action_xxxx method) */ public $action; /** * @var object $adminSkin */ public $adminSkin; /** * @var string $extrahead */ public $extrahead; /** * @var bool $passvar */ public $passvar; /** * @var string $headMess */ public $headMess; public $aOptions; /** * Class constructor */ /* function ADMIN() { } */ function __construct() { global $member, $DIR_LIBS; $query = 'SELECT ' . ' COUNT(*) as result ' . 'FROM ' . sql_table('adminskin_desc'); if ( !(quickQuery($query)) ) { $this->action_importAdmin(); } if ( !isset($adminSkinid) || !($adminSkinid) ) { $adminSkinid = self::getAdminSkinID(); } if ( skinableSKIN::existsID($adminSkinid) ) { $this->adminSkin = new skinableSKIN($adminSkinid); } else { $this->adminSkin = 0; } } static private function getAdminSkinID() { global $CONF, $member, $manager; if (isset($member) && $member->isLoggedIn()) { $memskin = $member->getAdminSkin(); if ($memskin) { return $memskin; } } return $CONF['DefaultAdminSkin']; } function getAdminskinEditActions() { return array( 'adminskinoverview', 'adminskinieoverview', 'adminskinedittype', 'adminskinremovetype', 'adminskindelete', 'adminskinedit', 'adminskinieimport', 'adminskiniedoimport', 'admintemplateedit', 'admintemplateoverview', 'admintemplatedelete', ); } function getSkinlessActions() { return array( 'plugindeleteconfirm', 'pluginoptionsupdate', 'skinremovetypeconfirm', 'skinclone', 'skindeleteconfirm', 'skinnew', 'skineditgeneral', 'skinieexport', 'skinupdate', 'templateupdate', 'templatedeleteconfirm', 'templatenew', 'templateclone', 'adminskinremovetypeconfirm', 'adminskinclone', 'adminskindeleteconfirm', 'adminskinnew', 'adminskineditgeneral', 'adminskinieexport', 'adminskinupdate', 'admintemplateupdate', 'admintemplatedeleteconfirm', 'admintemplatenew', 'admintemplateclone', 'blogsettingsupdate', 'settingsupdate', 'addnewlog2', 'additem', 'itemdeleteconfirm', 'itemupdate', 'changemembersettings', 'clearactionlog', 'memberedit', ); } /** * Executes an action * * @param string $action action to be performed */ function action($action) { global $CONF, $manager; $f = false; // list of action aliases $alias = array( 'login' => 'overview', '' => 'overview' ); $customAction = postvar('customaction'); if ( !empty($customAction) ) { $alias = array( 'login' => $customAction, '' => $customAction ); } if ( isset($alias[$action]) ) { $action = $alias[$action]; } $methodName = 'action_' . $action; $this->action = strtolower($action); // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action // is an action that requires user interaction before something is actually done) // all safe actions are in this array: $aActionsNotToCheck = array( 'showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate', 'systemoverview', 'activatesetpwd', ); $synonimActions = array( 'banlistnewfromitem', 'memberedit', 'login', ); /* // the rest of the actions needs to be checked $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd'); */ $adminskinEditActions = $this->getAdminskinEditActions(); $skinLessActions = $this->getSkinlessActions(); $allowActions = array_merge($synonimActions, $this->getSkinlessActions()); $aActionsNotToCheck = array_merge($aActionsNotToCheck, $adminskinEditActions, $allowActions); if (!in_array($this->action, $aActionsNotToCheck) && !$this->existsSkinContents($action) ) { if (!$manager->checkTicket()) { $this->error(_ERROR_BADTICKET); } } if ( !$this->adminSkin && $CONF['DefaultAdminSkin'] ) { $this->adminSkin = new Skin($CONF['DefaultAdminSkin']); } if ( !method_exists($this, $methodName) && !in_array($this->action, $allowActions) && $this->existsSkinContents($action) ) { $this->action_parseSpecialskin; $f = true; } elseif ( method_exists($this, $methodName) ) { call_user_func(array(&$this, $methodName)); $f = true; } if ($f) { exit; } $id = self::getAdminSkinID(); $this->adminSkin = new skinableSKIN($id); if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') ) { $this->error(_BADACTION . ENTITY::hsc($action)); $f = true; } elseif ( $id != $CONF['DefaultAdminSkin'] ) { $this->adminSkin = new Skin($CONF['DefaultAdminSkin']); if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') ) { $this->error(_BADACTION . ENTITY::hsc($action)); $f = true; } } if ($f) { exit; } $this->error(_BADACTION . ENTITY::hsc($action)); } /** * Check skin contents * * @param string action type * @return bool */ function existsSkinContents($action) { $nsActions = $this->getSkinlessActions(); $in_array = in_array($action, $nsActions); if ($in_array) { return $in_array; } else { $query = 'SELECT ' . ' scontent as result ' . 'FROM ' . sql_table('adminskin') . ' ' . 'WHERE ' . ' sdesc = %d ' . 'AND stype = "%s"'; if ( is_object($this->adminSkin) ) { return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action))); } else { return quickQuery(sprintf($query, 1, sql_real_escape_string($action))); } } } /** * Check exists specialskinparts * * @param string action type * @return bool */ function specialActionsAllow($action) { $query = 'SELECT ' . ' sdesc as result ' . 'FROM ' . sql_table('adminskin') . ' ' . 'WHERE ' . ' sdesc = %d ' . 'AND stype = "%s"'; return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action))); } /** * @todo document this */ function action_showlogin() { global $error; $this->action_login($error); } /** * @todo document this */ function action_login($msg = '', $passvars = 1) { global $member; // skip to overview when allowed if ( $member->isLoggedIn() && $member->canLogin() ) { $this->action_overview(); exit; } $this->passvar = $passvars; if ( $msg ) { $this->headMess = $msg; } $this->pagehead(); $this->parse('showlogin'); $this->pagefoot(); } /** * provides a screen with the overview of the actions available * @todo document parameter */ function action_overview($msg = '') { if ( $msg ) { $this->headMess = $msg; } $this->pagehead(); $this->parse('overview'); $this->pagefoot(); } /** * @todo document this */ function action_manage($msg = '') { global $member; if ( $msg ) { $this->headMess = $msg; } $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('manage'); $this->pagefoot(); } /** * @todo document this */ function action_itemlist($blogid = '') { global $member, $manager, $CONF; if ( $blogid == '' ) { $blogid = intRequestVar('blogid'); } $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('itemlist'); $this->pagefoot(); } /** * @todo document this */ function action_batchitem() { global $member, $manager; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On move: when no destination blog/category chosen, show choice now $destCatid = intRequestVar('destcatid'); if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) ) { $this->batchMoveSelectDestination('item', $selected); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('item',$selected); } $this->pagehead(); $this->parse('batchitem'); $this->pagefoot(); } /** * @todo document this */ function action_batchcomment() { global $member; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('comment',$selected); } $this->pagehead(); $this->parse('batchcomment'); $this->pagefoot(); } /** * @todo document this */ function action_batchmember() { global $member; // check if logged in and admin ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no members selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('member',$selected); } $this->pagehead(); $this->parse('batchmember'); $this->pagefoot(); } /** * @todo document this */ function action_batchteam() { global $member; $blogid = intRequestVar('blogid'); // check if logged in and admin ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no members selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('team',$selected); } $this->pagehead(); $this->parse('batchmember'); $this->pagefoot(); } /** * @todo document this */ function action_batchcategory() { global $member, $manager; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if ( !is_array($selected) || sizeof($selected) == 0 ) { $this->error(_BATCH_NOSELECTION); } // On move: when no destination blog chosen, show choice now $destBlogId = intRequestVar('destblogid'); if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) ) { $this->batchMoveCategorySelectDestination('category', $selected); } // On delete: check if confirmation has been given if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) { $this->batchAskDeleteConfirmation('category', $selected); } $this->pagehead(); $this->parse('batchcategory'); $this->pagefoot(); } /** * @todo document this */ function batchMoveSelectDestination($type, $ids) { $this->pagehead(); $this->parse('batchmove'); $this->pagefoot(); exit; } /** * @todo document this */ function batchMoveCategorySelectDestination($type, $ids) { global $manager; $this->pagehead(); $this->parse('batchmovecat'); $this->pagefoot(); exit; } /** * @todo document this */ function batchAskDeleteConfirmation($type, $ids) { $this->pagehead(); $this->parse('batchdelete'); $this->pagefoot(); exit; } /** * Inserts a HTML select element with choices for all categories to which the current * member has access * @see function selectBlog */ function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); } /** * Inserts a HTML select element with choices for all blogs to which the user has access * mode = 'blog' => shows blognames and values are blogids * mode = 'category' => show category names and values are catids * * @param $iForcedBlogInclude * ID of a blog that always needs to be included, without checking if the * member is on the blog team (-1 = none) * @todo document parameters */ function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { global $member, $CONF; // 0. get IDs of blogs to which member can post items (+ forced blog) $aBlogIds = array(); if ( $iForcedBlogInclude != -1 ) { $aBlogIds[] = intval($iForcedBlogInclude); } if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) ) { $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; } else { $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); } $rblogids = sql_query($queryBlogs); while ($o = sql_fetch_object($rblogids)) { if ( $o->bnumber != $iForcedBlogInclude ) { $aBlogIds[] = intval($o->bnumber); } } if ( count($aBlogIds) == 0 ) { return; } $_REQUEST['selectData'] = array( 'name' => $name, 'tabindex' => $tabindex, 'mode' => $mode, 'selected' => $selected, 'showNewCat' => $showNewCat, 'aBlogIds' => $aBlogIds, ); $this->parse('blogselectbox'); } /** * @todo document this */ function action_browseownitems() { global $member, $manager, $CONF; $this->pagehead(); $this->parse('browseownitems'); $this->pagefoot(); } /** * Show all the comments for a given item * @param int $itemid */ function action_itemcommentlist($itemid = '') { global $member, $manager, $CONF; if ( $itemid == '' ) { $itemid = intRequestVar('itemid'); } $_REQUEST['itemid'] = $itemid; $_REQUEST['blogid'] = getBlogIdFromItemId($itemid); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $blogid = getBlogIdFromItemId($itemid); $this->pagehead(); $this->parse('itemcommentlist'); $this->pagefoot(); } /** * Browse own comments */ function action_browseowncomments() { $this->pagehead(); $this->parse('browseowncomments'); $this->pagefoot(); } /** * Browse all comments for a weblog * @param int $blogid */ function action_blogcommentlist($blogid = '') { global $member, $manager, $CONF; if ( $blogid == '' ) { $blogid = intRequestVar('blogid'); } else { $blogid = intval($blogid); } $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); $_REQUEST['blogid'] = $blogid; $this->pagehead(); $this->parse('blogcommentlist'); $this->pagefoot(); } /** * Provide a page to item a new item to the given blog */ function action_createitem() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->teamRights($blogid) or $this->disallow(); $memberid = $member->getID(); $blog =& $manager->getBlog($blogid); $this->pagehead(); $this->parse('createitem'); $this->pagefoot(); } /** * @todo document this */ function action_itemedit() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $item =& $manager->getItem($itemid, 1, 1); $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); $this->pagehead(); $this->parse('itemedit'); $this->pagefoot(); } /** * @todo document this */ function action_itemupdate() { global $member, $manager, $CONF; $itemid = intRequestVar('itemid'); $catid = postVar('catid'); // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); $actiontype = postVar('actiontype'); // delete actions are handled by itemdelete (which has confirmation) if ( $actiontype == 'delete' ) { $this->action_itemdelete(); return; } $body = postVar('body'); $title = postVar('title'); $more = postVar('more'); $closed = intPostVar('closed'); $draftid = intPostVar('draftid'); // default action = add now if ( !$actiontype ) { $actiontype='addnow'; } // create new category if needed if ( strstr($catid,'newcat') ) { // get blogid list($blogid) = sscanf($catid,"newcat-%d"); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if ( !$catid ) { $this->doError(_ERROR_CATCREATEFAIL); } } /* set some variables based on actiontype actiontypes: draft items -> addnow, addfuture, adddraft, delete non-draft items -> edit, changedate, delete variables set: $timestamp: set to a nonzero value for future dates or date changes $wasdraft: set to 1 when the item used to be a draft item $publish: set to 1 when the edited item is not a draft */ $blogid = getBlogIDFromItemID($itemid); $blog =& $manager->getBlog($blogid); $wasdrafts = array('adddraft', 'addfuture', 'addnow'); $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0; $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0; if ( $actiontype == 'addfuture' || $actiontype == 'changedate' ) { $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); } else { $timestamp =0; } // edit the item for real Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); $this->updateFuturePosted($blogid); if ( $draftid > 0 ) { // delete permission is checked inside Item::delete() Item::delete($draftid); } // show category edit window when we created a new category // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') if ( $catid != intPostVar('catid') ) { $this->action_categoryedit( $catid, $blog->getID(), $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) ); } else { // TODO: set start item correctly for itemlist $item = Item::getItem($itemid, 0, 0); $cnt = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']); $_REQUEST['start'] = $cnt + 1; $this->action_itemlist(getBlogIDFromItemID($itemid)); } } /** * Admin::action_itemdelete() * Delete item * * @param Void * @return Void */ function action_itemdelete() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); if ( !$manager->existsItem($itemid,1,1) ) { $this->error(_ERROR_NOSUCHITEM); } $this->pagehead(); $this->parse('itemdelete'); $this->pagefoot(); return; } /** * @todo document this */ function action_itemdeleteconfirm() { global $member; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); // get blogid first $blogid = getBlogIdFromItemId($itemid); // delete item (note: some checks will be performed twice) $this->deleteOneItem($itemid); $this->action_itemlist($blogid); } /** * Deletes one item and returns error if something goes wrong * @param int $itemid */ function deleteOneItem($itemid) { global $member, $manager; // only allow if user is allowed to alter item (also checks if itemid exists) if ( !$member->canAlterItem($itemid) ) { return _ERROR_DISALLOWED; } // need to get blogid before the item is deleted $blogid = getBlogIDFromItemId($itemid); $manager->loadClass('ITEM'); Item::delete($itemid); // update blog's futureposted $this->updateFuturePosted($blogid); } /** * Admin::updateFuturePosted() * Update a blog's future posted flag * * @param integer $blogid * @return void * */ function updateFuturePosted($blogid) { global $manager; $blogid = intval($blogid); $blog =& $manager->getBlog($blogid); $currenttime = $blog->getCorrectTime(time()); $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'"; $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime)); $result = sql_query($query); if ( sql_num_rows($result) > 0 ) { $blog->setFuturePost(); } else { $blog->clearFuturePost(); } return; } /** * @todo document this */ function action_itemmove() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $this->pagehead(); $this->parse('itemmove'); $this->pagefoot(); } /** * @todo document this */ function action_itemmoveto() { global $member, $manager; $itemid = intRequestVar('itemid'); $catid = requestVar('catid'); // create new category if needed if ( strstr($catid,'newcat') ) { // get blogid list($blogid) = sscanf($catid,'newcat-%d'); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if ( !$catid ) { $this->doError(_ERROR_CATCREATEFAIL); } } // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); $old_blogid = getBlogIDFromItemId($itemid); Item::move($itemid, $catid); // set the futurePosted flag on the blog $this->updateFuturePosted(getBlogIDFromItemId($itemid)); // reset the futurePosted in case the item is moved from one blog to another $this->updateFuturePosted($old_blogid); if ( $catid != intRequestVar('catid') ) { $this->action_categoryedit($catid, $blog->getID()); } else { $this->action_itemlist(getBlogIDFromCatID($catid)); } } /** * Moves one item to a given category (category existance should be checked by caller) * errors are returned * @param int $itemid * @param int $destCatid category ID to which the item will be moved */ function moveOneItem($itemid, $destCatid) { global $member; // only allow if user is allowed to move item if ( !$member->canUpdateItem($itemid, $destCatid) ) { return _ERROR_DISALLOWED; } Item::move($itemid, $destCatid); } /** * Adds a item to the chosen blog */ function action_additem() { global $manager, $CONF; $manager->loadClass('ITEM'); $result = Item::createFromRequest(); if ( $result['status'] == 'error' ) { $this->error($result['message']); } $blogid = getBlogIDFromItemID($result['itemid']); $blog =& $manager->getBlog($blogid); $btimestamp = $blog->getCorrectTime(); $item = $manager->getItem(intval($result['itemid']), 1, 1); if ( $result['status'] == 'newcategory' ) { $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid)); $this->action_categoryedit($result['catid'], $blogid, $distURI); } else { $methodName = 'action_itemList'; call_user_func(array(&$this, $methodName), $blogid); } } /** * Allows to edit previously made comments **/ function action_commentedit() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $this->pagehead(); $this->parse('commentedit'); $this->pagefoot(); } /** * @todo document this */ function action_commentupdate() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $url = postVar('url'); $email = postVar('email'); $body = postVar('body'); # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE # important note that '\' must be matched with '\\\\' in preg* expressions // intercept words that are too long if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE) { $this->error(_ERROR_COMMENT_LONGWORD); } // check length if ( i18n::strlen($body) < 3 ) { $this->error(_ERROR_COMMENT_NOCOMMENT); } if ( i18n::strlen($body) > 5000 ) { $this->error(_ERROR_COMMENT_TOOLONG); } // prepare body $body = Comment::prepareBody($body); // call plugins $manager->notify( 'PreUpdateComment', array( 'body' => &$body ) ); $query = 'UPDATE ' . sql_table('comment') . " SET " . " cmail = '" . sql_real_escape_string($url) . "'," . " cemail = '" . sql_real_escape_string($email) . "'," . " cbody = '" . sql_real_escape_string($body) . "'" . " WHERE " . " cnumber = " . $commentid; sql_query($query); // get itemid $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); $o = sql_fetch_object($res); $itemid = $o->citem; if ( $member->canAlterItem($itemid) ) { $this->action_itemcommentlist($itemid); } else { $this->action_browseowncomments(); } } /** * Admin::action_commentdelete() * Update comment * * @param Void * @return Void */ function action_commentdelete() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $this->pagehead(); $this->parse('commentdelete'); $this->pagefoot(); return; } /** * @todo document this */ function action_commentdeleteconfirm() { global $member; $commentid = intRequestVar('commentid'); // get item id first $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); $o = sql_fetch_object($res); $itemid = $o->citem; $error = $this->deleteOneComment($commentid); if ( $error ) { $this->doError($error); } if ( $member->canAlterItem($itemid) ) { $this->action_itemcommentlist($itemid); } else { $this->action_browseowncomments(); } } /** * @todo document this */ function deleteOneComment($commentid) { global $member, $manager; $commentid = intval($commentid); if ( !$member->canAlterComment($commentid) ) { return _ERROR_DISALLOWED; } $manager->notify( 'PreDeleteComment', array( 'commentid' => $commentid ) ); // delete the comments associated with the item $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cnumber=' . $commentid; sql_query($query); $manager->notify( 'PostDeleteComment', array( 'commentid' => $commentid ) ); return ''; } /** * Usermanagement main */ function action_usermanagement() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('usermanagement'); $this->pagefoot(); } /** * Edit member settings */ function action_memberedit() { $this->action_editmembersettings(intRequestVar('memberid')); } /** * @todo document this */ function action_editmembersettings($memberid = '') { global $member, $manager, $CONF; if ( $memberid == '' ) { $memberid = $member->getID(); } $_REQUEST['memberid'] = $memberid; // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $extrahead = ''; $this->pagehead($extrahead); $this->parse('editmembersettings'); $this->pagefoot(); } /** * @todo document this */ function action_changemembersettings() { global $member, $CONF, $manager; $memberid = intRequestVar('memberid'); // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $name = trim(strip_tags(postVar('name'))); $realname = trim(strip_tags(postVar('realname'))); $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); $email = strip_tags(postVar('email')); $url = strip_tags(postVar('url')); $adminskin = intPostVar('adminskin'); # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi: !eregi("^https?://", $url) // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. if ( !preg_match('#^https?://#', $url) ) { $url = 'http://' . $url; } $admin = postVar('admin'); $canlogin = postVar('canlogin'); $notes = strip_tags(postVar('notes')); $locale = postVar('locale'); $mem = Member::createFromID($memberid); if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { if ( !isValidDisplayName($name) ) { $this->error(_ERROR_BADNAME); } if ( ($name != $mem->getDisplayName()) && Member::exists($name) ) { $this->error(_ERROR_NICKNAMEINUSE); } if ( $password != $repeatpassword ) { $this->error(_ERROR_PASSWORDMISMATCH); } if ( $password && (i18n::strlen($password) < 6) ) { $this->error(_ERROR_PASSWORDTOOSHORT); } if ( $password ) { $pwdvalid = true; $pwderror = ''; $manager->notify( 'PrePasswordSet', array( 'password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid ) ); if ( !$pwdvalid ) { $this->error($pwderror); } } } if ( !NOTIFICATION::address_validation($email) ) { $this->error(_ERROR_BADMAILADDRESS); } if ( !$realname ) { $this->error(_ERROR_REALNAMEMISSING); } if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) ) { $this->error(_ERROR_NOSUCHTRANSLATION); } // check if there will remain at least one site member with both the logon and admin rights // (check occurs when taking away one of these rights from such a member) if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) ) { $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); if ( sql_num_rows($r) < 2 ) { $this->error(_ERROR_ATLEASTONEADMIN); } } if ( $CONF['AllowLoginEdit'] || $member->isAdmin() ) { $mem->setDisplayName($name); if ( $password ) { $mem->setPassword($password); } } $oldEmail = $mem->getEmail(); $mem->setRealName($realname); $mem->setEmail($email); $mem->setURL($url); $mem->setNotes($notes); $mem->setLocale($locale); // only allow super-admins to make changes to the admin status if ( $member->isAdmin() ) { $mem->setAdmin($admin); $mem->setCanLogin($canlogin); } $autosave = postVar('autosave'); $mem->setAutosave($autosave); $mem->write(); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::apply_plugin_options($aOptions); $manager->notify( 'PostPluginOptionsUpdate', array( 'context' => 'member', 'memberid' => $memberid, 'member' => &$mem ) ); // if email changed, generate new password if ( $oldEmail != $mem->getEmail() ) { $mem->sendActivationLink('addresschange', $oldEmail); // logout member $mem->newCookieKey(); // only log out if the member being edited is the current member. if ( $member->getID() == $memberid ) { $member->logout(); } $this->action_login(_MSG_ACTIVATION_SENT, 0); return; } if ( ( $mem->getID() == $member->getID() ) && ( $mem->getDisplayName() != $member->getDisplayName() ) ) { $mem->newCookieKey(); $member->logout(); $this->action_login(_MSG_LOGINAGAIN, 0); } else { $this->action_overview(_MSG_SETTINGSCHANGED); } } /** * Admin::action_memberadd() * * @param void * @return void * */ function action_memberadd() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); if ( postVar('password') != postVar('repeatpassword') ) { $this->error(_ERROR_PASSWORDMISMATCH); } if ( i18n::strlen(postVar('password')) < 6 ) { $this->error(_ERROR_PASSWORDTOOSHORT); } $res = Member::create( postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes') ); if ( $res != 1 ) { $this->error($res); } // fire PostRegister event $newmem = new Member(); $newmem->readFromName(postVar('name')); $manager->notify( 'PostRegister', array( 'member' => &$newmem ) ); $this->action_usermanagement(); return; } /** * Account activation * * @author dekarma */ function action_activate() { $key = getVar('key'); $this->_showActivationPage($key); } /** * @todo document this */ function _showActivationPage($key, $message = '') { global $manager; // clean up old activation keys Member::cleanupActivationTable(); // get activation info $info = Member::getActivationInfo($key); if ( !$info ) { $this->error(_ERROR_ACTIVATE); } $mem = Member::createFromId($info->vmember); if ( !$mem ) { $this->error(_ERROR_ACTIVATE); } $_POST['ackey'] = $key; $this->headMess = $message; $_POST['bNeedsPasswordChange'] = true; $this->pagehead(); $this->parse('activate'); $this->pagefoot(); } /** * Account activation - set password part * * @author dekarma */ function action_activatesetpwd() { $key = postVar('key'); // clean up old activation keys Member::cleanupActivationTable(); // get activation info $info = Member::getActivationInfo($key); if ( !$info || ($info->type == 'addresschange') ) { return $this->_showActivationPage($key, _ERROR_ACTIVATE); } $mem = Member::createFromId($info->vmember); if ( !$mem ) { return $this->_showActivationPage($key, _ERROR_ACTIVATE); } $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); if ( $password != $repeatpassword ) { return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); } if ( $password && (i18n::strlen($password) < 6) ) { return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); } if ( $password ) { $pwdvalid = true; $pwderror = ''; global $manager; $manager->notify( 'PrePasswordSet', array( 'password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid ) ); if ( !$pwdvalid ) { return $this->_showActivationPage($key,$pwderror); } } $error = ''; $manager->notify( 'ValidateForm', array( 'type' => 'activation', 'member' => $mem, 'error' => &$error ) ); if ( $error != '' ) { return $this->_showActivationPage($key, $error); } // set password $mem->setPassword($password); $mem->write(); // do the activation Member::activate($key); $this->pagehead(); $this->parse('activatesetpwd'); $this->pagefoot(); } /** * Manage team */ function action_manageteam() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $this->pagehead(); $this->parse('manageteam'); $this->pagefoot(); } /** * Add member to team */ function action_teamaddmember() { global $member, $manager; $memberid = intPostVar('memberid'); $blogid = intPostVar('blogid'); $admin = intPostVar('admin'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); if ( !$blog->addTeamMember($memberid, $admin) ) { $this->error(_ERROR_ALREADYONTEAM); } $this->action_manageteam(); } /** * @todo document this */ function action_teamdelete() { global $member, $manager; $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $teammem = Member::createFromID($memberid); $blog =& $manager->getBlog($blogid); $this->pagehead(); $this->parse('teamdelete'); $this->pagefoot(); } /** * @todo document this */ function action_teamdeleteconfirm() { global $member; $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); $error = $this->deleteOneTeamMember($blogid, $memberid); if ( $error ) { $this->error($error); } $this->action_manageteam(); } /** * @todo document this */ function deleteOneTeamMember($blogid, $memberid) { global $member, $manager; $blogid = intval($blogid); $memberid = intval($memberid); // check if allowed if ( !$member->blogAdminRights($blogid) ) { return _ERROR_DISALLOWED; } // check if: - there remains at least one blog admin // - (there remains at least one team member) $tmem = Member::createFromID($memberid); $manager->notify( 'PreDeleteTeamMember', array( 'member' => &$tmem, 'blogid' => $blogid ) ); if ( $tmem->isBlogAdmin($blogid) ) { // check if there are more blog members left and at least one admin // (check for at least two admins before deletion) $query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid . ' and tadmin=1'; $r = sql_query($query); if ( sql_num_rows($r) < 2 ) { return _ERROR_ATLEASTONEBLOGADMIN; } } $query = 'DELETE FROM ' . sql_table('team') . " WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); $manager->notify( 'PostDeleteTeamMember', array( 'member' => &$tmem, 'blogid' => $blogid ) ); return ''; } /** * @todo document this */ function action_teamchangeadmin() { global $member; $blogid = intRequestVar('blogid'); $memberid = intRequestVar('memberid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $mem = Member::createFromID($memberid); // don't allow when there is only one admin at this moment if ( $mem->isBlogAdmin($blogid) ) { $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); if ( sql_num_rows($r) == 1 ) { $this->error(_ERROR_ATLEASTONEBLOGADMIN); } } if ( $mem->isBlogAdmin($blogid) ) { $newval = 0; } else { $newval = 1; } $query = 'UPDATE ' . sql_table('team') . " SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); // only show manageteam if member did not change its own admin privileges if ( $member->isBlogAdmin($blogid) ) { $this->action_manageteam(); } else { $this->action_overview(_MSG_ADMINCHANGED); } } /** * @todo document this */ function action_blogsettings() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $extrahead = ''; $this->pagehead($extrahead); $this->parse('blogsettings'); $this->pagefoot(); } /** * @todo document this */ function action_categorynew() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $cname = postVar('cname'); $cdesc = postVar('cdesc'); if ( !isValidCategoryName($cname) ) { $this->error(_ERROR_BADCATEGORYNAME); } $query = 'SELECT * FROM ' . sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname) . '\' and cblog=' . intval($blogid); $res = sql_query($query); if ( sql_num_rows($res) > 0 ) { $this->error(_ERROR_DUPCATEGORYNAME); } $blog =& $manager->getBlog($blogid); $newCatID = $blog->createNewCategory($cname, $cdesc); $this->action_blogsettings(); } /** * @todo document this */ function action_categoryedit($catid = '', $blogid = '', $desturl = '') { global $member, $manager; if ( $blogid == '' ) { $blogid = intGetVar('blogid'); } else { $blogid = intval($blogid); } if ( $catid == '' ) { $catid = intGetVar('catid'); } else { $catid = intval($catid); } $_REQUEST['blogid'] = $blogid; $_REQUEST['catid'] = $catid; $_REQUEST['desturl'] = $desturl; $member->blogAdminRights($blogid) or $this->disallow(); $extrahead = ''; $this->pagehead($extrahead); $this->parse('categoryedit'); $this->pagefoot(); } /** * @todo document this */ function action_categoryupdate() { global $member, $manager; $blogid = intPostVar('blogid'); $catid = intPostVar('catid'); $cname = postVar('cname'); $cdesc = postVar('cdesc'); $desturl = postVar('desturl'); $member->blogAdminRights($blogid) or $this->disallow(); if ( !isValidCategoryName($cname) ) { $this->error(_ERROR_BADCATEGORYNAME); } $query = "SELECT *" . " FROM " . sql_table('category') . " WHERE cname='" . sql_real_escape_string($cname) . "'" . " and cblog=" . intval($blogid) . " and not(catid=" . intval($catid) . ")"; $res = sql_query($query); if ( sql_num_rows($res) > 0 ) { $this->error(_ERROR_DUPCATEGORYNAME); } $query = 'UPDATE '.sql_table('category').' SET' . " cname='" . sql_real_escape_string($cname) . "'," . " cdesc='" . sql_real_escape_string($cdesc) . "'" . " WHERE catid=" . intval($catid); sql_query($query); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::apply_plugin_options($aOptions); $manager->notify( 'PostPluginOptionsUpdate', array( 'context' => 'category', 'catid' => $catid ) ); if ( $desturl ) { redirect($desturl); exit; } else { $this->action_blogsettings(); } } /** * @todo document this */ function action_categorydelete() { global $member, $manager; $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); // check if the category is valid if ( !$blog->isValidCategory($catid) ) { $this->error(_ERROR_NOSUCHCATEGORY); } // don't allow deletion of default category if ( $blog->getDefaultCategory() == $catid ) { $this->error(_ERROR_DELETEDEFCATEGORY); } // check if catid is the only category left for blogid $query = 'SELECT catid FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid; $res = sql_query($query); if ( sql_num_rows($res) == 1 ) { $this->error(_ERROR_DELETELASTCATEGORY); } $this->pagehead(); $this->parse('categorydelete'); $this->pagefoot(); } /** * @todo document this */ function action_categorydeleteconfirm() { global $member, $manager; $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); $member->blogAdminRights($blogid) or $this->disallow(); $error = $this->deleteOneCategory($catid); if ( $error ) { $this->error($error); } $this->action_blogsettings(); } /** * Admin::deleteOneCategory() * Delete a category by its id * * @param String $catid category id for deleting * @return Void */ function deleteOneCategory($catid) { global $manager, $member; $catid = intval($catid); $blogid = getBlogIDFromCatID($catid); if ( !$member->blogAdminRights($blogid) ) { return ERROR_DISALLOWED; } // get blog $blog =& $manager->getBlog($blogid); // check if the category is valid if ( !$blog || !$blog->isValidCategory($catid) ) { return _ERROR_NOSUCHCATEGORY; } $destcatid = $blog->getDefaultCategory(); // don't allow deletion of default category if ( $blog->getDefaultCategory() == $catid ) { return _ERROR_DELETEDEFCATEGORY; } // check if catid is the only category left for blogid $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; $res = sql_query($query); if ( sql_num_rows($res) == 1 ) { return _ERROR_DELETELASTCATEGORY; } $manager->notify( 'PreDeleteCategory', array( 'catid' => $catid ) ); // change category for all items to the default category $query = 'UPDATE ' . sql_table('item') . " SET icat=$destcatid WHERE icat=$catid"; sql_query($query); // delete all associated plugin options NucleusPlugin::delete_option_values('category', $catid); // delete category $query = 'DELETE FROM ' . sql_table('category') . ' WHERE catid=' . $catid; sql_query($query); $manager->notify( 'PostDeleteCategory', array( 'catid' => $catid ) ); return; } /** * Admin::action_blogsettingsupdate * Updating blog settings * * @param Void * @return Void */ function action_blogsettingsupdate() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $notify_address = trim(postVar('notify')); $shortname = trim(postVar('shortname')); $updatefile = trim(postVar('update')); $notifyComment = intPostVar('notifyComment'); $notifyVote = intPostVar('notifyVote'); $notifyNewItem = intPostVar('notifyNewItem'); if ( $notifyComment == 0 ) { $notifyComment = 1; } if ( $notifyVote == 0 ) { $notifyVote = 1; } if ( $notifyNewItem == 0 ) { $notifyNewItem = 1; } $notifyType = $notifyComment * $notifyVote * $notifyNewItem; if ( $notify_address && !NOTIFICATION::address_validation($notify_address) ) { $this->error(_ERROR_BADNOTIFY); } if ( !isValidShortName($shortname) ) { $this->error(_ERROR_BADSHORTBLOGNAME); } if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) ) { $this->error(_ERROR_DUPSHORTBLOGNAME); } // check if update file is writable if ( $updatefile && !is_writeable($updatefile) ) { $this->error(_ERROR_UPDATEFILE); } $blog->setName(trim(postVar('name'))); $blog->setShortName($shortname); $blog->setNotifyAddress($notify_address); $blog->setNotifyType($notifyType); $blog->setMaxComments(postVar('maxcomments')); $blog->setCommentsEnabled(postVar('comments')); $blog->setTimeOffset(postVar('timeoffset')); $blog->setUpdateFile($updatefile); $blog->setURL(trim(postVar('url'))); $blog->setDefaultSkin(intPostVar('defskin')); $blog->setDescription(trim(postVar('desc'))); $blog->setPublic(postVar('public')); $blog->setConvertBreaks(intPostVar('convertbreaks')); $blog->setAllowPastPosting(intPostVar('allowpastposting')); $blog->setDefaultCategory(intPostVar('defcat')); $blog->setSearchable(intPostVar('searchable')); $blog->setEmailRequired(intPostVar('reqemail')); $blog->writeSettings(); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::apply_plugin_options($aOptions); $manager->notify( 'PostPluginOptionsUpdate', array( 'context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog ) ); $this->action_overview(_MSG_SETTINGSCHANGED); return; } /** * @todo document this */ function action_deleteblog() { global $member, $CONF, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); // check if blog is default blog if ( $CONF['DefaultBlog'] == $blogid ) { $this->error(_ERROR_DELDEFBLOG); } $blog =& $manager->getBlog($blogid); $this->pagehead(); $this->parse('deleteblog'); $this->pagefoot(); } /** * Admin::action_deleteblogconfirm() * Delete Blog * * @param Void * @return Void */ function action_deleteblogconfirm() { global $member, $CONF, $manager; $blogid = intRequestVar('blogid'); $manager->notify( 'PreDeleteBlog', array( 'blogid' => $blogid ) ); $member->blogAdminRights($blogid) or $this->disallow(); // check if blog is default blog if ( $CONF['DefaultBlog'] == $blogid ) { $this->error(_ERROR_DELDEFBLOG); } // delete all comments $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid; sql_query($query); // delete all items $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid; sql_query($query); // delete all team members $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid; sql_query($query); // delete all bans $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid; sql_query($query); // delete all categories $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid; sql_query($query); // delete all associated plugin options NucleusPlugin::delete_option_values('blog', $blogid); // delete the blog itself $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid; sql_query($query); $manager->notify( 'PostDeleteBlog', array( 'blogid' => $blogid ) ); $this->action_overview(_DELETED_BLOG); return; } /** * @todo document this */ function action_memberdelete() { global $member, $manager; $memberid = intRequestVar('memberid'); ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $mem = Member::createFromID($memberid); $this->pagehead(); $this->parse('memberdelete'); $this->pagefoot(); } /** * @todo document this */ function action_memberdeleteconfirm() { global $member; $memberid = intRequestVar('memberid'); ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $error = $this->deleteOneMember($memberid); if ( $error ) { $this->error($error); } if ( $member->isAdmin() ) { $this->action_usermanagement(); } else { $this->action_overview(_DELETED_MEMBER); } } /** * Admin::deleteOneMember() * Delete a member by id * * @static * @params Integer $memberid member id * @return String null string or error messages */ function deleteOneMember($memberid) { global $manager; $memberid = intval($memberid); $mem = Member::createFromID($memberid); if ( !$mem->canBeDeleted() ) { return _ERROR_DELETEMEMBER; } $manager->notify( 'PreDeleteMember', array( 'member' => &$mem ) ); /* unlink comments from memberid */ if ( $memberid ) { $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d"; $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid); sql_query($query); } $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid; sql_query($query); $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid; sql_query($query); $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid; sql_query($query); // delete all associated plugin options NucleusPlugin::delete_option_values('member', $memberid); $manager->notify( 'PostDeleteMember', array( 'member' => &$mem ) ); return ''; } /** * @todo document this */ function action_createnewlog() { global $member, $CONF, $manager; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $this->pagehead(); $this->parse('createnewlog'); $this->pagefoot(); } /** * @todo document this */ function action_addnewlog() { global $member, $manager, $CONF; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $bname = trim(postVar('name')); $bshortname = trim(postVar('shortname')); $btimeoffset = postVar('timeoffset'); $bdesc = trim(postVar('desc')); $bdefskin = postVar('defskin'); if ( !isValidShortName($bshortname) ) { $this->error(_ERROR_BADSHORTBLOGNAME); } if ( $manager->existsBlog($bshortname) ) { $this->error(_ERROR_DUPSHORTBLOGNAME); } $manager->notify( 'PreAddBlog', array( 'name' => &$bname, 'shortname' => &$bshortname, 'timeoffset' => &$btimeoffset, 'description' => &$bdesc, 'defaultskin' => &$bdefskin ) ); // add slashes for sql queries $bname = sql_real_escape_string($bname); $bshortname = sql_real_escape_string($bshortname); $btimeoffset = sql_real_escape_string($btimeoffset); $bdesc = sql_real_escape_string($bdesc); $bdefskin = sql_real_escape_string($bdefskin); // create blog $query = 'INSERT ' . 'INTO ' . sql_table('blog') . '(' . ' bname, ' . ' bshortname, ' . ' bdesc, ' . ' btimeoffset, ' . ' bdefskin' . ') VALUES (' . "'" . $bname . "'," . "'" . $bshortname . "'," . "'" . $bdesc . "'," . "'" . $btimeoffset . "'," . "'" . $bdefskin . "'" . ")"; sql_query($query); $blogid = sql_insert_id(); $blog =& $manager->getBlog($blogid); // create new category $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General'); $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories'); $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")'; sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc)); $catid = sql_insert_id(); // set as default category $blog->setDefaultCategory($catid); $blog->writeSettings(); // create team member $memberid = $member->getID(); $query = 'INSERT ' . 'INTO ' . sql_table('team') . '(' . ' tmember, ' . ' tblog, ' . ' tadmin' . ') VALUES (' . '%d, ' . '%d, ' . ' 1' . ')'; sql_query(sprintf($query), $memberid, $blogid); $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); $blog->additem( $blog->getDefaultCategory(), $itemdeftitle,$itemdefbody, '', $blogid, $memberid, $blog->getCorrectTime(), 0, 0, 0 ); $manager->notify( 'PostAddBlog', array( 'blog' => &$blog ) ); $manager->notify( 'PostAddCategory', array( 'blog' => &$blog, 'name' => _EBLOGDEFAULTCATEGORY_NAME, 'description' => _EBLOGDEFAULTCATEGORY_DESC, 'catid' => $catid ) ); $_REQUEST['blogid'] = $blogid; $_REQUEST['catid'] = $catid; $this->pagehead(); $this->parse('addnewlog'); $this->pagefoot(); } /** * @todo document this */ function action_addnewlog2() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $burl = requestVar('url'); $blog =& $manager->getBlog($blogid); $blog->setURL(trim($burl)); $blog->writeSettings(); $this->action_overview(_MSG_NEWBLOG); } /** * @todo document this */ function action_skinieoverview() { global $member, $DIR_LIBS, $manager; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $this->pagehead(); $this->parse('skinieoverview'); $this->pagefoot(); } /** * @todo document this */ function action_skinieimport() { global $member, $DIR_LIBS, $DIR_SKINS, $manager; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $skinFileRaw= postVar('skinfile'); $mode = postVar('mode'); $importer = new SkinImport(); // get full filename if ($mode == 'file') { $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; } else { $skinFile = $skinFileRaw; } // read only metadata $error = $importer->readFile($skinFile, 1); // clashes $skinNameClashes = $importer->checkSkinNameClashes(); $templateNameClashes = $importer->checkTemplateNameClashes(); $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); if ($error) $this->error($error); $this->pagehead(); echo '
'; ?>getInfo())?>
'._AND.' ',$importer->getSkinNames())?>
'._AND.' ',$importer->getTemplateNames())?>
'._AND.' ',$skinNameClashes)?>
'._AND.' ',$templateNameClashes)?>
getInfo())?>
'._AND.' ',$importer->getSkinNames())?>
'._AND.' ',$importer->getTemplateNames())?>
()
pagefoot(); } /** * @todo document this */ function action_templatedeleteconfirm() { global $member, $manager; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); // 1. delete description sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); // 2. delete parts sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); $this->action_templateoverview(); } /** * @todo document this */ function action_templatenew() { global $member; $member->isAdmin() or $this->disallow(); $name = postVar('name'); $desc = postVar('desc'); if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); if (Template::exists($name)) $this->error(_ERROR_DUPTEMPLATENAME); $newTemplateId = Template::createNew($name, $desc); $this->action_templateoverview(); } /** * @todo document this */ function action_templateclone() { global $member; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); // 1. read old template $name = Template::getNameFromId($templateid); $desc = Template::getDesc($templateid); // 2. create desc thing $name = "cloned" . $name; // if a template with that name already exists: if (Template::exists($name)) { $i = 1; while (Template::exists($name . $i)) $i++; $name .= $i; } $newid = Template::createNew($name, $desc); // 3. create clone // go through parts of old template and add them to the new one $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); while ($o = sql_fetch_object($res)) { $this->addToTemplate($newid, $o->tpartname, $o->tcontent); } $this->action_templateoverview(); } /** * @todo document this */ function action_skinoverview() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo ''; echo '()
pagefoot(); } /** * @todo document this */ function action_skindeleteconfirm() { global $member, $CONF, $manager; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // don't allow default skin to be deleted if ($skinid == $CONF['BaseSkin']) $this->error(_ERROR_DEFAULTSKIN); // don't allow deletion of default skins for blogs $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; $r = sql_query($query); if ($o = sql_fetch_object($r)) $this->error(_ERROR_SKINDEFDELETE .$o->bname); $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); // 1. delete description sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); // 2. delete parts sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); $this->action_skinoverview(); } /** * @todo document this */ function action_skinremovetype() { global $member, $manager, $CONF; $skinid = intRequestVar('skinid'); $skintype = requestVar('type'); if (!isValidShortName($skintype)) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $member->isAdmin() or $this->disallow(); // don't allow default skinparts to be deleted if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $this->pagehead(); $skin = new SKIN($skinid); $name = $skin->getName(); $desc = $skin->getDescription(); ?>() ()
pagefoot(); } /** * @todo document this */ function action_skinremovetypeconfirm() { global $member, $CONF, $manager; $skinid = intRequestVar('skinid'); $skintype = requestVar('type'); if (!isValidShortName($skintype)) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $member->isAdmin() or $this->disallow(); // don't allow default skinparts to be deleted if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); // delete part sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\''); $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); $this->action_skinedit(); } /** * @todo document this */ function action_skinclone() { global $member; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // 1. read skin to clone $skin = new SKIN($skinid); $name = "clone_" . $skin->getName(); // if a skin with that name already exists: if (SKIN::exists($name)) { $i = 1; while (SKIN::exists($name . $i)) $i++; $name .= $i; } // 2. create skin desc $newid = SKIN::createNew( $name, $skin->getDescription(), $skin->getContentType(), $skin->getIncludeMode(), $skin->getIncludePrefix() ); // 3. clone /* $this->skinclonetype($skin, $newid, 'index'); $this->skinclonetype($skin, $newid, 'item'); $this->skinclonetype($skin, $newid, 'archivelist'); $this->skinclonetype($skin, $newid, 'archive'); $this->skinclonetype($skin, $newid, 'search'); $this->skinclonetype($skin, $newid, 'error'); $this->skinclonetype($skin, $newid, 'member'); $this->skinclonetype($skin, $newid, 'imagepopup'); */ $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid; $res = sql_query($query); while ($row = sql_fetch_assoc($res)) { $this->skinclonetype($skin, $newid, $row['stype']); } $this->action_skinoverview(); } /** * Admin::skinclonetype() * * @param String $skin Skin object * @param Integer $newid ID for this clone * @param String $type type of skin * @return Void */ function skinclonetype($skin, $newid, $type) { $newid = intval($newid); $content = $skin->getContent($type); if ( $content ) { $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')"; $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type); sql_query($query); } return; } /** * Admin::action_settingsedit() * * @param Void * @return Void */ function action_settingsedit() { global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo ''; ?> ',_PLUGINS_EXTRA,''; $manager->notify( 'GeneralSettingsFormExtras', array() ); $this->pagefoot(); } /** * Admin::action_settingsupdate() * Update $CONFIG and redirect * * @param void * @return void */ function action_settingsupdate() { global $member, $CONF; $member->isAdmin() or $this->disallow(); // check if email address for admin is valid if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) ) { $this->error(_ERROR_BADMAILADDRESS); } // save settings $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); $this->updateConfig('BaseSkin', postVar('BaseSkin')); $this->updateConfig('IndexURL', postVar('IndexURL')); $this->updateConfig('AdminURL', postVar('AdminURL')); $this->updateConfig('PluginURL', postVar('PluginURL')); $this->updateConfig('SkinsURL', postVar('SkinsURL')); $this->updateConfig('ActionURL', postVar('ActionURL')); $this->updateConfig('Locale', postVar('Locale')); $this->updateConfig('AdminEmail', postVar('AdminEmail')); $this->updateConfig('SessionCookie', postVar('SessionCookie')); $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); $this->updateConfig('SiteName', postVar('SiteName')); $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon')); $this->updateConfig('DisableSite', postVar('DisableSite')); $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); $this->updateConfig('LastVisit', postVar('LastVisit')); $this->updateConfig('MediaURL', postVar('MediaURL')); $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); $this->updateConfig('AllowUpload', postVar('AllowUpload')); $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); $this->updateConfig('CookieDomain', postVar('CookieDomain')); $this->updateConfig('CookiePath', postVar('CookiePath')); $this->updateConfig('CookieSecure', postVar('CookieSecure')); $this->updateConfig('URLMode', postVar('URLMode')); $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); $this->updateConfig('DebugVars', postVar('DebugVars')); $this->updateConfig('DefaultListSize', postVar('DefaultListSize')); $this->updateConfig('AdminCSS', postVar('AdminCSS')); // load new config and redirect (this way, the new locale will be used is necessary) // note that when changing cookie settings, this redirect might cause the user // to have to log in again. getConfig(); redirect($CONF['AdminURL'] . '?action=manage'); exit; } /** * Admin::action_systemoverview() * Output system overview * * @param void * @return void */ function action_systemoverview() { global $member, $nucleus, $CONF; $this->pagehead(); echo '' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . " | \n"; echo "|
---|---|
' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . " | \n"; echo '' . phpversion() . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . " | \n"; echo '' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . " | \n"; echo "|
---|---|
magic_quotes_gpc' . " | \n"; $mqg = get_magic_quotes_gpc() ? 'On' : 'Off'; echo '' . $mqg . " | \n"; echo "
magic_quotes_runtime' . " | \n"; $mqr = get_magic_quotes_runtime() ? 'On' : 'Off'; echo '' . $mqr . " | \n"; echo "
register_globals' . " | \n"; $rg = ini_get('register_globals') ? 'On' : 'Off'; echo '' . $rg . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . " | \n"; echo "|
---|---|
' . $key . " | \n"; echo '' . $value . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_MODULES . " | \n"; echo "|
---|---|
mod_rewrite' . " | \n"; $modrewrite = (strstr($im, 'mod_rewrite') != '') ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; echo '' . $modrewrite . " | \n"; echo "
Nucleus CMS' . " | \n"; echo "|
---|---|
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . " | \n"; echo '' . $nv . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . " | \n"; echo '' . $np . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . " | \n"; echo "|
---|---|
' . '$CONF[' . "'Self'] | \n"; echo '' . $CONF['Self'] . " | \n"; echo "
' . '$CONF[' . "'ItemURL'] | \n"; echo '' . $CONF['ItemURL'] . " | \n"; echo "
' . '$CONF[' . "'alertOnHeadersSent'] | \n"; $ohs = $CONF['alertOnHeadersSent'] ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; echo '' . $ohs . " | \n"; echo "
i18n::get_current_charset() | \n"; echo '' . i18n::get_current_charset() . " | \n"; echo "