';
}
$this->pagefoot();
}
/**
* Returns a link to a weblog
* @param object BLOG
*/
function bloglink(&$blog) {
return ''. Entity::hsc( $blog->getName() ) .'';
}
/**
* @todo document this
*/
function action_manage($msg = '') {
global $member;
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
\n";
}
// amount of items to show
if ( postVar('amount') )
{
$amount = intPostVar('amount');
}
else
{
$amount = intval($CONF['DefaultListSize']);
if ( $amount < 1 )
{
$amount = 10;
}
}
$search = postVar('search'); // search through items
$query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
. ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
. ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
if ( $search )
{
$query .= " AND ((ititle LIKE " . DB::quoteValue('%'.$search.'%') . ") OR (ibody LIKE " . DB::quoteValue('%'.$search.'%') . ") OR (imore LIKE " . DB::quoteValue('%'.$search.'%') . "))";
}
// non-blog-admins can only edit/delete their own items
if ( !$member->blogAdminRights($blogid) )
{
$query .= ' and iauthor=' . $member->getID();
}
$query .= ' ORDER BY itime DESC'
. " LIMIT $start, $amount";
$template['content'] = 'itemlist';
$template['now'] = $blog->getCorrectTime(time());
$manager->loadClass("ENCAPSULATE");
$navList = new NavList('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('item',$query,'table',$template);
$this->pagefoot();
return;
}
/**
* @todo document this
*/
function action_batchitem() {
global $member, $manager;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On move: when no destination blog/category chosen, show choice now
$destCatid = intRequestVar('destcatid');
if (($action == 'move') && (!$manager->existsCategory($destCatid)))
$this->batchMoveSelectDestination('item',$selected);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('item',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
',_BATCH_ITEMS,'
';
echo '
',_BATCH_EXECUTING,' ',Entity::hsc($action),'
';
echo '
';
// walk over all itemids and perform action
foreach ($selected as $itemid) {
$itemid = intval($itemid);
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchcomment() {
global $member;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('comment',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
',_BATCH_COMMENTS,'
';
echo '
',_BATCH_EXECUTING,' ',Entity::hsc($action),'
';
echo '
';
// walk over all itemids and perform action
foreach ($selected as $commentid) {
$commentid = intval($commentid);
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchmember() {
global $member;
// check if logged in and admin
($member->isLoggedIn() && $member->isAdmin()) or $this->disallow();
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no members selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('member',$selected);
$this->pagehead();
echo '(',_MEMBERS_BACKTOOVERVIEW,')';
echo '
',_BATCH_MEMBERS,'
';
echo '
',_BATCH_EXECUTING,' ',Entity::hsc($action),'
';
echo '
';
// walk over all itemids and perform action
foreach ($selected as $memberid) {
$memberid = intval($memberid);
echo '
',_BATCH_EXECUTING,' ',Entity::hsc($action),' ',_BATCH_ONMEMBER,' ', $memberid, '...';
// perform action, display errors if needed
switch($action) {
case 'delete':
$error = $this->deleteOneMember($memberid);
break;
case 'setadmin':
// always succeeds
DB::execute('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid);
$error = '';
break;
case 'unsetadmin':
// there should always remain at least one super-admin
$r = DB::getResult('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
if ($r->rowCount() < 2)
$error = _ERROR_ATLEASTONEADMIN;
else
DB::execute('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
break;
default:
$error = _BATCH_UNKNOWN . Entity::hsc($action);
}
echo '',($error ? $error : _BATCH_SUCCESS),'';
echo '
';
}
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchteam() {
global $member;
$blogid = intRequestVar('blogid');
// check if logged in and admin
($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow();
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no members selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('team',$selected);
$this->pagehead();
echo '
';
// walk over all itemids and perform action
foreach ($selected as $memberid) {
$memberid = intval($memberid);
echo '
',_BATCH_EXECUTING,' ',Entity::hsc($action),' ',_BATCH_ONTEAM,' ', $memberid, '...';
// perform action, display errors if needed
switch($action) {
case 'delete':
$error = $this->deleteOneTeamMember($blogid, $memberid);
break;
case 'setadmin':
// always succeeds
DB::execute('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid);
$error = '';
break;
case 'unsetadmin':
// there should always remain at least one admin
$r = DB::getResult('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
if ($r->rowCount() < 2)
$error = _ERROR_ATLEASTONEBLOGADMIN;
else
DB::execute('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
break;
default:
$error = _BATCH_UNKNOWN . Entity::hsc($action);
}
echo '',($error ? $error : _BATCH_SUCCESS),'';
echo '
';
}
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function action_batchcategory() {
global $member, $manager;
// check if logged in
$member->isLoggedIn() or $this->disallow();
// more precise check will be done for each performed operation
// get array of itemids from request
$selected = requestIntArray('batch');
$action = requestVar('batchaction');
// Show error when no items were selected
if (!is_array($selected) || sizeof($selected) == 0)
$this->error(_BATCH_NOSELECTION);
// On move: when no destination blog chosen, show choice now
$destBlogId = intRequestVar('destblogid');
if (($action == 'move') && (!$manager->existsBlogID($destBlogId)))
$this->batchMoveCategorySelectDestination('category',$selected);
// On delete: check if confirmation has been given
if (($action == 'delete') && (requestVar('confirmation') != 'yes'))
$this->batchAskDeleteConfirmation('category',$selected);
$this->pagehead();
echo '(',_BACKHOME,')';
echo '
',BATCH_CATEGORIES,'
';
echo '
',_BATCH_EXECUTING,' ',Entity::hsc($action),'
';
echo '
';
// walk over all itemids and perform action
foreach ($selected as $catid) {
$catid = intval($catid);
echo '
';
echo '',_BATCH_DONE,'';
$this->pagefoot();
}
/**
* @todo document this
*/
function batchMoveSelectDestination($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
/**
* @todo document this
*/
function batchMoveCategorySelectDestination($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
/**
* @todo document this
*/
function batchAskDeleteConfirmation($type, $ids) {
global $manager;
$this->pagehead();
?>
pagefoot();
exit;
}
/**
* Inserts a HTML select element with choices for all categories to which the current
* member has access
* @see function selectBlog
*/
function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
}
/**
* Admin::selectBlog()
* Inserts a HTML select element with choices for all blogs to which the user has access
* mode = 'blog' => shows blognames and values are blogids
* mode = 'category' => show category names and values are catids
*
* @param string $name name of
* @param string $mode blog/category
* @param integer $selected category ID to be selected
* @param integer $tabindex tab index value
* @param integer $showNewCat show category to newly be created
* @param integer $iForcedBlogInclude ID of a blog that always needs to be included,
* without checking if the member is on the blog team (-1 = none)
* @return void
*/
public function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
{
global $member, $CONF;
// 0. get IDs of blogs to which member can post items (+ forced blog)
$aBlogIds = array();
if ( $iForcedBlogInclude != -1 )
{
$aBlogIds[] = intval($iForcedBlogInclude);
}
if ( !$member->isAdmin() || !array_key_exists('ShowAllBlogs', $CONF) || !$CONF['ShowAllBlogs'] )
{
$query = "SELECT bnumber FROM %s,%s WHERE tblog=bnumber and tmember=%d;";
$query = sprintf($query, sql_table('blog'), sql_table('team'), (integer) $member->getID());
}
else
{
$query = "SELECT bnumber FROM %s ORDER BY bname;";
$query = sprintf($query, sql_table('blog'));
}
$rblogids = DB::getResult($query);
foreach ( $rblogids as $row )
{
if ( $row['bnumber'] != $iForcedBlogInclude )
{
$aBlogIds[] = (integer) $row['bnumber'];
}
}
if ( count($aBlogIds) == 0 )
{
return;
}
echo "\n";
return;
}
/**
* Admin::action_browseownitems()
*
* @param void
* @return void
*/
public function action_browseownitems()
{
global $member, $manager, $CONF;
$this->pagehead();
echo '
';
$template['content'] = 'commentlist';
$template['canAddBan'] = $member->blogAdminRights($blogid);
$manager->loadClass("ENCAPSULATE");
$navList = new NavList('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
$this->pagefoot();
return;
}
/**
* Admin::action_createitem()
* Provide a page to item a new item to the given blog
*
* @param void
* @return void
*/
public function action_createitem()
{
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->teamRights($blogid) or $this->disallow();
$memberid = $member->getID();
$blog =& $manager->getBlog($blogid);
// generate the add-item form
$handler = new PageFactory($blog);
$contents = $handler->getTemplateFor('admin', 'add');
$manager->notify('PreAddItemForm', array('contents' => &$contents, 'blog' => &$blog));
$parser = new Parser($handler);
$this->pagehead();
$parser->parse($contents);
$this->pagefoot();
return;
}
/**
* Admin::action_itemedit()
*
* @param void
* @return void
*/
public function action_itemedit()
{
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$variables =& $manager->getItem($itemid, 1, 1);
$blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
$manager->notify('PrepareItemForEdit', array('item' => &$variables));
if ( $blog->convertBreaks() )
{
$variables['body'] = removeBreaks($variables['body']);
$variables['more'] = removeBreaks($variables['more']);
}
// form to edit blog items
$handler = new PageFactory($blog);
$handler->setVariables($variables);
$content = $handler->getTemplateFor('admin', 'edit');
$parser = new Parser($handler);
$this->pagehead();
$parser->parse($content);
$this->pagefoot();
return;
}
/**
* @todo document this
*/
function action_itemupdate() {
global $member, $manager, $CONF;
$itemid = intRequestVar('itemid');
$catid = postVar('catid');
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
$actiontype = postVar('actiontype');
// delete actions are handled by itemdelete (which has confirmation)
if ($actiontype == 'delete') {
$this->action_itemdelete();
return;
}
$body = postVar('body');
$title = postVar('title');
$more = postVar('more');
$closed = intPostVar('closed');
$draftid = intPostVar('draftid');
// default action = add now
if (!$actiontype)
$actiontype='addnow';
// create new category if needed
if ( i18n::strpos($catid,'newcat') === 0 ) {
// get blogid
list($blogid) = sscanf($catid,"newcat-%d");
// create
$blog =& $manager->getBlog($blogid);
$catid = $blog->createNewCategory();
// show error when sth goes wrong
if (!$catid)
$this->doError(_ERROR_CATCREATEFAIL);
}
/*
set some variables based on actiontype
actiontypes:
draft items -> addnow, addfuture, adddraft, delete
non-draft items -> edit, changedate, delete
variables set:
$timestamp: set to a nonzero value for future dates or date changes
$wasdraft: set to 1 when the item used to be a draft item
$publish: set to 1 when the edited item is not a draft
*/
$blogid = getBlogIDFromItemID($itemid);
$blog =& $manager->getBlog($blogid);
$wasdrafts = array('adddraft', 'addfuture', 'addnow');
$wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
$publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
if ($actiontype == 'addfuture' || $actiontype == 'changedate') {
$timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
} else {
$timestamp =0;
}
// edit the item for real
Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
$this->updateFuturePosted($blogid);
if ($draftid > 0) {
// delete permission is checked inside Item::delete()
Item::delete($draftid);
}
// show category edit window when we created a new category
// ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
if ($catid != intPostVar('catid')) {
$this->action_categoryedit(
$catid,
$blog->getID(),
$CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
);
} else {
// TODO: set start item correctly for itemlist
$this->action_itemlist(getBlogIDFromItemID($itemid));
}
}
/**
* Admin::action_itemdelete()
* Delete item
*
* @param Void
* @return Void
*/
function action_itemdelete()
{
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
if ( !$manager->existsItem($itemid,1,1) )
{
$this->error(_ERROR_NOSUCHITEM);
}
$item =& $manager->getItem($itemid,1,1);
$title = Entity::hsc(strip_tags($item['title']));
$body = strip_tags($item['body']);
$body = Entity::hsc(Entity::shorten($body,300,'...'));
$this->pagehead();
echo '
\n";
echo "\n";
$this->pagefoot();
return;
}
/**
* @todo document this
*/
function action_itemdeleteconfirm() {
global $member;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
// get blogid first
$blogid = getBlogIdFromItemId($itemid);
// delete item (note: some checks will be performed twice)
$this->deleteOneItem($itemid);
$this->action_itemlist($blogid);
}
/**
* Deletes one item and returns error if something goes wrong
* @param int $itemid
*/
function deleteOneItem($itemid) {
global $member, $manager;
// only allow if user is allowed to alter item (also checks if itemid exists)
if (!$member->canAlterItem($itemid))
return _ERROR_DISALLOWED;
// need to get blogid before the item is deleted
$blogid = getBlogIDFromItemId($itemid);
$manager->loadClass('ITEM');
Item::delete($itemid);
// update blog's futureposted
$this->updateFuturePosted($blogid);
}
/**
* Admin::updateFuturePosted()
* Update a blog's future posted flag
*
* @param integer $blogid
* @return void
*
*/
function updateFuturePosted($blogid)
{
global $manager;
$blog =& $manager->getBlog($blogid);
$currenttime = $blog->getCorrectTime(time());
$query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>%s";
$query = sprintf($query, sql_table('item'), (integer) $blogid, DB::formatDateTime($currenttime));
$result = DB::getResult($query);
if ( $result->rowCount() > 0 )
{
$blog->setFuturePost();
}
else
{
$blog->clearFuturePost();
}
return;
}
/**
* @todo document this
*/
function action_itemmove() {
global $member, $manager;
$itemid = intRequestVar('itemid');
// only allow if user is allowed to alter item
$member->canAlterItem($itemid) or $this->disallow();
$item =& $manager->getItem($itemid,1,1);
$this->pagehead();
?>
pagefoot();
}
/**
* @todo document this
*/
function action_itemmoveto() {
global $member, $manager;
$itemid = intRequestVar('itemid');
$catid = requestVar('catid');
// create new category if needed
if ( i18n::strpos($catid,'newcat') === 0 ) {
// get blogid
list($blogid) = sscanf($catid,'newcat-%d');
// create
$blog =& $manager->getBlog($blogid);
$catid = $blog->createNewCategory();
// show error when sth goes wrong
if (!$catid)
$this->doError(_ERROR_CATCREATEFAIL);
}
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
$old_blogid = getBlogIDFromItemId($itemid);
Item::move($itemid, $catid);
// set the futurePosted flag on the blog
$this->updateFuturePosted(getBlogIDFromItemId($itemid));
// reset the futurePosted in case the item is moved from one blog to another
$this->updateFuturePosted($old_blogid);
if ($catid != intRequestVar('catid'))
$this->action_categoryedit($catid, $blog->getID());
else
$this->action_itemlist(getBlogIDFromCatID($catid));
}
/**
* Moves one item to a given category (category existance should be checked by caller)
* errors are returned
* @param int $itemid
* @param int $destCatid category ID to which the item will be moved
*/
function moveOneItem($itemid, $destCatid) {
global $member;
// only allow if user is allowed to move item
if (!$member->canUpdateItem($itemid, $destCatid))
return _ERROR_DISALLOWED;
Item::move($itemid, $destCatid);
}
/**
* Adds a item to the chosen blog
*/
function action_additem() {
global $manager, $CONF;
$manager->loadClass('ITEM');
$result = Item::createFromRequest();
if ($result['status'] == 'error')
$this->error($result['message']);
$blogid = getBlogIDFromItemID($result['itemid']);
$blog =& $manager->getBlog($blogid);
$btimestamp = $blog->getCorrectTime();
$item = $manager->getItem(intval($result['itemid']), 1, 1);
if ($result['status'] == 'newcategory') {
$distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
$this->action_categoryedit($result['catid'], $blogid, $distURI);
} else {
$methodName = 'action_itemList';
call_user_func(array(&$this, $methodName), $blogid);
}
}
/**
* Allows to edit previously made comments
**/
function action_commentedit() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$comment = Comment::getComment($commentid);
$manager->notify('PrepareCommentForEdit', array('comment' => &$comment) );
// change to \n
$comment['body'] = str_replace(' ', '', $comment['body']);
// replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0
/* original eregi_replace: eregi_replace("[^<]*", "\\1", $comment['body']) */
$comment['body'] = preg_replace("#[^<]*#i", "\\1", $comment['body']);
$this->pagehead();
?>
pagefoot();
}
/**
* @todo document this
*/
function action_commentupdate() {
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$url = postVar('url');
$email = postVar('email');
$body = postVar('body');
# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
# original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE
# important note that '\' must be matched with '\\\\' in preg* expressions
// intercept words that are too long
if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
{
$this->error(_ERROR_COMMENT_LONGWORD);
}
// check length
if (i18n::strlen($body) < 3)
{
$this->error(_ERROR_COMMENT_NOCOMMENT);
}
if (i18n::strlen($body) > 5000)
{
$this->error(_ERROR_COMMENT_TOOLONG);
}
// prepare body
$body = Comment::prepareBody($body);
// call plugins
$manager->notify('PreUpdateComment',array('body' => &$body));
$query = 'UPDATE ' . sql_table('comment')
. ' SET cmail = ' . DB::quoteValue($url) . ', cemail = ' . DB::quoteValue($email) . ', cbody = ' . DB::quoteValue($body)
. ' WHERE cnumber = ' . $commentid;
DB::execute($query);
// get itemid
$res = DB::getValue('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
$itemid = $res;
if ($member->canAlterItem($itemid))
$this->action_itemcommentlist($itemid);
else
$this->action_browseowncomments();
}
/**
* Admin::action_commentdelete()
* Update comment
*
* @param Void
* @return Void
*/
function action_commentdelete()
{
global $member, $manager;
$commentid = intRequestVar('commentid');
$member->canAlterComment($commentid) or $this->disallow();
$comment = Comment::getComment($commentid);
$body = strip_tags($comment['body']);
$body = Entity::hsc(Entity::shorten($body, 300, '...'));
if ( $comment['member'] )
{
$author = $comment['member'];
}
else
{
$author = $comment['user'];
}
$this->pagehead();
echo '
\n";
// show list of members with actions
$query = 'SELECT * FROM '.sql_table('member');
$template['content'] = 'memberlist';
$template['tabindex'] = 10;
$manager->loadClass("ENCAPSULATE");
$batch = new Batch('member');
$batch->showlist($query,'table',$template);
echo '
' . _MEMBERS_NEW .'
';
echo "\n";
$this->pagefoot();
return;
}
/**
* Edit member settings
*/
function action_memberedit() {
$this->action_editmembersettings(intRequestVar('memberid'));
}
/**
* @todo document this
*/
function action_editmembersettings($memberid = '') {
global $member, $manager, $CONF;
if ($memberid == '')
{
$memberid = $member->getID();
}
// check if allowed
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$extrahead = '';
$this->pagehead($extrahead);
// show message to go back to member overview (only for admins)
if ($member->isAdmin())
{
echo '(' ._MEMBERS_BACKTOOVERVIEW. ')';
}
else
{
echo '(' ._BACKHOME. ')';
}
echo '
' . _MEMBERS_EDIT . '
';
$mem =& $manager->getMember($memberid);
?>
',_PLUGINS_EXTRA,'';
$manager->notify(
'MemberSettingsFormExtras',
array(
'member' => &$mem
)
);
$this->pagefoot();
}
/**
* @todo document this
*/
function action_changemembersettings() {
global $member, $CONF, $manager;
$memberid = intRequestVar('memberid');
// check if allowed
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$name = trim(strip_tags(postVar('name')));
$realname = trim(strip_tags(postVar('realname')));
$password = postVar('password');
$repeatpassword = postVar('repeatpassword');
$email = strip_tags(postVar('email'));
$url = strip_tags(postVar('url'));
# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
# original eregi: !eregi("^https?://", $url)
// begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
if (!preg_match('#^https?://#', $url) )
{
$url = 'http://' . $url;
}
$admin = postVar('admin');
$canlogin = postVar('canlogin');
$notes = strip_tags(postVar('notes'));
$locale = postVar('locale');
$mem =& $manager->getMember($memberid);
if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
if (!isValidDisplayName($name))
$this->error(_ERROR_BADNAME);
if (($name != $mem->getDisplayName()) && Member::exists($name))
$this->error(_ERROR_NICKNAMEINUSE);
if ($password != $repeatpassword)
$this->error(_ERROR_PASSWORDMISMATCH);
if ($password && (i18n::strlen($password) < 6))
$this->error(_ERROR_PASSWORDTOOSHORT);
if ($password) {
$pwdvalid = true;
$pwderror = '';
$manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
if (!$pwdvalid) {
$this->error($pwderror);
}
}
}
if ( !NOTIFICATION::address_validation($email) )
{
$this->error(_ERROR_BADMAILADDRESS);
}
if ( !$realname )
{
$this->error(_ERROR_REALNAMEMISSING);
}
if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
$this->error(_ERROR_NOSUCHTRANSLATION);
// check if there will remain at least one site member with both the logon and admin rights
// (check occurs when taking away one of these rights from such a member)
if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
|| (!$canlogin && $mem->isAdmin() && $mem->canLogin())
)
{
$r = DB::getResult('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
if ($r->rowCount() < 2)
$this->error(_ERROR_ATLEASTONEADMIN);
}
if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
$mem->setDisplayName($name);
if ($password)
$mem->setPassword($password);
}
$oldEmail = $mem->getEmail();
$mem->setRealName($realname);
$mem->setEmail($email);
$mem->setURL($url);
$mem->setNotes($notes);
$mem->setLocale($locale);
// only allow super-admins to make changes to the admin status
if ($member->isAdmin()) {
$mem->setAdmin($admin);
$mem->setCanLogin($canlogin);
}
$autosave = postVar ('autosave');
$mem->setAutosave($autosave);
$mem->write();
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::apply_plugin_options($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
// if email changed, generate new password
if ($oldEmail != $mem->getEmail())
{
$mem->sendActivationLink('addresschange', $oldEmail);
// logout member
$mem->newCookieKey();
// only log out if the member being edited is the current member.
if ($member->getID() == $memberid)
$member->logout();
$this->action_login(_MSG_ACTIVATION_SENT, 0);
return;
}
if ( ( $mem->getID() == $member->getID() )
&& ( $mem->getDisplayName() != $member->getDisplayName() )
) {
$mem->newCookieKey();
$member->logout();
$this->action_login(_MSG_LOGINAGAIN, 0);
} else {
$this->action_overview(_MSG_SETTINGSCHANGED);
}
}
/**
* Admin::action_memberadd()
*
* @param void
* @return void
*
*/
function action_memberadd()
{
global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
if ( postVar('password') != postVar('repeatpassword') )
{
$this->error(_ERROR_PASSWORDMISMATCH);
}
if ( i18n::strlen(postVar('password')) < 6 )
{
$this->error(_ERROR_PASSWORDTOOSHORT);
}
$res = Member::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes'));
if ( $res != 1 )
{
$this->error($res);
}
// fire PostRegister event
$newmem = new Member();
$newmem->readFromName(postVar('name'));
$manager->notify('PostRegister',array('member' => &$newmem));
$this->action_usermanagement();
return;
}
/**
* Account activation
*
* @author dekarma
*/
function action_activate() {
$key = getVar('key');
$this->_showActivationPage($key);
}
/**
* @todo document this
*/
function _showActivationPage($key, $message = '')
{
global $manager;
// clean up old activation keys
Member::cleanupActivationTable();
// get activation info
$info = Member::getActivationInfo($key);
if (!$info)
$this->error(_ERROR_ACTIVATE);
$mem =& $manager->getMember($info['vmember']);
if (!$mem)
$this->error(_ERROR_ACTIVATE);
$text = '';
$title = '';
$bNeedsPasswordChange = true;
switch ($info['vtype'])
{
case 'forgot':
$title = _ACTIVATE_FORGOT_TITLE;
$text = _ACTIVATE_FORGOT_TEXT;
break;
case 'register':
$title = _ACTIVATE_REGISTER_TITLE;
$text = _ACTIVATE_REGISTER_TEXT;
break;
case 'addresschange':
$title = _ACTIVATE_CHANGE_TITLE;
$text = _ACTIVATE_CHANGE_TEXT;
$bNeedsPasswordChange = false;
Member::activate($key);
break;
}
$aVars = array(
'memberName' => Entity::hsc($mem->getDisplayName())
);
$title = Template::fill($title, $aVars);
$text = Template::fill($text, $aVars);
$this->pagehead();
echo '
' , $title, '
';
echo '
' , $text, '
';
if ($message != '')
{
echo '
',$message,'
';
}
if ($bNeedsPasswordChange)
{
?>
pagefoot();
}
/**
* Account activation - set password part
*
* @author dekarma
*/
function action_activatesetpwd()
{
global $manager;
$key = postVar('key');
// clean up old activation keys
Member::cleanupActivationTable();
// get activation info
$info = Member::getActivationInfo($key);
if (!$info || ($info['type'] == 'addresschange'))
return $this->_showActivationPage($key, _ERROR_ACTIVATE);
$mem =& $manager->getMember($info['vmember']);
if (!$mem)
return $this->_showActivationPage($key, _ERROR_ACTIVATE);
$password = postVar('password');
$repeatpassword = postVar('repeatpassword');
if ($password != $repeatpassword)
return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
if ($password && (i18n::strlen($password) < 6))
return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
if ($password) {
$pwdvalid = true;
$pwderror = '';
global $manager;
$manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
if (!$pwdvalid) {
return $this->_showActivationPage($key,$pwderror);
}
}
$error = '';
$manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
if ($error != '')
return $this->_showActivationPage($key, $error);
// set password
$mem->setPassword($password);
$mem->write();
// do the activation
Member::activate($key);
$this->pagehead();
echo '
',_ACTIVATE_SUCCESS_TITLE,'
';
echo '
',_ACTIVATE_SUCCESS_TEXT,'
';
$this->pagefoot();
}
/**
* Admin::action_manageteam()
*
* Manage team
* @param void
* @return void
*/
public function action_manageteam()
{
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$this->pagehead();
echo "
\n";
$query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin'
. ' FROM '.sql_table('member').', '.sql_table('team')
. ' WHERE tmember=mnumber and tblog=' . $blogid;
$template['content'] = 'teamlist';
$template['tabindex'] = 10;
$manager->loadClass("ENCAPSULATE");
$batch = new Batch('team');
$batch->showlist($query, 'table', $template);
echo '
' . _TEAM_ADDNEW . "
\n";
echo "\n";
$this->pagefoot();
return;
}
/**
* Add member to team
*/
function action_teamaddmember() {
global $member, $manager;
$memberid = intPostVar('memberid');
$blogid = intPostVar('blogid');
$admin = intPostVar('admin');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
if (!$blog->addTeamMember($memberid, $admin))
$this->error(_ERROR_ALREADYONTEAM);
$this->action_manageteam();
}
/**
* @todo document this
*/
function action_teamdelete() {
global $member, $manager;
$memberid = intRequestVar('memberid');
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$teammem =& $manager->getMember($memberid);
$blog =& $manager->getBlog($blogid);
$this->pagehead();
?>
getDisplayName()) ?>getName())) ?>
pagefoot();
}
/**
* @todo document this
*/
function action_teamdeleteconfirm() {
global $member;
$memberid = intRequestVar('memberid');
$blogid = intRequestVar('blogid');
$error = $this->deleteOneTeamMember($blogid, $memberid);
if ($error)
$this->error($error);
$this->action_manageteam();
}
/**
* @todo document this
*/
function deleteOneTeamMember($blogid, $memberid) {
global $member, $manager;
$blogid = intval($blogid);
$memberid = intval($memberid);
// check if allowed
if (!$member->blogAdminRights($blogid))
return _ERROR_DISALLOWED;
// check if: - there remains at least one blog admin
// - (there remains at least one team member)
$tmem =& $manager->getMember($memberid);
$manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
if ($tmem->isBlogAdmin($blogid)) {
// check if there are more blog members left and at least one admin
// (check for at least two admins before deletion)
$query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
$r = DB::getResult($query);
if ($r->rowCount() < 2)
return _ERROR_ATLEASTONEBLOGADMIN;
}
$query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
DB::execute($query);
$manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
return '';
}
/**
* @todo document this
*/
function action_teamchangeadmin() {
global $manager, $member;
$blogid = intRequestVar('blogid');
$memberid = intRequestVar('memberid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$mem =& $manager->getMember($memberid);
// don't allow when there is only one admin at this moment
if ($mem->isBlogAdmin($blogid)) {
$r = DB::getResult('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
if ($r->rowCount() == 1)
$this->error(_ERROR_ATLEASTONEBLOGADMIN);
}
if ($mem->isBlogAdmin($blogid))
$newval = 0;
else
$newval = 1;
$query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid";
DB::execute($query);
// only show manageteam if member did not change its own admin privileges
if ($member->isBlogAdmin($blogid))
$this->action_manageteam();
else
$this->action_overview(_MSG_ADMINCHANGED);
}
/**
* Admin::action_blogsettings()
*
* @param void
* @return void
*/
public function action_blogsettings()
{
global $member, $manager;
$blogid = intRequestVar('blogid');
// check if allowed
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
$extrahead = "\n";
$this->pagehead($extrahead);
echo '
pagefoot();
}
/**
* @todo document this
*/
function action_categoryupdate() {
global $member, $manager;
$blogid = intPostVar('blogid');
$catid = intPostVar('catid');
$cname = postVar('cname');
$cdesc = postVar('cdesc');
$desturl = postVar('desturl');
$member->blogAdminRights($blogid) or $this->disallow();
if (!isValidCategoryName($cname))
$this->error(_ERROR_BADCATEGORYNAME);
$query = 'SELECT * FROM '.sql_table('category').' WHERE cname=' . DB::quoteValue($cname).' and cblog=' . intval($blogid) . " and not(catid=$catid)";
$res = DB::getResult($query);
if ($res->rowCount() > 0)
$this->error(_ERROR_DUPCATEGORYNAME);
$query = 'UPDATE '.sql_table('category').' SET'
. ' cname=' . DB::quoteValue($cname) . ','
. ' cdesc=' . DB::quoteValue($cdesc)
. ' WHERE catid=' . $catid;
DB::execute($query);
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::apply_plugin_options($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid));
if ($desturl) {
redirect($desturl);
exit;
} else {
$this->action_blogsettings();
}
}
/**
* @todo document this
*/
function action_categorydelete() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$catid = intRequestVar('catid');
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
// check if the category is valid
if (!$blog->isValidCategory($catid))
$this->error(_ERROR_NOSUCHCATEGORY);
// don't allow deletion of default category
if ($blog->getDefaultCategory() == $catid)
$this->error(_ERROR_DELETEDEFCATEGORY);
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = DB::getResult($query);
if ($res->rowCount() == 1)
$this->error(_ERROR_DELETELASTCATEGORY);
$this->pagehead();
?>
getCategoryName($catid)) ?>
pagefoot();
}
/**
* @todo document this
*/
function action_categorydeleteconfirm() {
global $member, $manager;
$blogid = intRequestVar('blogid');
$catid = intRequestVar('catid');
$member->blogAdminRights($blogid) or $this->disallow();
$error = $this->deleteOneCategory($catid);
if ($error)
$this->error($error);
$this->action_blogsettings();
}
/**
* Admin::deleteOneCategory()
* Delete a category by its id
*
* @param String $catid category id for deleting
* @return Void
*/
function deleteOneCategory($catid)
{
global $manager, $member;
$catid = intval($catid);
$blogid = getBlogIDFromCatID($catid);
if ( !$member->blogAdminRights($blogid) )
{
return ERROR_DISALLOWED;
}
// get blog
$blog =& $manager->getBlog($blogid);
// check if the category is valid
if ( !$blog || !$blog->isValidCategory($catid) )
{
return _ERROR_NOSUCHCATEGORY;
}
$destcatid = $blog->getDefaultCategory();
// don't allow deletion of default category
if ( $blog->getDefaultCategory() == $catid )
{
return _ERROR_DELETEDEFCATEGORY;
}
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = DB::getResult($query);
if ( $res->rowCount() == 1 )
{
return _ERROR_DELETELASTCATEGORY;
}
$manager->notify('PreDeleteCategory', array('catid' => $catid));
// change category for all items to the default category
$query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
DB::execute($query);
// delete all associated plugin options
NucleusPlugin::delete_option_values('category', $catid);
// delete category
$query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid;
DB::execute($query);
$manager->notify('PostDeleteCategory', array('catid' => $catid));
return;
}
/**
* Admin::action_blogsettingsupdate
* Updating blog settings
*
* @param Void
* @return Void
*/
function action_blogsettingsupdate()
{
global $member, $manager;
$blogid = intRequestVar('blogid');
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
$notify_address = trim(postVar('notify'));
$shortname = trim(postVar('shortname'));
$updatefile = trim(postVar('update'));
$notifyComment = intPostVar('notifyComment');
$notifyVote = intPostVar('notifyVote');
$notifyNewItem = intPostVar('notifyNewItem');
if ( $notifyComment == 0 )
{
$notifyComment = 1;
}
if ( $notifyVote == 0 )
{
$notifyVote = 1;
}
if ( $notifyNewItem == 0 )
{
$notifyNewItem = 1;
}
$notifyType = $notifyComment * $notifyVote * $notifyNewItem;
if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
{
$this->error(_ERROR_BADNOTIFY);
}
if ( !isValidShortName($shortname) )
{
$this->error(_ERROR_BADSHORTBLOGNAME);
}
if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
{
$this->error(_ERROR_DUPSHORTBLOGNAME);
}
// check if update file is writable
if ( $updatefile && !is_writeable($updatefile) )
{
$this->error(_ERROR_UPDATEFILE);
}
$blog->setName(trim(postVar('name')));
$blog->setShortName($shortname);
$blog->setNotifyAddress($notify_address);
$blog->setNotifyType($notifyType);
$blog->setMaxComments(postVar('maxcomments'));
$blog->setCommentsEnabled(postVar('comments'));
$blog->setTimeOffset(postVar('timeoffset'));
$blog->setUpdateFile($updatefile);
$blog->setURL(trim(postVar('url')));
$blog->setDefaultSkin(intPostVar('defskin'));
$blog->setDescription(trim(postVar('desc')));
$blog->setPublic(postVar('public'));
$blog->setConvertBreaks(intPostVar('convertbreaks'));
$blog->setAllowPastPosting(intPostVar('allowpastposting'));
$blog->setDefaultCategory(intPostVar('defcat'));
$blog->setSearchable(intPostVar('searchable'));
$blog->setEmailRequired(intPostVar('reqemail'));
$blog->writeSettings();
// store plugin options
$aOptions = requestArray('plugoption');
NucleusPlugin::apply_plugin_options($aOptions);
$manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog));
$this->action_overview(_MSG_SETTINGSCHANGED);
return;
}
/**
* @todo document this
*/
function action_deleteblog() {
global $member, $CONF, $manager;
$blogid = intRequestVar('blogid');
$member->blogAdminRights($blogid) or $this->disallow();
// check if blog is default blog
if ($CONF['DefaultBlog'] == $blogid)
$this->error(_ERROR_DELDEFBLOG);
$blog =& $manager->getBlog($blogid);
$this->pagehead();
?>
getName()) ?>
pagefoot();
}
/**
* Admin::action_deleteblogconfirm()
* Delete Blog
*
* @param Void
* @return Void
*/
function action_deleteblogconfirm()
{
global $member, $CONF, $manager;
$blogid = intRequestVar('blogid');
$manager->notify('PreDeleteBlog', array('blogid' => $blogid));
$member->blogAdminRights($blogid) or $this->disallow();
// check if blog is default blog
if ( $CONF['DefaultBlog'] == $blogid )
{
$this->error(_ERROR_DELDEFBLOG);
}
// delete all comments
$query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid;
DB::execute($query);
// delete all items
$query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid;
DB::execute($query);
// delete all team members
$query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid;
DB::execute($query);
// delete all bans
$query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid;
DB::execute($query);
// delete all categories
$query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid;
DB::execute($query);
// delete all associated plugin options
NucleusPlugin::delete_option_values('blog', $blogid);
// delete the blog itself
$query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid;
DB::execute($query);
$manager->notify('PostDeleteBlog', array('blogid' => $blogid));
$this->action_overview(_DELETED_BLOG);
return;
}
/**
* @todo document this
*/
function action_memberdelete() {
global $member, $manager;
$memberid = intRequestVar('memberid');
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$mem =& $manager->getMember($memberid);
$this->pagehead();
?>
getDisplayName()) ?>
pagefoot();
}
/**
* @todo document this
*/
function action_memberdeleteconfirm() {
global $member;
$memberid = intRequestVar('memberid');
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
$error = $this->deleteOneMember($memberid);
if ($error)
$this->error($error);
if ($member->isAdmin())
$this->action_usermanagement();
else
$this->action_overview(_DELETED_MEMBER);
}
/**
* Admin::deleteOneMember()
* Delete a member by id
*
* @static
* @params Integer $memberid member id
* @return String null string or error messages
*/
function deleteOneMember($memberid)
{
global $manager;
$memberid = intval($memberid);
$mem =& $manager->getMember($memberid);
if ( !$mem->canBeDeleted() )
{
return _ERROR_DELETEMEMBER;
}
$manager->notify('PreDeleteMember', array('member' => &$mem));
/* unlink comments from memberid */
if ( $memberid )
{
$query = "UPDATE %s SET cmember=0, cuser=%s WHERE cmember=%d";
$query = sprintf($query, sql_table('comment'), DB::quoteValue($mem->getDisplayName()), $memberid);
DB::execute($query);
}
$query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;
DB::execute($query);
$query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid;
DB::execute($query);
$query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid;
DB::execute($query);
// delete all associated plugin options
NucleusPlugin::delete_option_values('member', $memberid);
$manager->notify('PostDeleteMember', array('member' => &$mem));
return '';
}
/**
* @todo document this
*/
function action_createnewlog() {
global $member, $CONF, $manager;
// Only Super-Admins can do this
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
pagefoot();
}
/**
* @todo document this
*/
function action_templatedeleteconfirm() {
global $member, $manager;
$templateid = intRequestVar('templateid');
$member->isAdmin() or $this->disallow();
$manager->notify('PreDeleteTemplate', array('templateid' => $templateid));
// 1. delete description
DB::execute('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid);
// 2. delete parts
DB::execute('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
$manager->notify('PostDeleteTemplate', array('templateid' => $templateid));
$this->action_templateoverview();
}
/**
* @todo document this
*/
function action_templatenew() {
global $member;
$member->isAdmin() or $this->disallow();
$name = postVar('name');
$desc = postVar('desc');
if (!isValidTemplateName($name))
$this->error(_ERROR_BADTEMPLATENAME);
if (Template::exists($name))
$this->error(_ERROR_DUPTEMPLATENAME);
$newTemplateId = Template::createNew($name, $desc);
$this->action_templateoverview();
}
/**
* @todo document this
*/
function action_templateclone() {
global $member;
$templateid = intRequestVar('templateid');
$member->isAdmin() or $this->disallow();
// 1. read old template
$name = Template::getNameFromId($templateid);
$desc = Template::getDesc($templateid);
// 2. create desc thing
$name = "cloned" . $name;
// if a template with that name already exists:
if (Template::exists($name)) {
$i = 1;
while (Template::exists($name . $i))
$i++;
$name .= $i;
}
$newid = Template::createNew($name, $desc);
// 3. create clone
// go through parts of old template and add them to the new one
$res = DB::getResult('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
foreach ( $res as $row ) {
$this->addToTemplate($newid, $row['tpartname'], $row['tcontent']);
}
$this->action_templateoverview();
}
/**
* Admin::action_skinoverview()
*
* @param void
* @return void
*/
public function action_skinoverview()
{
global $member, $manager;
$member->isAdmin() or $this->disallow();
$this->pagehead();
echo '
';
echo "\n";
/* NOTE: special skin parts has FALSE in its value */
if ( in_array(FALSE, array_values($available_skin_types)) )
{
$tabstart = 75;
echo '
';
foreach ( $available_skin_types as $type => $friendly_name )
{
if ( !$friendly_name )
{
$tabstart++;
echo "