3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
4 * Copyright (C) 2002-2012 The Nucleus Group
\r
6 * This program is free software; you can redistribute it and/or
\r
7 * modify it under the terms of the GNU General Public License
\r
8 * as published by the Free Software Foundation; either version 2
\r
9 * of the License, or (at your option) any later version.
\r
10 * (see nucleus/documentation/index.html#license for more info)
\r
13 * The code for the Nucleus admin area
\r
15 * @license http://nucleuscms.org/license.txt GNU General Public License
\r
16 * @copyright Copyright (C) 2002-2012 The Nucleus Group
\r
17 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
\r
20 if ( !function_exists('requestVar') ) exit;
\r
21 require_once dirname(__FILE__) . '/showlist.php';
\r
25 static private $xml_version_info = '1.0';
\r
26 static private $formal_public_identifier = '-//W3C//DTD XHTML 1.0 Strict//EN';
\r
27 static private $system_identifier = 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd';
\r
28 static private $xhtml_namespace = 'http://www.w3.org/1999/xhtml';
\r
30 static public $headMess;
\r
32 static private $action;
\r
33 static private $skin;
\r
34 static private $passvar;
\r
35 static private $aOptions;
\r
37 static public $extrahead;
\r
38 static public $blog;
\r
39 static public $contents;
\r
42 * Admin::$edit_actions
\r
44 static private $edit_actions = array(
\r
45 'adminskinoverview',
\r
46 'adminskinieoverview',
\r
47 'adminskinedittype',
\r
48 'adminskinremovetype',
\r
51 'adminskinieimport',
\r
52 'adminskiniedoimport',
\r
53 'admintemplateedit',
\r
54 'admintemplateoverview',
\r
55 'admintemplatedelete'
\r
59 * Admin::$skinless_actions
\r
61 static private $skinless_actions = array(
\r
62 'plugindeleteconfirm',
\r
63 'pluginoptionsupdate',
\r
64 'skinremovetypeconfirm',
\r
66 'skindeleteconfirm',
\r
72 'templatedeleteconfirm',
\r
75 'adminskinremovetypeconfirm',
\r
77 'adminskindeleteconfirm',
\r
79 'adminskineditgeneral',
\r
80 'adminskinieexport',
\r
82 'admintemplateupdate',
\r
83 'admintemplatedeleteconfirm',
\r
85 'admintemplateclone',
\r
86 'blogsettingsupdate',
\r
90 'itemdeleteconfirm',
\r
92 'changemembersettings',
\r
97 static private $actions_needless_to_check = array(
\r
108 'editmembersettings',
\r
111 'browseowncomments',
\r
125 'templateoverview',
\r
130 'banlistnewfromitem',
\r
152 static public function initialize()
\r
154 global $CONF, $DIR_LIBS, $manager, $member;
\r
156 /* NOTE: 1. decide which skinid to use */
\r
157 $skinid = $CONF['AdminSkin'];
\r
159 * NOTE: this is temporary escaped because not implemented yet*/
\r
160 if (isset($member) && $member->isLoggedIn())
\r
162 $memskin = $member->getAdminSkin();
\r
165 $skinid = $memskin;
\r
169 /* NOTE: 2. make an instance of skin object */
\r
170 if ( !Skin::existsID($skinid) )
\r
175 /* NOTE: 3. initializing each members */
\r
176 self::$skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
\r
177 self::$action = '';
\r
178 self::$extrahead = '';
\r
179 self::$passvar = '';
\r
180 self::$headMess = '';
\r
181 self::$aOptions = '';
\r
187 * Executes an action
\r
189 * @param string $action action to be performed
\r
192 static public function action($action)
\r
194 global $CONF, $DIR_LIBS, $manager, $member;
\r
196 /* 1. decide action name */
\r
197 $customAction = postvar('customaction');
\r
198 if ( !empty($customAction) )
\r
201 'login' => $customAction,
\r
202 '' => $customAction
\r
208 'login' => 'overview',
\r
212 if ( array_key_exists($action, $alias) && isset($alias[$action]) )
\r
214 $action = $alias[$action];
\r
216 $methodName = "action_{$action}";
\r
217 self::$action = strtolower($action);
\r
219 /* 2. check the action */
\r
220 $synonimActions = array(
\r
221 'banlistnewfromitem',
\r
225 $allowActions = array_merge($synonimActions, self::$skinless_actions);
\r
226 $aActionsNotToCheck = array_merge(self::$actions_needless_to_check, self::$edit_actions, $allowActions);
\r
227 if ( !in_array(self::$action, $aActionsNotToCheck) && !self::existsSkinContents($action) )
\r
229 if (!$manager->checkTicket())
\r
231 self::error(_ERROR_BADTICKET);
\r
235 /* 3. parse according to the action */
\r
236 if ( !method_exists('Admin', $methodName) && !in_array(self::$action, $allowActions) && self::existsSkinContents($action) )
\r
238 /* TODO: what is this?
\r
239 self::action_parseSpecialskin();
\r
242 elseif ( method_exists('Admin', $methodName) )
\r
244 call_user_func(array(__CLASS__, $methodName));
\r
246 else if ( self::existsSkinContents('adminerrorpage') )
\r
248 self::error(_BADACTION . ENTITY::hsc($action));
\r
250 elseif ( $id != $CONF['AdminSkin'] )
\r
252 self::$skin =& $manager->getSkin($CONF['AdminSkin'], 'AdminActions');
\r
253 if ( self::$skin && self::existsSkinContents('adminerrorpage') )
\r
255 self::error(_BADACTION . ENTITY::hsc($action));
\r
260 self::error(_BADACTION . ENTITY::hsc($action));
\r
266 * Action::existsSkinContents()
\r
267 * Check skin contents
\r
269 * @param string $action action type
\r
272 static private function existsSkinContents($action)
\r
274 $in_array = in_array($action, self::$skinless_actions);
\r
282 $query = "SELECT scontent as result FROM %s WHERE sdesc=%d AND stype=%s";
\r
283 /* TODO: skinid should be a default */
\r
284 if ( !is_object(self::$skin) )
\r
287 return DB::getValue(sprintf($query, sql_table('skin'), $CONF['AdminSkin'], DB::quoteValue($action)));
\r
291 return DB::getValue(sprintf($query, sql_table('skin'), self::$skin->getID(), DB::quoteValue($action)));
\r
298 * Action::specialActionsAllow()
\r
299 * Check exists specialskinparts
\r
301 * @param string $action action type
\r
304 static private function specialActionsAllow($action)
\r
306 $query = "SELECT sdesc as result FROM %s WHERE sdesc = %d AND stype = %s";
\r
307 $query = sprintf($query, sql_table('skin'), (integer) self::$skin->id, DB::quoteValue($action));
\r
308 return DB::getValue($query);
\r
312 * Action::action_showlogin()
\r
317 static private function action_showlogin()
\r
320 self::action_login($error);
\r
325 * Action::action_login()
\r
327 * @param string $msg message for pageheader
\r
328 * @param integer $passvars ???
\r
330 static private function action_login($msg = '', $passvars = 1)
\r
334 // skip to overview when allowed
\r
335 if ( $member->isLoggedIn() && $member->canLogin() )
\r
337 self::action_overview();
\r
341 /* TODO: needless variable??? */
\r
342 self::$passvar = $passvars;
\r
345 self::$headMess = $msg;
\r
348 self::$skin->parse('showlogin');
\r
352 * Action::action_overview()
\r
353 * provides a screen with the overview of the actions available
\r
355 * @param string $msg message for pageheader
\r
358 static private function action_overview($msg = '')
\r
362 self::$headMess = $msg;
\r
365 self::$skin->parse('overview');
\r
370 * Admin::action_manage()
\r
372 * @param string $msg message for pageheader
\r
375 static private function action_manage($msg = '')
\r
381 self::$headMess = $msg;
\r
383 $member->isAdmin() or self::disallow();
\r
385 self::$skin->parse('manage');
\r
390 * Action::action_itemlist()
\r
392 * @param integer id for weblod
\r
395 static private function action_itemlist($blogid = '')
\r
397 global $member, $manager, $CONF;
\r
399 if ( $blogid == '' )
\r
401 $blogid = intRequestVar('blogid');
\r
404 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
\r
406 self::$skin->parse('itemlist');
\r
411 * Action::action_batchitem()
\r
416 static private function action_batchitem()
\r
418 global $member, $manager;
\r
420 $member->isLoggedIn() or self::disallow();
\r
422 $selected = requestIntArray('batch');
\r
423 $action = requestVar('batchaction');
\r
425 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
427 self::error(_BATCH_NOSELECTION);
\r
430 // On move: when no destination blog/category chosen, show choice now
\r
431 $destCatid = intRequestVar('destcatid');
\r
432 if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
\r
434 self::batchMoveSelectDestination('item', $selected);
\r
437 // On delete: check if confirmation has been given
\r
438 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
440 self::batchAskDeleteConfirmation('item', $selected);
\r
443 self::$skin->parse('batchitem');
\r
448 * Action::action_batchcomment()
\r
453 static private function action_batchcomment()
\r
457 $member->isLoggedIn() or self::disallow();
\r
459 $selected = requestIntArray('batch');
\r
460 $action = requestVar('batchaction');
\r
462 // Show error when no items were selected
\r
463 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
465 self::error(_BATCH_NOSELECTION);
\r
468 // On delete: check if confirmation has been given
\r
469 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
471 self::batchAskDeleteConfirmation('comment', $selected);
\r
474 self::$skin->parse('batchcomment');
\r
479 * Admin::setAdminAction()
\r
481 * @param string $action
\r
484 static public function setAdminAction($action)
\r
486 self::$action = $action;
\r
491 * Admin::action_batchmember()
\r
496 static private function action_batchmember()
\r
500 ($member->isLoggedIn() && $member->isAdmin()) or self::disallow();
\r
502 $selected = requestIntArray('batch');
\r
503 $action = requestVar('batchaction');
\r
505 // Show error when no members selected
\r
506 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
508 self::error(_BATCH_NOSELECTION);
\r
511 // On delete: check if confirmation has been given
\r
512 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
514 self::batchAskDeleteConfirmation('member',$selected);
\r
517 self::$skin->parse('batchmember');
\r
522 * Admin::action_batchteam()
\r
527 static private function action_batchteam()
\r
531 $blogid = intRequestVar('blogid');
\r
533 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or self::disallow();
\r
535 $selected = requestIntArray('batch');
\r
536 $action = requestVar('batchaction');
\r
538 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
540 self::error(_BATCH_NOSELECTION);
\r
543 // On delete: check if confirmation has been given
\r
544 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
546 self::batchAskDeleteConfirmation('team',$selected);
\r
549 self::$skin->parse('batchteam');
\r
554 * Admin::action_batchcategory()
\r
559 static private function action_batchcategory()
\r
561 global $member, $manager;
\r
563 $member->isLoggedIn() or self::disallow();
\r
565 $selected = requestIntArray('batch');
\r
566 $action = requestVar('batchaction');
\r
568 if ( !is_array($selected) || sizeof($selected) == 0 )
\r
570 self::error(_BATCH_NOSELECTION);
\r
573 // On move: when no destination blog chosen, show choice now
\r
574 $destBlogId = intRequestVar('destblogid');
\r
575 if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
\r
577 self::batchMoveCategorySelectDestination('category', $selected);
\r
580 // On delete: check if confirmation has been given
\r
581 if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
\r
583 self::batchAskDeleteConfirmation('category', $selected);
\r
586 self::$skin->parse('batchcategory');
\r
591 * Admin::batchMoveSelectDestination()
\r
593 * @param string $type type of batch action
\r
594 * @param integer $ids needless???
\r
597 * TODO: remove needless argument
\r
599 static private function batchMoveSelectDestination($type, $ids)
\r
601 $_POST['batchmove'] = $type;
\r
602 self::$skin->parse('batchmove');
\r
607 * Admin::batchMoveCategorySelectDestination()
\r
609 * @param string $type type of batch action
\r
610 * @param integer $ids needless???
\r
613 * TODO: remove needless argument
\r
615 static private function batchMoveCategorySelectDestination($type, $ids)
\r
617 $_POST['batchmove'] = $type;
\r
619 self::$skin->parse('batchmovecat');
\r
624 * Admin::batchAskDeleteConfirmation()
\r
626 * @param string $type type of batch action
\r
627 * @param integer $ids needless???
\r
630 * TODO: remove needless argument
\r
632 static private function batchAskDeleteConfirmation($type, $ids)
\r
634 self::$skin->parse('batchdelete');
\r
639 * Admin::action_browseownitems()
\r
644 static private function action_browseownitems()
\r
646 global $member, $manager, $CONF;
\r
648 self::$skin->parse('browseownitems');
\r
653 * Admin::action_itemcommentlist()
\r
654 * Show all the comments for a given item
\r
656 * @param integer $itemid ID for item
\r
659 static private function action_itemcommentlist($itemid = '')
\r
661 global $member, $manager, $CONF;
\r
663 if ( $itemid == '' )
\r
665 $itemid = intRequestVar('itemid');
\r
668 // only allow if user is allowed to alter item
\r
669 $member->canAlterItem($itemid) or self::disallow();
\r
671 $item =& $manager->getItem($itemid, 1, 1);
\r
672 $_REQUEST['itemid'] = $item['itemid'];
\r
673 $_REQUEST['blogid'] = $item['blogid'];
\r
675 self::$skin->parse('itemcommentlist');
\r
680 * Admin::action_browseowncomments()
\r
681 * Browse own comments
\r
686 static private function action_browseowncomments()
\r
688 self::$skin->parse('browseowncomments');
\r
693 * Admin::action_blogcommentlist()
\r
694 * Browse all comments for a weblog
\r
696 * @param integer $blogid ID for weblog
\r
699 static private function action_blogcommentlist($blogid = '')
\r
701 global $member, $manager, $CONF;
\r
703 if ( $blogid == '' )
\r
705 $blogid = intRequestVar('blogid');
\r
709 $blogid = intval($blogid);
\r
712 $member->teamRights($blogid) or $member->isAdmin() or self::disallow();
\r
714 /* TODO: we consider to use the other way insterad of this */
\r
715 $_REQUEST['blogid'] = $blogid;
\r
717 self::$skin->parse('blogcommentlist');
\r
722 * Admin::action_createaccount()
\r
727 static private function action_createaccount()
\r
731 if ( $CONF['AllowMemberCreate'] != 1 )
\r
733 self::$skin->parse('createaccountdisable');
\r
749 if ( array_key_exists('showform', $_POST) && $_POST['showform'] == 1 )
\r
751 $action = new Action();
\r
752 $message = $action->createAccount();
\r
753 if ( $message === 1 )
\r
755 self::$headMess = $message;
\r
756 self::$skin->parse('createaccountsuccess');
\r
760 /* TODO: validation */
\r
761 if ( array_key_exists('name', $_POST) )
\r
763 $contents['name'] = $_POST['name'];
\r
765 if ( array_key_exists('realname', $_POST) )
\r
767 $contents['realname'] = $_POST['realname'];
\r
769 if ( array_key_exists('email', $_POST) )
\r
771 $contents['email'] = $_POST['email'];
\r
773 if ( array_key_exists('url', $_POST) )
\r
775 $contents['url'] = $_POST['url'];
\r
778 self::$contents = $contents;
\r
782 self::$skin->parse('createaccountinput');
\r
787 * Admin::action_createitem()
\r
788 * Provide a page to item a new item to the given blog
\r
793 static private function action_createitem()
\r
795 global $member, $manager;
\r
797 $blogid = intRequestVar('blogid');
\r
799 // check if allowed
\r
800 $member->teamRights($blogid) or self::disallow();
\r
802 $blog =& $manager->getBlog($blogid);
\r
803 $contents = array();
\r
807 'contents' => &$contents
\r
809 $manager->notify('PreAddItemForm', $data);
\r
811 if ( $blog->convertBreaks() )
\r
813 if ( array_key_exists('body', $contents) && !empty($contents['body']) )
\r
815 $contents['body'] = removeBreaks($contents['body']);
\r
817 if ( array_key_exists('more', $contents) && !empty($contents['more']) )
\r
819 $contents['more'] = removeBreaks($contents['more']);
\r
823 self::$blog = &$blog;
\r
824 self::$contents = &$contents;
\r
826 self::$skin->parse('createitem');
\r
831 * Admin::action_itemedit()
\r
836 static private function action_itemedit()
\r
838 global $member, $manager;
\r
840 $itemid = intRequestVar('itemid');
\r
842 // only allow if user is allowed to alter item
\r
843 $member->canAlterItem($itemid) or self::disallow();
\r
845 $item =& $manager->getItem($itemid, 1, 1);
\r
846 $blog =& $manager->getBlog($item['blogid']);
\r
847 $manager->notify('PrepareItemForEdit', array('blog'=> &$blog, 'item' => &$item));
\r
849 if ( $blog->convertBreaks() )
\r
851 if ( array_key_exists('body', $item) && !empty($item['body']) )
\r
853 $item['body'] = removeBreaks($item['body']);
\r
855 if ( array_key_exists('more', $item) && !empty($item['more']) )
\r
857 $item['more'] = removeBreaks($item['more']);
\r
861 self::$blog = &$blog;
\r
862 self::$contents = &$item;
\r
864 self::$skin->parse('itemedit');
\r
869 * Admin::action_itemupdate()
\r
874 static private function action_itemupdate()
\r
876 global $member, $manager, $CONF;
\r
878 $itemid = intRequestVar('itemid');
\r
879 $catid = postVar('catid');
\r
881 // only allow if user is allowed to alter item
\r
882 $member->canUpdateItem($itemid, $catid) or self::disallow();
\r
884 $actiontype = postVar('actiontype');
\r
886 // delete actions are handled by itemdelete (which has confirmation)
\r
887 if ( $actiontype == 'delete' )
\r
889 self::action_itemdelete();
\r
893 $body = postVar('body');
\r
894 $title = postVar('title');
\r
895 $more = postVar('more');
\r
896 $closed = intPostVar('closed');
\r
897 $draftid = intPostVar('draftid');
\r
899 // default action = add now
\r
900 if ( !$actiontype )
\r
902 $actiontype='addnow';
\r
905 // create new category if needed
\r
906 if ( i18n::strpos($catid,'newcat') === 0 )
\r
909 list($blogid) = sscanf($catid,"newcat-%d");
\r
912 $blog =& $manager->getBlog($blogid);
\r
913 $catid = $blog->createNewCategory();
\r
915 // show error when sth goes wrong
\r
918 self::doError(_ERROR_CATCREATEFAIL);
\r
923 * set some variables based on actiontype
\r
926 * draft items -> addnow, addfuture, adddraft, delete
\r
927 * non-draft items -> edit, changedate, delete
\r
930 * $timestamp: set to a nonzero value for future dates or date changes
\r
931 * $wasdraft: set to 1 when the item used to be a draft item
\r
932 * $publish: set to 1 when the edited item is not a draft
\r
934 $blogid = getBlogIDFromItemID($itemid);
\r
935 $blog =& $manager->getBlog($blogid);
\r
937 $wasdrafts = array('adddraft', 'addfuture', 'addnow');
\r
938 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
\r
939 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
\r
940 if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
\r
942 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
\r
949 // edit the item for real
\r
950 Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
\r
952 self::updateFuturePosted($blogid);
\r
954 if ( $draftid > 0 )
\r
956 // delete permission is checked inside Item::delete()
\r
957 Item::delete($draftid);
\r
960 if ( $catid != intPostVar('catid') )
\r
962 self::action_categoryedit(
\r
965 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
\r
970 // TODO: set start item correctly for itemlist
\r
971 $item =& $manager->getitem($itemid, 1, 1);
\r
972 $query = "SELECT COUNT(*) FROM %s WHERE unix_timestamp(itime) <= '%s';";
\r
973 $query = sprintf($query, sql_table('item'), $item['timestamp']);
\r
974 $cnt = DB::getValue($query);
\r
975 $_REQUEST['start'] = $cnt + 1;
\r
976 self::action_itemlist(getBlogIDFromItemID($itemid));
\r
982 * Admin::action_itemdelete()
\r
988 static private function action_itemdelete()
\r
990 global $member, $manager;
\r
992 $itemid = intRequestVar('itemid');
\r
994 // only allow if user is allowed to alter item
\r
995 $member->canAlterItem($itemid) or self::disallow();
\r
997 if ( !$manager->existsItem($itemid,1,1) )
\r
999 self::error(_ERROR_NOSUCHITEM);
\r
1002 self::$skin->parse('itemdelete');
\r
1007 * Admin::action_itemdeleteconfirm()
\r
1012 static private function action_itemdeleteconfirm()
\r
1014 global $member, $manager;
\r
1016 $itemid = intRequestVar('itemid');
\r
1018 // only allow if user is allowed to alter item
\r
1019 $member->canAlterItem($itemid) or self::disallow();
\r
1022 $item =& $manager->getItem($itemid, 1, 1);
\r
1024 // delete item (note: some checks will be performed twice)
\r
1025 self::deleteOneItem($item['itemid']);
\r
1027 self::action_itemlist($item['blogid']);
\r
1032 * Admin::deleteOneItem()
\r
1033 * Deletes one item and returns error if something goes wrong
\r
1035 * @param integer $itemid ID for item
\r
1038 static public function deleteOneItem($itemid)
\r
1040 global $member, $manager;
\r
1042 // only allow if user is allowed to alter item (also checks if itemid exists)
\r
1043 if ( !$member->canAlterItem($itemid) )
\r
1045 return _ERROR_DISALLOWED;
\r
1048 // need to get blogid before the item is deleted
\r
1049 $item =& $manager->getItem($itemid, 1, 1);
\r
1051 $manager->loadClass('ITEM');
\r
1052 Item::delete($item['itemid']);
\r
1054 // update blog's futureposted
\r
1055 self::updateFuturePosted($item['itemid']);
\r
1060 * Admin::updateFuturePosted()
\r
1061 * Update a blog's future posted flag
\r
1063 * @param integer $blogid
\r
1066 static private function updateFuturePosted($blogid)
\r
1070 $blogid = intval($blogid);
\r
1071 $blog =& $manager->getBlog($blogid);
\r
1072 $currenttime = $blog->getCorrectTime(time());
\r
1074 $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
\r
1075 $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
\r
1076 $result = DB::getResult($query);
\r
1078 if ( $result->rowCount() > 0 )
\r
1080 $blog->setFuturePost();
\r
1084 $blog->clearFuturePost();
\r
1090 * Admin::action_itemmove()
\r
1095 static private function action_itemmove()
\r
1097 global $member, $manager;
\r
1099 $itemid = intRequestVar('itemid');
\r
1101 $member->canAlterItem($itemid) or self::disallow();
\r
1103 self::$skin->parse('itemmove');
\r
1108 * Admin::action_itemmoveto()
\r
1113 static private function action_itemmoveto()
\r
1115 global $member, $manager;
\r
1117 $itemid = intRequestVar('itemid');
\r
1118 $catid = requestVar('catid');
\r
1120 // create new category if needed
\r
1121 if ( i18n::strpos($catid,'newcat') === 0 )
\r
1124 list($blogid) = sscanf($catid,'newcat-%d');
\r
1127 $blog =& $manager->getBlog($blogid);
\r
1128 $catid = $blog->createNewCategory();
\r
1130 // show error when sth goes wrong
\r
1133 self::doError(_ERROR_CATCREATEFAIL);
\r
1137 // only allow if user is allowed to alter item
\r
1138 $member->canUpdateItem($itemid, $catid) or self::disallow();
\r
1140 $old_blogid = getBlogIDFromItemId($itemid);
\r
1142 Item::move($itemid, $catid);
\r
1144 // set the futurePosted flag on the blog
\r
1145 self::updateFuturePosted(getBlogIDFromItemId($itemid));
\r
1147 // reset the futurePosted in case the item is moved from one blog to another
\r
1148 self::updateFuturePosted($old_blogid);
\r
1150 if ( $catid != intRequestVar('catid') )
\r
1152 self::action_categoryedit($catid, $blog->getID());
\r
1156 self::action_itemlist(getBlogIDFromCatID($catid));
\r
1162 * Admin::moveOneItem()
\r
1163 * Moves one item to a given category (category existance should be checked by caller)
\r
1164 * errors are returned
\r
1166 * @param integer $itemid ID for item
\r
1167 * @param integer $destCatid ID for category to which the item will be moved
\r
1170 static public function moveOneItem($itemid, $destCatid)
\r
1174 // only allow if user is allowed to move item
\r
1175 if ( !$member->canUpdateItem($itemid, $destCatid) )
\r
1177 return _ERROR_DISALLOWED;
\r
1180 Item::move($itemid, $destCatid);
\r
1185 * Admin::action_additem()
\r
1186 * Adds a item to the chosen blog
\r
1191 static private function action_additem()
\r
1193 global $manager, $CONF;
\r
1195 $manager->loadClass('ITEM');
\r
1197 $result = Item::createFromRequest();
\r
1199 if ( $result['status'] == 'error' )
\r
1201 self::error($result['message']);
\r
1204 $item =& $manager->getItem($result['itemid'], 0, 0);
\r
1206 if ( $result['status'] == 'newcategory' )
\r
1208 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . $item['blogid']);
\r
1209 self::action_categoryedit($result['catid'], $item['blogid'], $distURI);
\r
1213 $methodName = 'action_itemlist';
\r
1214 self::action_itemlist($item['blogid']);
\r
1220 * Admin::action_commentedit()
\r
1221 * Allows to edit previously made comments
\r
1226 static private function action_commentedit()
\r
1228 global $member, $manager;
\r
1230 $commentid = intRequestVar('commentid');
\r
1232 $member->canAlterComment($commentid) or self::disallow();
\r
1234 $comment = COMMENT::getComment($commentid);
\r
1235 $manager->notify('PrepareCommentForEdit', array('comment' => &$comment));
\r
1237 Admin::$contents = $comment;
\r
1238 self::$skin->parse('commentedit');
\r
1243 * Admin::action_commentupdate()
\r
1248 static private function action_commentupdate()
\r
1250 global $member, $manager;
\r
1252 $commentid = intRequestVar('commentid');
\r
1254 $member->canAlterComment($commentid) or self::disallow();
\r
1256 $url = postVar('url');
\r
1257 $email = postVar('email');
\r
1258 $body = postVar('body');
\r
1260 // intercept words that are too long
\r
1261 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
\r
1263 self::error(_ERROR_COMMENT_LONGWORD);
\r
1267 if ( i18n::strlen($body) < 3 )
\r
1269 self::error(_ERROR_COMMENT_NOCOMMENT);
\r
1272 if ( i18n::strlen($body) > 5000 )
\r
1274 self::error(_ERROR_COMMENT_TOOLONG);
\r
1278 $body = Comment::prepareBody($body);
\r
1284 $manager->notify('PreUpdateComment', $data);
\r
1286 $query = "UPDATE %s SET cmail=%s, cemail=%s, cbody=%s WHERE cnumber=%d;";
\r
1287 $query = sprintf($query, sql_table('comment'), DB::quoteValue($url), DB::quoteValue($email), DB::quoteValue($body), (integer) $commentid);
\r
1288 DB::execute($query);
\r
1291 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
\r
1292 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
\r
1294 $itemid = DB::getValue($query);
\r
1296 if ( $member->canAlterItem($itemid) )
\r
1298 self::action_itemcommentlist($itemid);
\r
1302 self::action_browseowncomments();
\r
1308 * Admin::action_commentdelete()
\r
1314 static private function action_commentdelete()
\r
1316 global $member, $manager;
\r
1318 $commentid = intRequestVar('commentid');
\r
1319 $member->canAlterComment($commentid) or self::disallow();
\r
1321 self::$skin->parse('commentdelete');
\r
1326 * Admin::action_commentdeleteconfirm()
\r
1331 static private function action_commentdeleteconfirm()
\r
1335 $commentid = intRequestVar('commentid');
\r
1337 // get item id first
\r
1338 $query = "SELECT citem FROM %s WHERE cnumber=%d;";
\r
1339 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
\r
1341 $itemid = DB::getValue($query);
\r
1343 $error = self::deleteOneComment($commentid);
\r
1346 self::doError($error);
\r
1349 if ( $member->canAlterItem($itemid) )
\r
1351 self::action_itemcommentlist($itemid);
\r
1355 self::action_browseowncomments();
\r
1361 * Admin::deleteOneComment()
\r
1363 * @param integer $commentid ID for comment
\r
1366 static public function deleteOneComment($commentid)
\r
1368 global $member, $manager;
\r
1370 $commentid = (integer) $commentid;
\r
1372 if ( !$member->canAlterComment($commentid) )
\r
1374 return _ERROR_DISALLOWED;
\r
1378 'commentid' => $commentid
\r
1381 $manager->notify('PreDeleteComment', $data);
\r
1383 // delete the comments associated with the item
\r
1384 $query = "DELETE FROM %s WHERE cnumber=%d;";
\r
1385 $query = sprintf($query, sql_table('comment'), (integer) $commentid);
\r
1386 DB::execute($query);
\r
1389 'commentid' => $commentid
\r
1392 $manager->notify('PostDeleteComment', $data);
\r
1398 * Admin::action_usermanagement()
\r
1399 * Usermanagement main
\r
1404 static private function action_usermanagement()
\r
1406 global $member, $manager;
\r
1408 // check if allowed
\r
1409 $member->isAdmin() or self::disallow();
\r
1411 self::$skin->parse('usermanagement');
\r
1416 * Admin::action_memberedit()
\r
1417 * Edit member settings
\r
1422 static private function action_memberedit()
\r
1424 self::action_editmembersettings(intRequestVar('memberid'));
\r
1429 * Admin::action_editmembersettings()
\r
1431 * @param integer $memberid ID for member
\r
1435 static private function action_editmembersettings($memberid = '')
\r
1437 global $member, $manager, $CONF;
\r
1439 if ( $memberid == '' )
\r
1441 $memberid = $member->getID();
\r
1444 /* TODO: we should consider to use the other way insterad of this */
\r
1445 $_REQUEST['memberid'] = $memberid;
\r
1447 // check if allowed
\r
1448 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
1450 Admin::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
\r
1452 self::$skin->parse('editmembersettings');
\r
1457 * Admin::action_changemembersettings()
\r
1462 static private function action_changemembersettings()
\r
1464 global $member, $CONF, $manager;
\r
1466 $memberid = intRequestVar('memberid');
\r
1468 // check if allowed
\r
1469 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
1471 $name = trim(strip_tags(postVar('name')));
\r
1472 $realname = trim(strip_tags(postVar('realname')));
\r
1473 $password = postVar('password');
\r
1474 $repeatpassword = postVar('repeatpassword');
\r
1475 $email = strip_tags(postVar('email'));
\r
1476 $url = strip_tags(postVar('url'));
\r
1477 $adminskin = intPostVar('adminskin');
\r
1478 $bookmarklet = intPostVar('bookmarklet');
\r
1480 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
\r
1481 if ( !preg_match('#^https?://#', $url) )
\r
1483 $url = 'http://' . $url;
\r
1486 $admin = postVar('admin');
\r
1487 $canlogin = postVar('canlogin');
\r
1488 $notes = strip_tags(postVar('notes'));
\r
1489 $locale = postVar('locale');
\r
1491 $mem =& $manager->getMember($memberid);
\r
1493 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
\r
1495 if ( !isValidDisplayName($name) )
\r
1497 self::error(_ERROR_BADNAME);
\r
1500 if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
\r
1502 self::error(_ERROR_NICKNAMEINUSE);
\r
1505 if ( $password != $repeatpassword )
\r
1507 self::error(_ERROR_PASSWORDMISMATCH);
\r
1510 if ( $password && (i18n::strlen($password) < 6) )
\r
1512 self::error(_ERROR_PASSWORDTOOSHORT);
\r
1521 'password' => $password,
\r
1522 'errormessage' => &$pwderror,
\r
1523 'valid' => &$pwdvalid
\r
1525 $manager->notify('PrePasswordSet', $data);
\r
1529 self::error($pwderror);
\r
1534 if ( !NOTIFICATION::address_validation($email) )
\r
1536 self::error(_ERROR_BADMAILADDRESS);
\r
1540 self::error(_ERROR_REALNAMEMISSING);
\r
1542 if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
\r
1544 self::error(_ERROR_NOSUCHTRANSLATION);
\r
1547 // check if there will remain at least one site member with both the logon and admin rights
\r
1548 // (check occurs when taking away one of these rights from such a member)
\r
1549 if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
\r
1550 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
\r
1553 $r = DB::getResult('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
\r
1554 if ( $r->rowCount() < 2 )
\r
1556 self::error(_ERROR_ATLEASTONEADMIN);
\r
1560 if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
\r
1562 $mem->setDisplayName($name);
\r
1565 $mem->setPassword($password);
\r
1569 $oldEmail = $mem->getEmail();
\r
1571 $mem->setRealName($realname);
\r
1572 $mem->setEmail($email);
\r
1573 $mem->setURL($url);
\r
1574 $mem->setNotes($notes);
\r
1575 $mem->setLocale($locale);
\r
1576 $mem->setAdminSkin($adminskin);
\r
1577 $mem->setBookmarklet($bookmarklet);
\r
1579 // only allow super-admins to make changes to the admin status
\r
1580 if ( $member->isAdmin() )
\r
1582 $mem->setAdmin($admin);
\r
1583 $mem->setCanLogin($canlogin);
\r
1586 $autosave = postVar('autosave');
\r
1587 $mem->setAutosave($autosave);
\r
1591 // store plugin options
\r
1592 $aOptions = requestArray('plugoption');
\r
1593 NucleusPlugin::apply_plugin_options($aOptions);
\r
1595 'context' => 'member',
\r
1596 'memberid' => $memberid,
\r
1599 $manager->notify('PostPluginOptionsUpdate', $data);
\r
1601 // if email changed, generate new password
\r
1602 if ( $oldEmail != $mem->getEmail() )
\r
1604 $mem->sendActivationLink('addresschange', $oldEmail);
\r
1606 $mem->newCookieKey();
\r
1608 // only log out if the member being edited is the current member.
\r
1609 if ( $member->getID() == $memberid )
\r
1611 $member->logout();
\r
1613 self::action_login(_MSG_ACTIVATION_SENT, 0);
\r
1617 if ( ($mem->getID() == $member->getID())
\r
1618 && ($mem->getDisplayName() != $member->getDisplayName()) )
\r
1620 $mem->newCookieKey();
\r
1621 $member->logout();
\r
1622 self::action_login(_MSG_LOGINAGAIN, 0);
\r
1626 self::action_overview(_MSG_SETTINGSCHANGED);
\r
1632 * Admin::action_memberadd()
\r
1638 static private function action_memberadd()
\r
1640 global $member, $manager;
\r
1642 // check if allowed
\r
1643 $member->isAdmin() or self::disallow();
\r
1645 if ( postVar('password') != postVar('repeatpassword') )
\r
1647 self::error(_ERROR_PASSWORDMISMATCH);
\r
1650 if ( i18n::strlen(postVar('password')) < 6 )
\r
1652 self::error(_ERROR_PASSWORDTOOSHORT);
\r
1655 $res = Member::create(
\r
1657 postVar('realname'),
\r
1658 postVar('password'),
\r
1662 postVar('canlogin'),
\r
1668 self::error($res);
\r
1671 // fire PostRegister event
\r
1672 $newmem = new Member();
\r
1673 $newmem->readFromName(postVar('name'));
\r
1675 'member' => &$newmem
\r
1677 $manager->notify('PostRegister', $data);
\r
1679 self::action_usermanagement();
\r
1684 * Admin::action_forgotpassword()
\r
1689 static private function action_forgotpassword()
\r
1691 self::$skin->parse('forgotpassword');
\r
1696 * Admin::action_activate()
\r
1697 * Account activation
\r
1702 static private function action_activate()
\r
1704 $key = getVar('key');
\r
1705 self::showActivationPage($key);
\r
1710 * Admin::showActivationPage()
\r
1715 static private function showActivationPage($key, $message = '')
\r
1719 // clean up old activation keys
\r
1720 Member::cleanupActivationTable();
\r
1722 // get activation info
\r
1723 $info = Member::getActivationInfo($key);
\r
1727 self::error(_ERROR_ACTIVATE);
\r
1730 $mem =& $manager->getMember($info->vmember);
\r
1734 self::error(_ERROR_ACTIVATE);
\r
1737 /* TODO: we should consider to use the other way insterad of this */
\r
1738 $_POST['ackey'] = $key;
\r
1739 $_POST['bNeedsPasswordChange'] = TRUE;
\r
1741 self::$headMess = $message;
\r
1742 self::$skin->parse('activate');
\r
1747 * Admin::action_activatesetpwd()
\r
1748 * Account activation - set password part
\r
1753 static private function action_activatesetpwd()
\r
1756 $key = postVar('key');
\r
1758 // clean up old activation keys
\r
1759 Member::cleanupActivationTable();
\r
1761 // get activation info
\r
1762 $info = Member::getActivationInfo($key);
\r
1764 if ( !$info || ($info->type == 'addresschange') )
\r
1766 return self::showActivationPage($key, _ERROR_ACTIVATE);
\r
1769 $mem =& $manager->getMember($info->vmember);
\r
1773 return self::showActivationPage($key, _ERROR_ACTIVATE);
\r
1776 $password = postVar('password');
\r
1777 $repeatpassword = postVar('repeatpassword');
\r
1779 if ( $password != $repeatpassword )
\r
1781 return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH);
\r
1784 if ( $password && (i18n::strlen($password) < 6) )
\r
1786 return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
\r
1795 'password' => $password,
\r
1796 'errormessage' => &$pwderror,
\r
1797 'valid' => &$pwdvalid
\r
1799 $manager->notify('PrePasswordSet', $data);
\r
1802 return self::showActivationPage($key,$pwderror);
\r
1809 'type' => 'activation',
\r
1811 'error' => &$error
\r
1813 $manager->notify('ValidateForm', $data);
\r
1814 if ( $error != '' )
\r
1816 return self::showActivationPage($key, $error);
\r
1820 $mem->setPassword($password);
\r
1823 // do the activation
\r
1824 Member::activate($key);
\r
1826 self::$skin->parse('activatesetpwd');
\r
1831 * Admin::action_manageteam()
\r
1837 static private function action_manageteam()
\r
1839 global $member, $manager;
\r
1841 $blogid = intRequestVar('blogid');
\r
1843 // check if allowed
\r
1844 $member->blogAdminRights($blogid) or self::disallow();
\r
1846 self::$skin->parse('manageteam');
\r
1851 * Admin::action_teamaddmember()
\r
1852 * Add member to team
\r
1857 static private function action_teamaddmember()
\r
1859 global $member, $manager;
\r
1861 $memberid = intPostVar('memberid');
\r
1862 $blogid = intPostVar('blogid');
\r
1863 $admin = intPostVar('admin');
\r
1865 // check if allowed
\r
1866 $member->blogAdminRights($blogid) or self::disallow();
\r
1868 $blog =& $manager->getBlog($blogid);
\r
1869 if ( !$blog->addTeamMember($memberid, $admin) )
\r
1871 self::error(_ERROR_ALREADYONTEAM);
\r
1874 self::action_manageteam();
\r
1879 * Admin::action_teamdelete()
\r
1884 static private function action_teamdelete()
\r
1886 global $member, $manager;
\r
1888 $memberid = intRequestVar('memberid');
\r
1889 $blogid = intRequestVar('blogid');
\r
1891 // check if allowed
\r
1892 $member->blogAdminRights($blogid) or self::disallow();
\r
1894 $teammem =& $manager->getMember($memberid);
\r
1895 $blog =& $manager->getBlog($blogid);
\r
1897 self::$skin->parse('teamdelete');
\r
1902 * Admin::action_teamdeleteconfirm()
\r
1907 static private function action_teamdeleteconfirm()
\r
1911 $memberid = intRequestVar('memberid');
\r
1912 $blogid = intRequestVar('blogid');
\r
1914 $error = self::deleteOneTeamMember($blogid, $memberid);
\r
1917 self::error($error);
\r
1919 self::action_manageteam();
\r
1924 * Admin::deleteOneTeamMember()
\r
1929 static public function deleteOneTeamMember($blogid, $memberid)
\r
1931 global $member, $manager;
\r
1933 $blogid = intval($blogid);
\r
1934 $memberid = intval($memberid);
\r
1936 // check if allowed
\r
1937 if ( !$member->blogAdminRights($blogid) )
\r
1939 return _ERROR_DISALLOWED;
\r
1942 // check if: - there remains at least one blog admin
\r
1943 // - (there remains at least one team member)
\r
1944 $tmem =& $manager->getMember($memberid);
\r
1948 'member' => &$tmem,
\r
1949 'blogid' => $blogid
\r
1950 );
\r $manager->notify('PreDeleteTeamMember', $data);
\r
1952 if ( $tmem->isBlogAdmin($blogid) )
\r
1954 /* TODO: why we did double check? */
\r
1955 // check if there are more blog members left and at least one admin
\r
1956 // (check for at least two admins before deletion)
\r
1957 $query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;";
\r
1958 $query = sprintf($query, sql_table('team'), (integer) $blogid);
\r
1959 $r = DB::getResult($query);
\r
1960 if ( $r->rowCount() < 2 )
\r
1962 return _ERROR_ATLEASTONEBLOGADMIN;
\r
1966 $query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;";
\r
1967 $query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid);
\r
1968 DB::execute($query);
\r
1971 'member' => &$tmem,
\r
1972 'blogid' => $blogid
\r
1974 $manager->notify('PostDeleteTeamMember', $data);
\r
1980 * Admin::action_teamchangeadmin()
\r
1985 static private function action_teamchangeadmin()
\r
1987 global $manager, $member;
\r
1989 $blogid = intRequestVar('blogid');
\r
1990 $memberid = intRequestVar('memberid');
\r
1992 // check if allowed
\r
1993 $member->blogAdminRights($blogid) or self::disallow();
\r
1995 $mem =& $manager->getMember($memberid);
\r
1997 // don't allow when there is only one admin at this moment
\r
1998 if ( $mem->isBlogAdmin($blogid) )
\r
2000 $query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;";
\r
2001 $query = sprintf($query, sql_table('team'), (integer) $blogid);
\r
2002 $r = DB::getResult($query);
\r
2003 if ( $r->rowCount() == 1 )
\r
2005 self::error(_ERROR_ATLEASTONEBLOGADMIN);
\r
2009 if ( $mem->isBlogAdmin($blogid) )
\r
2018 $query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;";
\r
2019 $query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid);
\r
2020 DB::execute($query);
\r
2022 // only show manageteam if member did not change its own admin privileges
\r
2023 if ( $member->isBlogAdmin($blogid) )
\r
2025 self::action_manageteam();
\r
2029 self::action_overview(_MSG_ADMINCHANGED);
\r
2035 * Admin::action_blogsettings()
\r
2040 static private function action_blogsettings()
\r
2042 global $member, $manager;
\r
2044 $blogid = intRequestVar('blogid');
\r
2046 // check if allowed
\r
2047 $member->blogAdminRights($blogid) or self::disallow();
\r
2049 $blog =& $manager->getBlog($blogid);
\r
2051 Admin::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
\r
2053 self::$skin->parse('blogsettings');
\r
2058 * Admin::action_categorynew()
\r
2063 static private function action_categorynew()
\r
2065 global $member, $manager;
\r
2067 $blogid = intRequestVar('blogid');
\r
2069 $member->blogAdminRights($blogid) or self::disallow();
\r
2071 $cname = postVar('cname');
\r
2072 $cdesc = postVar('cdesc');
\r
2074 if ( !isValidCategoryName($cname) )
\r
2076 self::error(_ERROR_BADCATEGORYNAME);
\r
2079 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d;";
\r
2080 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid);
\r
2081 $res = DB::getResult($query);
\r
2082 if ( $res->rowCount() > 0 )
\r
2084 self::error(_ERROR_DUPCATEGORYNAME);
\r
2087 $blog =& $manager->getBlog($blogid);
\r
2088 $newCatID = $blog->createNewCategory($cname, $cdesc);
\r
2090 self::action_blogsettings();
\r
2095 * Admin::action_categoryedit()
\r
2100 static private function action_categoryedit($catid = '', $blogid = '', $desturl = '')
\r
2102 global $member, $manager;
\r
2104 if ( $blogid == '' )
\r
2106 $blogid = intGetVar('blogid');
\r
2110 $blogid = intval($blogid);
\r
2112 if ( $catid == '' )
\r
2114 $catid = intGetVar('catid');
\r
2118 $catid = intval($catid);
\r
2121 /* TODO: we should consider to use the other way insterad of this */
\r
2122 $_REQUEST['blogid'] = $blogid;
\r
2123 $_REQUEST['catid'] = $catid;
\r
2124 $_REQUEST['desturl'] = $desturl;
\r
2125 $member->blogAdminRights($blogid) or self::disallow();
\r
2127 Admin::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
\r
2129 self::$skin->parse('categoryedit');
\r
2134 * Admin::action_categoryupdate()
\r
2139 static private function action_categoryupdate()
\r
2141 global $member, $manager;
\r
2143 $blogid = intPostVar('blogid');
\r
2144 $catid = intPostVar('catid');
\r
2145 $cname = postVar('cname');
\r
2146 $cdesc = postVar('cdesc');
\r
2147 $desturl = postVar('desturl');
\r
2149 $member->blogAdminRights($blogid) or self::disallow();
\r
2151 if ( !isValidCategoryName($cname) )
\r
2153 self::error(_ERROR_BADCATEGORYNAME);
\r
2156 $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d AND not(catid=%d);";
\r
2157 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid, (integer) $catid);
\r
2158 $res = DB::getResult($query);
\r
2159 if ( $res->rowCount() > 0 )
\r
2161 self::error(_ERROR_DUPCATEGORYNAME);
\r
2164 $query = "UPDATE %s SET cname=%s, cdesc=%s WHERE catid=%d;";
\r
2165 $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), DB::quoteValue($cdesc), (integer) $catid);
\r
2166 DB::execute($query);
\r
2168 // store plugin options
\r
2169 $aOptions = requestArray('plugoption');
\r
2170 NucleusPlugin::apply_plugin_options($aOptions);
\r
2172 'context' => 'category',
\r
2175 $manager->notify('PostPluginOptionsUpdate', $data);
\r
2179 redirect($desturl);
\r
2184 self::action_blogsettings();
\r
2190 * Admin::action_categorydelete()
\r
2195 static private function action_categorydelete()
\r
2197 global $member, $manager;
\r
2199 $blogid = intRequestVar('blogid');
\r
2200 $catid = intRequestVar('catid');
\r
2202 $member->blogAdminRights($blogid) or self::disallow();
\r
2204 $blog =& $manager->getBlog($blogid);
\r
2206 // check if the category is valid
\r
2207 if ( !$blog->isValidCategory($catid) )
\r
2209 self::error(_ERROR_NOSUCHCATEGORY);
\r
2212 // don't allow deletion of default category
\r
2213 if ( $blog->getDefaultCategory() == $catid )
\r
2215 self::error(_ERROR_DELETEDEFCATEGORY);
\r
2218 // check if catid is the only category left for blogid
\r
2219 $query = "SELECT catid FROM %s WHERE cblog=%d;";
\r
2220 $query = sprintf($query, sql_table('category'), $blogid);
\r
2221 $res = DB::getResult($query);
\r
2222 if ( $res->rowCount() == 1 )
\r
2224 self::error(_ERROR_DELETELASTCATEGORY);
\r
2227 self::$skin->parse('categorydelete');
\r
2232 * Admin::action_categorydeleteconfirm()
\r
2237 static private function action_categorydeleteconfirm()
\r
2239 global $member, $manager;
\r
2241 $blogid = intRequestVar('blogid');
\r
2242 $catid = intRequestVar('catid');
\r
2244 $member->blogAdminRights($blogid) or self::disallow();
\r
2246 $error = self::deleteOneCategory($catid);
\r
2249 self::error($error);
\r
2252 self::action_blogsettings();
\r
2257 * Admin::deleteOneCategory()
\r
2258 * Delete a category by its id
\r
2260 * @param String $catid category id for deleting
\r
2263 static public function deleteOneCategory($catid)
\r
2265 global $manager, $member;
\r
2267 $catid = intval($catid);
\r
2268 $blogid = getBlogIDFromCatID($catid);
\r
2270 if ( !$member->blogAdminRights($blogid) )
\r
2272 return ERROR_DISALLOWED;
\r
2276 $blog =& $manager->getBlog($blogid);
\r
2278 // check if the category is valid
\r
2279 if ( !$blog || !$blog->isValidCategory($catid) )
\r
2281 return _ERROR_NOSUCHCATEGORY;
\r
2284 $destcatid = $blog->getDefaultCategory();
\r
2286 // don't allow deletion of default category
\r
2287 if ( $blog->getDefaultCategory() == $catid )
\r
2289 return _ERROR_DELETEDEFCATEGORY;
\r
2292 // check if catid is the only category left for blogid
\r
2293 $query = "SELECT catid FROM %s WHERE cblog=%d;";
\r
2294 $query = sprintf($query, sql_table('category'), (integer) $blogid);
\r
2296 $res = DB::getResult($query);
\r
2297 if ( $res->rowCount() == 1 )
\r
2299 return _ERROR_DELETELASTCATEGORY;
\r
2302 $data = array('catid' => $catid);
\r
2303 $manager->notify('PreDeleteCategory', $data);
\r
2305 // change category for all items to the default category
\r
2306 $query = "UPDATE %s SET icat=%d WHERE icat=%d;";
\r
2307 $query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid);
\r
2308 DB::execute($query);
\r
2310 // delete all associated plugin options
\r
2311 NucleusPlugin::delete_option_values('category', (integer) $catid);
\r
2313 // delete category
\r
2314 $query = "DELETE FROM %s WHERE catid=%d;";
\r
2315 $query = sprintf($query, sql_table('category'), (integer) $catid);
\r
2316 DB::execute($query);
\r
2318 $data = array('catid' => $catid);
\r
2319 $manager->notify('PostDeleteCategory', $data);
\r
2324 * Admin::moveOneCategory()
\r
2325 * Delete a category by its id
\r
2327 * @param int $catid category id for move
\r
2328 * @param int $destblogid blog id for destination
\r
2331 static public function moveOneCategory($catid, $destblogid)
\r
2333 global $manager, $member;
\r
2334 $catid = intval($catid);
\r
2335 $destblogid = intval($destblogid);
\r
2336 $blogid = getBlogIDFromCatID($catid);
\r
2337 // mover should have admin rights on both blogs
\r
2338 if (!$member->blogAdminRights($blogid)) {
\r
2339 return _ERROR_DISALLOWED;
\r
2341 if (!$member->blogAdminRights($destblogid)) {
\r
2342 return _ERROR_DISALLOWED;
\r
2344 // cannot move to self
\r
2345 if ($blogid == $destblogid) {
\r
2346 return _ERROR_MOVETOSELF;
\r
2349 $blog =& $manager->getBlog($blogid);
\r
2350 $destblog =& $manager->getBlog($destblogid);
\r
2351 // check if the category is valid
\r
2352 if (!$blog || !$blog->isValidCategory($catid)) {
\r
2353 return _ERROR_NOSUCHCATEGORY;
\r
2355 // don't allow default category to be moved
\r
2356 if ($blog->getDefaultCategory() == $catid) {
\r
2357 return _ERROR_MOVEDEFCATEGORY;
\r
2360 'PreMoveCategory',
\r
2362 'catid' => &$catid,
\r
2363 'sourceblog' => &$blog,
\r
2364 'destblog' => &$destblog
\r
2367 // update comments table (cblog)
\r
2368 $query = 'SELECT '
\r
2371 . sql_table('item') . ' '
\r
2374 $items = sql_query(sprintf($query, $catid));
\r
2375 while ($oItem = sql_fetch_object($items)) {
\r
2376 $query = 'UPDATE '
\r
2377 . sql_table('comment') . ' '
\r
2379 . ' cblog = %d' . ' '
\r
2382 sql_query(sprintf($query, $destblogid, $oItem->inumber));
\r
2385 // update items (iblog)
\r
2386 $query = 'UPDATE '
\r
2387 . sql_table('item') . ' '
\r
2392 sql_query(sprintf($query, $destblogid, $catid));
\r
2395 $query = 'UPDATE '
\r
2396 . sql_table('category') . ' '
\r
2398 . ' cblog = %d' . ' '
\r
2401 sql_query(sprintf($query, $destblogid, $catid));
\r
2403 'PostMoveCategory',
\r
2405 'catid' => &$catid,
\r
2406 'sourceblog' => &$blog,
\r
2407 'destblog' => $destblog
\r
2414 * Admin::action_blogsettingsupdate
\r
2415 * Updating blog settings
\r
2420 static private function action_blogsettingsupdate()
\r
2422 global $member, $manager;
\r
2424 $blogid = intRequestVar('blogid');
\r
2426 $member->blogAdminRights($blogid) or self::disallow();
\r
2428 $blog =& $manager->getBlog($blogid);
\r
2430 $notify_address = trim(postVar('notify'));
\r
2431 $shortname = trim(postVar('shortname'));
\r
2432 $updatefile = trim(postVar('update'));
\r
2434 $notifyComment = intPostVar('notifyComment');
\r
2435 $notifyVote = intPostVar('notifyVote');
\r
2436 $notifyNewItem = intPostVar('notifyNewItem');
\r
2438 if ( $notifyComment == 0 )
\r
2440 $notifyComment = 1;
\r
2442 if ( $notifyVote == 0 )
\r
2446 if ( $notifyNewItem == 0 )
\r
2448 $notifyNewItem = 1;
\r
2450 $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
\r
2452 if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
\r
2454 self::error(_ERROR_BADNOTIFY);
\r
2457 if ( !isValidShortName($shortname) )
\r
2459 self::error(_ERROR_BADSHORTBLOGNAME);
\r
2462 if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
\r
2464 self::error(_ERROR_DUPSHORTBLOGNAME);
\r
2466 // check if update file is writable
\r
2467 if ( $updatefile && !is_writeable($updatefile) )
\r
2469 self::error(_ERROR_UPDATEFILE);
\r
2472 $blog->setName(trim(postVar('name')));
\r
2473 $blog->setShortName($shortname);
\r
2474 $blog->setNotifyAddress($notify_address);
\r
2475 $blog->setNotifyType($notifyType);
\r
2476 $blog->setMaxComments(postVar('maxcomments'));
\r
2477 $blog->setCommentsEnabled(postVar('comments'));
\r
2478 $blog->setTimeOffset(postVar('timeoffset'));
\r
2479 $blog->setUpdateFile($updatefile);
\r
2480 $blog->setURL(trim(postVar('url')));
\r
2481 $blog->setDefaultSkin(intPostVar('defskin'));
\r
2482 $blog->setDescription(trim(postVar('desc')));
\r
2483 $blog->setPublic(postVar('public'));
\r
2484 $blog->setConvertBreaks(intPostVar('convertbreaks'));
\r
2485 $blog->setAllowPastPosting(intPostVar('allowpastposting'));
\r
2486 $blog->setDefaultCategory(intPostVar('defcat'));
\r
2487 $blog->setSearchable(intPostVar('searchable'));
\r
2488 $blog->setEmailRequired(intPostVar('reqemail'));
\r
2489 $blog->writeSettings();
\r
2491 // store plugin options
\r
2492 $aOptions = requestArray('plugoption');
\r
2493 NucleusPlugin::apply_plugin_options($aOptions);
\r
2496 'context' => 'blog',
\r
2497 'blogid' => $blogid,
\r
2500 $manager->notify('PostPluginOptionsUpdate', $data);
\r
2502 self::action_overview(_MSG_SETTINGSCHANGED);
\r
2507 * Admin::action_deleteblog()
\r
2512 static private function action_deleteblog()
\r
2514 global $member, $CONF, $manager;
\r
2516 $blogid = intRequestVar('blogid');
\r
2518 $member->blogAdminRights($blogid) or self::disallow();
\r
2520 // check if blog is default blog
\r
2521 if ( $CONF['DefaultBlog'] == $blogid )
\r
2523 self::error(_ERROR_DELDEFBLOG);
\r
2526 $blog =& $manager->getBlog($blogid);
\r
2528 self::$skin->parse('deleteblog');
\r
2533 * Admin::action_deleteblogconfirm()
\r
2539 static private function action_deleteblogconfirm()
\r
2541 global $member, $CONF, $manager;
\r
2543 $blogid = intRequestVar('blogid');
\r
2545 $data = array('blogid' => $blogid);
\r
2546 $manager->notify('PreDeleteBlog', $data);
\r
2548 $member->blogAdminRights($blogid) or self::disallow();
\r
2550 // check if blog is default blog
\r
2551 if ( $CONF['DefaultBlog'] == $blogid )
\r
2553 self::error(_ERROR_DELDEFBLOG);
\r
2556 // delete all comments
\r
2557 $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
\r
2558 DB::execute($query);
\r
2560 // delete all items
\r
2561 $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
\r
2562 DB::execute($query);
\r
2564 // delete all team members
\r
2565 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
\r
2566 DB::execute($query);
\r
2568 // delete all bans
\r
2569 $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
\r
2570 DB::execute($query);
\r
2572 // delete all categories
\r
2573 $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
\r
2574 DB::execute($query);
\r
2576 // delete all associated plugin options
\r
2577 NucleusPlugin::delete_option_values('blog', $blogid);
\r
2579 // delete the blog itself
\r
2580 $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
\r
2581 DB::execute($query);
\r
2583 $data = array('blogid' => $blogid);
\r
2584 $manager->notify('PostDeleteBlog', $data);
\r
2586 self::action_overview(_DELETED_BLOG);
\r
2591 * Admin::action_memberdelete()
\r
2596 static private function action_memberdelete()
\r
2598 global $member, $manager;
\r
2600 $memberid = intRequestVar('memberid');
\r
2602 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
2604 $mem =& $manager->getMember($memberid);
\r
2606 self::$skin->parse('memberdelete');
\r
2611 * Admin::action_memberdeleteconfirm()
\r
2616 static private function action_memberdeleteconfirm()
\r
2620 $memberid = intRequestVar('memberid');
\r
2622 ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
\r
2624 $error = self::deleteOneMember($memberid);
\r
2627 self::error($error);
\r
2630 if ( $member->isAdmin() )
\r
2632 self::action_usermanagement();
\r
2636 self::action_overview(_DELETED_MEMBER);
\r
2642 * Admin::deleteOneMember()
\r
2643 * Delete a member by id
\r
2646 * @params Integer $memberid member id
\r
2647 * @return String null string or error messages
\r
2649 static public function deleteOneMember($memberid)
\r
2653 $memberid = intval($memberid);
\r
2654 $mem =& $manager->getMember($memberid);
\r
2656 if ( !$mem->canBeDeleted() )
\r
2658 return _ERROR_DELETEMEMBER;
\r
2661 $data = array('member' => &$mem);
\r
2662 $manager->notify('PreDeleteMember', $data);
\r
2664 /* unlink comments from memberid */
\r
2667 $query = "UPDATE %s SET cmember=0, cuser=%s WHERE cmember=%d;";
\r
2668 $query = sprintf($query, sql_table('comment'), DB::quoteValue($mem->getDisplayName()), $memberid);
\r
2669 DB::execute($query);
\r
2672 $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
\r
2673 DB::execute($query);
\r
2675 $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
\r
2676 DB::execute($query);
\r
2678 $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
\r
2679 DB::execute($query);
\r
2681 // delete all associated plugin options
\r
2682 NucleusPlugin::delete_option_values('member', $memberid);
\r
2684 $data = array('member' => &$mem);
\r
2685 $manager->notify('PostDeleteMember', $data);
\r
2691 * Admin::action_createnewlog()
\r
2696 static private function action_createnewlog()
\r
2698 global $member, $CONF, $manager;
\r
2700 // Only Super-Admins can do this
\r
2701 $member->isAdmin() or self::disallow();
\r
2703 self::$skin->parse('createnewlog');
\r
2708 * Admin::action_addnewlog()
\r
2713 static private function action_addnewlog()
\r
2715 global $member, $manager, $CONF;
\r
2717 // Only Super-Admins can do this
\r
2718 $member->isAdmin() or self::disallow();
\r
2720 $bname = trim(postVar('name'));
\r
2721 $bshortname = trim(postVar('shortname'));
\r
2722 $btimeoffset = postVar('timeoffset');
\r
2723 $bdesc = trim(postVar('desc'));
\r
2724 $bdefskin = postVar('defskin');
\r
2726 if ( !isValidShortName($bshortname) )
\r
2728 self::error(_ERROR_BADSHORTBLOGNAME);
\r
2731 if ( $manager->existsBlog($bshortname) )
\r
2733 self::error(_ERROR_DUPSHORTBLOGNAME);
\r
2737 'name' => &$bname,
\r
2738 'shortname' => &$bshortname,
\r
2739 'timeoffset' => &$btimeoffset,
\r
2740 'description' => &$bdesc,
\r
2741 'defaultskin' => &$bdefskin
\r
2743 $manager->notify('PreAddBlog', $data);
\r
2745 // add slashes for sql queries
\r
2746 $bname = DB::quoteValue($bname);
\r
2747 $bshortname = DB::quoteValue($bshortname);
\r
2748 $btimeoffset = DB::quoteValue($btimeoffset);
\r
2749 $bdesc = DB::quoteValue($bdesc);
\r
2750 $bdefskin = DB::quoteValue($bdefskin);
\r
2753 $query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES (%s, %s, %s, %s, %s);";
\r
2754 $query = sprintf($query, sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin);
\r
2755 DB::execute($query);
\r
2757 $blogid = DB::getInsertId();
\r
2758 $blog =& $manager->getBlog($blogid);
\r
2760 // create new category
\r
2761 $catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME);
\r
2762 $catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC);
\r
2764 $query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)';
\r
2765 DB::execute(sprintf($query, sql_table('category'), (integer) $blogid, DB::quoteValue($catdefname), DB::quoteValue($catdefdesc)));
\r
2766 $catid = DB::getInsertId();
\r
2768 // set as default category
\r
2769 $blog->setDefaultCategory($catid);
\r
2770 $blog->writeSettings();
\r
2772 // create team member
\r
2773 $query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);";
\r
2774 $query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid);
\r
2775 DB::execute($query);
\r
2777 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
\r
2778 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
\r
2781 $blog->getDefaultCategory(),
\r
2782 $itemdeftitle,$itemdefbody,
\r
2786 $blog->getCorrectTime(),
\r
2792 $data = array('blog' => &$blog);
\r
2793 $manager->notify('PostAddBlog', $data);
\r
2797 'name' => _EBLOGDEFAULTCATEGORY_NAME,
\r
2798 'description' => _EBLOGDEFAULTCATEGORY_DESC,
\r
2801 $manager->notify('PostAddCategory', $data);
\r
2803 /* TODO: we should consider to use the other way insterad of this */
\r
2804 $_REQUEST['blogid'] = $blogid;
\r
2805 $_REQUEST['catid'] = $catid;
\r
2806 self::$skin->parse('addnewlog');
\r
2811 * Admin::action_addnewlog2()
\r
2816 static private function action_addnewlog2()
\r
2818 global $member, $manager;
\r
2819 $blogid = intRequestVar('blogid');
\r
2821 $member->blogAdminRights($blogid) or self::disallow();
\r
2823 $burl = requestVar('url');
\r
2825 $blog =& $manager->getBlog($blogid);
\r
2826 $blog->setURL(trim($burl));
\r
2827 $blog->writeSettings();
\r
2829 self::action_overview(_MSG_NEWBLOG);
\r
2834 * Admin::action_skinieoverview()
\r
2839 static private function action_skinieoverview()
\r
2841 global $member, $DIR_LIBS, $manager;
\r
2843 $member->isAdmin() or self::disallow();
\r
2845 include_once($DIR_LIBS . 'skinie.php');
\r
2847 self::$skin->parse('skinieoverview');
\r
2852 * Admin::action_skinieimport()
\r
2857 static private function action_skinieimport()
\r
2859 global $member, $DIR_LIBS, $DIR_SKINS, $manager;
\r
2861 $member->isAdmin() or self::disallow();
\r
2863 // load skinie class
\r
2864 include_once($DIR_LIBS . 'skinie.php');
\r
2866 $skinFileRaw = postVar('skinfile');
\r
2867 $mode = postVar('mode');
\r
2869 $importer = new SkinImport();
\r
2871 // get full filename
\r
2872 if ( $mode == 'file' )
\r
2874 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2876 /* TODO: remove this
\r
2877 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2878 if ( !file_exists($skinFile) )
\r
2880 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2886 $skinFile = $skinFileRaw;
\r
2889 // read only metadata
\r
2890 $error = $importer->readFile($skinFile, 1);
\r
2892 /* TODO: we should consider to use the other way insterad of this */
\r
2893 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2894 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2895 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2898 $skinNameClashes = $importer->checkSkinNameClashes();
\r
2899 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
2900 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
2902 /* TODO: we should consider to use the other way insterad of this */
\r
2903 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
2904 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
2905 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
2909 self::error($error);
\r
2912 self::$skin->parse('skinieimport');
\r
2917 * Admin::action_skiniedoimport()
\r
2922 static private function action_skiniedoimport()
\r
2924 global $member, $DIR_LIBS, $DIR_SKINS;
\r
2926 $member->isAdmin() or self::disallow();
\r
2928 // load skinie class
\r
2929 include_once($DIR_LIBS . 'skinie.php');
\r
2931 $skinFileRaw = postVar('skinfile');
\r
2932 $mode = postVar('mode');
\r
2934 $allowOverwrite = intPostVar('overwrite');
\r
2936 // get full filename
\r
2937 if ( $mode == 'file' )
\r
2939 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
\r
2941 /* TODO: remove this
\r
2942 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
2943 if ( !file_exists($skinFile) )
\r
2945 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
\r
2951 $skinFile = $skinFileRaw;
\r
2954 $importer = new SkinImport();
\r
2956 $error = $importer->readFile($skinFile);
\r
2960 self::error($error);
\r
2963 $error = $importer->writeToDatabase($allowOverwrite);
\r
2967 self::error($error);
\r
2970 /* TODO: we should consider to use the other way insterad of this */
\r
2971 $_REQUEST['skininfo'] = $importer->getInfo();
\r
2972 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
2973 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
2975 self::$skin->parse('skiniedoimport');
\r
2980 * Admin::action_skinieexport()
\r
2985 static private function action_skinieexport()
\r
2987 global $member, $DIR_LIBS;
\r
2989 $member->isAdmin() or self::disallow();
\r
2991 // load skinie class
\r
2992 include_once($DIR_LIBS . 'skinie.php');
\r
2994 $aSkins = requestIntArray('skin');
\r
2995 $aTemplates = requestIntArray('template');
\r
2997 if ( !is_array($aTemplates) )
\r
2999 $aTemplates = array();
\r
3001 if ( !is_array($aSkins) )
\r
3003 $aSkins = array();
\r
3006 $skinList = array_keys($aSkins);
\r
3007 $templateList = array_keys($aTemplates);
\r
3009 $info = postVar('info');
\r
3011 $exporter = new SkinExport();
\r
3012 foreach ( $skinList as $skinId )
\r
3014 $exporter->addSkin($skinId);
\r
3016 foreach ($templateList as $templateId)
\r
3018 $exporter->addTemplate($templateId);
\r
3020 $exporter->setInfo($info);
\r
3022 $exporter->export();
\r
3027 * Admin::action_templateoverview()
\r
3032 static private function action_templateoverview()
\r
3034 global $member, $manager;
\r
3036 $member->isAdmin() or self::disallow();
\r
3038 self::$skin->parse('templateoverview');
\r
3043 * Admin::action_templateedit()
\r
3045 * @param string $msg message for pageheader
\r
3048 static private function action_templateedit($msg = '')
\r
3050 global $member, $manager;
\r
3053 self::$headMess = $msg;
\r
3056 $templateid = intRequestVar('templateid');
\r
3058 $member->isAdmin() or self::disallow();
\r
3060 Admin::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(javascript/templateEdit.js)%>\"></script>\n";
\r
3061 Admin::$extrahead .= "<script type=\"text/javascript\">setTemplateEditText('" . Entity::hsc(_EDITTEMPLATE_EMPTY) . "');</script>\n";
\r
3063 self::$skin->parse('templateedit');
\r
3068 * Admin::action_templateupdate()
\r
3073 static private function action_templateupdate()
\r
3075 global $member,$manager;
\r
3077 $templateid = intRequestVar('templateid');
\r
3079 $member->isAdmin() or self::disallow();
\r
3081 $name = postVar('tname');
\r
3082 $desc = postVar('tdesc');
\r
3084 if ( !isValidTemplateName($name) )
\r
3086 self::error(_ERROR_BADTEMPLATENAME);
\r
3089 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
\r
3091 self::error(_ERROR_DUPTEMPLATENAME);
\r
3094 // 1. Remove all template parts
\r
3095 $query = "DELETE FROM %s WHERE tdesc=%d;";
\r
3096 $query = sprintf($query, sql_table('template'), (integer) $templateid);
\r
3097 DB::execute($query);
\r
3099 // 2. Update description
\r
3100 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
\r
3101 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
\r
3102 DB::execute($query);
\r
3104 // 3. Add non-empty template parts
\r
3105 self::addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER'));
\r
3106 self::addToTemplate($templateid, 'ITEM', postVar('ITEM'));
\r
3107 self::addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER'));
\r
3108 self::addToTemplate($templateid, 'MORELINK', postVar('MORELINK'));
\r
3109 self::addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK'));
\r
3110 self::addToTemplate($templateid, 'NEW', postVar('NEW'));
\r
3111 self::addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER'));
\r
3112 self::addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY'));
\r
3113 self::addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER'));
\r
3114 self::addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED'));
\r
3115 self::addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH'));
\r
3116 self::addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH'));
\r
3117 self::addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE'));
\r
3118 self::addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY'));
\r
3119 self::addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE'));
\r
3120 self::addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
\r
3121 self::addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
\r
3122 self::addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
\r
3123 self::addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
\r
3124 self::addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
\r
3125 self::addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
\r
3126 self::addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
\r
3127 self::addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
\r
3128 self::addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
\r
3129 self::addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER'));
\r
3130 self::addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER'));
\r
3131 self::addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE'));
\r
3132 self::addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME'));
\r
3133 self::addToTemplate($templateid, 'LOCALE', postVar('LOCALE'));
\r
3134 self::addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT'));
\r
3135 self::addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
\r
3136 self::addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE'));
\r
3137 self::addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
\r
3138 self::addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
\r
3140 $data = array('fields' => array());
\r
3141 $manager->notify('TemplateExtraFields', $data);
\r
3142 foreach ( $data['fields'] as $pfkey=>$pfvalue )
\r
3144 foreach ( $pfvalue as $pffield => $pfdesc )
\r
3146 self::addToTemplate($templateid, $pffield, postVar($pffield));
\r
3150 // jump back to template edit
\r
3151 self::action_templateedit(_TEMPLATE_UPDATED);
\r
3156 * Admin::addToTemplate()
\r
3158 * @param Integer $id ID for template
\r
3159 * @param String $partname parts name
\r
3160 * @param String $content template contents
\r
3161 * @return Integer record index
\r
3164 static private function addToTemplate($id, $partname, $content)
\r
3166 // don't add empty parts:
\r
3167 if ( !trim($content) )
\r
3172 $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, %s, %s);";
\r
3173 $query = sprintf($query, sql_table('template'), (integer) $id, DB::quoteValue($partname), DB::quoteValue($content));
\r
3174 if ( DB::execute($query) === FALSE )
\r
3176 $err = DB::getError();
\r
3177 exit(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
\r
3179 return DB::getInsertId();
\r
3183 * Admin::action_templatedelete()
\r
3188 static private function action_templatedelete()
\r
3190 global $member, $manager;
\r
3192 $member->isAdmin() or self::disallow();
\r
3194 $templateid = intRequestVar('templateid');
\r
3195 // TODO: check if template can be deleted
\r
3197 self::$skin->parse('templatedelete');
\r
3202 * Admin::action_templatedeleteconfirm()
\r
3207 static private function action_templatedeleteconfirm()
\r
3209 global $member, $manager;
\r
3211 $templateid = intRequestVar('templateid');
\r
3213 $member->isAdmin() or self::disallow();
\r
3215 $data = array('templateid' => $templateid);
\r
3216 $manager->notify('PreDeleteTemplate', $data);
\r
3218 // 1. delete description
\r
3219 DB::execute('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
\r
3221 // 2. delete parts
\r
3222 DB::execute('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
\r
3225 $data = array('templateid' => $templateid);
\r
3226 $manager->notify('PostDeleteTemplate', $data);
\r
3228 self::action_templateoverview();
\r
3233 * Admin::action_templatenew()
\r
3238 static private function action_templatenew()
\r
3242 $member->isAdmin() or self::disallow();
\r
3244 $name = postVar('name');
\r
3245 $desc = postVar('desc');
\r
3247 if ( !isValidTemplateName($name) )
\r
3249 self::error(_ERROR_BADTEMPLATENAME);
\r
3252 if ( Template::exists($name) )
\r
3254 self::error(_ERROR_DUPTEMPLATENAME);
\r
3257 $newTemplateId = Template::createNew($name, $desc);
\r
3259 self::action_templateoverview();
\r
3264 * Admin::action_templateclone()
\r
3269 static private function action_templateclone()
\r
3273 $templateid = intRequestVar('templateid');
\r
3275 $member->isAdmin() or self::disallow();
\r
3277 // 1. read old template
\r
3278 $name = Template::getNameFromId($templateid);
\r
3279 $desc = Template::getDesc($templateid);
\r
3281 // 2. create desc thing
\r
3282 $name = "cloned" . $name;
\r
3284 // if a template with that name already exists:
\r
3285 if ( Template::exists($name) )
\r
3288 while (Template::exists($name . $i))
\r
3295 $newid = Template::createNew($name, $desc);
\r
3297 // 3. create clone
\r
3298 // go through parts of old template and add them to the new one
\r
3299 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
\r
3300 $query = sprintf($query, sql_table('template'), (integer) $templateid);
\r
3302 $res = DB::getResult($query);
\r
3303 foreach ( $res as $row)
\r
3305 self::addToTemplate($newid, $row['tpartname'], $row['tcontent']);
\r
3308 self::action_templateoverview();
\r
3313 * Admin::action_admintemplateoverview()
\r
3318 static private function action_admintemplateoverview()
\r
3321 $member->isAdmin() or self::disallow();
\r
3322 self::$skin->parse('admntemplateoverview');
\r
3327 * Admin::action_admintemplateedit()
\r
3329 * @param string $msg message for pageheader
\r
3332 static private function action_admintemplateedit($msg = '')
\r
3334 global $member, $manager;
\r
3337 self::$headMess = $msg;
\r
3339 $member->isAdmin() or self::disallow();
\r
3341 Admin::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(javascript/templateEdit.js)%>\"></script>\n";
\r
3342 Admin::$extrahead .= '<script type="text/javascript">setTemplateEditText("' . Entity::hsc(_EDITTEMPLATE_EMPTY) . '");</script>' . "\n";
\r
3344 self::$skin->parse('admintemplateedit');
\r
3349 * Admin::action_admintemplateupdate()
\r
3354 static private function action_admintemplateupdate()
\r
3356 global $member, $manager;
\r
3357 $templateid = intRequestVar('templateid');
\r
3358 $member->isAdmin() or self::disallow();
\r
3359 $name = postVar('tname');
\r
3360 $desc = postVar('tdesc');
\r
3362 if ( !isValidTemplateName($name) )
\r
3364 self::error(_ERROR_BADTEMPLATENAME);
\r
3367 if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
\r
3369 self::error(_ERROR_DUPTEMPLATENAME);
\r
3372 // 1. Remove all template parts
\r
3373 $query = "DELETE FROM %s WHERE tdesc=%d;";
\r
3374 $query = sprintf($query, sql_table('template'), (integer) $templateid);
\r
3375 DB::execute($query);
\r
3377 // 2. Update description
\r
3378 $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;";
\r
3379 $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid);
\r
3380 DB::execute($query);
\r
3382 // 3. Add non-empty template parts
\r
3383 self::addToAdminTemplate($templateid, 'NORMALSKINLIST_HEAD', postVar('NORMALSKINLIST_HEAD'));
\r
3384 self::addToAdminTemplate($templateid, 'NORMALSKINLIST_BODY', postVar('NORMALSKINLIST_BODY'));
\r
3385 self::addToAdminTemplate($templateid, 'NORMALSKINLIST_FOOT', postVar('NORMALSKINLIST_FOOT'));
\r
3386 self::addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON', postVar('ADMIN_CUSTOMHELPLINK_ICON'));
\r
3387 self::addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR', postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
\r
3388 self::addToAdminTemplate($templateid, 'ADMIN_BLOGLINK', postVar('ADMIN_BLOGLINK'));
\r
3389 self::addToAdminTemplate($templateid, 'ADMIN_BATCHLIST', postVar('ADMIN_BATCHLIST'));
\r
3390 self::addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TITLE', postVar('ACTIVATE_FORGOT_TITLE'));
\r
3391 self::addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TEXT', postVar('ACTIVATE_FORGOT_TEXT'));
\r
3392 self::addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TITLE', postVar('ACTIVATE_REGISTER_TITLE'));
\r
3393 self::addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TEXT', postVar('ACTIVATE_REGISTER_TEXT'));
\r
3394 self::addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TITLE', postVar('ACTIVATE_CHANGE_TITLE'));
\r
3395 self::addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TEXT', postVar('ACTIVATE_CHANGE_TEXT'));
\r
3396 self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME', postVar('TEMPLATE_EDIT_EXPLUGNAME'));
\r
3397 self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD', postVar('TEMPLATE_EDIT_ROW_HEAD'));
\r
3398 self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL', postVar('TEMPLATE_EDIT_ROW_TAIL'));
\r
3399 self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_HEAD', postVar('SPECIALSKINLIST_HEAD'));
\r
3400 self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_BODY', postVar('SPECIALSKINLIST_BODY'));
\r
3401 self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_FOOT', postVar('SPECIALSKINLIST_FOOT'));
\r
3402 self::addToAdminTemplate($templateid, 'SYSTEMINFO_GDSETTINGS', postVar('SYSTEMINFO_GDSETTINGS'));
\r
3403 self::addToAdminTemplate($templateid, 'BANLIST_DELETED_LIST', postVar('BANLIST_DELETED_LIST'));
\r
3404 self::addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_TITLE', postVar('INSERT_PLUGOPTION_TITLE'));
\r
3405 self::addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_BODY', postVar('INSERT_PLUGOPTION_BODY'));
\r
3406 self::addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN', postVar('INPUTYESNO_TEMPLATE_ADMIN'));
\r
3407 self::addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL', postVar('INPUTYESNO_TEMPLATE_NORMAL'));
\r
3408 self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD', postVar('ADMIN_SPECIALSKINLIST_HEAD'));
\r
3409 self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY', postVar('ADMIN_SPECIALSKINLIST_BODY'));
\r
3410 self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT', postVar('ADMIN_SPECIALSKINLIST_FOOT'));
\r
3411 self::addToAdminTemplate($templateid, 'SKINIE_EXPORT_LIST', postVar('SKINIE_EXPORT_LIST'));
\r
3412 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD', postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
\r
3413 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY', postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
\r
3414 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT', postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
\r
3415 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
\r
3416 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
\r
3417 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
\r
3418 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
\r
3419 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
\r
3420 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
\r
3421 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
\r
3422 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
\r
3423 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
\r
3424 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
\r
3425 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
\r
3426 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
\r
3427 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
\r
3428 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
\r
3429 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
\r
3430 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
\r
3431 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
\r
3432 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
\r
3433 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
\r
3434 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
\r
3435 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
\r
3436 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
\r
3437 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
\r
3438 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
\r
3439 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
\r
3440 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
\r
3441 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
\r
3442 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
\r
3443 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
\r
3444 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
\r
3445 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT', postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
\r
3446 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
\r
3447 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
\r
3448 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
\r
3449 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
\r
3450 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
\r
3451 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
\r
3452 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
\r
3453 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
\r
3454 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
\r
3455 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
\r
3456 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
\r
3457 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
\r
3458 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM', postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
\r
3459 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
\r
3460 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
\r
3461 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
\r
3462 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
\r
3463 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
\r
3464 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
\r
3465 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
\r
3466 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
\r
3467 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
\r
3468 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
\r
3469 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
\r
3470 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
\r
3471 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
\r
3472 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
\r
3473 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
\r
3474 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
\r
3475 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
\r
3476 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
\r
3477 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
\r
3478 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
\r
3479 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
\r
3480 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
\r
3481 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
\r
3482 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
\r
3483 self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT', postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
\r
3484 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE', postVar('PLUGIN_QUICKMENU_TITLE'));
\r
3485 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD', postVar('PLUGIN_QUICKMENU_HEAD'));
\r
3486 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_BODY', postVar('PLUGIN_QUICKMENU_BODY'));
\r
3487 self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT', postVar('PLUGIN_QUICKMENU_FOOT'));
\r
3489 $data = array('fields' => array());
\r
3490 $manager->notify('AdminTemplateExtraFields', $data);
\r
3491 foreach ( $data['fields'] as $pfkey => $pfvalue )
\r
3493 foreach ( $pfvalue as $pffield => $pfdesc )
\r
3495 self::addToAdminTemplate($templateid, $pffield, postVar($pffield));
\r
3499 // jump back to template edit
\r
3500 self::action_admintemplateedit(_TEMPLATE_UPDATED);
\r
3505 * Admin::addToAdminTemplate()
\r
3507 * @param integer $id ID for template
\r
3508 * @param string $partname name of part for template
\r
3509 * @param void $contents content for part of template
\r
3510 * @return integer ID for newly inserted Template
\r
3512 static private function addToAdminTemplate($id, $partname, $content)
\r
3514 // don't add empty parts:
\r
3515 if ( !trim($content) )
\r
3520 $query = "INSERT INTO %s (tdesc, tpartname, tcontent ) VALUES (%d, %s, %s);";
\r
3521 $query = sprintf($query, sql_table('template'), (integer) $id, DB::quoteValue($partname), DB::quoteValue($content));
\r
3522 if ( DB::execute($query) === FALSE )
\r
3524 $err = DB::getError();
\r
3525 exit(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
\r
3527 return DB::getInsertId();
\r
3531 * Admin::action_admintemplatedelete()
\r
3536 static private function action_admintemplatedelete()
\r
3538 global $member, $manager;
\r
3539 $member->isAdmin() or self::disallow();
\r
3541 // TODO: check if template can be deleted
\r
3542 self::$skin->parse('admintemplatedelete');
\r
3547 * Admin::action_admintemplatedeleteconfirm()
\r
3552 static private function action_admintemplatedeleteconfirm()
\r
3554 global $member, $manager;
\r
3556 $templateid = intRequestVar('templateid');
\r
3557 $member->isAdmin() or self::disallow();
\r
3559 $data = array('templateid' => $templateid);
\r
3560 $manager->notify('PreDeleteAdminTemplate', $data);
\r
3562 // 1. delete description
\r
3563 $query = "DELETE FROM %s WHERE tdnumber=%s;";
\r
3564 $query = sprintf($query, sql_table('template_desc'), (integer) $templateid);
\r
3565 DB::execute($query);
\r
3567 // 2. delete parts
\r
3568 $query = "DELETE FROM %s WHERE tdesc=%d;";
\r
3569 $query = sprintf($query, sql_table('template'), (integer) $templateid);
\r
3570 DB::execute($query);
\r
3572 $data = array('templateid' => $templateid);
\r
3573 $manager->notify('PostDeleteAdminTemplate', $data);
\r
3575 self::action_admintemplateoverview();
\r
3580 * Admin::action_admintemplatenew()
\r
3585 static private function action_admintemplatenew()
\r
3588 $member->isAdmin() or self::disallow();
\r
3589 $name = postVar('name');
\r
3590 $desc = postVar('desc');
\r
3592 if ( !isValidTemplateName($name) )
\r
3594 self::error(_ERROR_BADTEMPLATENAME);
\r
3596 else if ( !preg_match('#^admin/#', $name) )
\r
3598 self::error(_ERROR_BADADMINTEMPLATENAME);
\r
3600 else if ( Template::exists($name) )
\r
3602 self::error(_ERROR_DUPTEMPLATENAME);
\r
3605 $newTemplateId = Template::createNew($name, $desc);
\r
3606 self::action_admintemplateoverview();
\r
3611 * Admin::action_admintemplateclone()
\r
3616 static private function action_admintemplateclone()
\r
3619 $templateid = intRequestVar('templateid');
\r
3620 $member->isAdmin() or self::disallow();
\r
3622 // 1. read old template
\r
3623 $name = Template::getNameFromId($templateid);
\r
3624 $desc = Template::getDesc($templateid);
\r
3626 // 2. create desc thing
\r
3627 $name = $name . "cloned";
\r
3629 // if a template with that name already exists:
\r
3630 if ( Template::exists($name) )
\r
3633 while ( Template::exists($name . $i) )
\r
3640 $newid = Template::createNew($name, $desc);
\r
3642 // 3. create clone
\r
3643 // go through parts of old template and add them to the new one
\r
3644 $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
\r
3645 $query = sprintf($query, sql_table('template'), (integer) $templateid);
\r
3647 $res = DB::getResult($query);
\r
3648 foreach ( $res as $row )
\r
3650 self::addToAdminTemplate($newid, $row['tpartname'], $row['tcontent']);
\r
3653 self::action_admintemplateoverview();
\r
3658 * Admin::action_skinoverview()
\r
3663 static private function action_skinoverview()
\r
3665 global $member, $manager;
\r
3667 $member->isAdmin() or self::disallow();
\r
3669 self::$skin->parse('skinoverview');
\r
3674 * Admin::action_skinnew()
\r
3679 static private function action_skinnew()
\r
3683 $member->isAdmin() or self::disallow();
\r
3685 $name = trim(postVar('name'));
\r
3686 $desc = trim(postVar('desc'));
\r
3688 if ( !isValidSkinName($name) )
\r
3690 self::error(_ERROR_BADSKINNAME);
\r
3693 if ( SKIN::exists($name) )
\r
3695 self::error(_ERROR_DUPSKINNAME);
\r
3698 $newId = SKIN::createNew($name, $desc);
\r
3700 self::action_skinoverview();
\r
3705 * Admin::action_skinedit()
\r
3710 static private function action_skinedit()
\r
3712 global $member, $manager;
\r
3714 $member->isAdmin() or self::disallow();
\r
3716 self::$skin->parse('skinedit');
\r
3721 * Admin::action_skineditgeneral()
\r
3726 static private function action_skineditgeneral()
\r
3728 global $manager, $member;
\r
3730 $skinid = intRequestVar('skinid');
\r
3732 $member->isAdmin() or self::disallow();
\r
3734 $name = postVar('name');
\r
3735 $desc = postVar('desc');
\r
3736 $type = postVar('type');
\r
3737 $inc_mode = postVar('inc_mode');
\r
3738 $inc_prefix = postVar('inc_prefix');
\r
3740 $skin =& $manager->getSkin($skinid);
\r
3743 if ( !isValidSkinName($name) )
\r
3745 self::error(_ERROR_BADSKINNAME);
\r
3748 if ( ($skin->getName() != $name) && SKIN::exists($name) )
\r
3750 self::error(_ERROR_DUPSKINNAME);
\r
3755 $type = 'text/html';
\r
3759 $inc_mode = 'normal';
\r
3762 // 2. Update description
\r
3763 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
3765 self::action_skinedit();
\r
3769 static private function action_skinedittype($msg = '')
\r
3771 global $member, $manager;
\r
3773 $member->isAdmin() or self::disallow();
\r
3777 self::$headMess = $msg;
\r
3780 $skinid = intRequestVar('skinid');
\r
3781 $type = requestVar('type');
\r
3782 $type = trim($type);
\r
3783 $type = strtolower($type);
\r
3785 if ( !isValidShortName($type) )
\r
3787 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
3790 self::$skin->parse('skinedittype');
\r
3795 * Admin::action_skinupdate()
\r
3800 static private function action_skinupdate()
\r
3802 global $manager, $member;
\r
3804 $skinid = intRequestVar('skinid');
\r
3805 $content = trim(postVar('content'));
\r
3806 $type = postVar('type');
\r
3808 $member->isAdmin() or self::disallow();
\r
3810 $skin =& $manager->getSKIN($skinid);
\r
3811 $skin->update($type, $content);
\r
3813 self::action_skinedittype(_SKIN_UPDATED);
\r
3818 * Admin::action_skindelete()
\r
3823 static private function action_skindelete()
\r
3825 global $manager, $member, $CONF;
\r
3827 $skinid = intRequestVar('skinid');
\r
3829 $member->isAdmin() or self::disallow();
\r
3831 // don't allow default skin to be deleted
\r
3832 if ( $skinid == $CONF['BaseSkin'] )
\r
3834 self::error(_ERROR_DEFAULTSKIN);
\r
3837 // don't allow deletion of default skins for blogs
\r
3838 $query = "SELECT bname FROM %s WHERE bdefskin=%d";
\r
3839 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
\r
3841 $name = DB::getValue($query);
\r
3844 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
\r
3847 self::$skin->parse('skindelete');
\r
3852 * Admin::action_skindeleteconfirm()
\r
3857 static private function action_skindeleteconfirm()
\r
3859 global $member, $CONF, $manager;
\r
3861 $skinid = intRequestVar('skinid');
\r
3863 $member->isAdmin() or self::disallow();
\r
3865 // don't allow default skin to be deleted
\r
3866 if ( $skinid == $CONF['BaseSkin'] )
\r
3868 self::error(_ERROR_DEFAULTSKIN);
\r
3871 // don't allow deletion of default skins for blogs
\r
3872 $query = "SELECT bname FROM %s WHERE bdefskin=%d;";
\r
3873 $query = sprintf($query, sql_table('blog'), (integer) $skinid);
\r
3875 $name = DB::getValue($query);
\r
3878 self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name));
\r
3881 $data = array('skinid' => $skinid);
\r
3882 $manager->notify('PreDeleteSkin', $data);
\r
3884 // 1. delete description
\r
3885 $query = "DELETE FROM %s WHERE sdnumber=%d;";
\r
3886 $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid);
\r
3887 DB::execute($query);
\r
3889 // 2. delete parts
\r
3890 $query = "DELETE FROM %s WHERE sdesc=%d;";
\r
3891 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
\r
3892 DB::execute($query);
\r
3894 $data = array('skinid' => $skinid);
\r
3895 $manager->notify('PostDeleteSkin', $data);
\r
3897 self::action_skinoverview();
\r
3902 * Admin::action_skinremovetype()
\r
3907 static private function action_skinremovetype()
\r
3909 global $member, $manager, $CONF;
\r
3911 $member->isAdmin() or self::disallow();
\r
3913 $skinid = intRequestVar('skinid');
\r
3914 $skintype = requestVar('type');
\r
3916 if ( !isValidShortName($skintype) )
\r
3918 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3921 // don't allow default skinparts to be deleted
\r
3922 /* TODO: this array should be retrieved from Action class */
\r
3923 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3925 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3928 self::$skin->parse('skinremovetype');
\r
3933 * Admin::action_skinremovetypeconfirm()
\r
3938 static private function action_skinremovetypeconfirm()
\r
3940 global $member, $CONF, $manager;
\r
3942 $member->isAdmin() or self::disallow();
\r
3944 $skinid = intRequestVar('skinid');
\r
3945 $skintype = requestVar('type');
\r
3947 if ( !isValidShortName($skintype) )
\r
3949 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3952 // don't allow default skinparts to be deleted
\r
3953 /* TODO: this array should be retrieved from Action class */
\r
3954 if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
\r
3956 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
3960 'skinid' => $skinid,
\r
3961 'skintype' => $skintype
\r
3963 $manager->notify('PreDeleteSkinPart', $data);
\r
3965 $query = "DELETE FROM %s WHERE sdesc=%d AND stype=%s;";
\r
3966 $query = sprintf($query, sql_table('skin'), (integer) $skinid, DB::quoteValue($skintype) );
\r
3967 DB::execute($query);
\r
3970 'skinid' => $skinid,
\r
3971 'skintype' => $skintype
\r
3973 $manager->notify('PostDeleteSkinPart', $data);
\r
3975 self::action_skinedit();
\r
3980 * Admin::action_skinclone()
\r
3985 static private function action_skinclone()
\r
3987 global $manager, $member;
\r
3989 $member->isAdmin() or self::disallow();
\r
3991 $skinid = intRequestVar('skinid');
\r
3993 // 1. read skin to clone
\r
3994 $skin =& $manager->getSkin($skinid);
\r
3996 $name = "{$skin->getName()}_clone";
\r
3998 // if a skin with that name already exists:
\r
3999 if ( Skin::exists($name) )
\r
4002 while ( Skin::exists($name . $i) )
\r
4009 // 2. create skin desc
\r
4010 $newid = Skin::createNew(
\r
4012 $skin->getDescription(),
\r
4013 $skin->getContentType(),
\r
4014 $skin->getIncludeMode(),
\r
4015 $skin->getIncludePrefix()
\r
4019 $query = "SELECT stype FROM %s WHERE sdesc=%d;";
\r
4020 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
\r
4022 $res = DB::getResult($query);
\r
4023 foreach ( $res as $row )
\r
4025 self::skinclonetype($skin, $newid, $row['stype']);
\r
4028 self::action_skinoverview();
\r
4033 * Admin::skinclonetype()
\r
4035 * @param String $skin Skin object
\r
4036 * @param Integer $newid ID for this clone
\r
4037 * @param String $type type of skin
\r
4040 static private function skinclonetype($skin, $newid, $type)
\r
4042 $newid = intval($newid);
\r
4043 $content = $skin->getContentFromDB($type);
\r
4047 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, %s, %s)";
\r
4048 $query = sprintf($query, sql_table('skin'), (integer) $newid, DB::quoteValue($content), DB::quoteValue($type));
\r
4049 DB::execute($query);
\r
4055 * Admin::action_adminskinoverview()
\r
4060 static private function action_adminskinoverview()
\r
4062 global $member, $manager;
\r
4064 $member->isAdmin() or self::disallow();
\r
4066 self::$skin->parse('adminskinoverview');
\r
4071 * Admin::action_adminskinnew()
\r
4076 static private function action_adminskinnew()
\r
4079 $member->isAdmin() or self::disallow();
\r
4080 $name = trim(postVar('name'));
\r
4081 $desc = trim(postVar('desc'));
\r
4083 if ( !isValidSkinName($name) )
\r
4085 self::error(_ERROR_BADSKINNAME);
\r
4087 else if ( !preg_match('#^admin/#', $name) )
\r
4089 self::error(_ERROR_BADADMINSKINNAME);
\r
4091 else if ( Skin::exists($name) )
\r
4093 self::error(_ERROR_DUPSKINNAME);
\r
4095 /* TODO: $newId is not reused... */
\r
4096 $newId = Skin::createNew($name, $desc);
\r
4097 self::action_adminskinoverview();
\r
4102 * Admin::action_adminskinedit()
\r
4107 static private function action_adminskinedit()
\r
4109 global $member, $manager;
\r
4111 $member->isAdmin() or self::disallow();
\r
4112 self::$skin->parse('adminskinedit');
\r
4117 * Admin::action_adminskineditgeneral()
\r
4122 static private function action_adminskineditgeneral()
\r
4124 global $manager, $member;
\r
4126 $skinid = intRequestVar('skinid');
\r
4128 $member->isAdmin() or self::disallow();
\r
4130 $name = postVar('name');
\r
4131 $desc = postVar('desc');
\r
4132 $type = postVar('type');
\r
4133 $inc_mode = postVar('inc_mode');
\r
4134 $inc_prefix = postVar('inc_prefix');
\r
4136 $skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
\r
4139 if ( !isValidSkinName($name) )
\r
4141 self::error(_ERROR_BADSKINNAME);
\r
4143 if ( ($skin->getName() != $name) && Skin::exists($name) )
\r
4145 self::error(_ERROR_DUPSKINNAME);
\r
4149 $type = 'text/html';
\r
4153 $inc_mode = 'normal';
\r
4155 // 2. Update description
\r
4156 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
\r
4157 self::action_adminskinedit();
\r
4162 * Admin::action_adminskinedittype()
\r
4164 * @param string $msg message for pageheader
\r
4167 static private function action_adminskinedittype($msg = '')
\r
4169 global $member, $manager;
\r
4171 $member->isAdmin() or self::disallow();
\r
4175 self::$headMess = $msg;
\r
4177 $type = requestVar('type');
\r
4178 $type = trim($type);
\r
4179 $type = strtolower($type);
\r
4181 if ( !isValidShortName($type) )
\r
4183 self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
\r
4186 self::$skin->parse('adminskinedittype');
\r
4191 * Admin::action_adminskinupdate()
\r
4196 static private function action_adminskinupdate()
\r
4198 global $manager, $member;
\r
4200 $skinid = intRequestVar('skinid');
\r
4201 $content = trim(postVar('content'));
\r
4202 $type = postVar('type');
\r
4204 $member->isAdmin() or self::disallow();
\r
4206 $skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
\r
4207 $skin->update($type, $content);
\r
4208 self::action_adminskinedittype(_SKIN_UPDATED);
\r
4213 * Admin::action_adminskindelete()
\r
4218 static private function action_adminskindelete()
\r
4220 global $member, $manager, $CONF;
\r
4221 $member->isAdmin() or self::disallow();
\r
4223 /* TODO: needless variable $skinid... */
\r
4224 $skinid = intRequestVar('skinid');
\r
4225 self::$skin->parse('adminskindelete');
\r
4230 * Admin::action_adminskindeleteconfirm()
\r
4235 static private function action_adminskindeleteconfirm()
\r
4237 global $member, $CONF, $manager;
\r
4239 $member->isAdmin() or self::disallow();
\r
4240 $skinid = intRequestVar('skinid');
\r
4242 // don't allow default skin to be deleted
\r
4243 if ( $skinid == $CONF['AdminSkin'] )
\r
4245 self::error(_ERROR_DEFAULTSKIN);
\r
4250 * TODO: NOT Implemented
\r
4251 * don't allow deletion of default skins for members
\r
4253 $query = 'SELECT * FROM %s WHERE madminskin = %d or mbkmklt = %d';
\r
4254 $res = DB::getResult(sprintf($query, sql_table('member'), $skinid, $skinid));
\r
4255 $members = array();
\r
4256 while ( $row = $res->fetch() ) {
\r
4257 $members[] = $row['mrealname'];
\r
4259 if ( count($members) )
\r
4261 self::error(_ERROR_SKINDEFDELETE . implode(' ' . _AND . ' ', $members));
\r
4265 $manager->notify('PreDeleteAdminSkin', array('skinid' => (integer) $skinid));
\r
4267 // 1. delete description
\r
4268 $query = "DELETE FROM %s WHERE sdnumber=%d;";
\r
4269 $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid);
\r
4270 DB::execute($query);
\r
4272 // 2. delete parts
\r
4273 $query = "DELETE FROM %s WHERE sdesc=%d;";
\r
4274 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
\r
4276 DB::execute($query);
\r
4278 $manager->notify('PostDeleteAdminSkin', array('skinid' => (integer) $skinid));
\r
4279 self::action_adminskinoverview();
\r
4284 * Admin::action_adminskinremovetype()
\r
4289 static private function action_adminskinremovetype()
\r
4291 global $member, $manager, $CONF;
\r
4293 $member->isAdmin() or self::disallow();
\r
4295 $skinid = intRequestVar('skinid');
\r
4296 $skintype = requestVar('type');
\r
4298 if ( !isValidShortName($skintype) )
\r
4300 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4303 self::$skin->parse('adminskinremovetype');
\r
4308 * Admin::action_adminskinremovetypeconfirm()
\r
4313 static private function action_adminskinremovetypeconfirm()
\r
4315 global $member, $CONF, $manager;
\r
4317 $member->isAdmin() or self::disallow();
\r
4319 $skinid = intRequestVar('skinid');
\r
4320 $skintype = requestVar('type');
\r
4322 if ( !isValidShortName($skintype) )
\r
4324 self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
\r
4328 'skinid' => $skinid,
\r
4329 'skintype' => $skintype
\r
4331 $manager->notify('PreDeleteAdminSkinPart', $data);
\r
4334 $query = 'DELETE FROM %s WHERE sdesc = %d AND stype = %s ;';
\r
4335 $query = sprintf($query, sql_table('skin'), (integer) $skinid, DB::quoteValue($skintype) );
\r
4336 DB::execute($query);
\r
4339 'skinid' => $skinid,
\r
4340 'skintype' => $skintype
\r
4342 $manager->notify('PostDeleteAdminSkinPart', $data);
\r
4344 self::action_adminskinedit();
\r
4349 * Admin::action_adminskinclone()
\r
4354 static private function action_adminskinclone()
\r
4356 global $manager, $member;
\r
4358 $member->isAdmin() or self::disallow();
\r
4360 $skinid = intRequestVar('skinid');
\r
4362 // 1. read skin to clone
\r
4363 $skin =& $manager->getSkin($skinid, 'AdminActions', 'AdminSkin');
\r
4364 $name = "{$skin->getName()}_clone";
\r
4366 // if a skin with that name already exists:
\r
4367 if ( Skin::exists($name) )
\r
4370 while ( Skin::exists($name . $i) )
\r
4377 // 2. create skin desc
\r
4378 $newid = Skin::createNew(
\r
4380 $skin->getDescription(),
\r
4381 $skin->getContentType(),
\r
4382 $skin->getIncludeMode(),
\r
4383 $skin->getIncludePrefix()
\r
4387 $query = "SELECT stype FROM %s WHERE sdesc=%d;";
\r
4388 $query = sprintf($query, sql_table('skin'), (integer) $skinid);
\r
4390 $res = DB::getResult($query);
\r
4391 foreach ( $res as $row )
\r
4393 self::skinclonetype($skin, $newid, $row['stype']);
\r
4395 self::action_adminskinoverview();
\r
4400 * Admin::adminskinclonetype()
\r
4402 * @param string $skin an instance of Skin class
\r
4403 * @param integer $newid ID for new skin
\r
4404 * @param string $type skin type
\r
4407 static private function adminskinclonetype($skin, $newid, $type)
\r
4409 $content = $skin->getContentFromDB($type);
\r
4413 $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, %s, %s)";
\r
4414 $query = sprintf($query, sql_table('skin'), (integer) $newid, DB::quoteValue($content), DB::quoteValue($type));
\r
4415 DB::execute($query);
\r
4421 * Admin::action_adminskinieoverview()
\r
4426 static private function action_adminskinieoverview()
\r
4428 global $member, $DIR_LIBS, $manager;
\r
4430 $member->isAdmin() or self::disallow();
\r
4432 // load skinie class
\r
4433 include_once($DIR_LIBS . 'skinie.php');
\r
4435 self::$skin->parse('adminskinieoverview');
\r
4440 * FIXME: DUPLICATION, NO NEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEED!!!!!!
\r
4441 * Admin::action_adminskinieimport()
\r
4446 static private function action_adminskinieimport()
\r
4448 global $DIR_LIBS, $DIR_SKINS, $manager, $member;
\r
4450 $member->isAdmin() or self::disallow();
\r
4452 // load skinie class
\r
4453 include_once($DIR_LIBS . 'skinie.php');
\r
4455 $skinFileRaw = postVar('skinfile');
\r
4456 $mode = postVar('mode');
\r
4458 $importer = new SKINIMPORT();
\r
4460 // get full filename
\r
4461 if ( $mode == 'file' )
\r
4463 $skinFile = "{$DIR_SKINS}admin/{$skinFileRaw}/skinbackup.xml";
\r
4465 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4466 if ( !file_exists($skinFile) )
\r
4468 $skinFile = "{$DIR_SKINS}admin/{$skinFileRaw}/skindata.xml";
\r
4473 $skinFile = $skinFileRaw;
\r
4476 // read only metadata
\r
4477 $error = $importer->readFile($skinFile, 1);
\r
4480 self::error($error);
\r
4483 /* TODO: we should consider to use the other way instead of this */
\r
4484 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4485 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4486 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4489 $skinNameClashes = $importer->checkSkinNameClashes();
\r
4490 $templateNameClashes = $importer->checkTemplateNameClashes();
\r
4491 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
\r
4492 /* TODO: we should consider to use the other way instead of this */
\r
4493 $_REQUEST['skinclashes'] = $skinNameClashes;
\r
4494 $_REQUEST['tpltclashes'] = $templateNameClashes;
\r
4495 $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
\r
4497 if ( !is_object(self::$skin) )
\r
4499 self::action_adminskiniedoimport();
\r
4503 self::$skin->parse('adminskinieimport');
\r
4509 * FIXME: DUPLICATION, NO NEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEED!!!!!!
\r
4510 * Admin::action_adminskiniedoimport()
\r
4515 static private function action_adminskiniedoimport()
\r
4517 global $DIR_LIBS, $DIR_SKINS, $manager, $member;
\r
4519 $member->isAdmin() or self::disallow();
\r
4521 // load skinie class
\r
4522 include_once($DIR_LIBS . 'skinie.php');
\r
4524 $skinFileRaw = postVar('skinfile');
\r
4525 $mode = postVar('mode');
\r
4526 $allowOverwrite = intPostVar('overwrite');
\r
4528 // get full filename
\r
4529 if ( $mode == 'file' )
\r
4531 $skinFile = "{$DIR_SKINS}admin/{$skinFileRaw}/skinbackup.xml";
\r
4532 // backwards compatibilty (in v2.0, exports were saved as skindata.xml)
\r
4533 if ( !file_exists($skinFile) )
\r
4535 $skinFile = "{$DIR_SKINS}admin/{$skinFileRaw}/skindata.xml";
\r
4540 $skinFile = $skinFileRaw;
\r
4543 $importer = new SKINIMPORT();
\r
4545 $error = $importer->readFile($skinFile);
\r
4548 self::error($error);
\r
4551 $error = $importer->writeToDatabase($allowOverwrite);
\r
4554 self::error($error);
\r
4557 /* TODO: we should consider to use the other way instead of this */
\r
4558 $_REQUEST['skininfo'] = $importer->getInfo();
\r
4559 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
4560 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
4562 if ( !is_object(self::$skin) )
\r
4564 global $DIR_SKINS;
\r
4565 $query = "SELECT min(sdnumber) FROM %s WHERE sdname != 'admin/bookmarklet' AND sdname LIKE 'admin/%%'";
\r
4566 $query = sprintf($query, sql_table('skin_desc'));
\r
4567 $res = intval(DB::getValue($query));
\r
4568 $query = "UPDATE %s SET value = %d WHERE name = 'AdminSkin'";
\r
4569 $query = sprintf($query, sql_table('config'), $res);
\r
4570 DB::execute($query);
\r
4571 $skin =& $manager->Skin(0, 'AdminActions', 'AdminSkin');
\r
4572 $skin->parse('importAdmin', $DIR_SKINS . 'admin/defaultimporter.skn');
\r
4576 self::$skin->parse('adminskiniedoimport');
\r
4582 * Admin::action_adminskinieexport()
\r
4587 static private function action_adminskinieexport()
\r
4589 global $member, $DIR_PLUGINS;
\r
4591 $member->isAdmin() or self::disallow();
\r
4593 // load skinie class
\r
4594 $aSkins = requestIntArray('skin');
\r
4595 if (!is_array($aSkins)) {
\r
4596 $aSkins = array();
\r
4598 $skinList = array_keys($aSkins);
\r
4600 $aTemplates = requestIntArray('template');
\r
4601 if (!is_array($aTemplates))
\r
4603 $aTemplates = array();
\r
4605 $templateList = array_keys($aTemplates);
\r
4607 $info = postVar('info');
\r
4609 include_libs('skinie.php');
\r
4610 $exporter = new SkinExport();
\r
4611 foreach ( $skinList as $skinId )
\r
4613 $exporter->addSkin($skinId);
\r
4615 foreach ( $templateList as $templateId )
\r
4617 $exporter->addTemplate($templateId);
\r
4619 $exporter->setInfo($info);
\r
4620 $exporter->export();
\r
4625 * Admin::action_settingsedit()
\r
4630 static private function action_settingsedit()
\r
4632 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
\r
4634 $member->isAdmin() or self::disallow();
\r
4636 self::$skin->parse('settingsedit');
\r
4641 * Admin::action_settingsupdate()
\r
4642 * Update $CONFIG and redirect
\r
4647 static private function action_settingsupdate()
\r
4649 global $member, $CONF;
\r
4651 $member->isAdmin() or self::disallow();
\r
4653 // check if email address for admin is valid
\r
4654 if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
\r
4656 self::error(_ERROR_BADMAILADDRESS);
\r
4660 self::updateConfig('DefaultBlog', postVar('DefaultBlog'));
\r
4661 self::updateConfig('BaseSkin', postVar('BaseSkin'));
\r
4662 self::updateConfig('IndexURL', postVar('IndexURL'));
\r
4663 self::updateConfig('AdminURL', postVar('AdminURL'));
\r
4664 self::updateConfig('PluginURL', postVar('PluginURL'));
\r
4665 self::updateConfig('SkinsURL', postVar('SkinsURL'));
\r
4666 self::updateConfig('ActionURL', postVar('ActionURL'));
\r
4667 self::updateConfig('Locale', postVar('Locale'));
\r
4668 self::updateConfig('AdminEmail', postVar('AdminEmail'));
\r
4669 self::updateConfig('SessionCookie', postVar('SessionCookie'));
\r
4670 self::updateConfig('AllowMemberCreate', postVar('AllowMemberCreate'));
\r
4671 self::updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
\r
4672 self::updateConfig('NonmemberMail', postVar('NonmemberMail'));
\r
4673 self::updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
\r
4674 self::updateConfig('SiteName', postVar('SiteName'));
\r
4675 self::updateConfig('NewMemberCanLogon', postVar('NewMemberCanLogon'));
\r
4676 self::updateConfig('DisableSite', postVar('DisableSite'));
\r
4677 self::updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
\r
4678 self::updateConfig('LastVisit', postVar('LastVisit'));
\r
4679 self::updateConfig('MediaURL', postVar('MediaURL'));
\r
4680 self::updateConfig('AllowedTypes', postVar('AllowedTypes'));
\r
4681 self::updateConfig('AllowUpload', postVar('AllowUpload'));
\r
4682 self::updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
\r
4683 self::updateConfig('MediaPrefix', postVar('MediaPrefix'));
\r
4684 self::updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
\r
4685 self::updateConfig('DisableJsTools', postVar('DisableJsTools'));
\r
4686 self::updateConfig('CookieDomain', postVar('CookieDomain'));
\r
4687 self::updateConfig('CookiePath', postVar('CookiePath'));
\r
4688 self::updateConfig('CookieSecure', postVar('CookieSecure'));
\r
4689 self::updateConfig('URLMode', postVar('URLMode'));
\r
4690 self::updateConfig('CookiePrefix', postVar('CookiePrefix'));
\r
4691 self::updateConfig('DebugVars', postVar('DebugVars'));
\r
4692 self::updateConfig('DefaultListSize', postVar('DefaultListSize'));
\r
4693 self::updateConfig('AdminCSS', postVar('AdminCSS'));
\r
4694 self::updateConfig('AdminSkin', postVar('adminskin'));
\r
4695 self::updateConfig('BookmarkletSkin', postVar('bookmarklet'));
\r
4697 // load new config and redirect (this way, the new locale will be used is necessary)
\r
4698 // note that when changing cookie settings, this redirect might cause the user
\r
4699 // to have to log in again.
\r
4701 redirect($CONF['AdminURL'] . '?action=manage');
\r
4706 * Admin::action_systemoverview()
\r
4707 * Output system overview
\r
4712 static private function action_systemoverview()
\r
4714 self::$skin->parse('systemoverview');
\r
4719 * Admin::updateConfig()
\r
4721 * @param string $name
\r
4722 * @param string $val
\r
4723 * @return integer return the ID in which the latest query posted
\r
4725 static private function updateConfig($name, $val)
\r
4727 $query = "UPDATE %s SET value=%s WHERE name=%s";
\r
4728 $query = sprintf($query, sql_table('config'), DB::quoteValue($val), DB::quoteValue($name));
\r
4729 if ( DB::execute($query) === FALSE )
\r
4731 $err = DB::getError();
\r
4732 die(_ADMIN_SQLDIE_QUERYERROR . $err[2]);
\r
4734 return DB::getInsertId();
\r
4741 * @param string $msg message that will be shown
\r
4744 static public function error($msg)
\r
4746 self::$headMess = $msg;
\r
4747 self::$skin->parse('adminerrorpage');
\r
4752 * Admin::disallow()
\r
4753 * add error log and show error page
\r
4758 static public function disallow()
\r
4760 ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
\r
4761 self::error(_ERROR_DISALLOWED);
\r
4766 * Admin::action_PluginAdmin()
\r
4767 * Output pluginadmin
\r
4769 * @param string $skinContents
\r
4770 * @param string $extrahead
\r
4773 static public function action_PluginAdmin($skinContents, $extrahead = '')
\r
4775 self::$extrahead .= $extrahead;
\r
4776 self::$skin->parse('pluginadmin', $skinContents);
\r
4781 * Admin::action_bookmarklet()
\r
4786 static private function action_bookmarklet()
\r
4788 global $member, $manager;
\r
4790 $blogid = intRequestVar('blogid');
\r
4791 $member->teamRights($blogid) or self::disallow();
\r
4793 self::$skin->parse('bookmarklet');
\r
4798 * Admin::action_actionlog()
\r
4803 static private function action_actionlog()
\r
4805 global $member, $manager;
\r
4807 $member->isAdmin() or self::disallow();
\r
4809 self::$skin->parse('actionlog');
\r
4814 * Admin::action_banlist()
\r
4819 static private function action_banlist()
\r
4821 global $member, $manager;
\r
4823 $blogid = intRequestVar('blogid');
\r
4824 $member->blogAdminRights($blogid) or self::disallow();
\r
4826 self::$skin->parse('banlist');
\r
4831 * Admin::action_banlistdelete()
\r
4836 static private function action_banlistdelete()
\r
4838 global $member, $manager;
\r
4840 $blogid = intRequestVar('blogid');
\r
4841 $member->blogAdminRights($blogid) or self::disallow();
\r
4843 self::$skin->parse('banlistdelete');
\r
4848 * Admin::action_banlistdeleteconfirm()
\r
4853 static private function action_banlistdeleteconfirm()
\r
4855 global $member, $manager;
\r
4857 $blogid = intPostVar('blogid');
\r
4858 $allblogs = postVar('allblogs');
\r
4859 $iprange = postVar('iprange');
\r
4861 $member->blogAdminRights($blogid) or self::disallow();
\r
4863 $deleted = array();
\r
4867 if ( Ban::removeBan($blogid, $iprange) )
\r
4869 $deleted[] = $blogid;
\r
4874 // get blogs fot which member has admin rights
\r
4875 $adminblogs = $member->getAdminBlogs();
\r
4876 foreach ($adminblogs as $blogje)
\r
4878 if ( Ban::removeBan($blogje, $iprange) )
\r
4880 $deleted[] = $blogje;
\r
4885 if ( sizeof($deleted) == 0 )
\r
4887 self::error(_ERROR_DELETEBAN);
\r
4890 /* TODO: we should use other ways */
\r
4891 $_REQUEST['delblogs'] = $deleted;
\r
4893 self::$skin->parse('banlistdeleteconfirm');
\r
4898 * Admin::action_banlistnewfromitem()
\r
4903 static private function action_banlistnewfromitem()
\r
4907 $itemid = intRequestVar('itemid');
\r
4908 $item =& $manager->getItem($itemid, 1, 1);
\r
4909 self::action_banlistnew($item['blogid']);
\r
4914 * Admin::action_banlistnew()
\r
4916 * @param integer $blogid ID for weblog
\r
4919 static private function action_banlistnew($blogid = '')
\r
4921 global $member, $manager;
\r
4923 if ( $blogid == '' )
\r
4925 $blogid = intRequestVar('blogid');
\r
4928 $ip = requestVar('ip');
\r
4930 $member->blogAdminRights($blogid) or self::disallow();
\r
4932 /* TODO: we should consider to use the other way instead of this */
\r
4933 $_REQUEST['blogid'] = $blogid;
\r
4935 self::$skin->parse('banlistnew');
\r
4941 * Admin::action_banlistadd()
\r
4946 static private function action_banlistadd()
\r
4950 $blogid = intPostVar('blogid');
\r
4951 $allblogs = postVar('allblogs');
\r
4952 $iprange = postVar('iprange');
\r
4954 if ( $iprange == "custom" )
\r
4956 $iprange = postVar('customiprange');
\r
4958 $reason = postVar('reason');
\r
4960 $member->blogAdminRights($blogid) or self::disallow();
\r
4962 // TODO: check IP range validity
\r
4966 if ( !Ban::addBan($blogid, $iprange, $reason) )
\r
4968 self::error(_ERROR_ADDBAN);
\r
4973 // get blogs fot which member has admin rights
\r
4974 $adminblogs = $member->getAdminBlogs();
\r
4976 foreach ($adminblogs as $blogje)
\r
4978 if ( !Ban::addBan($blogje, $iprange, $reason) )
\r
4985 self::error(_ERROR_ADDBAN);
\r
4988 self::action_banlist();
\r
4993 * Admin::action_clearactionlog()
\r
4998 static private function action_clearactionlog()
\r
5002 $member->isAdmin() or self::disallow();
\r
5004 ActionLog::clear();
\r
5006 self::action_manage(_MSG_ACTIONLOGCLEARED);
\r
5011 * Admin::action_backupoverview()
\r
5016 static private function action_backupoverview()
\r
5018 global $member, $manager;
\r
5020 $member->isAdmin() or self::disallow();
\r
5022 self::$skin->parse('backupoverview');
\r
5027 * Admin::action_backupcreate()
\r
5028 * create file for backup
\r
5034 static private function action_backupcreate()
\r
5036 global $member, $DIR_LIBS;
\r
5038 $member->isAdmin() or self::disallow();
\r
5040 // use compression ?
\r
5041 $useGzip = (integer) postVar('gzip');
\r
5043 include($DIR_LIBS . 'backup.php');
\r
5045 // try to extend time limit
\r
5046 // (creating/restoring dumps might take a while)
\r
5047 @set_time_limit(1200);
\r
5049 Backup::do_backup($useGzip);
\r
5054 * Admin::action_backuprestore()
\r
5055 * restoring from uploaded file
\r
5060 static private function action_backuprestore()
\r
5062 global $member, $DIR_LIBS;
\r
5064 $member->isAdmin() or self::disallow();
\r
5066 if ( intPostVar('letsgo') != 1 )
\r
5068 self::error(_ERROR_BACKUP_NOTSURE);
\r
5071 include($DIR_LIBS . 'backup.php');
\r
5073 // try to extend time limit
\r
5074 // (creating/restoring dumps might take a while)
\r
5075 @set_time_limit(1200);
\r
5077 $message = Backup::do_restore();
\r
5078 if ( $message != '' )
\r
5080 self::error($message);
\r
5082 self::$skin->parse('backuprestore');
\r
5087 * Admin::action_pluginlist()
\r
5088 * output the list of installed plugins
\r
5094 static private function action_pluginlist()
\r
5096 global $DIR_PLUGINS, $member, $manager;
\r
5098 // check if allowed
\r
5099 $member->isAdmin() or self::disallow();
\r
5101 self::$skin->parse('pluginlist');
\r
5106 * Admin::action_pluginhelp()
\r
5111 static private function action_pluginhelp()
\r
5113 global $member, $manager, $DIR_PLUGINS, $CONF;
\r
5115 // check if allowed
\r
5116 $member->isAdmin() or self::disallow();
\r
5118 $plugid = intGetVar('plugid');
\r
5120 if ( !$manager->pidInstalled($plugid) )
\r
5122 self::error(_ERROR_NOSUCHPLUGIN);
\r
5125 self::$skin->parse('pluginhelp');
\r
5130 * Admin::action_pluginadd()
\r
5136 static private function action_pluginadd()
\r
5138 global $member, $manager, $DIR_PLUGINS;
\r
5140 // check if allowed
\r
5141 $member->isAdmin() or self::disallow();
\r
5143 $name = postVar('filename');
\r
5145 if ( $manager->pluginInstalled($name) )
\r
5147 self::error(_ERROR_DUPPLUGIN);
\r
5150 if ( !checkPlugin($name) )
\r
5152 self::error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
\r
5155 // get number of currently installed plugins
\r
5156 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
\r
5157 $numCurrent = $res->rowCount();
\r
5159 // plugin will be added as last one in the list
\r
5160 $newOrder = $numCurrent + 1;
\r
5162 $data = array('file' => &$name);
\r
5163 $manager->notify('PreAddPlugin', $data);
\r
5165 // do this before calling getPlugin (in case the plugin id is used there)
\r
5166 $query = "INSERT INTO %s (porder, pfile) VALUES (%d, %s);";
\r
5167 $query = sprintf($query, sql_table('plugin'), (integer) $newOrder, DB::quoteValue($name));
\r
5168 DB::execute($query);
\r
5169 $iPid = DB::getInsertId();
\r
5171 $manager->clearCachedInfo('installedPlugins');
\r
5173 // Load the plugin for condition checking and instalation
\r
5174 $plugin =& $manager->getPlugin($name);
\r
5176 // check if it got loaded (could have failed)
\r
5179 $query = "DELETE FROM %s WHERE pid=%d;";
\r
5180 $query = sprintf($query, sql_table('plugin'), (integer) $iPid);
\r
5182 DB::execute($query);
\r
5184 $manager->clearCachedInfo('installedPlugins');
\r
5185 self::error(_ERROR_PLUGIN_LOAD);
\r
5188 // check if plugin needs a newer Nucleus version
\r
5189 if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
\r
5191 // uninstall plugin again...
\r
5192 self::deleteOnePlugin($plugin->getID());
\r
5194 // ...and show error
\r
5195 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
\r
5198 // check if plugin needs a newer Nucleus version
\r
5199 if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
\r
5201 // uninstall plugin again...
\r
5202 self::deleteOnePlugin($plugin->getID());
\r
5204 // ...and show error
\r
5205 self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
\r
5208 $pluginList = $plugin->getPluginDep();
\r
5209 foreach ( $pluginList as $pluginName )
\r
5211 $res = DB::getResult('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile=' . DB::quoteValue($pluginName));
\r
5212 if ($res->rowCount() == 0)
\r
5214 // uninstall plugin again...
\r
5215 self::deleteOnePlugin($plugin->getID());
\r
5216 self::error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
\r
5220 // call the install method of the plugin
\r
5221 $plugin->install();
\r
5223 $data = array('plugin' => &$plugin);
\r
5224 $manager->notify('PostAddPlugin', $data);
\r
5226 // update all events
\r
5227 self::action_pluginupdate();
\r
5232 * ADMIN:action_pluginupdate():
\r
5238 static private function action_pluginupdate()
\r
5240 global $member, $manager, $CONF;
\r
5242 // check if allowed
\r
5243 $member->isAdmin() or self::disallow();
\r
5245 // delete everything from plugin_events
\r
5246 DB::execute('DELETE FROM '.sql_table('plugin_event'));
\r
5248 // loop over all installed plugins
\r
5249 $res = DB::getResult('SELECT pid, pfile FROM '.sql_table('plugin'));
\r
5250 foreach ( $res as $row )
\r
5252 $pid = $row['pid'];
\r
5253 $plug =& $manager->getPlugin($row['pfile']);
\r
5256 $eventList = $plug->getEventList();
\r
5257 foreach ( $eventList as $eventName )
\r
5259 $query = "INSERT INTO %s (pid, event) VALUES (%d, %s)";
\r
5260 $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, DB::quoteValue($eventName));
\r
5261 DB::execute($query);
\r
5265 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5270 * Admin::action_plugindelete()
\r
5275 static private function action_plugindelete()
\r
5277 global $member, $manager;
\r
5279 // check if allowed
\r
5280 $member->isAdmin() or self::disallow();
\r
5282 $pid = intGetVar('plugid');
\r
5284 if ( !$manager->pidInstalled($pid) )
\r
5286 self::error(_ERROR_NOSUCHPLUGIN);
\r
5289 self::$skin->parse('plugindelete');
\r
5294 * Admin::action_plugindeleteconfirm()
\r
5299 static private function action_plugindeleteconfirm()
\r
5301 global $member, $manager, $CONF;
\r
5303 // check if allowed
\r
5304 $member->isAdmin() or self::disallow();
\r
5306 $pid = intPostVar('plugid');
\r
5308 $error = self::deleteOnePlugin($pid, 1);
\r
5311 self::error($error);
\r
5314 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5324 static public function deleteOnePlugin($pid, $callUninstall = 0)
\r
5328 $pid = intval($pid);
\r
5330 if ( !$manager->pidInstalled($pid) )
\r
5332 return _ERROR_NOSUCHPLUGIN;
\r
5335 $query = "SELECT pfile as result FROM %s WHERE pid=%d;";
\r
5336 $query = sprintf($query, sql_table('plugin'), (integer) $pid);
\r
5337 $name = DB::getValue($query);
\r
5339 // check dependency before delete
\r
5340 $res = DB::getResult('SELECT pfile FROM ' . sql_table('plugin'));
\r
5341 foreach ( $res as $row )
\r
5343 $plug =& $manager->getPlugin($row['pfile']);
\r
5346 $depList = $plug->getPluginDep();
\r
5347 foreach ( $depList as $depName )
\r
5349 if ( $name == $depName )
\r
5351 return sprintf(_ERROR_DELREQPLUGIN, $row['pfile']);
\r
5357 $data = array('plugid' => $pid);
\r
5358 $manager->notify('PreDeletePlugin', $data);
\r
5360 // call the unInstall method of the plugin
\r
5361 if ( $callUninstall )
\r
5363 $plugin =& $manager->getPlugin($name);
\r
5366 $plugin->unInstall();
\r
5370 // delete all subscriptions
\r
5371 DB::execute('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
\r
5373 // delete all options
\r
5374 // get OIDs from plugin_option_desc
\r
5375 $res = DB::getResult('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5377 foreach ( $res as $row )
\r
5379 array_push($aOIDs, $row['oid']);
\r
5382 // delete from plugin_option and plugin_option_desc
\r
5383 DB::execute('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
\r
5384 if (count($aOIDs) > 0)
\r
5386 DB::execute('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')');
\r
5389 // update order numbers
\r
5390 $res = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5391 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $res);
\r
5394 DB::execute('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
\r
5396 $manager->clearCachedInfo('installedPlugins');
\r
5397 $data = array('plugid' => $pid);
\r
5398 $manager->notify('PostDeletePlugin', $data);
\r
5404 * Admin::action_pluginup()
\r
5409 static private function action_pluginup()
\r
5411 global $member, $manager, $CONF;
\r
5413 // check if allowed
\r
5414 $member->isAdmin() or self::disallow();
\r
5416 $plugid = intGetVar('plugid');
\r
5418 if ( !$manager->pidInstalled($plugid) )
\r
5420 self::error(_ERROR_NOSUCHPLUGIN);
\r
5423 // 1. get old order number
\r
5424 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5426 // 2. calculate new order number
\r
5427 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
\r
5429 // 3. update plug numbers
\r
5430 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5431 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5433 //self::action_pluginlist();
\r
5434 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5435 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5440 * Admin::action_plugindown()
\r
5445 static private function action_plugindown()
\r
5447 global $member, $manager, $CONF;
\r
5449 // check if allowed
\r
5450 $member->isAdmin() or self::disallow();
\r
5452 $plugid = intGetVar('plugid');
\r
5453 if ( !$manager->pidInstalled($plugid) )
\r
5455 self::error(_ERROR_NOSUCHPLUGIN);
\r
5458 // 1. get old order number
\r
5459 $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
\r
5461 $res = DB::getResult('SELECT * FROM ' . sql_table('plugin'));
\r
5462 $maxOrder = $res->rowCount();
\r
5464 // 2. calculate new order number
\r
5465 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
\r
5467 // 3. update plug numbers
\r
5468 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
\r
5469 DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
\r
5471 //self::action_pluginlist();
\r
5472 // To avoid showing ticket in the URL, redirect to pluginlist, instead.
\r
5473 redirect($CONF['AdminURL'] . '?action=pluginlist');
\r
5478 * Admin::action_pluginoptions()
\r
5480 * Output Plugin option page
\r
5483 * @param string $message message when fallbacked
\r
5487 static private function action_pluginoptions($message = '')
\r
5489 global $member, $manager;
\r
5491 // check if allowed
\r
5492 $member->isAdmin() or self::disallow();
\r
5494 $pid = intRequestVar('plugid');
\r
5495 if ( !$manager->pidInstalled($pid) )
\r
5497 self::error(_ERROR_NOSUCHPLUGIN);
\r
5500 if ( isset($message) )
\r
5502 self::$headMess = $message;
\r
5504 $plugname = $manager->getPluginNameFromPid($pid);
\r
5505 $plugin = $manager->getPlugin($plugname);
\r
5506 Admin::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
\r
5508 self::$skin->parse('pluginoptions');
\r
5513 * Admin::action_pluginoptionsupdate()
\r
5515 * Update plugin options and fallback to plugin option page
\r
5521 static private function action_pluginoptionsupdate()
\r
5523 global $member, $manager;
\r
5525 // check if allowed
\r
5526 $member->isAdmin() or self::disallow();
\r
5528 $pid = intRequestVar('plugid');
\r
5530 if ( !$manager->pidInstalled($pid) )
\r
5532 self::error(_ERROR_NOSUCHPLUGIN);
\r
5535 $aOptions = requestArray('plugoption');
\r
5536 NucleusPlugin::apply_plugin_options($aOptions);
\r
5539 'context' => 'global',
\r
5542 $manager->notify('PostPluginOptionsUpdate', $data);
\r
5544 self::action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
\r
5549 * Admin::action_parseSpecialskin()
\r
5554 static private function action_parseSpecialskin()
\r
5556 self::$skin->parse(self::$action);
\r
5561 * Admin::getAdminskinIDFromName()
\r
5563 * @param string $skinname name of skin
\r
5564 * @return integer ID for skin
\r
5566 static private function getAdminskinIDFromName($skinname)
\r
5568 $query = "SELECT 'sdnumber' as result FROM %s WHERE sdname = %s;";
\r
5569 $query = sprintf($query, sql_table('skin_desc'), DB::quoteValue($skinname));
\r
5570 $admnSknID = DB::getValue($query);
\r
5571 return (integer) $adminSkinID;
\r
5575 * Admin::getAdminskinNameFromID()
\r
5577 * @param integer $skinid ID for skin
\r
5578 * @return integer ID for skin
\r
5580 static private function getAdminskinNameFromID($skinid)
\r
5582 $query = "SELECT sdname as result FROM %s WHERE sdnumber = %d;";
\r
5583 $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid);
\r
5584 $admnSknID = DB::getValue($query);
\r
5585 return (integer) $adminSkinID;
\r
5589 * Admin::getAdminextrahead()
\r
5591 static public function getAdminextrahead()
\r
5593 return self::$extrahead;
\r
5597 * Admin::getAdminpassvar()
\r
5599 static public function getAdminpassvar()
\r
5601 return self::$passvar;
\r
5605 * Admin::getAdminAction()
\r
5607 static public function getAdminAction()
\r
5609 return self::$action;
\r
5613 * Admin::getAdminaOption()
\r
5615 static public function getAdminaOption()
\r
5617 return self::$aOptions;
\r
5621 * Admin::action_importAdmin()
\r
5626 static private function action_importAdmin()
\r
5628 global $DIR_ADMINSKINS, $action;
\r
5629 if ( $action == 'adminskinieimport' )
\r
5631 self::doAdminskinimport();
\r
5634 if ( $action == 'showlogin' )
\r
5636 $skinName = 'showlogin';
\r
5637 $actnName = 'showlogin';
\r
5641 $skinName = 'defaultimporter';
\r
5642 $actnName = 'importAdmin';
\r
5645 /* TODO: why??? */
\r
5646 $contents = file_get_contents($DIR_ADMINSKINS . $skinName . '.skn');
\r
5648 $skn['description'] = $skinName;
\r
5649 $skn['contentType'] = 'importAdmin';
\r
5650 $skn['includeMode'] = 'normal';
\r
5651 $skn['includePrefix'] = '';
\r
5652 $skn['name'] = 'defaultinporter';
\r
5654 self::$skin = (object) $skn;
\r
5655 $handler = new AdminActions($actnName, self::$skin, $this);
\r
5657 $parser = new PARSER($handler);
\r
5658 $parser->setSkin(self::$skin);
\r
5659 $parser->parse($contents);
\r
5665 * Admin::doAdminskinimport()
\r
5670 static private function doAdminskinimport()
\r
5672 global $DIR_LIBS, $DIR_ADMINSKINS, $CONF, $member;
\r
5674 $member->isAdmin() or self::disallow();
\r
5676 include_once($DIR_LIBS . 'Skinie.php');
\r
5677 $skinFileRaw = postVar('skinfile');
\r
5678 $mode = postVar('mode');
\r
5679 $allowOverwrite = intPostVar('overwrite');
\r
5681 if ( $mode == 'file' )
\r
5683 $skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
\r
5687 $skinFile = $skinFileRaw;
\r
5690 $importer = new SKINIMPORT();
\r
5691 $error = $importer->readFile($skinFile);
\r
5694 self::error($error);
\r
5696 $error = $importer->writeToDatabase($allowOverwrite);
\r
5699 self::error($error);
\r
5702 $_REQUEST['skininfo'] = $importer->getInfo();
\r
5703 $_REQUEST['skinnames'] = $importer->getSkinNames();
\r
5704 $_REQUEST['tpltnames'] = $importer->getTemplateNames();
\r
5706 header('Location: ' . $CONF['AdminURL']);
\r