4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2013 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
13 * Actions that can be called via action.php
20 * Constructor for an new ACTION object
29 * Calls functions that handle an action called from action.php
31 function doAction($action)
\r
36 return $this->autoDraft();
\r
39 case 'updateticket':
\r
40 return $this->updateTicket();
\r
44 return $this->addComment();
\r
48 return $this->sendMessage();
\r
51 case 'createaccount':
\r
52 return $this->createAccount();
\r
55 case 'forgotpassword':
\r
56 return $this->forgotPassword();
\r
59 case 'votepositive':
\r
60 return $this->doKarma('pos');
\r
63 case 'votenegative':
\r
64 return $this->doKarma('neg');
\r
68 return $this->callPlugin();
\r
72 doError(_ERROR_BADACTION);
\r
79 * Adds a new comment to an item (if IP isn't banned)
81 function addComment()
\r
83 global $CONF, $errormessage, $manager;
\r
85 $post['itemid'] = intPostVar('itemid');
\r
86 $post['user'] = postVar('user');
\r
87 $post['userid'] = postVar('userid');
\r
88 $post['email'] = postVar('email');
\r
89 $post['body'] = postVar('body');
\r
90 $post['remember'] = intPostVar('remember');
92 // set cookies when required
93 #$remember = intPostVar('remember');
95 // begin if: "Remember Me" box checked
\r
96 if ( $post['remember'] == 1 )
\r
98 $lifetime = time() + 2592000;
\r
99 setcookie($CONF['CookiePrefix'] . 'comment_user', $post['user'], $lifetime, '/', '', 0);
\r
100 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'], $lifetime, '/', '', 0);
\r
101 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime, '/', '', 0);
\r
104 $comments = new COMMENTS($post['itemid']);
106 $blog_id = getBlogIDFromItemID($post['itemid']);
\r
107 $this->checkban($blog_id);
\r
108 $blog =& $manager->getBlog($blog_id);
110 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
111 $errormessage = $comments->addComment($blog->getCorrectTime(), $post);
114 if ( $errormessage == '1' )
\r
116 // redirect when adding comments succeeded
117 if ( postVar('url') )
\r
119 redirect(postVar('url') );
\r
123 $url = createItemLink($post['itemid']);
128 // else, show error message using default skin for blog
\r
132 'message' => $errormessage,
\r
133 'skinid' => $blog->getDefaultSkin()
142 * Sends a message from the current member to the member given as argument
144 function sendMessage()
\r
146 global $CONF, $member;
148 $error = $this->validateMessage();
150 if ( $error != '' )
\r
152 return array('message' => $error);
155 if ( !$member->isLoggedIn() )
\r
157 $fromMail = postVar('frommail');
158 $fromName = _MMAIL_FROMANON;
162 $fromMail = $member->getEmail();
163 $fromName = $member->getDisplayName();
166 $tomem = new MEMBER();
167 $tomem->readFromId(postVar('memberid') );
169 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
170 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
171 . _MMAIL_MAIL . " \n\n"
172 . postVar('message');
173 $message .= getMailFooter();
175 $title = _MMAIL_TITLE . ' ' . $fromName;
177 mb_internal_encoding(_CHARSET);
178 @mb_send_mail($tomem->getEmail(), $title, $message, "From: ". $fromMail);
180 if ( postVar('url') )
\r
182 redirect(postVar('url') );
\r
186 $CONF['MemberURL'] = $CONF['IndexURL'];
188 if ( $CONF['URLMode'] == 'pathinfo' )
190 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName() ) );
194 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID());
205 * Checks if a mail to a member is allowed
206 * Returns a string with the error message if the mail is disallowed
208 function validateMessage()
\r
210 global $CONF, $member, $manager;
212 if ( !$CONF['AllowMemberMail'] )
\r
214 return _ERROR_MEMBERMAILDISABLED;
217 if ( !$member->isLoggedIn() && !$CONF['NonmemberMail'] )
\r
219 return _ERROR_DISALLOWED;
\r
222 if ( !$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail') ) ) )
\r
224 return _ERROR_BADMAILADDRESS;
\r
227 // let plugins do verification (any plugin which thinks the comment is invalid
228 // can change 'error' to something other than '')
231 'type' => 'membermail',
234 $manager->notify('ValidateForm', $param);
242 * Creates a new user account
244 function createAccount()
\r
246 global $CONF, $manager;
248 if ( !$CONF['AllowMemberCreate'] )
\r
250 doError(_ERROR_MEMBERCREATEDISABLED);
\r
253 // evaluate content from FormExtra
256 'type' => 'membermail',
259 $manager->notify('ValidateForm', $param);
261 if ( $result != 1 )
\r
268 // even though the member can not log in, set some random initial password. One never knows.
269 srand( (double) microtime() * 1000000);
\r
270 $initialPwd = md5(uniqid(rand(), TRUE) );
272 // create member (non admin/can not login/no notes/random string as password)
273 $name = shorten(postVar('name'), 32, '');
274 $r = MEMBER::create($name, postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
281 // send message containing password.
282 $newmem = new MEMBER();
283 $newmem->readFromName($name);
284 $newmem->sendActivationLink('register');
286 $param = array('member' => &$newmem);
287 $manager->notify('PostRegister', $param);
289 if ( postVar('desturl') )
\r
291 redirect(postVar('desturl') );
\r
295 // header has been already sent, so deleted the line below
296 sendContentType('text/html', '', _CHARSET);
297 echo _MSG_ACTIVATION_SENT;
298 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
299 echo "\n</body>\n</html>";
309 * Sends a new password
311 function forgotPassword()
\r
313 $membername = trim(postVar('name') );
315 if ( !MEMBER::exists($membername) )
\r
317 doError(_ERROR_NOSUCHMEMBER);
\r
320 $mem = MEMBER::createFromName($membername);
322 /* below keeps regular users from resetting passwords using forgot password feature
323 Removing for now until clear why it is required.*/
324 /*if (!$mem->canLogin())
325 doError(_ERROR_NOLOGON_NOACTIVATE);*/
327 // check if e-mail address is correct
328 if ( !($mem->getEmail() == postVar('email') ) )
\r
330 doError(_ERROR_INCORRECTEMAIL);
\r
333 // send activation link
334 $mem->sendActivationLink('forgot');
336 if ( postVar('url') )
\r
338 redirect(postVar('url') );
\r
342 // header ("Content-Type: text/html; charset="._CHARSET);
343 sendContentType('text/html', '', _CHARSET);
344 echo _MSG_ACTIVATION_SENT;
345 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
355 function doKarma($type)
\r
357 global $itemid, $member, $CONF, $manager;
359 // check if itemid exists
360 if ( !$manager->existsItem($itemid, 0, 0) )
\r
362 doError(_ERROR_NOSUCHITEM);
\r
365 $blogid = getBlogIDFromItemID($itemid);
366 $this->checkban($blogid);
368 $karma =& $manager->getKarma($itemid);
370 // check if not already voted
371 if ( !$karma->isVoteAllowed(serverVar('REMOTE_ADDR') ) )
\r
373 doError(_ERROR_VOTEDBEFORE);
\r
376 // check if item does allow voting
377 $item =& $manager->getItem($itemid, 0, 0);
\r
379 if ( $item['closed'] )
\r
381 doError(_ERROR_ITEMCLOSED);
\r
387 $karma->votePositive();
\r
391 $karma->voteNegative();
\r
395 // $blogid = getBlogIDFromItemID($itemid);
396 $blog =& $manager->getBlog($blogid);
398 // send email to notification address, if any
399 if ( $blog->getNotifyAddress() && $blog->notifyOnVote() )
\r
402 $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
403 $itemLink = createItemLink(intval($itemid) );
404 $temp = parse_url($itemLink);
406 if ( !$temp['scheme'] )
\r
408 $itemLink = $CONF['IndexURL'] . $itemLink;
411 $mailto_msg .= $itemLink . "\n\n";
413 if ( $member->isLoggedIn() )
\r
415 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
418 $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
419 $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
420 $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
421 $mailto_msg .= getMailFooter();
423 $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
425 $frommail = $member->getNotifyFromMailAddress();
427 $notify = new NOTIFICATION($blog->getNotifyAddress() );
\r
428 $notify->notify($mailto_title, $mailto_msg, $frommail);
431 $refererUrl = serverVar('HTTP_REFERER');
439 // $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid;
449 * Calls a plugin action
451 function callPlugin()
\r
455 $pluginName = 'NP_' . requestVar('name');
456 $actionType = requestVar('type');
458 // 1: check if plugin is installed
459 if ( !$manager->pluginInstalled($pluginName) )
\r
461 doError(_ERROR_NOSUCHPLUGIN);
465 $pluginObject =& $manager->getPlugin($pluginName);
467 if ( $pluginObject )
\r
469 $error = $pluginObject->doAction($actionType);
473 $error = 'Could not load plugin (see actionlog)';
476 // doAction returns error when:
477 // - an error occurred (duh)
478 // - no actions are allowed (doAction is not implemented)
490 * Checks if an IP or IP range is banned
492 function checkban($blogid)
\r
495 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR') );
\r
499 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
508 function updateTicket()
\r
512 if ( $manager->checkTicket() )
\r
514 echo $manager->getNewTicket();
518 echo _ERROR . ':' . _ERROR_BADTICKET;
526 * Handles AutoSaveDraft
528 function autoDraft()
\r
532 if ( $manager->checkTicket() )
\r
534 $manager->loadClass('ITEM');
535 $info = ITEM::createDraftFromRequest();
537 if ( $info['status'] == 'error' )
\r
539 echo $info['message'];
543 echo $info['draftid'];
548 echo _ERROR . ':' . _ERROR_BADTICKET;