar('AdminURL')); $this->updateConfig('PluginURL', postVar('PluginURL')); $this->updateConfig('SkinsURL', postVar('SkinsURL')); $this->updateConfig('ActionURL', postVar('ActionURL')); $this->updateConfig('Locale', postVar('Locale')); $this->updateConfig('AdminEmail', postVar('AdminEmail')); $this->updateConfig('SessionCookie', postVar('SessionCookie')); $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); $this->updateConfig('SiteName', postVar('SiteName')); $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon')); $this->updateConfig('DisableSite', postVar('DisableSite')); $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); $this->updateConfig('LastVisit', postVar('LastVisit')); $this->updateConfig('MediaURL', postVar('MediaURL')); $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); $this->updateConfig('AllowUpload', postVar('AllowUpload')); $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); $this->updateConfig('CookieDomain', postVar('CookieDomain')); $this->updateConfig('CookiePath', postVar('CookiePath')); $this->updateConfig('CookieSecure', postVar('CookieSecure')); $this->updateConfig('URLMode', postVar('URLMode')); $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); $this->updateConfig('DebugVars', postVar('DebugVars')); $this->updateConfig('DefaultListSize', postVar('DefaultListSize')); $this->updateConfig('AdminCSS', postVar('AdminCSS')); // load new config and redirect (this way, the new locale will be used is necessary) // note that when changing cookie settings, this redirect might cause the user // to have to log in again. getConfig(); redirect($CONF['AdminURL'] . '?action=manage'); exit; } /** * Admin::action_systemoverview() * Output system overview * * @param void * @return void */ function action_systemoverview() { global $member, $nucleus, $CONF; $this->pagehead(); echo '

' . _ADMIN_SYSTEMOVERVIEW_HEADING . "

\n"; if ( $member->isLoggedIn() && $member->isAdmin() ) { // Information about the used PHP and MySQL installation echo '

' . _ADMIN_SYSTEMOVERVIEW_PHPANDMYSQL . "

\n\n"; // Version of PHP MySQL echo '\n"; echo "\n"; echo "\n"; echo '\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo '\n"; echo '\n"; echo "\n"; echo "\n"; echo '\n"; echo '\n"; echo "\n"; echo "\n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . "
' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . "' . phpversion() . "
' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . "' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . "
\n\n"; // Important PHP settings echo '\n"; echo "\n"; echo "\n"; echo '\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo '\n"; $mqg = get_magic_quotes_gpc() ? 'On' : 'Off'; echo '\n"; echo "\n"; echo "\n"; echo '\n"; $mqr = get_magic_quotes_runtime() ? 'On' : 'Off'; echo '\n"; echo "\n"; echo "\n"; echo '\n"; $rg = ini_get('register_globals') ? 'On' : 'Off'; echo '\n"; echo "\n"; echo "\n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . "
magic_quotes_gpc' . "' . $mqg . "
magic_quotes_runtime' . "' . $mqr . "
register_globals' . "' . $rg . "
\n\n"; // Information about GD library $gdinfo = gd_info(); echo '\n"; echo "\n"; echo "\n"; echo '\n"; echo "\n"; echo "\n"; echo "\n"; foreach ( $gdinfo as $key=>$value ) { if ( is_bool($value) ) { $value = $value ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; } else { $value = Entity::hsc($value); } echo "\n"; echo '\n"; echo '\n"; echo "\n"; } echo "\n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . "
' . $key . "' . $value . "
\n\n"; // Check if special modules are loaded ob_start(); phpinfo(INFO_MODULES); $im = ob_get_contents(); ob_clean(); echo '\n"; echo "\n"; echo ""; echo '\n"; echo "\n"; echo "\n"; echo "\n"; echo '\n"; $modrewrite = (strstr($im, 'mod_rewrite') != '') ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; echo '\n"; echo "\n"; echo "\n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_MODULES . "
mod_rewrite' . "' . $modrewrite . "
\n\n"; // Information about the used Nucleus CMS echo '

' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . "

\n"; global $nucleus; $nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')'; $np = getNucleusPatchLevel(); echo "\n"; echo "\n"; echo "\n"; echo '\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo '\n"; echo '\n"; echo "\n"; echo "\n"; echo '\n"; echo '\n"; echo "\n"; echo "\n"; echo "
Nucleus CMS' . "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . "' . $nv . "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . "' . $np . "
\n\n"; // Important settings of the installation echo '\n"; echo "\n"; echo "\n"; echo '\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo '\n"; echo '\n"; echo "\n"; echo "\n"; echo '\n"; echo '\n"; echo "\n"; echo "\n"; echo '\n"; $ohs = $CONF['alertOnHeadersSent'] ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; echo '\n"; echo "\n"; echo "\n"; echo "\n"; echo '\n"; echo "\n"; echo "\n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . "
' . '$CONF[' . "'Self']' . $CONF['Self'] . "
' . '$CONF[' . "'ItemURL']' . $CONF['ItemURL'] . "
' . '$CONF[' . "'alertOnHeadersSent']' . $ohs . "
i18n::get_current_charset()' . i18n::get_current_charset() . "
\n\n"; // Link to the online version test at the Nucleus CMS website echo '

' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK . "

\n"; if ( $nucleus['codename'] != '') { $codenamestring = ' "' . $nucleus['codename'] . '"'; } else { $codenamestring = ''; } echo _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TXT; $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel()); echo ''; echo 'Nucleus CMS ' . $nv . $codenamestring; echo ''; } else { echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN; } $this->pagefoot(); } /** * Admin::updateConfig() * * @param string $name * @param string $val * @return integer return the ID in which the latest query posted */ function updateConfig($name, $val) { $name = sql_real_escape_string($name); $val = trim(sql_real_escape_string($val)); $query = "UPDATE %s SET value='%s' WHERE name='%s'"; $query = sprintf($query, sql_table('config'), $val, $name); sql_query($query) or die("Query error: " . sql_error()); return sql_insert_id(); } /** * Error message * @param string $msg message that will be shown */ function error($msg) { $this->pagehead(); echo "

Error!

\n"; echo $msg; echo "
\n"; echo '' . _BACK . "\n"; $this->pagefoot(); exit; } /** * Admin::disallow() * add error log and show error page * * @param void * @return void */ function disallow() { ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI')); $this->error(_ERROR_DISALLOWED); } /** * Admin::pagehead() * Output admin page head * * @param void * @return void */ function pagehead($extrahead = '') { global $member, $nucleus, $CONF, $manager; $manager->notify( 'AdminPrePageHead', array( 'extrahead' => &$extrahead, 'action' => $this->action)); $baseUrl = Entity::hsc($CONF['AdminURL']); if ( !array_key_exists('AdminCSS',$CONF) ) { sql_query("INSERT INTO ".sql_table('config')." VALUES ('AdminCSS', 'original')"); $CONF['AdminCSS'] = 'original'; } /* HTTP 1.1 application for no caching */ header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); $root_element = 'html'; $charset = i18n::get_current_charset(); $locale = preg_replace('#_#', '-', i18n::get_current_locale()); echo "xml_version_info}\" encoding=\"{$charset}\" ?>\n"; echo "formal_public_identifier}\" \"{$this->system_identifier}\">\n"; echo "<{$root_element} xmlns=\"{$this->xhtml_namespace}\" xml:lang=\"{$locale}\" lang=\"{$locale}\">\n"; echo "\n"; echo '' . Entity::hsc($CONF['SiteName']) . " - Admin\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "{$extrahead}\n"; echo "\n\n"; echo "\n"; echo "
\n"; echo "
\n"; echo '

' . Entity::hsc($CONF['SiteName']) . "

\n"; echo "
\n"; echo "
\n"; echo "
\n"; echo "
\n"; if ( $member->isLoggedIn() ) { echo _LOGGEDINAS . ' ' . $member->getDisplayName() ." - " . _LOGOUT. "
\n"; echo "" . _ADMINHOME . " - "; } else { echo '' . _NOTLOGGEDIN . "
\n"; } echo ""._YOURSITE."
\n"; echo '('; if (array_key_exists('codename', $nucleus) && $nucleus['codename'] != '' ) { $codenamestring = ' "' . $nucleus['codename'].'"'; } else { $codenamestring = ''; } if ( $member->isLoggedIn() && $member->isAdmin() ) { $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel()); echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring . ''; $newestVersion = getLatestVersion(); $newestCompare = str_replace('/','.',$newestVersion); $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']); if ( $newestVersion && version_compare($newestCompare, $currentVersion) > 0 ) { echo "
\n"; echo ''; echo _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT . $newestVersion; echo ""; } } else { echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring; } echo ')'; echo '
'; return; } /** * Admin::pagefoot() * Output admin page foot include quickmenu * * @param void * @return void */ function pagefoot() { global $action, $member, $manager; $manager->notify( 'AdminPrePageFoot', array('action' => $this->action) ); if ( $member->isLoggedIn() && ($action != 'showlogin') ) { echo '

' . _LOGOUT . "

\n"; echo "\n"; } echo "
\n"; echo 'Nucleus CMS © 2002-' . date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT; echo '-'; echo '' . _ADMINPAGEFOOT_DONATE . "\n"; echo "
\n"; echo "\n"; echo "
\n"; if ( ($action != 'showlogin') && ($member->isLoggedIn()) ) { echo "\n"; echo '

' . _QMENU_ADD . "

\n"; echo "
\n"; echo "

\n"; echo "\n"; $showAll = requestVar('showall'); if ( ($member->isAdmin()) && ($showAll == 'yes') ) { // Super-Admins have access to all blogs! (no add item support though) $query = 'SELECT bnumber as value, bname as text' . ' FROM ' . sql_table('blog') . ' ORDER BY bname'; } else { $query = 'SELECT bnumber as value, bname as text' . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') . ' WHERE tblog=bnumber and tmember=' . $member->getID() . ' ORDER BY bname'; } $template['name'] = 'blogid'; $template['tabindex'] = 15000; $template['extra'] = _QMENU_ADD_SELECT; $template['selected'] = -1; $template['shorten'] = 10; $template['shortenel'] = ''; $template['javascript'] = 'onchange="return form.submit()"'; showlist($query,'select',$template); echo "

\n"; echo "
\n"; echo "

{$member->getDisplayName()}

\n"; echo "\n"; // ---- general settings ---- if ( $member->isAdmin() ) { echo '

' . _QMENU_MANAGE . "

\n"; echo "\n"; echo "

" . _QMENU_LAYOUT . "

\n"; echo "\n"; } $aPluginExtras = array(); $manager->notify( 'QuickMenu', array( 'options' => &$aPluginExtras)); if ( count($aPluginExtras) > 0 ) { echo "

" . _QMENU_PLUGINS . "

\n"; echo "\n"; } } else if ( ($action == 'activate') || ($action == 'activatesetpwd') ) { echo '

' . _QMENU_ACTIVATE . '

' . _QMENU_ACTIVATE_TEXT; } else { // introduction text on login screen echo '

' . _QMENU_INTRO . '

' . _QMENU_INTRO_TEXT; } echo "\n"; echo "
\n"; echo "\n"; echo "
\n"; echo "\n"; echo "
\n"; echo "\n"; echo "
\n"; echo "\n"; echo "\n"; return; } /** * @todo document this */ function action_regfile() { global $member, $CONF; $blogid = intRequestVar('blogid'); $member->teamRights($blogid) or $this->disallow(); // header-code stolen from phpMyAdmin // REGEDIT and bookmarklet code stolen from GreyMatter $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid)); header('Content-Type: application/octetstream'); header('Content-Disposition: filename="nucleus.reg"'); header('Pragma: no-cache'); header('Expires: 0'); echo "REGEDIT4\n"; echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n"; echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n"; echo '"contexts"=hex:31'; } /** * @todo document this */ function action_bookmarklet() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->teamRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $bm = getBookmarklet($blogid); $this->pagehead(); echo '

(',_BACKHOME,')

'; ?>



' . sprintf(_BOOKMARKLET_ANCHOR, Entity::hsc($blog->getName())) . '' . _BOOKMARKLET_BMARKFOLLOW; ?>

addTicketToUrl($url); ?> ' . _BOOKMARKLET_RIGHTLABEL . '' . _BOOKMARKLET_RIGHTTEXT2; ?>

pagefoot(); } /** * @todo document this */ function action_actionlog() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; $url = $manager->addTicketToUrl('index.php?action=clearactionlog'); ?>

' . _ACTIONLOG_TITLE . ''; $query = 'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC'; $template['content'] = 'actionlist'; $amount = showlist($query,'table',$template); $this->pagefoot(); } /** * @todo document this */ function action_banlist() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $this->pagehead(); echo '

(',_BACKHOME,')

'; echo '

' . _BAN_TITLE . " '". $this->bloglink($blog) ."'

"; $query = 'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid.' ORDER BY iprange'; $template['content'] = 'banlist'; $amount = showlist($query,'table',$template); if ($amount == 0) echo _BAN_NONE; echo '

'._BAN_NEW_TITLE.'

'; echo "

"._BAN_NEW_TEXT."

"; $this->pagefoot(); } /** * @todo document this */ function action_banlistdelete() { global $member, $manager; $blogid = intRequestVar('blogid'); $iprange = requestVar('iprange'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $banBlogName = Entity::hsc($blog->getName()); $this->pagehead(); ?>


addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_banlistdeleteconfirm() { global $member, $manager; $blogid = intPostVar('blogid'); $allblogs = postVar('allblogs'); $iprange = postVar('iprange'); $member->blogAdminRights($blogid) or $this->disallow(); $deleted = array(); if (!$allblogs) { if (Ban::removeBan($blogid, $iprange)) array_push($deleted, $blogid); } else { // get blogs fot which member has admin rights $adminblogs = $member->getAdminBlogs(); foreach ($adminblogs as $blogje) { if (Ban::removeBan($blogje, $iprange)) array_push($deleted, $blogje); } } if (sizeof($deleted) == 0) $this->error(_ERROR_DELETEBAN); $this->pagehead(); echo '(',_BACK,')'; echo '

'._BAN_REMOVED_TITLE.'

'; echo "

"._BAN_REMOVED_TEXT."

"; echo ""; $this->pagefoot(); } /** * @todo document this */ function action_banlistnewfromitem() { $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid'))); } /** * @todo document this */ function action_banlistnew($blogid = '') { global $member, $manager; if ($blogid == '') $blogid = intRequestVar('blogid'); $ip = requestVar('ip'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $this->pagehead(); ?>


"; echo ""; } ?>


addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_banlistadd() { global $member; $blogid = intPostVar('blogid'); $allblogs = postVar('allblogs'); $iprange = postVar('iprange'); if ($iprange == "custom") $iprange = postVar('customiprange'); $reason = postVar('reason'); $member->blogAdminRights($blogid) or $this->disallow(); // TODO: check IP range validity if (!$allblogs) { if (!Ban::addBan($blogid, $iprange, $reason)) $this->error(_ERROR_ADDBAN); } else { // get blogs fot which member has admin rights $adminblogs = $member->getAdminBlogs(); $failed = 0; foreach ($adminblogs as $blogje) { if (!Ban::addBan($blogje, $iprange, $reason)) $failed = 1; } if ($failed) $this->error(_ERROR_ADDBAN); } $this->action_banlist(); } /** * @todo document this */ function action_clearactionlog() { global $member; $member->isAdmin() or $this->disallow(); ActionLog::clear(); $this->action_manage(_MSG_ACTIONLOGCLEARED); } /** * @todo document this */ function action_backupoverview() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; ?>

addTicketHidden() ?>


addTicketHidden() ?>



pagefoot(); } /** * Admin::action_backupcreate() * create file for backup * * @param void * @return void * */ function action_backupcreate() { global $member, $DIR_LIBS; $member->isAdmin() or $this->disallow(); // use compression ? $useGzip = (integer) postVar('gzip'); include($DIR_LIBS . 'backup.php'); // try to extend time limit // (creating/restoring dumps might take a while) @set_time_limit(1200); Backup::do_backup($useGzip); exit; } /** * Admin::action_backuprestore() * restoring from uploaded file * * @param void * @return void */ function action_backuprestore() { global $member, $DIR_LIBS; $member->isAdmin() or $this->disallow(); if ( intPostVar('letsgo') != 1 ) { $this->error(_ERROR_BACKUP_NOTSURE); } include($DIR_LIBS . 'backup.php'); // try to extend time limit // (creating/restoring dumps might take a while) @set_time_limit(1200); $message = Backup::do_restore(); if ( $message != '' ) { $this->error($message); } $this->pagehead(); echo '

' . _RESTORE_COMPLETE . "

\n"; $this->pagefoot(); return; } /** * Admin::action_pluginlist() * output the list of installed plugins * * @param void * @return void * */ function action_pluginlist() { global $DIR_PLUGINS, $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; echo '

' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '

'; echo '

' , _PLUGS_TITLE_INSTALLED , '   ', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, '

'; $query = 'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC'; $template['content'] = 'pluginlist'; $template['tabindex'] = 10; showlist($query, 'table', $template); echo '

' . _PLUGS_TITLE_UPDATE . "

\n"; echo '

' . _PLUGS_TEXT_UPDATE . "

\n"; echo '
' . "\n"; echo "
\n"; echo '' . "\n"; $manager->addTicketHidden(); echo '' . "\n"; echo "
\n"; echo "
\n"; echo '

' . _PLUGS_TITLE_NEW . "

\n"; // find a list of possibly non-installed plugins $candidates = array(); $dirhandle = opendir($DIR_PLUGINS); while ( $filename = readdir($dirhandle) ) { if ( preg_match('#^NP_(.*)\.php$#', $filename, $matches) ) { $name = $matches[1]; // only show in list when not yet installed $query = 'SELECT * FROM %s WHERE pfile = "NP_%s"'; $query = sprintf($query, sql_table('plugin'), sql_real_escape_string($name)); $res = sql_query($query); if ( sql_num_rows($res) == 0 ) { array_push($candidates, $name); } } } closedir($dirhandle); if ( sizeof($candidates) > 0 ) { echo '

' . _PLUGS_ADD_TEXT . "

\n"; echo '
' . "\n"; echo "
\n"; echo '' . "\n"; $manager->addTicketHidden(); echo '\n"; echo '\n"; echo "
\n"; echo "
\n"; } else { echo '

', _PLUGS_NOCANDIDATES, '

'; } $this->pagefoot(); return; } /** * @todo document this */ function action_pluginhelp() { global $member, $manager, $DIR_PLUGINS, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $plugid = intGetVar('plugid'); if (!$manager->pidInstalled($plugid)) $this->error(_ERROR_NOSUCHPLUGIN); $plugName = getPluginNameFromPid($plugid); $this->pagehead(); echo '

(',_PLUGS_BACK,')

'; echo '

',_PLUGS_HELP_TITLE,': ',Entity::hsc($plugName),'

'; $plug =& $manager->getPlugin($plugName); $helpFile = $DIR_PLUGINS.$plug->getShortName().'/help.html'; if (($plug->supportsFeature('HelpPage') > 0) && (@file_exists($helpFile))) { @readfile($helpFile); } else { echo '

Error: ', _ERROR_PLUGNOHELPFILE,'

'; echo '

(',_BACK,')

'; } $this->pagefoot(); } /** * Admin::action_pluginadd() * * @param Void * @return Void * */ function action_pluginadd() { global $member, $manager, $DIR_PLUGINS; // check if allowed $member->isAdmin() or $this->disallow(); $name = postVar('filename'); if ( $manager->pluginInstalled($name) ) { $this->error(_ERROR_DUPPLUGIN); } if ( !checkPlugin($name) ) { $this->error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')'); } // get number of currently installed plugins $res = sql_query('SELECT * FROM '.sql_table('plugin')); $numCurrent = sql_num_rows($res); // plugin will be added as last one in the list $newOrder = $numCurrent + 1; $manager->notify( 'PreAddPlugin', array( 'file' => &$name ) ); // do this before calling getPlugin (in case the plugin id is used there) $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")'; sql_query($query); $iPid = sql_insert_id(); $manager->clearCachedInfo('installedPlugins'); // Load the plugin for condition checking and instalation $plugin =& $manager->getPlugin($name); // check if it got loaded (could have failed) if ( !$plugin ) { sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid)); $manager->clearCachedInfo('installedPlugins'); $this->error(_ERROR_PLUGIN_LOAD); } // check if plugin needs a newer Nucleus version if ( getNucleusVersion() < $plugin->getMinNucleusVersion() ) { // uninstall plugin again... $this->deleteOnePlugin($plugin->getID()); // ...and show error $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion())); } // check if plugin needs a newer Nucleus version if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) ) { // uninstall plugin again... $this->deleteOnePlugin($plugin->getID()); // ...and show error $this->error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) ); } $pluginList = $plugin->getPluginDep(); foreach ( $pluginList as $pluginName ) { $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"'); if (sql_num_rows($res) == 0) { // uninstall plugin again... $this->deleteOnePlugin($plugin->getID()); $this->error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName))); } } // call the install method of the plugin $plugin->install(); $manager->notify( 'PostAddPlugin', array( 'plugin' => &$plugin ) ); // update all events $this->action_pluginupdate(); return; } /** * ADMIN:action_pluginupdate(): * * @param Void * @return Void * */ function action_pluginupdate() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); // delete everything from plugin_events sql_query('DELETE FROM '.sql_table('plugin_event')); // loop over all installed plugins $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin')); while ( $o = sql_fetch_object($res) ) { $pid = $o->pid; $plug =& $manager->getPlugin($o->pfile); if ( $plug ) { $eventList = $plug->getEventList(); foreach ( $eventList as $eventName ) { $query = "INSERT INTO %s (pid, event) VALUES (%d, '%s')"; $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, sql_real_escape_string($eventName)); sql_query($query); } } } redirect($CONF['AdminURL'] . '?action=pluginlist'); return; } /** * @todo document this */ function action_plugindelete() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $pid = intGetVar('plugid'); if (!$manager->pidInstalled($pid)) $this->error(_ERROR_NOSUCHPLUGIN); $this->pagehead(); ?>

?

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_plugindeleteconfirm() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $pid = intPostVar('plugid'); $error = $this->deleteOnePlugin($pid, 1); if ($error) { $this->error($error); } redirect($CONF['AdminURL'] . '?action=pluginlist'); // $this->action_pluginlist(); } /** * @todo document this */ function deleteOnePlugin($pid, $callUninstall = 0) { global $manager; $pid = intval($pid); if (!$manager->pidInstalled($pid)) return _ERROR_NOSUCHPLUGIN; $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid); /* // call the unInstall method of the plugin if ($callUninstall) { $plugin =& $manager->getPlugin($name); if ($plugin) $plugin->unInstall(); }*/ // check dependency before delete $res = sql_query('SELECT pfile FROM '.sql_table('plugin')); while($o = sql_fetch_object($res)) { $plug =& $manager->getPlugin($o->pfile); if ($plug) { $depList = $plug->getPluginDep(); foreach ($depList as $depName) { if ($name == $depName) { return sprintf(_ERROR_DELREQPLUGIN, $o->pfile); } } } } $manager->notify('PreDeletePlugin', array('plugid' => $pid)); // call the unInstall method of the plugin if ($callUninstall) { $plugin =& $manager->getPlugin($name); if ($plugin) $plugin->unInstall(); } // delete all subscriptions sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid); // delete all options // get OIDs from plugin_option_desc $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); $aOIDs = array(); while ($o = sql_fetch_object($res)) { array_push($aOIDs, $o->oid); } // delete from plugin_option and plugin_option_desc sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid); if (count($aOIDs) > 0) sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')'); // update order numbers $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid); $o = sql_fetch_object($res); sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder); // delete row sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid); $manager->clearCachedInfo('installedPlugins'); $manager->notify('PostDeletePlugin', array('plugid' => $pid)); return ''; } /** * @todo document this */ function action_pluginup() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $plugid = intGetVar('plugid'); if (!$manager->pidInstalled($plugid)) $this->error(_ERROR_NOSUCHPLUGIN); // 1. get old order number $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); $o = sql_fetch_object($res); $oldOrder = $o->porder; // 2. calculate new order number $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; // 3. update plug numbers sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); //$this->action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. redirect($CONF['AdminURL'] . '?action=pluginlist'); } /** * @todo document this */ function action_plugindown() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $plugid = intGetVar('plugid'); if (!$manager->pidInstalled($plugid)) $this->error(_ERROR_NOSUCHPLUGIN); // 1. get old order number $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); $o = sql_fetch_object($res); $oldOrder = $o->porder; $res = sql_query('SELECT * FROM '.sql_table('plugin')); $maxOrder = sql_num_rows($res); // 2. calculate new order number $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; // 3. update plug numbers sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); //$this->action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. redirect($CONF['AdminURL'] . '?action=pluginlist'); } /** * Admin::action_pluginoptions() * * Output Plugin option page * * @access public * @param string $message message when fallbacked * @return void * */ public function action_pluginoptions($message = '') { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $pid = (integer) requestVar('plugid'); if ( !$manager->pidInstalled($pid) ) { $this->error(_ERROR_NOSUCHPLUGIN); } $pname = getPluginNameFromPid($pid); /* just for including translation */ $manager->getPlugin($pname); $extrahead = "\n"; $this->pagehead($extrahead); echo '

(' . _PLUGS_BACK . ")

\n"; echo '

' . sprintf(_PLUGIN_OPTIONS_TITLE, Entity::hsc($pname)) . "

\n"; if ( isset($message) ) { echo $message; } echo "
\n"; echo "
\n"; echo "\n"; echo "\n"; $manager->addTicketHidden(); $aOptions = array(); $aOIDs = array(); $query = "SELECT * FROM %s WHERE ocontext='global' and opid=%d ORDER BY oid ASC"; $query = sprintf($query, sql_table('plugin_option_desc'), $pid); $result = sql_query($query); while ( $object = sql_fetch_object($result) ) { array_push($aOIDs, $object->oid); $aOptions[$object->oid] = array( 'oid' => $object->oid, 'value' => $object->odef, 'name' => $object->oname, 'description' => $object->odesc, 'type' => $object->otype, 'typeinfo' => $object->oextra, 'contextid' => 0 ); } // fill out actual values if ( count($aOIDs) > 0 ) { $query = "SELECT oid, ovalue FROM %s WHERE oid in (%s)"; $query = sprintf($query, sql_table('plugin_option'), implode(',',$aOIDs)); $result = sql_query($query); while ( $object = sql_fetch_object($result) ) { $aOptions[$object->oid]['value'] = $object->ovalue; } } // call plugins $data = array('context' => 'global', 'plugid' => $pid, 'options'=>&$aOptions); $manager->notify('PrePluginOptionsEdit',$data); $template['content'] = 'plugoptionlist'; $amount = showlist($aOptions,'table',$template); if ( $amount == 0 ) { echo '

',_ERROR_NOPLUGOPTIONS,'

'; } echo "
\n"; echo "
\n"; $this->pagefoot(); return; } /** * Admin::action_pluginoptionsupdate() * * Update plugin options and fallback to plugin option page * * @access public * @param void * @return void */ public function action_pluginoptionsupdate() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $pid = (integer) requestVar('plugid'); if ( !$manager->pidInstalled($pid) ) { $this->error(_ERROR_NOSUCHPLUGIN); } $aOptions = requestArray('plugoption'); NucleusPlugin::apply_plugin_options($aOptions); $manager->notify('PostPluginOptionsUpdate',array('context' => 'global', 'plugid' => $pid)); $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED); return; } /** * Admin::_insertPluginOptions() * * Output plugin option field * * @access public * @param string $context plugin option context * @param integer $contextid plugin option context id * @return void */ public function _insertPluginOptions($context, $contextid = 0) { // get all current values for this contextid // (note: this might contain doubles for overlapping contextids) $aIdToValue = array(); $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid)); while ( $object = sql_fetch_object($res) ) { $aIdToValue[$object->oid] = $object->ovalue; } // get list of oids per pid $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin') . ' WHERE opid=pid and ocontext=\''.sql_real_escape_string($context).'\' ORDER BY porder, oid ASC'; $res = sql_query($query); $aOptions = array(); while ( $object = sql_fetch_object($res) ) { if (in_array($object->oid, array_keys($aIdToValue))) { $value = $aIdToValue[$object->oid]; } else { $value = $object->odef; } array_push($aOptions, array( 'pid' => $object->pid, 'pfile' => $object->pfile, 'oid' => $object->oid, 'value' => $value, 'name' => $object->oname, 'description' => $object->odesc, 'type' => $object->otype, 'typeinfo' => $object->oextra, 'contextid' => $contextid, 'extra' => '')); } global $manager; $manager->notify('PrePluginOptionsEdit',array('context' => $context, 'contextid' => $contextid, 'options'=>&$aOptions)); $iPrevPid = -1; foreach ($aOptions as $aOption) { // new plugin? if ( $iPrevPid != $aOption['pid'] ) { $iPrevPid = $aOption['pid']; if ( !defined('_PLUGIN_OPTIONS_TITLE') ) { define('_PLUGIN_OPTIONS_TITLE', 'Options for %s'); } echo ''.sprintf(_PLUGIN_OPTIONS_TITLE, Entity::hsc($aOption['pfile'])).''; } $meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']); if ( @$meta['access'] != 'hidden' ) { echo ''; listplug_plugOptionRow($aOption); echo ''; } } return; } /** * Admin::input_yesno() * Output input elements with radio attribute for yes/no options * * @param string $name name attribute * @param string $value_current current value attribute * @param integer $tabindex tab index * @param string $value_yes value attribute for yes option * @param string $value_no value attribute for no option * @param string $text_yes child text element for yes option * @param string $text_no child text element for no option * @param boolean $isAdmin have admin right or not * @return void */ function input_yesno($name, $value_current, $tabindex = 0, $value_yes = 1, $value_no = 0, $text_yes = _YES, $text_no = _NO, $isAdmin = 0) { $id = preg_replace('#\[|\]#', '-', $name); $id_yes = $id . $value_yes; $id_no = $id . $value_no; /* yes option */ echo '\n"; echo '\n"; /* no option */ echo '\n"; echo '\n"; return; } /** * Returns a link to a weblog * @param object BLOG */ function bloglink(&$blog) { return ''. Entity::hsc( $blog->getName() ) .''; } }