OSDN Git Service

(root) / nucleus-jp / nucleus-jp-ancient.git / blob
? search:


90c20d3b3c12980f4f17a54781b9c67f05a9f9c5
[nucleus-jp/nucleus-jp-ancient.git] / nucleus / libs / ADMIN.php
1 <?php\r
2 /*\r
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
4  * Copyright (C) 2002-2012 The Nucleus Group\r
5  *\r
6  * This program is free software; you can redistribute it and/or\r
7  * modify it under the terms of the GNU General Public License\r
8  * as published by the Free Software Foundation; either version 2\r
9  * of the License, or (at your option) any later version.\r
10  * (see nucleus/documentation/index.html#license for more info)\r
11  *\r
12  * The code for the Nucleus admin area\r
13  */\r
14 \r
15 if ( !function_exists('requestVar') ) exit;\r
16 require_once dirname(__FILE__) . '/showlist.php';\r
17 \r
18 /**\r
19  * Builds the admin area and executes admin actions\r
20  */\r
21 class ADMIN {\r
22 \r
23         /**\r
24          * @var string $action action currently being executed ($action=xxxx -> action_xxxx method)\r
25          */\r
26         var $action;\r
27 \r
28         /**\r
29          * Class constructor\r
30          */\r
31         function ADMIN() {\r
32 \r
33         }\r
34 \r
35         /**\r
36          * Executes an action\r
37          *\r
38          * @param string $action action to be performed\r
39          */\r
40         function action($action) {\r
41                 global $CONF, $manager;\r
42 \r
43                 // list of action aliases\r
44                 $alias = array(\r
45                         'login' => 'overview',\r
46                         '' => 'overview'\r
47                 );\r
48 \r
49                 if (isset($alias[$action]))\r
50                         $action = $alias[$action];\r
51 \r
52                 $methodName = 'action_' . $action;\r
53 \r
54                 $this->action = strtolower($action);\r
55 \r
56                 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
57                 // is an action that requires user interaction before something is actually done)\r
58                 // all safe actions are in this array:\r
59                 $aActionsNotToCheck = array(\r
60                         'showlogin',\r
61                         'login',\r
62                         'overview',\r
63                         'itemlist',\r
64                         'blogcommentlist',\r
65                         'bookmarklet',\r
66                         'blogsettings',\r
67                         'banlist',\r
68                         'deleteblog',\r
69                         'editmembersettings',\r
70                         'browseownitems',\r
71                         'browseowncomments',\r
72                         'createitem',\r
73                         'itemedit',\r
74                         'itemmove',\r
75                         'categoryedit',\r
76                         'categorydelete',\r
77                         'manage',\r
78                         'actionlog',\r
79                         'settingsedit',\r
80                         'backupoverview',\r
81                         'pluginlist',\r
82                         'createnewlog',\r
83                         'usermanagement',\r
84                         'skinoverview',\r
85                         'templateoverview',\r
86                         'skinieoverview',\r
87                         'itemcommentlist',\r
88                         'commentedit',\r
89                         'commentdelete',\r
90                         'banlistnewfromitem',\r
91                         'banlistdelete',\r
92                         'itemdelete',\r
93                         'manageteam',\r
94                         'teamdelete',\r
95                         'banlistnew',\r
96                         'memberedit',\r
97                         'memberdelete',\r
98                         'pluginhelp',\r
99                         'pluginoptions',\r
100                         'plugindelete',\r
101                         'skinedittype',\r
102                         'skinremovetype',\r
103                         'skindelete',\r
104                         'skinedit',\r
105                         'templateedit',\r
106                         'templatedelete',\r
107                         'activate',\r
108                         'systemoverview'\r
109                 );\r
110 /*\r
111                 // the rest of the actions needs to be checked\r
112                 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');\r
113 */\r
114                 if (!in_array($this->action, $aActionsNotToCheck))\r
115                 {\r
116                         if (!$manager->checkTicket())\r
117                                 $this->error(_ERROR_BADTICKET);\r
118                 }\r
119 \r
120                 if (method_exists($this, $methodName))\r
121                         call_user_func(array($this, $methodName));\r
122                 else\r
123                         $this->error(_BADACTION . htmlspecialchars(" ($action)"));\r
124 \r
125         }\r
126 \r
127         /**\r
128          * @todo document this\r
129          */\r
130         function action_showlogin() {\r
131                 global $error;\r
132                 $this->action_login($error);\r
133         }\r
134 \r
135         /**\r
136          * @todo document this\r
137          */\r
138         function action_login($msg = '', $passvars = 1) {\r
139                 global $member;\r
140 \r
141                 // skip to overview when allowed\r
142                 if ($member->isLoggedIn() && $member->canLogin()) {\r
143                         $this->action_overview();\r
144                         exit;\r
145                 }\r
146 \r
147                 $this->pagehead();\r
148 \r
149                 echo '<h2>', _LOGIN ,'</h2>';\r
150                 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg);\r
151                 ?>\r
152 \r
153                 <form action="index.php" method="post"><p>\r
154                 <?php echo _LOGIN_NAME; ?> <br /><input name="login"  tabindex="10" />\r
155                 <br />\r
156                 <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password"  tabindex="20" type="password" />\r
157                 <br />\r
158                 <input name="action" value="login" type="hidden" />\r
159                 <br />\r
160                 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" />\r
161                 <br />\r
162                 <small>\r
163                         <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
164                         <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
165                 </small>\r
166                 <?php              // pass through vars\r
167 \r
168                         $oldaction = postVar('oldaction');\r
169                         if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
170                                 passRequestVars();\r
171                         }\r
172 \r
173 \r
174                 ?>\r
175                 </p></form>\r
176                 <?php      $this->pagefoot();\r
177         }\r
178 \r
179 \r
180         /**\r
181          * provides a screen with the overview of the actions available\r
182          * @todo document parameter\r
183          */\r
184         function action_overview($msg = '') {\r
185                 global $member;\r
186 \r
187                 $this->pagehead();\r
188 \r
189                 if ($msg)\r
190                         echo _MESSAGE , ': ', $msg;\r
191 \r
192                 /* ---- add items ---- */\r
193                 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>';\r
194 \r
195                 $showAll = requestVar('showall');\r
196 \r
197                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
198                         // Super-Admins have access to all blogs! (no add item support though)\r
199                         $query =  'SELECT bnumber, bname, 1 as tadmin, burl, bshortname'\r
200                                    . ' FROM ' . sql_table('blog')\r
201                                    . ' ORDER BY bname';\r
202                 } else {\r
203                         $query =  'SELECT bnumber, bname, tadmin, burl, bshortname'\r
204                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
205                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
206                                    . ' ORDER BY bname';\r
207                 }\r
208                 $template['content'] = 'bloglist';\r
209                 $template['superadmin'] = $member->isAdmin();\r
210                 $amount = showlist($query,'table',$template);\r
211 \r
212                 if (($showAll != 'yes') && ($member->isAdmin())) {\r
213                         $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
214                         if ($total > $amount)\r
215                                 echo '<p><a href="index.php?action=overview&amp;showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>';\r
216                 }\r
217 \r
218                 if ($amount == 0)\r
219                         echo _OVERVIEW_NOBLOGS;\r
220 \r
221                 if ($amount != 0) {\r
222                         echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>';\r
223                         $query =  'SELECT ititle, inumber, bshortname'\r
224                                    . ' FROM ' . sql_table('item'). ', ' . sql_table('blog')\r
225                                    . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1';\r
226                         $template['content'] = 'draftlist';\r
227                         $amountdrafts = showlist($query, 'table', $template);\r
228                         if ($amountdrafts == 0)\r
229                                 echo _OVERVIEW_NODRAFTS;\r
230                 }\r
231 \r
232                 /* ---- user settings ---- */\r
233                 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>';\r
234                 echo '<ul>';\r
235                 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>';\r
236                 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>';\r
237                 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>';\r
238                 echo '</ul>';\r
239 \r
240                 /* ---- general settings ---- */\r
241                 if ($member->isAdmin()) {\r
242                         echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>';\r
243                         echo '<ul>';\r
244                         echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>';\r
245                         echo '</ul>';\r
246                 }\r
247 \r
248 \r
249                 $this->pagefoot();\r
250         }\r
251 \r
252         /**\r
253          * Returns a link to a weblog\r
254          * @param object BLOG\r
255          */\r
256         function bloglink(&$blog) {\r
257                 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';\r
258         }\r
259 \r
260         /**\r
261          * @todo document this\r
262          */\r
263         function action_manage($msg = '') {\r
264                 global $member;\r
265 \r
266                 $member->isAdmin() or $this->disallow();\r
267 \r
268                 $this->pagehead();\r
269 \r
270                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
271 \r
272                 if ($msg)\r
273                         echo '<p>' , _MESSAGE , ': ', $msg , '</p>';\r
274 \r
275 \r
276                 echo '<h2>' . _MANAGE_GENERAL. '</h2>';\r
277 \r
278                 echo '<ul>';\r
279                 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>';\r
280                 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>';\r
281                 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>';\r
282                 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>';\r
283                 echo '</ul>';\r
284 \r
285                 echo '<h2>' . _MANAGE_SKINS . '</h2>';\r
286                 echo '<ul>';\r
287                 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>';\r
288                 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>';\r
289                 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>';\r
290                 echo '</ul>';\r
291 \r
292                 echo '<h2>' . _MANAGE_EXTRA . '</h2>';\r
293                 echo '<ul>';\r
294                 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>';\r
295                 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>';\r
296                 echo '</ul>';\r
297 \r
298                 $this->pagefoot();\r
299         }\r
300 \r
301         /**\r
302          * @todo document this\r
303          */\r
304         function action_itemlist($blogid = '') {\r
305                 global $member, $manager, $CONF;\r
306 \r
307                 if ($blogid == '')\r
308                         $blogid = intRequestVar('blogid');\r
309 \r
310                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
311 \r
312                 $this->pagehead();\r
313                 $blog =& $manager->getBlog($blogid);\r
314 \r
315                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
316                 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>';\r
317 \r
318                 // start index\r
319                 if (postVar('start'))\r
320                         $start = intPostVar('start');\r
321                 else\r
322                         $start = 0;\r
323 \r
324                 if ($start == 0)\r
325                         echo '<p><a href="index.php?action=createitem&amp;blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>';\r
326 \r
327                 // amount of items to show\r
328                 if (postVar('amount'))\r
329                         $amount = intPostVar('amount');\r
330                 else {\r
331                         $amount = intval($CONF['DefaultListSize']);\r
332                         if ($amount < 1)\r
333                                 $amount = 10;\r
334                 }\r
335 \r
336                 $search = postVar('search');    // search through items\r
337 \r
338                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime, bnumber, catid'\r
339                            . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
340                            . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
341 \r
342                 if ($search)\r
343                         $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
344 \r
345                 // non-blog-admins can only edit/delete their own items\r
346                 if (!$member->blogAdminRights($blogid))\r
347                         $query .= ' and iauthor=' . $member->getID();\r
348 \r
349 \r
350                 $query .= ' ORDER BY itime DESC'\r
351                                 . " LIMIT $start,$amount";\r
352 \r
353                 $template['content'] = 'itemlist';\r
354                 $template['now'] = $blog->getCorrectTime(time());\r
355 \r
356                 $manager->loadClass("ENCAPSULATE");\r
357                 $navList = new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
358                 $navList->showBatchList('item',$query,'table',$template);\r
359 \r
360 \r
361                 $this->pagefoot();\r
362         }\r
363 \r
364         /**\r
365          * @todo document this\r
366          */\r
367         function action_batchitem() {\r
368                 global $member, $manager;\r
369 \r
370                 // check if logged in\r
371                 $member->isLoggedIn() or $this->disallow();\r
372 \r
373                 // more precise check will be done for each performed operation\r
374 \r
375                 // get array of itemids from request\r
376                 $selected = requestIntArray('batch');\r
377                 $action = requestVar('batchaction');\r
378 \r
379                 // Show error when no items were selected\r
380                 if (!is_array($selected) || sizeof($selected) == 0)\r
381                         $this->error(_BATCH_NOSELECTION);\r
382 \r
383                 // On move: when no destination blog/category chosen, show choice now\r
384                 $destCatid = intRequestVar('destcatid');\r
385                 if (($action == 'move') && (!$manager->existsCategory($destCatid)))\r
386                         $this->batchMoveSelectDestination('item',$selected);\r
387 \r
388                 // On delete: check if confirmation has been given\r
389                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
390                         $this->batchAskDeleteConfirmation('item',$selected);\r
391 \r
392                 $this->pagehead();\r
393 \r
394                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
395                 echo '<h2>',_BATCH_ITEMS,'</h2>';\r
396                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
397                 echo '<ul>';\r
398 \r
399 \r
400                 // walk over all itemids and perform action\r
401                 foreach ($selected as $itemid) {\r
402                         $itemid = intval($itemid);\r
403                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...';\r
404 \r
405                         // perform action, display errors if needed\r
406                         switch($action) {\r
407                                 case 'delete':\r
408                                         $error = $this->deleteOneItem($itemid);\r
409                                         break;\r
410                                 case 'move':\r
411                                         $error = $this->moveOneItem($itemid, $destCatid);\r
412                                         break;\r
413                                 default:\r
414                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
415                         }\r
416 \r
417                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
418                         echo '</li>';\r
419                 }\r
420 \r
421                 echo '</ul>';\r
422                 echo '<b>',_BATCH_DONE,'</b>';\r
423 \r
424                 $this->pagefoot();\r
425 \r
426 \r
427         }\r
428 \r
429         /**\r
430          * @todo document this\r
431          */\r
432         function action_batchcomment() {\r
433                 global $member;\r
434 \r
435                 // check if logged in\r
436                 $member->isLoggedIn() or $this->disallow();\r
437 \r
438                 // more precise check will be done for each performed operation\r
439 \r
440                 // get array of itemids from request\r
441                 $selected = requestIntArray('batch');\r
442                 $action = requestVar('batchaction');\r
443 \r
444                 // Show error when no items were selected\r
445                 if (!is_array($selected) || sizeof($selected) == 0)\r
446                         $this->error(_BATCH_NOSELECTION);\r
447 \r
448                 // On delete: check if confirmation has been given\r
449                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
450                         $this->batchAskDeleteConfirmation('comment',$selected);\r
451 \r
452                 $this->pagehead();\r
453 \r
454                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
455                 echo '<h2>',_BATCH_COMMENTS,'</h2>';\r
456                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
457                 echo '<ul>';\r
458 \r
459                 // walk over all itemids and perform action\r
460                 foreach ($selected as $commentid) {\r
461                         $commentid = intval($commentid);\r
462                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...';\r
463 \r
464                         // perform action, display errors if needed\r
465                         switch($action) {\r
466                                 case 'delete':\r
467                                         $error = $this->deleteOneComment($commentid);\r
468                                         break;\r
469                                 default:\r
470                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
471                         }\r
472 \r
473                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
474                         echo '</li>';\r
475                 }\r
476 \r
477                 echo '</ul>';\r
478                 echo '<b>',_BATCH_DONE,'</b>';\r
479 \r
480                 $this->pagefoot();\r
481 \r
482 \r
483         }\r
484 \r
485         /**\r
486          * @todo document this\r
487          */\r
488         function action_batchmember() {\r
489                 global $member;\r
490 \r
491                 // check if logged in and admin\r
492                 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();\r
493 \r
494                 // get array of itemids from request\r
495                 $selected = requestIntArray('batch');\r
496                 $action = requestVar('batchaction');\r
497 \r
498                 // Show error when no members selected\r
499                 if (!is_array($selected) || sizeof($selected) == 0)\r
500                         $this->error(_BATCH_NOSELECTION);\r
501 \r
502                 // On delete: check if confirmation has been given\r
503                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
504                         $this->batchAskDeleteConfirmation('member',$selected);\r
505 \r
506                 $this->pagehead();\r
507 \r
508                 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>';\r
509                 echo '<h2>',_BATCH_MEMBERS,'</h2>';\r
510                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
511                 echo '<ul>';\r
512 \r
513                 // walk over all itemids and perform action\r
514                 foreach ($selected as $memberid) {\r
515                         $memberid = intval($memberid);\r
516                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...';\r
517 \r
518                         // perform action, display errors if needed\r
519                         switch($action) {\r
520                                 case 'delete':\r
521                                         $error = $this->deleteOneMember($memberid);\r
522                                         break;\r
523                                 case 'setadmin':\r
524                                         // always succeeds\r
525                                         sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);\r
526                                         $error = '';\r
527                                         break;\r
528                                 case 'unsetadmin':\r
529                                         // there should always remain at least one super-admin\r
530                                         $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
531                                         if (sql_num_rows($r) < 2)\r
532                                                 $error = _ERROR_ATLEASTONEADMIN;\r
533                                         else\r
534                                                 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
535                                         break;\r
536                                 default:\r
537                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
538                         }\r
539 \r
540                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
541                         echo '</li>';\r
542                 }\r
543 \r
544                 echo '</ul>';\r
545                 echo '<b>',_BATCH_DONE,'</b>';\r
546 \r
547                 $this->pagefoot();\r
548 \r
549 \r
550         }\r
551 \r
552         /**\r
553          * @todo document this\r
554          */\r
555         function action_batchteam() {\r
556                 global $member;\r
557 \r
558                 $blogid = intRequestVar('blogid');\r
559 \r
560                 // check if logged in and admin\r
561                 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();\r
562 \r
563                 // get array of itemids from request\r
564                 $selected = requestIntArray('batch');\r
565                 $action = requestVar('batchaction');\r
566 \r
567                 // Show error when no members selected\r
568                 if (!is_array($selected) || sizeof($selected) == 0)\r
569                         $this->error(_BATCH_NOSELECTION);\r
570 \r
571                 // On delete: check if confirmation has been given\r
572                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
573                         $this->batchAskDeleteConfirmation('team',$selected);\r
574 \r
575                 $this->pagehead();\r
576 \r
577                 echo '<p><a href="index.php?action=manageteam&amp;blogid=',$blogid,'">(',_BACK,')</a></p>';\r
578 \r
579                 echo '<h2>',_BATCH_TEAM,'</h2>';\r
580                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
581                 echo '<ul>';\r
582 \r
583                 // walk over all itemids and perform action\r
584                 foreach ($selected as $memberid) {\r
585                         $memberid = intval($memberid);\r
586                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...';\r
587 \r
588                         // perform action, display errors if needed\r
589                         switch($action) {\r
590                                 case 'delete':\r
591                                         $error = $this->deleteOneTeamMember($blogid, $memberid);\r
592                                         break;\r
593                                 case 'setadmin':\r
594                                         // always succeeds\r
595                                         sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
596                                         $error = '';\r
597                                         break;\r
598                                 case 'unsetadmin':\r
599                                         // there should always remain at least one admin\r
600                                         $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
601                                         if (sql_num_rows($r) < 2)\r
602                                                 $error = _ERROR_ATLEASTONEBLOGADMIN;\r
603                                         else\r
604                                                 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
605                                         break;\r
606                                 default:\r
607                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
608                         }\r
609 \r
610                         echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';\r
611                         echo '</li>';\r
612                 }\r
613 \r
614                 echo '</ul>';\r
615                 echo '<b>',_BATCH_DONE,'</b>';\r
616 \r
617                 $this->pagefoot();\r
618 \r
619 \r
620         }\r
621 \r
622         /**\r
623          * @todo document this\r
624          */\r
625         function action_batchcategory() {\r
626                 global $member, $manager;\r
627 \r
628                 // check if logged in\r
629                 $member->isLoggedIn() or $this->disallow();\r
630 \r
631                 // more precise check will be done for each performed operation\r
632 \r
633                 // get array of itemids from request\r
634                 $selected = requestIntArray('batch');\r
635                 $action = requestVar('batchaction');\r
636 \r
637                 // Show error when no items were selected\r
638                 if (!is_array($selected) || sizeof($selected) == 0)\r
639                         $this->error(_BATCH_NOSELECTION);\r
640 \r
641                 // On move: when no destination blog chosen, show choice now\r
642                 $destBlogId = intRequestVar('destblogid');\r
643                 if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))\r
644                         $this->batchMoveCategorySelectDestination('category',$selected);\r
645 \r
646                 // On delete: check if confirmation has been given\r
647                 if (($action == 'delete') && (requestVar('confirmation') != 'yes'))\r
648                         $this->batchAskDeleteConfirmation('category',$selected);\r
649 \r
650                 $this->pagehead();\r
651 \r
652                 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>';\r
653                 echo '<h2>',BATCH_CATEGORIES,'</h2>';\r
654                 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>';\r
655                 echo '<ul>';\r
656 \r
657                 // walk over all itemids and perform action\r
658                 foreach ($selected as $catid) {\r
659                         $catid = intval($catid);\r
660                         echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...';\r
661 \r
662                         // perform action, display errors if needed\r
663                         switch($action) {\r
664                                 case 'delete':\r
665                                         $error = $this->deleteOneCategory($catid);\r
666                                         break;\r
667                                 case 'move':\r
668                                         $error = $this->moveOneCategory($catid, $destBlogId);\r
669                                         break;\r
670                                 default:\r
671                                         $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
672                         }\r
673 \r
674                         echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>';\r
675                         echo '</li>';\r
676                 }\r
677 \r
678                 echo '</ul>';\r
679                 echo '<b>',_BATCH_DONE,'</b>';\r
680 \r
681                 $this->pagefoot();\r
682 \r
683         }\r
684 \r
685         /**\r
686          * @todo document this\r
687          */\r
688         function batchMoveSelectDestination($type, $ids) {\r
689                 global $manager;\r
690                 $this->pagehead();\r
691                 ?>\r
692                 <h2><?php echo _MOVE_TITLE?></h2>\r
693                 <form method="post" action="index.php"><div>\r
694 \r
695                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
696                         <input type="hidden" name="batchaction" value="move" />\r
697                         <?php\r
698                                 $manager->addTicketHidden();\r
699 \r
700                                 // insert selected item numbers\r
701                                 $idx = 0;\r
702                                 foreach ($ids as $id)\r
703                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
704 \r
705                                 // show blog/category selection list\r
706                                 $this->selectBlogCategory('destcatid');\r
707 \r
708                         ?>\r
709 \r
710 \r
711                         <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
712 \r
713                 </div></form>\r
714                 <?php      $this->pagefoot();\r
715                 exit;\r
716         }\r
717 \r
718         /**\r
719          * @todo document this\r
720          */\r
721         function batchMoveCategorySelectDestination($type, $ids) {\r
722                 global $manager;\r
723                 $this->pagehead();\r
724                 ?>\r
725                 <h2><?php echo _MOVECAT_TITLE?></h2>\r
726                 <form method="post" action="index.php"><div>\r
727 \r
728                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
729                         <input type="hidden" name="batchaction" value="move" />\r
730                         <?php\r
731                                 $manager->addTicketHidden();\r
732 \r
733                                 // insert selected item numbers\r
734                                 $idx = 0;\r
735                                 foreach ($ids as $id)\r
736                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
737 \r
738                                 // show blog/category selection list\r
739                                 $this->selectBlog('destblogid');\r
740 \r
741                         ?>\r
742 \r
743 \r
744                         <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
745 \r
746                 </div></form>\r
747                 <?php      $this->pagefoot();\r
748                 exit;\r
749         }\r
750 \r
751         /**\r
752          * @todo document this\r
753          */\r
754         function batchAskDeleteConfirmation($type, $ids) {\r
755                 global $manager;\r
756 \r
757                 $this->pagehead();\r
758                 ?>\r
759                 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2>\r
760                 <form method="post" action="index.php"><div>\r
761 \r
762                         <input type="hidden" name="action" value="batch<?php echo $type?>" />\r
763                         <?php $manager->addTicketHidden() ?>\r
764                         <input type="hidden" name="batchaction" value="delete" />\r
765                         <input type="hidden" name="confirmation" value="yes" />\r
766                         <?php                      // insert selected item numbers\r
767                                 $idx = 0;\r
768                                 foreach ($ids as $id)\r
769                                         echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
770 \r
771                                 // add hidden vars for team & comment\r
772                                 if ($type == 'team')\r
773                                 {\r
774                                         echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />';\r
775                                 }\r
776                                 if ($type == 'comment')\r
777                                 {\r
778                                         echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />';\r
779                                 }\r
780 \r
781                         ?>\r
782 \r
783                         <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
784 \r
785                 </div></form>\r
786                 <?php      $this->pagefoot();\r
787                 exit;\r
788         }\r
789 \r
790 \r
791         /**\r
792          * Inserts a HTML select element with choices for all categories to which the current\r
793          * member has access\r
794          * @see function selectBlog\r
795          */\r
796         function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
797                 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);\r
798         }\r
799 \r
800         /**\r
801          * Inserts a HTML select element with choices for all blogs to which the user has access\r
802          *        mode = 'blog' => shows blognames and values are blogids\r
803          *        mode = 'category' => show category names and values are catids\r
804          *\r
805          * @param $iForcedBlogInclude\r
806          *        ID of a blog that always needs to be included, without checking if the\r
807          *        member is on the blog team (-1 = none)\r
808          * @todo document parameters\r
809          */\r
810         function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
811                 global $member, $CONF;\r
812 \r
813                 // 0. get IDs of blogs to which member can post items (+ forced blog)\r
814                 $aBlogIds = array();\r
815                 if ($iForcedBlogInclude != -1)\r
816                         $aBlogIds[] = intval($iForcedBlogInclude);\r
817 \r
818                 if (($member->isAdmin()) && (array_key_exists('ShowAllBlogs', $CONF) && $CONF['ShowAllBlogs']))\r
819                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
820                 else\r
821                         $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
822                 $rblogids = sql_query($queryBlogs);\r
823                 while ($o = sql_fetch_object($rblogids))\r
824                         if ($o->bnumber != $iForcedBlogInclude)\r
825                                 $aBlogIds[] = intval($o->bnumber);\r
826 \r
827                 if (count($aBlogIds) == 0)\r
828                         return;\r
829 \r
830                 echo '<select name="',$name,'" tabindex="',$tabindex,'">';\r
831 \r
832                 // 1. select blogs (we'll create optiongroups)\r
833                 // (only select those blogs that have the user on the team)\r
834                 $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
835                 $blogs = sql_query($queryBlogs);\r
836                 if ($mode == 'category') {\r
837                         if (sql_num_rows($blogs) > 1)\r
838                                 $multipleBlogs = 1;\r
839                         else\r
840                                 $multipleBlogs = 0;\r
841 \r
842                         while ($oBlog = sql_fetch_object($blogs)) {\r
843                                 if ($multipleBlogs)\r
844                                         echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
845 \r
846                                 // show selection to create new category when allowed/wanted\r
847                                 if ($showNewCat) {\r
848                                         // check if allowed to do so\r
849                                         if ($member->blogAdminRights($oBlog->bnumber))\r
850                                                 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>';\r
851                                 }\r
852 \r
853                                 // 2. for each category in that blog\r
854                                 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
855                                 while ($oCat = sql_fetch_object($categories)) {\r
856                                         if ($oCat->catid == $selected)\r
857                                                 $selectText = ' selected="selected" ';\r
858                                         else\r
859                                                 $selectText = '';\r
860                                         echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>';\r
861                                 }\r
862 \r
863                                 if ($multipleBlogs)\r
864                                         echo '</optgroup>';\r
865                         }\r
866                 } else {\r
867                         // blog mode\r
868                         while ($oBlog = sql_fetch_object($blogs)) {\r
869                                 echo '<option value="',$oBlog->bnumber,'"';\r
870                                 if ($oBlog->bnumber == $selected)\r
871                                         echo ' selected="selected"';\r
872                                 echo'>',htmlspecialchars($oBlog->bname),'</option>';\r
873                         }\r
874                 }\r
875                 echo '</select>';\r
876 \r
877         }\r
878 \r
879         /**\r
880          * @todo document this\r
881          */\r
882         function action_browseownitems() {\r
883                 global $member, $manager, $CONF;\r
884 \r
885                 $this->pagehead();\r
886 \r
887                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
888                 echo '<h2>' . _ITEMLIST_YOUR. '</h2>';\r
889 \r
890                 // start index\r
891                 if (postVar('start'))\r
892                         $start = intPostVar('start');\r
893                 else\r
894                         $start = 0;\r
895 \r
896                 // amount of items to show\r
897                 if (postVar('amount'))\r
898                         $amount = intPostVar('amount');\r
899                 else {\r
900                         $amount = intval($CONF['DefaultListSize']);\r
901                         if ($amount < 1)\r
902                                 $amount = 10;\r
903                 }\r
904 \r
905                 $search = postVar('search');    // search through items\r
906 \r
907                 $query =  'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'\r
908                            . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')\r
909                            . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
910 \r
911                 if ($search)\r
912                         $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
913 \r
914                 $query .= ' ORDER BY itime DESC'\r
915                                 . " LIMIT $start,$amount";\r
916 \r
917                 $template['content'] = 'itemlist';\r
918                 $template['now'] = time();\r
919 \r
920                 $manager->loadClass("ENCAPSULATE");\r
921                 $navList = new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);\r
922                 $navList->showBatchList('item',$query,'table',$template);\r
923 \r
924                 $this->pagefoot();\r
925 \r
926         }\r
927 \r
928         /**\r
929          * Show all the comments for a given item\r
930          * @param int $itemid\r
931          */\r
932         function action_itemcommentlist($itemid = '') {\r
933                 global $member, $manager, $CONF;\r
934 \r
935                 if ($itemid == '')\r
936                         $itemid = intRequestVar('itemid');\r
937 \r
938                 // only allow if user is allowed to alter item\r
939                 $member->canAlterItem($itemid) or $this->disallow();\r
940 \r
941                 $blogid = getBlogIdFromItemId($itemid);\r
942 \r
943                 $this->pagehead();\r
944 \r
945                 // start index\r
946                 if (postVar('start'))\r
947                         $start = intPostVar('start');\r
948                 else\r
949                         $start = 0;\r
950 \r
951                 // amount of items to show\r
952                 if (postVar('amount'))\r
953                         $amount = intPostVar('amount');\r
954                 else {\r
955                         $amount = intval($CONF['DefaultListSize']);\r
956                         if ($amount < 1)\r
957                                 $amount = 10;\r
958                 }\r
959 \r
960                 $search = postVar('search');\r
961 \r
962                 echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
963                 echo '<h2>',_COMMENTS,'</h2>';\r
964 \r
965                 $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;\r
966 \r
967                 if ($search)\r
968                         $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
969 \r
970                 $query .= ' ORDER BY ctime ASC'\r
971                                 . " LIMIT $start,$amount";\r
972 \r
973                 $template['content'] = 'commentlist';\r
974                 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));\r
975 \r
976                 $manager->loadClass("ENCAPSULATE");\r
977                 $navList = new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);\r
978                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);\r
979 \r
980                 $this->pagefoot();\r
981         }\r
982 \r
983         /**\r
984          * Browse own comments\r
985          */\r
986         function action_browseowncomments() {\r
987                 global $member, $manager, $CONF;\r
988 \r
989                 // start index\r
990                 if (postVar('start'))\r
991                         $start = intPostVar('start');\r
992                 else\r
993                         $start = 0;\r
994 \r
995                 // amount of items to show\r
996                 if (postVar('amount'))\r
997                         $amount = intPostVar('amount');\r
998                 else {\r
999                         $amount = intval($CONF['DefaultListSize']);\r
1000                         if ($amount < 1)\r
1001                                 $amount = 10;\r
1002                 }\r
1003 \r
1004                 $search = postVar('search');\r
1005 \r
1006 \r
1007                 $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
1008 \r
1009                 if ($search)\r
1010                         $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
1011 \r
1012                 $query .= ' ORDER BY ctime DESC'\r
1013                                 . " LIMIT $start,$amount";\r
1014 \r
1015                 $this->pagehead();\r
1016 \r
1017                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
1018                 echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
1019 \r
1020                 $template['content'] = 'commentlist';\r
1021                 $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself\r
1022 \r
1023                 $manager->loadClass("ENCAPSULATE");\r
1024                 $navList = new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
1025                 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);\r
1026 \r
1027                 $this->pagefoot();\r
1028         }\r
1029 \r
1030         /**\r
1031          * Browse all comments for a weblog\r
1032          * @param int $blogid\r
1033          */\r
1034         function action_blogcommentlist($blogid = '')\r
1035         {\r
1036                 global $member, $manager, $CONF;\r
1037 \r
1038                 if ($blogid == '')\r
1039                         $blogid = intRequestVar('blogid');\r
1040                 else\r
1041                         $blogid = intval($blogid);\r
1042 \r
1043                 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();\r
1044 \r
1045                 // start index\r
1046                 if (postVar('start'))\r
1047                         $start = intPostVar('start');\r
1048                 else\r
1049                         $start = 0;\r
1050 \r
1051                 // amount of items to show\r
1052                 if (postVar('amount'))\r
1053                         $amount = intPostVar('amount');\r
1054                 else {\r
1055                         $amount = intval($CONF['DefaultListSize']);\r
1056                         if ($amount < 1)\r
1057                                 $amount = 10;\r
1058                 }\r
1059 \r
1060                 $search = postVar('search');            // search through comments\r
1061 \r
1062 \r
1063                 $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
1064 \r
1065                 if ($search != '')\r
1066                         $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
1067 \r
1068 \r
1069                 $query .= ' ORDER BY ctime DESC'\r
1070                                 . " LIMIT $start,$amount";\r
1071 \r
1072 \r
1073                 $blog =& $manager->getBlog($blogid);\r
1074 \r
1075                 $this->pagehead();\r
1076 \r
1077                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
1078                 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';\r
1079 \r
1080                 $template['content'] = 'commentlist';\r
1081                 $template['canAddBan'] = $member->blogAdminRights($blogid);\r
1082 \r
1083                 $manager->loadClass("ENCAPSULATE");\r
1084                 $navList = new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);\r
1085                 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);\r
1086 \r
1087                 $this->pagefoot();\r
1088         }\r
1089 \r
1090         /**\r
1091          * Provide a page to item a new item to the given blog\r
1092          */\r
1093         function action_createitem() {\r
1094                 global $member, $manager;\r
1095 \r
1096                 $blogid = intRequestVar('blogid');\r
1097 \r
1098                 // check if allowed\r
1099                 $member->teamRights($blogid) or $this->disallow();\r
1100 \r
1101                 $memberid = $member->getID();\r
1102 \r
1103                 $blog =& $manager->getBlog($blogid);\r
1104 \r
1105                 $this->pagehead();\r
1106 \r
1107                 // generate the add-item form\r
1108                 $formfactory = new PAGEFACTORY($blogid);\r
1109                 $formfactory->createAddForm('admin');\r
1110 \r
1111                 $this->pagefoot();\r
1112         }\r
1113 \r
1114         /**\r
1115          * @todo document this\r
1116          */\r
1117         function action_itemedit() {\r
1118                 global $member, $manager;\r
1119 \r
1120                 $itemid = intRequestVar('itemid');\r
1121 \r
1122                 // only allow if user is allowed to alter item\r
1123                 $member->canAlterItem($itemid) or $this->disallow();\r
1124 \r
1125                 $item =& $manager->getItem($itemid,1,1);\r
1126                 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));\r
1127 \r
1128                 $param = array('item' => &$item);\r
1129                 $manager->notify('PrepareItemForEdit', $param);\r
1130 \r
1131                 if ($blog->convertBreaks()) {\r
1132                         $item['body'] = removeBreaks($item['body']);\r
1133                         $item['more'] = removeBreaks($item['more']);\r
1134                 }\r
1135 \r
1136                 // form to edit blog items\r
1137                 $this->pagehead();\r
1138                 $formfactory = new PAGEFACTORY($blog->getID());\r
1139                 $formfactory->createEditForm('admin',$item);\r
1140                 $this->pagefoot();\r
1141         }\r
1142 \r
1143         /**\r
1144          * @todo document this\r
1145          */\r
1146         function action_itemupdate() {\r
1147                 global $member, $manager, $CONF;\r
1148 \r
1149                 $itemid = intRequestVar('itemid');\r
1150                 $catid = postVar('catid');\r
1151 \r
1152                 // only allow if user is allowed to alter item\r
1153                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1154 \r
1155                 $actiontype = postVar('actiontype');\r
1156 \r
1157                 // delete actions are handled by itemdelete (which has confirmation)\r
1158                 if ($actiontype == 'delete') {\r
1159                         $this->action_itemdelete();\r
1160                         return;\r
1161                 }\r
1162 \r
1163                 $body   = postVar('body');\r
1164                 $title  = postVar('title');\r
1165                 $more   = postVar('more');\r
1166                 $closed = intPostVar('closed');\r
1167                 $draftid = intPostVar('draftid');\r
1168 \r
1169                 // default action = add now\r
1170                 if (!$actiontype)\r
1171                         $actiontype='addnow';\r
1172 \r
1173                 // create new category if needed\r
1174                 if (strstr($catid,'newcat')) {\r
1175                         // get blogid\r
1176                         list($blogid) = sscanf($catid,"newcat-%d");\r
1177 \r
1178                         // create\r
1179                         $blog =& $manager->getBlog($blogid);\r
1180                         $catid = $blog->createNewCategory();\r
1181 \r
1182                         // show error when sth goes wrong\r
1183                         if (!$catid)\r
1184                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1185                 }\r
1186 \r
1187                 /*\r
1188                         set some variables based on actiontype\r
1189 \r
1190                         actiontypes:\r
1191                                 draft items -> addnow, addfuture, adddraft, delete\r
1192                                 non-draft items -> edit, changedate, delete\r
1193 \r
1194                         variables set:\r
1195                                 $timestamp: set to a nonzero value for future dates or date changes\r
1196                                 $wasdraft: set to 1 when the item used to be a draft item\r
1197                                 $publish: set to 1 when the edited item is not a draft\r
1198                 */\r
1199                 $blogid =  getBlogIDFromItemID($itemid);\r
1200                 $blog   =& $manager->getBlog($blogid);\r
1201 \r
1202                 $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
1203                 $wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
1204                 $publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
1205                 if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
1206                         $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
1207                 } else {\r
1208                         $timestamp =0;\r
1209                 }\r
1210 \r
1211                 // edit the item for real\r
1212                 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
1213 \r
1214                 $this->updateFuturePosted($blogid);\r
1215 \r
1216                 if ($draftid > 0) {\r
1217                         // delete permission is checked inside ITEM::delete()\r
1218                         ITEM::delete($draftid);\r
1219                 }\r
1220 \r
1221                 // show category edit window when we created a new category\r
1222                 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
1223                 if ($catid != intPostVar('catid')) {\r
1224                         $this->action_categoryedit(\r
1225                                 $catid,\r
1226                                 $blog->getID(),\r
1227                                 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)\r
1228                         );\r
1229                 } else {\r
1230                         // TODO: set start item correctly for itemlist\r
1231                         $this->action_itemlist(getBlogIDFromItemID($itemid));\r
1232                 }\r
1233         }\r
1234 \r
1235         /**\r
1236          * @todo document this\r
1237          */\r
1238         function action_itemdelete() {\r
1239                 global $member, $manager;\r
1240 \r
1241                 $itemid = intRequestVar('itemid');\r
1242 \r
1243                 // only allow if user is allowed to alter item\r
1244                 $member->canAlterItem($itemid) or $this->disallow();\r
1245 \r
1246                 if (!$manager->existsItem($itemid,1,1))\r
1247                         $this->error(_ERROR_NOSUCHITEM);\r
1248 \r
1249                 $item =& $manager->getItem($itemid,1,1);\r
1250                 $title = htmlspecialchars(strip_tags($item['title']));\r
1251                 $body = strip_tags($item['body']);\r
1252                 $body = htmlspecialchars(shorten($body,300,'...'));\r
1253 \r
1254                 $this->pagehead();\r
1255                 ?>\r
1256                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1257 \r
1258                         <p><?php echo _CONFIRMTXT_ITEM?></p>\r
1259 \r
1260                         <div class="note">\r
1261                                 <b>"<?php echo  $title ?>"</b>\r
1262                                 <br />\r
1263                                 <?php echo $body?>\r
1264                         </div>\r
1265 \r
1266                         <form method="post" action="index.php"><div>\r
1267                                 <input type="hidden" name="action" value="itemdeleteconfirm" />\r
1268                                 <?php $manager->addTicketHidden() ?>\r
1269                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1270                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>"  tabindex="10" />\r
1271                         </div></form>\r
1272                 <?php\r
1273                 $this->pagefoot();\r
1274         }\r
1275 \r
1276         /**\r
1277          * @todo document this\r
1278          */\r
1279         function action_itemdeleteconfirm() {\r
1280                 global $member;\r
1281 \r
1282                 $itemid = intRequestVar('itemid');\r
1283 \r
1284                 // only allow if user is allowed to alter item\r
1285                 $member->canAlterItem($itemid) or $this->disallow();\r
1286 \r
1287                 // get blogid first\r
1288                 $blogid = getBlogIdFromItemId($itemid);\r
1289 \r
1290                 // delete item (note: some checks will be performed twice)\r
1291                 $this->deleteOneItem($itemid);\r
1292 \r
1293                 $this->action_itemlist($blogid);\r
1294         }\r
1295 \r
1296         /**\r
1297          * Deletes one item and returns error if something goes wrong\r
1298          * @param int $itemid\r
1299          */\r
1300         function deleteOneItem($itemid) {\r
1301                 global $member, $manager;\r
1302 \r
1303                 // only allow if user is allowed to alter item (also checks if itemid exists)\r
1304                 if (!$member->canAlterItem($itemid))\r
1305                         return _ERROR_DISALLOWED;\r
1306 \r
1307                 // need to get blogid before the item is deleted\r
1308                 $blogid = getBlogIDFromItemId($itemid);\r
1309 \r
1310                 $manager->loadClass('ITEM');\r
1311                 ITEM::delete($itemid);\r
1312 \r
1313                 // update blog's futureposted\r
1314                 $this->updateFuturePosted($blogid);\r
1315         }\r
1316 \r
1317         /**\r
1318          * Update a blog's future posted flag\r
1319          * @param int $blogid\r
1320          */\r
1321         function updateFuturePosted($blogid) {\r
1322                 global $manager;\r
1323 \r
1324                 $blog =& $manager->getBlog($blogid);\r
1325                 $currenttime = $blog->getCorrectTime(time());\r
1326                 $result = sql_query("SELECT * FROM ".sql_table('item').\r
1327                         " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
1328                 if (sql_num_rows($result) > 0) {\r
1329                                 $blog->setFuturePost();\r
1330                 }\r
1331                 else {\r
1332                                 $blog->clearFuturePost();\r
1333                 }\r
1334         }\r
1335 \r
1336         /**\r
1337          * @todo document this\r
1338          */\r
1339         function action_itemmove() {\r
1340                 global $member, $manager;\r
1341 \r
1342                 $itemid = intRequestVar('itemid');\r
1343 \r
1344                 // only allow if user is allowed to alter item\r
1345                 $member->canAlterItem($itemid) or $this->disallow();\r
1346 \r
1347                 $item =& $manager->getItem($itemid,1,1);\r
1348 \r
1349                 $this->pagehead();\r
1350                 ?>\r
1351                         <h2><?php echo _MOVE_TITLE?></h2>\r
1352                         <form method="post" action="index.php"><div>\r
1353                                 <input type="hidden" name="action" value="itemmoveto" />\r
1354                                 <input type="hidden" name="itemid" value="<?php echo  $itemid; ?>" />\r
1355 \r
1356                                 <?php\r
1357 \r
1358                                         $manager->addTicketHidden();\r
1359                                         $this->selectBlogCategory('catid',$item['catid'],10,1);\r
1360                                 ?>\r
1361 \r
1362                                 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" />\r
1363                         </div></form>\r
1364                 <?php\r
1365                 $this->pagefoot();\r
1366         }\r
1367 \r
1368         /**\r
1369          * @todo document this\r
1370          */\r
1371         function action_itemmoveto() {\r
1372                 global $member, $manager;\r
1373 \r
1374                 $itemid = intRequestVar('itemid');\r
1375                 $catid = requestVar('catid');\r
1376 \r
1377                 // create new category if needed\r
1378                 if (strstr($catid,'newcat')) {\r
1379                         // get blogid\r
1380                         list($blogid) = sscanf($catid,'newcat-%d');\r
1381 \r
1382                         // create\r
1383                         $blog =& $manager->getBlog($blogid);\r
1384                         $catid = $blog->createNewCategory();\r
1385 \r
1386                         // show error when sth goes wrong\r
1387                         if (!$catid)\r
1388                                 $this->doError(_ERROR_CATCREATEFAIL);\r
1389                 }\r
1390 \r
1391                 // only allow if user is allowed to alter item\r
1392                 $member->canUpdateItem($itemid, $catid) or $this->disallow();\r
1393 \r
1394                 $old_blogid = getBlogIDFromItemId($itemid);\r
1395 \r
1396                 ITEM::move($itemid, $catid);\r
1397 \r
1398                 // set the futurePosted flag on the blog\r
1399                 $this->updateFuturePosted(getBlogIDFromItemId($itemid));\r
1400 \r
1401                 // reset the futurePosted in case the item is moved from one blog to another\r
1402                 $this->updateFuturePosted($old_blogid);\r
1403 \r
1404                 if ($catid != intRequestVar('catid'))\r
1405                         $this->action_categoryedit($catid, $blog->getID());\r
1406                 else\r
1407                         $this->action_itemlist(getBlogIDFromCatID($catid));\r
1408         }\r
1409 \r
1410         /**\r
1411          * Moves one item to a given category (category existance should be checked by caller)\r
1412          * errors are returned\r
1413          * @param int $itemid\r
1414          * @param int $destCatid category ID to which the item will be moved\r
1415          */\r
1416         function moveOneItem($itemid, $destCatid) {\r
1417                 global $member;\r
1418 \r
1419                 // only allow if user is allowed to move item\r
1420                 if (!$member->canUpdateItem($itemid, $destCatid))\r
1421                         return _ERROR_DISALLOWED;\r
1422 \r
1423                 ITEM::move($itemid, $destCatid);\r
1424         }\r
1425 \r
1426         /**\r
1427          * Adds a item to the chosen blog\r
1428          */\r
1429         function action_additem() {\r
1430                 global $manager, $CONF;\r
1431 \r
1432                 $manager->loadClass('ITEM');\r
1433 \r
1434                 $result = ITEM::createFromRequest();\r
1435 \r
1436                 if ($result['status'] == 'error')\r
1437                         $this->error($result['message']);\r
1438 \r
1439                 $blogid = getBlogIDFromItemID($result['itemid']);\r
1440                 $blog =& $manager->getBlog($blogid);\r
1441                 $btimestamp = $blog->getCorrectTime();\r
1442                 $item      = $manager->getItem(intval($result['itemid']), 1, 1);\r
1443 \r
1444                 if ($result['status'] == 'newcategory') {\r
1445                         $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));\r
1446                         $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
1447                 } else {\r
1448                         $methodName = 'action_itemList';\r
1449                         call_user_func(array($this, $methodName), $blogid);\r
1450                 }\r
1451         }\r
1452 \r
1453         /**\r
1454          * Allows to edit previously made comments\r
1455          */\r
1456         function action_commentedit() {\r
1457                 global $member, $manager;\r
1458 \r
1459                 $commentid = intRequestVar('commentid');\r
1460 \r
1461                 $member->canAlterComment($commentid) or $this->disallow();\r
1462 \r
1463                 $comment = COMMENT::getComment($commentid);\r
1464 \r
1465                 $param = array('comment' => &$comment);\r
1466                 $manager->notify('PrepareCommentForEdit', $param);\r
1467 \r
1468                 // change <br /> to \n\r
1469                 $comment['body'] = str_replace('<br />','',$comment['body']);\r
1470                 \r
1471                 // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0\r
1472                 /* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */\r
1473                 $comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#i", "\\1", $comment['body']);\r
1474                 \r
1475                 $this->pagehead();\r
1476 \r
1477                 ?>\r
1478                 <h2><?php echo _EDITC_TITLE?></h2>\r
1479 \r
1480                 <form action="index.php" method="post"><div>\r
1481 \r
1482                 <input type="hidden" name="action" value="commentupdate" />\r
1483                 <?php $manager->addTicketHidden(); ?>\r
1484                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1485                 <table><tr>\r
1486                         <th colspan="2"><?php echo _EDITC_TITLE?></th>\r
1487                 </tr><tr>\r
1488                         <td><?php echo _EDITC_WHO?></td>\r
1489                         <td>\r
1490                         <?php                      if ($comment['member'])\r
1491                                         echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
1492                                 else\r
1493                                         echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
1494                         ?>\r
1495                         </td>\r
1496                 </tr><tr>\r
1497                         <td><?php echo _EDITC_WHEN?></td>\r
1498                         <td><?php echo  date("Y-m-d @ H:i",$comment['timestamp']); ?></td>\r
1499                 </tr><tr>\r
1500                         <td><?php echo _EDITC_HOST?></td>\r
1501                         <td><?php echo  $comment['host']; ?></td>\r
1502                 </tr>\r
1503                 <tr>\r
1504                         <td><?php echo _EDITC_URL; ?></td>\r
1505                         <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td>\r
1506                 </tr>\r
1507                 <tr>\r
1508                         <td><?php echo _EDITC_EMAIL; ?></td>\r
1509                         <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td>\r
1510                 </tr>\r
1511                 <tr>\r
1512                         <td><?php echo _EDITC_TEXT?></td>\r
1513                         <td>\r
1514                                 <textarea name="body" tabindex="10" rows="10" cols="50"><?php                              // htmlspecialchars not needed (things should be escaped already)\r
1515                                         echo $comment['body'];\r
1516                                 ?></textarea>\r
1517                         </td>\r
1518                 </tr><tr>\r
1519                         <td><?php echo _EDITC_EDIT?></td>\r
1520                         <td><input type="submit"  tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td>\r
1521                 </tr></table>\r
1522 \r
1523                 </div></form>\r
1524                 <?php\r
1525                 $this->pagefoot();\r
1526         }\r
1527 \r
1528         /**\r
1529          * @todo document this\r
1530          */\r
1531         function action_commentupdate() {\r
1532                 global $member, $manager;\r
1533 \r
1534                 $commentid = intRequestVar('commentid');\r
1535 \r
1536                 $member->canAlterComment($commentid) or $this->disallow();\r
1537 \r
1538                 $url = postVar('url');\r
1539                 $email = postVar('email');\r
1540                 $body = postVar('body');\r
1541                 \r
1542                 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1543                 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE\r
1544                 # important note that '\' must be matched with '\\\\' in preg* expressions\r
1545                 // intercept words that are too long\r
1546                 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)\r
1547                 {\r
1548                         $this->error(_ERROR_COMMENT_LONGWORD);\r
1549                 }\r
1550                 \r
1551                 // check length\r
1552                 if (strlen($body) < 3)\r
1553                 {\r
1554                         $this->error(_ERROR_COMMENT_NOCOMMENT);\r
1555                 }\r
1556                 if (strlen($body)>5000)\r
1557                 {\r
1558                         $this->error(_ERROR_COMMENT_TOOLONG);\r
1559                 }\r
1560                 \r
1561                 // prepare body\r
1562                 $body = COMMENT::prepareBody($body);\r
1563 \r
1564                 // call plugins\r
1565                 $param = array('body' => &$body);\r
1566                 $manager->notify('PreUpdateComment', $param);\r
1567 \r
1568                 $query =  'UPDATE '.sql_table('comment')\r
1569                            . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"\r
1570                            . " WHERE cnumber=" . $commentid;\r
1571                 sql_query($query);\r
1572 \r
1573                 // get itemid\r
1574                 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
1575                 $o = sql_fetch_object($res);\r
1576                 $itemid = $o->citem;\r
1577 \r
1578                 if ($member->canAlterItem($itemid))\r
1579                         $this->action_itemcommentlist($itemid);\r
1580                 else\r
1581                         $this->action_browseowncomments();\r
1582 \r
1583         }\r
1584 \r
1585         /**\r
1586          * @todo document this\r
1587          */\r
1588         function action_commentdelete() {\r
1589                 global $member, $manager;\r
1590 \r
1591                 $commentid = intRequestVar('commentid');\r
1592 \r
1593                 $member->canAlterComment($commentid) or $this->disallow();\r
1594 \r
1595                 $comment = COMMENT::getComment($commentid);\r
1596 \r
1597                 $body = strip_tags($comment['body']);\r
1598                 $body = htmlspecialchars(shorten($body, 300, '...'));\r
1599 \r
1600                 if ($comment['member'])\r
1601                         $author = $comment['member'];\r
1602                 else\r
1603                         $author = $comment['user'];\r
1604 \r
1605                 $this->pagehead();\r
1606                 ?>\r
1607 \r
1608                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
1609 \r
1610                         <p><?php echo _CONFIRMTXT_COMMENT?></p>\r
1611 \r
1612                         <div class="note">\r
1613                         <b><?php echo _EDITC_WHO?>:</b> <?php echo  $author ?>\r
1614                         <br />\r
1615                         <b><?php echo _EDITC_TEXT?>:</b> <?php echo  $body ?>\r
1616                         </div>\r
1617 \r
1618                         <form method="post" action="index.php"><div>\r
1619                                 <input type="hidden" name="action" value="commentdeleteconfirm" />\r
1620                                 <?php $manager->addTicketHidden() ?>\r
1621                                 <input type="hidden" name="commentid" value="<?php echo  $commentid; ?>" />\r
1622                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
1623                         </div></form>\r
1624                 <?php\r
1625                 $this->pagefoot();\r
1626         }\r
1627 \r
1628         /**\r
1629          * @todo document this\r
1630          */\r
1631         function action_commentdeleteconfirm() {\r
1632                 global $member;\r
1633 \r
1634                 $commentid = intRequestVar('commentid');\r
1635 \r
1636                 // get item id first\r
1637                 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
1638                 $o = sql_fetch_object($res);\r
1639                 $itemid = $o->citem;\r
1640 \r
1641                 $error = $this->deleteOneComment($commentid);\r
1642                 if ($error)\r
1643                         $this->doError($error);\r
1644 \r
1645                 if ($member->canAlterItem($itemid))\r
1646                         $this->action_itemcommentlist($itemid);\r
1647                 else\r
1648                         $this->action_browseowncomments();\r
1649         }\r
1650 \r
1651         /**\r
1652          * @todo document this\r
1653          */\r
1654         function deleteOneComment($commentid) {\r
1655                 global $member, $manager;\r
1656 \r
1657                 $commentid = intval($commentid);\r
1658 \r
1659                 if (!$member->canAlterComment($commentid))\r
1660                         return _ERROR_DISALLOWED;\r
1661 \r
1662                 $param =array('commentid' => $commentid);\r
1663                 $manager->notify('PreDeleteComment', $param);\r
1664 \r
1665                 // delete the comments associated with the item\r
1666                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid;\r
1667                 sql_query($query);\r
1668 \r
1669                 $param = array('commentid' => $commentid);\r
1670                 $manager->notify('PostDeleteComment', $param);\r
1671 \r
1672                 return '';\r
1673         }\r
1674 \r
1675         /**\r
1676          * Usermanagement main\r
1677          */\r
1678         function action_usermanagement() {\r
1679                 global $member, $manager;\r
1680 \r
1681                 // check if allowed\r
1682                 $member->isAdmin() or $this->disallow();\r
1683 \r
1684                 $this->pagehead();\r
1685 \r
1686                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
1687 \r
1688                 echo '<h2>' . _MEMBERS_TITLE .'</h2>';\r
1689 \r
1690                 echo '<h3>' . _MEMBERS_CURRENT .'</h3>';\r
1691 \r
1692                 // show list of members with actions\r
1693                 $query =  'SELECT *'\r
1694                            . ' FROM '.sql_table('member');\r
1695                 $template['content'] = 'memberlist';\r
1696                 $template['tabindex'] = 10;\r
1697 \r
1698                 $manager->loadClass("ENCAPSULATE");\r
1699                 $batch = new BATCH('member');\r
1700                 $batch->showlist($query,'table',$template);\r
1701 \r
1702                 echo '<h3>' . _MEMBERS_NEW .'</h3>';\r
1703                 ?>\r
1704                         <form method="post" action="index.php" name="memberedit"><div>\r
1705 \r
1706                         <input type="hidden" name="action" value="memberadd" />\r
1707                         <?php $manager->addTicketHidden() ?>\r
1708 \r
1709                         <table>\r
1710                         <tr>\r
1711                                 <th colspan="2"><?php echo _MEMBERS_NEW?></th>\r
1712                         </tr><tr>\r
1713                                 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1714                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1715                                 </td>\r
1716                                 <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td>\r
1717                         </tr><tr>\r
1718                                 <td><?php echo _MEMBERS_REALNAME?></td>\r
1719                                 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
1720                         </tr><tr>\r
1721                                 <td><?php echo _MEMBERS_PWD?></td>\r
1722                                 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td>\r
1723                         </tr><tr>\r
1724                                 <td><?php echo _MEMBERS_REPPWD?></td>\r
1725                                 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td>\r
1726                         </tr><tr>\r
1727                                 <td><?php echo _MEMBERS_EMAIL?></td>\r
1728                                 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td>\r
1729                         </tr><tr>\r
1730                                 <td><?php echo _MEMBERS_URL?></td>\r
1731                                 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td>\r
1732                         </tr><tr>\r
1733                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1734                                 <td><?php $this->input_yesno('admin',0,10060); ?> </td>\r
1735                         </tr><tr>\r
1736                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1737                                 <td><?php $this->input_yesno('canlogin',1,10070); ?></td>\r
1738                         </tr><tr>\r
1739                                 <td><?php echo _MEMBERS_NOTES?></td>\r
1740                                 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td>\r
1741                         </tr><tr>\r
1742                                 <td><?php echo _MEMBERS_NEW?></td>\r
1743                                 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td>\r
1744                         </tr></table>\r
1745 \r
1746                         </div></form>\r
1747                 <?php\r
1748                 $this->pagefoot();\r
1749         }\r
1750 \r
1751         /**\r
1752          * Edit member settings\r
1753          */\r
1754         function action_memberedit() {\r
1755                 $this->action_editmembersettings(intRequestVar('memberid'));\r
1756         }\r
1757 \r
1758         /**\r
1759          * @todo document this\r
1760          */\r
1761         function action_editmembersettings($memberid = '') {\r
1762                 global $member, $manager, $CONF;\r
1763 \r
1764                 if ($memberid == '')\r
1765                         $memberid = $member->getID();\r
1766 \r
1767                 // check if allowed\r
1768                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1769 \r
1770                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
1771                 $this->pagehead($extrahead);\r
1772 \r
1773                 // show message to go back to member overview (only for admins)\r
1774                 if ($member->isAdmin())\r
1775                         echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>';\r
1776                 else\r
1777                         echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>';\r
1778 \r
1779                 echo '<h2>' . _MEMBERS_EDIT . '</h2>';\r
1780 \r
1781                 $mem = MEMBER::createFromID($memberid);\r
1782 \r
1783                 ?>\r
1784                 <form method="post" action="index.php" name="memberedit"><div>\r
1785 \r
1786                 <input type="hidden" name="action" value="changemembersettings" />\r
1787                 <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
1788                 <?php $manager->addTicketHidden() ?>\r
1789 \r
1790                 <table><tr>\r
1791                         <th colspan="2"><?php echo _MEMBERS_EDIT?></th>\r
1792                 </tr><tr>\r
1793                         <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
1794                                 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
1795                         </td>\r
1796                         <td>\r
1797                         <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1798                                 <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
1799                         <?php } else {\r
1800                                 echo htmlspecialchars($member->getDisplayName());\r
1801                            }\r
1802                         ?>\r
1803                         </td>\r
1804                 </tr><tr>\r
1805                         <td><?php echo _MEMBERS_REALNAME?></td>\r
1806                         <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo  htmlspecialchars($mem->getRealName()); ?>" /></td>\r
1807                 </tr><tr>\r
1808                 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
1809                         <td><?php echo _MEMBERS_PWD?></td>\r
1810                         <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td>\r
1811                 </tr><tr>\r
1812                         <td><?php echo _MEMBERS_REPPWD?></td>\r
1813                         <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td>\r
1814                 <?php } ?>\r
1815                 </tr><tr>\r
1816                         <td><?php echo _MEMBERS_EMAIL?>\r
1817                                 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small>\r
1818                         </td>\r
1819                         <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo  htmlspecialchars($mem->getEmail()); ?>" /></td>\r
1820                 </tr><tr>\r
1821                         <td><?php echo _MEMBERS_URL?></td>\r
1822                         <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getURL()); ?>" /></td>\r
1823                 <?php // only allow to change this by super-admins\r
1824                    // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-)\r
1825                    if ($member->isAdmin()) {\r
1826                 ?>\r
1827                         </tr><tr>\r
1828                                 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td>\r
1829                                 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td>\r
1830                         </tr><tr>\r
1831                                 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td>\r
1832                                 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td>\r
1833                 <?php } ?>\r
1834                 </tr><tr>\r
1835                         <td><?php echo _MEMBERS_NOTES?></td>\r
1836                         <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo  htmlspecialchars($mem->getNotes()); ?>" /></td>\r
1837                 </tr><tr>\r
1838                         <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?>\r
1839                         </td>\r
1840                         <td>\r
1841 \r
1842                                 <select name="deflang" tabindex="85">\r
1843                                         <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
1844                                 <?php                      // show a dropdown list of all available languages\r
1845                                 global $DIR_LANG;\r
1846                                 $dirhandle = opendir($DIR_LANG);\r
1847                                 while ($filename = readdir($dirhandle))\r
1848                                 {\r
1849                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1850                                         # original ereg: ereg("^(.*)\.php$", $filename, $matches)\r
1851                                         if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
1852                                         {\r
1853                                                 $name = $matches[1];\r
1854                                                 echo "<option value=\"$name\"";\r
1855                                                 if ($name == $mem->getLanguage() )\r
1856                                                 {\r
1857                                                         echo " selected=\"selected\"";\r
1858                                                 }\r
1859                                                 echo ">$name</option>";\r
1860                                         }\r
1861                                 }\r
1862                                 closedir($dirhandle);\r
1863                                 \r
1864                                 ?>\r
1865                                 </select>\r
1866 \r
1867                         </td>\r
1868                 </tr>\r
1869                 <tr>\r
1870                         <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td>\r
1871                         <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td>\r
1872                 </tr>\r
1873                 <?php\r
1874                         // plugin options\r
1875                         $this->_insertPluginOptions('member',$memberid);\r
1876                 ?>\r
1877                 <tr>\r
1878                         <th colspan="2"><?php echo _MEMBERS_EDIT ?></th>\r
1879                 </tr><tr>\r
1880                         <td><?php echo _MEMBERS_EDIT?></td>\r
1881                         <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td>\r
1882                 </tr></table>\r
1883 \r
1884                 </div></form>\r
1885 \r
1886                 <?php\r
1887                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
1888 \r
1889                         $param = array('member' => &$mem);\r
1890                         $manager->notify('MemberSettingsFormExtras', $param);\r
1891 \r
1892                 $this->pagefoot();\r
1893         }\r
1894 \r
1895         /**\r
1896          * @todo document this\r
1897          */\r
1898         function action_changemembersettings() {\r
1899                 global $member, $CONF, $manager;\r
1900 \r
1901                 $memberid = intRequestVar('memberid');\r
1902 \r
1903                 // check if allowed\r
1904                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
1905 \r
1906                 $name              = trim(strip_tags(postVar('name')));\r
1907                 $realname          = trim(strip_tags(postVar('realname')));\r
1908                 $password          = postVar('password');\r
1909                 $repeatpassword = postVar('repeatpassword');\r
1910                 $email            = strip_tags(postVar('email'));\r
1911                 $url                    = strip_tags(postVar('url'));\r
1912 \r
1913                 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
1914                 # original eregi: !eregi("^https?://", $url)\r
1915                 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.\r
1916                 if (!preg_match('#^https?://#', $url) )\r
1917                 {\r
1918                         $url = 'http://' . $url;\r
1919                 }\r
1920                 $admin            = postVar('admin');\r
1921                 $canlogin          = postVar('canlogin');\r
1922                 $notes            = strip_tags(postVar('notes'));\r
1923                 $deflang                = postVar('deflang');\r
1924 \r
1925                 $mem = MEMBER::createFromID($memberid);\r
1926 \r
1927                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1928 \r
1929                         if (!isValidDisplayName($name))\r
1930                                 $this->error(_ERROR_BADNAME);\r
1931 \r
1932                         if (($name != $mem->getDisplayName()) && MEMBER::exists($name))\r
1933                                 $this->error(_ERROR_NICKNAMEINUSE);\r
1934 \r
1935                         if ($password != $repeatpassword)\r
1936                                 $this->error(_ERROR_PASSWORDMISMATCH);\r
1937 \r
1938                         if ($password && (strlen($password) < 6))\r
1939                                 $this->error(_ERROR_PASSWORDTOOSHORT);\r
1940 \r
1941                         if ($password) {\r
1942                                 $pwdvalid = true;\r
1943                                 $pwderror = '';\r
1944                                 $param = array(\r
1945                                         'password'              =>  $password,\r
1946                                         'errormessage'  => &$pwderror,\r
1947                                         'valid'                 => &$pwdvalid\r
1948                                 );\r
1949                                 $manager->notify('PrePasswordSet', $param);\r
1950                                 if (!$pwdvalid) {\r
1951                                         $this->error($pwderror);\r
1952                                 }\r
1953                         }\r
1954                 }\r
1955 \r
1956                 if (!isValidMailAddress($email))\r
1957                         $this->error(_ERROR_BADMAILADDRESS);\r
1958 \r
1959 \r
1960                 if (!$realname)\r
1961                         $this->error(_ERROR_REALNAMEMISSING);\r
1962 \r
1963                 if (($deflang != '') && (!checkLanguage($deflang)))\r
1964                         $this->error(_ERROR_NOSUCHLANGUAGE);\r
1965 \r
1966                 // check if there will remain at least one site member with both the logon and admin rights\r
1967                 // (check occurs when taking away one of these rights from such a member)\r
1968                 if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
1969                          || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
1970                    )\r
1971                 {\r
1972                         $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
1973                         if (sql_num_rows($r) < 2)\r
1974                                 $this->error(_ERROR_ATLEASTONEADMIN);\r
1975                 }\r
1976 \r
1977                 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {\r
1978                         $mem->setDisplayName($name);\r
1979                         if ($password)\r
1980                                 $mem->setPassword($password);\r
1981                 }\r
1982 \r
1983                 $oldEmail = $mem->getEmail();\r
1984 \r
1985                 $mem->setRealName($realname);\r
1986                 $mem->setEmail($email);\r
1987                 $mem->setURL($url);\r
1988                 $mem->setNotes($notes);\r
1989                 $mem->setLanguage($deflang);\r
1990 \r
1991 \r
1992                 // only allow super-admins to make changes to the admin status\r
1993                 if ($member->isAdmin()) {\r
1994                         $mem->setAdmin($admin);\r
1995                         $mem->setCanLogin($canlogin);\r
1996                 }\r
1997 \r
1998                 $autosave = postVar ('autosave');\r
1999                 $mem->setAutosave($autosave);\r
2000 \r
2001                 $mem->write();\r
2002 \r
2003                 // store plugin options\r
2004                 $aOptions = requestArray('plugoption');\r
2005                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2006                 $param = array(\r
2007                         'context'       =>  'member',\r
2008                         'memberid'      =>  $memberid,\r
2009                         'member'        => &$mem\r
2010                 );\r
2011                 $manager->notify('PostPluginOptionsUpdate', $param);\r
2012 \r
2013                 // if email changed, generate new password\r
2014                 if ($oldEmail != $mem->getEmail())\r
2015                 {\r
2016                         $mem->sendActivationLink('addresschange', $oldEmail);\r
2017                         // logout member\r
2018                         $mem->newCookieKey();\r
2019 \r
2020                         // only log out if the member being edited is the current member.\r
2021                         if ($member->getID() == $memberid)\r
2022                                 $member->logout();\r
2023                         $this->action_login(_MSG_ACTIVATION_SENT, 0);\r
2024                         return;\r
2025                 }\r
2026 \r
2027 \r
2028                 if (  ( $mem->getID() == $member->getID() )\r
2029                    && ( $mem->getDisplayName() != $member->getDisplayName() )\r
2030                    ) {\r
2031                         $mem->newCookieKey();\r
2032                         $member->logout();\r
2033                         $this->action_login(_MSG_LOGINAGAIN, 0);\r
2034                 } else {\r
2035                         $this->action_overview(_MSG_SETTINGSCHANGED);\r
2036                 }\r
2037         }\r
2038 \r
2039         /**\r
2040          * @todo document this\r
2041          */\r
2042         function action_memberadd() {\r
2043                 global $member, $manager;\r
2044 \r
2045                 // check if allowed\r
2046                 $member->isAdmin() or $this->disallow();\r
2047 \r
2048                 if (postVar('password') != postVar('repeatpassword'))\r
2049                         $this->error(_ERROR_PASSWORDMISMATCH);\r
2050                 if (strlen(postVar('password')) < 6)\r
2051                         $this->error(_ERROR_PASSWORDTOOSHORT);\r
2052 \r
2053                 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));\r
2054                 if ($res != 1)\r
2055                         $this->error($res);\r
2056 \r
2057                 // fire PostRegister event\r
2058                 $newmem = new MEMBER();\r
2059                 $newmem->readFromName(postVar('name'));\r
2060                 $param = array('member' => &$newmem);\r
2061                 $manager->notify('PostRegister', $param);\r
2062 \r
2063                 $this->action_usermanagement();\r
2064         }\r
2065 \r
2066         /**\r
2067          * Account activation\r
2068          *\r
2069          * @author dekarma\r
2070          */\r
2071         function action_activate() {\r
2072 \r
2073                 $key = getVar('key');\r
2074                 $this->_showActivationPage($key);\r
2075         }\r
2076 \r
2077         /**\r
2078          * @todo document this\r
2079          */\r
2080         function _showActivationPage($key, $message = '')\r
2081         {\r
2082                 global $manager;\r
2083 \r
2084                 // clean up old activation keys\r
2085                 MEMBER::cleanupActivationTable();\r
2086 \r
2087                 // get activation info\r
2088                 $info = MEMBER::getActivationInfo($key);\r
2089 \r
2090                 if (!$info)\r
2091                         $this->error(_ERROR_ACTIVATE);\r
2092 \r
2093                 $mem = MEMBER::createFromId($info->vmember);\r
2094 \r
2095                 if (!$mem)\r
2096                         $this->error(_ERROR_ACTIVATE);\r
2097 \r
2098                 $text = '';\r
2099                 $title = '';\r
2100                 $bNeedsPasswordChange = true;\r
2101 \r
2102                 switch ($info->vtype)\r
2103                 {\r
2104                         case 'forgot':\r
2105                                 $title = _ACTIVATE_FORGOT_TITLE;\r
2106                                 $text = _ACTIVATE_FORGOT_TEXT;\r
2107                                 break;\r
2108                         case 'register':\r
2109                                 $title = _ACTIVATE_REGISTER_TITLE;\r
2110                                 $text = _ACTIVATE_REGISTER_TEXT;\r
2111                                 break;\r
2112                         case 'addresschange':\r
2113                                 $title = _ACTIVATE_CHANGE_TITLE;\r
2114                                 $text = _ACTIVATE_CHANGE_TEXT;\r
2115                                 $bNeedsPasswordChange = false;\r
2116                                 MEMBER::activate($key);\r
2117                                 break;\r
2118                 }\r
2119 \r
2120                 $aVars = array(\r
2121                         'memberName' => htmlspecialchars($mem->getDisplayName())\r
2122                 );\r
2123                 $title = TEMPLATE::fill($title, $aVars);\r
2124                 $text = TEMPLATE::fill($text, $aVars);\r
2125 \r
2126                 $this->pagehead();\r
2127 \r
2128                         echo '<h2>' , $title, '</h2>';\r
2129                         echo '<p>' , $text, '</p>';\r
2130 \r
2131                         if ($message != '')\r
2132                         {\r
2133                                 echo '<p class="error">',$message,'</p>';\r
2134                         }\r
2135 \r
2136                         if ($bNeedsPasswordChange)\r
2137                         {\r
2138                                 ?>\r
2139                                         <div><form action="index.php" method="post">\r
2140 \r
2141                                                 <input type="hidden" name="action" value="activatesetpwd" />\r
2142                                                 <?php $manager->addTicketHidden() ?>\r
2143                                                 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" />\r
2144 \r
2145                                                 <table><tr>\r
2146                                                         <td><?php echo _MEMBERS_PWD?></td>\r
2147                                                         <td><input type="password" maxlength="40" size="16" name="password" /></td>\r
2148                                                 </tr><tr>\r
2149                                                         <td><?php echo _MEMBERS_REPPWD?></td>\r
2150                                                         <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td>\r
2151                                                 <?php\r
2152 \r
2153                                                         global $manager;\r
2154                                                         $param = array(\r
2155                                                                 'type'          => 'activation',\r
2156                                                                 'member'        => $mem\r
2157                                                         );\r
2158                                                         $manager->notify('FormExtra', $param);\r
2159 \r
2160                                                 ?>\r
2161                                                 </tr><tr>\r
2162                                                         <td><?php echo _MEMBERS_SETPWD ?></td>\r
2163                                                         <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td>\r
2164                                                 </tr></table>\r
2165 \r
2166 \r
2167                                         </form></div>\r
2168 \r
2169                                 <?php\r
2170 \r
2171                         }\r
2172 \r
2173                 $this->pagefoot();\r
2174 \r
2175         }\r
2176 \r
2177         /**\r
2178          * Account activation - set password part\r
2179          *\r
2180          * @author dekarma\r
2181          */\r
2182         function action_activatesetpwd() {\r
2183                 \r
2184                 $key = postVar('key');\r
2185 \r
2186                 // clean up old activation keys\r
2187                 MEMBER::cleanupActivationTable();\r
2188 \r
2189                 // get activation info\r
2190                 $info = MEMBER::getActivationInfo($key);\r
2191 \r
2192                 if (!$info || ($info->type == 'addresschange'))\r
2193                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2194 \r
2195                 $mem = MEMBER::createFromId($info->vmember);\r
2196 \r
2197                 if (!$mem)\r
2198                         return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
2199 \r
2200                 $password          = postVar('password');\r
2201                 $repeatpassword = postVar('repeatpassword');\r
2202 \r
2203                 if (!$password) {
2204                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISSING);\r
2205                 }\r
2206                 \r
2207                 if ($password != $repeatpassword) {\r
2208                         return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
2209                 }\r
2210                 \r
2211                 if (strlen($password) < 6) {\r
2212                         return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
2213                 }\r
2214                 \r
2215                 $pwdvalid = true;\r
2216                 $pwderror = '';\r
2217                 \r
2218                 global $manager;\r
2219                 $param = array(\r
2220                         'password'              =>  $password,\r
2221                         'errormessage'  =>  &$pwderror,\r
2222                         'valid'                 => &$pwdvalid\r
2223                 );\r
2224                 $manager->notify('PrePasswordSet', $param);\r
2225                 \r
2226                 if (!$pwdvalid) {\r
2227                         return $this->_showActivationPage($key,$pwderror);\r
2228                 }\r
2229                 \r
2230                 $error = '';\r
2231                 $param = array(\r
2232                         'type'          =>  'activation',\r
2233                         'member'        =>  $mem,\r
2234                         'error'         => &$error\r
2235                 );\r
2236                 $manager->notify('ValidateForm', $param);\r
2237                 if ($error != '')\r
2238                         return $this->_showActivationPage($key, $error);\r
2239 \r
2240 \r
2241                 // set password\r
2242                 $mem->setPassword($password);\r
2243                 $mem->write();\r
2244 \r
2245                 // do the activation\r
2246                 MEMBER::activate($key);\r
2247 \r
2248                 $this->pagehead();\r
2249                         echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>';\r
2250                         echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>';\r
2251                 $this->pagefoot();\r
2252         }\r
2253 \r
2254         /**\r
2255          * Manage team\r
2256          */\r
2257         function action_manageteam() {\r
2258                 global $member, $manager;\r
2259 \r
2260                 $blogid = intRequestVar('blogid');\r
2261 \r
2262                 // check if allowed\r
2263                 $member->blogAdminRights($blogid) or $this->disallow();\r
2264 \r
2265                 $this->pagehead();\r
2266 \r
2267                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2268 \r
2269                 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>';\r
2270 \r
2271                 echo '<h3>' . _TEAM_CURRENT . '</h3>';\r
2272 \r
2273 \r
2274 \r
2275                 $query =  'SELECT tblog, tmember, mname, mrealname, memail, tadmin'\r
2276                            . ' FROM '.sql_table('member').', '.sql_table('team')\r
2277                            . ' WHERE tmember=mnumber and tblog=' . $blogid;\r
2278 \r
2279                 $template['content'] = 'teamlist';\r
2280                 $template['tabindex'] = 10;\r
2281 \r
2282                 $manager->loadClass("ENCAPSULATE");\r
2283                 $batch = new BATCH('team');\r
2284                 $batch->showlist($query, 'table', $template);\r
2285 \r
2286                 ?>\r
2287                         <h3><?php echo _TEAM_ADDNEW?></h3>\r
2288 \r
2289                         <form method='post' action='index.php'><div>\r
2290 \r
2291                         <input type='hidden' name='action' value='teamaddmember' />\r
2292                         <input type='hidden' name='blogid' value='<?php echo  $blogid; ?>' />\r
2293                         <?php $manager->addTicketHidden() ?>\r
2294 \r
2295                         <table><tr>\r
2296                                 <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
2297                                 <td><?php                                  // TODO: try to make it so only non-team-members are listed\r
2298                                         $query =  'SELECT mname as text, mnumber as value'\r
2299                                                    . ' FROM '.sql_table('member');\r
2300 \r
2301                                         $template['name'] = 'memberid';\r
2302                                         $template['tabindex'] = 10000;\r
2303                                         showlist($query,'select',$template);\r
2304                                 ?></td>\r
2305                         </tr><tr>\r
2306                                 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td>\r
2307                                 <td><?php $this->input_yesno('admin',0,10020); ?></td>\r
2308                         </tr><tr>\r
2309                                 <td><?php echo _TEAM_ADD?></td>\r
2310                                 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td>\r
2311                         </tr></table>\r
2312 \r
2313                         </div></form>\r
2314                 <?php\r
2315                 $this->pagefoot();\r
2316         }\r
2317 \r
2318         /**\r
2319          * Add member to team\r
2320          */\r
2321         function action_teamaddmember() {\r
2322                 global $member, $manager;\r
2323 \r
2324                 $memberid = intPostVar('memberid');\r
2325                 $blogid = intPostVar('blogid');\r
2326                 $admin = intPostVar('admin');\r
2327 \r
2328                 // check if allowed\r
2329                 $member->blogAdminRights($blogid) or $this->disallow();\r
2330 \r
2331                 $blog =& $manager->getBlog($blogid);\r
2332                 if (!$blog->addTeamMember($memberid, $admin))\r
2333                         $this->error(_ERROR_ALREADYONTEAM);\r
2334 \r
2335                 $this->action_manageteam();\r
2336 \r
2337         }\r
2338 \r
2339         /**\r
2340          * @todo document this\r
2341          */\r
2342         function action_teamdelete() {\r
2343                 global $member, $manager;\r
2344 \r
2345                 $memberid = intRequestVar('memberid');\r
2346                 $blogid = intRequestVar('blogid');\r
2347 \r
2348                 // check if allowed\r
2349                 $member->blogAdminRights($blogid) or $this->disallow();\r
2350 \r
2351                 $teammem = MEMBER::createFromID($memberid);\r
2352                 $blog =& $manager->getBlog($blogid);\r
2353 \r
2354                 $this->pagehead();\r
2355                 ?>\r
2356                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2357 \r
2358                         <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo  htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo  htmlspecialchars(strip_tags($blog->getName())) ?></b>\r
2359                         </p>\r
2360 \r
2361 \r
2362                         <form method="post" action="index.php"><div>\r
2363                         <input type="hidden" name="action" value="teamdeleteconfirm" />\r
2364                         <?php $manager->addTicketHidden() ?>\r
2365                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
2366                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2367                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2368                         </div></form>\r
2369                 <?php\r
2370                 $this->pagefoot();\r
2371         }\r
2372 \r
2373         /**\r
2374          * @todo document this\r
2375          */\r
2376         function action_teamdeleteconfirm() {\r
2377                 global $member;\r
2378 \r
2379                 $memberid = intRequestVar('memberid');\r
2380                 $blogid = intRequestVar('blogid');\r
2381 \r
2382                 $error = $this->deleteOneTeamMember($blogid, $memberid);\r
2383                 if ($error)\r
2384                         $this->error($error);\r
2385 \r
2386 \r
2387                 $this->action_manageteam();\r
2388         }\r
2389 \r
2390         /**\r
2391          * @todo document this\r
2392          */\r
2393         function deleteOneTeamMember($blogid, $memberid) {\r
2394                 global $member, $manager;\r
2395 \r
2396                 $blogid = intval($blogid);\r
2397                 $memberid = intval($memberid);\r
2398 \r
2399                 // check if allowed\r
2400                 if (!$member->blogAdminRights($blogid))\r
2401                         return _ERROR_DISALLOWED;\r
2402 \r
2403                 // check if: - there remains at least one blog admin\r
2404                 //                 - (there remains at least one team member)\r
2405                 $tmem = MEMBER::createFromID($memberid);\r
2406 \r
2407                 $param = array(\r
2408                         'member' => &$tmem,\r
2409                         'blogid' =>  $blogid\r
2410                 );\r
2411                 $manager->notify('PreDeleteTeamMember', $param);\r
2412 \r
2413                 if ($tmem->isBlogAdmin($blogid)) {\r
2414                         // check if there are more blog members left and at least one admin\r
2415                         // (check for at least two admins before deletion)\r
2416                         $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
2417                         $r = sql_query($query);\r
2418                         if (sql_num_rows($r) < 2)\r
2419                                 return _ERROR_ATLEASTONEBLOGADMIN;\r
2420                 }\r
2421 \r
2422                 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
2423                 sql_query($query);\r
2424 \r
2425                 $param = array(\r
2426                         'member' => &$tmem,\r
2427                         'blogid' =>  $blogid\r
2428                 );\r
2429                 $manager->notify('PostDeleteTeamMember', $param);\r
2430 \r
2431                 return '';\r
2432         }\r
2433 \r
2434         /**\r
2435          * @todo document this\r
2436          */\r
2437         function action_teamchangeadmin() {\r
2438                 global $member;\r
2439 \r
2440                 $blogid = intRequestVar('blogid');\r
2441                 $memberid = intRequestVar('memberid');\r
2442 \r
2443                 // check if allowed\r
2444                 $member->blogAdminRights($blogid) or $this->disallow();\r
2445 \r
2446                 $mem = MEMBER::createFromID($memberid);\r
2447 \r
2448                 // don't allow when there is only one admin at this moment\r
2449                 if ($mem->isBlogAdmin($blogid)) {\r
2450                         $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
2451                         if (sql_num_rows($r) == 1)\r
2452                                 $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
2453                 }\r
2454 \r
2455                 if ($mem->isBlogAdmin($blogid))\r
2456                         $newval = 0;\r
2457                 else\r
2458                         $newval = 1;\r
2459 \r
2460                 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";\r
2461                 sql_query($query);\r
2462 \r
2463                 // only show manageteam if member did not change its own admin privileges\r
2464                 if ($member->isBlogAdmin($blogid))\r
2465                         $this->action_manageteam();\r
2466                 else\r
2467                         $this->action_overview(_MSG_ADMINCHANGED);\r
2468         }\r
2469 \r
2470         /**\r
2471          * @todo document this\r
2472          */\r
2473         function action_blogsettings() {\r
2474                 global $member, $manager;\r
2475 \r
2476                 $blogid = intRequestVar('blogid');\r
2477 \r
2478                 // check if allowed\r
2479                 $member->blogAdminRights($blogid) or $this->disallow();\r
2480 \r
2481                 $blog =& $manager->getBlog($blogid);\r
2482 \r
2483                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2484                 $this->pagehead($extrahead);\r
2485 \r
2486                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
2487                 ?>\r
2488                 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2>\r
2489 \r
2490                 <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
2491 \r
2492                 <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?>\r
2493                 <?php\r
2494                         $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
2495                         $aMemberNames = array();\r
2496                         while ($o = sql_fetch_object($res))\r
2497                                 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
2498                         echo implode(',', $aMemberNames);\r
2499                 ?>\r
2500                 </p>\r
2501 \r
2502 \r
2503 \r
2504                 <p>\r
2505                 <a href="index.php?action=manageteam&amp;blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a>\r
2506                 </p>\r
2507 \r
2508                 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3>\r
2509 \r
2510                 <form method="post" action="index.php"><div>\r
2511 \r
2512                 <input type="hidden" name="action" value="blogsettingsupdate" />\r
2513                 <?php $manager->addTicketHidden() ?>\r
2514                 <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
2515                 <table><tr>\r
2516                         <td><?php echo _EBLOG_NAME?></td>\r
2517                         <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getName()) ?>" /></td>\r
2518                 </tr><tr>\r
2519                         <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?>\r
2520                                 <?php echo _EBLOG_SHORTNAME_EXTRA?>\r
2521                         </td>\r
2522                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo  htmlspecialchars($blog->getShortName()) ?>" /></td>\r
2523                 </tr><tr>\r
2524                         <td><?php echo _EBLOG_DESC?></td>\r
2525                         <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo  htmlspecialchars($blog->getDescription()) ?>" /></td>\r
2526                 </tr><tr>\r
2527                         <td><?php echo _EBLOG_URL?></td>\r
2528                         <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo  htmlspecialchars($blog->getURL()) ?>" /></td>\r
2529                 </tr><tr>\r
2530                         <td><?php echo _EBLOG_DEFSKIN?>\r
2531                                 <?php help('blogdefaultskin'); ?>\r
2532                         </td>\r
2533                         <td>\r
2534                                 <?php\r
2535                                         $query =  'SELECT sdname as text, sdnumber as value'\r
2536                                                    . ' FROM '.sql_table('skin_desc');\r
2537                                         $template['name'] = 'defskin';\r
2538                                         $template['selected'] = $blog->getDefaultSkin();\r
2539                                         $template['tabindex'] = 50;\r
2540                                         showlist($query,'select',$template);\r
2541                                 ?>\r
2542 \r
2543                         </td>\r
2544                 </tr><tr>\r
2545                         <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?>\r
2546                         </td>\r
2547                         <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td>\r
2548                 </tr><tr>\r
2549                         <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?>\r
2550                         </td>\r
2551                         <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td>\r
2552                 </tr><tr>\r
2553                         <td><?php echo _EBLOG_DISABLECOMMENTS?>\r
2554                         </td>\r
2555                         <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td>\r
2556                 </tr><tr>\r
2557                         <td><?php echo _EBLOG_ANONYMOUS?>\r
2558                         </td>\r
2559                         <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td>\r
2560                 </tr><tr>\r
2561         <td><?php echo _EBLOG_REQUIREDEMAIL?>\r
2562                  </td>\r
2563                  <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>\r
2564           </tr><tr>\r
2565                         <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
2566                         <td><input name="notify" tabindex="80" maxlength="128" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
2567                 </tr><tr>\r
2568                         <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
2569                         <td>\r
2570                                 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment"\r
2571                                         <?php if  ($blog->notifyOnComment()) echo "checked='checked'" ?>\r
2572                                 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label>\r
2573                                 <br />\r
2574                                 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote"\r
2575                                         <?php if  ($blog->notifyOnVote()) echo "checked='checked'" ?>\r
2576                                 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label>\r
2577                                 <br />\r
2578                                 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem"\r
2579                                         <?php if  ($blog->notifyOnNewItem()) echo "checked='checked'" ?>\r
2580                                 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
2581                         </td>\r
2582                 </tr><tr>\r
2583                         <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
2584                         <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
2585                 </tr><tr>\r
2586                         <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td>\r
2587                         <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo  htmlspecialchars($blog->getUpdateFile()) ?>" /></td>\r
2588                 </tr><tr>\r
2589                         <td><?php echo _EBLOG_DEFCAT?></td>\r
2590                         <td>\r
2591                                 <?php\r
2592                                         $query =  'SELECT cname as text, catid as value'\r
2593                                                    . ' FROM '.sql_table('category')\r
2594                                                    . ' WHERE cblog=' . $blog->getID();\r
2595                                         $template['name'] = 'defcat';\r
2596                                         $template['selected'] = $blog->getDefaultCategory();\r
2597                                         $template['tabindex'] = 110;\r
2598                                         showlist($query,'select',$template);\r
2599                                 ?>\r
2600                         </td>\r
2601                 </tr><tr>\r
2602                         <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?>\r
2603                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
2604                                 <br /><?php echo _EBLOG_BTIME?> <b><?php echo  strftime("%H:%M",$blog->getCorrectTime()); ?></b>\r
2605                                 </td>\r
2606                         <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo  htmlspecialchars($blog->getTimeOffset()); ?>" /></td>\r
2607                 </tr><tr>\r
2608                         <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td>\r
2609                         <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td>\r
2610                 </tr>\r
2611                 <?php\r
2612                         // plugin options\r
2613                         $this->_insertPluginOptions('blog',$blogid);\r
2614                 ?>\r
2615                 <tr>\r
2616                         <th colspan="2"><?php echo _EBLOG_CHANGE?></th>\r
2617                 </tr><tr>\r
2618                         <td><?php echo _EBLOG_CHANGE?></td>\r
2619                         <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
2620                 </tr></table>\r
2621 \r
2622                 </div></form>\r
2623 \r
2624                 <h3><?php echo _EBLOG_CAT_TITLE?></h3>\r
2625 \r
2626 \r
2627                 <?php\r
2628                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname';\r
2629                 $template['content'] = 'categorylist';\r
2630                 $template['tabindex'] = 200;\r
2631 \r
2632                 $manager->loadClass("ENCAPSULATE");\r
2633                 $batch = new BATCH('category');\r
2634                 $batch->showlist($query,'table',$template);\r
2635 \r
2636                 ?>\r
2637 \r
2638 \r
2639                 <form action="index.php" method="post"><div>\r
2640                 <input name="action" value="categorynew" type="hidden" />\r
2641                 <?php $manager->addTicketHidden() ?>\r
2642                 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" />\r
2643 \r
2644                 <table><tr>\r
2645                         <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th>\r
2646                 </tr><tr>\r
2647                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2648                         <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td>\r
2649                 </tr><tr>\r
2650                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2651                         <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td>\r
2652                 </tr><tr>\r
2653                         <td><?php echo _EBLOG_CAT_CREATE?></td>\r
2654                         <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td>\r
2655                 </tr></table>\r
2656 \r
2657                 </div></form>\r
2658 \r
2659                 <?php\r
2660 \r
2661                         echo '<h3>',_PLUGINS_EXTRA,'</h3>';\r
2662                         \r
2663                         $param = array('blog' => &$blog);\r
2664                         $manager->notify('BlogSettingsFormExtras', $param);\r
2665 \r
2666                 $this->pagefoot();\r
2667         }\r
2668 \r
2669         /**\r
2670          * @todo document this\r
2671          */\r
2672         function action_categorynew() {\r
2673                 global $member, $manager;\r
2674 \r
2675                 $blogid = intRequestVar('blogid');\r
2676 \r
2677                 $member->blogAdminRights($blogid) or $this->disallow();\r
2678 \r
2679                 $cname = postVar('cname');\r
2680                 $cdesc = postVar('cdesc');\r
2681 \r
2682                 if (!isValidCategoryName($cname))\r
2683                         $this->error(_ERROR_BADCATEGORYNAME);\r
2684 \r
2685                 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid);\r
2686                 $res = sql_query($query);\r
2687                 if (sql_num_rows($res) > 0)\r
2688                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2689 \r
2690                 $blog      =& $manager->getBlog($blogid);\r
2691                 $newCatID   =  $blog->createNewCategory($cname, $cdesc);\r
2692 \r
2693                 $this->action_blogsettings();\r
2694         }\r
2695 \r
2696         /**\r
2697          * @todo document this\r
2698          */\r
2699         function action_categoryedit($catid = '', $blogid = '', $desturl = '') {\r
2700                 global $member, $manager;\r
2701 \r
2702                 if ($blogid == '')\r
2703                         $blogid = intGetVar('blogid');\r
2704                 else\r
2705                         $blogid = intval($blogid);\r
2706                 if ($catid == '')\r
2707                         $catid = intGetVar('catid');\r
2708                 else\r
2709                         $catid = intval($catid);\r
2710 \r
2711                 $member->blogAdminRights($blogid) or $this->disallow();\r
2712 \r
2713                 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
2714                 $obj = sql_fetch_object($res);\r
2715 \r
2716                 $cname = $obj->cname;\r
2717                 $cdesc = $obj->cdesc;\r
2718 \r
2719                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
2720                 $this->pagehead($extrahead);\r
2721 \r
2722                 echo "<p><a href='index.php?action=blogsettings&amp;blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>";\r
2723 \r
2724                 ?>\r
2725                 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2>\r
2726                 <form method='post' action='index.php'><div>\r
2727                 <input name="blogid" type="hidden" value="<?php echo $blogid?>" />\r
2728                 <input name="catid" type="hidden" value="<?php echo $catid?>" />\r
2729                 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" />\r
2730                 <input name="action" type="hidden" value="categoryupdate" />\r
2731                 <?php $manager->addTicketHidden(); ?>\r
2732 \r
2733                 <table><tr>\r
2734                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2735                 </tr><tr>\r
2736                         <td><?php echo _EBLOG_CAT_NAME?></td>\r
2737                         <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td>\r
2738                 </tr><tr>\r
2739                         <td><?php echo _EBLOG_CAT_DESC?></td>\r
2740                         <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td>\r
2741                 </tr>\r
2742                 <?php\r
2743                         // insert plugin options\r
2744                         $this->_insertPluginOptions('category',$catid);\r
2745                 ?>\r
2746                 <tr>\r
2747                         <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th>\r
2748                 </tr><tr>\r
2749                         <td><?php echo _EBLOG_CAT_UPDATE?></td>\r
2750                         <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td>\r
2751                 </tr></table>\r
2752 \r
2753                 </div></form>\r
2754                 <?php\r
2755                 $this->pagefoot();\r
2756         }\r
2757 \r
2758         /**\r
2759          * @todo document this\r
2760          */\r
2761         function action_categoryupdate() {\r
2762                 global $member, $manager;\r
2763 \r
2764                 $blogid = intPostVar('blogid');\r
2765                 $catid = intPostVar('catid');\r
2766                 $cname = postVar('cname');\r
2767                 $cdesc = postVar('cdesc');\r
2768                 $desturl = postVar('desturl');\r
2769 \r
2770                 $member->blogAdminRights($blogid) or $this->disallow();\r
2771 \r
2772                 if (!isValidCategoryName($cname))\r
2773                         $this->error(_ERROR_BADCATEGORYNAME);\r
2774 \r
2775                 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
2776                 $res = sql_query($query);\r
2777                 if (sql_num_rows($res) > 0)\r
2778                         $this->error(_ERROR_DUPCATEGORYNAME);\r
2779 \r
2780                 $query =  'UPDATE '.sql_table('category').' SET'\r
2781                            . " cname='" . sql_real_escape_string($cname) . "',"\r
2782                            . " cdesc='" . sql_real_escape_string($cdesc) . "'"\r
2783                            . " WHERE catid=" . $catid;\r
2784 \r
2785                 sql_query($query);\r
2786 \r
2787                 // store plugin options\r
2788                 $aOptions = requestArray('plugoption');\r
2789                 NucleusPlugin::_applyPluginOptions($aOptions);\r
2790                 $param = array(\r
2791                         'context'       => 'category',\r
2792                         'catid'         => $catid\r
2793                 );\r
2794                 $manager->notify('PostPluginOptionsUpdate', $param);\r
2795 \r
2796 \r
2797                 if ($desturl) {\r
2798                         redirect($desturl);\r
2799                         exit;\r
2800                 } else {\r
2801                         $this->action_blogsettings();\r
2802                 }\r
2803         }\r
2804 \r
2805         /**\r
2806          * @todo document this\r
2807          */\r
2808         function action_categorydelete() {\r
2809                 global $member, $manager;\r
2810 \r
2811                 $blogid = intRequestVar('blogid');\r
2812                 $catid = intRequestVar('catid');\r
2813 \r
2814                 $member->blogAdminRights($blogid) or $this->disallow();\r
2815 \r
2816                 $blog =& $manager->getBlog($blogid);\r
2817 \r
2818                 // check if the category is valid\r
2819                 if (!$blog->isValidCategory($catid))\r
2820                         $this->error(_ERROR_NOSUCHCATEGORY);\r
2821 \r
2822                 // don't allow deletion of default category\r
2823                 if ($blog->getDefaultCategory() == $catid)\r
2824                         $this->error(_ERROR_DELETEDEFCATEGORY);\r
2825 \r
2826                 // check if catid is the only category left for blogid\r
2827                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2828                 $res = sql_query($query);\r
2829                 if (sql_num_rows($res) == 1)\r
2830                         $this->error(_ERROR_DELETELASTCATEGORY);\r
2831 \r
2832 \r
2833                 $this->pagehead();\r
2834                 ?>\r
2835                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
2836 \r
2837                         <div>\r
2838                         <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo  htmlspecialchars($blog->getCategoryName($catid))?></b>\r
2839                         </div>\r
2840 \r
2841                         <form method="post" action="index.php"><div>\r
2842                         <input type="hidden" name="action" value="categorydeleteconfirm" />\r
2843                         <?php $manager->addTicketHidden() ?>\r
2844                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
2845                         <input type="hidden" name="catid" value="<?php echo $catid?>" />\r
2846                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
2847                         </div></form>\r
2848                 <?php\r
2849                 $this->pagefoot();\r
2850         }\r
2851 \r
2852         /**\r
2853          * @todo document this\r
2854          */\r
2855         function action_categorydeleteconfirm() {\r
2856                 global $member, $manager;\r
2857 \r
2858                 $blogid = intRequestVar('blogid');\r
2859                 $catid = intRequestVar('catid');\r
2860 \r
2861                 $member->blogAdminRights($blogid) or $this->disallow();\r
2862 \r
2863                 $error = $this->deleteOneCategory($catid);\r
2864                 if ($error)\r
2865                         $this->error($error);\r
2866 \r
2867                 $this->action_blogsettings();\r
2868         }\r
2869 \r
2870         /**\r
2871          * @todo document this\r
2872          */\r
2873         function deleteOneCategory($catid) {\r
2874                 global $manager, $member;\r
2875 \r
2876                 $catid = intval($catid);\r
2877 \r
2878                 $blogid = getBlogIDFromCatID($catid);\r
2879 \r
2880                 if (!$member->blogAdminRights($blogid))\r
2881                         return ERROR_DISALLOWED;\r
2882 \r
2883                 // get blog\r
2884                 $blog =& $manager->getBlog($blogid);\r
2885 \r
2886                 // check if the category is valid\r
2887                 if (!$blog || !$blog->isValidCategory($catid))\r
2888                         return _ERROR_NOSUCHCATEGORY;\r
2889 \r
2890                 $destcatid = $blog->getDefaultCategory();\r
2891 \r
2892                 // don't allow deletion of default category\r
2893                 if ($blog->getDefaultCategory() == $catid)\r
2894                         return _ERROR_DELETEDEFCATEGORY;\r
2895 \r
2896                 // check if catid is the only category left for blogid\r
2897                 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
2898                 $res = sql_query($query);\r
2899                 if (sql_num_rows($res) == 1)\r
2900                         return _ERROR_DELETELASTCATEGORY;\r
2901 \r
2902                 $param = array('catid' => $catid);\r
2903                 $manager->notify('PreDeleteCategory', $param);\r
2904 \r
2905                 // change category for all items to the default category\r
2906                 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
2907                 sql_query($query);\r
2908 \r
2909                 // delete all associated plugin options\r
2910                 NucleusPlugin::_deleteOptionValues('category', $catid);\r
2911 \r
2912                 // delete category\r
2913                 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;\r
2914                 sql_query($query);\r
2915 \r
2916                 $param = array('catid' => $catid);\r
2917                 $manager->notify('PostDeleteCategory', $param);\r
2918 \r
2919         }\r
2920 \r
2921         /**\r
2922          * @todo document this\r
2923          */\r
2924         function moveOneCategory($catid, $destblogid) {\r
2925                 global $manager, $member;\r
2926 \r
2927                 $catid = intval($catid);\r
2928                 $destblogid = intval($destblogid);\r
2929 \r
2930                 $blogid = getBlogIDFromCatID($catid);\r
2931 \r
2932                 // mover should have admin rights on both blogs\r
2933                 if (!$member->blogAdminRights($blogid))\r
2934                         return _ERROR_DISALLOWED;\r
2935                 if (!$member->blogAdminRights($destblogid))\r
2936                         return _ERROR_DISALLOWED;\r
2937 \r
2938                 // cannot move to self\r
2939                 if ($blogid == $destblogid)\r
2940                         return _ERROR_MOVETOSELF;\r
2941 \r
2942                 // get blogs\r
2943                 $blog =& $manager->getBlog($blogid);\r
2944                 $destblog =& $manager->getBlog($destblogid);\r
2945 \r
2946                 // check if the category is valid\r
2947                 if (!$blog || !$blog->isValidCategory($catid))\r
2948                         return _ERROR_NOSUCHCATEGORY;\r
2949 \r
2950                 // don't allow default category to be moved\r
2951                 if ($blog->getDefaultCategory() == $catid)\r
2952                         return _ERROR_MOVEDEFCATEGORY;\r
2953 \r
2954                 $param = array(\r
2955                         'catid'                 => &$catid,\r
2956                         'sourceblog'    => &$blog,\r
2957                         'destblog'              => &$destblog\r
2958                 );\r
2959                 $manager->notify('PreMoveCategory', $param);\r
2960 \r
2961                 // update comments table (cblog)\r
2962                 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
2963                 $items = sql_query($query);\r
2964                 while ($oItem = sql_fetch_object($items)) {\r
2965                         sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);\r
2966                 }\r
2967 \r
2968                 // update items (iblog)\r
2969                 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid;\r
2970                 sql_query($query);\r
2971 \r
2972                 // move category\r
2973                 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid;\r
2974                 sql_query($query);\r
2975 \r
2976                 $param = array(\r
2977                         'catid'                 => &$catid,\r
2978                         'sourceblog'    => &$blog,\r
2979                         'destblog'              =>  $destblog\r
2980                 );\r
2981                 $manager->notify('PostMoveCategory', $param);\r
2982 \r
2983         }\r
2984 \r
2985         /**\r
2986          * @todo document this\r
2987          */\r
2988         function action_blogsettingsupdate() {\r
2989                 global $member, $manager;\r
2990 \r
2991                 $blogid = intRequestVar('blogid');\r
2992 \r
2993                 $member->blogAdminRights($blogid) or $this->disallow();\r
2994 \r
2995                 $blog =& $manager->getBlog($blogid);\r
2996 \r
2997                 $notify          = trim(postVar('notify'));\r
2998                 $shortname        = trim(postVar('shortname'));\r
2999                 $updatefile      = trim(postVar('update'));\r
3000 \r
3001                 $notifyComment  = intPostVar('notifyComment');\r
3002                 $notifyVote      = intPostVar('notifyVote');\r
3003                 $notifyNewItem  = intPostVar('notifyNewItem');\r
3004 \r
3005                 if ($notifyComment == 0)        $notifyComment = 1;\r
3006                 if ($notifyVote == 0)      $notifyVote = 1;\r
3007                 if ($notifyNewItem == 0)        $notifyNewItem = 1;\r
3008 \r
3009                 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
3010 \r
3011 \r
3012                 if ($notify) {\r
3013                         $not = new NOTIFICATION($notify);\r
3014                         if (!$not->validAddresses())\r
3015                                 $this->error(_ERROR_BADNOTIFY);\r
3016 \r
3017                 }\r
3018 \r
3019                 if (!isValidShortName($shortname))\r
3020                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
3021 \r
3022                 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname))\r
3023                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
3024 \r
3025                 // check if update file is writable\r
3026                 if ($updatefile && !is_writeable($updatefile))\r
3027                         $this->error(_ERROR_UPDATEFILE);\r
3028 \r
3029                 $blog->setName(trim(postVar('name')));\r
3030                 $blog->setShortName($shortname);\r
3031                 $blog->setNotifyAddress($notify);\r
3032                 $blog->setNotifyType($notifyType);\r
3033                 $blog->setMaxComments(postVar('maxcomments'));\r
3034                 $blog->setCommentsEnabled(postVar('comments'));\r
3035                 $blog->setTimeOffset(postVar('timeoffset'));\r
3036                 $blog->setUpdateFile($updatefile);\r
3037                 $blog->setURL(trim(postVar('url')));\r
3038                 $blog->setDefaultSkin(intPostVar('defskin'));\r
3039                 $blog->setDescription(trim(postVar('desc')));\r
3040                 $blog->setPublic(postVar('public'));\r
3041                 $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
3042                 $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
3043                 $blog->setDefaultCategory(intPostVar('defcat'));\r
3044                 $blog->setSearchable(intPostVar('searchable'));\r
3045                 $blog->setEmailRequired(intPostVar('reqemail'));\r
3046 \r
3047                 $blog->writeSettings();\r
3048 \r
3049                 // store plugin options\r
3050                 $aOptions = requestArray('plugoption');\r
3051                 NucleusPlugin::_applyPluginOptions($aOptions);\r
3052                 $param = array(\r
3053                         'context'       =>  'blog',\r
3054                         'blogid'        =>  $blogid,\r
3055                         'blog'          => &$blog\r
3056                 );\r
3057                 $manager->notify('PostPluginOptionsUpdate', $param);\r
3058 \r
3059 \r
3060                 $this->action_overview(_MSG_SETTINGSCHANGED);\r
3061         }\r
3062 \r
3063         /**\r
3064          * @todo document this\r
3065          */\r
3066         function action_deleteblog() {\r
3067                 global $member, $CONF, $manager;\r
3068 \r
3069                 $blogid = intRequestVar('blogid');\r
3070 \r
3071                 $member->blogAdminRights($blogid) or $this->disallow();\r
3072 \r
3073                 // check if blog is default blog\r
3074                 if ($CONF['DefaultBlog'] == $blogid)\r
3075                         $this->error(_ERROR_DELDEFBLOG);\r
3076 \r
3077                 $blog =& $manager->getBlog($blogid);\r
3078 \r
3079                 $this->pagehead();\r
3080                 ?>\r
3081                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
3082 \r
3083                         <p><?php echo _WARNINGTXT_BLOGDEL?>\r
3084                         </p>\r
3085 \r
3086                         <div>\r
3087                         <?php echo _CONFIRMTXT_BLOG?><b><?php echo  htmlspecialchars($blog->getName())?></b>\r
3088                         </div>\r
3089 \r
3090                         <form method="post" action="index.php"><div>\r
3091                         <input type="hidden" name="action" value="deleteblogconfirm" />\r
3092                         <?php $manager->addTicketHidden() ?>\r
3093                         <input type="hidden" name="blogid" value="<?php echo  $blogid; ?>" />\r
3094                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
3095                         </div></form>\r
3096                 <?php\r
3097                 $this->pagefoot();\r
3098         }\r
3099 \r
3100         /**\r
3101          * @todo document this\r
3102          */\r
3103         function action_deleteblogconfirm() {\r
3104                 global $member, $CONF, $manager;\r
3105 \r
3106                 $blogid = intRequestVar('blogid');\r
3107 \r
3108                 $param = array('blogid' => $blogid);\r
3109                 $manager->notify('PreDeleteBlog', $param);\r
3110 \r
3111                 $member->blogAdminRights($blogid) or $this->disallow();\r
3112 \r
3113                 // check if blog is default blog\r
3114                 if ($CONF['DefaultBlog'] == $blogid)\r
3115                         $this->error(_ERROR_DELDEFBLOG);\r
3116 \r
3117                 // delete all comments\r
3118                 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;\r
3119                 sql_query($query);\r
3120 \r
3121                 // delete all items\r
3122                 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;\r
3123                 sql_query($query);\r
3124 \r
3125                 // delete all team members\r
3126                 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;\r
3127                 sql_query($query);\r
3128 \r
3129                 // delete all bans\r
3130                 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;\r
3131                 sql_query($query);\r
3132 \r
3133                 // delete all categories\r
3134                 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;\r
3135                 sql_query($query);\r
3136 \r
3137                 // delete all associated plugin options\r
3138                 NucleusPlugin::_deleteOptionValues('blog', $blogid);\r
3139 \r
3140                 // delete the blog itself\r
3141                 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;\r
3142                 sql_query($query);\r
3143 \r
3144                 $param = array('blogid' => $blogid);\r
3145                 $manager->notify('PostDeleteBlog', $param);\r
3146 \r
3147                 $this->action_overview(_DELETED_BLOG);\r
3148         }\r
3149 \r
3150         /**\r
3151          * @todo document this\r
3152          */\r
3153         function action_memberdelete() {\r
3154                 global $member, $manager;\r
3155 \r
3156                 $memberid = intRequestVar('memberid');\r
3157 \r
3158                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
3159 \r
3160                 $mem = MEMBER::createFromID($memberid);\r
3161 \r
3162                 $this->pagehead();\r
3163                 ?>\r
3164                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
3165 \r
3166                         <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b>\r
3167                         </p>\r
3168 \r
3169                         <p>\r
3170                         <?php echo _WARNINGTXT_NOTDELMEDIAFILES ?>\r
3171                         </p>\r
3172 \r
3173                         <form method="post" action="index.php"><div>\r
3174                         <input type="hidden" name="action" value="memberdeleteconfirm" />\r
3175                         <?php $manager->addTicketHidden() ?>\r
3176                         <input type="hidden" name="memberid" value="<?php echo  $memberid; ?>" />\r
3177                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
3178                         </div></form>\r
3179                 <?php\r
3180                 $this->pagefoot();\r
3181         }\r
3182 \r
3183         /**\r
3184          * @todo document this\r
3185          */\r
3186         function action_memberdeleteconfirm() {\r
3187                 global $member;\r
3188 \r
3189                 $memberid = intRequestVar('memberid');\r
3190 \r
3191                 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
3192 \r
3193                 $error = $this->deleteOneMember($memberid);\r
3194                 if ($error)\r
3195                         $this->error($error);\r
3196 \r
3197                 if ($member->isAdmin())\r
3198                         $this->action_usermanagement();\r
3199                 else\r
3200                         $this->action_overview(_DELETED_MEMBER);\r
3201         }\r
3202 \r
3203         /**\r
3204          * @static\r
3205          * @todo document this\r
3206          */\r
3207         function deleteOneMember($memberid) {\r
3208                 global $manager;\r
3209 \r
3210                 $memberid = intval($memberid);\r
3211                 $mem = MEMBER::createFromID($memberid);\r
3212 \r
3213                 if (!$mem->canBeDeleted())\r
3214                         return _ERROR_DELETEMEMBER;\r
3215 \r
3216                 $param = array('member' => &$mem);\r
3217                 $manager->notify('PreDeleteMember', $param);\r
3218 \r
3219                 /* unlink comments from memberid */\r
3220                 if ($memberid) {\r
3221                         $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName())\r
3222                                    .'" WHERE cmember='.$memberid;\r
3223                         sql_query($query);\r
3224                 }\r
3225 \r
3226                 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;\r
3227                 sql_query($query);\r
3228 \r
3229                 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;\r
3230                 sql_query($query);\r
3231 \r
3232                 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;\r
3233                 sql_query($query);\r
3234 \r
3235                 // delete all associated plugin options\r
3236                 NucleusPlugin::_deleteOptionValues('member', $memberid);\r
3237 \r
3238                 $param = array('member' => &$mem);\r
3239                 $manager->notify('PostDeleteMember', $param);\r
3240 \r
3241                 return '';\r
3242         }\r
3243 \r
3244         /**\r
3245          * @todo document this\r
3246          */\r
3247         function action_createnewlog() {\r
3248                 global $member, $CONF, $manager;\r
3249 \r
3250                 // Only Super-Admins can do this\r
3251                 $member->isAdmin() or $this->disallow();\r
3252 \r
3253                 $this->pagehead();\r
3254 \r
3255                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3256                 ?>\r
3257                 <h2><?php echo _EBLOG_CREATE_TITLE?></h2>\r
3258 \r
3259                 <h3><?php echo _ADMIN_NOTABILIA ?></h3>\r
3260 \r
3261                 <p><?php echo _ADMIN_PLEASE_READ ?></p>\r
3262 \r
3263                 <p><?php echo _ADMIN_HOW_TO_ACCESS ?></p>\r
3264 \r
3265                 <ol>\r
3266                         <li><?php echo _ADMIN_SIMPLE_WAY ?></li>\r
3267                         <li><?php echo _ADMIN_ADVANCED_WAY ?></li>\r
3268                 </ol>\r
3269 \r
3270                 <h3><?php echo _ADMIN_HOW_TO_CREATE ?></h3>\r
3271 \r
3272                 <p>\r
3273                 <?php echo _EBLOG_CREATE_TEXT?>\r
3274                 </p>\r
3275 \r
3276                 <form method="post" action="index.php"><div>\r
3277 \r
3278                 <input type="hidden" name="action" value="addnewlog" />\r
3279                 <?php $manager->addTicketHidden() ?>\r
3280 \r
3281 \r
3282                 <table><tr>\r
3283                         <td><?php echo _EBLOG_NAME?></td>\r
3284                         <td><input name="name" tabindex="10" size="40" maxlength="60" /></td>\r
3285                 </tr><tr>\r
3286                         <td><?php echo _EBLOG_SHORTNAME?>\r
3287                                 <?php help('shortblogname'); ?>\r
3288                         </td>\r
3289                         <td><input name="shortname" tabindex="20" maxlength="15" size="15" /></td>\r
3290                 </tr><tr>\r
3291                         <td><?php echo _EBLOG_DESC?></td>\r
3292                         <td><input name="desc" tabindex="30" maxlength="200" size="40" /></td>\r
3293                 </tr><tr>\r
3294                         <td><?php echo _EBLOG_DEFSKIN?>\r
3295                                 <?php help('blogdefaultskin'); ?>\r
3296                         </td>\r
3297                         <td>\r
3298                                 <?php\r
3299                                         $query =  'SELECT sdname as text, sdnumber as value'\r
3300                                                    . ' FROM '.sql_table('skin_desc');\r
3301                                         $template['name'] = 'defskin';\r
3302                                         $template['tabindex'] = 50;\r
3303                                         $template['selected'] = $CONF['BaseSkin'];  // set default selected skin to be globally defined base skin\r
3304                                         showlist($query,'select',$template);\r
3305                                 ?>\r
3306                         </td>\r
3307                 </tr><tr>\r
3308                         <td><?php echo _EBLOG_OFFSET?>\r
3309                                 <?php help('blogtimeoffset'); ?>\r
3310                                 <br /><?php echo _EBLOG_STIME?> <b><?php echo  strftime("%H:%M",time()); ?></b>\r
3311                         </td>\r
3312                         <td><input name="timeoffset" tabindex="110" size="3" value="0" /></td>\r
3313                 </tr><tr>\r
3314                         <td><?php echo _EBLOG_ADMIN?>\r
3315                                 <?php help('teamadmin'); ?>\r
3316                         </td>\r
3317                         <td><?php echo _EBLOG_ADMIN_MSG?></td>\r
3318                 </tr><tr>\r
3319                         <td><?php echo _EBLOG_CREATE?></td>\r
3320                         <td><input type="submit" tabindex="120" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3321                 </tr></table>\r
3322 \r
3323                 </div></form>\r
3324                 <?php\r
3325                 $this->pagefoot();\r
3326         }\r
3327 \r
3328         /**\r
3329          * @todo document this\r
3330          */\r
3331         function action_addnewlog() {\r
3332                 global $member, $manager, $CONF;\r
3333 \r
3334                 // Only Super-Admins can do this\r
3335                 $member->isAdmin() or $this->disallow();\r
3336 \r
3337                 $bname            = trim(postVar('name'));\r
3338                 $bshortname      = trim(postVar('shortname'));\r
3339                 $btimeoffset    = postVar('timeoffset');\r
3340                 $bdesc            = trim(postVar('desc'));\r
3341                 $bdefskin          = postVar('defskin');\r
3342 \r
3343                 if (!isValidShortName($bshortname))\r
3344                         $this->error(_ERROR_BADSHORTBLOGNAME);\r
3345 \r
3346                 if ($manager->existsBlog($bshortname))\r
3347                         $this->error(_ERROR_DUPSHORTBLOGNAME);\r
3348 \r
3349                 $param = array(\r
3350                         'name'                  => &$bname,\r
3351                         'shortname'             => &$bshortname,\r
3352                         'timeoffset'    => &$btimeoffset,\r
3353                         'description'   => &$bdesc,\r
3354                         'defaultskin'   => &$bdefskin\r
3355                 );\r
3356                 $manager->notify('PreAddBlog', $param);\r
3357 \r
3358 \r
3359                 // add slashes for sql queries\r
3360                 $bname     = sql_real_escape_string($bname);\r
3361                 $bshortname  = sql_real_escape_string($bshortname);\r
3362                 $btimeoffset = sql_real_escape_string($btimeoffset);\r
3363                 $bdesc     = sql_real_escape_string($bdesc);\r
3364                 $bdefskin       = sql_real_escape_string($bdefskin);\r
3365 \r
3366                 // create blog\r
3367                 $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')";\r
3368                 sql_query($query);\r
3369                 $blogid = sql_insert_id();\r
3370                 $blog   =& $manager->getBlog($blogid);\r
3371 \r
3372                 // create new category\r
3373                 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');\r
3374                 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');\r
3375                 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';\r
3376                 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));\r
3377 //              sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)");\r
3378                 $catid = sql_insert_id();\r
3379 \r
3380                 // set as default category\r
3381                 $blog->setDefaultCategory($catid);\r
3382                 $blog->writeSettings();\r
3383 \r
3384                 // create team member\r
3385                 $memberid = $member->getID();\r
3386                 $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)";\r
3387                 sql_query($query);\r
3388                 \r
3389                 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');\r
3390                 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');\r
3391                 \r
3392                 $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);\r
3393                 //$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);\r
3394                 \r
3395                 \r
3396                 $param = array(\r
3397                         'blog' => &$blog\r
3398                 );\r
3399                 $manager->notify('PostAddBlog', $param);\r
3400                 \r
3401                 $param = array(\r
3402                         'blog'                  => &$blog,\r
3403                         'name'                  =>  _EBLOGDEFAULTCATEGORY_NAME,\r
3404                         'description'   =>  _EBLOGDEFAULTCATEGORY_DESC,\r
3405                         'catid'                 =>  $catid\r
3406                 );\r
3407                 $manager->notify('PostAddCategory', $param);\r
3408 \r
3409                 $this->pagehead();\r
3410                 ?>\r
3411                 <h2><?php echo _BLOGCREATED_TITLE ?></h2>\r
3412 \r
3413                 <p><?php echo sprintf(_BLOGCREATED_ADDEDTXT, htmlspecialchars($bname)) ?></p>\r
3414 \r
3415                 <ol>\r
3416                         <li><a href="#index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></a></li>\r
3417                         <li><a href="#skins"><?php echo _BLOGCREATED_ADVANCEDWAY ?></a></li>\r
3418                 </ol>\r
3419 \r
3420                 <h3><a id="index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3>\r
3421 \r
3422                 <p><?php echo sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p>\r
3423 <pre><code>&lt;?php\r
3424 include('./benchmark.inc');\r
3425 $CONF = array();\r
3426 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>';\r
3427 \r
3428 include('<i>./config.php</i>');\r
3429 \r
3430 selectBlog('<b><?php echo htmlspecialchars($bshortname)?></b>');\r
3431 selector();\r
3432 \r
3433 ?&gt;</code></pre>\r
3434 \r
3435                 <p><?php echo _BLOGCREATED_SIMPLEDESC3 ?></p>\r
3436 \r
3437                 <p><?php echo _BLOGCREATED_SIMPLEDESC4 ?></p>\r
3438 \r
3439                 <form action="index.php" method="post"><div>\r
3440                         <input type="hidden" name="action" value="addnewlog2" />\r
3441                         <?php $manager->addTicketHidden() ?>\r
3442                         <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" />\r
3443                         <table><tr>\r
3444                                 <td><?php echo _EBLOG_URL?></td>\r
3445                                 <td><input name="url" maxlength="100" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL'].$bshortname.'.php')?>" /></td>\r
3446                         </tr><tr>\r
3447                                 <td><?php echo _EBLOG_CREATE?></td>\r
3448                                 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3449                         </tr></table>\r
3450                 </div></form>\r
3451 \r
3452                 <h3><a id="skins"><?php echo _BLOGCREATED_ADVANCEDWAY2 ?></a></h3>\r
3453 \r
3454                 <p><?php echo _BLOGCREATED_ADVANCEDWAY3 ?></p>\r
3455 \r
3456                 <form action="index.php" method="post"><div>\r
3457                         <input type="hidden" name="action" value="addnewlog2" />\r
3458                         <?php $manager->addTicketHidden() ?>\r
3459                         <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" />\r
3460                         <table><tr>\r
3461                                 <td><?php echo _EBLOG_URL?></td>\r
3462                                 <td><input name="url" maxlength="100" size="40" /></td>\r
3463                         </tr><tr>\r
3464                                 <td><?php echo _EBLOG_CREATE?></td>\r
3465                                 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3466                         </tr></table>\r
3467                 </div></form>\r
3468 \r
3469                 <?php      $this->pagefoot();\r
3470 \r
3471         }\r
3472 \r
3473         /**\r
3474          * @todo document this\r
3475          */\r
3476         function action_addnewlog2() {\r
3477                 global $member, $manager;\r
3478 \r
3479                 $member->blogAdminRights($blogid) or $this->disallow();\r
3480 \r
3481                 $burl   = requestVar('url');\r
3482                 $blogid = intRequestVar('blogid');\r
3483 \r
3484                 $blog =& $manager->getBlog($blogid);\r
3485                 $blog->setURL(trim($burl));\r
3486                 $blog->writeSettings();\r
3487 \r
3488                 $this->action_overview(_MSG_NEWBLOG);\r
3489         }\r
3490 \r
3491         /**\r
3492          * @todo document this\r
3493          */\r
3494         function action_skinieoverview() {\r
3495                 global $member, $DIR_LIBS, $manager;\r
3496 \r
3497                 $member->isAdmin() or $this->disallow();\r
3498 \r
3499                 // load skinie class\r
3500                 include_once($DIR_LIBS . 'skinie.php');\r
3501 \r
3502                 $this->pagehead();\r
3503 \r
3504                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3505 \r
3506         ?>\r
3507                 <h2><?php echo _SKINIE_TITLE_IMPORT?></h2>\r
3508 \r
3509                                 <p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label>\r
3510                                 <?php                              global $DIR_SKINS;\r
3511 \r
3512                                         $candidates = SKINIMPORT::searchForCandidates($DIR_SKINS);\r
3513 \r
3514                                         if (sizeof($candidates) > 0) {\r
3515                                                 ?>\r
3516                                                         <form method="post" action="index.php"><div>\r
3517                                                                 <input type="hidden" name="action" value="skinieimport" />\r
3518                                                                 <?php $manager->addTicketHidden() ?>\r
3519                                                                 <input type="hidden" name="mode" value="file" />\r
3520                                                                 <select name="skinfile" id="skinie_import_local">\r
3521                                                                 <?php                                                              foreach ($candidates as $skinname => $skinfile) {\r
3522                                                                                 $html = htmlspecialchars($skinfile);\r
3523                                                                                 echo '<option value="',$html,'">',$skinname,'</option>';\r
3524                                                                         }\r
3525                                                                 ?>\r
3526                                                                 </select>\r
3527                                                                 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" />\r
3528                                                         </div></form>\r
3529                                                 <?php                              } else {\r
3530                                                 echo _SKINIE_NOCANDIDATES;\r
3531                                         }\r
3532                                 ?>\r
3533                                 </p>\r
3534 \r
3535                                 <p><em><?php echo _OR?></em></p>\r
3536 \r
3537                                 <form method="post" action="index.php"><p>\r
3538                                         <?php $manager->addTicketHidden() ?>\r
3539                                         <input type="hidden" name="action" value="skinieimport" />\r
3540                                         <input type="hidden" name="mode" value="url" />\r
3541                                         <label for="skinie_import_url"><?php echo _SKINIE_FROMURL?></label>\r
3542                                         <input type="text" name="skinfile" id="skinie_import_url" size="60" value="http://" />\r
3543                                         <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" />\r
3544                                 </p></form>\r
3545 \r
3546 \r
3547                 <h2><?php echo _SKINIE_TITLE_EXPORT?></h2>\r
3548                 <form method="post" action="index.php"><div>\r
3549                         <input type="hidden" name="action" value="skinieexport" />\r
3550                         <?php $manager->addTicketHidden() ?>\r
3551 \r
3552                         <p><?php echo _SKINIE_EXPORT_INTRO?></p>\r
3553 \r
3554                         <table><tr>\r
3555                                 <th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th>\r
3556                         </tr><tr>\r
3557         <?php      // show list of skins\r
3558                 $res = sql_query('SELECT * FROM '.sql_table('skin_desc'));\r
3559                 while ($skinObj = sql_fetch_object($res)) {\r
3560                         $id = 'skinexp' . $skinObj->sdnumber;\r
3561                         echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']"  id="',$id,'" />';\r
3562                         echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>';\r
3563                         echo '<td>',htmlspecialchars($skinObj->sddesc),'</td>';\r
3564                         echo '</tr><tr>';\r
3565                 }\r
3566 \r
3567                 echo '<th colspan="2">',_SKINIE_EXPORT_TEMPLATES,'</th></tr><tr>';\r
3568 \r
3569                 // show list of templates\r
3570                 $res = sql_query('SELECT * FROM '.sql_table('template_desc'));\r
3571                 while ($templateObj = sql_fetch_object($res)) {\r
3572                         $id = 'templateexp' . $templateObj->tdnumber;\r
3573                         echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />';\r
3574                         echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>';\r
3575                         echo '<td>',htmlspecialchars($templateObj->tddesc),'</td>';\r
3576                         echo '</tr><tr>';\r
3577                 }\r
3578 \r
3579         ?>\r
3580                                 <th colspan="2"><?php echo _SKINIE_EXPORT_EXTRA?></th>\r
3581                         </tr><tr>\r
3582                                 <td colspan="2"><textarea cols="40" rows="5" name="info"></textarea></td>\r
3583                         </tr><tr>\r
3584                                 <th colspan="2"><?php echo _SKINIE_TITLE_EXPORT?></th>\r
3585                         </tr><tr>\r
3586                                 <td colspan="2"><input type="submit" value="<?php echo _SKINIE_BTN_EXPORT?>" /></td>\r
3587                         </tr></table>\r
3588                 </div></form>\r
3589 \r
3590         <?php\r
3591                 $this->pagefoot();\r
3592 \r
3593         }\r
3594 \r
3595         /**\r
3596          * @todo document this\r
3597          */\r
3598         function action_skinieimport() {\r
3599                 global $member, $DIR_LIBS, $DIR_SKINS, $manager;\r
3600 \r
3601                 $member->isAdmin() or $this->disallow();\r
3602 \r
3603                 // load skinie class\r
3604                 include_once($DIR_LIBS . 'skinie.php');\r
3605 \r
3606                 $skinFileRaw= postVar('skinfile');\r
3607                 $mode      = postVar('mode');\r
3608 \r
3609                 $importer = new SKINIMPORT();\r
3610 \r
3611                 // get full filename\r
3612                 if ($mode == 'file')\r
3613                 {\r
3614                         $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';\r
3615 \r
3616                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
3617                         if (!file_exists($skinFile))\r
3618                                 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';\r
3619                 } else {\r
3620                         $skinFile = $skinFileRaw;\r
3621                 }\r
3622 \r
3623                 // read only metadata\r
3624                 $error = $importer->readFile($skinFile, 1);\r
3625 \r
3626                 // clashes\r
3627                 $skinNameClashes = $importer->checkSkinNameClashes();\r
3628                 $templateNameClashes = $importer->checkTemplateNameClashes();\r
3629                 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);\r
3630 \r
3631                 if ($error) $this->error($error);\r
3632 \r
3633                 $this->pagehead();\r
3634 \r
3635                 echo '<p><a href="index.php?action=skinieoverview">(',_BACK,')</a></p>';\r
3636                 ?>\r
3637                 <h2><?php echo _SKINIE_CONFIRM_TITLE?></h2>\r
3638 \r
3639                 <ul>\r
3640                         <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li>\r
3641                         <li><p><strong><?php echo _SKINIE_INFO_SKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li>\r
3642                         <li><p><strong><?php echo _SKINIE_INFO_TEMPLATES?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li>\r
3643                         <?php\r
3644                                 if ($hasNameClashes)\r
3645                                 {\r
3646                         ?>\r
3647                         <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_SKINCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$skinNameClashes)?></p></li>\r
3648                         <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_TEMPLCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$templateNameClashes)?></p></li>\r
3649                         <?php\r
3650                                 } // if (hasNameClashes)\r
3651                         ?>\r
3652                 </ul>\r
3653 \r
3654                 <form method="post" action="index.php"><div>\r
3655                         <input type="hidden" name="action" value="skiniedoimport" />\r
3656                         <?php $manager->addTicketHidden() ?>\r
3657                         <input type="hidden" name="skinfile" value="<?php echo htmlspecialchars(postVar('skinfile'))?>" />\r
3658                         <input type="hidden" name="mode" value="<?php echo htmlspecialchars($mode)?>" />\r
3659                         <input type="submit" value="<?php echo _SKINIE_CONFIRM_IMPORT?>" />\r
3660                         <?php\r
3661                                 if ($hasNameClashes)\r
3662                                 {\r
3663                         ?>\r
3664                         <br />\r
3665                         <input type="checkbox" name="overwrite" value="1" id="cb_overwrite" /><label for="cb_overwrite"><?php echo _SKINIE_CONFIRM_OVERWRITE?></label>\r
3666                         <?php\r
3667                                 } // if (hasNameClashes)\r
3668                         ?>\r
3669                 </div></form>\r
3670 \r
3671 \r
3672                 <?php\r
3673                 $this->pagefoot();\r
3674         }\r
3675 \r
3676         /**\r
3677          * @todo document this\r
3678          */\r
3679         function action_skiniedoimport() {\r
3680                 global $member, $DIR_LIBS, $DIR_SKINS;\r
3681 \r
3682                 $member->isAdmin() or $this->disallow();\r
3683 \r
3684                 // load skinie class\r
3685                 include_once($DIR_LIBS . 'skinie.php');\r
3686 \r
3687                 $skinFileRaw= postVar('skinfile');\r
3688                 $mode      = postVar('mode');\r
3689 \r
3690                 $allowOverwrite = intPostVar('overwrite');\r
3691 \r
3692                 // get full filename\r
3693                 if ($mode == 'file')\r
3694                 {\r
3695                         $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';\r
3696 \r
3697                         // backwards compatibilty (in v2.0, exports were saved as skindata.xml)\r
3698                         if (!file_exists($skinFile))\r
3699                                 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';\r
3700 \r
3701                 } else {\r
3702                         $skinFile = $skinFileRaw;\r
3703                 }\r
3704 \r
3705                 $importer = new SKINIMPORT();\r
3706 \r
3707                 $error = $importer->readFile($skinFile);\r
3708 \r
3709                 if ($error)\r
3710                         $this->error($error);\r
3711 \r
3712                 $error = $importer->writeToDatabase($allowOverwrite);\r
3713 \r
3714                 if ($error)\r
3715                         $this->error($error);\r
3716 \r
3717                 $this->pagehead();\r
3718 \r
3719                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3720         ?>\r
3721                 <h2><?php echo _SKINIE_DONE?></h2>\r
3722 \r
3723                 <ul>\r
3724                         <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li>\r
3725                         <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDSKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li>\r
3726                         <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li>\r
3727                 </ul>\r
3728 \r
3729         <?php      $this->pagefoot();\r
3730 \r
3731         }\r
3732 \r
3733         /**\r
3734          * @todo document this\r
3735          */\r
3736         function action_skinieexport() {\r
3737                 global $member, $DIR_LIBS;\r
3738 \r
3739                 $member->isAdmin() or $this->disallow();\r
3740 \r
3741                 // load skinie class\r
3742                 include_once($DIR_LIBS . 'skinie.php');\r
3743 \r
3744                 $aSkins = requestIntArray('skin');\r
3745                 $aTemplates = requestIntArray('template');\r
3746 \r
3747                 if (!is_array($aTemplates)) $aTemplates = array();\r
3748                 if (!is_array($aSkins)) $aSkins = array();\r
3749 \r
3750                 $skinList = array_keys($aSkins);\r
3751                 $templateList = array_keys($aTemplates);\r
3752 \r
3753                 $info = postVar('info');\r
3754 \r
3755                 $exporter = new SKINEXPORT();\r
3756                 foreach ($skinList as $skinId) {\r
3757                         $exporter->addSkin($skinId);\r
3758                 }\r
3759                 foreach ($templateList as $templateId) {\r
3760                         $exporter->addTemplate($templateId);\r
3761                 }\r
3762                 $exporter->setInfo($info);\r
3763 \r
3764                 $exporter->export();\r
3765         }\r
3766 \r
3767         /**\r
3768          * @todo document this\r
3769          */\r
3770         function action_templateoverview() {\r
3771                 global $member, $manager;\r
3772 \r
3773                 $member->isAdmin() or $this->disallow();\r
3774 \r
3775                 $this->pagehead();\r
3776 \r
3777                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
3778 \r
3779                 echo '<h2>' . _TEMPLATE_TITLE . '</h2>';\r
3780                 echo '<h3>' . _TEMPLATE_AVAILABLE_TITLE . '</h3>';\r
3781 \r
3782                 $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname';\r
3783                 $template['content'] = 'templatelist';\r
3784                 $template['tabindex'] = 10;\r
3785                 showlist($query,'table',$template);\r
3786 \r
3787                 echo '<h3>' . _TEMPLATE_NEW_TITLE . '</h3>';\r
3788 \r
3789                 ?>\r
3790                 <form method="post" action="index.php"><div>\r
3791 \r
3792                 <input name="action" value="templatenew" type="hidden" />\r
3793                 <?php $manager->addTicketHidden() ?>\r
3794                 <table><tr>\r
3795                         <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td>\r
3796                         <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td>\r
3797                 </tr><tr>\r
3798                         <td><?php echo _TEMPLATE_DESC?></td>\r
3799                         <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td>\r
3800                 </tr><tr>\r
3801                         <td><?php echo _TEMPLATE_CREATE?></td>\r
3802                         <td><input type="submit" tabindex="10030" value="<?php echo _TEMPLATE_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
3803                 </tr></table>\r
3804 \r
3805                 </div></form>\r
3806 \r
3807                 <?php\r
3808                 $this->pagefoot();\r
3809         }\r
3810 \r
3811         /**\r
3812          * @todo document this\r
3813          */\r
3814         function action_templateedit($msg = '') {\r
3815                 global $member, $manager;\r
3816 \r
3817                 $templateid = intRequestVar('templateid');\r
3818 \r
3819                 $member->isAdmin() or $this->disallow();\r
3820 \r
3821                 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';\r
3822                 $extrahead .= '<script type="text/javascript">setTemplateEditText("'.sql_real_escape_string(_EDITTEMPLATE_EMPTY).'");</script>';\r
3823 \r
3824                 $this->pagehead($extrahead);\r
3825 \r
3826                 $templatename = TEMPLATE::getNameFromId($templateid);\r
3827                 $templatedescription = TEMPLATE::getDesc($templateid);\r
3828                 $template =& $manager->getTemplate($templatename);\r
3829 \r
3830                 ?>\r
3831                 <p>\r
3832                 <a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a>\r
3833                 </p>\r
3834 \r
3835                 <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo  htmlspecialchars($templatename); ?>'</h2>\r
3836 \r
3837                 <?php                              if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
3838                 ?>\r
3839 \r
3840                 <p><?php echo _TEMPLATE_EDIT_MSG?></p>\r
3841 \r
3842                 <form method="post" action="index.php">\r
3843                 <div>\r
3844 \r
3845                 <input type="hidden" name="action" value="templateupdate" />\r
3846                 <?php $manager->addTicketHidden() ?>\r
3847                 <input type="hidden" name="templateid" value="<?php echo  $templateid; ?>" />\r
3848 \r
3849                 <table><tr>\r
3850                         <th colspan="2"><?php echo _TEMPLATE_SETTINGS?></th>\r
3851                 </tr><tr>\r
3852                         <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td>\r
3853                         <td><input name="tname" tabindex="4" size="20" maxlength="20" value="<?php echo  htmlspecialchars($templatename) ?>" /></td>\r
3854                 </tr><tr>\r
3855                         <td><?php echo _TEMPLATE_DESC?></td>\r
3856                         <td><input name="tdesc" tabindex="5" size="50" maxlength="200" value="<?php echo  htmlspecialchars($templatedescription) ?>" /></td>\r
3857                 </tr><tr>\r
3858                         <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th>\r
3859                 </tr><tr>\r
3860                         <td><?php echo _TEMPLATE_UPDATE?></td>\r
3861                         <td>\r
3862                                 <input type="submit" tabindex="6" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
3863                                 <input type="reset" tabindex="7" value="<?php echo _TEMPLATE_RESET_BTN?>" />\r
3864                         </td>\r
3865                 </tr><tr>\r
3866                         <th colspan="2"><?php echo _TEMPLATE_ITEMS?> <?php help('templateitems'); ?></th>\r
3867 <?php   $this->_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8);\r
3868         $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1);\r
3869         $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10);\r
3870         $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20);\r
3871         $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25);\r
3872         $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30);\r
3873 ?>\r
3874                 </tr><tr>\r
3875                         <th colspan="2"><?php echo _TEMPLATE_COMMENTS_ANY?> <?php help('templatecomments'); ?></th>\r
3876 <?php   $this->_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40);\r
3877         $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1);\r
3878         $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60);\r
3879         $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70);\r
3880         $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80);\r
3881         $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90);\r
3882         $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100);\r
3883 ?>\r
3884                 </tr><tr>\r
3885                         <th colspan="2"><?php echo _TEMPLATE_COMMENTS_NONE?> <?php help('templatecomments'); ?></th>\r
3886 <?php\r
3887         $this->_templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110);\r
3888 ?>\r
3889                 </tr><tr>\r
3890                         <th colspan="2"><?php echo _TEMPLATE_COMMENTS_TOOMUCH?> <?php help('templatecomments'); ?></th>\r
3891 <?php   $this->_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120);\r
3892 ?>\r
3893                 </tr><tr>\r
3894                         <th colspan="2"><?php echo _TEMPLATE_ARCHIVELIST?> <?php help('templatearchivelists'); ?></th>\r
3895 <?php   $this->_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130);\r
3896         $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140);\r
3897         $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150);\r
3898 ?>\r
3899                 </tr><tr>\r
3900                         <th colspan="2"><?php echo _TEMPLATE_BLOGLIST?> <?php help('templatebloglists'); ?></th>\r
3901 <?php   $this->_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160);\r
3902         $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170);\r
3903         $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180);\r
3904 ?>\r
3905                 </tr><tr>\r
3906                         <th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th>\r
3907 <?php   $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190);\r
3908         $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200);\r
3909         $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210);\r
3910 ?>\r
3911                 </tr><tr>\r
3912                         <th colspan="2"><?php echo _TEMPLATE_DATETIME?></th>\r
3913 <?php   $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220);\r
3914         $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230);\r
3915         $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240);\r
3916         $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250);\r
3917         $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260);\r
3918 ?>\r
3919                 </tr><tr>\r
3920                         <th colspan="2"><?php echo _TEMPLATE_IMAGE?> <?php help('templatepopups'); ?></th>\r
3921 <?php   $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270);\r
3922         $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280);\r
3923         $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290);\r
3924 ?>\r
3925                 </tr><tr>\r
3926                         <th colspan="2"><?php echo _TEMPLATE_SEARCH?></th>\r
3927 <?php   $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300);\r
3928         $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310);\r
3929 ?>\r
3930                 </tr><tr>\r
3931                         <th colspan="2"><?php echo _TEMPLATE_PLUGIN_FIELDS?></th>\r
3932 <?php\r
3933                 $tab = 600;\r
3934                 $pluginfields = array();\r
3935                 $param = array('fields'=>&$pluginfields);\r
3936                 $manager->notify('TemplateExtraFields', $param);\r
3937 \r
3938                 foreach ($pluginfields as $pfkey=>$pfvalue) {\r
3939                         echo "</tr><tr>\n";\r
3940                         echo '<th colspan="2">'.htmlentities($pfkey)."</th>\n";\r
3941                         foreach ($pfvalue as $pffield=>$pfdesc) {\r
3942                                 $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0);\r
3943                         }\r
3944                 }\r
3945 ?>\r
3946                 </tr><tr>\r
3947                         <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th>\r
3948                 </tr><tr>\r
3949                         <td><?php echo _TEMPLATE_UPDATE?></td>\r
3950                         <td>\r
3951                                 <input type="submit" tabindex="800" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
3952                                 <input type="reset" tabindex="810" value="<?php echo _TEMPLATE_RESET_BTN?>" />\r
3953                         </td>\r
3954                 </tr></table>\r
3955 \r
3956                 </div>\r
3957                 </form>\r
3958                 <?php\r
3959                 $this->pagefoot();\r
3960         }\r
3961 \r
3962         /**\r
3963          * @todo document this\r
3964          */\r
3965         function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {\r
3966                 static $count = 1;\r
3967                 if (!isset($template[$name])) $template[$name] = '';\r
3968         ?>\r
3969                 </tr><tr>\r
3970                         <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>\r
3971                         <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo  htmlspecialchars($template[$name]); ?></textarea></td>\r
3972         <?php      $count++;\r
3973         }\r
3974 \r
3975         /**\r
3976          * @todo document this\r
3977          */\r
3978         function action_templateupdate() {\r
3979                 global $member, $manager;\r
3980 \r
3981                 $templateid = intRequestVar('templateid');\r
3982 \r
3983                 $member->isAdmin() or $this->disallow();\r
3984 \r
3985                 $name = postVar('tname');\r
3986                 $desc = postVar('tdesc');\r
3987 \r
3988                 if (!isValidTemplateName($name))\r
3989                         $this->error(_ERROR_BADTEMPLATENAME);\r
3990 \r
3991                 if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name))\r
3992                         $this->error(_ERROR_DUPTEMPLATENAME);\r
3993 \r
3994 \r
3995                 $name = sql_real_escape_string($name);\r
3996                 $desc = sql_real_escape_string($desc);\r
3997 \r
3998                 // 1. Remove all template parts\r
3999                 $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid;\r
4000                 sql_query($query);\r
4001 \r
4002                 // 2. Update description\r
4003                 $query =  'UPDATE '.sql_table('template_desc').' SET'\r
4004                            . " tdname='" . $name . "',"\r
4005                            . " tddesc='" . $desc . "'"\r
4006                            . " WHERE tdnumber=" . $templateid;\r
4007                 sql_query($query);\r
4008 \r
4009                 // 3. Add non-empty template parts\r
4010                 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));\r
4011                 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM'));\r
4012                 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));\r
4013                 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));\r
4014                 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));\r
4015                 $this->addToTemplate($templateid, 'NEW', postVar('NEW'));\r
4016                 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));\r
4017                 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));\r
4018                 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));\r
4019                 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));\r
4020                 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));\r
4021                 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));\r
4022                 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));\r
4023                 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));\r
4024                 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));\r
4025                 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));\r
4026                 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));\r
4027                 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));\r
4028                 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));\r
4029                 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));\r
4030                 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));\r
4031                 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));\r
4032                 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));\r
4033                 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));\r
4034                 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));\r
4035                 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));\r
4036                 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));\r
4037                 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));\r
4038                 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));\r
4039                 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));\r
4040                 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));\r
4041                 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));\r
4042                 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));\r
4043                 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));\r
4044 \r
4045                 $pluginfields = array();\r
4046                 $param = array('fields'=>&$pluginfields);\r
4047                 $manager->notify('TemplateExtraFields', $param);\r
4048                 foreach ($pluginfields as $pfkey=>$pfvalue) {\r
4049                         foreach ($pfvalue as $pffield=>$pfdesc) {\r
4050                                 $this->addToTemplate($templateid, $pffield, postVar($pffield));\r
4051                         }\r
4052                 }\r
4053 \r
4054                 // jump back to template edit\r
4055                 $this->action_templateedit(_TEMPLATE_UPDATED);\r
4056 \r
4057         }\r
4058 \r
4059         /**\r
4060          * @todo document this\r
4061          */\r
4062         function addToTemplate($id, $partname, $content) {\r
4063                 $partname = sql_real_escape_string($partname);\r
4064                 $content = sql_real_escape_string($content);\r
4065 \r
4066                 $id = intval($id);\r
4067 \r
4068                 // don't add empty parts:\r
4069                 if (!trim($content)) return -1;\r
4070 \r
4071                 $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) "\r
4072                            . "VALUES ($id, '$partname', '$content')";\r
4073                 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
4074                 return sql_insert_id();\r
4075         }\r
4076 \r
4077         /**\r
4078          * @todo document this\r
4079          */\r
4080         function action_templatedelete() {\r
4081                 global $member, $manager;\r
4082 \r
4083                 $member->isAdmin() or $this->disallow();\r
4084 \r
4085                 $templateid = intRequestVar('templateid');\r
4086                 // TODO: check if template can be deleted\r
4087 \r
4088                 $this->pagehead();\r
4089 \r
4090                 $name = TEMPLATE::getNameFromId($templateid);\r
4091                 $desc = TEMPLATE::getDesc($templateid);\r
4092 \r
4093                 ?>\r
4094                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
4095 \r
4096                         <p>\r
4097                         <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo htmlspecialchars($name)?></b> (<?php echo  htmlspecialchars($desc) ?>)\r
4098                         </p>\r
4099 \r
4100                         <form method="post" action="index.php"><div>\r
4101                                 <input type="hidden" name="action" value="templatedeleteconfirm" />\r
4102                                 <?php $manager->addTicketHidden() ?>\r
4103                                 <input type="hidden" name="templateid" value="<?php echo  $templateid ?>" />\r
4104                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
4105                         </div></form>\r
4106                 <?php\r
4107                 $this->pagefoot();\r
4108         }\r
4109 \r
4110         /**\r
4111          * @todo document this\r
4112          */\r
4113         function action_templatedeleteconfirm() {\r
4114                 global $member, $manager;\r
4115 \r
4116                 $templateid = intRequestVar('templateid');\r
4117 \r
4118                 $member->isAdmin() or $this->disallow();\r
4119 \r
4120                 $param = array('templateid' => $templateid);\r
4121                 $manager->notify('PreDeleteTemplate', $param);\r
4122 \r
4123                 // 1. delete description\r
4124                 sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid);\r
4125 \r
4126                 // 2. delete parts\r
4127                 sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid);\r
4128 \r
4129                 $param = array('templateid' => $templateid);\r
4130                 $manager->notify('PostDeleteTemplate', $param);\r
4131 \r
4132                 $this->action_templateoverview();\r
4133         }\r
4134 \r
4135         /**\r
4136          * @todo document this\r
4137          */\r
4138         function action_templatenew() {\r
4139                 global $member;\r
4140 \r
4141                 $member->isAdmin() or $this->disallow();\r
4142 \r
4143                 $name = postVar('name');\r
4144                 $desc = postVar('desc');\r
4145 \r
4146                 if (!isValidTemplateName($name))\r
4147                         $this->error(_ERROR_BADTEMPLATENAME);\r
4148 \r
4149                 if (TEMPLATE::exists($name))\r
4150                         $this->error(_ERROR_DUPTEMPLATENAME);\r
4151 \r
4152                 $newTemplateId = TEMPLATE::createNew($name, $desc);\r
4153 \r
4154                 $this->action_templateoverview();\r
4155         }\r
4156 \r
4157         /**\r
4158          * @todo document this\r
4159          */\r
4160         function action_templateclone() {\r
4161                 global $member;\r
4162 \r
4163                 $templateid = intRequestVar('templateid');\r
4164 \r
4165                 $member->isAdmin() or $this->disallow();\r
4166 \r
4167                 // 1. read old template\r
4168                 $name = TEMPLATE::getNameFromId($templateid);\r
4169                 $desc = TEMPLATE::getDesc($templateid);\r
4170 \r
4171                 // 2. create desc thing\r
4172                 $name = "cloned" . $name;\r
4173 \r
4174                 // if a template with that name already exists:\r
4175                 if (TEMPLATE::exists($name)) {\r
4176                         $i = 1;\r
4177                         while (TEMPLATE::exists($name . $i))\r
4178                                 $i++;\r
4179                         $name .= $i;\r
4180                 }\r
4181 \r
4182                 $newid = TEMPLATE::createNew($name, $desc);\r
4183 \r
4184                 // 3. create clone\r
4185                 // go through parts of old template and add them to the new one\r
4186                 $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);\r
4187                 while ($o = sql_fetch_object($res)) {\r
4188                         $this->addToTemplate($newid, $o->tpartname, $o->tcontent);\r
4189                 }\r
4190 \r
4191                 $this->action_templateoverview();\r
4192         }\r
4193 \r
4194         /**\r
4195          * @todo document this\r
4196          */\r
4197         function action_skinoverview() {\r
4198                 global $member, $manager;\r
4199 \r
4200                 $member->isAdmin() or $this->disallow();\r
4201 \r
4202                 $this->pagehead();\r
4203 \r
4204                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
4205 \r
4206                 echo '<h2>' . _SKIN_EDIT_TITLE . '</h2>';\r
4207 \r
4208                 echo '<h3>' . _SKIN_AVAILABLE_TITLE . '</h3>';\r
4209 \r
4210                 $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname';\r
4211                 $template['content'] = 'skinlist';\r
4212                 $template['tabindex'] = 10;\r
4213                 showlist($query,'table',$template);\r
4214 \r
4215                 echo '<h3>' . _SKIN_NEW_TITLE . '</h3>';\r
4216 \r
4217                 ?>\r
4218                 <form method="post" action="index.php">\r
4219                 <div>\r
4220 \r
4221                 <input name="action" value="skinnew" type="hidden" />\r
4222                 <?php $manager->addTicketHidden() ?>\r
4223                 <table><tr>\r
4224                         <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td>\r
4225                         <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td>\r
4226                 </tr><tr>\r
4227                         <td><?php echo _SKIN_DESC?></td>\r
4228                         <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td>\r
4229                 </tr><tr>\r
4230                         <td><?php echo _SKIN_CREATE?></td>\r
4231                         <td><input type="submit" tabindex="10030" value="<?php echo _SKIN_CREATE_BTN?>" onclick="return checkSubmit();" /></td>\r
4232                 </tr></table>\r
4233 \r
4234                 </div>\r
4235                 </form>\r
4236 \r
4237                 <?php\r
4238                 $this->pagefoot();\r
4239         }\r
4240 \r
4241         /**\r
4242          * @todo document this\r
4243          */\r
4244         function action_skinnew() {\r
4245                 global $member;\r
4246 \r
4247                 $member->isAdmin() or $this->disallow();\r
4248 \r
4249                 $name = trim(postVar('name'));\r
4250                 $desc = trim(postVar('desc'));\r
4251 \r
4252                 if (!isValidSkinName($name))\r
4253                         $this->error(_ERROR_BADSKINNAME);\r
4254 \r
4255                 if (SKIN::exists($name))\r
4256                         $this->error(_ERROR_DUPSKINNAME);\r
4257 \r
4258                 $newId = SKIN::createNew($name, $desc);\r
4259 \r
4260                 $this->action_skinoverview();\r
4261         }\r
4262 \r
4263         /**\r
4264          * @todo document this\r
4265          */\r
4266         function action_skinedit() {\r
4267                 global $member, $manager;\r
4268 \r
4269                 $skinid = intRequestVar('skinid');\r
4270 \r
4271                 $member->isAdmin() or $this->disallow();\r
4272 \r
4273                 $skin = new SKIN($skinid);\r
4274 \r
4275                 $this->pagehead();\r
4276                 ?>\r
4277                 <p>\r
4278                         <a href="index.php?action=skinoverview">(<?php echo _SKIN_BACK?>)</a>\r
4279                 </p>\r
4280                 <h2><?php echo _SKIN_EDITONE_TITLE?> '<?php echo  $skin->getName() ?>'</h2>\r
4281 \r
4282                 <h3><?php echo _SKIN_PARTS_TITLE?></h3>\r
4283                 <?php echo _SKIN_PARTS_MSG?>\r
4284                 <ul>\r
4285                         <li><a tabindex="10" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=index"><?php echo _SKIN_PART_MAIN?></a> <?php help('skinpartindex')?></li>\r
4286                         <li><a tabindex="20" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=item"><?php echo _SKIN_PART_ITEM?></a> <?php help('skinpartitem')?></li>\r
4287                         <li><a tabindex="30" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=archivelist"><?php echo _SKIN_PART_ALIST?></a> <?php help('skinpartarchivelist')?></li>\r
4288                         <li><a tabindex="40" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=archive"><?php echo _SKIN_PART_ARCHIVE?></a> <?php help('skinpartarchive')?></li>\r
4289                         <li><a tabindex="50" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=search"><?php echo _SKIN_PART_SEARCH?></a> <?php help('skinpartsearch')?></li>\r
4290                         <li><a tabindex="60" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=error"><?php echo _SKIN_PART_ERROR?></a> <?php help('skinparterror')?></li>\r
4291                         <li><a tabindex="70" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=member"><?php echo _SKIN_PART_MEMBER?></a> <?php help('skinpartmember')?></li>\r
4292                         <li><a tabindex="75" href="index.php?action=skinedittype&amp;skinid=<?php echo  $skinid ?>&amp;type=imagepopup"><?php echo _SKIN_PART_POPUP?></a> <?php help('skinpartimagepopup')?></li>\r
4293                 </ul>\r
4294 \r
4295                 <?php\r
4296 \r
4297                 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE stype NOT IN ('index', 'item', 'error', 'search', 'archive', 'archivelist', 'imagepopup', 'member') and sdesc = " . $skinid;\r
4298                 $res = sql_query($query);\r
4299 \r
4300                 echo '<h3>' . _SKIN_PARTS_SPECIAL . '</h3>';\r
4301                 echo '<form method="get" action="index.php">' . "\r\n";\r
4302                 echo '<input type="hidden" name="action" value="skinedittype" />' . "\r\n";\r
4303                 echo '<input type="hidden" name="skinid" value="' . $skinid . '" />' . "\r\n";\r
4304                 echo '<input name="type" tabindex="89" size="20" maxlength="20" />' . "\r\n";\r
4305                 echo '<input type="submit" tabindex="140" value="' . _SKIN_CREATE . '" onclick="return checkSubmit();" />' . "\r\n";\r
4306                 echo '</form>' . "\r\n";\r
4307 \r
4308                 if ($res && sql_num_rows($res) > 0) {\r
4309                         echo '<ul>';\r
4310                         $tabstart = 75;\r
4311 \r
4312                         while ($row = sql_fetch_assoc($res)) {\r
4313                                 echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">'._LISTS_DELETE.'</a>)</li>';\r
4314                         }\r
4315 \r
4316                         echo '</ul>';\r
4317                 }\r
4318 \r
4319                 ?>\r
4320 \r
4321                 <h3><?php echo _SKIN_GENSETTINGS_TITLE; ?></h3>\r
4322                 <form method="post" action="index.php">\r
4323                 <div>\r
4324 \r
4325                 <input type="hidden" name="action" value="skineditgeneral" />\r
4326                 <?php $manager->addTicketHidden() ?>\r
4327                 <input type="hidden" name="skinid" value="<?php echo  $skinid ?>" />\r
4328                 <table><tr>\r
4329                         <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td>\r
4330                         <td><input name="name" tabindex="90" value="<?php echo  htmlspecialchars($skin->getName()) ?>" maxlength="20" size="20" /></td>\r
4331                 </tr><tr>\r
4332                         <td><?php echo _SKIN_DESC?></td>\r
4333                         <td><input name="desc" tabindex="100" value="<?php echo  htmlspecialchars($skin->getDescription()) ?>" maxlength="200" size="50" /></td>\r
4334                 </tr><tr>\r
4335                         <td><?php echo _SKIN_TYPE?></td>\r
4336                         <td><input name="type" tabindex="110" value="<?php echo  htmlspecialchars($skin->getContentType()) ?>" maxlength="40" size="20" /></td>\r
4337                 </tr><tr>\r
4338                         <td><?php echo _SKIN_INCLUDE_MODE?> <?php help('includemode')?></td>\r
4339                         <td><?php $this->input_yesno('inc_mode',$skin->getIncludeMode(),120,'skindir','normal',_PARSER_INCMODE_SKINDIR,_PARSER_INCMODE_NORMAL);?></td>\r
4340                 </tr><tr>\r
4341                         <td><?php echo _SKIN_INCLUDE_PREFIX?> <?php help('includeprefix')?></td>\r
4342                         <td><input name="inc_prefix" tabindex="130" value="<?php echo  htmlspecialchars($skin->getIncludePrefix()) ?>" maxlength="40" size="20" /></td>\r
4343                 </tr><tr>\r
4344                         <td><?php echo _SKIN_CHANGE?></td>\r
4345                         <td><input type="submit" tabindex="140" value="<?php echo _SKIN_CHANGE_BTN?>" onclick="return checkSubmit();" /></td>\r
4346                 </tr></table>\r
4347 \r
4348                 </div>\r
4349                 </form>\r
4350 \r
4351 \r
4352                 <?php      $this->pagefoot();\r
4353         }\r
4354 \r
4355         /**\r
4356          * @todo document this\r
4357          */\r
4358         function action_skineditgeneral() {\r
4359                 global $member;\r
4360 \r
4361                 $skinid = intRequestVar('skinid');\r
4362 \r
4363                 $member->isAdmin() or $this->disallow();\r
4364 \r
4365                 $name = postVar('name');\r
4366                 $desc = postVar('desc');\r
4367                 $type = postVar('type');\r
4368                 $inc_mode = postVar('inc_mode');\r
4369                 $inc_prefix = postVar('inc_prefix');\r
4370 \r
4371                 $skin = new SKIN($skinid);\r
4372 \r
4373                 // 1. Some checks\r
4374                 if (!isValidSkinName($name))\r
4375                         $this->error(_ERROR_BADSKINNAME);\r
4376 \r
4377                 if (($skin->getName() != $name) && SKIN::exists($name))\r
4378                         $this->error(_ERROR_DUPSKINNAME);\r
4379 \r
4380                 if (!$type) $type = 'text/html';\r
4381                 if (!$inc_mode) $inc_mode = 'normal';\r
4382 \r
4383                 // 2. Update description\r
4384                 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);\r
4385 \r
4386                 $this->action_skinedit();\r
4387 \r
4388         }\r
4389 \r
4390         /**\r
4391          * @todo document this\r
4392          */\r
4393         function action_skinedittype($msg = '') {\r
4394                 global $member, $manager;\r
4395 \r
4396                 $skinid = intRequestVar('skinid');\r
4397                 $type = requestVar('type');\r
4398 \r
4399                 $member->isAdmin() or $this->disallow();\r
4400 \r
4401                 $type = trim($type);\r
4402                 $type = strtolower($type);\r
4403 \r
4404                 if (!isValidShortName($type)) {\r
4405                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);\r
4406                 }\r
4407 \r
4408                 $skin = new SKIN($skinid);\r
4409 \r
4410                 $friendlyNames = SKIN::getFriendlyNames();\r
4411 \r
4412                 $this->pagehead();\r
4413                 ?>\r
4414                 <p>(<a href="index.php?action=skinoverview"><?php echo _SKIN_GOBACK?></a>)</p>\r
4415 \r
4416                 <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>\r
4417 \r
4418                 <?php              if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
4419                 ?>\r
4420 \r
4421                 <div style="width:100%;">\r
4422                 <form method="post" action="index.php">\r
4423                 <div>\r
4424 \r
4425                 <input type="hidden" name="action" value="skinupdate" />\r
4426                 <?php $manager->addTicketHidden() ?>\r
4427                 <input type="hidden" name="skinid" value="<?php echo  $skinid ?>" />\r
4428                 <input type="hidden" name="type" value="<?php echo  $type ?>" />\r
4429 \r
4430                 <input type="submit" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
4431                 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />\r
4432                 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)\r
4433                 <?php if (in_array($type, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {\r
4434                         help('skinpart' . $type);\r
4435                 } else {\r
4436                         help('skinpartspecial');\r
4437                 }?>\r
4438                 <br />\r
4439 \r
4440                 <textarea class="skinedit" tabindex="10" rows="20" cols="80" name="content"><?php echo  htmlspecialchars($skin->getContent($type)) ?></textarea>\r
4441 \r
4442                 <br />\r
4443                 <input type="submit" tabindex="20" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
4444                 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />\r
4445                 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)\r
4446 \r
4447                 <br /><br />\r
4448                 <?php echo _SKIN_ALLOWEDVARS?>\r
4449                 <?php              $actions = SKIN::getAllowedActionsForType($type);\r
4450 \r
4451                         sort($actions);\r
4452 \r
4453                         while ($current = array_shift($actions)) {\r
4454                                 // skip deprecated vars\r
4455                                 if ($current == 'ifcat') continue;\r
4456                                 if ($current == 'imagetext') continue;\r
4457                                 if ($current == 'vars') continue;\r
4458 \r
4459                                 echo helplink('skinvar-' . $current) . "$current</a>";\r
4460                                 if (count($actions) != 0) echo ", ";\r
4461                         }\r
4462                 echo '<br /><br />' . _SKINEDIT_ALLOWEDBLOGS;\r
4463                 $query = 'SELECT bshortname, bname FROM '.sql_table('blog');\r
4464                         showlist($query,'table',array('content'=>'shortblognames'));\r
4465                 echo '<br />' . _SKINEDIT_ALLOWEDTEMPLATESS;\r
4466                 $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc');\r
4467                         showlist($query,'table',array('content'=>'shortnames'));\r
4468                 echo '</div></form></div>';\r
4469                 $this->pagefoot();\r
4470         }\r
4471 \r
4472         /**\r
4473          * @todo document this\r
4474          */\r
4475         function action_skinupdate() {\r
4476                 global $member;\r
4477 \r
4478                 $skinid = intRequestVar('skinid');\r
4479                 $content = trim(postVar('content'));\r
4480                 $type = postVar('type');\r
4481 \r
4482                 $member->isAdmin() or $this->disallow();\r
4483 \r
4484                 $skin = new SKIN($skinid);\r
4485                 $skin->update($type, $content);\r
4486 \r
4487                 $this->action_skinedittype(_SKIN_UPDATED);\r
4488         }\r
4489 \r
4490         /**\r
4491          * @todo document this\r
4492          */\r
4493         function action_skindelete() {\r
4494                 global $member, $manager, $CONF;\r
4495 \r
4496                 $skinid = intRequestVar('skinid');\r
4497 \r
4498                 $member->isAdmin() or $this->disallow();\r
4499 \r
4500                 // don't allow default skin to be deleted\r
4501                 if ($skinid == $CONF['BaseSkin'])\r
4502                         $this->error(_ERROR_DEFAULTSKIN);\r
4503 \r
4504                 // don't allow deletion of default skins for blogs\r
4505                 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;\r
4506                 $r = sql_query($query);\r
4507                 if ($o = sql_fetch_object($r))\r
4508                         $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname));\r
4509 \r
4510                 $this->pagehead();\r
4511 \r
4512                 $skin = new SKIN($skinid);\r
4513                 $name = $skin->getName();\r
4514                 $desc = $skin->getDescription();\r
4515 \r
4516                 ?>\r
4517                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
4518 \r
4519                         <p>\r
4520                                 <?php echo _CONFIRMTXT_SKIN?><b><?php echo htmlspecialchars($name) ?></b> (<?php echo  htmlspecialchars($desc)?>)\r
4521                         </p>\r
4522 \r
4523                         <form method="post" action="index.php"><div>\r
4524                                 <input type="hidden" name="action" value="skindeleteconfirm" />\r
4525                                 <?php $manager->addTicketHidden() ?>\r
4526                                 <input type="hidden" name="skinid" value="<?php echo  $skinid ?>" />\r
4527                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
4528                         </div></form>\r
4529                 <?php\r
4530                 $this->pagefoot();\r
4531         }\r
4532 \r
4533         /**\r
4534          * @todo document this\r
4535          */\r
4536         function action_skindeleteconfirm() {\r
4537                 global $member, $CONF, $manager;\r
4538 \r
4539                 $skinid = intRequestVar('skinid');\r
4540 \r
4541                 $member->isAdmin() or $this->disallow();\r
4542 \r
4543                 // don't allow default skin to be deleted\r
4544                 if ($skinid == $CONF['BaseSkin'])\r
4545                         $this->error(_ERROR_DEFAULTSKIN);\r
4546 \r
4547                 // don't allow deletion of default skins for blogs\r
4548                 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;\r
4549                 $r = sql_query($query);\r
4550                 if ($o = sql_fetch_object($r))\r
4551                         $this->error(_ERROR_SKINDEFDELETE .$o->bname);\r
4552 \r
4553                 $param = array('skinid' => $skinid);\r
4554                 $manager->notify('PreDeleteSkin', $param);\r
4555 \r
4556                 // 1. delete description\r
4557                 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid);\r
4558 \r
4559                 // 2. delete parts\r
4560                 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid);\r
4561 \r
4562                 $param = array('skinid' => $skinid);\r
4563                 $manager->notify('PostDeleteSkin', $param);\r
4564 \r
4565                 $this->action_skinoverview();\r
4566         }\r
4567 \r
4568         /**\r
4569          * @todo document this\r
4570          */\r
4571         function action_skinremovetype() {\r
4572                 global $member, $manager, $CONF;\r
4573 \r
4574                 $skinid = intRequestVar('skinid');\r
4575                 $skintype = requestVar('type');\r
4576 \r
4577                 if (!isValidShortName($skintype)) {\r
4578                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4579                 }\r
4580 \r
4581                 $member->isAdmin() or $this->disallow();\r
4582 \r
4583                 // don't allow default skinparts to be deleted\r
4584                 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {\r
4585                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4586                 }\r
4587 \r
4588                 $this->pagehead();\r
4589 \r
4590                 $skin = new SKIN($skinid);\r
4591                 $name = $skin->getName();\r
4592                 $desc = $skin->getDescription();\r
4593 \r
4594                 ?>\r
4595                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
4596 \r
4597                         <p>\r
4598                                 <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo htmlspecialchars($skintype); ?> (<?php echo htmlspecialchars($name); ?>)</b> (<?php echo  htmlspecialchars($desc)?>)\r
4599                         </p>\r
4600 \r
4601                         <form method="post" action="index.php"><div>\r
4602                                 <input type="hidden" name="action" value="skinremovetypeconfirm" />\r
4603                                 <?php $manager->addTicketHidden() ?>\r
4604                                 <input type="hidden" name="skinid" value="<?php echo $skinid; ?>" />\r
4605                                 <input type="hidden" name="type" value="<?php echo htmlspecialchars($skintype); ?>" />\r
4606                                 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
4607                         </div></form>\r
4608                 <?php\r
4609                 $this->pagefoot();\r
4610         }\r
4611 \r
4612         /**\r
4613          * @todo document this\r
4614          */\r
4615         function action_skinremovetypeconfirm() {\r
4616                 global $member, $CONF, $manager;\r
4617 \r
4618                 $skinid = intRequestVar('skinid');\r
4619                 $skintype = requestVar('type');\r
4620 \r
4621                 if (!isValidShortName($skintype)) {\r
4622                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4623                 }\r
4624 \r
4625                 $member->isAdmin() or $this->disallow();\r
4626 \r
4627                 // don't allow default skinparts to be deleted\r
4628                 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {\r
4629                         $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);\r
4630                 }\r
4631 \r
4632                 $param = array(\r
4633                         'skinid'        => $skinid,\r
4634                         'skintype'      => $skintype\r
4635                 );\r
4636                 $manager->notify('PreDeleteSkinPart', $param);\r
4637 \r
4638                 // delete part\r
4639                 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\'');\r
4640 \r
4641                 $param = array(\r
4642                         'skinid'        => $skinid,\r
4643                         'skintype'      => $skintype\r
4644                 );\r
4645                 $manager->notify('PostDeleteSkinPart', $param);\r
4646 \r
4647                 $this->action_skinedit();\r
4648         }\r
4649 \r
4650         /**\r
4651          * @todo document this\r
4652          */\r
4653         function action_skinclone() {\r
4654                 global $member;\r
4655 \r
4656                 $skinid = intRequestVar('skinid');\r
4657 \r
4658                 $member->isAdmin() or $this->disallow();\r
4659 \r
4660                 // 1. read skin to clone\r
4661                 $skin = new SKIN($skinid);\r
4662 \r
4663                 $name = "clone_" . $skin->getName();\r
4664 \r
4665                 // if a skin with that name already exists:\r
4666                 if (SKIN::exists($name)) {\r
4667                         $i = 1;\r
4668                         while (SKIN::exists($name . $i))\r
4669                                 $i++;\r
4670                         $name .= $i;\r
4671                 }\r
4672 \r
4673                 // 2. create skin desc\r
4674                 $newid = SKIN::createNew(\r
4675                         $name,\r
4676                         $skin->getDescription(),\r
4677                         $skin->getContentType(),\r
4678                         $skin->getIncludeMode(),\r
4679                         $skin->getIncludePrefix()\r
4680                 );\r
4681 \r
4682 \r
4683                 // 3. clone\r
4684                 /*\r
4685                 $this->skinclonetype($skin, $newid, 'index');\r
4686                 $this->skinclonetype($skin, $newid, 'item');\r
4687                 $this->skinclonetype($skin, $newid, 'archivelist');\r
4688                 $this->skinclonetype($skin, $newid, 'archive');\r
4689                 $this->skinclonetype($skin, $newid, 'search');\r
4690                 $this->skinclonetype($skin, $newid, 'error');\r
4691                 $this->skinclonetype($skin, $newid, 'member');\r
4692                 $this->skinclonetype($skin, $newid, 'imagepopup');\r
4693                 */\r
4694 \r
4695                 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;\r
4696                 $res = sql_query($query);\r
4697                 while ($row = sql_fetch_assoc($res)) {\r
4698                         $this->skinclonetype($skin, $newid, $row['stype']);\r
4699                 }\r
4700 \r
4701                 $this->action_skinoverview();\r
4702 \r
4703         }\r
4704 \r
4705         /**\r
4706          * @todo document this\r
4707          */\r
4708         function skinclonetype($skin, $newid, $type) {\r
4709                 $newid = intval($newid);\r
4710                 $content = $skin->getContent($type);\r
4711                 if ($content) {\r
4712                         $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". sql_real_escape_string($content)."', '". sql_real_escape_string($type)."')";\r
4713                         sql_query($query);\r
4714                 }\r
4715         }\r
4716 \r
4717         /**\r
4718          * @todo document this\r
4719          */\r
4720         function action_settingsedit() {\r
4721                 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;\r
4722 \r
4723                 $member->isAdmin() or $this->disallow();\r
4724 \r
4725                 $this->pagehead();\r
4726 \r
4727                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
4728                 ?>\r
4729 \r
4730                 <h2><?php echo _SETTINGS_TITLE?></h2>\r
4731 \r
4732                 <form action="index.php" method="post">\r
4733                 <div>\r
4734 \r
4735                 <input type="hidden" name="action" value="settingsupdate" />\r
4736                 <?php $manager->addTicketHidden() ?>\r
4737 \r
4738                 <table><tr>\r
4739                         <th colspan="2"><?php echo _SETTINGS_SUB_GENERAL?></th>\r
4740                 </tr><tr>\r
4741                         <td><?php echo _SETTINGS_DEFBLOG?> <?php help('defaultblog'); ?></td>\r
4742                         <td>\r
4743                                 <?php\r
4744                                         $query =  'SELECT bname as text, bnumber as value'\r
4745                                                    . ' FROM '.sql_table('blog');\r
4746                                         $template['name'] = 'DefaultBlog';\r
4747                                         $template['selected'] = $CONF['DefaultBlog'];\r
4748                                         $template['tabindex'] = 10;\r
4749                                         showlist($query,'select',$template);\r
4750                                 ?>\r
4751                         </td>\r
4752                 </tr><tr>\r
4753                         <td><?php echo _SETTINGS_BASESKIN?> <?php help('baseskin'); ?></td>\r
4754                         <td>\r
4755                                 <?php\r
4756                                         $query =  'SELECT sdname as text, sdnumber as value'\r
4757                                                    . ' FROM '.sql_table('skin_desc');\r
4758                                         $template['name'] = 'BaseSkin';\r
4759                                         $template['selected'] = $CONF['BaseSkin'];\r
4760                                         $template['tabindex'] = 1;\r
4761                                         showlist($query,'select',$template);\r
4762                                 ?>\r
4763                         </td>\r
4764                 </tr><tr>\r
4765                         <td><?php echo _SETTINGS_ADMINMAIL?></td>\r
4766                         <td><input name="AdminEmail" tabindex="10010" size="40" value="<?php echo  htmlspecialchars($CONF['AdminEmail']) ?>" /></td>\r
4767                 </tr><tr>\r
4768                         <td><?php echo _SETTINGS_SITENAME?></td>\r
4769                         <td><input name="SiteName" tabindex="10020" size="40" value="<?php echo  htmlspecialchars($CONF['SiteName']) ?>" /></td>\r
4770                 </tr><tr>\r
4771                         <td><?php echo _SETTINGS_SITEURL?></td>\r
4772                         <td><input name="IndexURL" tabindex="10030" size="40" value="<?php echo  htmlspecialchars($CONF['IndexURL']) ?>" /></td>\r
4773                 </tr><tr>\r
4774                         <td><?php echo _SETTINGS_ADMINURL?></td>\r
4775                         <td><input name="AdminURL" tabindex="10040" size="40" value="<?php echo  htmlspecialchars($CONF['AdminURL']) ?>" /></td>\r
4776                 </tr><tr>\r
4777                         <td><?php echo _SETTINGS_PLUGINURL?> <?php help('pluginurl');?></td>\r
4778                         <td><input name="PluginURL" tabindex="10045" size="40" value="<?php echo  htmlspecialchars($CONF['PluginURL']) ?>" /></td>\r
4779                 </tr><tr>\r
4780                         <td><?php echo _SETTINGS_SKINSURL?> <?php help('skinsurl');?></td>\r
4781                         <td><input name="SkinsURL" tabindex="10046" size="40" value="<?php echo  htmlspecialchars($CONF['SkinsURL']) ?>" /></td>\r
4782                 </tr><tr>\r
4783                         <td><?php echo _SETTINGS_ACTIONSURL?> <?php help('actionurl');?></td>\r
4784                         <td><input name="ActionURL" tabindex="10047" size="40" value="<?php echo  htmlspecialchars($CONF['ActionURL']) ?>" /></td>\r
4785                 </tr><tr>\r
4786                         <td><?php echo _SETTINGS_LANGUAGE?> <?php help('language'); ?>\r
4787                         </td>\r
4788                         <td>\r
4789 \r
4790                                 <select name="Language" tabindex="10050">\r
4791                                 <?php                      // show a dropdown list of all available languages\r
4792                                 global $DIR_LANG;\r
4793                                 $dirhandle = opendir($DIR_LANG);\r
4794                                 while ($filename = readdir($dirhandle) )\r
4795                                 {\r
4796                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
4797                                         # original ereg: ereg("^(.*)\.php$",$filename,$matches)\r
4798                                         if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
4799                                         {\r
4800                                                 $name = $matches[1];\r
4801                                                 echo "<option value=\"$name\"";\r
4802                                                 if ($name == $CONF['Language'])\r
4803                                                 {\r
4804                                                         echo " selected=\"selected\"";\r
4805                                                 }\r
4806                                                 echo ">$name</option>";\r
4807                                         }\r
4808                                 }\r
4809                                 closedir($dirhandle);\r
4810 \r
4811                                 ?>\r
4812                                 </select>\r
4813 \r
4814                         </td>\r
4815                 </tr><tr>\r
4816                         <td><?php echo _SETTINGS_DISABLESITE?> <?php help('disablesite'); ?>\r
4817                         </td>\r
4818                         <td><?php $this->input_yesno('DisableSite',$CONF['DisableSite'],10060); ?>\r
4819                                         <br />\r
4820                                 <?php echo _SETTINGS_DISABLESITEURL ?> <input name="DisableSiteURL" tabindex="10070" size="40" value="<?php echo  htmlspecialchars($CONF['DisableSiteURL'])?>" />\r
4821                         </td>\r
4822                 </tr><tr>\r
4823                         <td><?php echo _SETTINGS_DIRS?></td>\r
4824                         <td><?php echo  htmlspecialchars($DIR_NUCLEUS) ?>\r
4825                                 <i><?php echo _SETTINGS_SEECONFIGPHP?></i></td>\r
4826                 </tr><tr>\r
4827                         <td><?php echo _SETTINGS_DBLOGIN?></td>\r
4828                         <td><i><?php echo _SETTINGS_SEECONFIGPHP?></i></td>\r
4829                 </tr><tr>\r
4830                         <td>\r
4831                         <?php\r
4832                                 echo _SETTINGS_JSTOOLBAR\r
4833                                 /* =_SETTINGS_DISABLEJS\r
4834 \r
4835                                         I temporary changed the meaning of DisableJsTools, until I can find a good\r
4836                                         way to select the javascript version to use\r
4837 \r
4838                                         now, its:\r
4839                                                 0 : IE\r
4840                                                 1 : all javascript disabled\r
4841                                                 2 : 'simpler' javascript (for mozilla/opera/mac)\r
4842                                 */\r
4843                            ?>\r
4844                         </td>\r
4845                         <td><?php /* $this->input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?>\r
4846                                 <select name="DisableJsTools" tabindex="10075">\r
4847                         <?php                              $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : '';\r
4848                                         echo "<option $extra value='1'>",_SETTINGS_JSTOOLBAR_NONE,"</option>";\r
4849                                         $extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : '';\r
4850                                         echo "<option $extra value='2'>",_SETTINGS_JSTOOLBAR_SIMPLE,"</option>";\r
4851                                         $extra = ($CONF['DisableJsTools'] == 0) ? 'selected="selected"' : '';\r
4852                                         echo "<option $extra value='0'>",_SETTINGS_JSTOOLBAR_FULL,"</option>";\r
4853                         ?>\r
4854                                 </select>\r
4855                         </td>\r
4856                 </tr><tr>\r
4857                         <td><?php echo _SETTINGS_URLMODE?> <?php help('urlmode');?></td>\r
4858                                            <td><?php\r
4859 \r
4860                                            $this->input_yesno('URLMode',$CONF['URLMode'],10077,\r
4861                                                           'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO);\r
4862 \r
4863                                            echo ' ', _SETTINGS_URLMODE_HELP;\r
4864 \r
4865                                                          ?>\r
4866 \r
4867                                            </td>\r
4868                 </tr><tr>\r
4869                         <td><?php echo _SETTINGS_DEBUGVARS?> <?php help('debugvars');?></td>\r
4870                                            <td><?php\r
4871 \r
4872                                                 $this->input_yesno('DebugVars',$CONF['DebugVars'],10078);\r
4873 \r
4874                                                          ?>\r
4875 \r
4876                                            </td>\r
4877                 </tr><tr>\r
4878                         <td><?php echo _SETTINGS_DEFAULTLISTSIZE?> <?php help('defaultlistsize');?></td>\r
4879                         <td>\r
4880                         <?php\r
4881                                 if (!array_key_exists('DefaultListSize',$CONF)) {\r
4882                                         sql_query("INSERT INTO ".sql_table('config')." VALUES ('DefaultListSize', '10')");\r
4883                                         $CONF['DefaultListSize'] = 10;\r
4884                                 }\r
4885                         ?>\r
4886                                 <input name="DefaultListSize" tabindex="10079" size="40" value="<?php echo  htmlspecialchars((intval($CONF['DefaultListSize']) < 1 ? '10' : $CONF['DefaultListSize'])) ?>" />\r
4887                         </td>\r
4888                 </tr><tr>\r
4889                         <td><?php echo _SETTINGS_ADMINCSS?> \r
4890                         </td>\r
4891                         <td>\r
4892                                 <select name="AdminCSS" tabindex="10080">\r
4893                                 <?php           // show a dropdown list of all available admin css files\r
4894                                         global $DIR_NUCLEUS;\r
4895                                         $dirhandle = opendir($DIR_NUCLEUS."styles/");\r
4896                                 while ($filename = readdir($dirhandle) )\r
4897                                 {\r
4898                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
4899                                         # original ereg: ereg("^(.*)\.php$",$filename,$matches)\r
4900                                         if (preg_match('#^admin_(.*)\.css$#', $filename, $matches) )\r
4901                                         {\r
4902                                                 $name = $matches[1];\r
4903                                                 echo "<option value=\"$name\"";\r
4904                                                 if ($name == $CONF['AdminCSS'])\r
4905                                                 {\r
4906                                                         echo " selected=\"selected\"";\r
4907                                                 }\r
4908                                                 echo ">$name</option>";\r
4909                                         }\r
4910                                 }\r
4911                                 closedir($dirhandle);\r
4912                                 ?>\r
4913                                 </select>\r
4914                         </td>\r
4915                 </tr><tr>\r
4916                         <th colspan="2"><?php echo _SETTINGS_MEDIA?> <?php help('media'); ?></th>\r
4917                 </tr><tr>\r
4918                         <td><?php echo _SETTINGS_MEDIADIR?></td>\r
4919                         <td><?php echo  htmlspecialchars($DIR_MEDIA) ?>\r
4920                                 <i><?php echo _SETTINGS_SEECONFIGPHP?></i>\r
4921                                 <?php                              if (!is_dir($DIR_MEDIA))\r
4922                                                 echo "<br /><b>" . _WARNING_NOTADIR . "</b>";\r
4923                                         if (!is_readable($DIR_MEDIA))\r
4924                                                 echo "<br /><b>" . _WARNING_NOTREADABLE . "</b>";\r
4925                                         if (!is_writeable($DIR_MEDIA))\r
4926                                                 echo "<br /><b>" . _WARNING_NOTWRITABLE . "</b>";\r
4927                                 ?>\r
4928                         </td>\r
4929                 </tr><tr>\r
4930                         <td><?php echo _SETTINGS_MEDIAURL?></td>\r
4931                         <td>\r
4932                                 <input name="MediaURL" tabindex="10090" size="40" value="<?php echo  htmlspecialchars($CONF['MediaURL']) ?>" />\r
4933                         </td>\r
4934                 </tr><tr>\r
4935                         <td><?php echo _SETTINGS_ALLOWUPLOAD?></td>\r
4936                         <td><?php $this->input_yesno('AllowUpload',$CONF['AllowUpload'],10090); ?></td>\r
4937                 </tr><tr>\r
4938                         <td><?php echo _SETTINGS_ALLOWUPLOADTYPES?></td>\r
4939                         <td>\r
4940                                 <input name="AllowedTypes" tabindex="10100" size="40" value="<?php echo  htmlspecialchars($CONF['AllowedTypes']) ?>" />\r
4941                         </td>\r
4942                 </tr><tr>\r
4943                         <td><?php echo _SETTINGS_MAXUPLOADSIZE?></td>\r
4944                         <td>\r
4945                                 <input name="MaxUploadSize" tabindex="10105" size="40" value="<?php echo  htmlspecialchars($CONF['MaxUploadSize']) ?>" />\r
4946                         </td>\r
4947                 </tr><tr>\r
4948                         <td><?php echo _SETTINGS_MEDIAPREFIX?></td>\r
4949                         <td><?php $this->input_yesno('MediaPrefix',$CONF['MediaPrefix'],10110); ?></td>\r
4950 \r
4951                 </tr><tr>\r
4952                         <th colspan="2"><?php echo _SETTINGS_MEMBERS?></th>\r
4953                 </tr><tr>\r
4954                         <td><?php echo _SETTINGS_CHANGELOGIN?></td>\r
4955                         <td><?php $this->input_yesno('AllowLoginEdit',$CONF['AllowLoginEdit'],10120); ?></td>\r
4956                 </tr><tr>\r
4957                         <td><?php echo _SETTINGS_ALLOWCREATE?>\r
4958                                 <?php help('allowaccountcreation'); ?>\r
4959                         </td>\r
4960                         <td><?php $this->input_yesno('AllowMemberCreate',$CONF['AllowMemberCreate'],10130); ?>\r
4961                         </td>\r
4962                 </tr><tr>\r
4963                         <td><?php echo _SETTINGS_NEWLOGIN?> <?php help('allownewmemberlogin'); ?>\r
4964                                 <br /><?php echo _SETTINGS_NEWLOGIN2?>\r
4965                         </td>\r
4966                         <td><?php $this->input_yesno('NewMemberCanLogon',$CONF['NewMemberCanLogon'],10140); ?>\r
4967                         </td>\r
4968                 </tr><tr>\r
4969                         <td><?php echo _SETTINGS_MEMBERMSGS?>\r
4970                                 <?php help('messageservice'); ?>\r
4971                         </td>\r
4972                         <td><?php $this->input_yesno('AllowMemberMail',$CONF['AllowMemberMail'],10150); ?>\r
4973                         </td>\r
4974                 </tr><tr>\r
4975                         <td><?php echo _SETTINGS_NONMEMBERMSGS?>\r
4976                                 <?php help('messageservice'); ?>\r
4977                         </td>\r
4978                         <td><?php $this->input_yesno('NonmemberMail',$CONF['NonmemberMail'],10155); ?>\r
4979                         </td>\r
4980                 </tr><tr>\r
4981                         <td><?php echo _SETTINGS_PROTECTMEMNAMES?>\r
4982                                 <?php help('protectmemnames'); ?>\r
4983                         </td>\r
4984                         <td><?php $this->input_yesno('ProtectMemNames',$CONF['ProtectMemNames'],10156); ?>\r
4985                         </td>\r
4986 \r
4987 \r
4988 \r
4989                 </tr><tr>\r
4990                         <th colspan="2"><?php echo _SETTINGS_COOKIES_TITLE?> <?php help('cookies'); ?></th>\r
4991                 </tr><tr>\r
4992                         <td><?php echo _SETTINGS_COOKIEPREFIX?></td>\r
4993                         <td><input name="CookiePrefix" tabindex="10159" size="40" value="<?php echo  htmlspecialchars($CONF['CookiePrefix'])?>" /></td>\r
4994                 </tr><tr>\r
4995                         <td><?php echo _SETTINGS_COOKIEDOMAIN?></td>\r
4996                         <td><input name="CookieDomain" tabindex="10160" size="40" value="<?php echo  htmlspecialchars($CONF['CookieDomain'])?>" /></td>\r
4997                 </tr><tr>\r
4998                         <td><?php echo _SETTINGS_COOKIEPATH?></td>\r
4999                         <td><input name="CookiePath" tabindex="10170" size="40" value="<?php echo  htmlspecialchars($CONF['CookiePath'])?>" /></td>\r
5000                 </tr><tr>\r
5001                         <td><?php echo _SETTINGS_COOKIESECURE?></td>\r
5002                         <td><?php $this->input_yesno('CookieSecure',$CONF['CookieSecure'],10180); ?></td>\r
5003                 </tr><tr>\r
5004                         <td><?php echo _SETTINGS_COOKIELIFE?></td>\r
5005                         <td><?php $this->input_yesno('SessionCookie',$CONF['SessionCookie'],10190,\r
5006                                                           1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?>\r
5007                         </td>\r
5008                 </tr><tr>\r
5009                         <td><?php echo _SETTINGS_LASTVISIT?></td>\r
5010                         <td><?php $this->input_yesno('LastVisit',$CONF['LastVisit'],10200); ?></td>\r
5011 \r
5012 \r
5013 \r
5014                 </tr><tr>\r
5015                         <th colspan="2"><?php echo _SETTINGS_UPDATE?></th>\r
5016                 </tr><tr>\r
5017                         <td><?php echo _SETTINGS_UPDATE?></td>\r
5018                         <td><input type="submit" tabindex="10210" value="<?php echo _SETTINGS_UPDATE_BTN?>" onclick="return checkSubmit();" /></td>\r
5019                 </tr></table>\r
5020 \r
5021                 </div>\r
5022                 </form>\r
5023 \r
5024                 <?php\r
5025                         echo '<h2>',_PLUGINS_EXTRA,'</h2>';\r
5026                         \r
5027                         $param = array();\r
5028                         $manager->notify('GeneralSettingsFormExtras', $param);\r
5029 \r
5030                 $this->pagefoot();\r
5031         }\r
5032 \r
5033         /**\r
5034          * @todo document this\r
5035          */\r
5036         function action_settingsupdate() {\r
5037                 global $member, $CONF;\r
5038 \r
5039                 $member->isAdmin() or $this->disallow();\r
5040 \r
5041                 // check if email address for admin is valid\r
5042                 if (!isValidMailAddress(postVar('AdminEmail')))\r
5043                         $this->error(_ERROR_BADMAILADDRESS);\r
5044 \r
5045 \r
5046                 // save settings\r
5047                 $this->updateConfig('DefaultBlog',        postVar('DefaultBlog'));\r
5048                 $this->updateConfig('BaseSkin',          postVar('BaseSkin'));\r
5049                 $this->updateConfig('IndexURL',          postVar('IndexURL'));\r
5050                 $this->updateConfig('AdminURL',          postVar('AdminURL'));\r
5051                 $this->updateConfig('PluginURL',                postVar('PluginURL'));\r
5052                 $this->updateConfig('SkinsURL',          postVar('SkinsURL'));\r
5053                 $this->updateConfig('ActionURL',                postVar('ActionURL'));\r
5054                 $this->updateConfig('Language',          postVar('Language'));\r
5055                 $this->updateConfig('AdminEmail',          postVar('AdminEmail'));\r
5056                 $this->updateConfig('SessionCookie',    postVar('SessionCookie'));\r
5057                 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));\r
5058                 $this->updateConfig('AllowMemberMail',  postVar('AllowMemberMail'));\r
5059                 $this->updateConfig('NonmemberMail',    postVar('NonmemberMail'));\r
5060                 $this->updateConfig('ProtectMemNames',  postVar('ProtectMemNames'));\r
5061                 $this->updateConfig('SiteName',          postVar('SiteName'));\r
5062                 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));\r
5063                 $this->updateConfig('DisableSite',        postVar('DisableSite'));\r
5064                 $this->updateConfig('DisableSiteURL',   postVar('DisableSiteURL'));\r
5065                 $this->updateConfig('LastVisit',                postVar('LastVisit'));\r
5066                 $this->updateConfig('MediaURL',          postVar('MediaURL'));\r
5067                 $this->updateConfig('AllowedTypes',      postVar('AllowedTypes'));\r
5068                 $this->updateConfig('AllowUpload',        postVar('AllowUpload'));\r
5069                 $this->updateConfig('MaxUploadSize',    postVar('MaxUploadSize'));\r
5070                 $this->updateConfig('MediaPrefix',        postVar('MediaPrefix'));\r
5071                 $this->updateConfig('AllowLoginEdit',   postVar('AllowLoginEdit'));\r
5072                 $this->updateConfig('DisableJsTools',   postVar('DisableJsTools'));\r
5073                 $this->updateConfig('CookieDomain',      postVar('CookieDomain'));\r
5074                 $this->updateConfig('CookiePath',          postVar('CookiePath'));\r
5075                 $this->updateConfig('CookieSecure',      postVar('CookieSecure'));\r
5076                 $this->updateConfig('URLMode',            postVar('URLMode'));\r
5077                 $this->updateConfig('CookiePrefix',      postVar('CookiePrefix'));\r
5078                 $this->updateConfig('DebugVars',                postVar('DebugVars'));\r
5079                 $this->updateConfig('DefaultListSize',  postVar('DefaultListSize'));\r
5080                 $this->updateConfig('AdminCSS',          postVar('AdminCSS'));\r
5081 \r
5082                 // load new config and redirect (this way, the new language will be used is necessary)\r
5083                 // note that when changing cookie settings, this redirect might cause the user\r
5084                 // to have to log in again.\r
5085                 getConfig();\r
5086                 redirect($CONF['AdminURL'] . '?action=manage');\r
5087                 exit;\r
5088 \r
5089         }\r
5090 \r
5091         /**\r
5092          *  Give an overview over the used system\r
5093          */\r
5094         function action_systemoverview() {\r
5095                 global $member, $nucleus, $CONF;\r
5096 \r
5097                 $this->pagehead();\r
5098 \r
5099                 echo '<h2>' . _ADMIN_SYSTEMOVERVIEW_HEADING . "</h2>\n";\r
5100 \r
5101                 if ($member->isLoggedIn() && $member->isAdmin()) {\r
5102 \r
5103                         // Information about the used PHP and MySQL installation\r
5104                         echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_PHPANDMYSQL . "</h3>\n";\r
5105 \r
5106                         // Version of PHP MySQL\r
5107                         echo "<table>\n";\r
5108                         echo "\t<tr>\n";\r
5109                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . "</th>\n";\r
5110                         echo "\t</tr><tr>\n";\r
5111                         echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . "</td>\n";\r
5112                         echo "\t\t" . '<td>' . phpversion() . "</td>\n";\r
5113                         echo "\t</tr><tr>\n";\r
5114                         echo "\t\t" . '<td>' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . "</td>\n";\r
5115                         echo "\t\t" . '<td>' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . "</td>\n";\r
5116                         echo "\t</tr>";\r
5117                         echo "</table>\n";\r
5118 \r
5119                         // Important PHP settings\r
5120                         echo "<table>\n";\r
5121                         echo "\t<tr>\n";\r
5122                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . "</th>\n";\r
5123                         echo "\t</tr><tr>\n";\r
5124                         echo "\t\t" . '<td width="50%">magic_quotes_gpc' . "</td>\n";\r
5125                         $mqg = get_magic_quotes_gpc() ? 'On' : 'Off';\r
5126                         echo "\t\t" . '<td>' . $mqg . "</td>\n";\r
5127                         echo "\t</tr><tr>\n";\r
5128                         echo "\t\t" . '<td>magic_quotes_runtime' . "</td>\n";\r
5129                         $mqr = get_magic_quotes_runtime() ? 'On' : 'Off';\r
5130                         echo "\t\t" . '<td>' . $mqr . "</td>\n";\r
5131                         echo "\t</tr><tr>\n";\r
5132                         echo "\t\t" . '<td>register_globals' . "</td>\n";\r
5133                         $rg = ini_get('register_globals') ? 'On' : 'Off';\r
5134                         echo "\t\t" . '<td>' . $rg . "</td>\n";\r
5135                         echo "\t</tr>";\r
5136                         echo "</table>\n";\r
5137 \r
5138                         // Information about GD library\r
5139                         $gdinfo = gd_info();\r
5140                         echo "<table>\n";\r
5141                         echo "\t<tr>";\r
5142                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . "</th>\n";\r
5143                         echo "\t</tr>\n";\r
5144                         foreach ($gdinfo as $key=>$value) {\r
5145                                 if (is_bool($value)) {\r
5146                                         $value = $value ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
5147                                 } else {\r
5148                                         $value = htmlspecialchars($value, ENT_QUOTES);\r
5149                                 }\r
5150                                 echo "\t<tr>";\r
5151                                 echo "\t\t" . '<td width="50%">' . $key . "</td>\n";\r
5152                                 echo "\t\t" . '<td>' . $value . "</td>\n";\r
5153                                 echo "\t</tr>\n";\r
5154                         }\r
5155                         echo "</table>\n";\r
5156 \r
5157                         // Check if special modules are loaded\r
5158                         ob_start();\r
5159                         phpinfo(INFO_MODULES);\r
5160                         $im = ob_get_contents();\r
5161                         ob_clean();\r
5162                         echo "<table>\n";\r
5163                         echo "\t<tr>";\r
5164                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_MODULES . "</th>\n";\r
5165                         echo "\t</tr><tr>\n";\r
5166                         echo "\t\t" . '<td width="50%">mod_rewrite' . "</td>\n";\r
5167                         $modrewrite = (strstr($im, 'mod_rewrite') != '') ?\r
5168                                                 _ADMIN_SYSTEMOVERVIEW_ENABLE :\r
5169                                                 _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
5170                         echo "\t\t" . '<td>' . $modrewrite . "</td>\n";\r
5171                         echo "\t</tr>\n";\r
5172                         echo "</table>\n";\r
5173 \r
5174                         // Information about the used Nucleus CMS\r
5175                         echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . "</h3>\n";\r
5176                         global $nucleus;\r
5177                         $nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')';\r
5178                         $np = getNucleusPatchLevel();\r
5179                         echo "<table>\n";\r
5180                         echo "\t<tr>";\r
5181                         echo "\t\t" . '<th colspan="2">Nucleus CMS' . "</th>\n";\r
5182                         echo "\t</tr><tr>\n";\r
5183                         echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . "</td>\n";\r
5184                         echo "\t\t" . '<td>' . $nv . "</td>\n";\r
5185                         echo "\t</tr><tr>\n";\r
5186                         echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . "</td>\n";\r
5187                         echo "\t\t" . '<td>' . $np . "</td>\n";\r
5188                         echo "\t</tr>\n";\r
5189                         echo "</table>\n";\r
5190 \r
5191                         // Important settings of the installation\r
5192                         echo "<table>\n";\r
5193                         echo "\t<tr>";\r
5194                         echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . "</th>\n";\r
5195                         echo "\t</tr><tr>\n";\r
5196                         echo "\t\t" . '<td width="50%">' . '$CONF[' . "'Self']</td>\n";\r
5197                         echo "\t\t" . '<td>' . $CONF['Self'] . "</td>\n";\r
5198                         echo "\t</tr><tr>\n";\r
5199                         echo "\t\t" . '<td width="50%">' . '$CONF[' . "'ItemURL']</td>\n";\r
5200                         echo "\t\t" . '<td>' . $CONF['ItemURL'] . "</td>\n";\r
5201                         echo "\t</tr><tr>\n";\r
5202                         echo "\t\t" . '<td width="50%">' . '$CONF[' . "'alertOnHeadersSent']</td>\n";\r
5203                         $ohs = $CONF['alertOnHeadersSent'] ?\r
5204                                                 _ADMIN_SYSTEMOVERVIEW_ENABLE :\r
5205                                                 _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
5206                         echo "\t\t" . '<td>' . $ohs . "</td>\n";\r
5207                         echo "\t</tr>\n";\r
5208                         echo "</table>\n";\r
5209 \r
5210                         // Link to the online version test at the Nucleus CMS website\r
5211                         echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK . "</h3>\n";\r
5212                         if ($nucleus['codename'] != '') {\r
5213                                 $codenamestring = ' &quot;' . $nucleus['codename'] . '&quot;';\r
5214                         } else {\r
5215                                 $codenamestring = '';\r
5216                         }\r
5217                         echo _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TXT;\r
5218                         $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());\r
5219                         echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">';\r
5220                         echo 'Nucleus CMS ' . $nv . $codenamestring;\r
5221                         echo '</a>';\r
5222                 //echo '<br />';\r
5223                 }\r
5224                 else {\r
5225                         echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN;\r
5226                 }\r
5227 \r
5228                 $this->pagefoot();\r
5229         }\r
5230 \r
5231         /**\r
5232          * @todo document this\r
5233          */\r
5234         function updateConfig($name, $val) {\r
5235                 $name = sql_real_escape_string($name);\r
5236                 $val = trim(sql_real_escape_string($val));\r
5237 \r
5238                 $query = 'UPDATE '.sql_table('config')\r
5239                            . " SET value='$val'"\r
5240                            . " WHERE name='$name'";\r
5241 \r
5242                 sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
5243                 return sql_insert_id();\r
5244         }\r
5245 \r
5246         /**\r
5247          * Error message\r
5248          * @param string $msg message that will be shown\r
5249          */\r
5250         function error($msg) {\r
5251                 $this->pagehead();\r
5252                 ?>\r
5253                 <h2>Error!</h2>\r
5254                 <?php      echo $msg;\r
5255                 echo "<br />";\r
5256                 echo "<a href='index.php' onclick='history.back(); return false;'>"._BACK."</a>";\r
5257                 $this->pagefoot();\r
5258                 exit;\r
5259         }\r
5260 \r
5261         /**\r
5262          * @todo document this\r
5263          */\r
5264         function disallow() {\r
5265                 ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));\r
5266 \r
5267                 $this->error(_ERROR_DISALLOWED);\r
5268         }\r
5269 \r
5270         /**\r
5271          * @todo document this\r
5272          */\r
5273         function pagehead($extrahead = '') {\r
5274                 global $member, $nucleus, $CONF, $manager;\r
5275 \r
5276                 $param = array(\r
5277                         'extrahead'     => &$extrahead,\r
5278                         'action'        =>  $this->action\r
5279                 );\r
5280                 $manager->notify('AdminPrePageHead', $param);\r
5281 \r
5282                 $baseUrl = htmlspecialchars($CONF['AdminURL']);\r
5283                 if (!array_key_exists('AdminCSS',$CONF)) \r
5284                 {\r
5285                         sql_query("INSERT INTO ".sql_table('config')." VALUES ('AdminCSS', 'contemporary_jp')");\r
5286                         $CONF['AdminCSS'] = 'contemporary_jp';\r
5287                 }\r
5288                 \r
5289                 ?>\r
5290                 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
5291                 <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>>\r
5292                 <head>\r
5293                         <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />\r
5294                         <title><?php echo htmlspecialchars($CONF['SiteName'])?> - Admin</title>\r
5295                         <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" href="<?php echo $baseUrl?>styles/admin_<?php echo $CONF["AdminCSS"]?>.css" />\r
5296                         <link rel="stylesheet" title="Nucleus Admin Default" type="text/css"\r
5297                         href="<?php echo $baseUrl?>styles/addedit.css" />\r
5298 \r
5299                         <script type="text/javascript" src="<?php echo $baseUrl?>javascript/edit.js"></script>\r
5300                         <script type="text/javascript" src="<?php echo $baseUrl?>javascript/admin.js"></script>\r
5301                         <script type="text/javascript" src="<?php echo $baseUrl?>javascript/compatibility.js"></script>\r
5302 \r
5303           <meta http-equiv='Pragma' content='no-cache' />\r
5304           <meta http-equiv='Cache-Control' content='no-cache, must-revalidate' />\r
5305           <meta http-equiv='Expires' content='-1' />\r
5306 \r
5307                         <?php echo $extrahead?>\r
5308                 </head>\r
5309                 <body>\r
5310                 <div id="adminwrapper">\r
5311                 <div class="header">\r
5312                 <h1><?php echo htmlspecialchars($CONF['SiteName'])?></h1>\r
5313                 </div>\r
5314                 <div id="container">\r
5315                 <div id="content">\r
5316                 <div class="loginname">\r
5317                 <?php              if ($member->isLoggedIn())\r
5318                                 echo _LOGGEDINAS . ' ' . $member->getDisplayName()\r
5319                                         ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a>"\r
5320                                         . "<br /><a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";\r
5321                         else\r
5322                                 echo '<a href="index.php?action=showlogin" title="Log in">' , _NOTLOGGEDIN , '</a> <br />';\r
5323 \r
5324                         echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a>";\r
5325 \r
5326                         echo '<br />(';\r
5327 \r
5328                         $codenamestring = ($nucleus['codename']!='')? ' &quot;'.$nucleus['codename'].'&quot;':'';\r
5329 \r
5330                         if ($member->isLoggedIn() && $member->isAdmin()) {\r
5331                                 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());\r
5332                                 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';\r
5333                                 $newestVersion = getLatestVersion();\r
5334                                 $newestCompare = str_replace('/','.',$newestVersion);\r
5335                                 $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);\r
5336                                 $currentVersion = floatval($currentVersion);\r
5337                                 if ($newestVersion && version_compare($newestCompare,$currentVersion) > 0) {\r
5338                                         echo '<br /><a style="color:red" href="'._ADMINPAGEFOOT_OFFICIALURL.'upgrade.php" title="'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE.'">'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT.$newestVersion.'</a>';\r
5339                                 }\r
5340                         } else {\r
5341                                 echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;\r
5342                         }\r
5343                         echo ')';\r
5344                 echo '</div>';\r
5345         }\r
5346 \r
5347         /**\r
5348          * @todo document this\r
5349          */\r
5350         function pagefoot() {\r
5351                 global $action, $member, $manager;\r
5352 \r
5353                 $param = array(\r
5354                         'action' => $this->action\r
5355                 );\r
5356                 $manager->notify('AdminPrePageFoot', $param);\r
5357 \r
5358                 if ($member->isLoggedIn() && ($action != 'showlogin')) {\r
5359                         ?>\r
5360                         <h2><?php echo  _LOGOUT ?></h2>\r
5361                         <ul>\r
5362                                 <li><a href="index.php?action=overview"><?php echo  _BACKHOME?></a></li>\r
5363                                 <li><a href='index.php?action=logout'><?php echo  _LOGOUT?></a></li>\r
5364                         </ul>\r
5365                         <?php      }\r
5366                 ?>\r
5367                         <div class="foot">\r
5368                                 <a href="<?php echo _ADMINPAGEFOOT_OFFICIALURL ?>">Nucleus CMS</a> &copy; 2002-<?php echo date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT; ?>\r
5369                                 -\r
5370                                 <a href="<?php echo _ADMINPAGEFOOT_DONATEURL ?>"><?php echo _ADMINPAGEFOOT_DONATE ?></a>\r
5371                         </div>\r
5372 \r
5373                         </div><!-- content -->\r
5374 \r
5375                         <div id="quickmenu">\r
5376 \r
5377                                 <?php                      // ---- user settings ----\r
5378                                 if (($action != 'showlogin') && ($member->isLoggedIn())) {\r
5379                                         echo '<ul>';\r
5380                                         echo '<li><a href="index.php?action=overview">',_QMENU_HOME,'</a></li>';\r
5381                                         echo '</ul>';\r
5382 \r
5383                                         echo '<h2>',_QMENU_ADD,'</h2>';\r
5384                                         echo '<form method="get" action="index.php"><div>';\r
5385                                         echo '<input type="hidden" name="action" value="createitem" />';\r
5386 \r
5387                                                 $showAll = requestVar('showall');\r
5388                                                 if (($member->isAdmin()) && ($showAll == 'yes')) {\r
5389                                                         // Super-Admins have access to all blogs! (no add item support though)\r
5390                                                         $query =  'SELECT bnumber as value, bname as text'\r
5391                                                                    . ' FROM ' . sql_table('blog')\r
5392                                                                    . ' ORDER BY bname';\r
5393                                                 } else {\r
5394                                                         $query =  'SELECT bnumber as value, bname as text'\r
5395                                                                    . ' FROM ' . sql_table('blog') . ', ' . sql_table('team')\r
5396                                                                    . ' WHERE tblog=bnumber and tmember=' . $member->getID()\r
5397                                                                    . ' ORDER BY bname';\r
5398                                                 }\r
5399                                                 $template['name'] = 'blogid';\r
5400                                                 $template['tabindex'] = 15000;\r
5401                                                 $template['extra'] = _QMENU_ADD_SELECT;\r
5402                                                 $template['selected'] = -1;\r
5403                                                 $template['shorten'] = 10;\r
5404                                                 $template['shortenel'] = '';\r
5405                                                 $template['javascript'] = 'onchange="return form.submit()"';\r
5406                                                 showlist($query,'select',$template);\r
5407 \r
5408                                         echo '</div></form>';\r
5409 \r
5410                                         echo '<h2>' . $member->getDisplayName(). '</h2>';\r
5411                                         echo '<ul>';\r
5412                                         echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . '</a></li>';\r
5413                                         echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . '</a></li>';\r
5414                                         echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . '</a></li>';\r
5415                                         echo '</ul>';\r
5416 \r
5417 \r
5418 \r
5419 \r
5420                                         // ---- general settings ----\r
5421                                         if ($member->isAdmin()) {\r
5422 \r
5423                                                 echo '<h2>',_QMENU_MANAGE,'</h2>';\r
5424 \r
5425                                                 echo '<ul>';\r
5426                                                 echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . '</a></li>';\r
5427                                                 echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . '</a></li>';\r
5428                                                 echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . '</a></li>';\r
5429                                                 echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . '</a></li>';\r
5430                                                 echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . '</a></li>';\r
5431                                                 echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . '</a></li>';\r
5432                                                 echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . '</a></li>';\r
5433                                                 echo '</ul>';\r
5434 \r
5435                                                 echo '<h2>',_QMENU_LAYOUT,'</h2>';\r
5436                                                 echo '<ul>';\r
5437                                                 echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . '</a></li>';\r
5438                                                 echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . '</a></li>';\r
5439                                                 echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . '</a></li>';\r
5440                                                 echo '</ul>';\r
5441 \r
5442                                         }\r
5443 \r
5444                                         $aPluginExtras = array();\r
5445                                         $param = array(\r
5446                                                 'options' => &$aPluginExtras\r
5447                                         );\r
5448                                         $manager->notify('QuickMenu', $param);\r
5449                                         if (count($aPluginExtras) > 0)\r
5450                                         {\r
5451                                                 echo '<h2>', _QMENU_PLUGINS, '</h2>';\r
5452                                                 echo '<ul>';\r
5453                                                 foreach ($aPluginExtras as $aInfo)\r
5454                                                 {\r
5455                                                         echo '<li><a href="'.htmlspecialchars($aInfo['url']).'" title="'.htmlspecialchars($aInfo['tooltip']).'">'.htmlspecialchars($aInfo['title']).'</a></li>';\r
5456                                                 }\r
5457                                                 echo '</ul>';\r
5458                                         }\r
5459 \r
5460                                 } else if (($action == 'activate') || ($action == 'activatesetpwd')) {\r
5461 \r
5462                                         echo '<h2>', _QMENU_ACTIVATE, '</h2>', _QMENU_ACTIVATE_TEXT;\r
5463                                 } else {\r
5464                                         // introduction text on login screen\r
5465                                         echo '<h2>', _QMENU_INTRO, '</h2>', _QMENU_INTRO_TEXT;\r
5466                                 }\r
5467                                 ?>\r
5468                         </div>\r
5469 \r
5470                         <!-- content / quickmenu container -->\r
5471                         <div class="clear"></div>       <!-- new -->\r
5472                         </div>\r
5473 \r
5474                         <!-- adminwrapper -->   <!-- new -->\r
5475                         </div>   <!-- new -->\r
5476                         </body>\r
5477                         </html>\r
5478                 <?php   }\r
5479 \r
5480         /**\r
5481          * @todo document this\r
5482          */\r
5483         function action_regfile() {\r
5484                 global $member, $CONF;\r
5485 \r
5486                 $blogid = intRequestVar('blogid');\r
5487 \r
5488                 $member->teamRights($blogid) or $this->disallow();\r
5489 \r
5490                 // header-code stolen from phpMyAdmin\r
5491                 // REGEDIT and bookmarklet code stolen from GreyMatter\r
5492 \r
5493                 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid));\r
5494                 $sjisBlogName = mb_convert_encoding($sjisBlogName, "SJIS", "auto");\r
5495 \r
5496                 header('Content-Type: application/octetstream');\r
5497                 header('Content-Disposition: filename="nucleus.reg"');\r
5498                 header('Pragma: no-cache');\r
5499                 header('Expires: 0');\r
5500 \r
5501                 echo "REGEDIT4\n";\r
5502                 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n";\r
5503                 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n";\r
5504                 echo '"contexts"=hex:31';\r
5505         }\r
5506 \r
5507         /**\r
5508          * @todo document this\r
5509          */\r
5510         function action_bookmarklet() {\r
5511                 global $member, $manager;\r
5512 \r
5513                 $blogid = intRequestVar('blogid');\r
5514 \r
5515                 $member->teamRights($blogid) or $this->disallow();\r
5516 \r
5517                 $blog =& $manager->getBlog($blogid);\r
5518                 $bm = getBookmarklet($blogid);\r
5519 \r
5520                 $this->pagehead();\r
5521 \r
5522                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
5523 \r
5524                 ?>\r
5525 \r
5526                 <h2><?php echo _BOOKMARKLET_TITLE ?></h2>\r
5527 \r
5528                 <p>\r
5529                 <?php echo _BOOKMARKLET_DESC1 . _BOOKMARKLET_DESC2 . _BOOKMARKLET_DESC3 . _BOOKMARKLET_DESC4 . _BOOKMARKLET_DESC5 ?>\r
5530                 </p>\r
5531 \r
5532                 <h3><?php echo _BOOKMARKLET_BOOKARKLET ?></h3>\r
5533                 <p>\r
5534                         <?php echo _BOOKMARKLET_BMARKTEXT ?><small><?php echo _BOOKMARKLET_BMARKTEST ?></small>\r
5535                         <br />\r
5536                         <br />\r
5537                         <?php echo '<a href="' . htmlspecialchars($bm, ENT_QUOTES) . '">' . sprintf(_BOOKMARKLET_ANCHOR, htmlspecialchars($blog->getName(), ENT_QUOTES)) . '</a>' . _BOOKMARKLET_BMARKFOLLOW; ?>\r
5538                 </p>\r
5539 \r
5540                 <h3><?php echo _BOOKMARKLET_RIGHTCLICK ?></h3>\r
5541                 <p>\r
5542                         <?php\r
5543                                 $url = 'index.php?action=regfile&blogid=' . intval($blogid);\r
5544                                 $url = $manager->addTicketToUrl($url);\r
5545                         ?>\r
5546                         <?php echo _BOOKMARKLET_RIGHTTEXT1 . '<a href="' . htmlspecialchars($url, ENT_QUOTES, "SJIS") . '">' . _BOOKMARKLET_RIGHTLABEL . '</a>' . _BOOKMARKLET_RIGHTTEXT2; ?>\r
5547                 </p>\r
5548 \r
5549                 <p>\r
5550                         <?php echo _BOOKMARKLET_RIGHTTEXT3 ?>\r
5551                 </p>\r
5552 \r
5553                 <h3><?php echo _BOOKMARKLET_UNINSTALLTT ?></h3>\r
5554                 <p>\r
5555                         <?php echo _BOOKMARKLET_DELETEBAR ?>\r
5556                 </p>\r
5557 \r
5558                 <p>\r
5559                         <?php echo _BOOKMARKLET_DELETERIGHTT ?>\r
5560                 </p>\r
5561 \r
5562                 <ol>\r
5563                         <li><?php echo _BOOKMARKLET_DELETERIGHT1 ?></li>\r
5564                         <li><?php echo _BOOKMARKLET_DELETERIGHT2 ?></li>\r
5565                         <li><?php echo _BOOKMARKLET_DELETERIGHT3 ?></li>\r
5566                         <li><?php echo _BOOKMARKLET_DELETERIGHT4 ?></li>\r
5567                         <li><?php echo _BOOKMARKLET_DELETERIGHT5 ?></li>\r
5568                 </ol>\r
5569 \r
5570                 <?php\r
5571                 $this->pagefoot();\r
5572 \r
5573         }\r
5574 \r
5575         /**\r
5576          * @todo document this\r
5577          */\r
5578         function action_actionlog() {\r
5579                 global $member, $manager;\r
5580 \r
5581                 $member->isAdmin() or $this->disallow();\r
5582 \r
5583                 $this->pagehead();\r
5584 \r
5585                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
5586 \r
5587                 $url = $manager->addTicketToUrl('index.php?action=clearactionlog');\r
5588 \r
5589                 ?>\r
5590                         <h2><?php echo _ACTIONLOG_CLEAR_TITLE?></h2>\r
5591                         <p><a href="<?php echo htmlspecialchars($url)?>"><?php echo _ACTIONLOG_CLEAR_TEXT?></a></p>\r
5592                 <?php\r
5593                 echo '<h2>' . _ACTIONLOG_TITLE . '</h2>';\r
5594 \r
5595                 $query =  'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC';\r
5596                 $template['content'] = 'actionlist';\r
5597                 $amount = showlist($query,'table',$template);\r
5598 \r
5599                 $this->pagefoot();\r
5600 \r
5601         }\r
5602 \r
5603         /**\r
5604          * @todo document this\r
5605          */\r
5606         function action_banlist() {\r
5607                 global $member, $manager;\r
5608 \r
5609                 $blogid = intRequestVar('blogid');\r
5610 \r
5611                 $member->blogAdminRights($blogid) or $this->disallow();\r
5612 \r
5613                 $blog =& $manager->getBlog($blogid);\r
5614 \r
5615                 $this->pagehead();\r
5616 \r
5617                 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>';\r
5618 \r
5619                 echo '<h2>' . _BAN_TITLE . " '". $this->bloglink($blog) ."'</h2>";\r
5620 \r
5621                 $query =  'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid.' ORDER BY iprange';\r
5622                 $template['content'] = 'banlist';\r
5623                 $amount = showlist($query,'table',$template);\r
5624 \r
5625                 if ($amount == 0)\r
5626                         echo _BAN_NONE;\r
5627 \r
5628                 echo '<h2>'._BAN_NEW_TITLE.'</h2>';\r
5629                 echo "<p><a href='index.php?action=banlistnew&amp;blogid=$blogid'>"._BAN_NEW_TEXT."</a></p>";\r
5630 \r
5631 \r
5632                 $this->pagefoot();\r
5633 \r
5634         }\r
5635 \r
5636         /**\r
5637          * @todo document this\r
5638          */\r
5639         function action_banlistdelete() {\r
5640                 global $member, $manager;\r
5641 \r
5642                 $blogid = intRequestVar('blogid');\r
5643                 $iprange = requestVar('iprange');\r
5644 \r
5645                 $member->blogAdminRights($blogid) or $this->disallow();\r
5646 \r
5647                 $blog =& $manager->getBlog($blogid);\r
5648                 $banBlogName =  htmlspecialchars($blog->getName(), ENT_QUOTES);\r
5649 \r
5650                 $this->pagehead();\r
5651                 ?>\r
5652                         <h2><?php echo _BAN_REMOVE_TITLE?></h2>\r
5653 \r
5654                         <form method="post" action="index.php">\r
5655 \r
5656                         <h3><?php echo _BAN_IPRANGE?></h3>\r
5657 \r
5658                         <p>\r
5659                                 <?php echo _CONFIRMTXT_BAN?> <?php echo htmlspecialchars($iprange) ?>\r
5660                                 <input name="iprange" type="hidden" value="<?php echo htmlspecialchars($iprange)?>" />\r
5661                         </p>\r
5662 \r
5663                         <h3><?php echo _BAN_BLOGS?></h3>\r
5664 \r
5665                         <div>\r
5666                                 <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
5667                                 <input name="allblogs" type="radio" value="0" id="allblogs_one" />\r
5668                                 <label for="allblogs_one"><?php echo sprintf(_BAN_BANBLOGNAME, $banBlogName) ?></label>\r
5669                                 <br />\r
5670                                 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label>\r
5671                         </div>\r
5672 \r
5673                         <h3><?php echo _BAN_DELETE_TITLE?></h3>\r
5674 \r
5675                         <div>\r
5676                                 <?php $manager->addTicketHidden() ?>\r
5677                                 <input type="hidden" name="action" value="banlistdeleteconfirm" />\r
5678                                 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
5679                         </div>\r
5680 \r
5681                         </form>\r
5682                 <?php\r
5683                 $this->pagefoot();\r
5684         }\r
5685 \r
5686         /**\r
5687          * @todo document this\r
5688          */\r
5689         function action_banlistdeleteconfirm() {\r
5690                 global $member, $manager;\r
5691 \r
5692                 $blogid = intPostVar('blogid');\r
5693                 $allblogs = postVar('allblogs');\r
5694                 $iprange = postVar('iprange');\r
5695 \r
5696                 $member->blogAdminRights($blogid) or $this->disallow();\r
5697 \r
5698                 $deleted = array();\r
5699 \r
5700                 if (!$allblogs) {\r
5701                         if (BAN::removeBan($blogid, $iprange))\r
5702                                 array_push($deleted, $blogid);\r
5703                 } else {\r
5704                         // get blogs fot which member has admin rights\r
5705                         $adminblogs = $member->getAdminBlogs();\r
5706                         foreach ($adminblogs as $blogje) {\r
5707                                 if (BAN::removeBan($blogje, $iprange))\r
5708                                         array_push($deleted, $blogje);\r
5709                         }\r
5710                 }\r
5711 \r
5712                 if (sizeof($deleted) == 0)\r
5713                         $this->error(_ERROR_DELETEBAN);\r
5714 \r
5715                 $this->pagehead();\r
5716 \r
5717                 echo '<a href="index.php?action=banlist&amp;blogid=',$blogid,'">(',_BACK,')</a>';\r
5718                 echo '<h2>'._BAN_REMOVED_TITLE.'</h2>';\r
5719                 echo "<p>"._BAN_REMOVED_TEXT."</p>";\r
5720 \r
5721                 echo "<ul>";\r
5722                 foreach ($deleted as $delblog) {\r
5723                         $b =& $manager->getBlog($delblog);\r
5724                         echo "<li>" . htmlspecialchars($b->getName()). "</li>";\r
5725                 }\r
5726                 echo "</ul>";\r
5727 \r
5728                 $this->pagefoot();\r
5729 \r
5730         }\r
5731 \r
5732         /**\r
5733          * @todo document this\r
5734          */\r
5735         function action_banlistnewfromitem() {\r
5736                 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));\r
5737         }\r
5738 \r
5739         /**\r
5740          * @todo document this\r
5741          */\r
5742         function action_banlistnew($blogid = '') {\r
5743                 global $member, $manager;\r
5744 \r
5745                 if ($blogid == '')\r
5746                         $blogid = intRequestVar('blogid');\r
5747 \r
5748                 $ip = requestVar('ip');\r
5749 \r
5750                 $member->blogAdminRights($blogid) or $this->disallow();\r
5751 \r
5752                 $blog =& $manager->getBlog($blogid);\r
5753 \r
5754                 $this->pagehead();\r
5755                 ?>\r
5756                 <h2><?php echo _BAN_ADD_TITLE?></h2>\r
5757 \r
5758 \r
5759                 <form method="post" action="index.php">\r
5760 \r
5761                 <h3><?php echo _BAN_IPRANGE?></h3>\r
5762 \r
5763                 <p><?php echo _BAN_IPRANGE_TEXT?></p>\r
5764 \r
5765                 <div class="note">\r
5766                         <strong><?php echo _BAN_EXAMPLE_TITLE ?></strong>\r
5767                         <?php echo _BAN_EXAMPLE_TEXT ?>\r
5768                 </div>\r
5769 \r
5770                 <div>\r
5771                 <?php\r
5772                 if ($ip) {\r
5773                         $iprangeVal = htmlspecialchars($ip, ENT_QUOTES);\r
5774                 ?>\r
5775                         <input name="iprange" type="radio" value="<?php echo $iprangeVal ?>" checked="checked" id="ip_fixed" />\r
5776                         <label for="ip_fixed"><?php echo $iprangeVal ?></label>\r
5777                         <br />\r
5778                         <input name="iprange" type="radio" value="custom" id="ip_custom" />\r
5779                         <label for="ip_custom"><?php echo _BAN_IP_CUSTOM ?></label>\r
5780                         <input name='customiprange' value='<?php echo $iprangeVal ?>' maxlength='15' size='15' />\r
5781                 <?php\r
5782                 } else {\r
5783                                 echo "<input name='iprange' value='custom' type='hidden' />";\r
5784                                 echo "<input name='customiprange' value='' maxlength='15' size='15' />";\r
5785                         }\r
5786                 ?>\r
5787                 </div>\r
5788 \r
5789                 <h3><?php echo _BAN_BLOGS?></h3>\r
5790 \r
5791                 <p><?php echo _BAN_BLOGS_TEXT?></p>\r
5792 \r
5793                 <div>\r
5794                         <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
5795                         <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">'<?php echo htmlspecialchars($blog->getName())?>'</label>\r
5796                         <br />\r
5797                         <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label>\r
5798                 </div>\r
5799 \r
5800                 <h3><?php echo _BAN_REASON_TITLE?></h3>\r
5801 \r
5802                 <p><?php echo _BAN_REASON_TEXT?></p>\r
5803 \r
5804                 <div><textarea name="reason" cols="40" rows="5"></textarea></div>\r
5805 \r
5806                 <h3><?php echo _BAN_ADD_TITLE?></h3>\r
5807 \r
5808                 <div>\r
5809                         <input name="action" type="hidden" value="banlistadd" />\r
5810                         <?php $manager->addTicketHidden() ?>\r
5811                         <input type="submit" value="<?php echo _BAN_ADD_BTN?>" />\r
5812                 </div>\r
5813 \r
5814                 </form>\r
5815 \r
5816                 <?php      $this->pagefoot();\r
5817         }\r
5818 \r
5819         /**\r
5820          * @todo document this\r
5821          */\r
5822         function action_banlistadd() {\r
5823                 global $member;\r
5824 \r
5825                 $blogid =          intPostVar('blogid');\r
5826                 $allblogs =      postVar('allblogs');\r
5827                 $iprange =        postVar('iprange');\r
5828                 if ($iprange == "custom")\r
5829                         $iprange = postVar('customiprange');\r
5830                 $reason =          postVar('reason');\r
5831 \r
5832                 $member->blogAdminRights($blogid) or $this->disallow();\r
5833 \r
5834                 // TODO: check IP range validity\r
5835 \r
5836                 if (!$allblogs) {\r
5837                         if (!BAN::addBan($blogid, $iprange, $reason))\r
5838                                 $this->error(_ERROR_ADDBAN);\r
5839                 } else {\r
5840                         // get blogs fot which member has admin rights\r
5841                         $adminblogs = $member->getAdminBlogs();\r
5842                         $failed = 0;\r
5843                         foreach ($adminblogs as $blogje) {\r
5844                                 if (!BAN::addBan($blogje, $iprange, $reason))\r
5845                                         $failed = 1;\r
5846                         }\r
5847                         if ($failed)\r
5848                                 $this->error(_ERROR_ADDBAN);\r
5849                 }\r
5850 \r
5851                 $this->action_banlist();\r
5852 \r
5853         }\r
5854 \r
5855         /**\r
5856          * @todo document this\r
5857          */\r
5858         function action_clearactionlog() {\r
5859                 global $member;\r
5860 \r
5861                 $member->isAdmin() or $this->disallow();\r
5862 \r
5863                 ACTIONLOG::clear();\r
5864 \r
5865                 $this->action_manage(_MSG_ACTIONLOGCLEARED);\r
5866         }\r
5867 \r
5868         /**\r
5869          * @todo document this\r
5870          */\r
5871         function action_backupoverview() {\r
5872                 global $member, $manager;\r
5873 \r
5874                 $member->isAdmin() or $this->disallow();\r
5875 \r
5876                 $this->pagehead();\r
5877 \r
5878                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
5879                 ?>\r
5880                 <h2><?php echo _BACKUPS_TITLE?></h2>\r
5881 \r
5882                 <h3><?php echo _BACKUP_TITLE?></h3>\r
5883 \r
5884                 <p><?php echo _BACKUP_INTRO?></p>\r
5885 \r
5886                 <form method="post" action="index.php"><p>\r
5887                 <input type="hidden" name="action" value="backupcreate" />\r
5888                 <?php $manager->addTicketHidden() ?>\r
5889 \r
5890                 <input type="radio" name="gzip" value="1" checked="checked" id="gzip_yes" tabindex="10" /><label for="gzip_yes"><?php echo _BACKUP_ZIP_YES?></label>\r
5891                 <br />\r
5892                 <input type="radio" name="gzip" value="0" id="gzip_no" tabindex="10" /><label for="gzip_no" ><?php echo _BACKUP_ZIP_NO?></label>\r
5893                 <br /><br />\r
5894                 <input type="submit" value="<?php echo _BACKUP_BTN?>" tabindex="20" />\r
5895 \r
5896                 </p></form>\r
5897 \r
5898                 <div class="note"><?php echo _BACKUP_NOTE?></div>\r
5899 \r
5900 \r
5901                 <h3><?php echo _RESTORE_TITLE?></h3>\r
5902 \r
5903                 <div class="note"><?php echo _RESTORE_NOTE?></div>\r
5904 \r
5905                 <p><?php echo _RESTORE_INTRO?></p>\r
5906 \r
5907                 <form method="post" action="index.php" enctype="multipart/form-data"><p>\r
5908                         <input type="hidden" name="action" value="backuprestore" />\r
5909                         <?php $manager->addTicketHidden() ?>\r
5910                         <input name="backup_file" type="file" tabindex="30" />\r
5911                         <br /><br />\r
5912                         <input type="submit" value="<?php echo _RESTORE_BTN?>" tabindex="40" />\r
5913                         <br /><input type="checkbox" name="letsgo" value="1" id="letsgo" tabindex="50" /><label for="letsgo"><?php echo _RESTORE_IMSURE?></label>\r
5914                         <br /><?php echo _RESTORE_WARNING?>\r
5915                 </p></form>\r
5916 \r
5917                 <?php      $this->pagefoot();\r
5918         }\r
5919 \r
5920         /**\r
5921          * @todo document this\r
5922          */\r
5923         function action_backupcreate() {\r
5924                 global $member, $DIR_LIBS;\r
5925 \r
5926                 $member->isAdmin() or $this->disallow();\r
5927 \r
5928                 // use compression ?\r
5929                 $useGzip = intval(postVar('gzip'));\r
5930 \r
5931                 include($DIR_LIBS . 'backup.php');\r
5932 \r
5933                 // try to extend time limit\r
5934                 // (creating/restoring dumps might take a while)\r
5935                 @set_time_limit(1200);\r
5936 \r
5937                 $bu = new Backup();\r
5938                 $bu->do_backup($useGzip);\r
5939                 exit;\r
5940         }\r
5941 \r
5942         /**\r
5943          * @todo document this\r
5944          */\r
5945         function action_backuprestore() {\r
5946                 global $member, $DIR_LIBS;\r
5947 \r
5948                 $member->isAdmin() or $this->disallow();\r
5949 \r
5950                 if (intPostVar('letsgo') != 1)\r
5951                         $this->error(_ERROR_BACKUP_NOTSURE);\r
5952 \r
5953                 include($DIR_LIBS . 'backup.php');\r
5954 \r
5955                 // try to extend time limit\r
5956                 // (creating/restoring dumps might take a while)\r
5957                 @set_time_limit(1200);\r
5958 \r
5959                 $bu = new Backup();\r
5960                 $message = $bu->do_restore();\r
5961                 if ($message != '')\r
5962                         $this->error($message);\r
5963 \r
5964                 $this->pagehead();\r
5965                 ?>\r
5966                 <h2><?php echo _RESTORE_COMPLETE?></h2>\r
5967                 <?php      $this->pagefoot();\r
5968 \r
5969         }\r
5970 \r
5971 /*\r
5972  * @todo document this\r
5973  */\r
5974         function action_pluginlist() {\r
5975                 global $member, $manager;\r
5976 \r
5977                 // check if allowed\r
5978                 $member->isAdmin() or $this->disallow();\r
5979 \r
5980                 $this->pagehead();\r
5981 \r
5982                 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>';\r
5983 \r
5984                 echo '<h2>' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '</h2>';\r
5985 \r
5986                 echo '<h3>' , _PLUGS_TITLE_INSTALLED , ' &nbsp;&nbsp;<span style="font-size:smaller">', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, '</a></span></h3>';\r
5987 \r
5988 \r
5989                 $query =  'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC';\r
5990 \r
5991                 $template['content'] = 'pluginlist';\r
5992                 $template['tabindex'] = 10;\r
5993                 showlist($query, 'table', $template);\r
5994 \r
5995                 ?>\r
5996                         <h3><?php echo _PLUGS_TITLE_UPDATE?></h3>\r
5997 \r
5998                         <p><?php echo _PLUGS_TEXT_UPDATE?></p>\r
5999 \r
6000                         <form method="post" action="index.php"><div>\r
6001                                 <input type="hidden" name="action" value="pluginupdate" />\r
6002                                 <?php $manager->addTicketHidden() ?>\r
6003                                 <input type="submit" value="<?php echo _PLUGS_BTN_UPDATE ?>" tabindex="20" />\r
6004                         </div></form>\r
6005 \r
6006                         <h3><?php echo _PLUGS_TITLE_NEW?></h3>\r
6007                         \r
6008                         <?php\r
6009                         // find a list of possibly non-installed plugins\r
6010                                 $candidates = array();\r
6011                                 global $DIR_PLUGINS;\r
6012                                 $dirhandle = opendir($DIR_PLUGINS);\r
6013                                 while ($filename = readdir($dirhandle) )\r
6014                                 {\r
6015                                         # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
6016                                         # original ereg: ereg('^NP_(.*)\.php$',$filename,$matches)\r
6017                                         if (preg_match('#^NP_(.*)\.php$#', $filename, $matches) )\r
6018                                         {\r
6019                                                 $name = $matches[1];\r
6020                                                 // only show in list when not yet installed\r
6021                                                 $res = sql_query('SELECT * FROM ' . sql_table('plugin') . ' WHERE `pfile` = "NP_' . sql_real_escape_string($name) . '"');\r
6022                                                 if (sql_num_rows($res) == 0)\r
6023                                                 {\r
6024                                                         array_push($candidates, $name);\r
6025                                                 }\r
6026                                         }\r
6027                                 }\r
6028                                 closedir($dirhandle);\r
6029                                 \r
6030                                 if (sizeof($candidates) > 0)\r
6031                                 {\r
6032                         ?>\r
6033 \r
6034                         <p><?php echo _PLUGS_ADD_TEXT?></p>\r
6035 \r
6036 \r
6037                         <form method='post' action='index.php'><div>\r
6038                                 <input type='hidden' name='action' value='pluginadd' />\r
6039                                 <?php $manager->addTicketHidden() ?>\r
6040                                 <select name="filename" tabindex="30">\r
6041                                 <?php   \r
6042                                 foreach($candidates as $name)\r
6043                                 {\r
6044                                         echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>';\r
6045                                 }\r
6046                                 ?>\r
6047                                 </select>\r
6048                                 <input type='submit' tabindex="40" value='<?php echo _PLUGS_BTN_INSTALL?>' />\r
6049                         </div></form>\r
6050 \r
6051                 <?php\r
6052                                 }\r
6053                                 else\r
6054                                 {\r
6055                                 echo '<p>',_PLUGS_NOCANDIDATES,'</p>';\r
6056                         }\r
6057 \r
6058                 $this->pagefoot();\r
6059         }\r
6060 \r
6061         /**\r
6062          * @todo document this\r
6063          */\r
6064         function action_pluginhelp() {\r
6065                 global $member, $manager, $DIR_PLUGINS, $CONF;\r
6066 \r
6067                 // check if allowed\r
6068                 $member->isAdmin() or $this->disallow();\r
6069 \r
6070                 $plugid = intGetVar('plugid');\r
6071 \r
6072                 if (!$manager->pidInstalled($plugid))\r
6073                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6074 \r
6075                 $plugName = getPluginNameFromPid($plugid);\r
6076 \r
6077                 $this->pagehead();\r
6078 \r
6079                 echo '<p><a href="index.php?action=pluginlist">(',_PLUGS_BACK,')</a></p>';\r
6080 \r
6081                 echo '<h2>',_PLUGS_HELP_TITLE,': ',htmlspecialchars($plugName),'</h2>';\r
6082 \r
6083                 $plug =& $manager->getPlugin($plugName);\r
6084                 $helpFile = $DIR_PLUGINS.$plug->getShortName().'/help.html';\r
6085 \r
6086                 if (($plug->supportsFeature('HelpPage') > 0) && (@file_exists($helpFile))) {\r
6087                         @readfile($helpFile);\r
6088                 } else {\r
6089                         echo '<p>' . _ERROR .': ', _ERROR_PLUGNOHELPFILE,'</p>';\r
6090                         echo '<p><a href="index.php?action=pluginlist">(',_BACK,')</a></p>';\r
6091                 }\r
6092 \r
6093 \r
6094                 $this->pagefoot();\r
6095         }\r
6096 \r
6097         /**\r
6098          * @todo document this\r
6099          */\r
6100         function action_pluginadd() {\r
6101                 global $member, $manager, $DIR_PLUGINS;\r
6102 \r
6103                 // check if allowed\r
6104                 $member->isAdmin() or $this->disallow();\r
6105 \r
6106                 $name = postVar('filename');\r
6107 \r
6108                 if ($manager->pluginInstalled($name))\r
6109                         $this->error(_ERROR_DUPPLUGIN);\r
6110                 if (!checkPlugin($name))\r
6111                         $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')');\r
6112 \r
6113                 // get number of currently installed plugins\r
6114                 $res = sql_query('SELECT * FROM '.sql_table('plugin'));\r
6115                 $numCurrent = sql_num_rows($res);\r
6116 \r
6117                 // plugin will be added as last one in the list\r
6118                 $newOrder = $numCurrent + 1;\r
6119 \r
6120                 $param = array(\r
6121                         'file' => &$name\r
6122                 );\r
6123                 $manager->notify('PreAddPlugin', $param);\r
6124 \r
6125                 // do this before calling getPlugin (in case the plugin id is used there)\r
6126                 $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")';\r
6127                 sql_query($query);\r
6128                 $iPid = sql_insert_id();\r
6129 \r
6130                 $manager->clearCachedInfo('installedPlugins');\r
6131 \r
6132                 // Load the plugin for condition checking and instalation\r
6133                 $plugin =& $manager->getPlugin($name);\r
6134 \r
6135                 // check if it got loaded (could have failed)\r
6136                 if (!$plugin)\r
6137                 {\r
6138                         sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));\r
6139                         $manager->clearCachedInfo('installedPlugins');\r
6140                         $this->error(_ERROR_PLUGIN_LOAD);\r
6141                 }\r
6142 \r
6143                 // check if plugin needs a newer Nucleus version\r
6144                 if (getNucleusVersion() < $plugin->getMinNucleusVersion())\r
6145                 {\r
6146                         // uninstall plugin again...\r
6147                         $this->deleteOnePlugin($plugin->getID());\r
6148 \r
6149                         // ...and show error\r
6150                         $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion()));\r
6151                 }\r
6152 \r
6153                 // check if plugin needs a newer Nucleus version\r
6154                 if ((getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()))\r
6155                 {\r
6156                         // uninstall plugin again...\r
6157                         $this->deleteOnePlugin($plugin->getID());\r
6158 \r
6159                         // ...and show error\r
6160                         $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );\r
6161                 }\r
6162 \r
6163                 $pluginList = $plugin->getPluginDep();\r
6164                 foreach ($pluginList as $pluginName)\r
6165                 {\r
6166 \r
6167                         $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');\r
6168                         if (sql_num_rows($res) == 0)\r
6169                         {\r
6170                                 // uninstall plugin again...\r
6171                                 $this->deleteOnePlugin($plugin->getID());\r
6172 \r
6173                                 $this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES)));\r
6174                         }\r
6175                 }\r
6176 \r
6177                 // call the install method of the plugin\r
6178                 $plugin->install();\r
6179 \r
6180                 $param = array(\r
6181                         'plugin' => &$plugin\r
6182                 );\r
6183                 $manager->notify('PostAddPlugin', $param);\r
6184 \r
6185                 // update all events\r
6186                 $this->action_pluginupdate();\r
6187         }\r
6188 \r
6189         /**\r
6190          * @todo document this\r
6191          */\r
6192         function action_pluginupdate() {\r
6193                 global $member, $manager, $CONF;\r
6194 \r
6195                 // check if allowed\r
6196                 $member->isAdmin() or $this->disallow();\r
6197 \r
6198                 // delete everything from plugin_events\r
6199                 sql_query('DELETE FROM '.sql_table('plugin_event'));\r
6200 \r
6201                 // loop over all installed plugins\r
6202                 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));\r
6203                 while($o = sql_fetch_object($res)) {\r
6204                         $pid = $o->pid;\r
6205                         $plug =& $manager->getPlugin($o->pfile);\r
6206                         if ($plug)\r
6207                         {\r
6208                                 $eventList = $plug->getEventList();\r
6209                                 foreach ($eventList as $eventName)\r
6210                                         sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.sql_real_escape_string($eventName).'\')');\r
6211                         }\r
6212                 }\r
6213 \r
6214                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6215 //              $this->action_pluginlist();\r
6216         }\r
6217 \r
6218         /**\r
6219          * @todo document this\r
6220          */\r
6221         function action_plugindelete() {\r
6222                 global $member, $manager;\r
6223 \r
6224                 // check if allowed\r
6225                 $member->isAdmin() or $this->disallow();\r
6226 \r
6227                 $pid = intGetVar('plugid');\r
6228 \r
6229                 if (!$manager->pidInstalled($pid))\r
6230                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6231 \r
6232                 $this->pagehead();\r
6233                 ?>\r
6234                         <h2><?php echo _DELETE_CONFIRM?></h2>\r
6235 \r
6236                         <p><?php echo _CONFIRMTXT_PLUGIN?> <strong><?php echo getPluginNameFromPid($pid)?></strong>?</p>\r
6237 \r
6238                         <form method="post" action="index.php"><div>\r
6239                         <?php $manager->addTicketHidden() ?>\r
6240                         <input type="hidden" name="action" value="plugindeleteconfirm" />\r
6241                         <input type="hidden" name="plugid" value="<?php echo $pid; ?>" />\r
6242                         <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
6243                         </div></form>\r
6244                 <?php\r
6245                 $this->pagefoot();\r
6246         }\r
6247 \r
6248         /**\r
6249          * @todo document this\r
6250          */\r
6251         function action_plugindeleteconfirm() {\r
6252                 global $member, $manager, $CONF;\r
6253 \r
6254                 // check if allowed\r
6255                 $member->isAdmin() or $this->disallow();\r
6256 \r
6257                 $pid = intPostVar('plugid');\r
6258 \r
6259                 $error = $this->deleteOnePlugin($pid, 1);\r
6260                 if ($error) {\r
6261                         $this->error($error);\r
6262                 }\r
6263 \r
6264                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6265 //              $this->action_pluginlist();\r
6266         }\r
6267 \r
6268         /**\r
6269          * @todo document this\r
6270          */\r
6271         function deleteOnePlugin($pid, $callUninstall = 0) {\r
6272                 global $manager;\r
6273 \r
6274                 $pid = intval($pid);\r
6275 \r
6276                 if (!$manager->pidInstalled($pid))\r
6277                         return _ERROR_NOSUCHPLUGIN;\r
6278 \r
6279                 $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid);\r
6280 \r
6281 /*              // call the unInstall method of the plugin\r
6282                 if ($callUninstall) {\r
6283                         $plugin =& $manager->getPlugin($name);\r
6284                         if ($plugin) $plugin->unInstall();\r
6285                 }*/\r
6286 \r
6287                 // check dependency before delete\r
6288                 $res = sql_query('SELECT pfile FROM '.sql_table('plugin'));\r
6289                 while($o = sql_fetch_object($res)) {\r
6290                         $plug =& $manager->getPlugin($o->pfile);\r
6291                         if ($plug)\r
6292                         {\r
6293                                 $depList = $plug->getPluginDep();\r
6294                                 foreach ($depList as $depName)\r
6295                                 {\r
6296                                         if ($name == $depName)\r
6297                                         {\r
6298                                                 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);\r
6299                                         }\r
6300                                 }\r
6301                         }\r
6302                 }\r
6303 \r
6304                 $param = array('plugid' => $pid);\r
6305                 $manager->notify('PreDeletePlugin', $param);\r
6306 \r
6307                 // call the unInstall method of the plugin\r
6308                 if ($callUninstall) {\r
6309                         $plugin =& $manager->getPlugin($name);\r
6310                         if ($plugin) $plugin->unInstall();\r
6311                 }\r
6312 \r
6313                 // delete all subscriptions\r
6314                 sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid);\r
6315 \r
6316                 // delete all options\r
6317                 // get OIDs from plugin_option_desc\r
6318                 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);\r
6319                 $aOIDs = array();\r
6320                 while ($o = sql_fetch_object($res)) {\r
6321                         array_push($aOIDs, $o->oid);\r
6322                 }\r
6323 \r
6324                 // delete from plugin_option and plugin_option_desc\r
6325                 sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid);\r
6326                 if (count($aOIDs) > 0)\r
6327                         sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')');\r
6328 \r
6329                 // update order numbers\r
6330                 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid);\r
6331                 $o = sql_fetch_object($res);\r
6332                 sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder);\r
6333 \r
6334                 // delete row\r
6335                 sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid);\r
6336 \r
6337                 $manager->clearCachedInfo('installedPlugins');\r
6338                 $param = array('plugid' => $pid);\r
6339                 $manager->notify('PostDeletePlugin', $param);\r
6340 \r
6341                 return '';\r
6342         }\r
6343 \r
6344         /**\r
6345          * @todo document this\r
6346          */\r
6347         function action_pluginup() {\r
6348                 global $member, $manager, $CONF;\r
6349 \r
6350                 // check if allowed\r
6351                 $member->isAdmin() or $this->disallow();\r
6352 \r
6353                 $plugid = intGetVar('plugid');\r
6354 \r
6355                 if (!$manager->pidInstalled($plugid))\r
6356                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6357 \r
6358                 // 1. get old order number\r
6359                 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);\r
6360                 $o = sql_fetch_object($res);\r
6361                 $oldOrder = $o->porder;\r
6362 \r
6363                 // 2. calculate new order number\r
6364                 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;\r
6365 \r
6366                 // 3. update plug numbers\r
6367                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);\r
6368                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);\r
6369 \r
6370                 //$this->action_pluginlist();\r
6371                 // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
6372                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6373         }\r
6374 \r
6375         /**\r
6376          * @todo document this\r
6377          */\r
6378         function action_plugindown() {\r
6379                 global $member, $manager, $CONF;\r
6380 \r
6381                 // check if allowed\r
6382                 $member->isAdmin() or $this->disallow();\r
6383 \r
6384                 $plugid = intGetVar('plugid');\r
6385                 if (!$manager->pidInstalled($plugid))\r
6386                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6387 \r
6388                 // 1. get old order number\r
6389                 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);\r
6390                 $o = sql_fetch_object($res);\r
6391                 $oldOrder = $o->porder;\r
6392 \r
6393                 $res = sql_query('SELECT * FROM '.sql_table('plugin'));\r
6394                 $maxOrder = sql_num_rows($res);\r
6395 \r
6396                 // 2. calculate new order number\r
6397                 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;\r
6398 \r
6399                 // 3. update plug numbers\r
6400                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);\r
6401                 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);\r
6402 \r
6403                 //$this->action_pluginlist();\r
6404                 // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
6405                 redirect($CONF['AdminURL'] . '?action=pluginlist');\r
6406         }\r
6407 \r
6408         /**\r
6409          * @todo document this\r
6410          */\r
6411         function action_pluginoptions($message = '') {\r
6412                 global $member, $manager;\r
6413 \r
6414                 // check if allowed\r
6415                 $member->isAdmin() or $this->disallow();\r
6416 \r
6417                 $pid = intRequestVar('plugid');\r
6418                 if (!$manager->pidInstalled($pid))\r
6419                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6420 \r
6421                 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
6422                 $pluginName = htmlspecialchars(getPluginNameFromPid($pid), ENT_QUOTES);\r
6423                 $this->pagehead($extrahead);\r
6424 \r
6425                 ?>\r
6426                         <p><a href="index.php?action=pluginlist">(<?php echo _PLUGS_BACK?>)</a></p>\r
6427 \r
6428                         <h2><?php echo sprintf(_PLUGIN_OPTIONS_TITLE, $pluginName) ?></h2>\r
6429 \r
6430                         <?php if  ($message) echo $message?>\r
6431 \r
6432                         <form action="index.php" method="post">\r
6433                         <div>\r
6434                                 <input type="hidden" name="action" value="pluginoptionsupdate" />\r
6435                                 <input type="hidden" name="plugid" value="<?php echo $pid?>" />\r
6436 \r
6437                 <?php\r
6438 \r
6439                 $manager->addTicketHidden();\r
6440 \r
6441                 $aOptions = array();\r
6442                 $aOIDs = array();\r
6443                 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC';\r
6444                 $r = sql_query($query);\r
6445                 while ($o = sql_fetch_object($r)) {\r
6446                         array_push($aOIDs, $o->oid);\r
6447                         $aOptions[$o->oid] = array(\r
6448                                                 'oid' => $o->oid,\r
6449                                                 'value' => $o->odef,\r
6450                                                 'name' => $o->oname,\r
6451                                                 'description' => $o->odesc,\r
6452                                                 'type' => $o->otype,\r
6453                                                 'typeinfo' => $o->oextra,\r
6454                                                 'contextid' => 0\r
6455                         );\r
6456                 }\r
6457                 // fill out actual values\r
6458                 if (count($aOIDs) > 0) {\r
6459                         $r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')');\r
6460                         while ($o = sql_fetch_object($r))\r
6461                                 $aOptions[$o->oid]['value'] = $o->ovalue;\r
6462                 }\r
6463 \r
6464                 // call plugins\r
6465                 $param = array(\r
6466                         'context'       =>  'global',\r
6467                         'plugid'        =>  $pid,\r
6468                         'options'       => &$aOptions\r
6469                 );\r
6470                 $manager->notify('PrePluginOptionsEdit', $param);\r
6471 \r
6472                 $template['content'] = 'plugoptionlist';\r
6473                 $amount = showlist($aOptions,'table',$template);\r
6474                 if ($amount == 0)\r
6475                         echo '<p>',_ERROR_NOPLUGOPTIONS,'</p>';\r
6476 \r
6477                 ?>\r
6478                         </div>\r
6479                         </form>\r
6480                 <?php      $this->pagefoot();\r
6481 \r
6482 \r
6483 \r
6484         }\r
6485 \r
6486         /**\r
6487          * @todo document this\r
6488          */\r
6489         function action_pluginoptionsupdate() {\r
6490                 global $member, $manager;\r
6491 \r
6492                 // check if allowed\r
6493                 $member->isAdmin() or $this->disallow();\r
6494 \r
6495                 $pid = intRequestVar('plugid');\r
6496                 if (!$manager->pidInstalled($pid))\r
6497                         $this->error(_ERROR_NOSUCHPLUGIN);\r
6498 \r
6499                 $aOptions = requestArray('plugoption');\r
6500                 NucleusPlugin::_applyPluginOptions($aOptions);\r
6501 \r
6502                 $param = array(\r
6503                         'context'       => 'global',\r
6504                         'plugid'        => $pid\r
6505                 );\r
6506                 $manager->notify('PostPluginOptionsUpdate', $param);\r
6507 \r
6508                 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED);\r
6509         }\r
6510 \r
6511         /**\r
6512          * @static\r
6513          * @todo document this\r
6514          */\r
6515         function _insertPluginOptions($context, $contextid = 0) {\r
6516                 // get all current values for this contextid\r
6517                 // (note: this might contain doubles for overlapping contextids)\r
6518                 $aIdToValue = array();\r
6519                 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));\r
6520                 while ($o = sql_fetch_object($res)) {\r
6521                         $aIdToValue[$o->oid] = $o->ovalue;\r
6522                 }\r
6523 \r
6524                 // get list of oids per pid\r
6525                 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin')\r
6526                            . ' WHERE opid=pid and ocontext=\''.sql_real_escape_string($context).'\' ORDER BY porder, oid ASC';\r
6527                 $res = sql_query($query);\r
6528                 $aOptions = array();\r
6529                 while ($o = sql_fetch_object($res)) {\r
6530                         if (in_array($o->oid, array_keys($aIdToValue)))\r
6531                                 $value = $aIdToValue[$o->oid];\r
6532                         else\r
6533                                 $value = $o->odef;\r
6534 \r
6535                         array_push($aOptions, array(\r
6536                                 'pid' => $o->pid,\r
6537                                 'pfile' => $o->pfile,\r
6538                                 'oid' => $o->oid,\r
6539                                 'value' => $value,\r
6540                                 'name' => $o->oname,\r
6541                                 'description' => $o->odesc,\r
6542                                 'type' => $o->otype,\r
6543                                 'typeinfo' => $o->oextra,\r
6544                                 'contextid' => $contextid,\r
6545                                 'extra' => ''\r
6546                         ));\r
6547                 }\r
6548 \r
6549                 global $manager;\r
6550                 $param = array(\r
6551                         'context'       =>  $context,\r
6552                         'contextid'     =>  $contextid,\r
6553                         'options'       => &$aOptions\r
6554                 );\r
6555                 $manager->notify('PrePluginOptionsEdit', $param);\r
6556 \r
6557 \r
6558                 $iPrevPid = -1;\r
6559                 foreach ($aOptions as $aOption) {\r
6560 \r
6561                         // new plugin?\r
6562                         if ($iPrevPid != $aOption['pid']) {\r
6563                                 $iPrevPid = $aOption['pid'];\r
6564                                 if (!defined('_PLUGIN_OPTIONS_TITLE')) {\r
6565                                         define('_PLUGIN_OPTIONS_TITLE', 'Options for %s');\r
6566                                 }\r
6567                                 echo '<tr><th colspan="2">'.sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)).'</th></tr>';\r
6568                         }\r
6569                         \r
6570                         $meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']);\r
6571                         if (@$meta['access'] != 'hidden') {\r
6572                                 echo '<tr>';\r
6573                                 listplug_plugOptionRow($aOption);\r
6574                                 echo '</tr>';\r
6575                         }\r
6576                 }\r
6577         }\r
6578 \r
6579         /**\r
6580          * Helper functions to create option forms etc.\r
6581          * @todo document parameters\r
6582          */\r
6583         function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO, $isAdmin = 0) {\r
6584                 $id = htmlspecialchars($name);\r
6585                 $id = str_replace('[','-',$id);\r
6586                 $id = str_replace(']','-',$id);\r
6587                 $id1 = $id . htmlspecialchars($value1);\r
6588                 $id2 = $id . htmlspecialchars($value2);\r
6589 \r
6590                 if ($name=="admin") {\r
6591                         echo '<input onclick="selectCanLogin(true);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';\r
6592                 } else {\r
6593                         echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';\r
6594                 }\r
6595 \r
6596                         if ($checkedval == $value1)\r
6597                                 echo "tabindex='$tabindex' checked='checked'";\r
6598                         echo ' id="'.$id1.'" /><label for="'.$id1.'">' . $yesval . '</label>';\r
6599                 echo ' ';\r
6600                 if ($name=="admin") {\r
6601                         echo '<input onclick="selectCanLogin(false);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" ';\r
6602                 } else {\r
6603                         echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" ';\r
6604                 }\r
6605                         if ($checkedval != $value1)\r
6606                                 echo "tabindex='$tabindex' checked='checked'";\r
6607                         if ($isAdmin && $name=="canlogin")\r
6608                                 echo ' disabled="disabled"';\r
6609                         echo ' id="'.$id2.'" /><label for="'.$id2.'">' . $noval . '</label>';\r
6610         }\r
6611 \r
6612 } // class ADMIN\r
6613 \r
6614 ?>
Nucleus CMS日本語版SVNをgit-svnしたもの。リポジトリの変換作業用
About OSDN
Find Software
Develop Software
Help