3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4 * Copyright (C) 2002-2009 The Nucleus Group
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 * (see nucleus/documentation/index.html#license for more info)
13 * The code for the Nucleus admin area
15 * @license http://nucleuscms.org/license.txt GNU General Public License
16 * @copyright Copyright (C) 2002-2009 The Nucleus Group
17 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
20 if ( !function_exists('requestVar') ) exit;
21 require_once dirname(__FILE__) . '/showlist.php';
27 static public $action;
28 static public $aOptions;
30 static public $contents;
31 static public $extrahead;
32 static public $headMess;
33 static public $passvar;
35 static private $skinless_actions = array(
36 'plugindeleteconfirm',
37 'pluginoptionsupdate',
45 'changemembersettings',
50 'skinremovetypeconfirm',
60 'templatedeleteconfirm',
64 'adminskinremovetypeconfirm',
66 'adminskindeleteconfirm',
68 'adminskineditgeneral',
73 'admintemplateupdate',
74 'admintemplatedeleteconfirm',
79 static private $ticketless_actions = array(
110 'banlistnewfromitem',
147 'adminskinremovetype',
149 'adminskinieoverview',
151 'admintemplateoverview',
152 'admintemplateclone',
154 'admintemplatedelete'
158 * NOTE: This is for condition of admin/normal skin actions
160 static public $adminskin_actions = array(
168 'adminskinremovetype',
170 'adminskinieoverview',
172 'admintemplateoverview',
173 'admintemplateclone',
175 'admintemplatedelete',
178 'adminskineditgeneral',
180 'adminskindeleteconfirm',
181 'adminskinremovetypeconfirm',
183 'adminskinieoverview',
184 'adminskiniedoimport',
189 'admintemplatedeleteconfirm',
190 'admintemplateupdate'
193 static public function initialize()
195 global $CONF, $manager, $member;
197 /* NOTE: 1. decide which skinid to use */
198 $skinid = $CONF['AdminSkin'];
199 if ( $member->isLoggedIn() )
201 $memskin = $member->getAdminSkin();
202 if ( $memskin && Skin::existsID($memskin))
208 /* NOTE: 2. make an instance of skin object */
209 if ( !Skin::existsID($skinid) )
214 /* NOTE: 3. initializing each members */
215 self::$skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
217 self::$extrahead = '';
219 self::$headMess = '';
220 self::$aOptions = '';
228 * @param string $action action to be performed
231 static public function action($action)
233 global $CONF, $manager, $member;
235 /* 1. decide action name */
236 $customAction = postvar('customaction');
237 if ( empty($customAction) )
240 'login' => 'overview',
247 'login' => $customAction,
251 if ( array_key_exists($action, $alias) && isset($alias[$action]) )
253 $action = $alias[$action];
255 $method_name = "action_{$action}";
256 self::$action = strtolower($action);
258 /* 2. check ticket-needed action */
259 if ( !in_array(self::$action, self::$ticketless_actions) && !$manager->checkTicket() )
261 self::error(_ERROR_BADTICKET);
265 /* 3. parse according to the action */
266 else if ( method_exists('Admin', $method_name) )
268 call_user_func(array(__CLASS__, $method_name));
271 /* 4. parse special admin skin */
272 elseif ( in_array(self::$action, self::$skinless_actions) )
274 /* TODO: need to be implemented or not?
275 self::action_parseSpecialskin();
280 self::error(_BADACTION . ENTITY::hsc($action));
288 * Action::action_showlogin()
293 static private function action_showlogin()
296 self::action_login($error);
301 * Action::action_login()
303 * @param string $msg message for pageheader
304 * @param integer $passvars ???
306 static private function action_login($msg = '', $passvars = 1)
310 // skip to overview when allowed
311 if ( $member->isLoggedIn() && $member->canLogin() )
313 self::action_overview();
317 /* TODO: needless variable??? */
318 self::$passvar = $passvars;
321 self::$headMess = $msg;
324 self::$skin->parse('showlogin');
328 * Action::action_overview()
329 * provides a screen with the overview of the actions available
331 * @param string $msg message for pageheader
334 static private function action_overview($msg = '')
338 self::$headMess = $msg;
341 self::$skin->parse('overview');
346 * Admin::action_manage()
348 * @param string $msg message for pageheader
351 static private function action_manage($msg = '')
357 self::$headMess = $msg;
359 $member->isAdmin() or self::disallow();
361 self::$skin->parse('manage');
366 * Action::action_itemlist()
368 * @param integer id for weblod
371 static private function action_itemlist($blogid = '')
373 global $member, $manager, $CONF;
377 $blogid = intRequestVar('blogid');
380 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
382 self::$skin->parse('itemlist');
387 * Action::action_batchitem()
392 static private function action_batchitem()
394 global $member, $manager;
396 $member->isLoggedIn() or self::disallow();
398 $selected = requestIntArray('batch');
399 $action = requestVar('batchaction');
401 if ( !is_array($selected) || sizeof($selected) == 0 )
403 self::error(_BATCH_NOSELECTION);
407 // On move: when no destination blog/category chosen, show choice now
408 $destCatid = intRequestVar('destcatid');
409 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
411 self::batchMoveSelectDestination('item', $selected);
414 // On delete: check if confirmation has been given
415 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
417 self::batchAskDeleteConfirmation('item', $selected);
420 self::$skin->parse('batchitem');
425 * Action::action_batchcomment()
430 static private function action_batchcomment()
434 $member->isLoggedIn() or self::disallow();
436 $selected = requestIntArray('batch');
437 $action = requestVar('batchaction');
439 // Show error when no items were selected
440 if ( !is_array($selected) || sizeof($selected) == 0 )
442 self::error(_BATCH_NOSELECTION);
446 // On delete: check if confirmation has been given
447 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
449 self::batchAskDeleteConfirmation('comment', $selected);
452 self::$skin->parse('batchcomment');
457 * Admin::action_batchmember()
462 static private function action_batchmember()
466 ($member->isLoggedIn() && $member->isAdmin()) or self::disallow();
468 $selected = requestIntArray('batch');
469 $action = requestVar('batchaction');
471 // Show error when no members selected
472 if ( !is_array($selected) || sizeof($selected) == 0 )
474 self::error(_BATCH_NOSELECTION);
478 // On delete: check if confirmation has been given
479 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
481 self::batchAskDeleteConfirmation('member',$selected);
484 self::$skin->parse('batchmember');
489 * Admin::action_batchteam()
494 static private function action_batchteam()
498 $blogid = intRequestVar('blogid');
500 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or self::disallow();
502 $selected = requestIntArray('batch');
503 $action = requestVar('batchaction');
505 if ( !is_array($selected) || sizeof($selected) == 0 )
507 self::error(_BATCH_NOSELECTION);
511 // On delete: check if confirmation has been given
512 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
514 self::batchAskDeleteConfirmation('team',$selected);
517 self::$skin->parse('batchteam');
522 * Admin::action_batchcategory()
527 static private function action_batchcategory()
529 global $member, $manager;
531 $member->isLoggedIn() or self::disallow();
533 $selected = requestIntArray('batch');
534 $action = requestVar('batchaction');
536 if ( !is_array($selected) || sizeof($selected) == 0 )
538 self::error(_BATCH_NOSELECTION);
542 // On move: when no destination blog chosen, show choice now
543 $destBlogId = intRequestVar('destblogid');
544 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
546 self::batchMoveCategorySelectDestination('category', $selected);
549 // On delete: check if confirmation has been given
550 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
552 self::batchAskDeleteConfirmation('category', $selected);
555 self::$skin->parse('batchcategory');
560 * Admin::batchMoveSelectDestination()
562 * @param string $type type of batch action
563 * @param integer $ids needless???
566 * TODO: remove needless argument
568 static private function batchMoveSelectDestination($type, $ids)
570 $_POST['batchmove'] = $type;
571 self::$skin->parse('batchmove');
576 * Admin::batchMoveCategorySelectDestination()
578 * @param string $type type of batch action
579 * @param integer $ids needless???
582 * TODO: remove needless argument
584 static private function batchMoveCategorySelectDestination($type, $ids)
586 $_POST['batchmove'] = $type;
588 self::$skin->parse('batchmovecat');
593 * Admin::batchAskDeleteConfirmation()
595 * @param string $type type of batch action
596 * @param integer $ids needless???
599 * TODO: remove needless argument
601 static private function batchAskDeleteConfirmation($type, $ids)
603 self::$skin->parse('batchdelete');
608 * Admin::action_browseownitems()
613 static private function action_browseownitems()
615 global $member, $manager, $CONF;
617 self::$skin->parse('browseownitems');
622 * Admin::action_itemcommentlist()
623 * Show all the comments for a given item
625 * @param integer $itemid ID for item
628 static private function action_itemcommentlist($itemid = '')
630 global $member, $manager, $CONF;
634 $itemid = intRequestVar('itemid');
637 // only allow if user is allowed to alter item
638 $member->canAlterItem($itemid) or self::disallow();
640 $item =& $manager->getItem($itemid, 1, 1);
641 $_REQUEST['itemid'] = $item['itemid'];
642 $_REQUEST['blogid'] = $item['blogid'];
644 self::$skin->parse('itemcommentlist');
649 * Admin::action_browseowncomments()
650 * Browse own comments
655 static private function action_browseowncomments()
657 self::$skin->parse('browseowncomments');
662 * Admin::action_blogcommentlist()
663 * Browse all comments for a weblog
665 * @param integer $blogid ID for weblog
668 static private function action_blogcommentlist($blogid = '')
670 global $member, $manager, $CONF;
674 $blogid = intRequestVar('blogid');
678 $blogid = intval($blogid);
681 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
683 /* TODO: we consider to use the other way insterad of this */
684 $_REQUEST['blogid'] = $blogid;
686 self::$skin->parse('blogcommentlist');
691 * Admin::action_createaccount()
696 static private function action_createaccount()
700 if ( $CONF['AllowMemberCreate'] != 1 )
702 self::$skin->parse('createaccountdisable');
718 if ( array_key_exists('showform', $_POST) && $_POST['showform'] == 1 )
720 $action = new Action();
721 $message = $action->createAccount();
722 if ( $message === 1 )
724 self::$headMess = $message;
725 self::$skin->parse('createaccountsuccess');
729 /* TODO: validation */
730 if ( array_key_exists('name', $_POST) )
732 $contents['name'] = $_POST['name'];
734 if ( array_key_exists('realname', $_POST) )
736 $contents['realname'] = $_POST['realname'];
738 if ( array_key_exists('email', $_POST) )
740 $contents['email'] = $_POST['email'];
742 if ( array_key_exists('url', $_POST) )
744 $contents['url'] = $_POST['url'];
747 self::$contents = $contents;
751 self::$skin->parse('createaccountinput');
756 * Admin::action_createitem()
757 * Provide a page to item a new item to the given blog
762 static private function action_createitem()
764 global $member, $manager;
766 $blogid = intRequestVar('blogid');
769 $member->teamRights($blogid) or self::disallow();
771 $blog =& $manager->getBlog($blogid);
776 'contents' => &$contents
778 $manager->notify('PreAddItemForm', $data);
780 if ( $blog->convertBreaks() )
782 if ( array_key_exists('body', $contents) && !empty($contents['body']) )
784 $contents['body'] = removeBreaks($contents['body']);
786 if ( array_key_exists('more', $contents) && !empty($contents['more']) )
788 $contents['more'] = removeBreaks($contents['more']);
792 self::$blog = &$blog;
793 self::$contents = &$contents;
795 self::$skin->parse('createitem');
800 * Admin::action_itemedit()
805 static private function action_itemedit()
807 global $member, $manager;
809 $itemid = intRequestVar('itemid');
811 // only allow if user is allowed to alter item
812 $member->canAlterItem($itemid) or self::disallow();
814 $item =& $manager->getItem($itemid, 1, 1);
815 $blog =& $manager->getBlog($item['blogid']);
816 $manager->notify('PrepareItemForEdit', array('blog'=> &$blog, 'item' => &$item));
818 if ( $blog->convertBreaks() )
820 if ( array_key_exists('body', $item) && !empty($item['body']) )
822 $item['body'] = removeBreaks($item['body']);
824 if ( array_key_exists('more', $item) && !empty($item['more']) )
826 $item['more'] = removeBreaks($item['more']);
830 self::$blog = &$blog;
831 self::$contents = &$item;
833 self::$skin->parse('itemedit');
838 * Admin::action_itemupdate()
843 static private function action_itemupdate()
845 global $member, $manager, $CONF;
847 $itemid = intRequestVar('itemid');
848 $catid = postVar('catid');
850 // only allow if user is allowed to alter item
851 $member->canUpdateItem($itemid, $catid) or self::disallow();
853 $actiontype = postVar('actiontype');
855 // delete actions are handled by itemdelete (which has confirmation)
856 if ( $actiontype == 'delete' )
858 self::action_itemdelete();
862 $body = postVar('body');
863 $title = postVar('title');
864 $more = postVar('more');
865 $closed = intPostVar('closed');
866 $draftid = intPostVar('draftid');
868 // default action = add now
871 $actiontype='addnow';
874 // create new category if needed
875 if ( i18n::strpos($catid,'newcat') === 0 )
878 list($blogid) = sscanf($catid,"newcat-%d");
881 $blog =& $manager->getBlog($blogid);
882 $catid = $blog->createNewCategory();
884 // show error when sth goes wrong
887 self::doError(_ERROR_CATCREATEFAIL);
892 * set some variables based on actiontype
895 * draft items -> addnow, addfuture, adddraft, delete
896 * non-draft items -> edit, changedate, delete
899 * $timestamp: set to a nonzero value for future dates or date changes
900 * $wasdraft: set to 1 when the item used to be a draft item
901 * $publish: set to 1 when the edited item is not a draft
903 $blogid = getBlogIDFromItemID($itemid);
904 $blog =& $manager->getBlog($blogid);
906 $wasdrafts = array('adddraft', 'addfuture', 'addnow');
907 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
908 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
909 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
911 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
918 // edit the item for real
919 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
921 self::updateFuturePosted($blogid);
925 // delete permission is checked inside Item::delete()
926 Item::delete($draftid);
929 if ( $catid != intPostVar('catid') )
931 self::action_categoryedit(
934 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
939 // TODO: set start item correctly for itemlist
940 $item =& $manager->getitem($itemid, 1, 1);
941 $query = "SELECT COUNT(*) FROM %s WHERE unix_timestamp(itime) <= '%s';";
942 $query = sprintf($query, sql_table('item'), $item['timestamp']);
943 $cnt = DB::getValue($query);
944 $_REQUEST['start'] = $cnt + 1;
945 self::action_itemlist(getBlogIDFromItemID($itemid));
951 * Admin::action_itemdelete()
957 static private function action_itemdelete()
959 global $member, $manager;
961 $itemid = intRequestVar('itemid');
963 // only allow if user is allowed to alter item
964 $member->canAlterItem($itemid) or self::disallow();
966 if ( !$manager->existsItem($itemid,1,1) )
968 self::error(_ERROR_NOSUCHITEM);
972 self::$skin->parse('itemdelete');
977 * Admin::action_itemdeleteconfirm()
982 static private function action_itemdeleteconfirm()
984 global $member, $manager;
986 $itemid = intRequestVar('itemid');
988 // only allow if user is allowed to alter item
989 $member->canAlterItem($itemid) or self::disallow();
992 $item =& $manager->getItem($itemid, 1, 1);
994 // delete item (note: some checks will be performed twice)
995 self::deleteOneItem($item['itemid']);
997 self::action_itemlist($item['blogid']);
1002 * Admin::deleteOneItem()
1003 * Deletes one item and returns error if something goes wrong
1005 * @param integer $itemid ID for item
1008 static public function deleteOneItem($itemid)
1010 global $member, $manager;
1012 // only allow if user is allowed to alter item (also checks if itemid exists)
1013 if ( !$member->canAlterItem($itemid) )
1015 return _ERROR_DISALLOWED;
1018 // need to get blogid before the item is deleted
1019 $item =& $manager->getItem($itemid, 1, 1);
1021 $manager->loadClass('ITEM');
1022 Item::delete($item['itemid']);
1024 // update blog's futureposted
1025 self::updateFuturePosted($item['itemid']);
1030 * Admin::updateFuturePosted()
1031 * Update a blog's future posted flag
1033 * @param integer $blogid
1036 static private function updateFuturePosted($blogid)
1040 $blogid = intval($blogid);
1041 $blog =& $manager->getBlog($blogid);
1042 $currenttime = $blog->getCorrectTime(time());
1044 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
1045 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
1046 $result = DB::getResult($query);
1048 if ( $result->rowCount() > 0 )
1050 $blog->setFuturePost();
1054 $blog->clearFuturePost();
1060 * Admin::action_itemmove()
1065 static private function action_itemmove()
1067 global $member, $manager;
1069 $itemid = intRequestVar('itemid');
1071 $member->canAlterItem($itemid) or self::disallow();
1073 self::$skin->parse('itemmove');
1078 * Admin::action_itemmoveto()
1083 static private function action_itemmoveto()
1085 global $member, $manager;
1087 $itemid = intRequestVar('itemid');
1088 $catid = requestVar('catid');
1090 // create new category if needed
1091 if ( i18n::strpos($catid,'newcat') === 0 )
1094 list($blogid) = sscanf($catid,'newcat-%d');
1097 $blog =& $manager->getBlog($blogid);
1098 $catid = $blog->createNewCategory();
1100 // show error when sth goes wrong
1103 self::doError(_ERROR_CATCREATEFAIL);
1107 // only allow if user is allowed to alter item
1108 $member->canUpdateItem($itemid, $catid) or self::disallow();
1110 $old_blogid = getBlogIDFromItemId($itemid);
1112 Item::move($itemid, $catid);
1114 // set the futurePosted flag on the blog
1115 self::updateFuturePosted(getBlogIDFromItemId($itemid));
1117 // reset the futurePosted in case the item is moved from one blog to another
1118 self::updateFuturePosted($old_blogid);
1120 if ( $catid != intRequestVar('catid') )
1122 self::action_categoryedit($catid, $blog->getID());
1126 self::action_itemlist(getBlogIDFromCatID($catid));
1132 * Admin::moveOneItem()
1133 * Moves one item to a given category (category existance should be checked by caller)
1134 * errors are returned
1136 * @param integer $itemid ID for item
1137 * @param integer $destCatid ID for category to which the item will be moved
1140 static public function moveOneItem($itemid, $destCatid)
1144 // only allow if user is allowed to move item
1145 if ( !$member->canUpdateItem($itemid, $destCatid) )
1147 return _ERROR_DISALLOWED;
1150 Item::move($itemid, $destCatid);
1155 * Admin::action_additem()
1156 * Adds a item to the chosen blog
1161 static private function action_additem()
1163 global $manager, $CONF;
1165 $manager->loadClass('ITEM');
1167 $result = Item::createFromRequest();
1169 if ( $result['status'] == 'error' )
1171 self::error($result['message']);
1175 $item =& $manager->getItem($result['itemid'], 0, 0);
1177 if ( $result['status'] == 'newcategory' )
1179 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . $item['blogid']);
1180 self::action_categoryedit($result['catid'], $item['blogid'], $distURI);
1184 $methodName = 'action_itemlist';
1185 self::action_itemlist($item['blogid']);
1191 * Admin::action_commentedit()
1192 * Allows to edit previously made comments
1197 static private function action_commentedit()
1199 global $member, $manager;
1201 $commentid = intRequestVar('commentid');
1203 $member->canAlterComment($commentid) or self::disallow();
1205 $comment = COMMENT::getComment($commentid);
1206 $manager->notify('PrepareCommentForEdit', array('comment' => &$comment));
1208 self::$contents = $comment;
1209 self::$skin->parse('commentedit');
1214 * Admin::action_commentupdate()
1219 static private function action_commentupdate()
1221 global $member, $manager;
1223 $commentid = intRequestVar('commentid');
1225 $member->canAlterComment($commentid) or self::disallow();
1227 $url = postVar('url');
1228 $email = postVar('email');
1229 $body = postVar('body');
1231 // intercept words that are too long
1232 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
1234 self::error(_ERROR_COMMENT_LONGWORD);
1239 if ( i18n::strlen($body) < 3 )
1241 self::error(_ERROR_COMMENT_NOCOMMENT);
1245 if ( i18n::strlen($body) > 5000 )
1247 self::error(_ERROR_COMMENT_TOOLONG);
1252 $body = Comment::prepareBody($body);
1258 $manager->notify('PreUpdateComment', $data);
1260 $query = "UPDATE %s SET cmail=%s, cemail=%s, cbody=%s WHERE cnumber=%d;";
1261 $query = sprintf($query, sql_table('comment'), DB::quoteValue($url), DB::quoteValue($email), DB::quoteValue($body), (integer) $commentid);
1262 DB::execute($query);
1265 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
1266 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1268 $itemid = DB::getValue($query);
1270 if ( $member->canAlterItem($itemid) )
1272 self::action_itemcommentlist($itemid);
1276 self::action_browseowncomments();
1282 * Admin::action_commentdelete()
1288 static private function action_commentdelete()
1290 global $member, $manager;
1292 $commentid = intRequestVar('commentid');
1293 $member->canAlterComment($commentid) or self::disallow();
1295 self::$skin->parse('commentdelete');
1300 * Admin::action_commentdeleteconfirm()
1305 static private function action_commentdeleteconfirm()
1309 $commentid = intRequestVar('commentid');
1311 // get item id first
1312 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
1313 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1315 $itemid = DB::getValue($query);
1317 $error = self::deleteOneComment($commentid);
1320 self::doError($error);
1323 if ( $member->canAlterItem($itemid) )
1325 self::action_itemcommentlist($itemid);
1329 self::action_browseowncomments();
1335 * Admin::deleteOneComment()
1337 * @param integer $commentid ID for comment
1340 static public function deleteOneComment($commentid)
1342 global $member, $manager;
1344 $commentid = (integer) $commentid;
1346 if ( !$member->canAlterComment($commentid) )
1348 return _ERROR_DISALLOWED;
1352 'commentid' => $commentid
1355 $manager->notify('PreDeleteComment', $data);
1357 // delete the comments associated with the item
1358 $query = "DELETE FROM %s WHERE cnumber=%d;";
1359 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1360 DB::execute($query);
1363 'commentid' => $commentid
1366 $manager->notify('PostDeleteComment', $data);
1372 * Admin::action_usermanagement()
1373 * Usermanagement main
1378 static private function action_usermanagement()
1380 global $member, $manager;
1383 $member->isAdmin() or self::disallow();
1385 self::$skin->parse('usermanagement');
1390 * Admin::action_memberedit()
1391 * Edit member settings
1396 static private function action_memberedit()
1398 self::action_editmembersettings(intRequestVar('memberid'));
1403 * Admin::action_editmembersettings()
1405 * @param integer $memberid ID for member
1409 static private function action_editmembersettings($memberid = '')
1411 global $member, $manager, $CONF;
1413 if ( $memberid == '' )
1415 $memberid = $member->getID();
1418 /* TODO: we should consider to use the other way insterad of this */
1419 $_REQUEST['memberid'] = $memberid;
1422 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
1424 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
1426 self::$skin->parse('editmembersettings');
1431 * Admin::action_changemembersettings()
1436 static private function action_changemembersettings()
1438 global $member, $CONF, $manager;
1440 $memberid = intRequestVar('memberid');
1443 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
1445 $name = trim(strip_tags(postVar('name')));
1446 $realname = trim(strip_tags(postVar('realname')));
1447 $password = postVar('password');
1448 $repeatpassword = postVar('repeatpassword');
1449 $email = strip_tags(postVar('email'));
1450 $url = strip_tags(postVar('url'));
1451 $adminskin = intPostVar('adminskin');
1452 $bookmarklet = intPostVar('bookmarklet');
1454 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
1455 if ( !preg_match('#^https?://#', $url) )
1457 $url = 'http://' . $url;
1460 $admin = postVar('admin');
1461 $canlogin = postVar('canlogin');
1462 $notes = strip_tags(postVar('notes'));
1463 $locale = postVar('locale');
1465 $mem =& $manager->getMember($memberid);
1467 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
1469 if ( !isValidDisplayName($name) )
1471 self::error(_ERROR_BADNAME);
1475 if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
1477 self::error(_ERROR_NICKNAMEINUSE);
1481 if ( $password != $repeatpassword )
1483 self::error(_ERROR_PASSWORDMISMATCH);
1487 if ( $password && (i18n::strlen($password) < 6) )
1489 self::error(_ERROR_PASSWORDTOOSHORT);
1499 'password' => $password,
1500 'errormessage' => &$pwderror,
1501 'valid' => &$pwdvalid
1503 $manager->notify('PrePasswordSet', $data);
1507 self::error($pwderror);
1513 if ( !NOTIFICATION::address_validation($email) )
1515 self::error(_ERROR_BADMAILADDRESS);
1520 self::error(_ERROR_REALNAMEMISSING);
1523 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
1525 self::error(_ERROR_NOSUCHTRANSLATION);
1529 // check if there will remain at least one site member with both the logon and admin rights
1530 // (check occurs when taking away one of these rights from such a member)
1531 if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
1532 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1535 $r = DB::getResult('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1536 if ( $r->rowCount() < 2 )
1538 self::error(_ERROR_ATLEASTONEADMIN);
1543 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
1545 $mem->setDisplayName($name);
1548 $mem->setPassword($password);
1552 $oldEmail = $mem->getEmail();
1554 $mem->setRealName($realname);
1555 $mem->setEmail($email);
1557 $mem->setNotes($notes);
1558 $mem->setLocale($locale);
1559 $mem->setAdminSkin($adminskin);
1560 $mem->setBookmarklet($bookmarklet);
1562 // only allow super-admins to make changes to the admin status
1563 if ( $member->isAdmin() )
1565 $mem->setAdmin($admin);
1566 $mem->setCanLogin($canlogin);
1569 $autosave = postVar('autosave');
1570 $mem->setAutosave($autosave);
1574 // store plugin options
1575 $aOptions = requestArray('plugoption');
1576 NucleusPlugin::apply_plugin_options($aOptions);
1578 'context' => 'member',
1579 'memberid' => $memberid,
1582 $manager->notify('PostPluginOptionsUpdate', $data);
1584 // if email changed, generate new password
1585 if ( $oldEmail != $mem->getEmail() )
1587 $mem->sendActivationLink('addresschange', $oldEmail);
1589 $mem->newCookieKey();
1591 // only log out if the member being edited is the current member.
1592 if ( $member->getID() == $memberid )
1596 self::action_login(_MSG_ACTIVATION_SENT, 0);
1600 if ( ($mem->getID() == $member->getID())
1601 && ($mem->getDisplayName() != $member->getDisplayName()) )
1603 $mem->newCookieKey();
1605 self::action_login(_MSG_LOGINAGAIN, 0);
1609 self::action_overview(_MSG_SETTINGSCHANGED);
1615 * Admin::action_memberadd()
1621 static private function action_memberadd()
1623 global $member, $manager;
1626 $member->isAdmin() or self::disallow();
1628 if ( postVar('password') != postVar('repeatpassword') )
1630 self::error(_ERROR_PASSWORDMISMATCH);
1634 if ( i18n::strlen(postVar('password')) < 6 )
1636 self::error(_ERROR_PASSWORDTOOSHORT);
1640 $res = Member::create(
1642 postVar('realname'),
1643 postVar('password'),
1647 postVar('canlogin'),
1657 // fire PostRegister event
1658 $newmem = new Member();
1659 $newmem->readFromName(postVar('name'));
1661 'member' => &$newmem
1663 $manager->notify('PostRegister', $data);
1665 self::action_usermanagement();
1670 * Admin::action_forgotpassword()
1675 static private function action_forgotpassword()
1677 self::$skin->parse('forgotpassword');
1682 * Admin::action_activate()
1683 * Account activation
1688 static private function action_activate()
1690 $key = getVar('key');
1691 self::showActivationPage($key);
1696 * Admin::showActivationPage()
1701 static private function showActivationPage($key, $message = '')
1705 // clean up old activation keys
1706 Member::cleanupActivationTable();
1708 // get activation info
1709 $info = Member::getActivationInfo($key);
1713 self::error(_ERROR_ACTIVATE);
1717 $mem =& $manager->getMember($info->vmember);
1721 self::error(_ERROR_ACTIVATE);
1725 /* TODO: we should consider to use the other way insterad of this */
1726 $_POST['ackey'] = $key;
1727 $_POST['bNeedsPasswordChange'] = TRUE;
1729 self::$headMess = $message;
1730 self::$skin->parse('activate');
1735 * Admin::action_activatesetpwd()
1736 * Account activation - set password part
1741 static private function action_activatesetpwd()
1744 $key = postVar('key');
1746 // clean up old activation keys
1747 Member::cleanupActivationTable();
1749 // get activation info
1750 $info = Member::getActivationInfo($key);
1752 if ( !$info || ($info->type == 'addresschange') )
1754 return self::showActivationPage($key, _ERROR_ACTIVATE);
1757 $mem =& $manager->getMember($info->vmember);
1761 return self::showActivationPage($key, _ERROR_ACTIVATE);
1764 $password = postVar('password');
1765 $repeatpassword = postVar('repeatpassword');
1767 if ( $password != $repeatpassword )
1769 return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH);
1772 if ( $password && (i18n::strlen($password) < 6) )
1774 return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
1783 'password' => $password,
1784 'errormessage' => &$pwderror,
1785 'valid' => &$pwdvalid
1787 $manager->notify('PrePasswordSet', $data);
1790 return self::showActivationPage($key,$pwderror);
1797 'type' => 'activation',
1801 $manager->notify('ValidateForm', $data);
1804 return self::showActivationPage($key, $error);
1808 $mem->setPassword($password);
1811 // do the activation
1812 Member::activate($key);
1814 self::$skin->parse('activatesetpwd');
1819 * Admin::action_manageteam()
1825 static private function action_manageteam()
1827 global $member, $manager;
1829 $blogid = intRequestVar('blogid');
1832 $member->blogAdminRights($blogid) or self::disallow();
1834 self::$skin->parse('manageteam');
1839 * Admin::action_teamaddmember()
1840 * Add member to team
1845 static private function action_teamaddmember()
1847 global $member, $manager;
1849 $memberid = intPostVar('memberid');
1850 $blogid = intPostVar('blogid');
1851 $admin = intPostVar('admin');
1854 $member->blogAdminRights($blogid) or self::disallow();
1856 $blog =& $manager->getBlog($blogid);
1857 if ( !$blog->addTeamMember($memberid, $admin) )
1859 self::error(_ERROR_ALREADYONTEAM);
1863 self::action_manageteam();
1868 * Admin::action_teamdelete()
1873 static private function action_teamdelete()
1875 global $member, $manager;
1877 $memberid = intRequestVar('memberid');
1878 $blogid = intRequestVar('blogid');
1881 $member->blogAdminRights($blogid) or self::disallow();
1883 $teammem =& $manager->getMember($memberid);
1884 $blog =& $manager->getBlog($blogid);
1886 self::$skin->parse('teamdelete');
1891 * Admin::action_teamdeleteconfirm()
1896 static private function action_teamdeleteconfirm()
1900 $memberid = intRequestVar('memberid');
1901 $blogid = intRequestVar('blogid');
1903 $error = self::deleteOneTeamMember($blogid, $memberid);
1906 self::error($error);
1909 self::action_manageteam();
1914 * Admin::deleteOneTeamMember()
1919 static public function deleteOneTeamMember($blogid, $memberid)
1921 global $member, $manager;
1923 $blogid = intval($blogid);
1924 $memberid = intval($memberid);
1927 if ( !$member->blogAdminRights($blogid) )
1929 return _ERROR_DISALLOWED;
1932 // check if: - there remains at least one blog admin
1933 // - (there remains at least one team member)
1934 $tmem =& $manager->getMember($memberid);
1941 $manager->notify('PreDeleteTeamMember', $data);
1943 if ( $tmem->isBlogAdmin($blogid) )
1945 /* TODO: why we did double check? */
1946 // check if there are more blog members left and at least one admin
1947 // (check for at least two admins before deletion)
1948 $query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;";
1949 $query = sprintf($query, sql_table('team'), (integer) $blogid);
1950 $r = DB::getResult($query);
1951 if ( $r->rowCount() < 2 )
1953 return _ERROR_ATLEASTONEBLOGADMIN;
1957 $query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;";
1958 $query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid);
1959 DB::execute($query);
1965 $manager->notify('PostDeleteTeamMember', $data);
1971 * Admin::action_teamchangeadmin()
1976 static private function action_teamchangeadmin()
1978 global $manager, $member;
1980 $blogid = intRequestVar('blogid');
1981 $memberid = intRequestVar('memberid');
1984 $member->blogAdminRights($blogid) or self::disallow();
1986 $mem =& $manager->getMember($memberid);
1988 // don't allow when there is only one admin at this moment
1989 if ( $mem->isBlogAdmin($blogid) )
1991 $query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;";
1992 $query = sprintf($query, sql_table('team'), (integer) $blogid);
1993 $r = DB::getResult($query);
1994 if ( $r->rowCount() == 1 )
1996 self::error(_ERROR_ATLEASTONEBLOGADMIN);
2001 if ( $mem->isBlogAdmin($blogid) )
2010 $query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;";
2011 $query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid);
2012 DB::execute($query);
2014 // only show manageteam if member did not change its own admin privileges
2015 if ( $member->isBlogAdmin($blogid) )
2017 self::action_manageteam();
2021 self::action_overview(_MSG_ADMINCHANGED);
2027 * Admin::action_blogsettings()
2032 static private function action_blogsettings()
2034 global $member, $manager;
2036 $blogid = intRequestVar('blogid');
2039 $member->blogAdminRights($blogid) or self::disallow();
2041 $blog =& $manager->getBlog($blogid);
2043 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
2045 self::$skin->parse('blogsettings');
2050 * Admin::action_categorynew()
2055 static private function action_categorynew()
2057 global $member, $manager;
2059 $blogid = intRequestVar('blogid');
2061 $member->blogAdminRights($blogid) or self::disallow();
2063 $cname = postVar('cname');
2064 $cdesc = postVar('cdesc');
2066 if ( !isValidCategoryName($cname) )
2068 self::error(_ERROR_BADCATEGORYNAME);
2072 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d;";
2073 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid);
2074 $res = DB::getResult($query);
2075 if ( $res->rowCount() > 0 )
2077 self::error(_ERROR_DUPCATEGORYNAME);
2081 $blog =& $manager->getBlog($blogid);
2082 $newCatID = $blog->createNewCategory($cname, $cdesc);
2084 self::action_blogsettings();
2089 * Admin::action_categoryedit()
2094 static private function action_categoryedit($catid = '', $blogid = '', $desturl = '')
2096 global $member, $manager;
2098 if ( $blogid == '' )
2100 $blogid = intGetVar('blogid');
2104 $blogid = intval($blogid);
2108 $catid = intGetVar('catid');
2112 $catid = intval($catid);
2115 /* TODO: we should consider to use the other way insterad of this */
2116 $_REQUEST['blogid'] = $blogid;
2117 $_REQUEST['catid'] = $catid;
2118 $_REQUEST['desturl'] = $desturl;
2119 $member->blogAdminRights($blogid) or self::disallow();
2121 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
2123 self::$skin->parse('categoryedit');
2128 * Admin::action_categoryupdate()
2133 static private function action_categoryupdate()
2135 global $member, $manager;
2137 $blogid = intPostVar('blogid');
2138 $catid = intPostVar('catid');
2139 $cname = postVar('cname');
2140 $cdesc = postVar('cdesc');
2141 $desturl = postVar('desturl');
2143 $member->blogAdminRights($blogid) or self::disallow();
2145 if ( !isValidCategoryName($cname) )
2147 self::error(_ERROR_BADCATEGORYNAME);
2151 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d AND not(catid=%d);";
2152 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid, (integer) $catid);
2153 $res = DB::getResult($query);
2154 if ( $res->rowCount() > 0 )
2156 self::error(_ERROR_DUPCATEGORYNAME);
2160 $query = "UPDATE %s SET cname=%s, cdesc=%s WHERE catid=%d;";
2161 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), DB::quoteValue($cdesc), (integer) $catid);
2162 DB::execute($query);
2164 // store plugin options
2165 $aOptions = requestArray('plugoption');
2166 NucleusPlugin::apply_plugin_options($aOptions);
2168 'context' => 'category',
2171 $manager->notify('PostPluginOptionsUpdate', $data);
2179 self::action_blogsettings();
2185 * Admin::action_categorydelete()
2190 static private function action_categorydelete()
2192 global $member, $manager;
2194 $blogid = intRequestVar('blogid');
2195 $catid = intRequestVar('catid');
2197 $member->blogAdminRights($blogid) or self::disallow();
2199 $blog =& $manager->getBlog($blogid);
2201 // check if the category is valid
2202 if ( !$blog->isValidCategory($catid) )
2204 self::error(_ERROR_NOSUCHCATEGORY);
2208 // don't allow deletion of default category
2209 if ( $blog->getDefaultCategory() == $catid )
2211 self::error(_ERROR_DELETEDEFCATEGORY);
2215 // check if catid is the only category left for blogid
2216 $query = "SELECT catid FROM %s WHERE cblog=%d;";
2217 $query = sprintf($query, sql_table('category'), $blogid);
2218 $res = DB::getResult($query);
2219 if ( $res->rowCount() == 1 )
2221 self::error(_ERROR_DELETELASTCATEGORY);
2225 self::$skin->parse('categorydelete');
2230 * Admin::action_categorydeleteconfirm()
2235 static private function action_categorydeleteconfirm()
2237 global $member, $manager;
2239 $blogid = intRequestVar('blogid');
2240 $catid = intRequestVar('catid');
2242 $member->blogAdminRights($blogid) or self::disallow();
2244 $error = self::deleteOneCategory($catid);
2247 self::error($error);
2251 self::action_blogsettings();
2256 * Admin::deleteOneCategory()
2257 * Delete a category by its id
2259 * @param String $catid category id for deleting
2262 static public function deleteOneCategory($catid)
2264 global $manager, $member;
2266 $catid = intval($catid);
2267 $blogid = getBlogIDFromCatID($catid);
2269 if ( !$member->blogAdminRights($blogid) )
2271 return ERROR_DISALLOWED;
2275 $blog =& $manager->getBlog($blogid);
2277 // check if the category is valid
2278 if ( !$blog || !$blog->isValidCategory($catid) )
2280 return _ERROR_NOSUCHCATEGORY;
2283 $destcatid = $blog->getDefaultCategory();
2285 // don't allow deletion of default category
2286 if ( $blog->getDefaultCategory() == $catid )
2288 return _ERROR_DELETEDEFCATEGORY;
2291 // check if catid is the only category left for blogid
2292 $query = "SELECT catid FROM %s WHERE cblog=%d;";
2293 $query = sprintf($query, sql_table('category'), (integer) $blogid);
2295 $res = DB::getResult($query);
2296 if ( $res->rowCount() == 1 )
2298 return _ERROR_DELETELASTCATEGORY;
2301 $data = array('catid' => $catid);
2302 $manager->notify('PreDeleteCategory', $data);
2304 // change category for all items to the default category
2305 $query = "UPDATE %s SET icat=%d WHERE icat=%d;";
2306 $query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid);
2307 DB::execute($query);
2309 // delete all associated plugin options
2310 NucleusPlugin::delete_option_values('category', (integer) $catid);
2313 $query = "DELETE FROM %s WHERE catid=%d;";
2314 $query = sprintf($query, sql_table('category'), (integer) $catid);
2315 DB::execute($query);
2317 $data = array('catid' => $catid);
2318 $manager->notify('PostDeleteCategory', $data);
2323 * Admin::moveOneCategory()
2324 * Delete a category by its id
2326 * @param int $catid category id for move
2327 * @param int $destblogid blog id for destination
2330 static public function moveOneCategory($catid, $destblogid)
2332 global $manager, $member;
2333 $catid = intval($catid);
2334 $destblogid = intval($destblogid);
2335 $blogid = getBlogIDFromCatID($catid);
2336 // mover should have admin rights on both blogs
2337 if (!$member->blogAdminRights($blogid)) {
2338 return _ERROR_DISALLOWED;
2340 if (!$member->blogAdminRights($destblogid)) {
2341 return _ERROR_DISALLOWED;
2343 // cannot move to self
2344 if ($blogid == $destblogid) {
2345 return _ERROR_MOVETOSELF;
2348 $blog =& $manager->getBlog($blogid);
2349 $destblog =& $manager->getBlog($destblogid);
2350 // check if the category is valid
2351 if (!$blog || !$blog->isValidCategory($catid)) {
2352 return _ERROR_NOSUCHCATEGORY;
2354 // don't allow default category to be moved
2355 if ($blog->getDefaultCategory() == $catid) {
2356 return _ERROR_MOVEDEFCATEGORY;
2362 'sourceblog' => &$blog,
2363 'destblog' => &$destblog
2366 // update comments table (cblog)
2370 . sql_table('item') . ' '
2373 $items = sql_query(sprintf($query, $catid));
2374 while ($oItem = sql_fetch_object($items)) {
2376 . sql_table('comment') . ' '
2378 . ' cblog = %d' . ' '
2381 sql_query(sprintf($query, $destblogid, $oItem->inumber));
2384 // update items (iblog)
2386 . sql_table('item') . ' '
2391 sql_query(sprintf($query, $destblogid, $catid));
2395 . sql_table('category') . ' '
2397 . ' cblog = %d' . ' '
2400 sql_query(sprintf($query, $destblogid, $catid));
2405 'sourceblog' => &$blog,
2406 'destblog' => $destblog
2413 * Admin::action_blogsettingsupdate
2414 * Updating blog settings
2419 static private function action_blogsettingsupdate()
2421 global $member, $manager;
2423 $blogid = intRequestVar('blogid');
2425 $member->blogAdminRights($blogid) or self::disallow();
2427 $blog =& $manager->getBlog($blogid);
2429 $notify_address = trim(postVar('notify'));
2430 $shortname = trim(postVar('shortname'));
2431 $updatefile = trim(postVar('update'));
2433 $notifyComment = intPostVar('notifyComment');
2434 $notifyVote = intPostVar('notifyVote');
2435 $notifyNewItem = intPostVar('notifyNewItem');
2437 if ( $notifyComment == 0 )
2441 if ( $notifyVote == 0 )
2445 if ( $notifyNewItem == 0 )
2449 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2451 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
2453 self::error(_ERROR_BADNOTIFY);
2457 if ( !isValidShortName($shortname) )
2459 self::error(_ERROR_BADSHORTBLOGNAME);
2463 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
2465 self::error(_ERROR_DUPSHORTBLOGNAME);
2468 // check if update file is writable
2469 if ( $updatefile && !is_writeable($updatefile) )
2471 self::error(_ERROR_UPDATEFILE);
2475 $blog->setName(trim(postVar('name')));
2476 $blog->setShortName($shortname);
2477 $blog->setNotifyAddress($notify_address);
2478 $blog->setNotifyType($notifyType);
2479 $blog->setMaxComments(postVar('maxcomments'));
2480 $blog->setCommentsEnabled(postVar('comments'));
2481 $blog->setTimeOffset(postVar('timeoffset'));
2482 $blog->setUpdateFile($updatefile);
2483 $blog->setURL(trim(postVar('url')));
2484 $blog->setDefaultSkin(intPostVar('defskin'));
2485 $blog->setDescription(trim(postVar('desc')));
2486 $blog->setPublic(postVar('public'));
2487 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2488 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
2489 $blog->setDefaultCategory(intPostVar('defcat'));
2490 $blog->setSearchable(intPostVar('searchable'));
2491 $blog->setEmailRequired(intPostVar('reqemail'));
2492 $blog->writeSettings();
2494 // store plugin options
2495 $aOptions = requestArray('plugoption');
2496 NucleusPlugin::apply_plugin_options($aOptions);
2499 'context' => 'blog',
2500 'blogid' => $blogid,
2503 $manager->notify('PostPluginOptionsUpdate', $data);
2505 self::action_overview(_MSG_SETTINGSCHANGED);
2510 * Admin::action_deleteblog()
2515 static private function action_deleteblog()
2517 global $member, $CONF, $manager;
2519 $blogid = intRequestVar('blogid');
2521 $member->blogAdminRights($blogid) or self::disallow();
2523 // check if blog is default blog
2524 if ( $CONF['DefaultBlog'] == $blogid )
2526 self::error(_ERROR_DELDEFBLOG);
2530 $blog =& $manager->getBlog($blogid);
2532 self::$skin->parse('deleteblog');
2537 * Admin::action_deleteblogconfirm()
2543 static private function action_deleteblogconfirm()
2545 global $member, $CONF, $manager;
2547 $blogid = intRequestVar('blogid');
2549 $data = array('blogid' => $blogid);
2550 $manager->notify('PreDeleteBlog', $data);
2552 $member->blogAdminRights($blogid) or self::disallow();
2554 // check if blog is default blog
2555 if ( $CONF['DefaultBlog'] == $blogid )
2557 self::error(_ERROR_DELDEFBLOG);
2561 // delete all comments
2562 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
2563 DB::execute($query);
2566 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
2567 DB::execute($query);
2569 // delete all team members
2570 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
2571 DB::execute($query);
2574 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
2575 DB::execute($query);
2577 // delete all categories
2578 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
2579 DB::execute($query);
2581 // delete all associated plugin options
2582 NucleusPlugin::delete_option_values('blog', $blogid);
2584 // delete the blog itself
2585 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
2586 DB::execute($query);
2588 $data = array('blogid' => $blogid);
2589 $manager->notify('PostDeleteBlog', $data);
2591 self::action_overview(_DELETED_BLOG);
2596 * Admin::action_memberdelete()
2601 static private function action_memberdelete()
2603 global $member, $manager;
2605 $memberid = intRequestVar('memberid');
2607 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
2609 $mem =& $manager->getMember($memberid);
2611 self::$skin->parse('memberdelete');
2616 * Admin::action_memberdeleteconfirm()
2621 static private function action_memberdeleteconfirm()
2625 $memberid = intRequestVar('memberid');
2627 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
2629 $error = self::deleteOneMember($memberid);
2632 self::error($error);
2636 if ( $member->isAdmin() )
2638 self::action_usermanagement();
2643 self::action_overview(_DELETED_MEMBER);
2650 * Admin::deleteOneMember()
2651 * Delete a member by id
2654 * @params Integer $memberid member id
2655 * @return String null string or error messages
2657 static public function deleteOneMember($memberid)
2661 $memberid = intval($memberid);
2662 $mem =& $manager->getMember($memberid);
2664 if ( !$mem->canBeDeleted() )
2666 return _ERROR_DELETEMEMBER;
2669 $data = array('member' => &$mem);
2670 $manager->notify('PreDeleteMember', $data);
2672 /* unlink comments from memberid */
2675 $query = "UPDATE %s SET cmember=0, cuser=%s WHERE cmember=%d;";
2676 $query = sprintf($query, sql_table('comment'), DB::quoteValue($mem->getDisplayName()), $memberid);
2677 DB::execute($query);
2680 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
2681 DB::execute($query);
2683 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
2684 DB::execute($query);
2686 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
2687 DB::execute($query);
2689 // delete all associated plugin options
2690 NucleusPlugin::delete_option_values('member', $memberid);
2692 $data = array('member' => &$mem);
2693 $manager->notify('PostDeleteMember', $data);
2699 * Admin::action_createnewlog()
2704 static private function action_createnewlog()
2706 global $member, $CONF, $manager;
2708 // Only Super-Admins can do this
2709 $member->isAdmin() or self::disallow();
2711 self::$skin->parse('createnewlog');
2716 * Admin::action_addnewlog()
2721 static private function action_addnewlog()
2723 global $member, $manager, $CONF;
2725 // Only Super-Admins can do this
2726 $member->isAdmin() or self::disallow();
2728 $bname = trim(postVar('name'));
2729 $bshortname = trim(postVar('shortname'));
2730 $btimeoffset = postVar('timeoffset');
2731 $bdesc = trim(postVar('desc'));
2732 $bdefskin = postVar('defskin');
2734 if ( !isValidShortName($bshortname) )
2736 self::error(_ERROR_BADSHORTBLOGNAME);
2740 if ( $manager->existsBlog($bshortname) )
2742 self::error(_ERROR_DUPSHORTBLOGNAME);
2748 'shortname' => &$bshortname,
2749 'timeoffset' => &$btimeoffset,
2750 'description' => &$bdesc,
2751 'defaultskin' => &$bdefskin
2753 $manager->notify('PreAddBlog', $data);
2755 // add slashes for sql queries
2756 $bname = DB::quoteValue($bname);
2757 $bshortname = DB::quoteValue($bshortname);
2758 $btimeoffset = DB::quoteValue($btimeoffset);
2759 $bdesc = DB::quoteValue($bdesc);
2760 $bdefskin = DB::quoteValue($bdefskin);
2763 $query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES (%s, %s, %s, %s, %s);";
2764 $query = sprintf($query, sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin);
2765 DB::execute($query);
2767 $blogid = DB::getInsertId();
2768 $blog =& $manager->getBlog($blogid);
2770 // create new category
2771 $catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME);
2772 $catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC);
2774 $query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)';
2775 DB::execute(sprintf($query, sql_table('category'), (integer) $blogid, DB::quoteValue($catdefname), DB::quoteValue($catdefdesc)));
2776 $catid = DB::getInsertId();
2778 // set as default category
2779 $blog->setDefaultCategory($catid);
2780 $blog->writeSettings();
2782 // create team member
2783 $query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);";
2784 $query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid);
2785 DB::execute($query);
2787 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
2788 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
2791 $blog->getDefaultCategory(),
2792 $itemdeftitle,$itemdefbody,
2796 $blog->getCorrectTime(),
2802 $data = array('blog' => &$blog);
2803 $manager->notify('PostAddBlog', $data);
2807 'name' => _EBLOGDEFAULTCATEGORY_NAME,
2808 'description' => _EBLOGDEFAULTCATEGORY_DESC,
2811 $manager->notify('PostAddCategory', $data);
2813 /* TODO: we should consider to use the other way insterad of this */
2814 $_REQUEST['blogid'] = $blogid;
2815 $_REQUEST['catid'] = $catid;
2816 self::$skin->parse('addnewlog');
2821 * Admin::action_addnewlog2()
2826 static private function action_addnewlog2()
2828 global $member, $manager;
2829 $blogid = intRequestVar('blogid');
2831 $member->blogAdminRights($blogid) or self::disallow();
2833 $burl = requestVar('url');
2835 $blog =& $manager->getBlog($blogid);
2836 $blog->setURL(trim($burl));
2837 $blog->writeSettings();
2839 self::action_overview(_MSG_NEWBLOG);
2844 * Admin::action_skinieoverview()
2849 static private function action_skinieoverview()
2851 global $member, $DIR_LIBS, $manager;
2853 $member->isAdmin() or self::disallow();
2855 include_once($DIR_LIBS . 'skinie.php');
2857 self::$skin->parse('skinieoverview');
2862 * Admin::action_skinieimport()
2867 static private function action_skinieimport()
2871 $member->isAdmin() or self::disallow();
2873 $skinFileRaw = postVar('skinfile');
2874 $mode = postVar('mode');
2876 $error = self::skinieimport($mode, $skinFileRaw);
2879 self::error($error);
2883 self::$skin->parse('skinieimport');
2888 * Admin::action_skiniedoimport()
2893 static private function action_skiniedoimport()
2895 global $member, $DIR_LIBS, $DIR_SKINS;
2897 $member->isAdmin() or self::disallow();
2899 // load skinie class
2900 include_once($DIR_LIBS . 'skinie.php');
2902 $mode = postVar('mode');
2903 $skinFileRaw = postVar('skinfile');
2904 $allowOverwrite = intPostVar('overwrite');
2906 $error = self::skiniedoimport($mode, $skinFileRaw, $allowOverwrite);
2913 self::$skin->parse('skiniedoimport');
2918 * Admin::action_skinieexport()
2923 static private function action_skinieexport()
2927 $member->isAdmin() or self::disallow();
2929 $aSkins = requestIntArray('skin');
2930 $aTemplates = requestIntArray('template');
2931 $info = postVar('info');
2933 self::skinieexport($aSkins, $aTemplates, $info);
2939 * Admin::action_templateoverview()
2944 static private function action_templateoverview()
2946 global $member, $manager;
2948 $member->isAdmin() or self::disallow();
2950 self::$skin->parse('templateoverview');
2955 * Admin::action_templateedit()
2957 * @param string $msg message for pageheader
2960 static private function action_templateedit($msg = '')
2962 global $member, $manager;
2965 self::$headMess = $msg;
2968 $templateid = intRequestVar('templateid');
2970 $member->isAdmin() or self::disallow();
2972 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(javascript/templateEdit.js)%>\"></script>\n";
2973 self::$extrahead .= "<script type=\"text/javascript\">setTemplateEditText('" . Entity::hsc(_EDITTEMPLATE_EMPTY) . "');</script>\n";
2975 self::$skin->parse('templateedit');
2980 * Admin::action_templateupdate()
2985 static private function action_templateupdate()
2987 global $member,$manager;
2989 $templateid = intRequestVar('templateid');
2991 $member->isAdmin() or self::disallow();
2993 $name = postVar('tname');
2994 $desc = postVar('tdesc');
2996 if ( !isValidTemplateName($name) )
2998 self::error(_ERROR_BADTEMPLATENAME);
3002 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
3004 self::error(_ERROR_DUPTEMPLATENAME);
3008 // 1. Remove all template parts
3009 $query = "DELETE FROM %s WHERE tdesc=%d;";
3010 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3011 DB::execute($query);
3013 // 2. Update description
3014 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
3015 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
3016 DB::execute($query);
3018 // 3. Add non-empty template parts
3019 self::addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));
3020 self::addToTemplate($templateid, 'ITEM', postVar('ITEM'));
3021 self::addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));
3022 self::addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));
3023 self::addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));
3024 self::addToTemplate($templateid, 'NEW', postVar('NEW'));
3025 self::addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));
3026 self::addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));
3027 self::addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));
3028 self::addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));
3029 self::addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));
3030 self::addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));
3031 self::addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));
3032 self::addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));
3033 self::addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));
3034 self::addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
3035 self::addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
3036 self::addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
3037 self::addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
3038 self::addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
3039 self::addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
3040 self::addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
3041 self::addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
3042 self::addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
3043 self::addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));
3044 self::addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));
3045 self::addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));
3046 self::addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));
3047 self::addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));
3048 self::addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));
3049 self::addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
3050 self::addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));
3051 self::addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
3052 self::addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
3054 $data = array('fields' => array());
3055 $manager->notify('TemplateExtraFields', $data);
3056 foreach ( $data['fields'] as $pfkey=>$pfvalue )
3058 foreach ( $pfvalue as $pffield => $pfdesc )
3060 self::addToTemplate($templateid, $pffield, postVar($pffield));
3064 // jump back to template edit
3065 self::action_templateedit(_TEMPLATE_UPDATED);
3070 * Admin::addToTemplate()
3072 * @param Integer $id ID for template
3073 * @param String $partname parts name
3074 * @param String $content template contents
3075 * @return Integer record index
3078 static private function addToTemplate($id, $partname, $content)
3080 // don't add empty parts:
3081 if ( !trim($content) )
3086 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, %s, %s);";
3087 $query = sprintf($query, sql_table('template'), (integer) $id, DB::quoteValue($partname), DB::quoteValue($content));
3088 if ( DB::execute($query) === FALSE )
3090 $err = DB::getError();
3091 exit(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
3093 return DB::getInsertId();
3097 * Admin::action_templatedelete()
3102 static private function action_templatedelete()
3104 global $member, $manager;
3106 $member->isAdmin() or self::disallow();
3108 $templateid = intRequestVar('templateid');
3109 // TODO: check if template can be deleted
3111 self::$skin->parse('templatedelete');
3116 * Admin::action_templatedeleteconfirm()
3121 static private function action_templatedeleteconfirm()
3123 global $member, $manager;
3125 $templateid = intRequestVar('templateid');
3127 $member->isAdmin() or self::disallow();
3129 $data = array('templateid' => $templateid);
3130 $manager->notify('PreDeleteTemplate', $data);
3132 // 1. delete description
3133 DB::execute('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
3136 DB::execute('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
3139 $data = array('templateid' => $templateid);
3140 $manager->notify('PostDeleteTemplate', $data);
3142 self::action_templateoverview();
3147 * Admin::action_templatenew()
3152 static private function action_templatenew()
3156 $member->isAdmin() or self::disallow();
3158 $name = postVar('name');
3159 $desc = postVar('desc');
3161 if ( !isValidTemplateName($name) )
3163 self::error(_ERROR_BADTEMPLATENAME);
3167 if ( Template::exists($name) )
3169 self::error(_ERROR_DUPTEMPLATENAME);
3173 $newTemplateId = Template::createNew($name, $desc);
3175 self::action_templateoverview();
3180 * Admin::action_templateclone()
3185 static private function action_templateclone()
3189 $templateid = intRequestVar('templateid');
3191 $member->isAdmin() or self::disallow();
3193 // 1. read old template
3194 $name = Template::getNameFromId($templateid);
3195 $desc = Template::getDesc($templateid);
3197 // 2. create desc thing
3198 $name = "cloned" . $name;
3200 // if a template with that name already exists:
3201 if ( Template::exists($name) )
3204 while (Template::exists($name . $i))
3211 $newid = Template::createNew($name, $desc);
3214 // go through parts of old template and add them to the new one
3215 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
3216 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3218 $res = DB::getResult($query);
3219 foreach ( $res as $row)
3221 self::addToTemplate($newid, $row['tpartname'], $row['tcontent']);
3224 self::action_templateoverview();
3229 * Admin::action_admintemplateoverview()
3234 static private function action_admintemplateoverview()
3237 $member->isAdmin() or self::disallow();
3238 self::$skin->parse('admntemplateoverview');
3243 * Admin::action_admintemplateedit()
3245 * @param string $msg message for pageheader
3248 static private function action_admintemplateedit($msg = '')
3250 global $member, $manager;
3253 self::$headMess = $msg;
3255 $member->isAdmin() or self::disallow();
3257 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(javascript/templateEdit.js)%>\"></script>\n";
3258 self::$extrahead .= '<script type="text/javascript">setTemplateEditText("' . Entity::hsc(_EDITTEMPLATE_EMPTY) . '");</script>' . "\n";
3260 self::$skin->parse('admintemplateedit');
3265 * Admin::action_admintemplateupdate()
3270 static private function action_admintemplateupdate()
3272 global $member, $manager;
3273 $templateid = intRequestVar('templateid');
3274 $member->isAdmin() or self::disallow();
3275 $name = postVar('tname');
3276 $desc = postVar('tdesc');
3278 if ( !isValidTemplateName($name) )
3280 self::error(_ERROR_BADTEMPLATENAME);
3284 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
3286 self::error(_ERROR_DUPTEMPLATENAME);
3290 // 1. Remove all template parts
3291 $query = "DELETE FROM %s WHERE tdesc=%d;";
3292 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3293 DB::execute($query);
3295 // 2. Update description
3296 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
3297 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
3298 DB::execute($query);
3300 // 3. Add non-empty template parts
3301 self::addToTemplate($templateid, 'NORMALSKINLIST_HEAD', postVar('NORMALSKINLIST_HEAD'));
3302 self::addToTemplate($templateid, 'NORMALSKINLIST_BODY', postVar('NORMALSKINLIST_BODY'));
3303 self::addToTemplate($templateid, 'NORMALSKINLIST_FOOT', postVar('NORMALSKINLIST_FOOT'));
3304 self::addToTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON', postVar('ADMIN_CUSTOMHELPLINK_ICON'));
3305 self::addToTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR', postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
3306 self::addToTemplate($templateid, 'ADMIN_BLOGLINK', postVar('ADMIN_BLOGLINK'));
3307 self::addToTemplate($templateid, 'ADMIN_BATCHLIST', postVar('ADMIN_BATCHLIST'));
3308 self::addToTemplate($templateid, 'ACTIVATE_FORGOT_TITLE', postVar('ACTIVATE_FORGOT_TITLE'));
3309 self::addToTemplate($templateid, 'ACTIVATE_FORGOT_TEXT', postVar('ACTIVATE_FORGOT_TEXT'));
3310 self::addToTemplate($templateid, 'ACTIVATE_REGISTER_TITLE', postVar('ACTIVATE_REGISTER_TITLE'));
3311 self::addToTemplate($templateid, 'ACTIVATE_REGISTER_TEXT', postVar('ACTIVATE_REGISTER_TEXT'));
3312 self::addToTemplate($templateid, 'ACTIVATE_CHANGE_TITLE', postVar('ACTIVATE_CHANGE_TITLE'));
3313 self::addToTemplate($templateid, 'ACTIVATE_CHANGE_TEXT', postVar('ACTIVATE_CHANGE_TEXT'));
3314 self::addToTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME', postVar('TEMPLATE_EDIT_EXPLUGNAME'));
3315 self::addToTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD', postVar('TEMPLATE_EDIT_ROW_HEAD'));
3316 self::addToTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL', postVar('TEMPLATE_EDIT_ROW_TAIL'));
3317 self::addToTemplate($templateid, 'SPECIALSKINLIST_HEAD', postVar('SPECIALSKINLIST_HEAD'));
3318 self::addToTemplate($templateid, 'SPECIALSKINLIST_BODY', postVar('SPECIALSKINLIST_BODY'));
3319 self::addToTemplate($templateid, 'SPECIALSKINLIST_FOOT', postVar('SPECIALSKINLIST_FOOT'));
3320 self::addToTemplate($templateid, 'SYSTEMINFO_GDSETTINGS', postVar('SYSTEMINFO_GDSETTINGS'));
3321 self::addToTemplate($templateid, 'BANLIST_DELETED_LIST', postVar('BANLIST_DELETED_LIST'));
3322 self::addToTemplate($templateid, 'INSERT_PLUGOPTION_TITLE', postVar('INSERT_PLUGOPTION_TITLE'));
3323 self::addToTemplate($templateid, 'INSERT_PLUGOPTION_BODY', postVar('INSERT_PLUGOPTION_BODY'));
3324 self::addToTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN', postVar('INPUTYESNO_TEMPLATE_ADMIN'));
3325 self::addToTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL', postVar('INPUTYESNO_TEMPLATE_NORMAL'));
3326 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD', postVar('ADMIN_SPECIALSKINLIST_HEAD'));
3327 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY', postVar('ADMIN_SPECIALSKINLIST_BODY'));
3328 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT', postVar('ADMIN_SPECIALSKINLIST_FOOT'));
3329 self::addToTemplate($templateid, 'SKINIE_EXPORT_LIST', postVar('SKINIE_EXPORT_LIST'));
3330 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD', postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
3331 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY', postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
3332 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT', postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
3333 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
3334 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
3335 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
3336 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
3337 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
3338 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
3339 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
3340 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
3341 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
3342 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
3343 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
3344 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
3345 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
3346 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
3347 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
3348 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
3349 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
3350 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
3351 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
3352 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
3353 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
3354 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
3355 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
3356 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
3357 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
3358 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
3359 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
3360 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
3361 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
3362 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
3363 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
3364 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
3365 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
3366 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
3367 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
3368 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
3369 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
3370 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
3371 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
3372 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
3373 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
3374 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
3375 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
3376 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
3377 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
3378 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
3379 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
3380 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
3381 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
3382 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
3383 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
3384 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
3385 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
3386 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
3387 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
3388 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
3389 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
3390 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
3391 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
3392 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
3393 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
3394 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
3395 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
3396 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
3397 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
3398 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
3399 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
3400 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
3401 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
3402 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE', postVar('PLUGIN_QUICKMENU_TITLE'));
3403 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD', postVar('PLUGIN_QUICKMENU_HEAD'));
3404 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_BODY', postVar('PLUGIN_QUICKMENU_BODY'));
3405 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT', postVar('PLUGIN_QUICKMENU_FOOT'));
3407 $data = array('fields' => array());
3408 $manager->notify('AdminTemplateExtraFields', $data);
3409 foreach ( $data['fields'] as $pfkey => $pfvalue )
3411 foreach ( $pfvalue as $pffield => $pfdesc )
3413 self::addToTemplate($templateid, $pffield, postVar($pffield));
3417 // jump back to template edit
3418 self::action_admintemplateedit(_TEMPLATE_UPDATED);
3423 * Admin::action_admintemplatedelete()
3428 static private function action_admintemplatedelete()
3430 global $member, $manager;
3431 $member->isAdmin() or self::disallow();
3433 // TODO: check if template can be deleted
3434 self::$skin->parse('admintemplatedelete');
3439 * Admin::action_admintemplatedeleteconfirm()
3444 static private function action_admintemplatedeleteconfirm()
3446 global $member, $manager;
3448 $templateid = intRequestVar('templateid');
3449 $member->isAdmin() or self::disallow();
3451 $data = array('templateid' => $templateid);
3452 $manager->notify('PreDeleteAdminTemplate', $data);
3454 // 1. delete description
3455 $query = "DELETE FROM %s WHERE tdnumber=%s;";
3456 $query = sprintf($query, sql_table('template_desc'), (integer) $templateid);
3457 DB::execute($query);
3460 $query = "DELETE FROM %s WHERE tdesc=%d;";
3461 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3462 DB::execute($query);
3464 $data = array('templateid' => $templateid);
3465 $manager->notify('PostDeleteAdminTemplate', $data);
3467 self::action_admintemplateoverview();
3472 * Admin::action_admintemplatenew()
3477 static private function action_admintemplatenew()
3480 $member->isAdmin() or self::disallow();
3481 $name = postVar('name');
3482 $desc = postVar('desc');
3484 if ( !isValidTemplateName($name) )
3486 self::error(_ERROR_BADTEMPLATENAME);
3489 else if ( !preg_match('#^admin/#', $name) )
3491 self::error(_ERROR_BADADMINTEMPLATENAME);
3494 else if ( Template::exists($name) )
3496 self::error(_ERROR_DUPTEMPLATENAME);
3500 $newTemplateId = Template::createNew($name, $desc);
3501 self::action_admintemplateoverview();
3506 * Admin::action_admintemplateclone()
3511 static private function action_admintemplateclone()
3514 $templateid = intRequestVar('templateid');
3515 $member->isAdmin() or self::disallow();
3517 // 1. read old template
3518 $name = Template::getNameFromId($templateid);
3519 $desc = Template::getDesc($templateid);
3521 // 2. create desc thing
3522 $name = $name . "cloned";
3524 // if a template with that name already exists:
3525 if ( Template::exists($name) )
3528 while ( Template::exists($name . $i) )
3535 $newid = Template::createNew($name, $desc);
3538 // go through parts of old template and add them to the new one
3539 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
3540 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3542 $res = DB::getResult($query);
3543 foreach ( $res as $row )
3545 self::addToTemplate($newid, $row['tpartname'], $row['tcontent']);
3548 self::action_admintemplateoverview();
3553 * Admin::action_skinoverview()
3558 static private function action_skinoverview()
3560 global $member, $manager;
3562 $member->isAdmin() or self::disallow();
3564 self::$skin->parse('skinoverview');
3569 * Admin::action_skinnew()
3574 static private function action_skinnew()
3578 $member->isAdmin() or self::disallow();
3580 $name = trim(postVar('name'));
3581 $desc = trim(postVar('desc'));
3583 if ( !isValidSkinName($name) )
3585 self::error(_ERROR_BADSKINNAME);
3588 else if ( SKIN::exists($name) )
3590 self::error(_ERROR_DUPSKINNAME);
3594 SKIN::createNew($name, $desc);
3596 self::action_skinoverview();
3601 * Admin::action_skinedit()
3606 static private function action_skinedit()
3610 $member->isAdmin() or self::disallow();
3612 self::$skin->parse('skinedit');
3617 * Admin::action_skineditgeneral()
3622 static private function action_skineditgeneral()
3626 $skinid = intRequestVar('skinid');
3628 $member->isAdmin() or self::disallow();
3630 $error = self::skineditgeneral($skinid);
3633 self::error($error);
3637 self::action_skinedit();
3641 static private function action_skinedittype($msg = '')
3645 $member->isAdmin() or self::disallow();
3649 self::$headMess = $msg;
3652 $type = requestVar('type');
3653 $type = trim($type);
3654 $type = strtolower($type);
3656 if ( !isValidShortName($type) )
3658 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
3662 self::$skin->parse('skinedittype');
3667 * Admin::action_skinupdate()
3672 static private function action_skinupdate()
3674 global $manager, $member;
3676 $skinid = intRequestVar('skinid');
3677 $content = trim(postVar('content'));
3678 $type = postVar('type');
3680 $member->isAdmin() or self::disallow();
3682 $skin =& $manager->getSKIN($skinid);
3683 $skin->update($type, $content);
3685 self::action_skinedittype(_SKIN_UPDATED);
3690 * Admin::action_skindelete()
3695 static private function action_skindelete()
3697 global $CONF, $member;
3699 $member->isAdmin() or self::disallow();
3701 $skinid = intRequestVar('skinid');
3703 // don't allow default skin to be deleted
3704 if ( $skinid == $CONF['BaseSkin'] )
3706 self::error(_ERROR_DEFAULTSKIN);
3710 // don't allow deletion of default skins for blogs
3711 $query = "SELECT bname FROM %s WHERE bdefskin=%d";
3712 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
3714 $name = DB::getValue($query);
3717 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
3721 self::$skin->parse('skindelete');
3726 * Admin::action_skindeleteconfirm()
3731 static private function action_skindeleteconfirm()
3733 global $member, $CONF;
3735 $member->isAdmin() or self::disallow();
3737 $skinid = intRequestVar('skinid');
3739 // don't allow default skin to be deleted
3740 if ( $skinid == $CONF['BaseSkin'] )
3742 self::error(_ERROR_DEFAULTSKIN);
3746 // don't allow deletion of default skins for blogs
3747 $query = "SELECT bname FROM %s WHERE bdefskin=%d;";
3748 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
3750 $name = DB::getValue($query);
3753 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
3757 self::skindeleteconfirm($skinid);
3759 self::action_skinoverview();
3764 * Admin::action_skinremovetype()
3769 static private function action_skinremovetype()
3771 global $member, $CONF;
3773 $member->isAdmin() or self::disallow();
3775 $skinid = intRequestVar('skinid');
3776 $skintype = requestVar('type');
3778 if ( !isValidShortName($skintype) )
3780 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
3784 self::$skin->parse('skinremovetype');
3789 * Admin::action_skinremovetypeconfirm()
3794 static private function action_skinremovetypeconfirm()
3798 $member->isAdmin() or self::disallow();
3800 $skinid = intRequestVar('skinid');
3801 $skintype = requestVar('type');
3803 $error = self::skinremovetypeconfirm($skinid, $skintype);
3806 self::error($error);
3810 self::action_skinedit();
3815 * Admin::action_skinclone()
3820 static private function action_skinclone()
3824 $member->isAdmin() or self::disallow();
3826 $skinid = intRequestVar('skinid');
3828 self::skinclone($skinid);
3830 self::action_skinoverview();
3835 * Admin::action_adminskinoverview()
3840 static private function action_adminskinoverview()
3844 $member->isAdmin() or self::disallow();
3846 self::$skin->parse('adminskinoverview');
3851 * Admin::action_adminskinnew()
3856 static private function action_adminskinnew()
3860 $member->isAdmin() or self::disallow();
3862 $name = trim(postVar('name'));
3863 $desc = trim(postVar('desc'));
3865 if ( !isValidSkinName($name) )
3867 self::error(_ERROR_BADSKINNAME);
3870 else if ( !preg_match('#^admin/#', $name) )
3872 self::error(_ERROR_BADADMINSKINNAME);
3875 else if ( Skin::exists($name) )
3877 self::error(_ERROR_DUPSKINNAME);
3881 Skin::createNew($name, $desc);
3883 self::action_adminskinoverview();
3888 * Admin::action_adminskinedit()
3893 static private function action_adminskinedit()
3897 $member->isAdmin() or self::disallow();
3899 self::$skin->parse('adminskinedit');
3905 * Admin::action_adminskineditgeneral()
3910 static private function action_adminskineditgeneral()
3914 $skinid = intRequestVar('skinid');
3916 $member->isAdmin() or self::disallow();
3918 $error = self::skineditgeneral($skinid, 'AdminActions');
3921 self::error($error);
3925 self::action_adminskinedit();
3930 * Admin::action_adminskinedittype()
3932 * @param string $msg message for pageheader
3935 static private function action_adminskinedittype($msg = '')
3939 $member->isAdmin() or self::disallow();
3943 self::$headMess = $msg;
3945 $type = requestVar('type');
3946 $type = trim($type);
3947 $type = strtolower($type);
3949 if ( !isValidShortName($type) )
3951 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
3955 self::$skin->parse('adminskinedittype');
3960 * Admin::action_adminskinupdate()
3965 static private function action_adminskinupdate()
3967 global $manager, $member;
3969 $skinid = intRequestVar('skinid');
3970 $content = trim(postVar('content'));
3971 $type = postVar('type');
3973 $member->isAdmin() or self::disallow();
3975 $skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
3976 $skin->update($type, $content);
3978 self::action_adminskinedittype(_SKIN_UPDATED);
3983 * Admin::action_adminskindelete()
3988 static private function action_adminskindelete()
3990 global $CONF, $member;
3992 $member->isAdmin() or self::disallow();
3994 $skinid = intRequestVar('skinid');
3996 // don't allow default skin to be deleted
3997 if ( $skinid == $CONF['AdminSkin'] || $skinid == $CONF['BookmarkletSkin'] )
3999 self::error(_ERROR_DEFAULTSKIN);
4003 /* don't allow if someone use it as a default*/
4004 $query = 'SELECT * FROM %s WHERE madminskin = %d or mbkmklt = %d;';
4005 $res = DB::getResult(sprintf($query, sql_table('member'), $skinid, $skinid));
4008 while ( $row = $res->fetch() ) {
4009 $members[] = $row['mrealname'];
4011 if ( count($members) )
4013 self::error(_ERROR_SKINDEFDELETE . implode(' ' . _AND . ' ', $members));
4017 self::$skin->parse('adminskindelete');
4022 * Admin::action_adminskindeleteconfirm()
4027 static private function action_adminskindeleteconfirm()
4029 global $member, $CONF;
4031 $member->isAdmin() or self::disallow();
4033 $skinid = intRequestVar('skinid');
4035 // don't allow default skin to be deleted
4036 if ( $skinid == $CONF['AdminSkin'] || $skinid == $CONF['BookmarkletSkin'] )
4038 self::error(_ERROR_DEFAULTSKIN);
4042 /* don't allow if someone use it as a default*/
4043 $query = 'SELECT * FROM %s WHERE madminskin = %d or mbkmklt = %d;';
4044 $res = DB::getResult(sprintf($query, sql_table('member'), $skinid, $skinid));
4047 while ( $row = $res->fetch() ) {
4048 $members[] = $row['mrealname'];
4050 if ( count($members) )
4052 self::error(_ERROR_SKINDEFDELETE . implode(' ' . _AND . ' ', $members));
4056 self::skindeleteconfirm($skinid);
4058 self::action_adminskinoverview();
4063 * Admin::action_adminskinremovetype()
4068 static private function action_adminskinremovetype()
4070 global $member, $CONF;
4072 $member->isAdmin() or self::disallow();
4074 $skinid = intRequestVar('skinid');
4075 $skintype = requestVar('type');
4077 if ( !isValidShortName($skintype) )
4079 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
4083 self::$skin->parse('adminskinremovetype');
4088 * Admin::action_adminskinremovetypeconfirm()
4093 static private function action_adminskinremovetypeconfirm()
4097 $member->isAdmin() or self::disallow();
4099 $skinid = intRequestVar('skinid');
4100 $skintype = requestVar('type');
4102 $error = self::skinremovetypeconfirm($skinid, $skintype);
4105 self::error($error);
4109 self::action_adminskinedit();
4114 * Admin::action_adminskinclone()
4119 static private function action_adminskinclone()
4123 $member->isAdmin() or self::disallow();
4125 $skinid = intRequestVar('skinid');
4127 self::skinclone($skinid, 'AdminActions');
4129 self::action_adminskinoverview();
4134 * Admin::action_adminskinieoverview()
4139 static private function action_adminskinieoverview()
4143 $member->isAdmin() or self::disallow();
4145 self::$skin->parse('adminskinieoverview');
4150 * Admin::action_adminskinieimport()
4155 static private function action_adminskinieimport()
4159 $member->isAdmin() or self::disallow();
4161 $skinFileRaw = postVar('skinfile');
4162 $mode = postVar('mode');
4164 $error = self::skinieimport($mode, $skinFileRaw);
4167 self::error($error);
4171 if ( !is_object(self::$skin) )
4173 self::action_adminskiniedoimport();
4177 self::$skin->parse('adminskinieimport');
4183 * Admin::action_adminskiniedoimport()
4188 static private function action_adminskiniedoimport()
4190 global $DIR_SKINS, $member;
4192 $member->isAdmin() or self::disallow();
4194 $mode = postVar('mode');
4195 $skinFileRaw = postVar('skinfile');
4196 $allowOverwrite = intPostVar('overwrite');
4198 $error = self::skiniedoimport($mode, $skinFileRaw, $allowOverwrite);
4201 self::error($error);
4205 if ( !is_object(self::$skin) )
4208 $query = "SELECT min(sdnumber) FROM %s WHERE sdname != 'admin/bookmarklet' AND sdname LIKE 'admin/%%'";
4209 $query = sprintf($query, sql_table('skin_desc'));
4210 $res = intval(DB::getValue($query));
4211 $query = "UPDATE %s SET value = %d WHERE name = 'AdminSkin'";
4212 $query = sprintf($query, sql_table('config'), $res);
4213 DB::execute($query);
4214 $skin = new Skin(0, 'AdminActions', 'AdminSkin');
4215 $skin->parse('importAdmin', $DIR_SKINS . 'admin/defaultimporter.skn');
4219 self::$skin->parse('adminskiniedoimport');
4225 * Admin::action_adminskinieexport()
4230 static private function action_adminskinieexport()
4234 $member->isAdmin() or self::disallow();
4236 // load skinie class
4237 $aSkins = requestIntArray('skin');
4238 $aTemplates = requestIntArray('template');
4239 $info = postVar('info');
4241 self::skinieexport($aSkins, $aTemplates, $info);
4247 * Admin::action_settingsedit()
4252 static private function action_settingsedit()
4254 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
4256 $member->isAdmin() or self::disallow();
4258 self::$skin->parse('settingsedit');
4263 * Admin::action_settingsupdate()
4264 * Update $CONFIG and redirect
4269 static private function action_settingsupdate()
4271 global $member, $CONF;
4273 $member->isAdmin() or self::disallow();
4275 // check if email address for admin is valid
4276 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
4278 self::error(_ERROR_BADMAILADDRESS);
4283 self::updateConfig('DefaultBlog', postVar('DefaultBlog'));
4284 self::updateConfig('BaseSkin', postVar('BaseSkin'));
4285 self::updateConfig('IndexURL', postVar('IndexURL'));
4286 self::updateConfig('AdminURL', postVar('AdminURL'));
4287 self::updateConfig('PluginURL', postVar('PluginURL'));
4288 self::updateConfig('SkinsURL', postVar('SkinsURL'));
4289 self::updateConfig('ActionURL', postVar('ActionURL'));
4290 self::updateConfig('Locale', postVar('Locale'));
4291 self::updateConfig('AdminEmail', postVar('AdminEmail'));
4292 self::updateConfig('SessionCookie', postVar('SessionCookie'));
4293 self::updateConfig('AllowMemberCreate', postVar('AllowMemberCreate'));
4294 self::updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
4295 self::updateConfig('NonmemberMail', postVar('NonmemberMail'));
4296 self::updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
4297 self::updateConfig('SiteName', postVar('SiteName'));
4298 self::updateConfig('NewMemberCanLogon', postVar('NewMemberCanLogon'));
4299 self::updateConfig('DisableSite', postVar('DisableSite'));
4300 self::updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
4301 self::updateConfig('LastVisit', postVar('LastVisit'));
4302 self::updateConfig('MediaURL', postVar('MediaURL'));
4303 self::updateConfig('AllowedTypes', postVar('AllowedTypes'));
4304 self::updateConfig('AllowUpload', postVar('AllowUpload'));
4305 self::updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
4306 self::updateConfig('MediaPrefix', postVar('MediaPrefix'));
4307 self::updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
4308 self::updateConfig('DisableJsTools', postVar('DisableJsTools'));
4309 self::updateConfig('CookieDomain', postVar('CookieDomain'));
4310 self::updateConfig('CookiePath', postVar('CookiePath'));
4311 self::updateConfig('CookieSecure', postVar('CookieSecure'));
4312 self::updateConfig('URLMode', postVar('URLMode'));
4313 self::updateConfig('CookiePrefix', postVar('CookiePrefix'));
4314 self::updateConfig('DebugVars', postVar('DebugVars'));
4315 self::updateConfig('DefaultListSize', postVar('DefaultListSize'));
4316 self::updateConfig('AdminCSS', postVar('AdminCSS'));
4317 self::updateConfig('AdminSkin', postVar('adminskin'));
4318 self::updateConfig('BookmarkletSkin', postVar('bookmarklet'));
4320 // load new config and redirect (this way, the new locale will be used is necessary)
4321 // note that when changing cookie settings, this redirect might cause the user
4322 // to have to log in again.
4324 redirect($CONF['AdminURL'] . '?action=manage');
4329 * Admin::action_systemoverview()
4330 * Output system overview
4335 static private function action_systemoverview()
4337 self::$skin->parse('systemoverview');
4342 * Admin::updateConfig()
4344 * @param string $name
4345 * @param string $val
4346 * @return integer return the ID in which the latest query posted
4348 static private function updateConfig($name, $val)
4350 $query = "UPDATE %s SET value=%s WHERE name=%s";
4351 $query = sprintf($query, sql_table('config'), DB::quoteValue($val), DB::quoteValue($name));
4352 if ( DB::execute($query) === FALSE )
4354 $err = DB::getError();
4355 die(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
4357 return DB::getInsertId();
4364 * @param string $msg message that will be shown
4367 static public function error($msg)
4369 self::$headMess = $msg;
4370 self::$skin->parse('adminerrorpage');
4376 * add error log and show error page
4381 static public function disallow()
4383 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
4384 self::error(_ERROR_DISALLOWED);
4389 * Admin::action_PluginAdmin()
4390 * Output pluginadmin
4392 * @param string $skinContents
4393 * @param string $extrahead
4396 static public function action_PluginAdmin($skinContents, $extrahead = '')
4398 self::$extrahead .= $extrahead;
4399 self::$skin->parse('pluginadmin', $skinContents);
4404 * Admin::action_bookmarklet()
4409 static private function action_bookmarklet()
4411 global $member, $manager;
4413 $blogid = intRequestVar('blogid');
4414 $member->teamRights($blogid) or self::disallow();
4416 self::$skin->parse('bookmarklet');
4421 * Admin::action_actionlog()
4426 static private function action_actionlog()
4428 global $member, $manager;
4430 $member->isAdmin() or self::disallow();
4432 self::$skin->parse('actionlog');
4437 * Admin::action_banlist()
4442 static private function action_banlist()
4444 global $member, $manager;
4446 $blogid = intRequestVar('blogid');
4447 $member->blogAdminRights($blogid) or self::disallow();
4449 self::$skin->parse('banlist');
4454 * Admin::action_banlistdelete()
4459 static private function action_banlistdelete()
4461 global $member, $manager;
4463 $blogid = intRequestVar('blogid');
4464 $member->blogAdminRights($blogid) or self::disallow();
4466 self::$skin->parse('banlistdelete');
4471 * Admin::action_banlistdeleteconfirm()
4476 static private function action_banlistdeleteconfirm()
4478 global $member, $manager;
4480 $blogid = intPostVar('blogid');
4481 $allblogs = postVar('allblogs');
4482 $iprange = postVar('iprange');
4484 $member->blogAdminRights($blogid) or self::disallow();
4490 if ( Ban::removeBan($blogid, $iprange) )
4492 $deleted[] = $blogid;
4497 // get blogs fot which member has admin rights
4498 $adminblogs = $member->getAdminBlogs();
4499 foreach ($adminblogs as $blogje)
4501 if ( Ban::removeBan($blogje, $iprange) )
4503 $deleted[] = $blogje;
4508 if ( sizeof($deleted) == 0 )
4510 self::error(_ERROR_DELETEBAN);
4514 /* TODO: we should use other ways */
4515 $_REQUEST['delblogs'] = $deleted;
4517 self::$skin->parse('banlistdeleteconfirm');
4522 * Admin::action_banlistnewfromitem()
4527 static private function action_banlistnewfromitem()
4531 $itemid = intRequestVar('itemid');
4532 $item =& $manager->getItem($itemid, 1, 1);
4533 self::action_banlistnew($item['blogid']);
4538 * Admin::action_banlistnew()
4540 * @param integer $blogid ID for weblog
4543 static private function action_banlistnew($blogid = '')
4545 global $member, $manager;
4547 if ( $blogid == '' )
4549 $blogid = intRequestVar('blogid');
4552 $ip = requestVar('ip');
4554 $member->blogAdminRights($blogid) or self::disallow();
4556 /* TODO: we should consider to use the other way instead of this */
4557 $_REQUEST['blogid'] = $blogid;
4559 self::$skin->parse('banlistnew');
4565 * Admin::action_banlistadd()
4570 static private function action_banlistadd()
4574 $blogid = intPostVar('blogid');
4575 $allblogs = postVar('allblogs');
4576 $iprange = postVar('iprange');
4578 if ( $iprange == "custom" )
4580 $iprange = postVar('customiprange');
4582 $reason = postVar('reason');
4584 $member->blogAdminRights($blogid) or self::disallow();
4586 // TODO: check IP range validity
4590 if ( !Ban::addBan($blogid, $iprange, $reason) )
4592 self::error(_ERROR_ADDBAN);
4598 // get blogs fot which member has admin rights
4599 $adminblogs = $member->getAdminBlogs();
4601 foreach ($adminblogs as $blogje)
4603 if ( !Ban::addBan($blogje, $iprange, $reason) )
4610 self::error(_ERROR_ADDBAN);
4614 self::action_banlist();
4619 * Admin::action_clearactionlog()
4624 static private function action_clearactionlog()
4628 $member->isAdmin() or self::disallow();
4632 self::action_manage(_MSG_ACTIONLOGCLEARED);
4637 * Admin::action_backupoverview()
4642 static private function action_backupoverview()
4644 global $member, $manager;
4646 $member->isAdmin() or self::disallow();
4648 self::$skin->parse('backupoverview');
4653 * Admin::action_backupcreate()
4654 * create file for backup
4660 static private function action_backupcreate()
4662 global $member, $DIR_LIBS;
4664 $member->isAdmin() or self::disallow();
4666 // use compression ?
4667 $useGzip = (integer) postVar('gzip');
4669 include($DIR_LIBS . 'backup.php');
4671 // try to extend time limit
4672 // (creating/restoring dumps might take a while)
4673 @set_time_limit(1200);
4675 Backup::do_backup($useGzip);
4680 * Admin::action_backuprestore()
4681 * restoring from uploaded file
4686 static private function action_backuprestore()
4688 global $member, $DIR_LIBS;
4690 $member->isAdmin() or self::disallow();
4692 if ( intPostVar('letsgo') != 1 )
4694 self::error(_ERROR_BACKUP_NOTSURE);
4698 include($DIR_LIBS . 'backup.php');
4700 // try to extend time limit
4701 // (creating/restoring dumps might take a while)
4702 @set_time_limit(1200);
4704 $message = Backup::do_restore();
4705 if ( $message != '' )
4707 self::error($message);
4710 self::$skin->parse('backuprestore');
4715 * Admin::action_pluginlist()
4716 * output the list of installed plugins
4722 static private function action_pluginlist()
4724 global $DIR_PLUGINS, $member, $manager;
4727 $member->isAdmin() or self::disallow();
4729 self::$skin->parse('pluginlist');
4734 * Admin::action_pluginhelp()
4739 static private function action_pluginhelp()
4741 global $member, $manager, $DIR_PLUGINS, $CONF;
4744 $member->isAdmin() or self::disallow();
4746 $plugid = intGetVar('plugid');
4748 if ( !$manager->pidInstalled($plugid) )
4750 self::error(_ERROR_NOSUCHPLUGIN);
4754 self::$skin->parse('pluginhelp');
4759 * Admin::action_pluginadd()
4765 static private function action_pluginadd()
4767 global $member, $manager, $DIR_PLUGINS;
4770 $member->isAdmin() or self::disallow();
4772 $name = postVar('filename');
4774 if ( $manager->pluginInstalled($name) )
4776 self::error(_ERROR_DUPPLUGIN);
4780 if ( !checkPlugin($name) )
4782 self::error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
4786 // get number of currently installed plugins
4787 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
4788 $numCurrent = $res->rowCount();
4790 // plugin will be added as last one in the list
4791 $newOrder = $numCurrent + 1;
4793 $data = array('file' => &$name);
4794 $manager->notify('PreAddPlugin', $data);
4796 // do this before calling getPlugin (in case the plugin id is used there)
4797 $query = "INSERT INTO %s (porder, pfile) VALUES (%d, %s);";
4798 $query = sprintf($query, sql_table('plugin'), (integer) $newOrder, DB::quoteValue($name));
4799 DB::execute($query);
4800 $iPid = DB::getInsertId();
4802 $manager->clearCachedInfo('installedPlugins');
4804 // Load the plugin for condition checking and instalation
4805 $plugin =& $manager->getPlugin($name);
4807 // check if it got loaded (could have failed)
4810 $query = "DELETE FROM %s WHERE pid=%d;";
4811 $query = sprintf($query, sql_table('plugin'), (integer) $iPid);
4813 DB::execute($query);
4815 $manager->clearCachedInfo('installedPlugins');
4816 self::error(_ERROR_PLUGIN_LOAD);
4820 // check if plugin needs a newer Nucleus version
4821 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
4823 // uninstall plugin again...
4824 self::deleteOnePlugin($plugin->getID());
4826 // ...and show error
4827 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
4831 // check if plugin needs a newer Nucleus version
4832 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
4834 // uninstall plugin again...
4835 self::deleteOnePlugin($plugin->getID());
4837 // ...and show error
4838 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
4842 $pluginList = $plugin->getPluginDep();
4843 foreach ( $pluginList as $pluginName )
4845 $res = DB::getResult('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile=' . DB::quoteValue($pluginName));
4846 if ($res->rowCount() == 0)
4848 // uninstall plugin again...
4849 self::deleteOnePlugin($plugin->getID());
4850 self::error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
4855 // call the install method of the plugin
4858 $data = array('plugin' => &$plugin);
4859 $manager->notify('PostAddPlugin', $data);
4861 // update all events
4862 self::action_pluginupdate();
4867 * ADMIN:action_pluginupdate():
4873 static private function action_pluginupdate()
4875 global $member, $manager, $CONF;
4878 $member->isAdmin() or self::disallow();
4880 // delete everything from plugin_events
4881 DB::execute('DELETE FROM '.sql_table('plugin_event'));
4883 // loop over all installed plugins
4884 $res = DB::getResult('SELECT pid, pfile FROM '.sql_table('plugin'));
4885 foreach ( $res as $row )
4888 $plug =& $manager->getPlugin($row['pfile']);
4891 $eventList = $plug->getEventList();
4892 foreach ( $eventList as $eventName )
4894 $query = "INSERT INTO %s (pid, event) VALUES (%d, %s)";
4895 $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, DB::quoteValue($eventName));
4896 DB::execute($query);
4900 redirect($CONF['AdminURL'] . '?action=pluginlist');
4905 * Admin::action_plugindelete()
4910 static private function action_plugindelete()
4912 global $member, $manager;
4915 $member->isAdmin() or self::disallow();
4917 $pid = intGetVar('plugid');
4919 if ( !$manager->pidInstalled($pid) )
4921 self::error(_ERROR_NOSUCHPLUGIN);
4925 self::$skin->parse('plugindelete');
4930 * Admin::action_plugindeleteconfirm()
4935 static private function action_plugindeleteconfirm()
4937 global $member, $manager, $CONF;
4940 $member->isAdmin() or self::disallow();
4942 $pid = intPostVar('plugid');
4944 $error = self::deleteOnePlugin($pid, 1);
4947 self::error($error);
4951 redirect($CONF['AdminURL'] . '?action=pluginlist');
4956 * Admin::deleteOnePlugin()
4958 * @param integer $pid
4959 * @param boolean $callUninstall
4960 * @return string empty or message if failed
4962 static public function deleteOnePlugin($pid, $callUninstall = 0)
4966 $pid = intval($pid);
4968 if ( !$manager->pidInstalled($pid) )
4970 return _ERROR_NOSUCHPLUGIN;
4973 $query = "SELECT pfile as result FROM %s WHERE pid=%d;";
4974 $query = sprintf($query, sql_table('plugin'), (integer) $pid);
4975 $name = DB::getValue($query);
4977 // check dependency before delete
4978 $res = DB::getResult('SELECT pfile FROM ' . sql_table('plugin'));
4979 foreach ( $res as $row )
4981 $plug =& $manager->getPlugin($row['pfile']);
4984 $depList = $plug->getPluginDep();
4985 foreach ( $depList as $depName )
4987 if ( $name == $depName )
4989 return sprintf(_ERROR_DELREQPLUGIN, $row['pfile']);
4995 $data = array('plugid' => $pid);
4996 $manager->notify('PreDeletePlugin', $data);
4998 // call the unInstall method of the plugin
4999 if ( $callUninstall )
5001 $plugin =& $manager->getPlugin($name);
5004 $plugin->unInstall();
5008 // delete all subscriptions
5009 DB::execute('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
5011 // delete all options
5012 // get OIDs from plugin_option_desc
5013 $res = DB::getResult('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
5015 foreach ( $res as $row )
5017 array_push($aOIDs, $row['oid']);
5020 // delete from plugin_option and plugin_option_desc
5021 DB::execute('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
5022 if (count($aOIDs) > 0)
5024 DB::execute('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')');
5027 // update order numbers
5028 $res = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
5029 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $res);
5032 DB::execute('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
5034 $manager->clearCachedInfo('installedPlugins');
5035 $data = array('plugid' => $pid);
5036 $manager->notify('PostDeletePlugin', $data);
5042 * Admin::action_pluginup()
5047 static private function action_pluginup()
5049 global $member, $manager, $CONF;
5052 $member->isAdmin() or self::disallow();
5054 $plugid = intGetVar('plugid');
5056 if ( !$manager->pidInstalled($plugid) )
5058 self::error(_ERROR_NOSUCHPLUGIN);
5062 // 1. get old order number
5063 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
5065 // 2. calculate new order number
5066 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
5068 // 3. update plug numbers
5069 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
5070 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
5072 //self::action_pluginlist();
5073 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
5074 redirect($CONF['AdminURL'] . '?action=pluginlist');
5079 * Admin::action_plugindown()
5084 static private function action_plugindown()
5086 global $member, $manager, $CONF;
5089 $member->isAdmin() or self::disallow();
5091 $plugid = intGetVar('plugid');
5092 if ( !$manager->pidInstalled($plugid) )
5094 self::error(_ERROR_NOSUCHPLUGIN);
5098 // 1. get old order number
5099 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
5101 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
5102 $maxOrder = $res->rowCount();
5104 // 2. calculate new order number
5105 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
5107 // 3. update plug numbers
5108 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
5109 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
5111 //self::action_pluginlist();
5112 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
5113 redirect($CONF['AdminURL'] . '?action=pluginlist');
5118 * Admin::action_pluginoptions()
5120 * Output Plugin option page
5123 * @param string $message message when fallbacked
5127 static private function action_pluginoptions($message = '')
5129 global $member, $manager;
5132 $member->isAdmin() or self::disallow();
5134 $pid = intRequestVar('plugid');
5135 if ( !$manager->pidInstalled($pid) )
5137 self::error(_ERROR_NOSUCHPLUGIN);
5141 if ( isset($message) )
5143 self::$headMess = $message;
5145 $plugname = $manager->getPluginNameFromPid($pid);
5146 $plugin = $manager->getPlugin($plugname);
5147 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
5149 self::$skin->parse('pluginoptions');
5154 * Admin::action_pluginoptionsupdate()
5156 * Update plugin options and fallback to plugin option page
5162 static private function action_pluginoptionsupdate()
5164 global $member, $manager;
5167 $member->isAdmin() or self::disallow();
5169 $pid = intRequestVar('plugid');
5171 if ( !$manager->pidInstalled($pid) )
5173 self::error(_ERROR_NOSUCHPLUGIN);
5177 $aOptions = requestArray('plugoption');
5178 NucleusPlugin::apply_plugin_options($aOptions);
5181 'context' => 'global',
5184 $manager->notify('PostPluginOptionsUpdate', $data);
5186 self::action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
5191 * Admin::skineditgeneral()
5193 * @param integer $skinid
5194 * @param string $handler
5195 * @return string empty or message if failed
5197 static private function skineditgeneral($skinid, $handler='')
5201 $name = postVar('name');
5202 $desc = postVar('desc');
5203 $type = postVar('type');
5204 $inc_mode = postVar('inc_mode');
5205 $inc_prefix = postVar('inc_prefix');
5207 $skin =& $manager->getSkin($skinid, $handler);
5210 if ( !isValidSkinName($name) )
5212 return _ERROR_BADSKINNAME;
5215 if ( ($skin->getName() != $name) && SKIN::exists($name) )
5217 return _ERROR_DUPSKINNAME;
5222 $type = 'text/html';
5227 $inc_mode = 'normal';
5230 // 2. Update description
5231 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
5236 * Admin::skindeleteconfirm()
5238 * @param integer $skinid
5241 static private function skindeleteconfirm($skinid)
5245 if ( !in_array(self::$action, self::$adminskin_actions) )
5247 $event_identifier = 'Skin';
5251 $event_identifier = 'AdminSkin';
5254 $manager->notify("PreDelete{$event_identifier}", array('skinid' => $skinid));
5256 // 1. delete description
5257 $query = "DELETE FROM %s WHERE sdnumber=%d;";
5258 $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid);
5259 DB::execute($query);
5262 $query = "DELETE FROM %s WHERE sdesc=%d;";
5263 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
5264 DB::execute($query);
5266 $manager->notify("PostDelete{$event_identifier}", array('skinid' => $skinid));
5272 * Admin::skinremovetypeconfirm()
5274 * @param integer $skinid
5275 * @param string $skintype
5276 * @return string empty or message if failed
5278 static private function skinremovetypeconfirm($skinid, $skintype)
5282 if ( !in_array(self::$action, self::$adminskin_actions) )
5284 $event_identifier = 'Skin';
5288 $event_identifier = 'AdminSkin';
5291 if ( !isValidShortName($skintype) )
5293 return _ERROR_SKIN_PARTS_SPECIAL_DELETE;
5297 'skinid' => $skinid,
5298 'skintype' => $skintype
5300 $manager->notify("PreDelete{$event_identifier}Part", $data);
5303 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype = %s;';
5304 $query = sprintf($query, sql_table('skin'), (integer) $skinid, DB::quoteValue($skintype) );
5305 DB::execute($query);
5308 'skinid' => $skinid,
5309 'skintype' => $skintype
5311 $manager->notify("PostDelete{$event_identifier}Part", $data);
5317 * Admin::skinclone()
5319 * @param integer $skinid
5320 * @param string $handler
5323 static private function skinclone($skinid, $handler='')
5327 // 1. read skin to clone
5328 $skin =& $manager->getSkin($skinid, $handler);
5329 $name = "{$skin->getName()}_clone";
5331 // if a skin with that name already exists:
5332 if ( Skin::exists($name) )
5335 while ( Skin::exists($name . $i) )
5342 // 2. create skin desc
5343 $newid = Skin::createNew(
5345 $skin->getDescription(),
5346 $skin->getContentType(),
5347 $skin->getIncludeMode(),
5348 $skin->getIncludePrefix()
5352 $query = "SELECT stype FROM %s WHERE sdesc=%d;";
5353 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
5355 $res = DB::getResult($query);
5356 foreach ( $res as $row )
5358 $content = $skin->getContentFromDB($row['stype']);
5361 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, %s, %s)";
5362 $query = sprintf($query, sql_table('skin'), (integer) $newid, DB::quoteValue($content), DB::quoteValue($row['stype']));
5363 DB::execute($query);
5370 * Admin::skinieimport()
5372 * @param string $mode
5373 * @param string $skinFileRaw
5374 * @return string empty or message if failed
5376 static private function skinieimport($mode, $skinFileRaw)
5378 global $DIR_LIBS, $DIR_SKINS;
5380 // load skinie class
5381 include_once($DIR_LIBS . 'skinie.php');
5383 $importer = new SkinImport();
5385 // get full filename
5386 if ( $mode == 'file' )
5388 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
5392 $skinFile = $skinFileRaw;
5395 // read only metadata
5396 $error = $importer->readFile($skinFile, 1);
5403 self::$contents['mode'] = $mode;
5404 self::$contents['skinfile'] = $skinFileRaw;
5405 self::$contents['skininfo'] = $importer->getInfo();
5406 self::$contents['skinnames'] = $importer->getSkinNames();
5407 self::$contents['tpltnames'] = $importer->getTemplateNames();
5410 $skinNameClashes = $importer->checkSkinNameClashes();
5411 $templateNameClashes = $importer->checkTemplateNameClashes();
5412 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
5414 self::$contents['skinclashes'] = $skinNameClashes;
5415 self::$contents['tpltclashes'] = $templateNameClashes;
5416 self::$contents['nameclashes'] = $hasNameClashes ? 1 : 0;
5423 * Admin::skinieedoimport()
5425 * @param string $mode
5426 * @param string $skinFileRaw
5427 * @param boolean $allowOverwrite
5428 * @return string empty or message if failed
5430 static private function skiniedoimport($mode, $skinFileRaw, $allowOverwrite)
5432 global $DIR_LIBS, $DIR_SKINS;
5434 // load skinie class
5435 include_once($DIR_LIBS . 'skinie.php');
5437 $importer = new SkinImport();
5439 // get full filename
5440 if ( $mode == 'file' )
5442 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
5446 $skinFile = $skinFileRaw;
5449 $error = $importer->readFile($skinFile);
5456 $error = $importer->writeToDatabase($allowOverwrite);
5463 self::$contents['mode'] = $mode;
5464 self::$contents['skinfile'] = $skinFileRaw;
5465 self::$contents['skininfo'] = $importer->getInfo();
5466 self::$contents['skinnames'] = $importer->getSkinNames();
5467 self::$contents['tpltnames'] = $importer->getTemplateNames();
5474 * Admin::skinieexport()
5476 * @param array $aSkins
5477 * @param array $aTemplates
5478 * @param string $info
5481 static private function skinieexport($aSkins, $aTemplates, $info)
5485 // load skinie class
5486 include_once($DIR_LIBS . 'skinie.php');
5488 if ( !is_array($aSkins) )
5493 if (!is_array($aTemplates))
5495 $aTemplates = array();
5498 $skinList = array_keys($aSkins);
5499 $templateList = array_keys($aTemplates);
5501 $exporter = new SkinExport();
5502 foreach ( $skinList as $skinId )
5504 $exporter->addSkin($skinId);
5506 foreach ( $templateList as $templateId )
5508 $exporter->addTemplate($templateId);
5510 $exporter->setInfo($info);
5511 $exporter->export();
5517 * Admin::action_parseSpecialskin()
5522 static private function action_parseSpecialskin()
5524 self::$skin->parse(self::$action);