5 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
6 * Copyright (C) 2002-2009 The Nucleus Group
\r
8 * This program is free software; you can redistribute it and/or
\r
9 * modify it under the terms of the GNU General Public License
\r
10 * as published by the Free Software Foundation; either version 2
\r
11 * of the License, or (at your option) any later version.
\r
12 * (see nucleus/documentation/index.html#license for more info)
\r
15 * Actions that can be called via action.php
\r
17 * @license http://nucleuscms.org/license.txt GNU General Public License
\r
18 * @copyright Copyright (C) 2002-2009 The Nucleus Group
\r
19 * @version $Id: ACTION.php 1646 2012-01-29 10:47:32Z sakamocchi $
\r
24 * Action::__construct()
\r
25 * Constructor for an new ACTION object
\r
30 public function __construct()
\r
36 * Action::doAction()
\r
37 * Calls functions that handle an action called from action.php
\r
39 * @param string $action action type
\r
42 public function doAction($action)
\r
47 return $this->autoDraft();
\r
49 case 'updateticket':
\r
50 return $this->updateTicket();
\r
53 return $this->addComment();
\r
56 return $this->sendMessage();
\r
58 case 'createaccount':
\r
59 return $this->createAccount();
\r
61 case 'forgotpassword':
\r
62 return $this->forgotPassword();
\r
64 case 'votepositive':
\r
65 return $this->doKarma('pos');
\r
67 case 'votenegative':
\r
68 return $this->doKarma('neg');
\r
71 return $this->callPlugin();
\r
74 doError(_ERROR_BADACTION);
\r
81 * Action::addComment()
\r
82 * Adds a new comment to an item (if IP isn't banned)
\r
87 private function addComment()
\r
89 global $CONF, $errormessage, $manager;
\r
91 $post['itemid'] = intPostVar('itemid');
\r
92 $post['user'] = postVar('user');
\r
93 $post['userid'] = postVar('userid');
\r
94 $post['email'] = postVar('email');
\r
95 $post['body'] = postVar('body');
\r
96 $post['remember'] = intPostVar('remember');
\r
98 // begin if: "Remember Me" box checked
\r
99 if ( $post['remember'] == 1 )
\r
101 $lifetime = time() + 2592000;
\r
102 setcookie($CONF['CookiePrefix'] . 'comment_user', $post['user'], $lifetime, '/', '', 0);
\r
103 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'], $lifetime, '/', '', 0);
\r
104 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime, '/', '', 0);
\r
107 $comments = new Comments($post['itemid']);
\r
109 $blog_id = getBlogIDFromItemID($post['itemid']);
\r
110 $this->checkban($blog_id);
\r
111 $blog =& $manager->getBlog($blog_id);
\r
113 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
\r
114 $errormessage = $comments->addComment($blog->getCorrectTime(), $post);
\r
116 if ( $errormessage != '1' )
\r
118 // show error message using default skin for blo
\r
120 'message' => $errormessage,
\r
121 'skinid' => $blog->getDefaultSkin()
\r
126 // redirect when adding comments succeeded
\r
127 if ( postVar('url') )
\r
129 redirect(postVar('url') );
\r
133 $url = Link::create_item_link($post['itemid']);
\r
141 * Action::sendMessage()
\r
142 * Sends a message from the current member to the member given as argument
\r
147 private function sendMessage()
\r
149 global $CONF, $member;
\r
151 $error = $this->validateMessage();
\r
153 if ( $error != '' )
\r
155 return array('message' => $error);
\r
158 if ( !$member->isLoggedIn() )
\r
160 $fromMail = postVar('frommail');
\r
161 $fromName = _MMAIL_FROMANON;
\r
165 $fromMail = $member->getEmail();
\r
166 $fromName = $member->getDisplayName();
\r
169 /* TODO: validation */
\r
170 $memberid = postVar('memberid');
\r
171 $tomem = new Member();
\r
172 $tomem->readFromId($memberid);
\r
174 /* TODO: validation */
\r
175 $message = postVar('message');
\r
176 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
\r
177 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
\r
178 . _MMAIL_MAIL . " \n\n"
\r
180 $message .= Notification::get_mail_footer();
\r
182 $title = _MMAIL_TITLE . ' ' . $fromName;
\r
183 Notification::mail($tomem->getEmail(), $title, $message, $fromMail, i18n::get_current_charset());
\r
185 /* TODO: validation */
\r
186 $url = postVar('url');
\r
189 $CONF['MemberURL'] = $CONF['IndexURL'];
\r
191 if ( $CONF['URLMode'] == 'pathinfo' )
\r
194 'memberid' => $tomem->getID(),
\r
195 'name' => $tomem->getDisplayName()
\r
197 $url = Link::create_link('member', $data);
\r
201 $url = $CONF['IndexURL'] . Link::create_member_link($tomem->getID());
\r
210 * Action::validateMessage()
\r
211 * Checks if a mail to a member is allowed
\r
212 * Returns a string with the error message if the mail is disallowed
\r
215 * @return String Null character string
\r
217 private function validateMessage()
\r
219 global $CONF, $member, $manager;
\r
221 if ( !$CONF['AllowMemberMail'] )
\r
223 return _ERROR_MEMBERMAILDISABLED;
\r
226 if ( !$member->isLoggedIn() && !$CONF['NonmemberMail'] )
\r
228 return _ERROR_DISALLOWED;
\r
231 if ( !$member->isLoggedIn() && !Notification::address_validation(postVar('frommail')) )
\r
233 return _ERROR_BADMAILADDRESS;
\r
237 * let plugins do verification (any plugin which thinks the comment is
\r
238 * invalid can change 'error' to something other than '')
\r
242 'type' => 'membermail',
\r
243 'error' => &$result
\r
245 $manager->notify('ValidateForm', $data);
\r
251 * Action::createAccount()
\r
252 * Creates a new user account
\r
257 private function createAccount()
\r
259 global $CONF, $manager;
\r
261 if ( array_key_exists('AllowMemberCreate', $CONF) && !$CONF['AllowMemberCreate'] )
\r
263 doError(_ERROR_MEMBERCREATEDISABLED);
\r
266 // evaluate content from FormExtra
\r
269 'type' => 'membermail',
\r
270 'error' => &$result
\r
272 $manager->notify('ValidateForm', $data);
\r
274 if ( $result != 1 )
\r
279 // even though the member can not log in, set some random initial password. One never knows.
\r
280 srand((double) microtime() * 1000000);
\r
281 $initialPwd = md5(uniqid(rand(), TRUE) );
\r
283 // create member (non admin/can not login/no notes/random string as password)
\r
284 $name = Entity::shorten(postVar('name'), 32, '');
\r
285 $relname = postVar('realname');
\r
286 $email = postVar('email');
\r
287 $url = postVar('url');
\r
289 $r = Member::create($name, $realname, $initialPwd, $email, $url, 0, 0, '');
\r
296 // send message containing password.
\r
297 $newmem = new Member();
\r
298 $newmem->readFromName($name);
\r
299 $newmem->sendActivationLink('register');
\r
301 $manager->notify('PostRegister', array('member' => &$newmem) );
\r
303 if ( postVar('desturl') )
\r
305 redirect(postVar('desturl') );
\r
312 * Action::forgotPassword()
\r
313 * Sends a new password
\r
318 private function forgotPassword()
\r
320 $membername = trim(postVar('name') );
\r
322 if ( !Member::exists($membername) )
\r
324 doError(_ERROR_NOSUCHMEMBER);
\r
327 $mem = Member::createFromName($membername);
\r
329 // check if e-mail address is correct
\r
330 $email = postVar('email');
\r
331 if ( $mem->getEmail() != $email )
\r
333 doError(_ERROR_INCORRECTEMAIL);
\r
336 // send activation link
\r
337 $mem->sendActivationLink('forgot');
\r
340 $url = postVar('url');
\r
341 if ( !empty($url) )
\r
343 redirect(postVar('url') );
\r
347 echo _MSG_ACTIVATION_SENT;
\r
350 . "Return to <a href=\"{$CONF['IndexURL']}\" title=\"{$CONF['SiteName']}\">{$CONF['SiteName']}</a>\n";
\r
357 * Action::doKarma()
\r
358 * Handle karma votes
\r
360 * @param string $type pos or neg
\r
363 private function doKarma($type)
\r
365 global $itemid, $member, $CONF, $manager;
\r
367 // check if itemid exists
\r
368 if ( !$manager->existsItem($itemid, 0, 0) )
\r
370 doError(_ERROR_NOSUCHITEM);
\r
373 $blogid = getBlogIDFromItemID($itemid);
\r
374 $this->checkban($blogid);
\r
376 $karma =& $manager->getKarma($itemid);
\r
378 // check if not already voted
\r
379 if ( !$karma->isVoteAllowed(serverVar('REMOTE_ADDR') ) )
\r
381 doError(_ERROR_VOTEDBEFORE);
\r
384 // check if item does allow voting
\r
385 $item =& $manager->getItem($itemid, 0, 0);
\r
387 if ( $item['closed'] )
\r
389 doError(_ERROR_ITEMCLOSED);
\r
395 $karma->votePositive();
\r
399 $karma->voteNegative();
\r
403 $blog =& $manager->getBlog($blogid);
\r
405 // send email to notification address, if any
\r
406 if ( $blog->getNotifyAddress() && $blog->notifyOnVote() )
\r
408 $message = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
\r
409 $itemLink = Link::create_item_link((integer)$itemid);
\r
410 $temp = parse_url($itemLink);
\r
412 if ( !$temp['scheme'] )
\r
414 $itemLink = $CONF['IndexURL'] . $itemLink;
\r
417 $message .= $itemLink . "\n\n";
\r
419 if ( $member->isLoggedIn() )
\r
421 $message .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
\r
424 $message .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
\r
425 $message .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
\r
426 $message .= _NOTIFY_VOTE . "\n " . $type . "\n";
\r
427 $message .= Notification::get_mail_footer();
\r
429 $subject = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
\r
431 $from = $member->getNotifyFromMailAddress();
\r
433 Notification::mail($blog->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());
\r
436 $refererUrl = serverVar('HTTP_REFERER');
\r
438 if ( !$refererUrl )
\r
444 $url = $refererUrl;
\r
452 * Action::callPlugin()
\r
453 * Calls a plugin action
\r
458 private function callPlugin()
\r
462 $name = requestVar('name');
\r
463 $pluginName = "NP_{$name}";
\r
464 $actionType = requestVar('type');
\r
466 // 1: check if plugin is installed
\r
467 if ( !$manager->pluginInstalled($pluginName) )
\r
469 doError(_ERROR_NOSUCHPLUGIN);
\r
473 $pluginObject =& $manager->getPlugin($pluginName);
\r
474 if ( !$pluginObject )
\r
476 $error = 'Could not load plugin (see actionlog)';
\r
480 $error = $pluginObject->doAction($actionType);
\r
484 * doAction returns error when:
\r
485 * - an error occurred (duh)
\r
486 * - no actions are allowed (doAction is not implemented)
\r
497 * Action::checkban()
\r
498 * Checks if an IP or IP range is banned
\r
500 * @param integer $blogid
\r
503 private function checkban($blogid)
\r
506 $ban = Ban::isBanned($blogid, serverVar('REMOTE_ADDR') );
\r
510 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
\r
517 * Action::updateTicket()
\r
518 * Gets a new ticket
\r
521 * @return boolean FALSE
\r
523 private function updateTicket()
\r
527 if ( !$manager->checkTicket() )
\r
529 echo _ERROR . ':' . _ERROR_BADTICKET;
\r
533 echo $manager->getNewTicket();
\r
540 * Action::autoDraft()
\r
541 * Handles AutoSaveDraft
\r
544 * @return boolean FALSE
\r
546 private function autoDraft()
\r
550 if ( !$manager->checkTicket() )
\r
552 echo _ERROR . ':' . _ERROR_BADTICKET;
\r
556 $manager->loadClass('ITEM');
\r
557 $info = Item::createDraftFromRequest();
\r
559 if ( $info['status'] != 'error' )
\r
561 echo $info['draftid'];
\r
565 echo $info['message'];
\r
577 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
578 * Copyright (C) 2002-2009 The Nucleus Group
580 * This program is free software; you can redistribute it and/or
581 * modify it under the terms of the GNU General Public License
582 * as published by the Free Software Foundation; either version 2
583 * of the License, or (at your option) any later version.
584 * (see nucleus/documentation/index.html#license for more info)
587 * Actions that can be called via action.php
589 * @license http://nucleuscms.org/license.txt GNU General Public License
590 * @copyright Copyright (C) 2002-2009 The Nucleus Group
591 * @version $Id: ACTION.php 1646 2012-01-29 10:47:32Z sakamocchi $
596 * Action::__construct()
597 * Constructor for an new ACTION object
602 public function __construct()
609 * Calls functions that handle an action called from action.php
611 * @param string $action action type
614 public function doAction($action)
619 return $this->autoDraft();
622 return $this->updateTicket();
625 return $this->addComment();
628 return $this->sendMessage();
630 case 'createaccount':
631 return $this->createAccount();
633 case 'forgotpassword':
634 return $this->forgotPassword();
637 return $this->doKarma('pos');
640 return $this->doKarma('neg');
643 return $this->callPlugin();
646 doError(_ERROR_BADACTION);
653 * Action::addComment()
654 * Adds a new comment to an item (if IP isn't banned)
659 private function addComment()
661 global $CONF, $errormessage, $manager;
663 $post['itemid'] = intPostVar('itemid');
664 $post['user'] = postVar('user');
665 $post['userid'] = postVar('userid');
666 $post['email'] = postVar('email');
667 $post['body'] = postVar('body');
668 $post['remember'] = intPostVar('remember');
670 // begin if: "Remember Me" box checked
671 if ( $post['remember'] == 1 )
673 $lifetime = time() + 2592000;
674 setcookie($CONF['CookiePrefix'] . 'comment_user', $post['user'], $lifetime, '/', '', 0);
675 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'], $lifetime, '/', '', 0);
676 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime, '/', '', 0);
679 $item =& $manager->getItem($post['itemid'], 0, 0);
680 $this->checkban($item['blogid']);
681 $blog =& $manager->getBlog($item['blogid']);
683 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
684 $comments = new Comments($post['itemid']);
685 $errormessage = $comments->addComment($blog->getCorrectTime(), $post);
687 if ( $errormessage != '1' )
689 // show error message using default skin for blo
691 'message' => $errormessage,
692 'skinid' => $blog->getDefaultSkin()
697 // redirect when adding comments succeeded
698 if ( postVar('url') )
700 redirect(postVar('url') );
704 $url = Link::create_item_link($post['itemid']);
712 * Action::sendMessage()
713 * Sends a message from the current member to the member given as argument
718 private function sendMessage()
720 global $CONF, $member;
722 $error = $this->validateMessage();
726 return array('message' => $error);
729 if ( !$member->isLoggedIn() )
731 $fromMail = postVar('frommail');
732 $fromName = _MMAIL_FROMANON;
736 $fromMail = $member->getEmail();
737 $fromName = $member->getDisplayName();
740 /* TODO: validation */
741 $memberid = postVar('memberid');
742 $tomem = new Member();
743 $tomem->readFromId($memberid);
745 /* TODO: validation */
746 $message = postVar('message');
747 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
748 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
749 . _MMAIL_MAIL . " \n\n"
751 $message .= Notification::get_mail_footer();
753 $title = _MMAIL_TITLE . ' ' . $fromName;
754 Notification::mail($tomem->getEmail(), $title, $message, $fromMail, i18n::get_current_charset());
756 /* TODO: validation */
757 $url = postVar('url');
760 $CONF['MemberURL'] = $CONF['IndexURL'];
762 if ( $CONF['URLMode'] == 'pathinfo' )
765 'memberid' => $tomem->getID(),
766 'name' => $tomem->getDisplayName()
768 $url = Link::create_link('member', $data);
772 $url = $CONF['IndexURL'] . Link::create_member_link($tomem->getID());
781 * Action::validateMessage()
782 * Checks if a mail to a member is allowed
783 * Returns a string with the error message if the mail is disallowed
786 * @return String Null character string
788 private function validateMessage()
790 global $CONF, $member, $manager;
792 if ( !$CONF['AllowMemberMail'] )
794 return _ERROR_MEMBERMAILDISABLED;
797 if ( !$member->isLoggedIn() && !$CONF['NonmemberMail'] )
799 return _ERROR_DISALLOWED;
802 if ( !$member->isLoggedIn() && !Notification::address_validation(postVar('frommail')) )
804 return _ERROR_BADMAILADDRESS;
808 * let plugins do verification (any plugin which thinks the comment is
809 * invalid can change 'error' to something other than '')
813 'type' => 'membermail',
816 $manager->notify('ValidateForm', $data);
822 * Action::createAccount()
823 * Creates a new user account
828 private function createAccount()
830 global $CONF, $manager;
832 if ( array_key_exists('AllowMemberCreate', $CONF) && !$CONF['AllowMemberCreate'] )
834 doError(_ERROR_MEMBERCREATEDISABLED);
838 // evaluate content from FormExtra
841 'type' => 'membermail',
844 $manager->notify('ValidateForm', $data);
851 // even though the member can not log in, set some random initial password. One never knows.
852 srand((double) microtime() * 1000000);
853 $initialPwd = md5(uniqid(rand(), TRUE) );
855 // create member (non admin/can not login/no notes/random string as password)
856 $name = Entity::shorten(postVar('name'), 32, '');
857 $relname = postVar('realname');
858 $email = postVar('email');
859 $url = postVar('url');
861 $r = Member::create($name, $realname, $initialPwd, $email, $url, 0, 0, '');
868 // send message containing password.
869 $newmem = new Member();
870 $newmem->readFromName($name);
871 $newmem->sendActivationLink('register');
873 $data = array('member' => $newmem);
874 $manager->notify('PostRegister', $data);
876 if ( postVar('desturl') )
878 redirect(postVar('desturl') );
885 * Action::forgotPassword()
886 * Sends a new password
891 private function forgotPassword()
893 $membername = trim(postVar('name') );
895 if ( !Member::exists($membername) )
897 doError(_ERROR_NOSUCHMEMBER);
901 $mem = Member::createFromName($membername);
903 // check if e-mail address is correct
904 $email = postVar('email');
905 if ( $mem->getEmail() != $email )
907 doError(_ERROR_INCORRECTEMAIL);
911 // send activation link
912 $mem->sendActivationLink('forgot');
915 $url = postVar('url');
918 redirect(postVar('url') );
922 echo _MSG_ACTIVATION_SENT;
925 . "Return to <a href=\"{$CONF['IndexURL']}\" title=\"{$CONF['SiteName']}\">{$CONF['SiteName']}</a>\n";
935 * @param string $type pos or neg
938 private function doKarma($type)
940 global $itemid, $member, $CONF, $manager;
942 // check if itemid exists
943 if ( !$manager->existsItem($itemid, 0, 0) )
945 doError(_ERROR_NOSUCHITEM);
949 $item =& $manager->getItem($itemid, 0, 0);
950 $this->checkban($item['blogid']);
952 $karma =& $manager->getKarma($itemid);
954 // check if not already voted
955 if ( !$karma->isVoteAllowed(serverVar('REMOTE_ADDR') ) )
957 doError(_ERROR_VOTEDBEFORE);
961 // check if item does allow voting
962 $item =& $manager->getItem($itemid, 0, 0);
964 if ( $item['closed'] )
966 doError(_ERROR_ITEMCLOSED);
973 $karma->votePositive();
977 $karma->voteNegative();
981 $blog =& $manager->getBlog($blogid);
983 // send email to notification address, if any
984 if ( $blog->getNotifyAddress() && $blog->notifyOnVote() )
986 $message = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
987 $itemLink = Link::create_item_link((integer)$itemid);
988 $temp = parse_url($itemLink);
990 if ( !$temp['scheme'] )
992 $itemLink = $CONF['IndexURL'] . $itemLink;
995 $message .= $itemLink . "\n\n";
997 if ( $member->isLoggedIn() )
999 $message .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
1002 $message .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
1003 $message .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
1004 $message .= _NOTIFY_VOTE . "\n " . $type . "\n";
1005 $message .= Notification::get_mail_footer();
1007 $subject = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
1009 $from = $member->getNotifyFromMailAddress();
1011 Notification::mail($blog->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());
1014 $refererUrl = serverVar('HTTP_REFERER');
1030 * Action::callPlugin()
1031 * Calls a plugin action
1036 private function callPlugin()
1040 $name = requestVar('name');
1041 $pluginName = "NP_{$name}";
1042 $actionType = requestVar('type');
1044 // 1: check if plugin is installed
1045 if ( !$manager->pluginInstalled($pluginName) )
1047 doError(_ERROR_NOSUCHPLUGIN);
1052 $pluginObject =& $manager->getPlugin($pluginName);
1053 if ( !$pluginObject )
1055 $error = 'Could not load plugin (see actionlog)';
1059 $error = $pluginObject->doAction($actionType);
1063 * doAction returns error when:
1064 * - an error occurred (duh)
1065 * - no actions are allowed (doAction is not implemented)
1077 * Action::checkban()
1078 * Checks if an IP or IP range is banned
1080 * @param integer $blogid
1083 private function checkban($blogid)
1086 $ban = Ban::isBanned($blogid, serverVar('REMOTE_ADDR') );
1090 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
1098 * Action::updateTicket()
1102 * @return boolean FALSE
1104 private function updateTicket()
1108 if ( !$manager->checkTicket() )
1110 echo _ERROR . ':' . _ERROR_BADTICKET;
1114 echo $manager->getNewTicket();
1121 * Action::autoDraft()
1122 * Handles AutoSaveDraft
1125 * @return boolean FALSE
1127 private function autoDraft()
1131 if ( !$manager->checkTicket() )
1133 echo _ERROR . ':' . _ERROR_BADTICKET;
1137 $manager->loadClass('ITEM');
1138 $info = Item::createDraftFromRequest();
1140 if ( $info['status'] != 'error' )
1142 echo $info['draftid'];
1146 echo $info['message'];
1154 >>>>>>> skinnable-master