X-Git-Url: http://git.osdn.net/view?a=blobdiff_plain;f=nucleus%2Flibs%2FADMIN.php;h=839a8dbbc42cd1e92a9c355df9e7fad0808df56e;hb=eb080ad31a3105dac5cb1ba827ca2475df51b205;hp=f121248e3435c905152dba59ac711ce3181168b6;hpb=f175e85b9cad19c9c6686f4efc3f2df2e289be4d;p=nucleus-jp%2Fnucleus-next.git diff --git a/nucleus/libs/ADMIN.php b/nucleus/libs/ADMIN.php index f121248..839a8db 100644 --- a/nucleus/libs/ADMIN.php +++ b/nucleus/libs/ADMIN.php @@ -1,5897 +1,5738 @@ - action_xxxx method) - */ - public $action; - - /** - * @var object $adminSkin - */ - public $adminSkin; - - /** - * @var string $extrahead - */ - public $extrahead; - - /** - * @var bool $passvar - */ - public $passvar; - - /** - * @var string $headMess - */ - public $headMess; - - public $aOptions; - - /** - * Class constructor - */ - /* function ADMIN() { - } */ - function __construct() - { - global $member, $DIR_LIBS; - $query = 'SELECT ' - . ' COUNT(*) as result ' - . 'FROM ' - . sql_table('adminskin_desc'); - if ( !(quickQuery($query)) ) - { - $this->action_importAdmin(); - } - if ( !isset($adminSkinid) || !($adminSkinid) ) - { - $adminSkinid = self::getAdminSkinID(); - } - if ( skinableSKIN::existsID($adminSkinid) ) - { - $this->adminSkin = new skinableSKIN($adminSkinid); - } - else - { - $this->adminSkin = 0; - } - } - - static private function getAdminSkinID() - { - global $CONF, $member, $manager; - if (isset($member) && $member->isLoggedIn()) { - $memskin = $member->getAdminSkin(); - if ($memskin) { - return $memskin; - } - } - return $CONF['DefaultAdminSkin']; - } - - function getAdminskinEditActions() - { - return array( - 'adminskinoverview', - 'adminskinieoverview', - 'adminskinedittype', - 'adminskinremovetype', - 'adminskindelete', - 'adminskinedit', - 'adminskinieimport', - 'adminskiniedoimport', - 'admintemplateedit', - 'admintemplateoverview', - 'admintemplatedelete', - ); - } - - function getSkinlessActions() - { - return array( - 'plugindeleteconfirm', - 'pluginoptionsupdate', - 'skinremovetypeconfirm', - 'skinclone', - 'skindeleteconfirm', - 'skinnew', - 'skineditgeneral', - 'skinieexport', - 'skinupdate', - 'templateupdate', - 'templatedeleteconfirm', - 'templatenew', - 'templateclone', - 'adminskinremovetypeconfirm', - 'adminskinclone', - 'adminskindeleteconfirm', - 'adminskinnew', - 'adminskineditgeneral', - 'adminskinieexport', - 'adminskinupdate', - 'admintemplateupdate', - 'admintemplatedeleteconfirm', - 'admintemplatenew', - 'admintemplateclone', - 'blogsettingsupdate', - 'settingsupdate', - 'addnewlog2', - 'additem', - 'itemdeleteconfirm', - 'itemupdate', - 'changemembersettings', - 'clearactionlog', - 'memberedit', - ); - } - - /** - * Executes an action - * - * @param string $action action to be performed - */ - function action($action) - { - global $CONF, $manager; - $f = false; - - // list of action aliases - $alias = array( - 'login' => 'overview', - '' => 'overview' - ); - - $customAction = postvar('customaction'); - if ( !empty($customAction) ) - { - $alias = array( - 'login' => $customAction, - '' => $customAction - ); - } - if ( isset($alias[$action]) ) - { - $action = $alias[$action]; - } - $methodName = 'action_' . $action; - - $this->action = strtolower($action); - - // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action - // is an action that requires user interaction before something is actually done) - // all safe actions are in this array: - $aActionsNotToCheck = array( - 'showlogin', - 'login', - 'overview', - 'itemlist', - 'blogcommentlist', - 'bookmarklet', - 'blogsettings', - 'banlist', - 'deleteblog', - 'editmembersettings', - 'browseownitems', - 'browseowncomments', - 'createitem', - 'itemedit', - 'itemmove', - 'categoryedit', - 'categorydelete', - 'manage', - 'actionlog', - 'settingsedit', - 'backupoverview', - 'pluginlist', - 'createnewlog', - 'usermanagement', - 'skinoverview', - 'templateoverview', - 'skinieoverview', - 'itemcommentlist', - 'commentedit', - 'commentdelete', - 'banlistnewfromitem', - 'banlistdelete', - 'itemdelete', - 'manageteam', - 'teamdelete', - 'banlistnew', - 'memberedit', - 'memberdelete', - 'pluginhelp', - 'pluginoptions', - 'plugindelete', - 'skinedittype', - 'skinremovetype', - 'skindelete', - 'skinedit', - 'templateedit', - 'templatedelete', - 'activate', - 'systemoverview', - 'activatesetpwd', - ); - $synonimActions = array( - 'banlistnewfromitem', - 'memberedit', - 'login', - ); -/* - // the rest of the actions needs to be checked - $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd'); -*/ - $adminskinEditActions = $this->getAdminskinEditActions(); - $skinLessActions = $this->getSkinlessActions(); - $allowActions = array_merge($synonimActions, $this->getSkinlessActions()); - $aActionsNotToCheck = array_merge($aActionsNotToCheck, $adminskinEditActions, $allowActions); - if (!in_array($this->action, $aActionsNotToCheck) && !$this->existsSkinContents($action) ) - { - if (!$manager->checkTicket()) - { - $this->error(_ERROR_BADTICKET); - } - } - if ( !$this->adminSkin && $CONF['DefaultAdminSkin'] ) - { - $this->adminSkin = new Skin($CONF['DefaultAdminSkin']); - } - - if ( !method_exists($this, $methodName) && !in_array($this->action, $allowActions) && $this->existsSkinContents($action) ) - { - $this->action_parseSpecialskin; - $f = true; - } - elseif ( method_exists($this, $methodName) ) - { - call_user_func(array(&$this, $methodName)); - $f = true; - } - if ($f) { - exit; - } - $id = self::getAdminSkinID(); - $this->adminSkin = new skinableSKIN($id); - if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') ) - { - $this->error(_BADACTION . ENTITY::hsc($action)); - $f = true; - } - elseif ( $id != $CONF['DefaultAdminSkin'] ) - { - $this->adminSkin = new Skin($CONF['DefaultAdminSkin']); - if ( $this->adminSkin && $this->existsSkinContents('adminerrorpage') ) - { - $this->error(_BADACTION . ENTITY::hsc($action)); - $f = true; - } - } - if ($f) - { - exit; - } - $this->error(_BADACTION . ENTITY::hsc($action)); - } - - /** - * Check skin contents - * - * @param string action type - * @return bool - */ - function existsSkinContents($action) - { - $nsActions = $this->getSkinlessActions(); - $in_array = in_array($action, $nsActions); - if ($in_array) { - return $in_array; - } else { - $query = 'SELECT ' - . ' scontent as result ' - . 'FROM ' - . sql_table('adminskin') . ' ' - . 'WHERE ' - . ' sdesc = %d ' - . 'AND stype = "%s"'; - if ( is_object($this->adminSkin) ) - { - return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action))); - } - else - { - return quickQuery(sprintf($query, 1, sql_real_escape_string($action))); - } - } - } - - /** - * Check exists specialskinparts - * - * @param string action type - * @return bool - */ - function specialActionsAllow($action) - { - $query = 'SELECT ' - . ' sdesc as result ' - . 'FROM ' - . sql_table('adminskin') . ' ' - . 'WHERE ' - . ' sdesc = %d ' - . 'AND stype = "%s"'; - return quickQuery(sprintf($query, $this->adminSkin->id, sql_real_escape_string($action))); - } - - /** - * @todo document this - */ - function action_showlogin() - { - global $error; - $this->action_login($error); - } - - /** - * @todo document this - */ - function action_login($msg = '', $passvars = 1) - { - global $member; - - // skip to overview when allowed - if ( $member->isLoggedIn() && $member->canLogin() ) - { - $this->action_overview(); - exit; - } - - $this->passvar = $passvars; - if ( $msg ) - { - $this->headMess = $msg; - } - - $this->pagehead(); - $this->parse('showlogin'); - $this->pagefoot(); - } - - /** - * provides a screen with the overview of the actions available - * @todo document parameter - */ - function action_overview($msg = '') - { - if ( $msg ) - { - $this->headMess = $msg; - } - - $this->pagehead(); - $this->parse('overview'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_manage($msg = '') - { - global $member; - - if ( $msg ) - { - $this->headMess = $msg; - } - $member->isAdmin() or $this->disallow(); - - $this->pagehead(); - $this->parse('manage'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_itemlist($blogid = '') - { - global $member, $manager, $CONF; - - if ( $blogid == '' ) - { - $blogid = intRequestVar('blogid'); - } - - $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); - - $this->pagehead(); - $this->parse('itemlist'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_batchitem() - { - global $member, $manager; - - // check if logged in - $member->isLoggedIn() or $this->disallow(); - - // more precise check will be done for each performed operation - - // get array of itemids from request - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - // Show error when no items were selected - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - $this->error(_BATCH_NOSELECTION); - } - - // On move: when no destination blog/category chosen, show choice now - $destCatid = intRequestVar('destcatid'); - if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) ) - { - $this->batchMoveSelectDestination('item', $selected); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - $this->batchAskDeleteConfirmation('item',$selected); - } - - $this->pagehead(); - $this->parse('batchitem'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_batchcomment() - { - global $member; - - // check if logged in - $member->isLoggedIn() or $this->disallow(); - - // more precise check will be done for each performed operation - - // get array of itemids from request - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - // Show error when no items were selected - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - $this->error(_BATCH_NOSELECTION); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - $this->batchAskDeleteConfirmation('comment',$selected); - } - - $this->pagehead(); - $this->parse('batchcomment'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_batchmember() - { - global $member; - - // check if logged in and admin - ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); - - // get array of itemids from request - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - // Show error when no members selected - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - $this->error(_BATCH_NOSELECTION); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - $this->batchAskDeleteConfirmation('member',$selected); - } - - $this->pagehead(); - $this->parse('batchmember'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_batchteam() - { - global $member; - - $blogid = intRequestVar('blogid'); - - // check if logged in and admin - ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); - - // get array of itemids from request - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - // Show error when no members selected - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - $this->error(_BATCH_NOSELECTION); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - $this->batchAskDeleteConfirmation('team',$selected); - } - - $this->pagehead(); - $this->parse('batchmember'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_batchcategory() - { - global $member, $manager; - - // check if logged in - $member->isLoggedIn() or $this->disallow(); - - // more precise check will be done for each performed operation - - // get array of itemids from request - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - // Show error when no items were selected - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - $this->error(_BATCH_NOSELECTION); - } - - // On move: when no destination blog chosen, show choice now - $destBlogId = intRequestVar('destblogid'); - if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) ) - { - $this->batchMoveCategorySelectDestination('category', $selected); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - $this->batchAskDeleteConfirmation('category', $selected); - } - - $this->pagehead(); - $this->parse('batchcategory'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function batchMoveSelectDestination($type, $ids) - { - $this->pagehead(); - $this->parse('batchmove'); - $this->pagefoot(); - exit; - } - - /** - * @todo document this - */ - function batchMoveCategorySelectDestination($type, $ids) - { - global $manager; - $this->pagehead(); - $this->parse('batchmovecat'); - $this->pagefoot(); - exit; - } - - /** - * @todo document this - */ - function batchAskDeleteConfirmation($type, $ids) - { - $this->pagehead(); - $this->parse('batchdelete'); - $this->pagefoot(); - exit; - } - - - /** - * Inserts a HTML select element with choices for all categories to which the current - * member has access - * @see function selectBlog - */ - function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) - { - Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); - } - - /** - * Inserts a HTML select element with choices for all blogs to which the user has access - * mode = 'blog' => shows blognames and values are blogids - * mode = 'category' => show category names and values are catids - * - * @param $iForcedBlogInclude - * ID of a blog that always needs to be included, without checking if the - * member is on the blog team (-1 = none) - * @todo document parameters - */ - function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) - { - global $member, $CONF; - - // 0. get IDs of blogs to which member can post items (+ forced blog) - $aBlogIds = array(); - if ( $iForcedBlogInclude != -1 ) - { - $aBlogIds[] = intval($iForcedBlogInclude); - } - - if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) ) - { - $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; - } - else - { - $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); - } - $rblogids = sql_query($queryBlogs); - while ($o = sql_fetch_object($rblogids)) - { - if ( $o->bnumber != $iForcedBlogInclude ) - { - $aBlogIds[] = intval($o->bnumber); - } - } - - if ( count($aBlogIds) == 0 ) - { - return; - } - - $_REQUEST['selectData'] = array( - 'name' => $name, - 'tabindex' => $tabindex, - 'mode' => $mode, - 'selected' => $selected, - 'showNewCat' => $showNewCat, - 'aBlogIds' => $aBlogIds, - ); - $this->parse('blogselectbox'); - } - - /** - * @todo document this - */ - function action_browseownitems() { - global $member, $manager, $CONF; - - $this->pagehead(); - $this->parse('browseownitems'); - $this->pagefoot(); - } - - /** - * Show all the comments for a given item - * @param int $itemid - */ - function action_itemcommentlist($itemid = '') { - global $member, $manager, $CONF; - - if ( $itemid == '' ) - { - $itemid = intRequestVar('itemid'); - } - $_REQUEST['itemid'] = $itemid; - $_REQUEST['blogid'] = getBlogIdFromItemId($itemid); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or $this->disallow(); - - $blogid = getBlogIdFromItemId($itemid); - - $this->pagehead(); - $this->parse('itemcommentlist'); - $this->pagefoot(); - } - - /** - * Browse own comments - */ - function action_browseowncomments() { - $this->pagehead(); - $this->parse('browseowncomments'); - $this->pagefoot(); - } - - /** - * Browse all comments for a weblog - * @param int $blogid - */ - function action_blogcommentlist($blogid = '') - { - global $member, $manager, $CONF; - - if ( $blogid == '' ) - { - $blogid = intRequestVar('blogid'); - } - else - { - $blogid = intval($blogid); - } - - $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); - - $_REQUEST['blogid'] = $blogid; - - $this->pagehead(); - $this->parse('blogcommentlist'); - $this->pagefoot(); - } - - /** - * Provide a page to item a new item to the given blog - */ - function action_createitem() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->teamRights($blogid) or $this->disallow(); - - $memberid = $member->getID(); - - $blog =& $manager->getBlog($blogid); - - $this->pagehead(); - $this->parse('createitem'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_itemedit() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or $this->disallow(); - - $item =& $manager->getItem($itemid, 1, 1); - $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); - $this->pagehead(); - $this->parse('itemedit'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_itemupdate() - { - global $member, $manager, $CONF; - - $itemid = intRequestVar('itemid'); - $catid = postVar('catid'); - - // only allow if user is allowed to alter item - $member->canUpdateItem($itemid, $catid) or $this->disallow(); - - $actiontype = postVar('actiontype'); - - // delete actions are handled by itemdelete (which has confirmation) - if ( $actiontype == 'delete' ) - { - $this->action_itemdelete(); - return; - } - - $body = postVar('body'); - $title = postVar('title'); - $more = postVar('more'); - $closed = intPostVar('closed'); - $draftid = intPostVar('draftid'); - - // default action = add now - if ( !$actiontype ) - { - $actiontype='addnow'; - } - - // create new category if needed - if ( strstr($catid,'newcat') ) - { - // get blogid - list($blogid) = sscanf($catid,"newcat-%d"); - - // create - $blog =& $manager->getBlog($blogid); - $catid = $blog->createNewCategory(); - - // show error when sth goes wrong - if ( !$catid ) - { - $this->doError(_ERROR_CATCREATEFAIL); - } - } - - /* - set some variables based on actiontype - - actiontypes: - draft items -> addnow, addfuture, adddraft, delete - non-draft items -> edit, changedate, delete - - variables set: - $timestamp: set to a nonzero value for future dates or date changes - $wasdraft: set to 1 when the item used to be a draft item - $publish: set to 1 when the edited item is not a draft - */ - $blogid = getBlogIDFromItemID($itemid); - $blog =& $manager->getBlog($blogid); - - $wasdrafts = array('adddraft', 'addfuture', 'addnow'); - $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0; - $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0; - if ( $actiontype == 'addfuture' || $actiontype == 'changedate' ) - { - $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); - } - else - { - $timestamp =0; - } - - // edit the item for real - Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); - - $this->updateFuturePosted($blogid); - - if ( $draftid > 0 ) - { - // delete permission is checked inside Item::delete() - Item::delete($draftid); - } - - // show category edit window when we created a new category - // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') - if ( $catid != intPostVar('catid') ) - { - $this->action_categoryedit( - $catid, - $blog->getID(), - $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) - ); - } - else - { - // TODO: set start item correctly for itemlist - $item = Item::getItem($itemid, 0, 0); - $cnt = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']); - $_REQUEST['start'] = $cnt + 1; - $this->action_itemlist(getBlogIDFromItemID($itemid)); - } - } - - /** - * Admin::action_itemdelete() - * Delete item - * - * @param Void - * @return Void - */ - function action_itemdelete() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or $this->disallow(); - - if ( !$manager->existsItem($itemid,1,1) ) - { - $this->error(_ERROR_NOSUCHITEM); - } - - $this->pagehead(); - $this->parse('itemdelete'); - $this->pagefoot(); - return; - } - - /** - * @todo document this - */ - function action_itemdeleteconfirm() - { - global $member; - - $itemid = intRequestVar('itemid'); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or $this->disallow(); - - // get blogid first - $blogid = getBlogIdFromItemId($itemid); - - // delete item (note: some checks will be performed twice) - $this->deleteOneItem($itemid); - - $this->action_itemlist($blogid); - } - - /** - * Deletes one item and returns error if something goes wrong - * @param int $itemid - */ - function deleteOneItem($itemid) - { - global $member, $manager; - - // only allow if user is allowed to alter item (also checks if itemid exists) - if ( !$member->canAlterItem($itemid) ) - { - return _ERROR_DISALLOWED; - } - - // need to get blogid before the item is deleted - $blogid = getBlogIDFromItemId($itemid); - - $manager->loadClass('ITEM'); - Item::delete($itemid); - - // update blog's futureposted - $this->updateFuturePosted($blogid); - } - - /** - * Admin::updateFuturePosted() - * Update a blog's future posted flag - * - * @param integer $blogid - * @return void - * - */ - function updateFuturePosted($blogid) - { - global $manager; - - $blogid = intval($blogid); - $blog =& $manager->getBlog($blogid); - $currenttime = $blog->getCorrectTime(time()); - - $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'"; - $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime)); - $result = sql_query($query); - - if ( sql_num_rows($result) > 0 ) - { - $blog->setFuturePost(); - } - else - { - $blog->clearFuturePost(); - } - return; - } - - /** - * @todo document this - */ - function action_itemmove() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or $this->disallow(); - - $this->pagehead(); - $this->parse('itemmove'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_itemmoveto() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - $catid = requestVar('catid'); - - // create new category if needed - if ( strstr($catid,'newcat') ) - { - // get blogid - list($blogid) = sscanf($catid,'newcat-%d'); - - // create - $blog =& $manager->getBlog($blogid); - $catid = $blog->createNewCategory(); - - // show error when sth goes wrong - if ( !$catid ) - { - $this->doError(_ERROR_CATCREATEFAIL); - } - } - - // only allow if user is allowed to alter item - $member->canUpdateItem($itemid, $catid) or $this->disallow(); - - $old_blogid = getBlogIDFromItemId($itemid); - - Item::move($itemid, $catid); - - // set the futurePosted flag on the blog - $this->updateFuturePosted(getBlogIDFromItemId($itemid)); - - // reset the futurePosted in case the item is moved from one blog to another - $this->updateFuturePosted($old_blogid); - - if ( $catid != intRequestVar('catid') ) - { - $this->action_categoryedit($catid, $blog->getID()); - } - else - { - $this->action_itemlist(getBlogIDFromCatID($catid)); - } - } - - /** - * Moves one item to a given category (category existance should be checked by caller) - * errors are returned - * @param int $itemid - * @param int $destCatid category ID to which the item will be moved - */ - function moveOneItem($itemid, $destCatid) - { - global $member; - - // only allow if user is allowed to move item - if ( !$member->canUpdateItem($itemid, $destCatid) ) - { - return _ERROR_DISALLOWED; - } - - Item::move($itemid, $destCatid); - } - - /** - * Adds a item to the chosen blog - */ - function action_additem() - { - global $manager, $CONF; - - $manager->loadClass('ITEM'); - - $result = Item::createFromRequest(); - - if ( $result['status'] == 'error' ) - { - $this->error($result['message']); - } - - $blogid = getBlogIDFromItemID($result['itemid']); - $blog =& $manager->getBlog($blogid); - $btimestamp = $blog->getCorrectTime(); - $item = $manager->getItem(intval($result['itemid']), 1, 1); - - if ( $result['status'] == 'newcategory' ) - { - $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid)); - $this->action_categoryedit($result['catid'], $blogid, $distURI); - } - else - { - $methodName = 'action_itemList'; - call_user_func(array(&$this, $methodName), $blogid); - } - } - - /** - * Allows to edit previously made comments - **/ - function action_commentedit() - { - - global $member, $manager; - - $commentid = intRequestVar('commentid'); - - $member->canAlterComment($commentid) or $this->disallow(); - - $this->pagehead(); - $this->parse('commentedit'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_commentupdate() - { - global $member, $manager; - - $commentid = intRequestVar('commentid'); - - $member->canAlterComment($commentid) or $this->disallow(); - - $url = postVar('url'); - $email = postVar('email'); - $body = postVar('body'); - - # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 - # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE - # important note that '\' must be matched with '\\\\' in preg* expressions - - // intercept words that are too long - if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE) - { - $this->error(_ERROR_COMMENT_LONGWORD); - } - - // check length - if ( i18n::strlen($body) < 3 ) - { - $this->error(_ERROR_COMMENT_NOCOMMENT); - } - - if ( i18n::strlen($body) > 5000 ) - { - $this->error(_ERROR_COMMENT_TOOLONG); - } - - // prepare body - $body = Comment::prepareBody($body); - - // call plugins - $manager->notify( - 'PreUpdateComment', - array( - 'body' => &$body - ) - ); - - $query = 'UPDATE ' . sql_table('comment') - . " SET " - . " cmail = '" . sql_real_escape_string($url) . "'," - . " cemail = '" . sql_real_escape_string($email) . "'," - . " cbody = '" . sql_real_escape_string($body) . "'" - . " WHERE " - . " cnumber = " . $commentid; - sql_query($query); - - // get itemid - $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); - $o = sql_fetch_object($res); - $itemid = $o->citem; - - if ( $member->canAlterItem($itemid) ) - { - $this->action_itemcommentlist($itemid); - } - else - { - $this->action_browseowncomments(); - } - } - - /** - * Admin::action_commentdelete() - * Update comment - * - * @param Void - * @return Void - */ - function action_commentdelete() - { - global $member, $manager; - - $commentid = intRequestVar('commentid'); - $member->canAlterComment($commentid) or $this->disallow(); - - $this->pagehead(); - $this->parse('commentdelete'); - $this->pagefoot(); - return; - } - - /** - * @todo document this - */ - function action_commentdeleteconfirm() - { - global $member; - - $commentid = intRequestVar('commentid'); - - // get item id first - $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); - $o = sql_fetch_object($res); - $itemid = $o->citem; - - $error = $this->deleteOneComment($commentid); - if ( $error ) - { - $this->doError($error); - } - - if ( $member->canAlterItem($itemid) ) - { - $this->action_itemcommentlist($itemid); - } - else - { - $this->action_browseowncomments(); - } - } - - /** - * @todo document this - */ - function deleteOneComment($commentid) { - global $member, $manager; - - $commentid = intval($commentid); - - if ( !$member->canAlterComment($commentid) ) - { - return _ERROR_DISALLOWED; - } - - $manager->notify( - 'PreDeleteComment', - array( - 'commentid' => $commentid - ) - ); - - // delete the comments associated with the item - $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cnumber=' . $commentid; - sql_query($query); - - $manager->notify( - 'PostDeleteComment', - array( - 'commentid' => $commentid - ) - ); - - return ''; - } - - /** - * Usermanagement main - */ - function action_usermanagement() - { - global $member, $manager; - - // check if allowed - $member->isAdmin() or $this->disallow(); - - $this->pagehead(); - $this->parse('usermanagement'); - $this->pagefoot(); - } - - /** - * Edit member settings - */ - function action_memberedit() - { - $this->action_editmembersettings(intRequestVar('memberid')); - } - - /** - * @todo document this - */ - function action_editmembersettings($memberid = '') { - global $member, $manager, $CONF; - - if ( $memberid == '' ) - { - $memberid = $member->getID(); - } - $_REQUEST['memberid'] = $memberid; - - // check if allowed - ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - - $extrahead = ''; - $this->pagehead($extrahead); - $this->parse('editmembersettings'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_changemembersettings() { - global $member, $CONF, $manager; - - $memberid = intRequestVar('memberid'); - - // check if allowed - ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - - $name = trim(strip_tags(postVar('name'))); - $realname = trim(strip_tags(postVar('realname'))); - $password = postVar('password'); - $repeatpassword = postVar('repeatpassword'); - $email = strip_tags(postVar('email')); - $url = strip_tags(postVar('url')); - $adminskin = intPostVar('adminskin'); - - # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 - # original eregi: !eregi("^https?://", $url) - - // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. - if ( !preg_match('#^https?://#', $url) ) - { - $url = 'http://' . $url; - } - - $admin = postVar('admin'); - $canlogin = postVar('canlogin'); - $notes = strip_tags(postVar('notes')); - $locale = postVar('locale'); - - $mem = Member::createFromID($memberid); - - if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { - - if ( !isValidDisplayName($name) ) - { - $this->error(_ERROR_BADNAME); - } - - if ( ($name != $mem->getDisplayName()) && Member::exists($name) ) - { - $this->error(_ERROR_NICKNAMEINUSE); - } - - if ( $password != $repeatpassword ) - { - $this->error(_ERROR_PASSWORDMISMATCH); - } - - if ( $password && (i18n::strlen($password) < 6) ) - { - $this->error(_ERROR_PASSWORDTOOSHORT); - } - - if ( $password ) - { - $pwdvalid = true; - $pwderror = ''; - $manager->notify( - 'PrePasswordSet', - array( - 'password' => $password, - 'errormessage' => &$pwderror, - 'valid' => &$pwdvalid - ) - ); - if ( !$pwdvalid ) - { - $this->error($pwderror); - } - } - } - - if ( !NOTIFICATION::address_validation($email) ) - { - $this->error(_ERROR_BADMAILADDRESS); - } - if ( !$realname ) - { - $this->error(_ERROR_REALNAMEMISSING); - } - if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) ) - { - $this->error(_ERROR_NOSUCHTRANSLATION); - } - - // check if there will remain at least one site member with both the logon and admin rights - // (check occurs when taking away one of these rights from such a member) - if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) - || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) - ) - { - $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); - if ( sql_num_rows($r) < 2 ) - { - $this->error(_ERROR_ATLEASTONEADMIN); - } - } - - if ( $CONF['AllowLoginEdit'] || $member->isAdmin() ) - { - $mem->setDisplayName($name); - if ( $password ) - { - $mem->setPassword($password); - } - } - - $oldEmail = $mem->getEmail(); - - $mem->setRealName($realname); - $mem->setEmail($email); - $mem->setURL($url); - $mem->setNotes($notes); - $mem->setLocale($locale); - - - // only allow super-admins to make changes to the admin status - if ( $member->isAdmin() ) - { - $mem->setAdmin($admin); - $mem->setCanLogin($canlogin); - } - - $autosave = postVar('autosave'); - $mem->setAutosave($autosave); - - $mem->write(); - - // store plugin options - $aOptions = requestArray('plugoption'); - NucleusPlugin::apply_plugin_options($aOptions); - $manager->notify( - 'PostPluginOptionsUpdate', - array( - 'context' => 'member', - 'memberid' => $memberid, - 'member' => &$mem - ) - ); - - // if email changed, generate new password - if ( $oldEmail != $mem->getEmail() ) - { - $mem->sendActivationLink('addresschange', $oldEmail); - // logout member - $mem->newCookieKey(); - - // only log out if the member being edited is the current member. - if ( $member->getID() == $memberid ) - { - $member->logout(); - } - $this->action_login(_MSG_ACTIVATION_SENT, 0); - return; - } - - - if ( ( $mem->getID() == $member->getID() ) - && ( $mem->getDisplayName() != $member->getDisplayName() ) - ) - { - $mem->newCookieKey(); - $member->logout(); - $this->action_login(_MSG_LOGINAGAIN, 0); - } - else - { - $this->action_overview(_MSG_SETTINGSCHANGED); - } - } - - /** - * Admin::action_memberadd() - * - * @param void - * @return void - * - */ - function action_memberadd() - { - global $member, $manager; - - // check if allowed - $member->isAdmin() or $this->disallow(); - - if ( postVar('password') != postVar('repeatpassword') ) - { - $this->error(_ERROR_PASSWORDMISMATCH); - } - - if ( i18n::strlen(postVar('password')) < 6 ) - { - $this->error(_ERROR_PASSWORDTOOSHORT); - } - - $res = Member::create( - postVar('name'), - postVar('realname'), - postVar('password'), - postVar('email'), - postVar('url'), - postVar('admin'), - postVar('canlogin'), - postVar('notes') - ); - if ( $res != 1 ) - { - $this->error($res); - } - - // fire PostRegister event - $newmem = new Member(); - $newmem->readFromName(postVar('name')); - $manager->notify( - 'PostRegister', - array( - 'member' => &$newmem - ) - ); - - $this->action_usermanagement(); - return; - } - - /** - * Account activation - * - * @author dekarma - */ - function action_activate() - { - - $key = getVar('key'); - $this->_showActivationPage($key); - } - - /** - * @todo document this - */ - function _showActivationPage($key, $message = '') - { - global $manager; - - // clean up old activation keys - Member::cleanupActivationTable(); - - // get activation info - $info = Member::getActivationInfo($key); - - if ( !$info ) - { - $this->error(_ERROR_ACTIVATE); - } - - $mem = Member::createFromId($info->vmember); - - if ( !$mem ) - { - $this->error(_ERROR_ACTIVATE); - } - $_POST['ackey'] = $key; - $this->headMess = $message; - $_POST['bNeedsPasswordChange'] = true; - $this->pagehead(); - $this->parse('activate'); - $this->pagefoot(); - - } - - /** - * Account activation - set password part - * - * @author dekarma - */ - function action_activatesetpwd() - { - - $key = postVar('key'); - - // clean up old activation keys - Member::cleanupActivationTable(); - - // get activation info - $info = Member::getActivationInfo($key); - - if ( !$info || ($info->type == 'addresschange') ) - { - return $this->_showActivationPage($key, _ERROR_ACTIVATE); - } - - $mem = Member::createFromId($info->vmember); - - if ( !$mem ) - { - return $this->_showActivationPage($key, _ERROR_ACTIVATE); - } - - $password = postVar('password'); - $repeatpassword = postVar('repeatpassword'); - - if ( $password != $repeatpassword ) - { - return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); - } - - if ( $password && (i18n::strlen($password) < 6) ) - { - return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); - } - - if ( $password ) - { - $pwdvalid = true; - $pwderror = ''; - global $manager; - $manager->notify( - 'PrePasswordSet', - array( - 'password' => $password, - 'errormessage' => &$pwderror, - 'valid' => &$pwdvalid - ) - ); - if ( !$pwdvalid ) - { - return $this->_showActivationPage($key,$pwderror); - } - } - - $error = ''; - - $manager->notify( - 'ValidateForm', - array( - 'type' => 'activation', - 'member' => $mem, - 'error' => &$error - ) - ); - if ( $error != '' ) - { - return $this->_showActivationPage($key, $error); - } - - - // set password - $mem->setPassword($password); - $mem->write(); - - // do the activation - Member::activate($key); - - $this->pagehead(); - $this->parse('activatesetpwd'); - $this->pagefoot(); - } - - /** - * Manage team - */ - function action_manageteam() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->blogAdminRights($blogid) or $this->disallow(); - - $this->pagehead(); - $this->parse('manageteam'); - $this->pagefoot(); - } - - /** - * Add member to team - */ - function action_teamaddmember() - { - global $member, $manager; - - $memberid = intPostVar('memberid'); - $blogid = intPostVar('blogid'); - $admin = intPostVar('admin'); - - // check if allowed - $member->blogAdminRights($blogid) or $this->disallow(); - - $blog =& $manager->getBlog($blogid); - if ( !$blog->addTeamMember($memberid, $admin) ) - { - $this->error(_ERROR_ALREADYONTEAM); - } - - $this->action_manageteam(); - - } - - /** - * @todo document this - */ - function action_teamdelete() - { - global $member, $manager; - - $memberid = intRequestVar('memberid'); - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->blogAdminRights($blogid) or $this->disallow(); - - $teammem = Member::createFromID($memberid); - $blog =& $manager->getBlog($blogid); - - $this->pagehead(); - $this->parse('teamdelete'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_teamdeleteconfirm() - { - global $member; - - $memberid = intRequestVar('memberid'); - $blogid = intRequestVar('blogid'); - - $error = $this->deleteOneTeamMember($blogid, $memberid); - if ( $error ) - { - $this->error($error); - } - $this->action_manageteam(); - } - - /** - * @todo document this - */ - function deleteOneTeamMember($blogid, $memberid) - { - global $member, $manager; - - $blogid = intval($blogid); - $memberid = intval($memberid); - - // check if allowed - if ( !$member->blogAdminRights($blogid) ) - { - return _ERROR_DISALLOWED; - } - - // check if: - there remains at least one blog admin - // - (there remains at least one team member) - $tmem = Member::createFromID($memberid); - - $manager->notify( - 'PreDeleteTeamMember', - array( - 'member' => &$tmem, - 'blogid' => $blogid - ) - ); - - if ( $tmem->isBlogAdmin($blogid) ) - { - // check if there are more blog members left and at least one admin - // (check for at least two admins before deletion) - $query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid . ' and tadmin=1'; - $r = sql_query($query); - if ( sql_num_rows($r) < 2 ) - { - return _ERROR_ATLEASTONEBLOGADMIN; - } - } - - $query = 'DELETE FROM ' . sql_table('team') . " WHERE tblog=$blogid and tmember=$memberid"; - sql_query($query); - - $manager->notify( - 'PostDeleteTeamMember', - array( - 'member' => &$tmem, - 'blogid' => $blogid - ) - ); - - return ''; - } - - /** - * @todo document this - */ - function action_teamchangeadmin() - { - global $member; - - $blogid = intRequestVar('blogid'); - $memberid = intRequestVar('memberid'); - - // check if allowed - $member->blogAdminRights($blogid) or $this->disallow(); - - $mem = Member::createFromID($memberid); - - // don't allow when there is only one admin at this moment - if ( $mem->isBlogAdmin($blogid) ) - { - $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); - if ( sql_num_rows($r) == 1 ) - { - $this->error(_ERROR_ATLEASTONEBLOGADMIN); - } - } - - if ( $mem->isBlogAdmin($blogid) ) - { - $newval = 0; - } - else - { - $newval = 1; - } - - $query = 'UPDATE ' . sql_table('team') . " SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; - sql_query($query); - - // only show manageteam if member did not change its own admin privileges - if ( $member->isBlogAdmin($blogid) ) - { - $this->action_manageteam(); - } - else - { - $this->action_overview(_MSG_ADMINCHANGED); - } - } - - /** - * @todo document this - */ - function action_blogsettings() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->blogAdminRights($blogid) or $this->disallow(); - - $blog =& $manager->getBlog($blogid); - - $extrahead = ''; - $this->pagehead($extrahead); - $this->parse('blogsettings'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_categorynew() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or $this->disallow(); - - $cname = postVar('cname'); - $cdesc = postVar('cdesc'); - - if ( !isValidCategoryName($cname) ) - { - $this->error(_ERROR_BADCATEGORYNAME); - } - - $query = 'SELECT * FROM ' . sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname) . '\' and cblog=' . intval($blogid); - $res = sql_query($query); - if ( sql_num_rows($res) > 0 ) - { - $this->error(_ERROR_DUPCATEGORYNAME); - } - - $blog =& $manager->getBlog($blogid); - $newCatID = $blog->createNewCategory($cname, $cdesc); - - $this->action_blogsettings(); - } - - /** - * @todo document this - */ - function action_categoryedit($catid = '', $blogid = '', $desturl = '') - { - global $member, $manager; - - if ( $blogid == '' ) - { - $blogid = intGetVar('blogid'); - } - else - { - $blogid = intval($blogid); - } - if ( $catid == '' ) - { - $catid = intGetVar('catid'); - } - else - { - $catid = intval($catid); - } - $_REQUEST['blogid'] = $blogid; - $_REQUEST['catid'] = $catid; - $_REQUEST['desturl'] = $desturl; - $member->blogAdminRights($blogid) or $this->disallow(); - - $extrahead = ''; - $this->pagehead($extrahead); - $this->parse('categoryedit'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_categoryupdate() - { - global $member, $manager; - - $blogid = intPostVar('blogid'); - $catid = intPostVar('catid'); - $cname = postVar('cname'); - $cdesc = postVar('cdesc'); - $desturl = postVar('desturl'); - - $member->blogAdminRights($blogid) or $this->disallow(); - - if ( !isValidCategoryName($cname) ) - { - $this->error(_ERROR_BADCATEGORYNAME); - } - - $query = "SELECT *" - . " FROM " . sql_table('category') - . " WHERE cname='" . sql_real_escape_string($cname) . "'" - . " and cblog=" . intval($blogid) - . " and not(catid=" . intval($catid) . ")"; - $res = sql_query($query); - if ( sql_num_rows($res) > 0 ) - { - $this->error(_ERROR_DUPCATEGORYNAME); - } - - $query = 'UPDATE '.sql_table('category').' SET' - . " cname='" . sql_real_escape_string($cname) . "'," - . " cdesc='" . sql_real_escape_string($cdesc) . "'" - . " WHERE catid=" . intval($catid); - - sql_query($query); - - // store plugin options - $aOptions = requestArray('plugoption'); - NucleusPlugin::apply_plugin_options($aOptions); - $manager->notify( - 'PostPluginOptionsUpdate', - array( - 'context' => 'category', - 'catid' => $catid - ) - ); - - - if ( $desturl ) - { - redirect($desturl); - exit; - } - else - { - $this->action_blogsettings(); - } - } - - /** - * @todo document this - */ - function action_categorydelete() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - $catid = intRequestVar('catid'); - - $member->blogAdminRights($blogid) or $this->disallow(); - - $blog =& $manager->getBlog($blogid); - - // check if the category is valid - if ( !$blog->isValidCategory($catid) ) - { - $this->error(_ERROR_NOSUCHCATEGORY); - } - - // don't allow deletion of default category - if ( $blog->getDefaultCategory() == $catid ) - { - $this->error(_ERROR_DELETEDEFCATEGORY); - } - - // check if catid is the only category left for blogid - $query = 'SELECT catid FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid; - $res = sql_query($query); - if ( sql_num_rows($res) == 1 ) - { - $this->error(_ERROR_DELETELASTCATEGORY); - } - - - $this->pagehead(); - $this->parse('categorydelete'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_categorydeleteconfirm() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - $catid = intRequestVar('catid'); - - $member->blogAdminRights($blogid) or $this->disallow(); - - $error = $this->deleteOneCategory($catid); - if ( $error ) - { - $this->error($error); - } - - $this->action_blogsettings(); - } - - /** - * Admin::deleteOneCategory() - * Delete a category by its id - * - * @param String $catid category id for deleting - * @return Void - */ - function deleteOneCategory($catid) - { - global $manager, $member; - - $catid = intval($catid); - $blogid = getBlogIDFromCatID($catid); - - if ( !$member->blogAdminRights($blogid) ) - { - return ERROR_DISALLOWED; - } - - // get blog - $blog =& $manager->getBlog($blogid); - - // check if the category is valid - if ( !$blog || !$blog->isValidCategory($catid) ) - { - return _ERROR_NOSUCHCATEGORY; - } - - $destcatid = $blog->getDefaultCategory(); - - // don't allow deletion of default category - if ( $blog->getDefaultCategory() == $catid ) - { - return _ERROR_DELETEDEFCATEGORY; - } - - // check if catid is the only category left for blogid - $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; - $res = sql_query($query); - if ( sql_num_rows($res) == 1 ) - { - return _ERROR_DELETELASTCATEGORY; - } - - $manager->notify( - 'PreDeleteCategory', - array( - 'catid' => $catid - ) - ); - - // change category for all items to the default category - $query = 'UPDATE ' . sql_table('item') . " SET icat=$destcatid WHERE icat=$catid"; - sql_query($query); - - // delete all associated plugin options - NucleusPlugin::delete_option_values('category', $catid); - - // delete category - $query = 'DELETE FROM ' . sql_table('category') . ' WHERE catid=' . $catid; - sql_query($query); - - $manager->notify( - 'PostDeleteCategory', - array( - 'catid' => $catid - ) - ); - return; - } - - /** - * Admin::action_blogsettingsupdate - * Updating blog settings - * - * @param Void - * @return Void - */ - function action_blogsettingsupdate() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or $this->disallow(); - - $blog =& $manager->getBlog($blogid); - - $notify_address = trim(postVar('notify')); - $shortname = trim(postVar('shortname')); - $updatefile = trim(postVar('update')); - - $notifyComment = intPostVar('notifyComment'); - $notifyVote = intPostVar('notifyVote'); - $notifyNewItem = intPostVar('notifyNewItem'); - - if ( $notifyComment == 0 ) - { - $notifyComment = 1; - } - if ( $notifyVote == 0 ) - { - $notifyVote = 1; - } - if ( $notifyNewItem == 0 ) - { - $notifyNewItem = 1; - } - $notifyType = $notifyComment * $notifyVote * $notifyNewItem; - - if ( $notify_address && !NOTIFICATION::address_validation($notify_address) ) - { - $this->error(_ERROR_BADNOTIFY); - } - - if ( !isValidShortName($shortname) ) - { - $this->error(_ERROR_BADSHORTBLOGNAME); - } - - if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) ) - { - $this->error(_ERROR_DUPSHORTBLOGNAME); - } - // check if update file is writable - if ( $updatefile && !is_writeable($updatefile) ) - { - $this->error(_ERROR_UPDATEFILE); - } - - $blog->setName(trim(postVar('name'))); - $blog->setShortName($shortname); - $blog->setNotifyAddress($notify_address); - $blog->setNotifyType($notifyType); - $blog->setMaxComments(postVar('maxcomments')); - $blog->setCommentsEnabled(postVar('comments')); - $blog->setTimeOffset(postVar('timeoffset')); - $blog->setUpdateFile($updatefile); - $blog->setURL(trim(postVar('url'))); - $blog->setDefaultSkin(intPostVar('defskin')); - $blog->setDescription(trim(postVar('desc'))); - $blog->setPublic(postVar('public')); - $blog->setConvertBreaks(intPostVar('convertbreaks')); - $blog->setAllowPastPosting(intPostVar('allowpastposting')); - $blog->setDefaultCategory(intPostVar('defcat')); - $blog->setSearchable(intPostVar('searchable')); - $blog->setEmailRequired(intPostVar('reqemail')); - $blog->writeSettings(); - - // store plugin options - $aOptions = requestArray('plugoption'); - NucleusPlugin::apply_plugin_options($aOptions); - $manager->notify( - 'PostPluginOptionsUpdate', - array( - 'context' => 'blog', - 'blogid' => $blogid, - 'blog' => &$blog - ) - ); - - $this->action_overview(_MSG_SETTINGSCHANGED); - return; - } - - /** - * @todo document this - */ - function action_deleteblog() - { - global $member, $CONF, $manager; - - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or $this->disallow(); - - // check if blog is default blog - if ( $CONF['DefaultBlog'] == $blogid ) - { - $this->error(_ERROR_DELDEFBLOG); - } - - $blog =& $manager->getBlog($blogid); - - $this->pagehead(); - $this->parse('deleteblog'); - $this->pagefoot(); - } - - /** - * Admin::action_deleteblogconfirm() - * Delete Blog - * - * @param Void - * @return Void - */ - function action_deleteblogconfirm() - { - global $member, $CONF, $manager; - - $blogid = intRequestVar('blogid'); - $manager->notify( - 'PreDeleteBlog', - array( - 'blogid' => $blogid - ) - ); - $member->blogAdminRights($blogid) or $this->disallow(); - - // check if blog is default blog - if ( $CONF['DefaultBlog'] == $blogid ) - { - $this->error(_ERROR_DELDEFBLOG); - } - - // delete all comments - $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid; - sql_query($query); - - // delete all items - $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid; - sql_query($query); - - // delete all team members - $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid; - sql_query($query); - - // delete all bans - $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid; - sql_query($query); - - // delete all categories - $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid; - sql_query($query); - - // delete all associated plugin options - NucleusPlugin::delete_option_values('blog', $blogid); - - // delete the blog itself - $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid; - sql_query($query); - - $manager->notify( - 'PostDeleteBlog', - array( - 'blogid' => $blogid - ) - ); - - $this->action_overview(_DELETED_BLOG); - return; - } - - /** - * @todo document this - */ - function action_memberdelete() - { - global $member, $manager; - - $memberid = intRequestVar('memberid'); - - ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - - $mem = Member::createFromID($memberid); - - $this->pagehead(); - $this->parse('memberdelete'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_memberdeleteconfirm() - { - global $member; - - $memberid = intRequestVar('memberid'); - - ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); - - $error = $this->deleteOneMember($memberid); - if ( $error ) - { - $this->error($error); - } - - if ( $member->isAdmin() ) - { - $this->action_usermanagement(); - } - else - { - $this->action_overview(_DELETED_MEMBER); - } - } - - /** - * Admin::deleteOneMember() - * Delete a member by id - * - * @static - * @params Integer $memberid member id - * @return String null string or error messages - */ - function deleteOneMember($memberid) - { - global $manager; - - $memberid = intval($memberid); - $mem = Member::createFromID($memberid); - - if ( !$mem->canBeDeleted() ) - { - return _ERROR_DELETEMEMBER; - } - - $manager->notify( - 'PreDeleteMember', - array( - 'member' => &$mem - ) - ); - - /* unlink comments from memberid */ - if ( $memberid ) - { - $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d"; - $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid); - sql_query($query); - } - - $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid; - sql_query($query); - - $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid; - sql_query($query); - - $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid; - sql_query($query); - - // delete all associated plugin options - NucleusPlugin::delete_option_values('member', $memberid); - - $manager->notify( - 'PostDeleteMember', - array( - 'member' => &$mem - ) - ); - - return ''; - } - - /** - * @todo document this - */ - function action_createnewlog() - { - global $member, $CONF, $manager; - - // Only Super-Admins can do this - $member->isAdmin() or $this->disallow(); - - $this->pagehead(); - $this->parse('createnewlog'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_addnewlog() - { - global $member, $manager, $CONF; - - // Only Super-Admins can do this - $member->isAdmin() or $this->disallow(); - - $bname = trim(postVar('name')); - $bshortname = trim(postVar('shortname')); - $btimeoffset = postVar('timeoffset'); - $bdesc = trim(postVar('desc')); - $bdefskin = postVar('defskin'); - - if ( !isValidShortName($bshortname) ) - { - $this->error(_ERROR_BADSHORTBLOGNAME); - } - - if ( $manager->existsBlog($bshortname) ) - { - $this->error(_ERROR_DUPSHORTBLOGNAME); - } - - $manager->notify( - 'PreAddBlog', - array( - 'name' => &$bname, - 'shortname' => &$bshortname, - 'timeoffset' => &$btimeoffset, - 'description' => &$bdesc, - 'defaultskin' => &$bdefskin - ) - ); - - - // add slashes for sql queries - $bname = sql_real_escape_string($bname); - $bshortname = sql_real_escape_string($bshortname); - $btimeoffset = sql_real_escape_string($btimeoffset); - $bdesc = sql_real_escape_string($bdesc); - $bdefskin = sql_real_escape_string($bdefskin); - - // create blog - $query = 'INSERT ' - . 'INTO ' - . sql_table('blog') - . '(' - . ' bname, ' - . ' bshortname, ' - . ' bdesc, ' - . ' btimeoffset, ' - . ' bdefskin' - . ') VALUES (' - . "'" . $bname . "'," - . "'" . $bshortname . "'," - . "'" . $bdesc . "'," - . "'" . $btimeoffset . "'," - . "'" . $bdefskin . "'" - . ")"; - sql_query($query); - $blogid = sql_insert_id(); - $blog =& $manager->getBlog($blogid); - - // create new category - $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General'); - $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories'); - $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")'; - sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc)); - $catid = sql_insert_id(); - - // set as default category - $blog->setDefaultCategory($catid); - $blog->writeSettings(); - - // create team member - $memberid = $member->getID(); - $query = 'INSERT ' - . 'INTO ' - . sql_table('team') - . '(' - . ' tmember, ' - . ' tblog, ' - . ' tadmin' - . ') VALUES (' - . '%d, ' - . '%d, ' - . ' 1' - . ')'; - sql_query(sprintf($query), $memberid, $blogid); - - $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); - $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); - - $blog->additem( - $blog->getDefaultCategory(), - $itemdeftitle,$itemdefbody, - '', - $blogid, - $memberid, - $blog->getCorrectTime(), - 0, - 0, - 0 - ); - $manager->notify( - 'PostAddBlog', - array( - 'blog' => &$blog - ) - ); - - $manager->notify( - 'PostAddCategory', - array( - 'blog' => &$blog, - 'name' => _EBLOGDEFAULTCATEGORY_NAME, - 'description' => _EBLOGDEFAULTCATEGORY_DESC, - 'catid' => $catid - ) - ); - - $_REQUEST['blogid'] = $blogid; - $_REQUEST['catid'] = $catid; - $this->pagehead(); - $this->parse('addnewlog'); - $this->pagefoot(); - } - - /** - * @todo document this - */ - function action_addnewlog2() - { - global $member, $manager; - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or $this->disallow(); - - $burl = requestVar('url'); - - $blog =& $manager->getBlog($blogid); - $blog->setURL(trim($burl)); - $blog->writeSettings(); - - $this->action_overview(_MSG_NEWBLOG); - } - - /** - * @todo document this - */ - function action_skinieoverview() - { - global $member, $DIR_LIBS, $manager; - - $member->isAdmin() or $this->disallow(); - - // load skinie class - include_once($DIR_LIBS . 'skinie.php'); - - $this->pagehead(); - $this->parse('skinieoverview'); - $this->pagefoot(); - - } - - /** - * @todo document this - */ - function action_skinieimport() { - global $member, $DIR_LIBS, $DIR_SKINS, $manager; - - $member->isAdmin() or $this->disallow(); - - // load skinie class - include_once($DIR_LIBS . 'skinie.php'); - - $skinFileRaw= postVar('skinfile'); - $mode = postVar('mode'); - - $importer = new SkinImport(); - - // get full filename - if ($mode == 'file') - { - $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; - - // backwards compatibilty (in v2.0, exports were saved as skindata.xml) - if (!file_exists($skinFile)) - $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; - } else { - $skinFile = $skinFileRaw; - } - - // read only metadata - $error = $importer->readFile($skinFile, 1); - - // clashes - $skinNameClashes = $importer->checkSkinNameClashes(); - $templateNameClashes = $importer->checkTemplateNameClashes(); - $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); - - if ($error) $this->error($error); - - $this->pagehead(); - - echo '
'; - ?> - - -getInfo())?>
'._AND.' ',$importer->getSkinNames())?>
'._AND.' ',$importer->getTemplateNames())?>
'._AND.' ',$skinNameClashes)?>
'._AND.' ',$templateNameClashes)?>
getInfo())?>
'._AND.' ',$importer->getSkinNames())?>
'._AND.' ',$importer->getTemplateNames())?>
- () -
- -- () -
- - - pagefoot(); - } - - /** - * @todo document this - */ - function action_templatedeleteconfirm() { - global $member, $manager; - - $templateid = intRequestVar('templateid'); - - $member->isAdmin() or $this->disallow(); - - $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); - - // 1. delete description - sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); - - // 2. delete parts - sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); - - $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); - - $this->action_templateoverview(); - } - - /** - * @todo document this - */ - function action_templatenew() { - global $member; - - $member->isAdmin() or $this->disallow(); - - $name = postVar('name'); - $desc = postVar('desc'); - - if (!isValidTemplateName($name)) - $this->error(_ERROR_BADTEMPLATENAME); - - if (Template::exists($name)) - $this->error(_ERROR_DUPTEMPLATENAME); - - $newTemplateId = Template::createNew($name, $desc); - - $this->action_templateoverview(); - } - - /** - * @todo document this - */ - function action_templateclone() { - global $member; - - $templateid = intRequestVar('templateid'); - - $member->isAdmin() or $this->disallow(); - - // 1. read old template - $name = Template::getNameFromId($templateid); - $desc = Template::getDesc($templateid); - - // 2. create desc thing - $name = "cloned" . $name; - - // if a template with that name already exists: - if (Template::exists($name)) { - $i = 1; - while (Template::exists($name . $i)) - $i++; - $name .= $i; - } - - $newid = Template::createNew($name, $desc); - - // 3. create clone - // go through parts of old template and add them to the new one - $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); - while ($o = sql_fetch_object($res)) { - $this->addToTemplate($newid, $o->tpartname, $o->tcontent); - } - - $this->action_templateoverview(); - } - - /** - * @todo document this - */ - function action_skinoverview() { - global $member, $manager; - - $member->isAdmin() or $this->disallow(); - - $this->pagehead(); - - echo ''; - - echo '- () -
-- () -
- - - pagefoot(); - } - - /** - * @todo document this - */ - function action_skindeleteconfirm() { - global $member, $CONF, $manager; - - $skinid = intRequestVar('skinid'); - - $member->isAdmin() or $this->disallow(); - - // don't allow default skin to be deleted - if ($skinid == $CONF['BaseSkin']) - $this->error(_ERROR_DEFAULTSKIN); - - // don't allow deletion of default skins for blogs - $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; - $r = sql_query($query); - if ($o = sql_fetch_object($r)) - $this->error(_ERROR_SKINDEFDELETE .$o->bname); - - $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); - - // 1. delete description - sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); - - // 2. delete parts - sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); - - $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); - - $this->action_skinoverview(); - } - - /** - * @todo document this - */ - function action_skinremovetype() { - global $member, $manager, $CONF; - - $skinid = intRequestVar('skinid'); - $skintype = requestVar('type'); - - if (!isValidShortName($skintype)) { - $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); - } - - $member->isAdmin() or $this->disallow(); - - // don't allow default skinparts to be deleted - if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { - $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); - } - - $this->pagehead(); - - $skin = new SKIN($skinid); - $name = $skin->getName(); - $desc = $skin->getDescription(); - - ?> - - -- () () -
- - - pagefoot(); - } - - /** - * @todo document this - */ - function action_skinremovetypeconfirm() { - global $member, $CONF, $manager; - - $skinid = intRequestVar('skinid'); - $skintype = requestVar('type'); - - if (!isValidShortName($skintype)) { - $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); - } - - $member->isAdmin() or $this->disallow(); - - // don't allow default skinparts to be deleted - if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { - $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); - } - - $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); - - // delete part - sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\''); - - $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); - - $this->action_skinedit(); - } - - /** - * @todo document this - */ - function action_skinclone() { - global $member; - - $skinid = intRequestVar('skinid'); - - $member->isAdmin() or $this->disallow(); - - // 1. read skin to clone - $skin = new SKIN($skinid); - - $name = "clone_" . $skin->getName(); - - // if a skin with that name already exists: - if (SKIN::exists($name)) { - $i = 1; - while (SKIN::exists($name . $i)) - $i++; - $name .= $i; - } - - // 2. create skin desc - $newid = SKIN::createNew( - $name, - $skin->getDescription(), - $skin->getContentType(), - $skin->getIncludeMode(), - $skin->getIncludePrefix() - ); - - - // 3. clone - /* - $this->skinclonetype($skin, $newid, 'index'); - $this->skinclonetype($skin, $newid, 'item'); - $this->skinclonetype($skin, $newid, 'archivelist'); - $this->skinclonetype($skin, $newid, 'archive'); - $this->skinclonetype($skin, $newid, 'search'); - $this->skinclonetype($skin, $newid, 'error'); - $this->skinclonetype($skin, $newid, 'member'); - $this->skinclonetype($skin, $newid, 'imagepopup'); - */ - - $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid; - $res = sql_query($query); - while ($row = sql_fetch_assoc($res)) { - $this->skinclonetype($skin, $newid, $row['stype']); - } - - $this->action_skinoverview(); - - } - - /** - * Admin::skinclonetype() - * - * @param String $skin Skin object - * @param Integer $newid ID for this clone - * @param String $type type of skin - * @return Void - */ - function skinclonetype($skin, $newid, $type) - { - $newid = intval($newid); - $content = $skin->getContent($type); - - if ( $content ) - { - $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')"; - $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type); - sql_query($query); - } - return; - } - - /** - * Admin::action_settingsedit() - * - * @param Void - * @return Void - */ - function action_settingsedit() { - global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; - - $member->isAdmin() or $this->disallow(); - - $this->pagehead(); - - echo ''; - ?> - - - - - - ',_PLUGINS_EXTRA,''; - - $manager->notify( - 'GeneralSettingsFormExtras', - array() - ); - - $this->pagefoot(); - } - - /** - * Admin::action_settingsupdate() - * Update $CONFIG and redirect - * - * @param void - * @return void - */ - function action_settingsupdate() { - global $member, $CONF; - - $member->isAdmin() or $this->disallow(); - - // check if email address for admin is valid - if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) ) - { - $this->error(_ERROR_BADMAILADDRESS); - } - - // save settings - $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); - $this->updateConfig('BaseSkin', postVar('BaseSkin')); - $this->updateConfig('IndexURL', postVar('IndexURL')); - $this->updateConfig('AdminURL', postVar('AdminURL')); - $this->updateConfig('PluginURL', postVar('PluginURL')); - $this->updateConfig('SkinsURL', postVar('SkinsURL')); - $this->updateConfig('ActionURL', postVar('ActionURL')); - $this->updateConfig('Locale', postVar('Locale')); - $this->updateConfig('AdminEmail', postVar('AdminEmail')); - $this->updateConfig('SessionCookie', postVar('SessionCookie')); - $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); - $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); - $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); - $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); - $this->updateConfig('SiteName', postVar('SiteName')); - $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon')); - $this->updateConfig('DisableSite', postVar('DisableSite')); - $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); - $this->updateConfig('LastVisit', postVar('LastVisit')); - $this->updateConfig('MediaURL', postVar('MediaURL')); - $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); - $this->updateConfig('AllowUpload', postVar('AllowUpload')); - $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); - $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); - $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); - $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); - $this->updateConfig('CookieDomain', postVar('CookieDomain')); - $this->updateConfig('CookiePath', postVar('CookiePath')); - $this->updateConfig('CookieSecure', postVar('CookieSecure')); - $this->updateConfig('URLMode', postVar('URLMode')); - $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); - $this->updateConfig('DebugVars', postVar('DebugVars')); - $this->updateConfig('DefaultListSize', postVar('DefaultListSize')); - $this->updateConfig('AdminCSS', postVar('AdminCSS')); - - // load new config and redirect (this way, the new locale will be used is necessary) - // note that when changing cookie settings, this redirect might cause the user - // to have to log in again. - getConfig(); - redirect($CONF['AdminURL'] . '?action=manage'); - exit; - } - - /** - * Admin::action_systemoverview() - * Output system overview - * - * @param void - * @return void - */ - function action_systemoverview() - { - global $member, $nucleus, $CONF; - - $this->pagehead(); - - echo '' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . " | \n"; - echo "|
---|---|
' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . " | \n"; - echo '' . phpversion() . " | \n"; - echo "
' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . " | \n"; - echo '' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . " | \n"; - echo "
' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . " | \n"; - echo "|
---|---|
magic_quotes_gpc' . " | \n"; - $mqg = get_magic_quotes_gpc() ? 'On' : 'Off'; - echo '' . $mqg . " | \n"; - echo "
magic_quotes_runtime' . " | \n"; - $mqr = get_magic_quotes_runtime() ? 'On' : 'Off'; - echo '' . $mqr . " | \n"; - echo "
register_globals' . " | \n"; - $rg = ini_get('register_globals') ? 'On' : 'Off'; - echo '' . $rg . " | \n"; - echo "
' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . " | \n"; - echo "|
---|---|
' . $key . " | \n"; - echo '' . $value . " | \n"; - echo "
' . _ADMIN_SYSTEMOVERVIEW_MODULES . " | \n"; - echo "|
---|---|
mod_rewrite' . " | \n"; - $modrewrite = (strstr($im, 'mod_rewrite') != '') ? - _ADMIN_SYSTEMOVERVIEW_ENABLE : - _ADMIN_SYSTEMOVERVIEW_DISABLE; - echo '' . $modrewrite . " | \n"; - echo "
Nucleus CMS' . " | \n"; - echo "|
---|---|
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . " | \n"; - echo '' . $nv . " | \n"; - echo "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . " | \n"; - echo '' . $np . " | \n"; - echo "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . " | \n"; - echo "|
---|---|
' . '$CONF[' . "'Self'] | \n"; - echo '' . $CONF['Self'] . " | \n"; - echo "
' . '$CONF[' . "'ItemURL'] | \n"; - echo '' . $CONF['ItemURL'] . " | \n"; - echo "
' . '$CONF[' . "'alertOnHeadersSent'] | \n"; - $ohs = $CONF['alertOnHeadersSent'] ? - _ADMIN_SYSTEMOVERVIEW_ENABLE : - _ADMIN_SYSTEMOVERVIEW_DISABLE; - echo '' . $ohs . " | \n"; - echo "
i18n::get_current_charset() | \n"; - echo '' . i18n::get_current_charset() . " | \n"; - echo "