4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2009 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * Actions that can be called via action.php
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2009 The Nucleus Group
18 * @version $Id: ACTION.php 1646 2012-01-29 10:47:32Z sakamocchi $
24 * Constructor for an new ACTION object
33 * Calls functions that handle an action called from action.php
35 function doAction($action)
40 return $this->autoDraft();
44 return $this->updateTicket();
48 return $this->addComment();
52 return $this->sendMessage();
56 return $this->createAccount();
59 case 'forgotpassword':
60 return $this->forgotPassword();
64 return $this->doKarma('pos');
68 return $this->doKarma('neg');
72 return $this->callPlugin();
76 doError(_ERROR_BADACTION);
82 * ACTION::addComment()
83 * Adds a new comment to an item (if IP isn't banned)
90 global $CONF, $errormessage, $manager;
92 $post['itemid'] = intPostVar('itemid');
93 $post['user'] = postVar('user');
94 $post['userid'] = postVar('userid');
95 $post['email'] = postVar('email');
96 $post['body'] = postVar('body');
97 $post['remember'] = intPostVar('remember');
99 // begin if: "Remember Me" box checked
100 if ( $post['remember'] == 1 )
102 $lifetime = time() + 2592000;
103 setcookie($CONF['CookiePrefix'] . 'comment_user', $post['user'], $lifetime, '/', '', 0);
104 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'], $lifetime, '/', '', 0);
105 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime, '/', '', 0);
108 $comments = new COMMENTS($post['itemid']);
110 $blog_id = getBlogIDFromItemID($post['itemid']);
111 $this->checkban($blog_id);
112 $blog =& $manager->getBlog($blog_id);
114 // note: PreAddComment and PostAddComment gets called somewhere inside addComment
115 $errormessage = $comments->addComment($blog->getCorrectTime(), $post);
117 if ( $errormessage == '1' )
119 // redirect when adding comments succeeded
120 if ( postVar('url') )
122 redirect(postVar('url') );
126 $url = LINK::create_item_link($post['itemid']);
130 // else, show error message using default skin for blo
134 'message' => $errormessage,
135 'skinid' => $blog->getDefaultSkin()
142 * ACTION::sendMessage()
143 * Sends a message from the current member to the member given as argument
148 function sendMessage()
150 global $CONF, $member;
152 $error = $this->validateMessage();
156 return array('message' => $error);
159 if ( !$member->isLoggedIn() )
161 $fromMail = postVar('frommail');
162 $fromName = _MMAIL_FROMANON;
166 $fromMail = $member->getEmail();
167 $fromName = $member->getDisplayName();
170 $tomem = new MEMBER();
171 $tomem->readFromId(postVar('memberid') );
173 $message = _MMAIL_MSG . ' ' . $fromName . "\n"
174 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
175 . _MMAIL_MAIL . " \n\n"
176 . postVar('message');
177 $message .= NOTIFICATION::get_mail_footer();
179 $title = _MMAIL_TITLE . ' ' . $fromName;
180 NOTIFICATION::mail($tomem->getEmail(), $title, $message, $fromMail, i18n::get_current_charset());
182 if ( postVar('url') )
184 redirect(postVar('url') );
188 $CONF['MemberURL'] = $CONF['IndexURL'];
190 if ( $CONF['URLMode'] == 'pathinfo' )
192 $url = LINK::create_link('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName() ) );
196 $url = $CONF['IndexURL'] . LINK::create_member_link($tomem->getID());
205 * ACTION::validateMessage()
206 * Checks if a mail to a member is allowed
207 * Returns a string with the error message if the mail is disallowed
210 * @return String Null character string
212 function validateMessage()
214 global $CONF, $member, $manager;
216 if ( !$CONF['AllowMemberMail'] )
218 return _ERROR_MEMBERMAILDISABLED;
221 if ( !$member->isLoggedIn() && !$CONF['NonmemberMail'] )
223 return _ERROR_DISALLOWED;
226 if ( !$member->isLoggedIn() && !NOTIFICATION::address_validation(postVar('frommail')) )
228 return _ERROR_BADMAILADDRESS;
231 // let plugins do verification (any plugin which thinks the comment is invalid
232 // can change 'error' to something other than '')
234 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result) );
240 * ACTION::createAccount()
241 * Creates a new user account
246 function createAccount()
248 global $CONF, $manager;
250 if ( !$CONF['AllowMemberCreate'] )
252 doError(_ERROR_MEMBERCREATEDISABLED);
255 // evaluate content from FormExtra
257 $data = array('type' => 'membermail', 'error' => &$result);
258 $manager->notify('ValidateForm', $data);
265 // even though the member can not log in, set some random initial password. One never knows.
266 srand( (double) microtime() * 1000000);
267 $initialPwd = md5(uniqid(rand(), TRUE) );
269 // create member (non admin/can not login/no notes/random string as password)
270 $name = ENTITY::shorten(postVar('name'), 32, '');
271 $r = MEMBER::create($name, postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, '');
278 // send message containing password.
279 $newmem = new MEMBER();
280 $newmem->readFromName($name);
281 $newmem->sendActivationLink('register');
283 $manager->notify('PostRegister', array('member' => &$newmem) );
285 if ( postVar('desturl') )
287 redirect(postVar('desturl') );
291 echo _MSG_ACTIVATION_SENT;
292 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
293 echo "\n</body>\n</html>";
301 * Sends a new password
303 function forgotPassword()
305 $membername = trim(postVar('name') );
307 if ( !MEMBER::exists($membername) )
309 doError(_ERROR_NOSUCHMEMBER);
312 $mem = MEMBER::createFromName($membername);
314 /* below keeps regular users from resetting passwords using forgot password feature
315 Removing for now until clear why it is required.*/
316 /*if (!$mem->canLogin())
317 doError(_ERROR_NOLOGON_NOACTIVATE);*/
319 // check if e-mail address is correct
320 if ( !($mem->getEmail() == postVar('email') ) )
322 doError(_ERROR_INCORRECTEMAIL);
325 // send activation link
326 $mem->sendActivationLink('forgot');
328 if ( postVar('url') )
330 redirect(postVar('url') );
334 echo _MSG_ACTIVATION_SENT;
335 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>';
346 * @param String $type pos or neg
349 function doKarma($type)
351 global $itemid, $member, $CONF, $manager;
353 // check if itemid exists
354 if ( !$manager->existsItem($itemid, 0, 0) )
356 doError(_ERROR_NOSUCHITEM);
359 $blogid = getBlogIDFromItemID($itemid);
360 $this->checkban($blogid);
362 $karma =& $manager->getKarma($itemid);
364 // check if not already voted
365 if ( !$karma->isVoteAllowed(serverVar('REMOTE_ADDR') ) )
367 doError(_ERROR_VOTEDBEFORE);
370 // check if item does allow voting
371 $item =& $manager->getItem($itemid, 0, 0);
373 if ( $item['closed'] )
375 doError(_ERROR_ITEMCLOSED);
381 $karma->votePositive();
385 $karma->voteNegative();
389 $blog =& $manager->getBlog($blogid);
391 // send email to notification address, if any
392 if ( $blog->getNotifyAddress() && $blog->notifyOnVote() )
394 $message = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
395 $itemLink = LINK::create_item_link(intval($itemid) );
396 $temp = parse_url($itemLink);
398 if ( !$temp['scheme'] )
400 $itemLink = $CONF['IndexURL'] . $itemLink;
403 $message .= $itemLink . "\n\n";
405 if ( $member->isLoggedIn() )
407 $message .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
410 $message .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
411 $message .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
412 $message .= _NOTIFY_VOTE . "\n " . $type . "\n";
413 $message .= NOTIFICATION::get_mail_footer();
415 $subject = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
417 $from = $member->getNotifyFromMailAddress();
419 NOTIFICATION::mail($blog->getNotifyAddress(), $subject, $message, $from, i18n::get_current_charset());
422 $refererUrl = serverVar('HTTP_REFERER');
439 * Calls a plugin action
441 function callPlugin()
445 $pluginName = 'NP_' . requestVar('name');
446 $actionType = requestVar('type');
448 // 1: check if plugin is installed
449 if ( !$manager->pluginInstalled($pluginName) )
451 doError(_ERROR_NOSUCHPLUGIN);
455 $pluginObject =& $manager->getPlugin($pluginName);
459 $error = $pluginObject->doAction($actionType);
463 $error = 'Could not load plugin (see actionlog)';
466 // doAction returns error when:
467 // - an error occurred (duh)
468 // - no actions are allowed (doAction is not implemented)
480 * Checks if an IP or IP range is banned
482 function checkban($blogid)
485 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR') );
489 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
498 function updateTicket()
502 if ( $manager->checkTicket() )
504 echo $manager->getNewTicket();
508 echo _ERROR . ':' . _ERROR_BADTICKET;
516 * Handles AutoSaveDraft
522 if ( $manager->checkTicket() )
524 $manager->loadClass('ITEM');
525 $info = ITEM::createDraftFromRequest();
527 if ( $info['status'] == 'error' )
529 echo $info['message'];
533 echo $info['draftid'];
538 echo _ERROR . ':' . _ERROR_BADTICKET;