3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4 * Copyright (C) 2002-2009 The Nucleus Group
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 * (see nucleus/documentation/index.html#license for more info)
13 * The code for the Nucleus admin area
15 * @license http://nucleuscms.org/license.txt GNU General Public License
16 * @copyright Copyright (C) 2002-2009 The Nucleus Group
17 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
20 if ( !function_exists('requestVar') ) exit;
21 require_once dirname(__FILE__) . '/showlist.php';
27 static public $action;
28 static public $aOptions;
30 static public $contents;
31 static public $extrahead;
32 static public $headMess;
33 static public $passvar;
35 static private $skinless_actions = array(
36 'plugindeleteconfirm',
37 'pluginoptionsupdate',
45 'changemembersettings',
50 'skinremovetypeconfirm',
60 'templatedeleteconfirm',
64 'adminskinremovetypeconfirm',
66 'adminskindeleteconfirm',
68 'adminskineditgeneral',
73 'admintemplateupdate',
74 'admintemplatedeleteconfirm',
79 static private $ticketless_actions = array(
110 'banlistnewfromitem',
147 'adminskinremovetype',
149 'adminskinieoverview',
151 'admintemplateoverview',
152 'admintemplateclone',
154 'admintemplatedelete'
158 * NOTE: This is for condition of admin/normal skin actions
160 static public $adminskin_actions = array(
168 'adminskinremovetype',
170 'adminskinieoverview',
172 'admintemplateoverview',
173 'admintemplateclone',
175 'admintemplatedelete',
178 'adminskineditgeneral',
180 'adminskindeleteconfirm',
181 'adminskinremovetypeconfirm',
183 'adminskinieoverview',
184 'adminskiniedoimport',
189 'admintemplatedeleteconfirm',
190 'admintemplateupdate'
193 static public function initialize()
195 global $CONF, $manager, $member;
197 /* NOTE: 1. decide which skinid to use */
198 $skinid = $CONF['AdminSkin'];
199 if ( $member->isLoggedIn() )
201 $memskin = $member->getAdminSkin();
202 if ( $memskin && Skin::existsID($memskin))
208 /* NOTE: 2. make an instance of skin object */
209 if ( !Skin::existsID($skinid) )
214 /* NOTE: 3. initializing each members */
215 self::$skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
217 self::$extrahead = '';
219 self::$headMess = '';
220 self::$aOptions = '';
228 * @param string $action action to be performed
231 static public function action($action)
233 global $CONF, $manager, $member;
235 /* 1. decide action name */
236 $customAction = postvar('customaction');
237 if ( empty($customAction) )
240 'login' => 'overview',
247 'login' => $customAction,
251 if ( array_key_exists($action, $alias) && isset($alias[$action]) )
253 $action = $alias[$action];
255 $method_name = "action_{$action}";
256 self::$action = strtolower($action);
258 /* 2. check ticket-needed action */
259 if ( !in_array(self::$action, self::$ticketless_actions) && !$manager->checkTicket() )
261 self::error(_ERROR_BADTICKET);
265 /* 3. parse according to the action */
266 else if ( method_exists('Admin', $method_name) )
268 call_user_func(array(__CLASS__, $method_name));
271 /* 4. parse special admin skin */
272 elseif ( in_array(self::$action, self::$skinless_actions) )
274 /* TODO: need to be implemented or not?
275 self::action_parseSpecialskin();
280 self::error(_BADACTION . ENTITY::hsc($action));
288 * Action::action_showlogin()
293 static private function action_showlogin()
296 self::action_login($error);
301 * Action::action_login()
303 * @param string $msg message for pageheader
304 * @param integer $passvars ???
306 static private function action_login($msg = '', $passvars = 1)
310 // skip to overview when allowed
311 if ( $member->isLoggedIn() && $member->canLogin() )
313 self::action_overview();
317 /* TODO: needless variable??? */
318 self::$passvar = $passvars;
321 self::$headMess = $msg;
324 self::$skin->parse('showlogin');
328 * Action::action_overview()
329 * provides a screen with the overview of the actions available
331 * @param string $msg message for pageheader
334 static private function action_overview($msg = '')
338 self::$headMess = $msg;
341 self::$skin->parse('overview');
346 * Admin::action_manage()
348 * @param string $msg message for pageheader
351 static private function action_manage($msg = '')
357 self::$headMess = $msg;
359 $member->isAdmin() or self::disallow();
361 self::$skin->parse('manage');
366 * Action::action_itemlist()
368 * @param integer id for weblod
371 static private function action_itemlist($blogid = '')
373 global $member, $manager, $CONF;
377 $blogid = intRequestVar('blogid');
380 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
382 self::$skin->parse('itemlist');
387 * Action::action_batchitem()
392 static private function action_batchitem()
394 global $member, $manager;
396 $member->isLoggedIn() or self::disallow();
398 $selected = requestIntArray('batch');
399 $action = requestVar('batchaction');
401 if ( !is_array($selected) || sizeof($selected) == 0 )
403 self::error(_BATCH_NOSELECTION);
407 // On move: when no destination blog/category chosen, show choice now
408 $destCatid = intRequestVar('destcatid');
409 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
411 self::batchMoveSelectDestination('item', $selected);
414 // On delete: check if confirmation has been given
415 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
417 self::batchAskDeleteConfirmation('item', $selected);
420 self::$skin->parse('batchitem');
425 * Action::action_batchcomment()
430 static private function action_batchcomment()
434 $member->isLoggedIn() or self::disallow();
436 $selected = requestIntArray('batch');
437 $action = requestVar('batchaction');
439 // Show error when no items were selected
440 if ( !is_array($selected) || sizeof($selected) == 0 )
442 self::error(_BATCH_NOSELECTION);
446 // On delete: check if confirmation has been given
447 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
449 self::batchAskDeleteConfirmation('comment', $selected);
452 self::$skin->parse('batchcomment');
457 * Admin::action_batchmember()
462 static private function action_batchmember()
466 ($member->isLoggedIn() && $member->isAdmin()) or self::disallow();
468 $selected = requestIntArray('batch');
469 $action = requestVar('batchaction');
471 // Show error when no members selected
472 if ( !is_array($selected) || sizeof($selected) == 0 )
474 self::error(_BATCH_NOSELECTION);
478 // On delete: check if confirmation has been given
479 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
481 self::batchAskDeleteConfirmation('member',$selected);
484 self::$skin->parse('batchmember');
489 * Admin::action_batchteam()
494 static private function action_batchteam()
498 $blogid = intRequestVar('blogid');
500 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or self::disallow();
502 $selected = requestIntArray('batch');
503 $action = requestVar('batchaction');
505 if ( !is_array($selected) || sizeof($selected) == 0 )
507 self::error(_BATCH_NOSELECTION);
511 // On delete: check if confirmation has been given
512 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
514 self::batchAskDeleteConfirmation('team',$selected);
517 self::$skin->parse('batchteam');
522 * Admin::action_batchcategory()
527 static private function action_batchcategory()
529 global $member, $manager;
531 $member->isLoggedIn() or self::disallow();
533 $selected = requestIntArray('batch');
534 $action = requestVar('batchaction');
536 if ( !is_array($selected) || sizeof($selected) == 0 )
538 self::error(_BATCH_NOSELECTION);
542 // On move: when no destination blog chosen, show choice now
543 $destBlogId = intRequestVar('destblogid');
544 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
546 self::batchMoveCategorySelectDestination('category', $selected);
549 // On delete: check if confirmation has been given
550 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
552 self::batchAskDeleteConfirmation('category', $selected);
555 self::$skin->parse('batchcategory');
560 * Admin::batchMoveSelectDestination()
562 * @param string $type type of batch action
563 * @param integer $ids needless???
566 * TODO: remove needless argument
568 static private function batchMoveSelectDestination($type, $ids)
570 $_POST['batchmove'] = $type;
571 self::$skin->parse('batchmove');
576 * Admin::batchMoveCategorySelectDestination()
578 * @param string $type type of batch action
579 * @param integer $ids needless???
582 * TODO: remove needless argument
584 static private function batchMoveCategorySelectDestination($type, $ids)
586 $_POST['batchmove'] = $type;
588 self::$skin->parse('batchmovecat');
593 * Admin::batchAskDeleteConfirmation()
595 * @param string $type type of batch action
596 * @param integer $ids needless???
599 * TODO: remove needless argument
601 static private function batchAskDeleteConfirmation($type, $ids)
603 self::$skin->parse('batchdelete');
608 * Admin::action_browseownitems()
613 static private function action_browseownitems()
615 global $member, $manager, $CONF;
617 self::$skin->parse('browseownitems');
622 * Admin::action_itemcommentlist()
623 * Show all the comments for a given item
625 * @param integer $itemid ID for item
628 static private function action_itemcommentlist($itemid = '')
630 global $member, $manager, $CONF;
634 $itemid = intRequestVar('itemid');
637 // only allow if user is allowed to alter item
638 $member->canAlterItem($itemid) or self::disallow();
640 $item =& $manager->getItem($itemid, 1, 1);
641 $_REQUEST['itemid'] = $item['itemid'];
642 $_REQUEST['blogid'] = $item['blogid'];
644 self::$skin->parse('itemcommentlist');
649 * Admin::action_browseowncomments()
650 * Browse own comments
655 static private function action_browseowncomments()
657 self::$skin->parse('browseowncomments');
662 * Admin::action_blogcommentlist()
663 * Browse all comments for a weblog
665 * @param integer $blogid ID for weblog
668 static private function action_blogcommentlist($blogid = '')
670 global $member, $manager, $CONF;
674 $blogid = intRequestVar('blogid');
678 $blogid = intval($blogid);
681 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
683 /* TODO: we consider to use the other way insterad of this */
684 $_REQUEST['blogid'] = $blogid;
686 self::$skin->parse('blogcommentlist');
691 * Admin::action_createaccount()
696 static private function action_createaccount()
700 if ( $CONF['AllowMemberCreate'] != 1 )
702 self::$skin->parse('createaccountdisable');
718 if ( array_key_exists('showform', $_POST) && $_POST['showform'] == 1 )
720 $action = new Action();
721 $message = $action->createAccount();
722 if ( $message === 1 )
724 self::$headMess = $message;
725 self::$skin->parse('createaccountsuccess');
729 /* TODO: validation */
730 if ( array_key_exists('name', $_POST) )
732 $contents['name'] = $_POST['name'];
734 if ( array_key_exists('realname', $_POST) )
736 $contents['realname'] = $_POST['realname'];
738 if ( array_key_exists('email', $_POST) )
740 $contents['email'] = $_POST['email'];
742 if ( array_key_exists('url', $_POST) )
744 $contents['url'] = $_POST['url'];
747 self::$contents = $contents;
751 self::$skin->parse('createaccountinput');
756 * Admin::action_createitem()
757 * Provide a page to item a new item to the given blog
762 static private function action_createitem()
764 global $member, $manager;
766 $blogid = intRequestVar('blogid');
769 $member->teamRights($blogid) or self::disallow();
771 $blog =& $manager->getBlog($blogid);
776 'contents' => &$contents
778 $manager->notify('PreAddItemForm', $data);
780 if ( $blog->convertBreaks() )
782 if ( array_key_exists('body', $contents) && !empty($contents['body']) )
784 $contents['body'] = removeBreaks($contents['body']);
786 if ( array_key_exists('more', $contents) && !empty($contents['more']) )
788 $contents['more'] = removeBreaks($contents['more']);
792 self::$blog = &$blog;
793 self::$contents = &$contents;
795 self::$skin->parse('createitem');
800 * Admin::action_itemedit()
805 static private function action_itemedit()
807 global $member, $manager;
809 $itemid = intRequestVar('itemid');
811 // only allow if user is allowed to alter item
812 $member->canAlterItem($itemid) or self::disallow();
814 $item =& $manager->getItem($itemid, 1, 1);
815 $blog =& $manager->getBlog($item['blogid']);
816 $data = array('blog'=> $blog, 'item' => $item);
817 $manager->notify('PrepareItemForEdit', $data);
819 if ( $blog->convertBreaks() )
821 if ( array_key_exists('body', $item) && !empty($item['body']) )
823 $item['body'] = removeBreaks($item['body']);
825 if ( array_key_exists('more', $item) && !empty($item['more']) )
827 $item['more'] = removeBreaks($item['more']);
831 self::$blog = &$blog;
832 self::$contents = &$item;
834 self::$skin->parse('itemedit');
839 * Admin::action_itemupdate()
844 static private function action_itemupdate()
846 global $member, $manager, $CONF;
848 $itemid = intRequestVar('itemid');
849 $catid = postVar('catid');
851 // only allow if user is allowed to alter item
852 $member->canUpdateItem($itemid, $catid) or self::disallow();
854 $actiontype = postVar('actiontype');
856 // delete actions are handled by itemdelete (which has confirmation)
857 if ( $actiontype == 'delete' )
859 self::action_itemdelete();
863 $body = postVar('body');
864 $title = postVar('title');
865 $more = postVar('more');
866 $closed = intPostVar('closed');
867 $draftid = intPostVar('draftid');
869 // default action = add now
872 $actiontype='addnow';
875 // create new category if needed
876 if ( i18n::strpos($catid,'newcat') === 0 )
879 list($blogid) = sscanf($catid,"newcat-%d");
882 $blog =& $manager->getBlog($blogid);
883 $catid = $blog->createNewCategory();
885 // show error when sth goes wrong
888 self::doError(_ERROR_CATCREATEFAIL);
893 * set some variables based on actiontype
896 * draft items -> addnow, addfuture, adddraft, delete
897 * non-draft items -> edit, changedate, delete
900 * $timestamp: set to a nonzero value for future dates or date changes
901 * $wasdraft: set to 1 when the item used to be a draft item
902 * $publish: set to 1 when the edited item is not a draft
904 $blogid = getBlogIDFromItemID($itemid);
905 $blog =& $manager->getBlog($blogid);
907 $wasdrafts = array('adddraft', 'addfuture', 'addnow');
908 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
909 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
910 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
912 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
919 // edit the item for real
920 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
922 self::updateFuturePosted($blogid);
926 // delete permission is checked inside Item::delete()
927 Item::delete($draftid);
930 if ( $catid != intPostVar('catid') )
932 self::action_categoryedit(
935 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
940 // TODO: set start item correctly for itemlist
941 $item =& $manager->getitem($itemid, 1, 1);
942 $query = "SELECT COUNT(*) FROM %s WHERE unix_timestamp(itime) <= '%s';";
943 $query = sprintf($query, sql_table('item'), $item['timestamp']);
944 $cnt = DB::getValue($query);
945 $_REQUEST['start'] = $cnt + 1;
946 self::action_itemlist(getBlogIDFromItemID($itemid));
952 * Admin::action_itemdelete()
958 static private function action_itemdelete()
960 global $member, $manager;
962 $itemid = intRequestVar('itemid');
964 // only allow if user is allowed to alter item
965 $member->canAlterItem($itemid) or self::disallow();
967 if ( !$manager->existsItem($itemid,1,1) )
969 self::error(_ERROR_NOSUCHITEM);
973 self::$skin->parse('itemdelete');
978 * Admin::action_itemdeleteconfirm()
983 static private function action_itemdeleteconfirm()
985 global $member, $manager;
987 $itemid = intRequestVar('itemid');
989 // only allow if user is allowed to alter item
990 $member->canAlterItem($itemid) or self::disallow();
993 $item =& $manager->getItem($itemid, 1, 1);
995 // delete item (note: some checks will be performed twice)
996 self::deleteOneItem($item['itemid']);
998 self::action_itemlist($item['blogid']);
1003 * Admin::deleteOneItem()
1004 * Deletes one item and returns error if something goes wrong
1006 * @param integer $itemid ID for item
1009 static public function deleteOneItem($itemid)
1011 global $member, $manager;
1013 // only allow if user is allowed to alter item (also checks if itemid exists)
1014 if ( !$member->canAlterItem($itemid) )
1016 return _ERROR_DISALLOWED;
1019 // need to get blogid before the item is deleted
1020 $item =& $manager->getItem($itemid, 1, 1);
1022 $manager->loadClass('ITEM');
1023 Item::delete($item['itemid']);
1025 // update blog's futureposted
1026 self::updateFuturePosted($item['itemid']);
1031 * Admin::updateFuturePosted()
1032 * Update a blog's future posted flag
1034 * @param integer $blogid
1037 static private function updateFuturePosted($blogid)
1041 $blogid = intval($blogid);
1042 $blog =& $manager->getBlog($blogid);
1043 $currenttime = $blog->getCorrectTime(time());
1045 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
1046 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
1047 $result = DB::getResult($query);
1049 if ( $result->rowCount() > 0 )
1051 $blog->setFuturePost();
1055 $blog->clearFuturePost();
1061 * Admin::action_itemmove()
1066 static private function action_itemmove()
1068 global $member, $manager;
1070 $itemid = intRequestVar('itemid');
1072 $member->canAlterItem($itemid) or self::disallow();
1074 self::$skin->parse('itemmove');
1079 * Admin::action_itemmoveto()
1084 static private function action_itemmoveto()
1086 global $member, $manager;
1088 $itemid = intRequestVar('itemid');
1089 $catid = requestVar('catid');
1091 // create new category if needed
1092 if ( i18n::strpos($catid,'newcat') === 0 )
1095 list($blogid) = sscanf($catid,'newcat-%d');
1098 $blog =& $manager->getBlog($blogid);
1099 $catid = $blog->createNewCategory();
1101 // show error when sth goes wrong
1104 self::doError(_ERROR_CATCREATEFAIL);
1108 // only allow if user is allowed to alter item
1109 $member->canUpdateItem($itemid, $catid) or self::disallow();
1111 $old_blogid = getBlogIDFromItemId($itemid);
1113 Item::move($itemid, $catid);
1115 // set the futurePosted flag on the blog
1116 self::updateFuturePosted(getBlogIDFromItemId($itemid));
1118 // reset the futurePosted in case the item is moved from one blog to another
1119 self::updateFuturePosted($old_blogid);
1121 if ( $catid != intRequestVar('catid') )
1123 self::action_categoryedit($catid, $blog->getID());
1127 self::action_itemlist(getBlogIDFromCatID($catid));
1133 * Admin::moveOneItem()
1134 * Moves one item to a given category (category existance should be checked by caller)
1135 * errors are returned
1137 * @param integer $itemid ID for item
1138 * @param integer $destCatid ID for category to which the item will be moved
1141 static public function moveOneItem($itemid, $destCatid)
1145 // only allow if user is allowed to move item
1146 if ( !$member->canUpdateItem($itemid, $destCatid) )
1148 return _ERROR_DISALLOWED;
1151 Item::move($itemid, $destCatid);
1156 * Admin::action_additem()
1157 * Adds a item to the chosen blog
1162 static private function action_additem()
1164 global $manager, $CONF;
1166 $manager->loadClass('ITEM');
1168 $result = Item::createFromRequest();
1170 if ( $result['status'] == 'error' )
1172 self::error($result['message']);
1176 $item =& $manager->getItem($result['itemid'], 0, 0);
1178 if ( $result['status'] == 'newcategory' )
1180 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . $item['blogid']);
1181 self::action_categoryedit($result['catid'], $item['blogid'], $distURI);
1185 $methodName = 'action_itemlist';
1186 self::action_itemlist($item['blogid']);
1192 * Admin::action_commentedit()
1193 * Allows to edit previously made comments
1198 static private function action_commentedit()
1200 global $member, $manager;
1202 $commentid = intRequestVar('commentid');
1204 $member->canAlterComment($commentid) or self::disallow();
1206 $comment = Comment::getComment($commentid);
1207 $data = array('comment' => &$comment);
1208 $manager->notify('PrepareCommentForEdit', $data);
1210 self::$contents = $comment;
1211 self::$skin->parse('commentedit');
1216 * Admin::action_commentupdate()
1221 static private function action_commentupdate()
1223 global $member, $manager;
1225 $commentid = intRequestVar('commentid');
1227 $member->canAlterComment($commentid) or self::disallow();
1229 $url = postVar('url');
1230 $email = postVar('email');
1231 $body = postVar('body');
1233 // intercept words that are too long
1234 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
1236 self::error(_ERROR_COMMENT_LONGWORD);
1241 if ( i18n::strlen($body) < 3 )
1243 self::error(_ERROR_COMMENT_NOCOMMENT);
1247 if ( i18n::strlen($body) > 5000 )
1249 self::error(_ERROR_COMMENT_TOOLONG);
1254 $body = Comment::prepareBody($body);
1260 $manager->notify('PreUpdateComment', $data);
1262 $query = "UPDATE %s SET cmail=%s, cemail=%s, cbody=%s WHERE cnumber=%d;";
1263 $query = sprintf($query, sql_table('comment'), DB::quoteValue($url), DB::quoteValue($email), DB::quoteValue($body), (integer) $commentid);
1264 DB::execute($query);
1267 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
1268 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1270 $itemid = DB::getValue($query);
1272 if ( $member->canAlterItem($itemid) )
1274 self::action_itemcommentlist($itemid);
1278 self::action_browseowncomments();
1284 * Admin::action_commentdelete()
1290 static private function action_commentdelete()
1292 global $member, $manager;
1294 $commentid = intRequestVar('commentid');
1295 $member->canAlterComment($commentid) or self::disallow();
1297 self::$skin->parse('commentdelete');
1302 * Admin::action_commentdeleteconfirm()
1307 static private function action_commentdeleteconfirm()
1311 $commentid = intRequestVar('commentid');
1313 // get item id first
1314 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
1315 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1317 $itemid = DB::getValue($query);
1319 $error = self::deleteOneComment($commentid);
1322 self::doError($error);
1325 if ( $member->canAlterItem($itemid) )
1327 self::action_itemcommentlist($itemid);
1331 self::action_browseowncomments();
1337 * Admin::deleteOneComment()
1339 * @param integer $commentid ID for comment
1342 static public function deleteOneComment($commentid)
1344 global $member, $manager;
1346 $commentid = (integer) $commentid;
1348 if ( !$member->canAlterComment($commentid) )
1350 return _ERROR_DISALLOWED;
1354 'commentid' => $commentid
1357 $manager->notify('PreDeleteComment', $data);
1359 // delete the comments associated with the item
1360 $query = "DELETE FROM %s WHERE cnumber=%d;";
1361 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
1362 DB::execute($query);
1365 'commentid' => $commentid
1368 $manager->notify('PostDeleteComment', $data);
1374 * Admin::action_usermanagement()
1375 * Usermanagement main
1380 static private function action_usermanagement()
1382 global $member, $manager;
1385 $member->isAdmin() or self::disallow();
1387 self::$skin->parse('usermanagement');
1392 * Admin::action_memberedit()
1393 * Edit member settings
1398 static private function action_memberedit()
1400 self::action_editmembersettings(intRequestVar('memberid'));
1405 * Admin::action_editmembersettings()
1407 * @param integer $memberid ID for member
1411 static private function action_editmembersettings($memberid = '')
1413 global $member, $manager, $CONF;
1415 if ( $memberid == '' )
1417 $memberid = $member->getID();
1420 /* TODO: we should consider to use the other way insterad of this */
1421 $_REQUEST['memberid'] = $memberid;
1424 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
1426 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
1428 self::$skin->parse('editmembersettings');
1433 * Admin::action_changemembersettings()
1438 static private function action_changemembersettings()
1440 global $member, $CONF, $manager;
1442 $memberid = intRequestVar('memberid');
1445 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
1447 $name = trim(strip_tags(postVar('name')));
1448 $realname = trim(strip_tags(postVar('realname')));
1449 $password = postVar('password');
1450 $repeatpassword = postVar('repeatpassword');
1451 $email = strip_tags(postVar('email'));
1452 $url = strip_tags(postVar('url'));
1453 $adminskin = intPostVar('adminskin');
1454 $bookmarklet = intPostVar('bookmarklet');
1456 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
1457 if ( !preg_match('#^https?://#', $url) )
1459 $url = 'http://' . $url;
1462 $admin = postVar('admin');
1463 $canlogin = postVar('canlogin');
1464 $notes = strip_tags(postVar('notes'));
1465 $locale = postVar('locale');
1467 $mem =& $manager->getMember($memberid);
1469 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
1471 if ( !isValidDisplayName($name) )
1473 self::error(_ERROR_BADNAME);
1477 if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
1479 self::error(_ERROR_NICKNAMEINUSE);
1483 if ( $password != $repeatpassword )
1485 self::error(_ERROR_PASSWORDMISMATCH);
1489 if ( $password && (i18n::strlen($password) < 6) )
1491 self::error(_ERROR_PASSWORDTOOSHORT);
1501 'password' => $password,
1502 'errormessage' => &$pwderror,
1503 'valid' => &$pwdvalid
1505 $manager->notify('PrePasswordSet', $data);
1509 self::error($pwderror);
1515 if ( !NOTIFICATION::address_validation($email) )
1517 self::error(_ERROR_BADMAILADDRESS);
1522 self::error(_ERROR_REALNAMEMISSING);
1525 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
1527 self::error(_ERROR_NOSUCHTRANSLATION);
1531 // check if there will remain at least one site member with both the logon and admin rights
1532 // (check occurs when taking away one of these rights from such a member)
1533 if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
1534 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
1537 $r = DB::getResult('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
1538 if ( $r->rowCount() < 2 )
1540 self::error(_ERROR_ATLEASTONEADMIN);
1545 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
1547 $mem->setDisplayName($name);
1550 $mem->setPassword($password);
1554 $oldEmail = $mem->getEmail();
1556 $mem->setRealName($realname);
1557 $mem->setEmail($email);
1559 $mem->setNotes($notes);
1560 $mem->setLocale($locale);
1561 $mem->setAdminSkin($adminskin);
1562 $mem->setBookmarklet($bookmarklet);
1564 // only allow super-admins to make changes to the admin status
1565 if ( $member->isAdmin() )
1567 $mem->setAdmin($admin);
1568 $mem->setCanLogin($canlogin);
1571 $autosave = postVar('autosave');
1572 $mem->setAutosave($autosave);
1576 // store plugin options
1577 $aOptions = requestArray('plugoption');
1578 NucleusPlugin::apply_plugin_options($aOptions);
1580 'context' => 'member',
1581 'memberid' => $memberid,
1584 $manager->notify('PostPluginOptionsUpdate', $data);
1586 // if email changed, generate new password
1587 if ( $oldEmail != $mem->getEmail() )
1589 $mem->sendActivationLink('addresschange', $oldEmail);
1591 $mem->newCookieKey();
1593 // only log out if the member being edited is the current member.
1594 if ( $member->getID() == $memberid )
1598 self::action_login(_MSG_ACTIVATION_SENT, 0);
1602 if ( ($mem->getID() == $member->getID())
1603 && ($mem->getDisplayName() != $member->getDisplayName()) )
1605 $mem->newCookieKey();
1607 self::action_login(_MSG_LOGINAGAIN, 0);
1611 self::action_overview(_MSG_SETTINGSCHANGED);
1617 * Admin::action_memberadd()
1623 static private function action_memberadd()
1625 global $member, $manager;
1628 $member->isAdmin() or self::disallow();
1630 if ( postVar('password') != postVar('repeatpassword') )
1632 self::error(_ERROR_PASSWORDMISMATCH);
1636 if ( i18n::strlen(postVar('password')) < 6 )
1638 self::error(_ERROR_PASSWORDTOOSHORT);
1642 $res = Member::create(
1644 postVar('realname'),
1645 postVar('password'),
1649 postVar('canlogin'),
1659 // fire PostRegister event
1660 $newmem = new Member();
1661 $newmem->readFromName(postVar('name'));
1663 'member' => &$newmem
1665 $manager->notify('PostRegister', $data);
1667 self::action_usermanagement();
1672 * Admin::action_forgotpassword()
1677 static private function action_forgotpassword()
1679 self::$skin->parse('forgotpassword');
1684 * Admin::action_activate()
1685 * Account activation
1690 static private function action_activate()
1692 $key = getVar('key');
1693 self::showActivationPage($key);
1698 * Admin::showActivationPage()
1703 static private function showActivationPage($key, $message = '')
1707 // clean up old activation keys
1708 Member::cleanupActivationTable();
1710 // get activation info
1711 $info = Member::getActivationInfo($key);
1715 self::error(_ERROR_ACTIVATE);
1719 $mem =& $manager->getMember($info->vmember);
1723 self::error(_ERROR_ACTIVATE);
1727 /* TODO: we should consider to use the other way insterad of this */
1728 $_POST['ackey'] = $key;
1729 $_POST['bNeedsPasswordChange'] = TRUE;
1731 self::$headMess = $message;
1732 self::$skin->parse('activate');
1737 * Admin::action_activatesetpwd()
1738 * Account activation - set password part
1743 static private function action_activatesetpwd()
1746 $key = postVar('key');
1748 // clean up old activation keys
1749 Member::cleanupActivationTable();
1751 // get activation info
1752 $info = Member::getActivationInfo($key);
1754 if ( !$info || ($info->type == 'addresschange') )
1756 return self::showActivationPage($key, _ERROR_ACTIVATE);
1759 $mem =& $manager->getMember($info->vmember);
1763 return self::showActivationPage($key, _ERROR_ACTIVATE);
1766 $password = postVar('password');
1767 $repeatpassword = postVar('repeatpassword');
1769 if ( $password != $repeatpassword )
1771 return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH);
1774 if ( $password && (i18n::strlen($password) < 6) )
1776 return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
1785 'password' => $password,
1786 'errormessage' => &$pwderror,
1787 'valid' => &$pwdvalid
1789 $manager->notify('PrePasswordSet', $data);
1792 return self::showActivationPage($key,$pwderror);
1799 'type' => 'activation',
1803 $manager->notify('ValidateForm', $data);
1806 return self::showActivationPage($key, $error);
1810 $mem->setPassword($password);
1813 // do the activation
1814 Member::activate($key);
1816 self::$skin->parse('activatesetpwd');
1821 * Admin::action_manageteam()
1827 static private function action_manageteam()
1829 global $member, $manager;
1831 $blogid = intRequestVar('blogid');
1834 $member->blogAdminRights($blogid) or self::disallow();
1836 self::$skin->parse('manageteam');
1841 * Admin::action_teamaddmember()
1842 * Add member to team
1847 static private function action_teamaddmember()
1849 global $member, $manager;
1851 $memberid = intPostVar('memberid');
1852 $blogid = intPostVar('blogid');
1853 $admin = intPostVar('admin');
1856 $member->blogAdminRights($blogid) or self::disallow();
1858 $blog =& $manager->getBlog($blogid);
1859 if ( !$blog->addTeamMember($memberid, $admin) )
1861 self::error(_ERROR_ALREADYONTEAM);
1865 self::action_manageteam();
1870 * Admin::action_teamdelete()
1875 static private function action_teamdelete()
1877 global $member, $manager;
1879 $memberid = intRequestVar('memberid');
1880 $blogid = intRequestVar('blogid');
1883 $member->blogAdminRights($blogid) or self::disallow();
1885 $teammem =& $manager->getMember($memberid);
1886 $blog =& $manager->getBlog($blogid);
1888 self::$skin->parse('teamdelete');
1893 * Admin::action_teamdeleteconfirm()
1898 static private function action_teamdeleteconfirm()
1902 $memberid = intRequestVar('memberid');
1903 $blogid = intRequestVar('blogid');
1905 $error = self::deleteOneTeamMember($blogid, $memberid);
1908 self::error($error);
1911 self::action_manageteam();
1916 * Admin::deleteOneTeamMember()
1921 static public function deleteOneTeamMember($blogid, $memberid)
1923 global $member, $manager;
1925 $blogid = intval($blogid);
1926 $memberid = intval($memberid);
1929 if ( !$member->blogAdminRights($blogid) )
1931 return _ERROR_DISALLOWED;
1934 // check if: - there remains at least one blog admin
1935 // - (there remains at least one team member)
1936 $tmem =& $manager->getMember($memberid);
1943 $manager->notify('PreDeleteTeamMember', $data);
1945 if ( $tmem->isBlogAdmin($blogid) )
1947 /* TODO: why we did double check? */
1948 // check if there are more blog members left and at least one admin
1949 // (check for at least two admins before deletion)
1950 $query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;";
1951 $query = sprintf($query, sql_table('team'), (integer) $blogid);
1952 $r = DB::getResult($query);
1953 if ( $r->rowCount() < 2 )
1955 return _ERROR_ATLEASTONEBLOGADMIN;
1959 $query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;";
1960 $query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid);
1961 DB::execute($query);
1967 $manager->notify('PostDeleteTeamMember', $data);
1973 * Admin::action_teamchangeadmin()
1978 static private function action_teamchangeadmin()
1980 global $manager, $member;
1982 $blogid = intRequestVar('blogid');
1983 $memberid = intRequestVar('memberid');
1986 $member->blogAdminRights($blogid) or self::disallow();
1988 $mem =& $manager->getMember($memberid);
1990 // don't allow when there is only one admin at this moment
1991 if ( $mem->isBlogAdmin($blogid) )
1993 $query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;";
1994 $query = sprintf($query, sql_table('team'), (integer) $blogid);
1995 $r = DB::getResult($query);
1996 if ( $r->rowCount() == 1 )
1998 self::error(_ERROR_ATLEASTONEBLOGADMIN);
2003 if ( $mem->isBlogAdmin($blogid) )
2012 $query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;";
2013 $query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid);
2014 DB::execute($query);
2016 // only show manageteam if member did not change its own admin privileges
2017 if ( $member->isBlogAdmin($blogid) )
2019 self::action_manageteam();
2023 self::action_overview(_MSG_ADMINCHANGED);
2029 * Admin::action_blogsettings()
2034 static private function action_blogsettings()
2036 global $member, $manager;
2038 $blogid = intRequestVar('blogid');
2041 $member->blogAdminRights($blogid) or self::disallow();
2043 $blog =& $manager->getBlog($blogid);
2045 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
2047 self::$skin->parse('blogsettings');
2052 * Admin::action_categorynew()
2057 static private function action_categorynew()
2059 global $member, $manager;
2061 $blogid = intRequestVar('blogid');
2063 $member->blogAdminRights($blogid) or self::disallow();
2065 $cname = postVar('cname');
2066 $cdesc = postVar('cdesc');
2068 if ( !isValidCategoryName($cname) )
2070 self::error(_ERROR_BADCATEGORYNAME);
2074 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d;";
2075 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid);
2076 $res = DB::getResult($query);
2077 if ( $res->rowCount() > 0 )
2079 self::error(_ERROR_DUPCATEGORYNAME);
2083 $blog =& $manager->getBlog($blogid);
2084 $newCatID = $blog->createNewCategory($cname, $cdesc);
2086 self::action_blogsettings();
2091 * Admin::action_categoryedit()
2096 static private function action_categoryedit($catid = '', $blogid = '', $desturl = '')
2098 global $member, $manager;
2100 if ( $blogid == '' )
2102 $blogid = intGetVar('blogid');
2106 $blogid = intval($blogid);
2110 $catid = intGetVar('catid');
2114 $catid = intval($catid);
2117 /* TODO: we should consider to use the other way insterad of this */
2118 $_REQUEST['blogid'] = $blogid;
2119 $_REQUEST['catid'] = $catid;
2120 $_REQUEST['desturl'] = $desturl;
2121 $member->blogAdminRights($blogid) or self::disallow();
2123 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
2125 self::$skin->parse('categoryedit');
2130 * Admin::action_categoryupdate()
2135 static private function action_categoryupdate()
2137 global $member, $manager;
2139 $blogid = intPostVar('blogid');
2140 $catid = intPostVar('catid');
2141 $cname = postVar('cname');
2142 $cdesc = postVar('cdesc');
2143 $desturl = postVar('desturl');
2145 $member->blogAdminRights($blogid) or self::disallow();
2147 if ( !isValidCategoryName($cname) )
2149 self::error(_ERROR_BADCATEGORYNAME);
2153 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d AND not(catid=%d);";
2154 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid, (integer) $catid);
2155 $res = DB::getResult($query);
2156 if ( $res->rowCount() > 0 )
2158 self::error(_ERROR_DUPCATEGORYNAME);
2162 $query = "UPDATE %s SET cname=%s, cdesc=%s WHERE catid=%d;";
2163 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), DB::quoteValue($cdesc), (integer) $catid);
2164 DB::execute($query);
2166 // store plugin options
2167 $aOptions = requestArray('plugoption');
2168 NucleusPlugin::apply_plugin_options($aOptions);
2170 'context' => 'category',
2173 $manager->notify('PostPluginOptionsUpdate', $data);
2181 self::action_blogsettings();
2187 * Admin::action_categorydelete()
2192 static private function action_categorydelete()
2194 global $member, $manager;
2196 $blogid = intRequestVar('blogid');
2197 $catid = intRequestVar('catid');
2199 $member->blogAdminRights($blogid) or self::disallow();
2201 $blog =& $manager->getBlog($blogid);
2203 // check if the category is valid
2204 if ( !$blog->isValidCategory($catid) )
2206 self::error(_ERROR_NOSUCHCATEGORY);
2210 // don't allow deletion of default category
2211 if ( $blog->getDefaultCategory() == $catid )
2213 self::error(_ERROR_DELETEDEFCATEGORY);
2217 // check if catid is the only category left for blogid
2218 $query = "SELECT catid FROM %s WHERE cblog=%d;";
2219 $query = sprintf($query, sql_table('category'), $blogid);
2220 $res = DB::getResult($query);
2221 if ( $res->rowCount() == 1 )
2223 self::error(_ERROR_DELETELASTCATEGORY);
2227 self::$skin->parse('categorydelete');
2232 * Admin::action_categorydeleteconfirm()
2237 static private function action_categorydeleteconfirm()
2239 global $member, $manager;
2241 $blogid = intRequestVar('blogid');
2242 $catid = intRequestVar('catid');
2244 $member->blogAdminRights($blogid) or self::disallow();
2246 $error = self::deleteOneCategory($catid);
2249 self::error($error);
2253 self::action_blogsettings();
2258 * Admin::deleteOneCategory()
2259 * Delete a category by its id
2261 * @param String $catid category id for deleting
2264 static public function deleteOneCategory($catid)
2266 global $manager, $member;
2268 $catid = intval($catid);
2269 $blogid = getBlogIDFromCatID($catid);
2271 if ( !$member->blogAdminRights($blogid) )
2273 return ERROR_DISALLOWED;
2277 $blog =& $manager->getBlog($blogid);
2279 // check if the category is valid
2280 if ( !$blog || !$blog->isValidCategory($catid) )
2282 return _ERROR_NOSUCHCATEGORY;
2285 $destcatid = $blog->getDefaultCategory();
2287 // don't allow deletion of default category
2288 if ( $blog->getDefaultCategory() == $catid )
2290 return _ERROR_DELETEDEFCATEGORY;
2293 // check if catid is the only category left for blogid
2294 $query = "SELECT catid FROM %s WHERE cblog=%d;";
2295 $query = sprintf($query, sql_table('category'), (integer) $blogid);
2297 $res = DB::getResult($query);
2298 if ( $res->rowCount() == 1 )
2300 return _ERROR_DELETELASTCATEGORY;
2303 $data = array('catid' => $catid);
2304 $manager->notify('PreDeleteCategory', $data);
2306 // change category for all items to the default category
2307 $query = "UPDATE %s SET icat=%d WHERE icat=%d;";
2308 $query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid);
2309 DB::execute($query);
2311 // delete all associated plugin options
2312 NucleusPlugin::delete_option_values('category', (integer) $catid);
2315 $query = "DELETE FROM %s WHERE catid=%d;";
2316 $query = sprintf($query, sql_table('category'), (integer) $catid);
2317 DB::execute($query);
2319 $data = array('catid' => $catid);
2320 $manager->notify('PostDeleteCategory', $data);
2325 * Admin::moveOneCategory()
2326 * Delete a category by its id
2328 * @param int $catid category id for move
2329 * @param int $destblogid blog id for destination
2332 static public function moveOneCategory($catid, $destblogid)
2334 global $manager, $member;
2335 $catid = intval($catid);
2336 $destblogid = intval($destblogid);
2337 $blogid = getBlogIDFromCatID($catid);
2338 // mover should have admin rights on both blogs
2339 if (!$member->blogAdminRights($blogid)) {
2340 return _ERROR_DISALLOWED;
2342 if (!$member->blogAdminRights($destblogid)) {
2343 return _ERROR_DISALLOWED;
2345 // cannot move to self
2346 if ($blogid == $destblogid) {
2347 return _ERROR_MOVETOSELF;
2350 $blog =& $manager->getBlog($blogid);
2351 $destblog =& $manager->getBlog($destblogid);
2352 // check if the category is valid
2353 if (!$blog || !$blog->isValidCategory($catid)) {
2354 return _ERROR_NOSUCHCATEGORY;
2356 // don't allow default category to be moved
2357 if ($blog->getDefaultCategory() == $catid) {
2358 return _ERROR_MOVEDEFCATEGORY;
2364 'sourceblog' => &$blog,
2365 'destblog' => &$destblog
2368 // update comments table (cblog)
2372 . sql_table('item') . ' '
2375 $items = sql_query(sprintf($query, $catid));
2376 while ($oItem = sql_fetch_object($items)) {
2378 . sql_table('comment') . ' '
2380 . ' cblog = %d' . ' '
2383 sql_query(sprintf($query, $destblogid, $oItem->inumber));
2386 // update items (iblog)
2388 . sql_table('item') . ' '
2393 sql_query(sprintf($query, $destblogid, $catid));
2397 . sql_table('category') . ' '
2399 . ' cblog = %d' . ' '
2402 sql_query(sprintf($query, $destblogid, $catid));
2407 'sourceblog' => &$blog,
2408 'destblog' => $destblog
2415 * Admin::action_blogsettingsupdate
2416 * Updating blog settings
2421 static private function action_blogsettingsupdate()
2423 global $member, $manager;
2425 $blogid = intRequestVar('blogid');
2427 $member->blogAdminRights($blogid) or self::disallow();
2429 $blog =& $manager->getBlog($blogid);
2431 $notify_address = trim(postVar('notify'));
2432 $shortname = trim(postVar('shortname'));
2433 $updatefile = trim(postVar('update'));
2435 $notifyComment = intPostVar('notifyComment');
2436 $notifyVote = intPostVar('notifyVote');
2437 $notifyNewItem = intPostVar('notifyNewItem');
2439 if ( $notifyComment == 0 )
2443 if ( $notifyVote == 0 )
2447 if ( $notifyNewItem == 0 )
2451 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
2453 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
2455 self::error(_ERROR_BADNOTIFY);
2459 if ( !isValidShortName($shortname) )
2461 self::error(_ERROR_BADSHORTBLOGNAME);
2465 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
2467 self::error(_ERROR_DUPSHORTBLOGNAME);
2470 // check if update file is writable
2471 if ( $updatefile && !is_writeable($updatefile) )
2473 self::error(_ERROR_UPDATEFILE);
2477 $blog->setName(trim(postVar('name')));
2478 $blog->setShortName($shortname);
2479 $blog->setNotifyAddress($notify_address);
2480 $blog->setNotifyType($notifyType);
2481 $blog->setMaxComments(postVar('maxcomments'));
2482 $blog->setCommentsEnabled(postVar('comments'));
2483 $blog->setTimeOffset(postVar('timeoffset'));
2484 $blog->setUpdateFile($updatefile);
2485 $blog->setURL(trim(postVar('url')));
2486 $blog->setDefaultSkin(intPostVar('defskin'));
2487 $blog->setDescription(trim(postVar('desc')));
2488 $blog->setPublic(postVar('public'));
2489 $blog->setConvertBreaks(intPostVar('convertbreaks'));
2490 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
2491 $blog->setDefaultCategory(intPostVar('defcat'));
2492 $blog->setSearchable(intPostVar('searchable'));
2493 $blog->setEmailRequired(intPostVar('reqemail'));
2494 $blog->writeSettings();
2496 // store plugin options
2497 $aOptions = requestArray('plugoption');
2498 NucleusPlugin::apply_plugin_options($aOptions);
2501 'context' => 'blog',
2502 'blogid' => $blogid,
2505 $manager->notify('PostPluginOptionsUpdate', $data);
2507 self::action_overview(_MSG_SETTINGSCHANGED);
2512 * Admin::action_deleteblog()
2517 static private function action_deleteblog()
2519 global $member, $CONF, $manager;
2521 $blogid = intRequestVar('blogid');
2523 $member->blogAdminRights($blogid) or self::disallow();
2525 // check if blog is default blog
2526 if ( $CONF['DefaultBlog'] == $blogid )
2528 self::error(_ERROR_DELDEFBLOG);
2532 $blog =& $manager->getBlog($blogid);
2534 self::$skin->parse('deleteblog');
2539 * Admin::action_deleteblogconfirm()
2545 static private function action_deleteblogconfirm()
2547 global $member, $CONF, $manager;
2549 $blogid = intRequestVar('blogid');
2551 $data = array('blogid' => $blogid);
2552 $manager->notify('PreDeleteBlog', $data);
2554 $member->blogAdminRights($blogid) or self::disallow();
2556 // check if blog is default blog
2557 if ( $CONF['DefaultBlog'] == $blogid )
2559 self::error(_ERROR_DELDEFBLOG);
2563 // delete all comments
2564 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
2565 DB::execute($query);
2568 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
2569 DB::execute($query);
2571 // delete all team members
2572 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
2573 DB::execute($query);
2576 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
2577 DB::execute($query);
2579 // delete all categories
2580 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
2581 DB::execute($query);
2583 // delete all associated plugin options
2584 NucleusPlugin::delete_option_values('blog', $blogid);
2586 // delete the blog itself
2587 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
2588 DB::execute($query);
2590 $data = array('blogid' => $blogid);
2591 $manager->notify('PostDeleteBlog', $data);
2593 self::action_overview(_DELETED_BLOG);
2598 * Admin::action_memberdelete()
2603 static private function action_memberdelete()
2605 global $member, $manager;
2607 $memberid = intRequestVar('memberid');
2609 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
2611 $mem =& $manager->getMember($memberid);
2613 self::$skin->parse('memberdelete');
2618 * Admin::action_memberdeleteconfirm()
2623 static private function action_memberdeleteconfirm()
2627 $memberid = intRequestVar('memberid');
2629 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
2631 $error = self::deleteOneMember($memberid);
2634 self::error($error);
2638 if ( $member->isAdmin() )
2640 self::action_usermanagement();
2645 self::action_overview(_DELETED_MEMBER);
2652 * Admin::deleteOneMember()
2653 * Delete a member by id
2656 * @params Integer $memberid member id
2657 * @return String null string or error messages
2659 static public function deleteOneMember($memberid)
2663 $memberid = intval($memberid);
2664 $mem =& $manager->getMember($memberid);
2666 if ( !$mem->canBeDeleted() )
2668 return _ERROR_DELETEMEMBER;
2671 $data = array('member' => &$mem);
2672 $manager->notify('PreDeleteMember', $data);
2674 /* unlink comments from memberid */
2677 $query = "UPDATE %s SET cmember=0, cuser=%s WHERE cmember=%d;";
2678 $query = sprintf($query, sql_table('comment'), DB::quoteValue($mem->getDisplayName()), $memberid);
2679 DB::execute($query);
2682 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
2683 DB::execute($query);
2685 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
2686 DB::execute($query);
2688 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
2689 DB::execute($query);
2691 // delete all associated plugin options
2692 NucleusPlugin::delete_option_values('member', $memberid);
2694 $data = array('member' => &$mem);
2695 $manager->notify('PostDeleteMember', $data);
2701 * Admin::action_createnewlog()
2706 static private function action_createnewlog()
2708 global $member, $CONF, $manager;
2710 // Only Super-Admins can do this
2711 $member->isAdmin() or self::disallow();
2713 self::$skin->parse('createnewlog');
2718 * Admin::action_addnewlog()
2723 static private function action_addnewlog()
2725 global $member, $manager, $CONF;
2727 // Only Super-Admins can do this
2728 $member->isAdmin() or self::disallow();
2730 $bname = trim(postVar('name'));
2731 $bshortname = trim(postVar('shortname'));
2732 $btimeoffset = postVar('timeoffset');
2733 $bdesc = trim(postVar('desc'));
2734 $bdefskin = postVar('defskin');
2736 if ( !isValidShortName($bshortname) )
2738 self::error(_ERROR_BADSHORTBLOGNAME);
2742 if ( $manager->existsBlog($bshortname) )
2744 self::error(_ERROR_DUPSHORTBLOGNAME);
2750 'shortname' => &$bshortname,
2751 'timeoffset' => &$btimeoffset,
2752 'description' => &$bdesc,
2753 'defaultskin' => &$bdefskin
2755 $manager->notify('PreAddBlog', $data);
2757 // add slashes for sql queries
2758 $bname = DB::quoteValue($bname);
2759 $bshortname = DB::quoteValue($bshortname);
2760 $btimeoffset = DB::quoteValue($btimeoffset);
2761 $bdesc = DB::quoteValue($bdesc);
2762 $bdefskin = DB::quoteValue($bdefskin);
2765 $query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES (%s, %s, %s, %s, %s);";
2766 $query = sprintf($query, sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin);
2767 DB::execute($query);
2769 $blogid = DB::getInsertId();
2770 $blog =& $manager->getBlog($blogid);
2772 // create new category
2773 $catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME);
2774 $catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC);
2776 $query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)';
2777 DB::execute(sprintf($query, sql_table('category'), (integer) $blogid, DB::quoteValue($catdefname), DB::quoteValue($catdefdesc)));
2778 $catid = DB::getInsertId();
2780 // set as default category
2781 $blog->setDefaultCategory($catid);
2782 $blog->writeSettings();
2784 // create team member
2785 $query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);";
2786 $query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid);
2787 DB::execute($query);
2789 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
2790 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
2793 $blog->getDefaultCategory(),
2794 $itemdeftitle,$itemdefbody,
2798 $blog->getCorrectTime(),
2804 $data = array('blog' => &$blog);
2805 $manager->notify('PostAddBlog', $data);
2809 'name' => _EBLOGDEFAULTCATEGORY_NAME,
2810 'description' => _EBLOGDEFAULTCATEGORY_DESC,
2813 $manager->notify('PostAddCategory', $data);
2815 /* TODO: we should consider to use the other way insterad of this */
2816 $_REQUEST['blogid'] = $blogid;
2817 $_REQUEST['catid'] = $catid;
2818 self::$skin->parse('addnewlog');
2823 * Admin::action_addnewlog2()
2828 static private function action_addnewlog2()
2830 global $member, $manager;
2831 $blogid = intRequestVar('blogid');
2833 $member->blogAdminRights($blogid) or self::disallow();
2835 $burl = requestVar('url');
2837 $blog =& $manager->getBlog($blogid);
2838 $blog->setURL(trim($burl));
2839 $blog->writeSettings();
2841 self::action_overview(_MSG_NEWBLOG);
2846 * Admin::action_skinieoverview()
2851 static private function action_skinieoverview()
2853 global $member, $DIR_LIBS, $manager;
2855 $member->isAdmin() or self::disallow();
2857 include_once($DIR_LIBS . 'skinie.php');
2859 self::$skin->parse('skinieoverview');
2864 * Admin::action_skinieimport()
2869 static private function action_skinieimport()
2873 $member->isAdmin() or self::disallow();
2875 $skinFileRaw = postVar('skinfile');
2876 $mode = postVar('mode');
2878 $error = self::skinieimport($mode, $skinFileRaw);
2881 self::error($error);
2885 self::$skin->parse('skinieimport');
2890 * Admin::action_skiniedoimport()
2895 static private function action_skiniedoimport()
2897 global $member, $DIR_LIBS, $DIR_SKINS;
2899 $member->isAdmin() or self::disallow();
2901 // load skinie class
2902 include_once($DIR_LIBS . 'skinie.php');
2904 $mode = postVar('mode');
2905 $skinFileRaw = postVar('skinfile');
2906 $allowOverwrite = intPostVar('overwrite');
2908 $error = self::skiniedoimport($mode, $skinFileRaw, $allowOverwrite);
2915 self::$skin->parse('skiniedoimport');
2920 * Admin::action_skinieexport()
2925 static private function action_skinieexport()
2929 $member->isAdmin() or self::disallow();
2931 $aSkins = requestIntArray('skin');
2932 $aTemplates = requestIntArray('template');
2933 $info = postVar('info');
2935 self::skinieexport($aSkins, $aTemplates, $info);
2941 * Admin::action_templateoverview()
2946 static private function action_templateoverview()
2948 global $member, $manager;
2950 $member->isAdmin() or self::disallow();
2952 self::$skin->parse('templateoverview');
2957 * Admin::action_templateedit()
2959 * @param string $msg message for pageheader
2962 static private function action_templateedit($msg = '')
2964 global $member, $manager;
2967 self::$headMess = $msg;
2970 $templateid = intRequestVar('templateid');
2972 $member->isAdmin() or self::disallow();
2974 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(javascript/templateEdit.js)%>\"></script>\n";
2975 self::$extrahead .= "<script type=\"text/javascript\">setTemplateEditText('" . Entity::hsc(_EDITTEMPLATE_EMPTY) . "');</script>\n";
2977 self::$skin->parse('templateedit');
2982 * Admin::action_templateupdate()
2987 static private function action_templateupdate()
2989 global $member,$manager;
2991 $templateid = intRequestVar('templateid');
2993 $member->isAdmin() or self::disallow();
2995 $name = postVar('tname');
2996 $desc = postVar('tdesc');
2998 if ( !isValidTemplateName($name) )
3000 self::error(_ERROR_BADTEMPLATENAME);
3004 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
3006 self::error(_ERROR_DUPTEMPLATENAME);
3010 // 1. Remove all template parts
3011 $query = "DELETE FROM %s WHERE tdesc=%d;";
3012 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3013 DB::execute($query);
3015 // 2. Update description
3016 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
3017 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
3018 DB::execute($query);
3020 // 3. Add non-empty template parts
3021 self::addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));
3022 self::addToTemplate($templateid, 'ITEM', postVar('ITEM'));
3023 self::addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));
3024 self::addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));
3025 self::addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));
3026 self::addToTemplate($templateid, 'NEW', postVar('NEW'));
3027 self::addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));
3028 self::addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));
3029 self::addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));
3030 self::addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));
3031 self::addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));
3032 self::addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));
3033 self::addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));
3034 self::addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));
3035 self::addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));
3036 self::addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
3037 self::addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
3038 self::addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
3039 self::addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
3040 self::addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
3041 self::addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
3042 self::addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
3043 self::addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
3044 self::addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
3045 self::addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));
3046 self::addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));
3047 self::addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));
3048 self::addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));
3049 self::addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));
3050 self::addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));
3051 self::addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
3052 self::addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));
3053 self::addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
3054 self::addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
3056 $data = array('fields' => array());
3057 $manager->notify('TemplateExtraFields', $data);
3058 foreach ( $data['fields'] as $pfkey=>$pfvalue )
3060 foreach ( $pfvalue as $pffield => $pfdesc )
3062 self::addToTemplate($templateid, $pffield, postVar($pffield));
3066 // jump back to template edit
3067 self::action_templateedit(_TEMPLATE_UPDATED);
3072 * Admin::addToTemplate()
3074 * @param Integer $id ID for template
3075 * @param String $partname parts name
3076 * @param String $content template contents
3077 * @return Integer record index
3080 static private function addToTemplate($id, $partname, $content)
3082 // don't add empty parts:
3083 if ( !trim($content) )
3088 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, %s, %s);";
3089 $query = sprintf($query, sql_table('template'), (integer) $id, DB::quoteValue($partname), DB::quoteValue($content));
3090 if ( DB::execute($query) === FALSE )
3092 $err = DB::getError();
3093 exit(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
3095 return DB::getInsertId();
3099 * Admin::action_templatedelete()
3104 static private function action_templatedelete()
3106 global $member, $manager;
3108 $member->isAdmin() or self::disallow();
3110 $templateid = intRequestVar('templateid');
3111 // TODO: check if template can be deleted
3113 self::$skin->parse('templatedelete');
3118 * Admin::action_templatedeleteconfirm()
3123 static private function action_templatedeleteconfirm()
3125 global $member, $manager;
3127 $templateid = intRequestVar('templateid');
3129 $member->isAdmin() or self::disallow();
3131 $data = array('templateid' => $templateid);
3132 $manager->notify('PreDeleteTemplate', $data);
3134 // 1. delete description
3135 DB::execute('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
3138 DB::execute('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
3141 $data = array('templateid' => $templateid);
3142 $manager->notify('PostDeleteTemplate', $data);
3144 self::action_templateoverview();
3149 * Admin::action_templatenew()
3154 static private function action_templatenew()
3158 $member->isAdmin() or self::disallow();
3160 $name = postVar('name');
3161 $desc = postVar('desc');
3163 if ( !isValidTemplateName($name) )
3165 self::error(_ERROR_BADTEMPLATENAME);
3169 if ( Template::exists($name) )
3171 self::error(_ERROR_DUPTEMPLATENAME);
3175 $newTemplateId = Template::createNew($name, $desc);
3177 self::action_templateoverview();
3182 * Admin::action_templateclone()
3187 static private function action_templateclone()
3191 $templateid = intRequestVar('templateid');
3193 $member->isAdmin() or self::disallow();
3195 // 1. read old template
3196 $name = Template::getNameFromId($templateid);
3197 $desc = Template::getDesc($templateid);
3199 // 2. create desc thing
3200 $name = "cloned" . $name;
3202 // if a template with that name already exists:
3203 if ( Template::exists($name) )
3206 while (Template::exists($name . $i))
3213 $newid = Template::createNew($name, $desc);
3216 // go through parts of old template and add them to the new one
3217 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
3218 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3220 $res = DB::getResult($query);
3221 foreach ( $res as $row)
3223 self::addToTemplate($newid, $row['tpartname'], $row['tcontent']);
3226 self::action_templateoverview();
3231 * Admin::action_admintemplateoverview()
3236 static private function action_admintemplateoverview()
3239 $member->isAdmin() or self::disallow();
3240 self::$skin->parse('admntemplateoverview');
3245 * Admin::action_admintemplateedit()
3247 * @param string $msg message for pageheader
3250 static private function action_admintemplateedit($msg = '')
3252 global $member, $manager;
3255 self::$headMess = $msg;
3257 $member->isAdmin() or self::disallow();
3259 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(javascript/templateEdit.js)%>\"></script>\n";
3260 self::$extrahead .= '<script type="text/javascript">setTemplateEditText("' . Entity::hsc(_EDITTEMPLATE_EMPTY) . '");</script>' . "\n";
3262 self::$skin->parse('admintemplateedit');
3267 * Admin::action_admintemplateupdate()
3272 static private function action_admintemplateupdate()
3274 global $member, $manager;
3275 $templateid = intRequestVar('templateid');
3276 $member->isAdmin() or self::disallow();
3277 $name = postVar('tname');
3278 $desc = postVar('tdesc');
3280 if ( !isValidTemplateName($name) )
3282 self::error(_ERROR_BADTEMPLATENAME);
3286 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
3288 self::error(_ERROR_DUPTEMPLATENAME);
3292 // 1. Remove all template parts
3293 $query = "DELETE FROM %s WHERE tdesc=%d;";
3294 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3295 DB::execute($query);
3297 // 2. Update description
3298 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
3299 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
3300 DB::execute($query);
3302 // 3. Add non-empty template parts
3303 self::addToTemplate($templateid, 'NORMALSKINLIST_HEAD', postVar('NORMALSKINLIST_HEAD'));
3304 self::addToTemplate($templateid, 'NORMALSKINLIST_BODY', postVar('NORMALSKINLIST_BODY'));
3305 self::addToTemplate($templateid, 'NORMALSKINLIST_FOOT', postVar('NORMALSKINLIST_FOOT'));
3306 self::addToTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON', postVar('ADMIN_CUSTOMHELPLINK_ICON'));
3307 self::addToTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR', postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
3308 self::addToTemplate($templateid, 'ADMIN_BLOGLINK', postVar('ADMIN_BLOGLINK'));
3309 self::addToTemplate($templateid, 'ADMIN_BATCHLIST', postVar('ADMIN_BATCHLIST'));
3310 self::addToTemplate($templateid, 'ACTIVATE_FORGOT_TITLE', postVar('ACTIVATE_FORGOT_TITLE'));
3311 self::addToTemplate($templateid, 'ACTIVATE_FORGOT_TEXT', postVar('ACTIVATE_FORGOT_TEXT'));
3312 self::addToTemplate($templateid, 'ACTIVATE_REGISTER_TITLE', postVar('ACTIVATE_REGISTER_TITLE'));
3313 self::addToTemplate($templateid, 'ACTIVATE_REGISTER_TEXT', postVar('ACTIVATE_REGISTER_TEXT'));
3314 self::addToTemplate($templateid, 'ACTIVATE_CHANGE_TITLE', postVar('ACTIVATE_CHANGE_TITLE'));
3315 self::addToTemplate($templateid, 'ACTIVATE_CHANGE_TEXT', postVar('ACTIVATE_CHANGE_TEXT'));
3316 self::addToTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME', postVar('TEMPLATE_EDIT_EXPLUGNAME'));
3317 self::addToTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD', postVar('TEMPLATE_EDIT_ROW_HEAD'));
3318 self::addToTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL', postVar('TEMPLATE_EDIT_ROW_TAIL'));
3319 self::addToTemplate($templateid, 'SPECIALSKINLIST_HEAD', postVar('SPECIALSKINLIST_HEAD'));
3320 self::addToTemplate($templateid, 'SPECIALSKINLIST_BODY', postVar('SPECIALSKINLIST_BODY'));
3321 self::addToTemplate($templateid, 'SPECIALSKINLIST_FOOT', postVar('SPECIALSKINLIST_FOOT'));
3322 self::addToTemplate($templateid, 'SYSTEMINFO_GDSETTINGS', postVar('SYSTEMINFO_GDSETTINGS'));
3323 self::addToTemplate($templateid, 'BANLIST_DELETED_LIST', postVar('BANLIST_DELETED_LIST'));
3324 self::addToTemplate($templateid, 'INSERT_PLUGOPTION_TITLE', postVar('INSERT_PLUGOPTION_TITLE'));
3325 self::addToTemplate($templateid, 'INSERT_PLUGOPTION_BODY', postVar('INSERT_PLUGOPTION_BODY'));
3326 self::addToTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN', postVar('INPUTYESNO_TEMPLATE_ADMIN'));
3327 self::addToTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL', postVar('INPUTYESNO_TEMPLATE_NORMAL'));
3328 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD', postVar('ADMIN_SPECIALSKINLIST_HEAD'));
3329 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY', postVar('ADMIN_SPECIALSKINLIST_BODY'));
3330 self::addToTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT', postVar('ADMIN_SPECIALSKINLIST_FOOT'));
3331 self::addToTemplate($templateid, 'SKINIE_EXPORT_LIST', postVar('SKINIE_EXPORT_LIST'));
3332 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD', postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
3333 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY', postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
3334 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT', postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
3335 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
3336 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
3337 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
3338 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
3339 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
3340 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
3341 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
3342 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
3343 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
3344 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
3345 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
3346 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
3347 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
3348 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
3349 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
3350 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
3351 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
3352 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
3353 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
3354 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
3355 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
3356 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
3357 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
3358 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
3359 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
3360 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
3361 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
3362 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
3363 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
3364 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
3365 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
3366 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
3367 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
3368 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
3369 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
3370 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
3371 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
3372 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
3373 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
3374 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
3375 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
3376 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
3377 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
3378 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
3379 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
3380 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
3381 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
3382 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
3383 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
3384 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
3385 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
3386 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
3387 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
3388 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
3389 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
3390 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
3391 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
3392 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
3393 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
3394 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
3395 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
3396 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
3397 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
3398 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
3399 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
3400 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
3401 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
3402 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
3403 self::addToTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
3404 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE', postVar('PLUGIN_QUICKMENU_TITLE'));
3405 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD', postVar('PLUGIN_QUICKMENU_HEAD'));
3406 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_BODY', postVar('PLUGIN_QUICKMENU_BODY'));
3407 self::addToTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT', postVar('PLUGIN_QUICKMENU_FOOT'));
3409 $data = array('fields' => array());
3410 $manager->notify('AdminTemplateExtraFields', $data);
3411 foreach ( $data['fields'] as $pfkey => $pfvalue )
3413 foreach ( $pfvalue as $pffield => $pfdesc )
3415 self::addToTemplate($templateid, $pffield, postVar($pffield));
3419 // jump back to template edit
3420 self::action_admintemplateedit(_TEMPLATE_UPDATED);
3425 * Admin::action_admintemplatedelete()
3430 static private function action_admintemplatedelete()
3432 global $member, $manager;
3433 $member->isAdmin() or self::disallow();
3435 // TODO: check if template can be deleted
3436 self::$skin->parse('admintemplatedelete');
3441 * Admin::action_admintemplatedeleteconfirm()
3446 static private function action_admintemplatedeleteconfirm()
3448 global $member, $manager;
3450 $templateid = intRequestVar('templateid');
3451 $member->isAdmin() or self::disallow();
3453 $data = array('templateid' => $templateid);
3454 $manager->notify('PreDeleteAdminTemplate', $data);
3456 // 1. delete description
3457 $query = "DELETE FROM %s WHERE tdnumber=%s;";
3458 $query = sprintf($query, sql_table('template_desc'), (integer) $templateid);
3459 DB::execute($query);
3462 $query = "DELETE FROM %s WHERE tdesc=%d;";
3463 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3464 DB::execute($query);
3466 $data = array('templateid' => $templateid);
3467 $manager->notify('PostDeleteAdminTemplate', $data);
3469 self::action_admintemplateoverview();
3474 * Admin::action_admintemplatenew()
3479 static private function action_admintemplatenew()
3482 $member->isAdmin() or self::disallow();
3483 $name = postVar('name');
3484 $desc = postVar('desc');
3486 if ( !isValidTemplateName($name) )
3488 self::error(_ERROR_BADTEMPLATENAME);
3491 else if ( !preg_match('#^admin/#', $name) )
3493 self::error(_ERROR_BADADMINTEMPLATENAME);
3496 else if ( Template::exists($name) )
3498 self::error(_ERROR_DUPTEMPLATENAME);
3502 $newTemplateId = Template::createNew($name, $desc);
3503 self::action_admintemplateoverview();
3508 * Admin::action_admintemplateclone()
3513 static private function action_admintemplateclone()
3516 $templateid = intRequestVar('templateid');
3517 $member->isAdmin() or self::disallow();
3519 // 1. read old template
3520 $name = Template::getNameFromId($templateid);
3521 $desc = Template::getDesc($templateid);
3523 // 2. create desc thing
3524 $name = $name . "cloned";
3526 // if a template with that name already exists:
3527 if ( Template::exists($name) )
3530 while ( Template::exists($name . $i) )
3537 $newid = Template::createNew($name, $desc);
3540 // go through parts of old template and add them to the new one
3541 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
3542 $query = sprintf($query, sql_table('template'), (integer) $templateid);
3544 $res = DB::getResult($query);
3545 foreach ( $res as $row )
3547 self::addToTemplate($newid, $row['tpartname'], $row['tcontent']);
3550 self::action_admintemplateoverview();
3555 * Admin::action_skinoverview()
3560 static private function action_skinoverview()
3562 global $member, $manager;
3564 $member->isAdmin() or self::disallow();
3566 self::$skin->parse('skinoverview');
3571 * Admin::action_skinnew()
3576 static private function action_skinnew()
3580 $member->isAdmin() or self::disallow();
3582 $name = trim(postVar('name'));
3583 $desc = trim(postVar('desc'));
3585 if ( !isValidSkinName($name) )
3587 self::error(_ERROR_BADSKINNAME);
3590 else if ( SKIN::exists($name) )
3592 self::error(_ERROR_DUPSKINNAME);
3596 SKIN::createNew($name, $desc);
3598 self::action_skinoverview();
3603 * Admin::action_skinedit()
3608 static private function action_skinedit()
3612 $member->isAdmin() or self::disallow();
3614 self::$skin->parse('skinedit');
3619 * Admin::action_skineditgeneral()
3624 static private function action_skineditgeneral()
3628 $skinid = intRequestVar('skinid');
3630 $member->isAdmin() or self::disallow();
3632 $error = self::skineditgeneral($skinid);
3635 self::error($error);
3639 self::action_skinedit();
3643 static private function action_skinedittype($msg = '')
3647 $member->isAdmin() or self::disallow();
3651 self::$headMess = $msg;
3654 $type = requestVar('type');
3655 $type = trim($type);
3656 $type = strtolower($type);
3658 if ( !isValidShortName($type) )
3660 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
3664 self::$skin->parse('skinedittype');
3669 * Admin::action_skinupdate()
3674 static private function action_skinupdate()
3676 global $manager, $member;
3678 $skinid = intRequestVar('skinid');
3679 $content = trim(postVar('content'));
3680 $type = postVar('type');
3682 $member->isAdmin() or self::disallow();
3684 $skin =& $manager->getSKIN($skinid);
3685 $skin->update($type, $content);
3687 self::action_skinedittype(_SKIN_UPDATED);
3692 * Admin::action_skindelete()
3697 static private function action_skindelete()
3699 global $CONF, $member;
3701 $member->isAdmin() or self::disallow();
3703 $skinid = intRequestVar('skinid');
3705 // don't allow default skin to be deleted
3706 if ( $skinid == $CONF['BaseSkin'] )
3708 self::error(_ERROR_DEFAULTSKIN);
3712 // don't allow deletion of default skins for blogs
3713 $query = "SELECT bname FROM %s WHERE bdefskin=%d";
3714 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
3716 $name = DB::getValue($query);
3719 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
3723 self::$skin->parse('skindelete');
3728 * Admin::action_skindeleteconfirm()
3733 static private function action_skindeleteconfirm()
3735 global $member, $CONF;
3737 $member->isAdmin() or self::disallow();
3739 $skinid = intRequestVar('skinid');
3741 // don't allow default skin to be deleted
3742 if ( $skinid == $CONF['BaseSkin'] )
3744 self::error(_ERROR_DEFAULTSKIN);
3748 // don't allow deletion of default skins for blogs
3749 $query = "SELECT bname FROM %s WHERE bdefskin=%d;";
3750 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
3752 $name = DB::getValue($query);
3755 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
3759 self::skindeleteconfirm($skinid);
3761 self::action_skinoverview();
3766 * Admin::action_skinremovetype()
3771 static private function action_skinremovetype()
3773 global $member, $CONF;
3775 $member->isAdmin() or self::disallow();
3777 $skinid = intRequestVar('skinid');
3778 $skintype = requestVar('type');
3780 if ( !isValidShortName($skintype) )
3782 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
3786 self::$skin->parse('skinremovetype');
3791 * Admin::action_skinremovetypeconfirm()
3796 static private function action_skinremovetypeconfirm()
3800 $member->isAdmin() or self::disallow();
3802 $skinid = intRequestVar('skinid');
3803 $skintype = requestVar('type');
3805 $error = self::skinremovetypeconfirm($skinid, $skintype);
3808 self::error($error);
3812 self::action_skinedit();
3817 * Admin::action_skinclone()
3822 static private function action_skinclone()
3826 $member->isAdmin() or self::disallow();
3828 $skinid = intRequestVar('skinid');
3830 self::skinclone($skinid);
3832 self::action_skinoverview();
3837 * Admin::action_adminskinoverview()
3842 static private function action_adminskinoverview()
3846 $member->isAdmin() or self::disallow();
3848 self::$skin->parse('adminskinoverview');
3853 * Admin::action_adminskinnew()
3858 static private function action_adminskinnew()
3862 $member->isAdmin() or self::disallow();
3864 $name = trim(postVar('name'));
3865 $desc = trim(postVar('desc'));
3867 if ( !isValidSkinName($name) )
3869 self::error(_ERROR_BADSKINNAME);
3872 else if ( !preg_match('#^admin/#', $name) )
3874 self::error(_ERROR_BADADMINSKINNAME);
3877 else if ( Skin::exists($name) )
3879 self::error(_ERROR_DUPSKINNAME);
3883 Skin::createNew($name, $desc);
3885 self::action_adminskinoverview();
3890 * Admin::action_adminskinedit()
3895 static private function action_adminskinedit()
3899 $member->isAdmin() or self::disallow();
3901 self::$skin->parse('adminskinedit');
3907 * Admin::action_adminskineditgeneral()
3912 static private function action_adminskineditgeneral()
3916 $skinid = intRequestVar('skinid');
3918 $member->isAdmin() or self::disallow();
3920 $error = self::skineditgeneral($skinid, 'AdminActions');
3923 self::error($error);
3927 self::action_adminskinedit();
3932 * Admin::action_adminskinedittype()
3934 * @param string $msg message for pageheader
3937 static private function action_adminskinedittype($msg = '')
3941 $member->isAdmin() or self::disallow();
3945 self::$headMess = $msg;
3947 $type = requestVar('type');
3948 $type = trim($type);
3949 $type = strtolower($type);
3951 if ( !isValidShortName($type) )
3953 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
3957 self::$skin->parse('adminskinedittype');
3962 * Admin::action_adminskinupdate()
3967 static private function action_adminskinupdate()
3969 global $manager, $member;
3971 $skinid = intRequestVar('skinid');
3972 $content = trim(postVar('content'));
3973 $type = postVar('type');
3975 $member->isAdmin() or self::disallow();
3977 $skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
3978 $skin->update($type, $content);
3980 self::action_adminskinedittype(_SKIN_UPDATED);
3985 * Admin::action_adminskindelete()
3990 static private function action_adminskindelete()
3992 global $CONF, $member;
3994 $member->isAdmin() or self::disallow();
3996 $skinid = intRequestVar('skinid');
3998 // don't allow default skin to be deleted
3999 if ( $skinid == $CONF['AdminSkin'] || $skinid == $CONF['BookmarkletSkin'] )
4001 self::error(_ERROR_DEFAULTSKIN);
4005 /* don't allow if someone use it as a default*/
4006 $query = 'SELECT * FROM %s WHERE madminskin = %d or mbkmklt = %d;';
4007 $res = DB::getResult(sprintf($query, sql_table('member'), $skinid, $skinid));
4010 while ( $row = $res->fetch() ) {
4011 $members[] = $row['mrealname'];
4013 if ( count($members) )
4015 self::error(_ERROR_SKINDEFDELETE . implode(' ' . _AND . ' ', $members));
4019 self::$skin->parse('adminskindelete');
4024 * Admin::action_adminskindeleteconfirm()
4029 static private function action_adminskindeleteconfirm()
4031 global $member, $CONF;
4033 $member->isAdmin() or self::disallow();
4035 $skinid = intRequestVar('skinid');
4037 // don't allow default skin to be deleted
4038 if ( $skinid == $CONF['AdminSkin'] || $skinid == $CONF['BookmarkletSkin'] )
4040 self::error(_ERROR_DEFAULTSKIN);
4044 /* don't allow if someone use it as a default*/
4045 $query = 'SELECT * FROM %s WHERE madminskin = %d or mbkmklt = %d;';
4046 $res = DB::getResult(sprintf($query, sql_table('member'), $skinid, $skinid));
4049 while ( $row = $res->fetch() ) {
4050 $members[] = $row['mrealname'];
4052 if ( count($members) )
4054 self::error(_ERROR_SKINDEFDELETE . implode(' ' . _AND . ' ', $members));
4058 self::skindeleteconfirm($skinid);
4060 self::action_adminskinoverview();
4065 * Admin::action_adminskinremovetype()
4070 static private function action_adminskinremovetype()
4072 global $member, $CONF;
4074 $member->isAdmin() or self::disallow();
4076 $skinid = intRequestVar('skinid');
4077 $skintype = requestVar('type');
4079 if ( !isValidShortName($skintype) )
4081 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
4085 self::$skin->parse('adminskinremovetype');
4090 * Admin::action_adminskinremovetypeconfirm()
4095 static private function action_adminskinremovetypeconfirm()
4099 $member->isAdmin() or self::disallow();
4101 $skinid = intRequestVar('skinid');
4102 $skintype = requestVar('type');
4104 $error = self::skinremovetypeconfirm($skinid, $skintype);
4107 self::error($error);
4111 self::action_adminskinedit();
4116 * Admin::action_adminskinclone()
4121 static private function action_adminskinclone()
4125 $member->isAdmin() or self::disallow();
4127 $skinid = intRequestVar('skinid');
4129 self::skinclone($skinid, 'AdminActions');
4131 self::action_adminskinoverview();
4136 * Admin::action_adminskinieoverview()
4141 static private function action_adminskinieoverview()
4145 $member->isAdmin() or self::disallow();
4147 self::$skin->parse('adminskinieoverview');
4152 * Admin::action_adminskinieimport()
4157 static private function action_adminskinieimport()
4161 $member->isAdmin() or self::disallow();
4163 $skinFileRaw = postVar('skinfile');
4164 $mode = postVar('mode');
4166 $error = self::skinieimport($mode, $skinFileRaw);
4169 self::error($error);
4173 if ( !is_object(self::$skin) )
4175 self::action_adminskiniedoimport();
4179 self::$skin->parse('adminskinieimport');
4185 * Admin::action_adminskiniedoimport()
4190 static private function action_adminskiniedoimport()
4192 global $DIR_SKINS, $member;
4194 $member->isAdmin() or self::disallow();
4196 $mode = postVar('mode');
4197 $skinFileRaw = postVar('skinfile');
4198 $allowOverwrite = intPostVar('overwrite');
4200 $error = self::skiniedoimport($mode, $skinFileRaw, $allowOverwrite);
4203 self::error($error);
4207 if ( !is_object(self::$skin) )
4210 $query = "SELECT min(sdnumber) FROM %s WHERE sdname != 'admin/bookmarklet' AND sdname LIKE 'admin/%%'";
4211 $query = sprintf($query, sql_table('skin_desc'));
4212 $res = intval(DB::getValue($query));
4213 $query = "UPDATE %s SET value = %d WHERE name = 'AdminSkin'";
4214 $query = sprintf($query, sql_table('config'), $res);
4215 DB::execute($query);
4216 $skin = new Skin(0, 'AdminActions', 'AdminSkin');
4217 $skin->parse('importAdmin', $DIR_SKINS . 'admin/defaultimporter.skn');
4221 self::$skin->parse('adminskiniedoimport');
4227 * Admin::action_adminskinieexport()
4232 static private function action_adminskinieexport()
4236 $member->isAdmin() or self::disallow();
4238 // load skinie class
4239 $aSkins = requestIntArray('skin');
4240 $aTemplates = requestIntArray('template');
4241 $info = postVar('info');
4243 self::skinieexport($aSkins, $aTemplates, $info);
4249 * Admin::action_settingsedit()
4254 static private function action_settingsedit()
4256 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
4258 $member->isAdmin() or self::disallow();
4260 self::$skin->parse('settingsedit');
4265 * Admin::action_settingsupdate()
4266 * Update $CONFIG and redirect
4271 static private function action_settingsupdate()
4273 global $member, $CONF;
4275 $member->isAdmin() or self::disallow();
4277 // check if email address for admin is valid
4278 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
4280 self::error(_ERROR_BADMAILADDRESS);
4285 self::updateConfig('DefaultBlog', postVar('DefaultBlog'));
4286 self::updateConfig('BaseSkin', postVar('BaseSkin'));
4287 self::updateConfig('IndexURL', postVar('IndexURL'));
4288 self::updateConfig('AdminURL', postVar('AdminURL'));
4289 self::updateConfig('PluginURL', postVar('PluginURL'));
4290 self::updateConfig('SkinsURL', postVar('SkinsURL'));
4291 self::updateConfig('ActionURL', postVar('ActionURL'));
4292 self::updateConfig('Locale', postVar('Locale'));
4293 self::updateConfig('AdminEmail', postVar('AdminEmail'));
4294 self::updateConfig('SessionCookie', postVar('SessionCookie'));
4295 self::updateConfig('AllowMemberCreate', postVar('AllowMemberCreate'));
4296 self::updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
4297 self::updateConfig('NonmemberMail', postVar('NonmemberMail'));
4298 self::updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
4299 self::updateConfig('SiteName', postVar('SiteName'));
4300 self::updateConfig('NewMemberCanLogon', postVar('NewMemberCanLogon'));
4301 self::updateConfig('DisableSite', postVar('DisableSite'));
4302 self::updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
4303 self::updateConfig('LastVisit', postVar('LastVisit'));
4304 self::updateConfig('MediaURL', postVar('MediaURL'));
4305 self::updateConfig('AllowedTypes', postVar('AllowedTypes'));
4306 self::updateConfig('AllowUpload', postVar('AllowUpload'));
4307 self::updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
4308 self::updateConfig('MediaPrefix', postVar('MediaPrefix'));
4309 self::updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
4310 self::updateConfig('DisableJsTools', postVar('DisableJsTools'));
4311 self::updateConfig('CookieDomain', postVar('CookieDomain'));
4312 self::updateConfig('CookiePath', postVar('CookiePath'));
4313 self::updateConfig('CookieSecure', postVar('CookieSecure'));
4314 self::updateConfig('URLMode', postVar('URLMode'));
4315 self::updateConfig('CookiePrefix', postVar('CookiePrefix'));
4316 self::updateConfig('DebugVars', postVar('DebugVars'));
4317 self::updateConfig('DefaultListSize', postVar('DefaultListSize'));
4318 self::updateConfig('AdminCSS', postVar('AdminCSS'));
4319 self::updateConfig('AdminSkin', postVar('adminskin'));
4320 self::updateConfig('BookmarkletSkin', postVar('bookmarklet'));
4322 // load new config and redirect (this way, the new locale will be used is necessary)
4323 // note that when changing cookie settings, this redirect might cause the user
4324 // to have to log in again.
4326 redirect($CONF['AdminURL'] . '?action=manage');
4331 * Admin::action_systemoverview()
4332 * Output system overview
4337 static private function action_systemoverview()
4339 self::$skin->parse('systemoverview');
4344 * Admin::updateConfig()
4346 * @param string $name
4347 * @param string $val
4348 * @return integer return the ID in which the latest query posted
4350 static private function updateConfig($name, $val)
4352 $query = "UPDATE %s SET value=%s WHERE name=%s";
4353 $query = sprintf($query, sql_table('config'), DB::quoteValue($val), DB::quoteValue($name));
4354 if ( DB::execute($query) === FALSE )
4356 $err = DB::getError();
4357 die(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
4359 return DB::getInsertId();
4366 * @param string $msg message that will be shown
4369 static public function error($msg)
4371 self::$headMess = $msg;
4372 self::$skin->parse('adminerrorpage');
4378 * add error log and show error page
4383 static public function disallow()
4385 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
4386 self::error(_ERROR_DISALLOWED);
4391 * Admin::action_PluginAdmin()
4392 * Output pluginadmin
4394 * @param string $skinContents
4395 * @param string $extrahead
4398 static public function action_PluginAdmin($skinContents, $extrahead = '')
4400 self::$extrahead .= $extrahead;
4401 self::$skin->parse('pluginadmin', $skinContents);
4406 * Admin::action_bookmarklet()
4411 static private function action_bookmarklet()
4413 global $member, $manager;
4415 $blogid = intRequestVar('blogid');
4416 $member->teamRights($blogid) or self::disallow();
4418 self::$skin->parse('bookmarklet');
4423 * Admin::action_actionlog()
4428 static private function action_actionlog()
4430 global $member, $manager;
4432 $member->isAdmin() or self::disallow();
4434 self::$skin->parse('actionlog');
4439 * Admin::action_banlist()
4444 static private function action_banlist()
4446 global $member, $manager;
4448 $blogid = intRequestVar('blogid');
4449 $member->blogAdminRights($blogid) or self::disallow();
4451 self::$skin->parse('banlist');
4456 * Admin::action_banlistdelete()
4461 static private function action_banlistdelete()
4463 global $member, $manager;
4465 $blogid = intRequestVar('blogid');
4466 $member->blogAdminRights($blogid) or self::disallow();
4468 self::$skin->parse('banlistdelete');
4473 * Admin::action_banlistdeleteconfirm()
4478 static private function action_banlistdeleteconfirm()
4480 global $member, $manager;
4482 $blogid = intPostVar('blogid');
4483 $allblogs = postVar('allblogs');
4484 $iprange = postVar('iprange');
4486 $member->blogAdminRights($blogid) or self::disallow();
4492 if ( Ban::removeBan($blogid, $iprange) )
4494 $deleted[] = $blogid;
4499 // get blogs fot which member has admin rights
4500 $adminblogs = $member->getAdminBlogs();
4501 foreach ($adminblogs as $blogje)
4503 if ( Ban::removeBan($blogje, $iprange) )
4505 $deleted[] = $blogje;
4510 if ( sizeof($deleted) == 0 )
4512 self::error(_ERROR_DELETEBAN);
4516 /* TODO: we should use other ways */
4517 $_REQUEST['delblogs'] = $deleted;
4519 self::$skin->parse('banlistdeleteconfirm');
4524 * Admin::action_banlistnewfromitem()
4529 static private function action_banlistnewfromitem()
4533 $itemid = intRequestVar('itemid');
4534 $item =& $manager->getItem($itemid, 1, 1);
4535 self::action_banlistnew($item['blogid']);
4540 * Admin::action_banlistnew()
4542 * @param integer $blogid ID for weblog
4545 static private function action_banlistnew($blogid = '')
4547 global $member, $manager;
4549 if ( $blogid == '' )
4551 $blogid = intRequestVar('blogid');
4554 $ip = requestVar('ip');
4556 $member->blogAdminRights($blogid) or self::disallow();
4558 /* TODO: we should consider to use the other way instead of this */
4559 $_REQUEST['blogid'] = $blogid;
4561 self::$skin->parse('banlistnew');
4567 * Admin::action_banlistadd()
4572 static private function action_banlistadd()
4576 $blogid = intPostVar('blogid');
4577 $allblogs = postVar('allblogs');
4578 $iprange = postVar('iprange');
4580 if ( $iprange == "custom" )
4582 $iprange = postVar('customiprange');
4584 $reason = postVar('reason');
4586 $member->blogAdminRights($blogid) or self::disallow();
4588 // TODO: check IP range validity
4592 if ( !Ban::addBan($blogid, $iprange, $reason) )
4594 self::error(_ERROR_ADDBAN);
4600 // get blogs fot which member has admin rights
4601 $adminblogs = $member->getAdminBlogs();
4603 foreach ($adminblogs as $blogje)
4605 if ( !Ban::addBan($blogje, $iprange, $reason) )
4612 self::error(_ERROR_ADDBAN);
4616 self::action_banlist();
4621 * Admin::action_clearactionlog()
4626 static private function action_clearactionlog()
4630 $member->isAdmin() or self::disallow();
4634 self::action_manage(_MSG_ACTIONLOGCLEARED);
4639 * Admin::action_backupoverview()
4644 static private function action_backupoverview()
4646 global $member, $manager;
4648 $member->isAdmin() or self::disallow();
4650 self::$skin->parse('backupoverview');
4655 * Admin::action_backupcreate()
4656 * create file for backup
4662 static private function action_backupcreate()
4664 global $member, $DIR_LIBS;
4666 $member->isAdmin() or self::disallow();
4668 // use compression ?
4669 $useGzip = (integer) postVar('gzip');
4671 include($DIR_LIBS . 'backup.php');
4673 // try to extend time limit
4674 // (creating/restoring dumps might take a while)
4675 @set_time_limit(1200);
4677 Backup::do_backup($useGzip);
4682 * Admin::action_backuprestore()
4683 * restoring from uploaded file
4688 static private function action_backuprestore()
4690 global $member, $DIR_LIBS;
4692 $member->isAdmin() or self::disallow();
4694 if ( intPostVar('letsgo') != 1 )
4696 self::error(_ERROR_BACKUP_NOTSURE);
4700 include($DIR_LIBS . 'backup.php');
4702 // try to extend time limit
4703 // (creating/restoring dumps might take a while)
4704 @set_time_limit(1200);
4706 $message = Backup::do_restore();
4707 if ( $message != '' )
4709 self::error($message);
4712 self::$skin->parse('backuprestore');
4717 * Admin::action_pluginlist()
4718 * output the list of installed plugins
4724 static private function action_pluginlist()
4726 global $DIR_PLUGINS, $member, $manager;
4729 $member->isAdmin() or self::disallow();
4731 self::$skin->parse('pluginlist');
4736 * Admin::action_pluginhelp()
4741 static private function action_pluginhelp()
4743 global $member, $manager, $DIR_PLUGINS, $CONF;
4746 $member->isAdmin() or self::disallow();
4748 $plugid = intGetVar('plugid');
4750 if ( !$manager->pidInstalled($plugid) )
4752 self::error(_ERROR_NOSUCHPLUGIN);
4756 self::$skin->parse('pluginhelp');
4761 * Admin::action_pluginadd()
4767 static private function action_pluginadd()
4769 global $member, $manager, $DIR_PLUGINS;
4772 $member->isAdmin() or self::disallow();
4774 $name = postVar('filename');
4776 if ( $manager->pluginInstalled($name) )
4778 self::error(_ERROR_DUPPLUGIN);
4782 if ( !checkPlugin($name) )
4784 self::error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
4788 // get number of currently installed plugins
4789 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
4790 $numCurrent = $res->rowCount();
4792 // plugin will be added as last one in the list
4793 $newOrder = $numCurrent + 1;
4795 $data = array('file' => &$name);
4796 $manager->notify('PreAddPlugin', $data);
4798 // do this before calling getPlugin (in case the plugin id is used there)
4799 $query = "INSERT INTO %s (porder, pfile) VALUES (%d, %s);";
4800 $query = sprintf($query, sql_table('plugin'), (integer) $newOrder, DB::quoteValue($name));
4801 DB::execute($query);
4802 $iPid = DB::getInsertId();
4804 $manager->clearCachedInfo('installedPlugins');
4806 // Load the plugin for condition checking and instalation
4807 $plugin =& $manager->getPlugin($name);
4809 // check if it got loaded (could have failed)
4812 $query = "DELETE FROM %s WHERE pid=%d;";
4813 $query = sprintf($query, sql_table('plugin'), (integer) $iPid);
4815 DB::execute($query);
4817 $manager->clearCachedInfo('installedPlugins');
4818 self::error(_ERROR_PLUGIN_LOAD);
4822 // check if plugin needs a newer Nucleus version
4823 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
4825 // uninstall plugin again...
4826 self::deleteOnePlugin($plugin->getID());
4828 // ...and show error
4829 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
4833 // check if plugin needs a newer Nucleus version
4834 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
4836 // uninstall plugin again...
4837 self::deleteOnePlugin($plugin->getID());
4839 // ...and show error
4840 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
4844 $pluginList = $plugin->getPluginDep();
4845 foreach ( $pluginList as $pluginName )
4847 $res = DB::getResult('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile=' . DB::quoteValue($pluginName));
4848 if ($res->rowCount() == 0)
4850 // uninstall plugin again...
4851 self::deleteOnePlugin($plugin->getID());
4852 self::error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
4857 // call the install method of the plugin
4860 $data = array('plugin' => &$plugin);
4861 $manager->notify('PostAddPlugin', $data);
4863 // update all events
4864 self::action_pluginupdate();
4869 * ADMIN:action_pluginupdate():
4875 static private function action_pluginupdate()
4877 global $member, $manager, $CONF;
4880 $member->isAdmin() or self::disallow();
4882 // delete everything from plugin_events
4883 DB::execute('DELETE FROM '.sql_table('plugin_event'));
4885 // loop over all installed plugins
4886 $res = DB::getResult('SELECT pid, pfile FROM '.sql_table('plugin'));
4887 foreach ( $res as $row )
4890 $plug =& $manager->getPlugin($row['pfile']);
4893 $eventList = $plug->getEventList();
4894 foreach ( $eventList as $eventName )
4896 $query = "INSERT INTO %s (pid, event) VALUES (%d, %s)";
4897 $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, DB::quoteValue($eventName));
4898 DB::execute($query);
4902 redirect($CONF['AdminURL'] . '?action=pluginlist');
4907 * Admin::action_plugindelete()
4912 static private function action_plugindelete()
4914 global $member, $manager;
4917 $member->isAdmin() or self::disallow();
4919 $pid = intGetVar('plugid');
4921 if ( !$manager->pidInstalled($pid) )
4923 self::error(_ERROR_NOSUCHPLUGIN);
4927 self::$skin->parse('plugindelete');
4932 * Admin::action_plugindeleteconfirm()
4937 static private function action_plugindeleteconfirm()
4939 global $member, $manager, $CONF;
4942 $member->isAdmin() or self::disallow();
4944 $pid = intPostVar('plugid');
4946 $error = self::deleteOnePlugin($pid, 1);
4949 self::error($error);
4953 redirect($CONF['AdminURL'] . '?action=pluginlist');
4958 * Admin::deleteOnePlugin()
4960 * @param integer $pid
4961 * @param boolean $callUninstall
4962 * @return string empty or message if failed
4964 static public function deleteOnePlugin($pid, $callUninstall = 0)
4968 $pid = intval($pid);
4970 if ( !$manager->pidInstalled($pid) )
4972 return _ERROR_NOSUCHPLUGIN;
4975 $query = "SELECT pfile as result FROM %s WHERE pid=%d;";
4976 $query = sprintf($query, sql_table('plugin'), (integer) $pid);
4977 $name = DB::getValue($query);
4979 // check dependency before delete
4980 $res = DB::getResult('SELECT pfile FROM ' . sql_table('plugin'));
4981 foreach ( $res as $row )
4983 $plug =& $manager->getPlugin($row['pfile']);
4986 $depList = $plug->getPluginDep();
4987 foreach ( $depList as $depName )
4989 if ( $name == $depName )
4991 return sprintf(_ERROR_DELREQPLUGIN, $row['pfile']);
4997 $data = array('plugid' => $pid);
4998 $manager->notify('PreDeletePlugin', $data);
5000 // call the unInstall method of the plugin
5001 if ( $callUninstall )
5003 $plugin =& $manager->getPlugin($name);
5006 $plugin->unInstall();
5010 // delete all subscriptions
5011 DB::execute('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
5013 // delete all options
5014 // get OIDs from plugin_option_desc
5015 $res = DB::getResult('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
5017 foreach ( $res as $row )
5019 array_push($aOIDs, $row['oid']);
5022 // delete from plugin_option and plugin_option_desc
5023 DB::execute('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
5024 if (count($aOIDs) > 0)
5026 DB::execute('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')');
5029 // update order numbers
5030 $res = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
5031 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $res);
5034 DB::execute('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
5036 $manager->clearCachedInfo('installedPlugins');
5037 $data = array('plugid' => $pid);
5038 $manager->notify('PostDeletePlugin', $data);
5044 * Admin::action_pluginup()
5049 static private function action_pluginup()
5051 global $member, $manager, $CONF;
5054 $member->isAdmin() or self::disallow();
5056 $plugid = intGetVar('plugid');
5058 if ( !$manager->pidInstalled($plugid) )
5060 self::error(_ERROR_NOSUCHPLUGIN);
5064 // 1. get old order number
5065 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
5067 // 2. calculate new order number
5068 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
5070 // 3. update plug numbers
5071 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
5072 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
5074 //self::action_pluginlist();
5075 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
5076 redirect($CONF['AdminURL'] . '?action=pluginlist');
5081 * Admin::action_plugindown()
5086 static private function action_plugindown()
5088 global $member, $manager, $CONF;
5091 $member->isAdmin() or self::disallow();
5093 $plugid = intGetVar('plugid');
5094 if ( !$manager->pidInstalled($plugid) )
5096 self::error(_ERROR_NOSUCHPLUGIN);
5100 // 1. get old order number
5101 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
5103 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
5104 $maxOrder = $res->rowCount();
5106 // 2. calculate new order number
5107 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
5109 // 3. update plug numbers
5110 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
5111 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
5113 //self::action_pluginlist();
5114 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
5115 redirect($CONF['AdminURL'] . '?action=pluginlist');
5120 * Admin::action_pluginoptions()
5122 * Output Plugin option page
5125 * @param string $message message when fallbacked
5129 static private function action_pluginoptions($message = '')
5131 global $member, $manager;
5134 $member->isAdmin() or self::disallow();
5136 $pid = intRequestVar('plugid');
5137 if ( !$manager->pidInstalled($pid) )
5139 self::error(_ERROR_NOSUCHPLUGIN);
5143 if ( isset($message) )
5145 self::$headMess = $message;
5147 $plugname = $manager->getPluginNameFromPid($pid);
5148 $plugin = $manager->getPlugin($plugname);
5149 self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
5151 self::$skin->parse('pluginoptions');
5156 * Admin::action_pluginoptionsupdate()
5158 * Update plugin options and fallback to plugin option page
5164 static private function action_pluginoptionsupdate()
5166 global $member, $manager;
5169 $member->isAdmin() or self::disallow();
5171 $pid = intRequestVar('plugid');
5173 if ( !$manager->pidInstalled($pid) )
5175 self::error(_ERROR_NOSUCHPLUGIN);
5179 $aOptions = requestArray('plugoption');
5180 NucleusPlugin::apply_plugin_options($aOptions);
5183 'context' => 'global',
5186 $manager->notify('PostPluginOptionsUpdate', $data);
5188 self::action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
5193 * Admin::skineditgeneral()
5195 * @param integer $skinid
5196 * @param string $handler
5197 * @return string empty or message if failed
5199 static private function skineditgeneral($skinid, $handler='')
5203 $name = postVar('name');
5204 $desc = postVar('desc');
5205 $type = postVar('type');
5206 $inc_mode = postVar('inc_mode');
5207 $inc_prefix = postVar('inc_prefix');
5209 $skin =& $manager->getSkin($skinid, $handler);
5212 if ( !isValidSkinName($name) )
5214 return _ERROR_BADSKINNAME;
5217 if ( ($skin->getName() != $name) && SKIN::exists($name) )
5219 return _ERROR_DUPSKINNAME;
5224 $type = 'text/html';
5229 $inc_mode = 'normal';
5232 // 2. Update description
5233 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
5238 * Admin::skindeleteconfirm()
5240 * @param integer $skinid
5243 static private function skindeleteconfirm($skinid)
5247 if ( !in_array(self::$action, self::$adminskin_actions) )
5249 $event_identifier = 'Skin';
5253 $event_identifier = 'AdminSkin';
5256 $data = array('skinid' => $skinid);
5257 $manager->notify("PreDelete{$event_identifier}", $data);
5259 // 1. delete description
5260 $query = "DELETE FROM %s WHERE sdnumber=%d;";
5261 $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid);
5262 DB::execute($query);
5265 $query = "DELETE FROM %s WHERE sdesc=%d;";
5266 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
5267 DB::execute($query);
5269 $manager->notify("PostDelete{$event_identifier}", $data);
5275 * Admin::skinremovetypeconfirm()
5277 * @param integer $skinid
5278 * @param string $skintype
5279 * @return string empty or message if failed
5281 static private function skinremovetypeconfirm($skinid, $skintype)
5285 if ( !in_array(self::$action, self::$adminskin_actions) )
5287 $event_identifier = 'Skin';
5291 $event_identifier = 'AdminSkin';
5294 if ( !isValidShortName($skintype) )
5296 return _ERROR_SKIN_PARTS_SPECIAL_DELETE;
5300 'skinid' => $skinid,
5301 'skintype' => $skintype
5303 $manager->notify("PreDelete{$event_identifier}Part", $data);
5306 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype = %s;';
5307 $query = sprintf($query, sql_table('skin'), (integer) $skinid, DB::quoteValue($skintype) );
5308 DB::execute($query);
5311 'skinid' => $skinid,
5312 'skintype' => $skintype
5314 $manager->notify("PostDelete{$event_identifier}Part", $data);
5320 * Admin::skinclone()
5322 * @param integer $skinid
5323 * @param string $handler
5326 static private function skinclone($skinid, $handler='')
5330 // 1. read skin to clone
5331 $skin =& $manager->getSkin($skinid, $handler);
5332 $name = "{$skin->getName()}_clone";
5334 // if a skin with that name already exists:
5335 if ( Skin::exists($name) )
5338 while ( Skin::exists($name . $i) )
5345 // 2. create skin desc
5346 $newid = Skin::createNew(
5348 $skin->getDescription(),
5349 $skin->getContentType(),
5350 $skin->getIncludeMode(),
5351 $skin->getIncludePrefix()
5355 $query = "SELECT stype FROM %s WHERE sdesc=%d;";
5356 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
5358 $res = DB::getResult($query);
5359 foreach ( $res as $row )
5361 $content = $skin->getContentFromDB($row['stype']);
5364 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, %s, %s)";
5365 $query = sprintf($query, sql_table('skin'), (integer) $newid, DB::quoteValue($content), DB::quoteValue($row['stype']));
5366 DB::execute($query);
5373 * Admin::skinieimport()
5375 * @param string $mode
5376 * @param string $skinFileRaw
5377 * @return string empty or message if failed
5379 static private function skinieimport($mode, $skinFileRaw)
5381 global $DIR_LIBS, $DIR_SKINS;
5383 // load skinie class
5384 include_once($DIR_LIBS . 'skinie.php');
5386 $importer = new SkinImport();
5388 // get full filename
5389 if ( $mode == 'file' )
5391 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
5395 $skinFile = $skinFileRaw;
5398 // read only metadata
5399 $error = $importer->readFile($skinFile, 1);
5406 self::$contents['mode'] = $mode;
5407 self::$contents['skinfile'] = $skinFileRaw;
5408 self::$contents['skininfo'] = $importer->getInfo();
5409 self::$contents['skinnames'] = $importer->getSkinNames();
5410 self::$contents['tpltnames'] = $importer->getTemplateNames();
5413 $skinNameClashes = $importer->checkSkinNameClashes();
5414 $templateNameClashes = $importer->checkTemplateNameClashes();
5415 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
5417 self::$contents['skinclashes'] = $skinNameClashes;
5418 self::$contents['tpltclashes'] = $templateNameClashes;
5419 self::$contents['nameclashes'] = $hasNameClashes ? 1 : 0;
5426 * Admin::skinieedoimport()
5428 * @param string $mode
5429 * @param string $skinFileRaw
5430 * @param boolean $allowOverwrite
5431 * @return string empty or message if failed
5433 static private function skiniedoimport($mode, $skinFileRaw, $allowOverwrite)
5435 global $DIR_LIBS, $DIR_SKINS;
5437 // load skinie class
5438 include_once($DIR_LIBS . 'skinie.php');
5440 $importer = new SkinImport();
5442 // get full filename
5443 if ( $mode == 'file' )
5445 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
5449 $skinFile = $skinFileRaw;
5452 $error = $importer->readFile($skinFile);
5459 $error = $importer->writeToDatabase($allowOverwrite);
5466 self::$contents['mode'] = $mode;
5467 self::$contents['skinfile'] = $skinFileRaw;
5468 self::$contents['skininfo'] = $importer->getInfo();
5469 self::$contents['skinnames'] = $importer->getSkinNames();
5470 self::$contents['tpltnames'] = $importer->getTemplateNames();
5477 * Admin::skinieexport()
5479 * @param array $aSkins
5480 * @param array $aTemplates
5481 * @param string $info
5484 static private function skinieexport($aSkins, $aTemplates, $info)
5488 // load skinie class
5489 include_once($DIR_LIBS . 'skinie.php');
5491 if ( !is_array($aSkins) )
5496 if (!is_array($aTemplates))
5498 $aTemplates = array();
5501 $skinList = array_keys($aSkins);
5502 $templateList = array_keys($aTemplates);
5504 $exporter = new SkinExport();
5505 foreach ( $skinList as $skinId )
5507 $exporter->addSkin($skinId);
5509 foreach ( $templateList as $templateId )
5511 $exporter->addTemplate($templateId);
5513 $exporter->setInfo($info);
5514 $exporter->export();
5520 * Admin::action_parseSpecialskin()
5525 static private function action_parseSpecialskin()
5527 self::$skin->parse(self::$action);