<?php
/**
 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
 * Copyright (C) 2002-2012 The Nucleus Group
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * (see nucleus/documentation/index.html#license for more info)
 */
/**
 * The code for the Nucleus admin area
 *
 * @license http://nucleuscms.org/license.txt GNU General Public License
 * @copyright Copyright (C) 2002-2012 The Nucleus Group
 * @version $Id: ADMIN.php 1661 2012-02-12 11:55:39Z sakamocchi $
 */

if ( !function_exists('requestVar') ) exit;
require_once dirname(__FILE__) . '/showlist.php';

class Admin
{
	static private $xml_version_info			= '1.0';
	static private $formal_public_identifier	= '-//W3C//DTD XHTML 1.0 Strict//EN';
	static private $system_identifier			= 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd';
	static private $xhtml_namespace			= 'http://www.w3.org/1999/xhtml';
	
	static private $action;
	static private $skin;
	static private $extrahead;
	static private $passvar;
	static private $headMess;
	static private $aOptions;
	
	/**
	 * Admin::$edit_actions
	 */
	static private $edit_actions = array(
		'adminskinoverview',
		'adminskinieoverview',
		'adminskinedittype',
		'adminskinremovetype',
		'adminskindelete',
		'adminskinedit',
		'adminskinieimport',
		'adminskiniedoimport',
		'admintemplateedit',
		'admintemplateoverview',
		'admintemplatedelete'
	);
	
	/**
	 * Admin::$skinless_actions
	 */
	static private $skinless_actions = array(
		'plugindeleteconfirm',
		'pluginoptionsupdate',
		'skinremovetypeconfirm',
		'skinclone',
		'skindeleteconfirm',
		'skinnew',
		'skineditgeneral',
		'skinieexport',
		'skinupdate',
		'templateupdate',
		'templatedeleteconfirm',
		'templatenew',
		'templateclone',
		'adminskinremovetypeconfirm',
		'adminskinclone',
		'adminskindeleteconfirm',
		'adminskinnew',
		'adminskineditgeneral',
		'adminskinieexport',
		'adminskinupdate',
		'admintemplateupdate',
		'admintemplatedeleteconfirm',
		'admintemplatenew',
		'admintemplateclone',
		'blogsettingsupdate',
		'settingsupdate',
		'addnewlog2',
		'additem',
		'itemdeleteconfirm',
		'itemupdate',
		'changemembersettings',
		'clearactionlog',
		'memberedit'
	);
	
	static private $actions_needless_to_check = array(
		'showlogin',
		'login',
		'overview',
		'itemlist',
		'blogcommentlist',
		'bookmarklet',
		'blogsettings',
		'banlist',
		'deleteblog',
		'editmembersettings',
		'browseownitems',
		'browseowncomments',
		'createitem',
		'itemedit',
		'itemmove',
		'categoryedit',
		'categorydelete',
		'manage',
		'actionlog',
		'settingsedit',
		'backupoverview',
		'pluginlist',
		'createnewlog',
		'usermanagement',
		'skinoverview',
		'templateoverview',
		'skinieoverview',
		'itemcommentlist',
		'commentedit',
		'commentdelete',
		'banlistnewfromitem',
		'banlistdelete',
		'itemdelete',
		'manageteam',
		'teamdelete',
		'banlistnew',
		'memberedit',
		'memberdelete',
		'pluginhelp',
		'pluginoptions',
		'plugindelete',
		'skinedittype',
		'skinremovetype',
		'skindelete',
		'skinedit',
		'templateedit',
		'templatedelete',
		'activate',
		'systemoverview',
		'activatesetpwd',
	);
	
	static public function initialize()
	{
		global $CONF, $DIR_LIBS;
		
		/* NOTE: 1. decide which skinid to use */
		$skinid = $CONF['DefaultAdminSkin'];
		/*
		 * NOTE: this is temporary escaped because not implemented yet
		if (isset($member) && $member->isLoggedIn())
		{
			$memskin = $member->getAdminSkin();
			if ( $memskin )
			{
				$skinid = $memskin;
			}
		}
		*/
		
		/* NOTE: 2. make an instance of skin object */
		if ( !Skin::existsID($skinid) )
		{
			return FALSE;
		}
		
		/* NOTE: 3. initializing each members */
		self::$skin			= new Skin($skinid, 'AdminActions', 'AdminSkin');
		self::$action		= '';
		self::$extrahead	= '';
		self::$passvar		= '';
		self::$headMess		= '';
		self::$aOptions		= '';
		return TRUE;
	}
	
	/**
	 * Admin::action()
	 * Executes an action
	 *
	 * @param	string	$action	action to be performed
	 * @return	void
	 */
	static public function action($action)
	{
		global $CONF, $DIR_LIBS, $manager, $member;
		
		/* 1. decide action name */
		$customAction = postvar('customaction');
		if ( !empty($customAction) )
		{
			$alias = array(
				'login'	=> $customAction,
				''		=> $customAction
			);
		}
		else
		{
			$alias = array(
				'login'	=> 'overview',
				''		=> 'overview'
			);
		}
		if ( array_key_exists($action, $alias) && isset($alias[$action]) )
		{
			$action = $alias[$action];
		}
		$methodName = "action_{$action}";
		self::$action = strtolower($action);
		
		/* 2. check the action */
		$synonimActions = array(
			'banlistnewfromitem',
			'memberedit',
			'login',
		);
		$allowActions		= array_merge($synonimActions, self::$skinless_actions);
		$aActionsNotToCheck	= array_merge(self::$actions_needless_to_check, self::$edit_actions, $allowActions);
		if ( !in_array(self::$action, $aActionsNotToCheck) && !self::existsSkinContents($action) )
		{
			if (!$manager->checkTicket())
			{
				self::error(_ERROR_BADTICKET);
			}
		}

		/* 3. parse according to the action */
		if ( !method_exists('Admin', $methodName) && !in_array(self::$action, $allowActions) && self::existsSkinContents($action) )
		{
			/* TODO: what is this?
			self::action_parseSpecialskin();
			*/
		}
		elseif ( method_exists('Admin', $methodName) )
		{
			call_user_func(array(self, $methodName));
		}
		else if ( self::existsSkinContents('adminerrorpage') )
		{
			self::error(_BADACTION . ENTITY::hsc($action));
		}
		elseif ( $id != $CONF['DefaultAdminSkin'] )
		{
			self::$skin = new Skin($CONF['DefaultAdminSkin']);
			if ( self::$skin && self::existsSkinContents('adminerrorpage') )
			{
				self::error(_BADACTION . ENTITY::hsc($action));
			}
		}
		else
		{
			self::error(_BADACTION . ENTITY::hsc($action));
		}
		exit;
	}
	
	/**
	 * Action::existsSkinContents()
	 * Check skin contents
	 *
	 * @param	string	$action	action type
	 * @return	boolean
	 */
	static private function existsSkinContents($action)
	{
		$in_array  = in_array($action, self::$skinless_actions);
		
		if ( $in_array )
		{
			return $in_array;
		}
		else
		{
			$query = "SELECT scontent as result FROM %s WHERE sdesc=%d AND stype='%s';";
			/* TODO: skinid should be a default */
			if ( !is_object(self::$skin) )
			{
				global $CONF;
				return quickQuery(sprintf($query, sql_table('skin'), $CONF['DefaultAdminSkin'], sql_real_escape_string($action)));
			}
			else
			{
				return quickQuery(sprintf($query, sql_table('skin'), self::$skin->getID(), sql_real_escape_string($action)));
			}
		}
		return;
	}
	
	/**
	 * Action::specialActionsAllow()
	 * Check exists specialskinparts
	 *
	 * @param	string	$action	action type
	 * @return boolean
	 */
	static private function specialActionsAllow($action)
	{
		$query = "SELECT sdesc as result FROM %s WHERE  sdesc = %d AND stype = '%s';";
		$query = sprintf($query, sql_table('skin'), (integer) self::$skin->id, sql_real_escape_string($action));
		return quickQuery($query);
	}
	
	/**
	 * Action::action_showlogin()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_showlogin()
	{
		global $error;
		self::action_login($error);
		return;
	}
	
	/**
	 * Action::action_login()
	 * 
	 * @param	string	$msg		message for pageheader
	 * @param	integer	$passvars	???
	 */
	static private function action_login($msg = '', $passvars = 1)
	{
		global $member;
		
		// skip to overview when allowed
		if ( $member->isLoggedIn() && $member->canLogin() )
		{
			self::$action_overview();
			exit;
		}
		
		/* TODO: needless variable??? */
		self::$passvar = $passvars;
		if ( $msg )
		{
			self::$headMess = $msg;
		}
		
		self::pagehead();
		self::$skin->parse('showlogin');
		self::pagefoot();
	}
	
	/**
	 * Action::action_overview()
	 * provides a screen with the overview of the actions available
	 * 
	 * @param	string	$msg	message for pageheader
	 * @return	void
	 */
	static private function action_overview($msg = '')
	{
		if ( $msg )
		{
			self::$headMess = $msg;
		}
		
		self::pagehead();
		self::$skin->parse('overview');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_manage()
	 * 
	 * @param	string	$msg	message for pageheader
	 * @retrn	void
	 */
	static private function action_manage($msg = '')
	{
		global $member;
		
		if ( $msg )
		{
			self::$headMess = $msg;
		}
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('manage');
		self::pagefoot();
		return;
	}
	
	/**
	 * Action::action_itemlist()
	 * 
	 * @param	integer	id for weblod
	 * @return	void
	 */
	static private function action_itemlist($blogid = '')
	{
		global $member, $manager, $CONF;
		
		if ( $blogid == '' )
		{
			$blogid = intRequestVar('blogid');
		}
		
		$member->teamRights($blogid) or $member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('itemlist');
		self::pagefoot();
		return;
	}
	
	/**
	 * Action::action_batchitem()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_batchitem()
	{
		global $member, $manager;
		
		$member->isLoggedIn() or self::disallow();
		
		$selected	= requestIntArray('batch');
		$action		= requestVar('batchaction');
		
		if ( !is_array($selected) || sizeof($selected) == 0 )
		{
			self::error(_BATCH_NOSELECTION);
		}
		
		// On move: when no destination blog/category chosen, show choice now
		$destCatid = intRequestVar('destcatid');
		if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) )
		{
			self::batchMoveSelectDestination('item', $selected);
		}
		
		// On delete: check if confirmation has been given
		if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
		{
			self::batchAskDeleteConfirmation('item', $selected);
		}
		
		self::pagehead();
		self::$skin->parse('batchitem');
		self::pagefoot();
		return;
	}
	
	/**
	 * Action::action_batchcomment()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_batchcomment()
	{
		global $member;
		
		$member->isLoggedIn() or self::disallow();
		
		$selected	= requestIntArray('batch');
		$action		= requestVar('batchaction');
		
		// Show error when no items were selected
		if ( !is_array($selected) || sizeof($selected) == 0 )
		{
			self::error(_BATCH_NOSELECTION);
		}
		
		// On delete: check if confirmation has been given
		if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
		{
			self::batchAskDeleteConfirmation('comment',$selected);
		}
		
		self::pagehead();
		self::$skin->parse('batchcomment');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_batchmember()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_batchmember()
	{
		global $member;
		
		($member->isLoggedIn() && $member->isAdmin()) or self::disallow();
		
		$selected	= requestIntArray('batch');
		$action		= requestVar('batchaction');
		
		// Show error when no members selected
		if ( !is_array($selected) || sizeof($selected) == 0 )
		{
			self::error(_BATCH_NOSELECTION);
		}
		
		// On delete: check if confirmation has been given
		if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
		{
			self::batchAskDeleteConfirmation('member',$selected);
		}
		
		self::pagehead();
		self::$skin->parse('batchmember');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_batchteam()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_batchteam()
	{
		global $member;
		
		$blogid = intRequestVar('blogid');
		
		($member->isLoggedIn() && $member->blogAdminRights($blogid)) or self::disallow();
		
		$selected	= requestIntArray('batch');
		$action		= requestVar('batchaction');
		
		if ( !is_array($selected) || sizeof($selected) == 0 )
		{
			self::error(_BATCH_NOSELECTION);
		}
		
		// On delete: check if confirmation has been given
		if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
		{
			self::batchAskDeleteConfirmation('team',$selected);
		}
		
		self::pagehead();
		self::$skin->parse('batchteam');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_batchcategory()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_batchcategory()
	{
		global $member, $manager;
		
		$member->isLoggedIn() or self::disallow();
		
		$selected	= requestIntArray('batch');
		$action		= requestVar('batchaction');
		
		if ( !is_array($selected) || sizeof($selected) == 0 )
		{
			self::error(_BATCH_NOSELECTION);
		}
		
		// On move: when no destination blog chosen, show choice now
		$destBlogId = intRequestVar('destblogid');
		if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) )
		{
			self::batchMoveCategorySelectDestination('category', $selected);
		}
		
		// On delete: check if confirmation has been given
		if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') )
		{
			self::batchAskDeleteConfirmation('category', $selected);
		}
		
		self::pagehead();
		self::$skin->parse('batchcategory');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::batchMoveSelectDestination()
	 * 
	 * @param	string	$type	type of batch action
	 * @param	integer	$ids	needless???
	 * @return	void
	 * 
	 * TODO: remove needless argument
	 */
	static private function batchMoveSelectDestination($type, $ids)
	{
		$_POST['batchmove'] = $type;
		self::pagehead();
		self::$skin->parse('batchmove');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::batchMoveCategorySelectDestination()
	 * 
	 * @param	string	$type	type of batch action
	 * @param	integer	$ids	needless???
	 * @return	void
	 * 
	 * TODO: remove needless argument
	 */
	static private function batchMoveCategorySelectDestination($type, $ids)
	{
		$_POST['batchmove'] = $type;
		global $manager;
		self::pagehead();
		self::$skin->parse('batchmovecat');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::batchAskDeleteConfirmation()
	 * 
	 * @param	string	$type	type of batch action
	 * @param	integer	$ids	needless???
	 * @return	void
	 * 
	 * TODO: remove needless argument
	 */
	static private function batchAskDeleteConfirmation($type, $ids)
	{
		self::pagehead();
		self::$skin->parse('batchdelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::selectBlogCategory()
	 * Inserts a HTML select element with choices for all categories to which the current
	 * member has access
	 *
	 * @see function selectBlog
	 * @param	string	$name				name of weblod
	 * @param	integer	$selected			
	 * @param	integer	$tabindex			
	 * @param	integer	$showNewCat			
	 * @param	integer	$iForcedBlogInclude	ID for weblog always included
	 * @return	void
	 *
	 * NOTE: callback from AdminAction
	 */
	static private function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
	{
		Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
		return;
	}
	
	/**
	 * Admin::selectBlog()
	 * Inserts a HTML select element with choices for all blogs to which the user has access
	 *      mode = 'blog' => shows blognames and values are blogids
	 *      mode = 'category' => show category names and values are catids
	 *
	 * @param	string	$name				name of weblod
	 * @param	string	$mode				
	 * @param	integer	$selected			
	 * @param	integer	$tabindex			
	 * @param	integer	$showNewCat			
	 * @param	integer	$iForcedBlogInclude	ID for weblog always included
	 * @param $iForcedBlogInclude
	 *      ID of a blog that always needs to be included, without checking if the
	 *      member is on the blog team (-1 = none)
	 * @return	void
	 */
	static private function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
	{
		global $member, $CONF;
		
		// 0. get IDs of blogs to which member can post items (+ forced blog)
		$aBlogIds = array();
		if ( $iForcedBlogInclude != -1 )
		{
			$aBlogIds[] = intval($iForcedBlogInclude);
		}
		
		if ( ($member->isAdmin()) && ($CONF['ShowAllBlogs']) )
		{
			$query =  "SELECT bnumber FROM %s ORDER BY bname;";
			$query = sprintf($query, sql_table('blog'));
		}
		else
		{
			$query =  "SELECT bnumber FROM %s, %s WHERE tblog=bnumber AND tmember=%d;";
			$query = sprintf($query, sql_table('blog'), sql_table('team'), (integer) $member->getID());
		}
		
		$rblogids = sql_query($query);
		while ($o = sql_fetch_object($rblogids))
		{
			if ( $o->bnumber != $iForcedBlogInclude )
			{
				$aBlogIds[] = intval($o->bnumber);
			}
		}
		
		if ( count($aBlogIds) == 0 )
		{
			return;
		}
		
		/* TODO: we should consider to use the other way instead of this */
		$_REQUEST['selectData'] = array(
			'name'			=> $name,
			'tabindex'		=> $tabindex,
			'mode'			=> $mode,
			'selected'		=> $selected,
			'showNewCat'	=> $showNewCat,
			'aBlogIds'		=> $aBlogIds,
		);
		self::$skin->parse('blogselectbox');
		return;
	}
	
	/**
	 * Admin::action_browseownitems()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_browseownitems()
	{
		global $member, $manager, $CONF;
		
		self::pagehead();
		self::$skin->parse('browseownitems');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_itemcommentlist()
	 * Show all the comments for a given item
	 * 
	 * @param	integer	$itemid	ID for item
	 * @return	void
	 */
	static private function action_itemcommentlist($itemid = '')
	{
		global $member, $manager, $CONF;
		
		if ( $itemid == '' )
		{
			$itemid = intRequestVar('itemid');
		}
		
		/* TODO: we consider to use the other way insterad of this */
		$_REQUEST['itemid'] = $itemid;
		$_REQUEST['blogid'] = getBlogIdFromItemId($itemid);
		
		// only allow if user is allowed to alter item
		$member->canAlterItem($itemid) or self::disallow();
		
		$blogid = getBlogIdFromItemId($itemid);
		
		self::pagehead();
		self::$skin->parse('itemcommentlist');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_browseowncomments()
	 * Browse own comments
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_browseowncomments()
	{
		self::pagehead();
		self::$skin->parse('browseowncomments');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_blogcommentlist()
	 * Browse all comments for a weblog
	 * 
	 * @param	integer	$blogid	ID for weblog
	 * @return	void
	 */
	static private function action_blogcommentlist($blogid = '')
	{
		global $member, $manager, $CONF;
		
		if ( $blogid == '' )
		{
			$blogid = intRequestVar('blogid');
		}
		else
		{
			$blogid = intval($blogid);
		}
		
		$member->teamRights($blogid) or $member->isAdmin() or self::disallow();
		
		/* TODO: we consider to use the other way insterad of this */
		$_REQUEST['blogid'] = $blogid;
		
		self::pagehead();
		self::$skin->parse('blogcommentlist');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_createitem()
	 * Provide a page to item a new item to the given blog
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_createitem()
	{
		global $member, $manager;
		
		$blogid = intRequestVar('blogid');
		
		// check if allowed
		$member->teamRights($blogid) or self::disallow();
		
		$memberid = $member->getID();
		
		$blog =& $manager->getBlog($blogid);
		
		self::pagehead();
		self::$skin->parse('createitem');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_itemedit()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_itemedit()
	{
		global $member, $manager;
		
		$itemid = intRequestVar('itemid');
		
		// only allow if user is allowed to alter item
		$member->canAlterItem($itemid) or self::disallow();
		
		$item =& $manager->getItem($itemid, 1, 1);
		$blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
		
		self::pagehead();
		self::$skin->parse('itemedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_itemupdate()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_itemupdate()
	{
		global $member, $manager, $CONF;
		
		$itemid = intRequestVar('itemid');
		$catid  = postVar('catid');
		
		// only allow if user is allowed to alter item
		$member->canUpdateItem($itemid, $catid) or self::disallow();
		
		$actiontype = postVar('actiontype');
		
		// delete actions are handled by itemdelete (which has confirmation)
		if ( $actiontype == 'delete' )
		{
			self::$action_itemdelete();
			return;
		}
		
		$body		= postVar('body');
		$title		= postVar('title');
		$more		= postVar('more');
		$closed		= intPostVar('closed');
		$draftid	= intPostVar('draftid');
		
		// default action = add now
		if ( !$actiontype )
		{
			$actiontype='addnow';
		}
		
		// create new category if needed
		if ( i18n::strpos($catid,'newcat') === 0 )
		{
			// get blogid
			list($blogid) = sscanf($catid,"newcat-%d");
			
			// create
			$blog =& $manager->getBlog($blogid);
			$catid = $blog->createNewCategory();
			
			// show error when sth goes wrong
			if ( !$catid )
			{
				self::doError(_ERROR_CATCREATEFAIL);
			}
		}
		
		/*
			set some variables based on actiontype

			actiontypes:
				draft items -> addnow, addfuture, adddraft, delete
				non-draft items -> edit, changedate, delete

			variables set:
				$timestamp: set to a nonzero value for future dates or date changes
				$wasdraft: set to 1 when the item used to be a draft item
				$publish: set to 1 when the edited item is not a draft
	 */
		$blogid =  getBlogIDFromItemID($itemid);
		$blog   =& $manager->getBlog($blogid);
		
		$wasdrafts = array('adddraft', 'addfuture', 'addnow');
		$wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;
		$publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
		if ( $actiontype == 'addfuture' || $actiontype == 'changedate' )
		{
			$timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
		}
		else
		{
			$timestamp =0;
		}
		
		// edit the item for real
		Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
		
		self::updateFuturePosted($blogid);
		
		if ( $draftid > 0 )
		{
			// delete permission is checked inside Item::delete()
			Item::delete($draftid);
		}
		
		if ( $catid != intPostVar('catid') )
		{
			self::$action_categoryedit(
				$catid,
				$blog->getID(),
				$CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid)
			);
		}
		else
		{
			// TODO: set start item correctly for itemlist
			$item = Item::getItem($itemid, 0, 0);
			$cnt  = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']);
			$_REQUEST['start'] = $cnt + 1;
			self::$action_itemlist(getBlogIDFromItemID($itemid));
		}
		return;
	}
	
	/**
	 * Admin::action_itemdelete()
	 * Delete item
	 * 
	 * @param	Void
	 * @return	Void
	 */
	static private function action_itemdelete()
	{
		global $member, $manager;
		
		$itemid = intRequestVar('itemid');
		
		// only allow if user is allowed to alter item
		$member->canAlterItem($itemid) or self::disallow();
		
		if ( !$manager->existsItem($itemid,1,1) )
		{
			self::error(_ERROR_NOSUCHITEM);
		}
		
		self::pagehead();
		self::$skin->parse('itemdelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_itemdeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_itemdeleteconfirm()
	{
		global $member;
		
		$itemid = intRequestVar('itemid');
		
		// only allow if user is allowed to alter item
		$member->canAlterItem($itemid) or self::disallow();
		
		// get blogid first
		$blogid = getBlogIdFromItemId($itemid);
		
		// delete item (note: some checks will be performed twice)
		self::deleteOneItem($itemid);
		
		self::$action_itemlist($blogid);
		return;
	}
	
	/**
	 * Admin::deleteOneItem()
	 * Deletes one item and returns error if something goes wrong
	 * 
	 * @param	integer	$itemid	ID for item
	 * @return	void
	 */
	static private function deleteOneItem($itemid)
	{
		global $member, $manager;
		
		// only allow if user is allowed to alter item (also checks if itemid exists)
		if ( !$member->canAlterItem($itemid) )
		{
			return _ERROR_DISALLOWED;
		}
		
		// need to get blogid before the item is deleted
		$blogid = getBlogIDFromItemId($itemid);
		
		$manager->loadClass('ITEM');
		Item::delete($itemid);
		
		// update blog's futureposted
		self::updateFuturePosted($blogid);
		return;
	}
	
	/**
	 * Admin::updateFuturePosted()
	 * Update a blog's future posted flag
	 * 
	 * @param integer $blogid
	 * @return	void
	 */
	static private function updateFuturePosted($blogid)
	{
		global $manager;
		
		$blogid			=  intval($blogid);
		$blog			=& $manager->getBlog($blogid);
		$currenttime	=  $blog->getCorrectTime(time());
		
		$query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
		$query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
		$result = sql_query($query);
		
		if ( sql_num_rows($result) > 0 )
		{
				$blog->setFuturePost();
		}
		else
		{
				$blog->clearFuturePost();
		}
		return;
	}

	/**
	 * Admin::action_itemmove()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_itemmove()
	{
		global $member, $manager;
		
		$itemid = intRequestVar('itemid');
		
		$member->canAlterItem($itemid) or self::disallow();
		
		self::pagehead();
		self::$skin->parse('itemmove');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_itemmoveto()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_itemmoveto()
	{
		global $member, $manager;
		
		$itemid = intRequestVar('itemid');
		$catid = requestVar('catid');
		
		// create new category if needed
		if ( i18n::strpos($catid,'newcat') === 0 )
		{
			// get blogid
			list($blogid) = sscanf($catid,'newcat-%d');
			
			// create
			$blog =& $manager->getBlog($blogid);
			$catid = $blog->createNewCategory();
			
			// show error when sth goes wrong
			if ( !$catid )
			{
				self::doError(_ERROR_CATCREATEFAIL);
			}
		}
		
		// only allow if user is allowed to alter item
		$member->canUpdateItem($itemid, $catid) or self::disallow();
		
		$old_blogid = getBlogIDFromItemId($itemid);
		
		Item::move($itemid, $catid);
		
		// set the futurePosted flag on the blog
		self::updateFuturePosted(getBlogIDFromItemId($itemid));
		
		// reset the futurePosted in case the item is moved from one blog to another
		self::updateFuturePosted($old_blogid);
		
		if ( $catid != intRequestVar('catid') )
		{
			self::$action_categoryedit($catid, $blog->getID());
		}
		else
		{
			self::$action_itemlist(getBlogIDFromCatID($catid));
		}
		return;
	}
	
	/**
	 * Admin::moveOneItem()
	 * Moves one item to a given category (category existance should be checked by caller)
	 * errors are returned
	 * 
	 * @param	integer	$itemid		ID for item
	 * @param	integer	$destCatid	ID for category to which the item will be moved
	 * @return	void
	 */
	static private function moveOneItem($itemid, $destCatid)
	{
		global $member;
		
		// only allow if user is allowed to move item
		if ( !$member->canUpdateItem($itemid, $destCatid) )
		{
			return _ERROR_DISALLOWED;
		}
		
		Item::move($itemid, $destCatid);
		return;
	}
	
	/**
	 * Admin::action_additem()
	 * Adds a item to the chosen blog
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_additem()
	{
		global $manager, $CONF;
		
		$manager->loadClass('ITEM');
		
		$result = Item::createFromRequest();
		
		if ( $result['status'] == 'error' )
		{
			self::error($result['message']);
		}
		
		$blogid		=  getBlogIDFromItemID($result['itemid']);
		$blog		=& $manager->getBlog($blogid);
		$btimestamp	=  $blog->getCorrectTime();
		$item		=  $manager->getItem(intval($result['itemid']), 1, 1);
		
		if ( $result['status'] == 'newcategory' )
		{
			$distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
			self::$action_categoryedit($result['catid'], $blogid, $distURI);
		}
		else
		{
			$methodName = 'action_itemList';
			call_user_func(array(&$this, $methodName), $blogid);
		}
		return;
	}
	
	/**
	 * Admin::action_commentedit()
	 * Allows to edit previously made comments
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_commentedit()
	{
		global $member, $manager;
		
		$commentid = intRequestVar('commentid');
		
		$member->canAlterComment($commentid) or self::disallow();
		
		self::pagehead();
		self::$skin->parse('commentedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_commentupdate()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_commentupdate()
	{
		global $member, $manager;
		
		$commentid = intRequestVar('commentid');
		
		$member->canAlterComment($commentid) or self::disallow();
		
		$url	= postVar('url');
		$email	= postVar('email');
		$body	= postVar('body');
		
		// intercept words that are too long
		if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
		{
			self::error(_ERROR_COMMENT_LONGWORD);
		}
		
		// check length
		if ( i18n::strlen($body) < 3 )
		{
			self::error(_ERROR_COMMENT_NOCOMMENT);
		}
		
		if ( i18n::strlen($body) > 5000 )
		{
			self::error(_ERROR_COMMENT_TOOLONG);
		}
		
		// prepare body
		$body = Comment::prepareBody($body);
		
		// call plugins
		$data = array(
			'body' => &$body
		);
		$manager->notify('PreUpdateComment', $data);
		
		$query = "UPDATE %s SET cmail='%s', cemail  = '%s', cbody= '%s' WHERE cnumber=%d;";
		$query = sprintf($query, sql_real_escape_string($url), sql_real_escape_string($url), sql_real_escape_string($url), (integer) $commentid);
		sql_query($query);
		
		// get itemid
		$query = "SELECT citem FROM %s WHERE cnumber=%d;";
		$query = sprintf($query, sql_table('comment'), (integer) $commentid);
		
		$res	= sql_query($query);
		$o		= sql_fetch_object($res);
		$itemid	= $o->citem;
		
		if ( $member->canAlterItem($itemid) )
		{
			self::$action_itemcommentlist($itemid);
		}
		else
		{
			self::$action_browseowncomments();
		}
		return;
	}
	
	/**
	 * Admin::action_commentdelete()
	 * Update comment
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_commentdelete()
	{
		global $member, $manager;
		
		$commentid = intRequestVar('commentid');
		$member->canAlterComment($commentid) or self::disallow();
		
		self::pagehead();
		self::$skin->parse('commentdelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_commentdeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_commentdeleteconfirm()
	{
		global $member;
		
		$commentid = intRequestVar('commentid');
		
		// get item id first
		$query = "SELECT citem FROM %s WHERE cnumber=%d;";
		$query = sprintf($query, sql_table('comment'), (integer) $commentid);
		
		$res = sql_query($query);
		$o = sql_fetch_object($res);
		$itemid = $o->citem;
		
		$error = self::deleteOneComment($commentid);
		if ( $error )
		{
			self::doError($error);
		}
		
		if ( $member->canAlterItem($itemid) )
		{
			self::$action_itemcommentlist($itemid);
		}
		else
		{
			self::$action_browseowncomments();
		}
		return;
	}
	
	/**
	 * Admin::deleteOneComment()
	 * 
	 * @param	integer	$commentid	ID for comment
	 * @return	void
	 */
	static private function deleteOneComment($commentid)
	{
		global $member, $manager;
		
		$commentid = (integer) $commentid;
		
		if ( !$member->canAlterComment($commentid) )
		{
			return _ERROR_DISALLOWED;
		}
		
		$data = array(
			'commentid' => $commentid
		);
		
		$manager->notify('PreDeleteComment', $data);
		
		// delete the comments associated with the item
		$query = "DELETE FROM %s WHERE cnumber=%d;";
		$query = sprintf($query, sql_table('comment'), (integer) $commentid);
		sql_query($query);
		
		$data = array(
			'commentid' => $commentid
		);
		
		$manager->notify('PostDeleteComment', $data);
		
		return '';
	}
	
	/**
	 * Admin::action_usermanagement()
	 * Usermanagement main
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_usermanagement()
	{
		global $member, $manager;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('usermanagement');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_memberedit()
	 * Edit member settings
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_memberedit()
	{
		self::$action_editmembersettings(intRequestVar('memberid'));
		return;
	}
	
	/**
	 * Admin::action_editmembersettings()
	 * 
	 * @param	integer	$memberid	ID for member
	 * @return	void
	 * 
	 */
	static private function action_editmembersettings($memberid = '')
	{
		global $member, $manager, $CONF;
		
		if ( $memberid == '' )
		{
			$memberid = $member->getID();
		}
		
		/* TODO: we should consider to use the other way insterad of this */
		$_REQUEST['memberid'] = $memberid;
		
		// check if allowed
		($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
		
		$extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
		self::pagehead($extrahead);
		self::$skin->parse('editmembersettings');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_changemembersettings()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_changemembersettings()
	{
		global $member, $CONF, $manager;
		
		$memberid = intRequestVar('memberid');
		
		// check if allowed
		($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
		
		$name			= trim(strip_tags(postVar('name')));
		$realname		= trim(strip_tags(postVar('realname')));
		$password		= postVar('password');
		$repeatpassword	= postVar('repeatpassword');
		$email			= strip_tags(postVar('email'));
		$url			= strip_tags(postVar('url'));
		$adminskin		= intPostVar('adminskin');
		
		// begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
		if ( !preg_match('#^https?://#', $url) )
		{
			$url = 'http://' . $url;
		}
		
		$admin		= postVar('admin');
		$canlogin	= postVar('canlogin');
		$notes		= strip_tags(postVar('notes'));
		$locale		= postVar('locale');
		
		$mem = Member::createFromID($memberid);
		
		if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
		{
			if ( !isValidDisplayName($name) )
			{
				self::error(_ERROR_BADNAME);
			}
			
			if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
			{
				self::error(_ERROR_NICKNAMEINUSE);
			}
			
			if ( $password != $repeatpassword )
			{
				self::error(_ERROR_PASSWORDMISMATCH);
			}
			
			if ( $password && (i18n::strlen($password) < 6) )
			{
				self::error(_ERROR_PASSWORDTOOSHORT);
			}
				
			if ( $password )
			{
				$pwdvalid = true;
				$pwderror = '';
				
				$data = array(
					'password'     => $password,
					'errormessage' => &$pwderror,
					'valid'        => &$pwdvalid
				);
				$manager->notify('PrePasswordSet', $data);
				
				if ( !$pwdvalid )
				{
					self::error($pwderror);
				}
			}
		}
		
		if ( !NOTIFICATION::address_validation($email) )
		{
			self::error(_ERROR_BADMAILADDRESS);
		}
		if ( !$realname )
		{
			self::error(_ERROR_REALNAMEMISSING);
		}
		if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
		{
			self::error(_ERROR_NOSUCHTRANSLATION);
		}
		
		// check if there will remain at least one site member with both the logon and admin rights
		// (check occurs when taking away one of these rights from such a member)
		if (	(!$admin && $mem->isAdmin() && $mem->canLogin())
			||	(!$canlogin && $mem->isAdmin() && $mem->canLogin())
			)
		{
			$r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
			if ( sql_num_rows($r) < 2 )
			{
				self::error(_ERROR_ATLEASTONEADMIN);
			}
		}
		
		if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
		{
			$mem->setDisplayName($name);
			if ( $password )
			{
				$mem->setPassword($password);
			}
		}
		
		$oldEmail = $mem->getEmail();
		
		$mem->setRealName($realname);
		$mem->setEmail($email);
		$mem->setURL($url);
		$mem->setNotes($notes);
		$mem->setLocale($locale);
		
		// only allow super-admins to make changes to the admin status
		if ( $member->isAdmin() )
		{
			$mem->setAdmin($admin);
			$mem->setCanLogin($canlogin);
		}
		
		$autosave = postVar('autosave');
		$mem->setAutosave($autosave);
		
		$mem->write();
		
		// store plugin options
		$aOptions = requestArray('plugoption');
		NucleusPlugin::apply_plugin_options($aOptions);
		$data = array(
			'context'  => 'member',
			'memberid' => $memberid,
			'member'   => &$mem
		);
		$manager->notify('PostPluginOptionsUpdate', $data);
		
		// if email changed, generate new password
		if ( $oldEmail != $mem->getEmail() )
		{
			$mem->sendActivationLink('addresschange', $oldEmail);
			// logout member
			$mem->newCookieKey();
			
			// only log out if the member being edited is the current member.
			if ( $member->getID() == $memberid )
			{
				$member->logout();
			}
			self::$action_login(_MSG_ACTIVATION_SENT, 0);
			return;
		}
		
		if ( ($mem->getID() == $member->getID())
			&& ($mem->getDisplayName() != $member->getDisplayName()) )
		{
			$mem->newCookieKey();
			$member->logout();
			self::$action_login(_MSG_LOGINAGAIN, 0);
		}
		else
		{
			self::$action_overview(_MSG_SETTINGSCHANGED);
		}
		return;
	}

	/**
	 * Admin::action_memberadd()
	 * 
	 * @param	void
	 * @return	void
	 * 
	 */
	static private function action_memberadd()
	{
		global $member, $manager;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		if ( postVar('password') != postVar('repeatpassword') )
		{
			self::error(_ERROR_PASSWORDMISMATCH);
		}
		
		if ( i18n::strlen(postVar('password')) < 6 )
		{
			self::error(_ERROR_PASSWORDTOOSHORT);
		}
		
		$res = Member::create(
			postVar('name'),
			postVar('realname'),
			postVar('password'),
			postVar('email'),
			postVar('url'),
			postVar('admin'),
			postVar('canlogin'),
			postVar('notes')
		);
		
		if ( $res != 1 )
		{
			self::error($res);
		}
		
		// fire PostRegister event
		$newmem = new Member();
		$newmem->readFromName(postVar('name'));
		$data = array(
			'member' => &$newmem
		);
		$manager->notify('PostRegister', $data);
		
		self::$action_usermanagement();
		return;
	}
	
	/**
	 * Admin::action_activate()
	 * Account activation
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_activate()
	{
		$key = getVar('key');
		self::showActivationPage($key);
		return;
	}
	
	/**
	 * Admin::showActivationPage()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function showActivationPage($key, $message = '')
	{
		global $manager;
		
		// clean up old activation keys
		Member::cleanupActivationTable();
		
		// get activation info
		$info = Member::getActivationInfo($key);
		
		if ( !$info )
		{
			self::error(_ERROR_ACTIVATE);
		}
		
		$mem = Member::createFromId($info->vmember);
		
		if ( !$mem )
		{
			self::error(_ERROR_ACTIVATE);
		}
		
		/* TODO: we should consider to use the other way insterad of this */
		$_POST['ackey']					= $key;
		$_POST['bNeedsPasswordChange']	= TRUE;
		
		self::$headMess = $message;
		self::pagehead();
		self::$skin->parse('activate');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_activatesetpwd()
	 * Account activation - set password part
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_activatesetpwd()
	{
		global $manager;
		$key = postVar('key');
		
		// clean up old activation keys
		Member::cleanupActivationTable();
		
		// get activation info
		$info = Member::getActivationInfo($key);
		
		if ( !$info || ($info->type == 'addresschange') )
		{
			return self::showActivationPage($key, _ERROR_ACTIVATE);
		}
		
		$mem = Member::createFromId($info->vmember);
		
		if ( !$mem )
		{
			return self::showActivationPage($key, _ERROR_ACTIVATE);
		}
		
		$password		= postVar('password');
		$repeatpassword	= postVar('repeatpassword');
		
		if ( $password != $repeatpassword )
		{
			return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH);
		}
		
		if ( $password && (i18n::strlen($password) < 6) )
		{
			return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
		}
			
		if ( $password )
		{
			$pwdvalid = true;
			$pwderror = '';
			
			$data = array(
				'password'		=> $password,
				'errormessage'	=> &$pwderror,
				'valid'			=> &$pwdvalid
			);
			$manager->notify('PrePasswordSet', $data);
			if ( !$pwdvalid )
			{
				return self::showActivationPage($key,$pwderror);
			}
		}
		
		$error = '';
		
		$data = array(
			'type'   => 'activation',
			'member' => $mem,
			'error'  => &$error
		);
		$manager->notify('ValidateForm', $data);
		if ( $error != '' )
		{
			return self::showActivationPage($key, $error);
		}
		
		// set password
		$mem->setPassword($password);
		$mem->write();
		
		// do the activation
		Member::activate($key);
		
		self::pagehead();
		self::$skin->parse('activatesetpwd');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_manageteam()
	 * Manage team
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_manageteam()
	{
		global $member, $manager;
		
		$blogid = intRequestVar('blogid');
		
		// check if allowed
		$member->blogAdminRights($blogid) or self::disallow();
		
		self::pagehead();
		self::$skin->parse('manageteam');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_teamaddmember()
	 * Add member to team
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_teamaddmember()
	{
		global $member, $manager;
		
		$memberid	= intPostVar('memberid');
		$blogid		= intPostVar('blogid');
		$admin		= intPostVar('admin');
		
		// check if allowed
		$member->blogAdminRights($blogid) or self::disallow();
		
		$blog =& $manager->getBlog($blogid);
		if ( !$blog->addTeamMember($memberid, $admin) )
		{
			self::error(_ERROR_ALREADYONTEAM);
		}
		
		self::$action_manageteam();
		return;
	}
	
	/**
	 * Admin::action_teamdelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_teamdelete()
	{
		global $member, $manager;
		
		$memberid	= intRequestVar('memberid');
		$blogid		= intRequestVar('blogid');
		
		// check if allowed
		$member->blogAdminRights($blogid) or self::disallow();
		
		$teammem =  Member::createFromID($memberid);
		$blog =& $manager->getBlog($blogid);
		
		self::pagehead();
		self::$skin->parse('teamdelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_teamdeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_teamdeleteconfirm()
	{
		global $member;
		
		$memberid = intRequestVar('memberid');
		$blogid = intRequestVar('blogid');
		
		$error = self::deleteOneTeamMember($blogid, $memberid);
		if ( $error )
		{
			self::error($error);
		}
		self::$action_manageteam();
		return;
	}
	
	/**
	 * Admin::deleteOneTeamMember()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function deleteOneTeamMember($blogid, $memberid)
	{
		global $member, $manager;
		
		$blogid   = intval($blogid);
		$memberid = intval($memberid);
		
		// check if allowed
		if ( !$member->blogAdminRights($blogid) )
		{
			return _ERROR_DISALLOWED;
		}
		
		// check if: - there remains at least one blog admin
		//           - (there remains at least one team member)
		$tmem = Member::createFromID($memberid);
		
		
		$data = array(
			'member' => &$tmem,
			'blogid' => $blogid
		);		$manager->notify('PreDeleteTeamMember', $data);
		
		if ( $tmem->isBlogAdmin($blogid) )
		{
			/* TODO: why we did double check? */
			// check if there are more blog members left and at least one admin
			// (check for at least two admins before deletion)
			$query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;";
			$query = sprintf($query, sql_table('team'), (integer) $blogid);
			$r     = sql_query($query);
			if ( sql_num_rows($r) < 2 )
			{
				return _ERROR_ATLEASTONEBLOGADMIN;
			}
		}
		
		$query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;";
		$query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid);
		sql_query($query);
		
		$data = array(
			'member' => &$tmem,
			'blogid' => $blogid
		);
		$manager->notify('PostDeleteTeamMember', $data);
		
		return '';
	}
	
	/**
	 * Admin::action_teamchangeadmin()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_teamchangeadmin()
	{
		global $member;
		
		$blogid		= intRequestVar('blogid');
		$memberid	= intRequestVar('memberid');
		
		// check if allowed
		$member->blogAdminRights($blogid) or self::disallow();
		
		$mem = Member::createFromID($memberid);
		
		// don't allow when there is only one admin at this moment
		if ( $mem->isBlogAdmin($blogid) )
		{
			$query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;";
			$query = sprintf($query, sql_table('team'), (integer) $blogid);
			$r = sql_query($query);
			if ( sql_num_rows($r) == 1 )
			{
				self::error(_ERROR_ATLEASTONEBLOGADMIN);
			}
		}
		
		if ( $mem->isBlogAdmin($blogid) )
		{
			$newval = 0;
		}
		else
		{
			$newval = 1;
		}
		
		$query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;";
		$query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid);
		sql_query($query);
		
		// only show manageteam if member did not change its own admin privileges
		if ( $member->isBlogAdmin($blogid) )
		{
			self::$action_manageteam();
		}
		else
		{
			self::$action_overview(_MSG_ADMINCHANGED);
		}
		return;
	}
	
	/**
	 * Admin::action_blogsettings()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_blogsettings()
	{
		global $member, $manager;
		
		$blogid = intRequestVar('blogid');
		
		// check if allowed
		$member->blogAdminRights($blogid) or self::disallow();
		
		$blog =& $manager->getBlog($blogid);
		
		$extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
		self::pagehead($extrahead);
		self::$skin->parse('blogsettings');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_categorynew()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_categorynew()
	{
		global $member, $manager;
		
		$blogid = intRequestVar('blogid');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		$cname = postVar('cname');
		$cdesc = postVar('cdesc');
		
		if ( !isValidCategoryName($cname) )
		{
			self::error(_ERROR_BADCATEGORYNAME);
		}
		
		$query = "SELECT * FROM %s WHERE cname='%s' AND cblog=%d;";
		$query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), (integer) $blogid);
		$res = sql_query($query);
		if ( sql_num_rows($res) > 0 )
		{
			self::error(_ERROR_DUPCATEGORYNAME);
		}
		
		$blog		=& $manager->getBlog($blogid);
		$newCatID	=  $blog->createNewCategory($cname, $cdesc);
		
		self::$action_blogsettings();
		return;
	}
	
	/**
	 * Admin::action_categoryedit()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_categoryedit($catid = '', $blogid = '', $desturl = '')
	{
		global $member, $manager;
		
		if ( $blogid == '' )
		{
			$blogid = intGetVar('blogid');
		}
		else
		{
			$blogid = intval($blogid);
		}
		if ( $catid == '' )
		{
			$catid = intGetVar('catid');
		}
		else
		{
			$catid = intval($catid);
		}
		
		/* TODO: we should consider to use the other way insterad of this */
		$_REQUEST['blogid']		= $blogid;
		$_REQUEST['catid']		= $catid;
		$_REQUEST['desturl']	= $desturl;
		$member->blogAdminRights($blogid) or self::disallow();
		
		$extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';
		self::pagehead($extrahead);
		self::$skin->parse('categoryedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_categoryupdate()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_categoryupdate()
	{
		global $member, $manager;
		
		$blogid		= intPostVar('blogid');
		$catid		= intPostVar('catid');
		$cname		= postVar('cname');
		$cdesc		= postVar('cdesc');
		$desturl	= postVar('desturl');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		if ( !isValidCategoryName($cname) )
		{
			self::error(_ERROR_BADCATEGORYNAME);
		}
		
		$query	= "SELECT * FROM %s WHERE cname='%s' AND cblog=%d AND not(catid=%d);";
		$query	= sprintf($query, sql_table('category'), sql_real_escape_string($cname), (integer) $blogid, (integer) $catid);
		$res	= sql_query($query);
		if ( sql_num_rows($res) > 0 )
		{
			self::error(_ERROR_DUPCATEGORYNAME);
		}
		
		$query =  "UPDATE %s SET cname='%s', cdesc='%s' WHERE catid=%d;";
		$query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), sql_real_escape_string($cdesc), (integer) $catid);
		sql_query($query);
		
		// store plugin options
		$aOptions = requestArray('plugoption');
		NucleusPlugin::apply_plugin_options($aOptions);
		$data = array(
			'context'	=> 'category',
			'catid'		=> $catid
		);
		$manager->notify('PostPluginOptionsUpdate', $data);
		
		if ( $desturl )
		{
			redirect($desturl);
			exit;
		}
		else
		{
			self::$action_blogsettings();
		}
		return;
	}
	
	/**
	 * Admin::action_categorydelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_categorydelete()
	{
		global $member, $manager;
		
		$blogid	= intRequestVar('blogid');
		$catid	= intRequestVar('catid');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		$blog =& $manager->getBlog($blogid);
		
		// check if the category is valid
		if ( !$blog->isValidCategory($catid) )
		{
			self::error(_ERROR_NOSUCHCATEGORY);
		}
		
		// don't allow deletion of default category
		if ( $blog->getDefaultCategory() == $catid )
		{
			self::error(_ERROR_DELETEDEFCATEGORY);
		}
		
		// check if catid is the only category left for blogid
		$query = "SELECT catid FROM %s WHERE cblog=%d;";
		$query = sprintf($query, sql_table('category'), $blogid);
		$res = sql_query($query);
		if ( sql_num_rows($res) == 1 )
		{
			self::error(_ERROR_DELETELASTCATEGORY);
		}
		
		self::pagehead();
		self::$skin->parse('categorydelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_categorydeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_categorydeleteconfirm()
	{
		global $member, $manager;
		
		$blogid = intRequestVar('blogid');
		$catid  = intRequestVar('catid');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		$error = self::deleteOneCategory($catid);
		if ( $error )
		{
			self::error($error);
		}
		
		self::$action_blogsettings();
		return;
	}
	
	/**
	 * Admin::deleteOneCategory()
	 * Delete a category by its id
	 * 
	 * @param	String	$catid	category id for deleting
	 * @return	Void
	 */
	static private function deleteOneCategory($catid)
	{
		global $manager, $member;
		
		$catid  = intval($catid);
		$blogid = getBlogIDFromCatID($catid);
		
		if ( !$member->blogAdminRights($blogid) )
		{
			return ERROR_DISALLOWED;
		}
		
		// get blog
		$blog =& $manager->getBlog($blogid);
		
		// check if the category is valid
		if ( !$blog || !$blog->isValidCategory($catid) )
		{
			return _ERROR_NOSUCHCATEGORY;
		}
		
		$destcatid = $blog->getDefaultCategory();
		
		// don't allow deletion of default category
		if ( $blog->getDefaultCategory() == $catid )
		{
			return _ERROR_DELETEDEFCATEGORY;
		}
		
		// check if catid is the only category left for blogid
		$query = "SELECT catid FROM %s WHERE cblog=%d;";
		$query = sprintf(sql_table('category'), (integer) $blogid);
		
		$res = sql_query($query);
		if ( sql_num_rows($res) == 1 )
		{
			return _ERROR_DELETELASTCATEGORY;
		}
		
		$data = array('catid' => $catid);
		$manager->notify('PreDeleteCategory', $data);
		
		// change category for all items to the default category
		$query = "UPDATE %s SET icat=%d WHERE icat=%d;";
		$query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid);
		sql_query($query);
		
		// delete all associated plugin options
		NucleusPlugin::delete_option_values('category', $catid);
		
		// delete category
		$query = "DELETE FROM %s WHERE catid=%d;";
		$query = sprintf($query, (integer) $catid);
		sql_query($query);
		
		$data = array('catid' => $catid);
		$manager->notify('PostDeleteCategory', $data);
		return;
	}
	
	/**
	 * Admin::action_blogsettingsupdate
	 * Updating blog settings
	 * 
	 * @param	Void
	 * @return	Void
	 */
	static private function action_blogsettingsupdate()
	{
		global $member, $manager;
		
		$blogid = intRequestVar('blogid');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		$blog =& $manager->getBlog($blogid);
		
		$notify_address	= trim(postVar('notify'));
		$shortname		= trim(postVar('shortname'));
		$updatefile		= trim(postVar('update'));
		
		$notifyComment	= intPostVar('notifyComment');
		$notifyVote		= intPostVar('notifyVote');
		$notifyNewItem	= intPostVar('notifyNewItem');
		
		if ( $notifyComment == 0 )
		{
			$notifyComment = 1;
		}
		if ( $notifyVote == 0 )
		{
			$notifyVote = 1;
		}
		if ( $notifyNewItem == 0 )
		{
			$notifyNewItem = 1;
		}
		$notifyType = $notifyComment * $notifyVote * $notifyNewItem;
		
		if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
		{
			self::error(_ERROR_BADNOTIFY);
		}
		
		if ( !isValidShortName($shortname) )
		{
			self::error(_ERROR_BADSHORTBLOGNAME);
		}
		
		if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
		{
			self::error(_ERROR_DUPSHORTBLOGNAME);
		}
		// check if update file is writable
		if ( $updatefile && !is_writeable($updatefile) )
		{
			self::error(_ERROR_UPDATEFILE);
		}
		
		$blog->setName(trim(postVar('name')));
		$blog->setShortName($shortname);
		$blog->setNotifyAddress($notify_address);
		$blog->setNotifyType($notifyType);
		$blog->setMaxComments(postVar('maxcomments'));
		$blog->setCommentsEnabled(postVar('comments'));
		$blog->setTimeOffset(postVar('timeoffset'));
		$blog->setUpdateFile($updatefile);
		$blog->setURL(trim(postVar('url')));
		$blog->setDefaultSkin(intPostVar('defskin'));
		$blog->setDescription(trim(postVar('desc')));
		$blog->setPublic(postVar('public'));
		$blog->setConvertBreaks(intPostVar('convertbreaks'));
		$blog->setAllowPastPosting(intPostVar('allowpastposting'));
		$blog->setDefaultCategory(intPostVar('defcat'));
		$blog->setSearchable(intPostVar('searchable'));
		$blog->setEmailRequired(intPostVar('reqemail'));
		$blog->writeSettings();
		
		// store plugin options
		$aOptions = requestArray('plugoption');
		NucleusPlugin::apply_plugin_options($aOptions);
		
		$data = array(
			'context' => 'blog',
			'blogid'  => $blogid,
			'blog'    => &$blog
		);
		$manager->notify('PostPluginOptionsUpdate', $data);
		
		self::$action_overview(_MSG_SETTINGSCHANGED);
		return;
	}
	
	/**
	 * Admin::action_deleteblog()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_deleteblog()
	{
		global $member, $CONF, $manager;
		
		$blogid = intRequestVar('blogid');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		// check if blog is default blog
		if ( $CONF['DefaultBlog'] == $blogid )
		{
			self::error(_ERROR_DELDEFBLOG);
		}
		
		$blog =& $manager->getBlog($blogid);
		
		self::pagehead();
		self::$skin->parse('deleteblog');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_deleteblogconfirm()
	 * Delete Blog
	 * 
	 * @param	Void
	 * @return	Void
	 */
	static private function action_deleteblogconfirm()
	{
		global $member, $CONF, $manager;
		
		$blogid = intRequestVar('blogid');
		
		$data = array('blogid' => $blogid);
		$manager->notify('PreDeleteBlog', $data);
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		// check if blog is default blog
		if ( $CONF['DefaultBlog'] == $blogid )
		{
			self::error(_ERROR_DELDEFBLOG);
		}
		
		// delete all comments
		$query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
		sql_query($query);
		
		// delete all items
		$query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
		sql_query($query);
		
		// delete all team members
		$query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
		sql_query($query);
		
		// delete all bans
		$query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
		sql_query($query);
		
		// delete all categories
		$query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
		sql_query($query);
		
		// delete all associated plugin options
		NucleusPlugin::delete_option_values('blog', $blogid);
		
		// delete the blog itself
		$query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
		sql_query($query);
		
		$data = array('blogid' => $blogid);
		$manager->notify('PostDeleteBlog', $data);
		
		self::$action_overview(_DELETED_BLOG);
		return;
	}
	
	/**
	 * Admin::action_memberdelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_memberdelete()
	{
		global $member, $manager;
		
		$memberid = intRequestVar('memberid');
		
		($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
		
		$mem = Member::createFromID($memberid);
		
		self::pagehead();
		self::$skin->parse('memberdelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_memberdeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_memberdeleteconfirm()
	{
		global $member;
		
		$memberid = intRequestVar('memberid');
		
		($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
		
		$error = self::deleteOneMember($memberid);
		if ( $error )
		{
			self::error($error);
		}
		
		if ( $member->isAdmin() )
		{
			self::$action_usermanagement();
		}
		else
		{
			self::$action_overview(_DELETED_MEMBER);
		}
		return;
	}
	
	/**
	 * Admin::deleteOneMember()
	 * Delete a member by id
	 * 
	 * @static
	 * @params	Integer	$memberid	member id
	 * @return	String	null string or error messages
	 */
	static private function deleteOneMember($memberid)
	{
		global $manager;
		
		$memberid = intval($memberid);
		$mem = Member::createFromID($memberid);
		
		if ( !$mem->canBeDeleted() )
		{
			return _ERROR_DELETEMEMBER;
		}
		
		$data = array('member' => &$mem);
		$manager->notify('PreDeleteMember', $data);
		
		/* unlink comments from memberid */
		if ( $memberid )
		{
			$query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d;";
			$query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid);
			sql_query($query);
		}
		
		$query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
		sql_query($query);
		
		$query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
		sql_query($query);
		
		$query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
		sql_query($query);
		
		// delete all associated plugin options
		NucleusPlugin::delete_option_values('member', $memberid);
		
		$data = array('member' => &$mem);
		$manager->notify('PostDeleteMember', $data);
		
		return '';
	}
	
	/**
	 * Admin::action_createnewlog()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_createnewlog()
	{
		global $member, $CONF, $manager;
		
		// Only Super-Admins can do this
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('createnewlog');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_addnewlog()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_addnewlog()
	{
		global $member, $manager, $CONF;
		
		// Only Super-Admins can do this
		$member->isAdmin() or self::disallow();
		
		$bname			= trim(postVar('name'));
		$bshortname		= trim(postVar('shortname'));
		$btimeoffset	= postVar('timeoffset');
		$bdesc			= trim(postVar('desc'));
		$bdefskin		= postVar('defskin');
		
		if ( !isValidShortName($bshortname) )
		{
			self::error(_ERROR_BADSHORTBLOGNAME);
		}
		
		if ( $manager->existsBlog($bshortname) )
		{
			self::error(_ERROR_DUPSHORTBLOGNAME);
		}
		
		$data = array(
			'name'        => &$bname,
			'shortname'   => &$bshortname,
			'timeoffset'  => &$btimeoffset,
			'description' => &$bdesc,
			'defaultskin' => &$bdefskin
		);
		$manager->notify('PreAddBlog', $data);
		
		// add slashes for sql queries
		$bname			= sql_real_escape_string($bname);
		$bshortname		= sql_real_escape_string($bshortname);
		$btimeoffset	= sql_real_escape_string($btimeoffset);
		$bdesc			= sql_real_escape_string($bdesc);
		$bdefskin		= sql_real_escape_string($bdefskin);
		
		// create blog
		$query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('%s', '%s', '%s', '%s', '%s');";
		$query = sprintf(sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin);
		sql_query($query);
		
		$blogid =  sql_insert_id();
		$blog   =& $manager->getBlog($blogid);
		
		// create new category
		$catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME);
		$catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC);
		
		$query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';
		sql_query(sprintf($query, sql_table('category'), (integer) $blogid, $catdefname, $catdefdesc));
		$catid = sql_insert_id();
		
		// set as default category
		$blog->setDefaultCategory($catid);
		$blog->writeSettings();
		
		// create team member
		$query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);";
		$query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid);
		sql_query($query);
		
		$itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
		$itemdefbody  = (defined('_EBLOG_FIRSTITEM_BODY')  ? _EBLOG_FIRSTITEM_BODY  : 'This is the first item in your weblog. Feel free to delete it.');
		
		$blog->additem(
			$blog->getDefaultCategory(),
			$itemdeftitle,$itemdefbody,
			'',
			$blogid,
			$member->getID(),
			$blog->getCorrectTime(),
			0,
			0,
			0
		);
		
		$data = array('blog' => &$blog);
		$manager->notify('PostAddBlog', $data);
		
		$data = array(
			'blog'			=> &$blog,
			'name'			=> _EBLOGDEFAULTCATEGORY_NAME,
			'description'	=> _EBLOGDEFAULTCATEGORY_DESC,
			'catid'			=> $catid
		);
		$manager->notify('PostAddCategory', $data);
		
		/* TODO: we should consider to use the other way insterad of this */
		$_REQUEST['blogid'] = $blogid;
		$_REQUEST['catid']  = $catid;
		self::pagehead();
		self::$skin->parse('addnewlog');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_addnewlog2()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_addnewlog2()
	{
		global $member, $manager;
		$blogid = intRequestVar('blogid');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		$burl = requestVar('url');
		
		$blog =& $manager->getBlog($blogid);
		$blog->setURL(trim($burl));
		$blog->writeSettings();
		
		self::$action_overview(_MSG_NEWBLOG);
		return;
	}
	
	/**
	 * Admin::action_skinieoverview()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinieoverview()
	{
		global $member, $DIR_LIBS, $manager;
		
		$member->isAdmin() or self::disallow();
		
		include_once($DIR_LIBS . 'skinie.php');
		
		self::pagehead();
		self::$skin->parse('skinieoverview');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_skinieimport()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinieimport()
	{
		global $member, $DIR_LIBS, $DIR_SKINS, $manager;
		
		$member->isAdmin() or self::disallow();
		
		// load skinie class
		include_once($DIR_LIBS . 'skinie.php');
		
		$skinFileRaw	= postVar('skinfile');
		$mode			= postVar('mode');
		
		$importer = new SkinImport();
		
		// get full filename
		if ($mode == 'file')
		{
			$skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
			
			/* TODO: remove this
			// backwards compatibilty (in v2.0, exports were saved as skindata.xml)
			if ( !file_exists($skinFile) )
			{
				$skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
			}
			 */
		}
		else
		{
			$skinFile = $skinFileRaw;
		}
		
		// read only metadata
		$error = $importer->readFile($skinFile, 1);
		
		/* TODO: we should consider to use the other way insterad of this */
		$_REQUEST['skininfo']	= $importer->getInfo();
		$_REQUEST['skinnames']	= $importer->getSkinNames();
		$_REQUEST['tpltnames']	= $importer->getTemplateNames();
		
		// clashes
		$skinNameClashe			= $importer->checkSkinNameClashes();
		$templateNameClashes	= $importer->checkTemplateNameClashes();
		$hasNameClashes			= (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
		
		/* TODO: we should consider to use the other way insterad of this */
		$_REQUEST['skinclashes'] = $skinNameClashes;
		$_REQUEST['tpltclashes'] = $templateNameClashes;
		$_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0;
		
		if ( $error )
		{
			self::error($error);
		}
		
		self::pagehead();
		self::$skin->parse('skinieimport');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_skiniedoimport()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skiniedoimport()
	{
		global $member, $DIR_LIBS, $DIR_SKINS;
		
		$member->isAdmin() or self::disallow();
		
		// load skinie class
		include_once($DIR_LIBS . 'skinie.php');
		
		$skinFileRaw	= postVar('skinfile');
		$mode			= postVar('mode');
		
		$allowOverwrite = intPostVar('overwrite');
		
		// get full filename
		if ( $mode == 'file' )
		{
			$skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml';
			
			/* TODO: remove this
			// backwards compatibilty (in v2.0, exports were saved as skindata.xml)
			if ( !file_exists($skinFile) )
			{
				$skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml';
			}
			*/
		}
		else
		{
			$skinFile = $skinFileRaw;
		}
		
		$importer = new SkinImport();
		
		$error = $importer->readFile($skinFile);
		
		if ( $error )
		{
			self::error($error);
		}
		
		$error = $importer->writeToDatabase($allowOverwrite);
		
		if ( $error )
		{
			self::error($error);
		}
		
		/* TODO: we should consider to use the other way insterad of this */
		$_REQUEST['skininfo']  = $importer->getInfo();
		$_REQUEST['skinnames'] = $importer->getSkinNames();
		$_REQUEST['tpltnames'] = $importer->getTemplateNames();
		
		self::pagehead();
		self::$skin->parse('skiniedoimport');
		self::pagefoot();
		return;
	}

	/**
	 * Admin::action_skinieexport()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinieexport()
	{
		global $member, $DIR_LIBS;
		
		$member->isAdmin() or self::disallow();
		
		// load skinie class
		include_once($DIR_LIBS . 'skinie.php');
		
		$aSkins		= requestIntArray('skin');
		$aTemplates	= requestIntArray('template');
		
		if ( !is_array($aTemplates) )
		{
			$aTemplates = array();
		}
		if ( !is_array($aSkins) )
		{
			$aSkins = array();
		}
		
		$skinList		= array_keys($aSkins);
		$templateList	= array_keys($aTemplates);
		
		$info = postVar('info');
		
		$exporter = new SkinExport();
		foreach ( $skinList as $skinId )
		{
			$exporter->addSkin($skinId);
		}
		foreach ($templateList as $templateId)
		{
			$exporter->addTemplate($templateId);
		}
		$exporter->setInfo($info);
		
		$exporter->export();
		return;
	}
	
	/**
	 * Admin::action_templateoverview()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_templateoverview()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('templateoverview');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_templateedit()
	 * 
	 * @param	string	$msg	message for pageheader
	 * @return	void
	 */
	static private function action_templateedit($msg = '')
	{
		global $member, $manager;
		if ( $msg )
		{
			self::$headMess = $msg;
		}
		
		$templateid = intRequestVar('templateid');
		
		$member->isAdmin() or self::disallow();
		
		$extrahead  = "<script type=\"text/javascript\" src=\"javascript/templateEdit.js\"></script>\n";
		$extrahead .= '<script type=\"text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . "\");</script>\n";
		
		self::pagehead($extrahead);
		self::$skin->parse('templateedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * TODO: remove this
	 *
	static private function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {
		static $count = 1;
		if (!isset($template[$name])) $template[$name] = '';
	?>
		</tr><tr>
			<td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>
			<td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo  Entity::hsc($template[$name]); ?></textarea></td>
	<?php       $count++;
	}
	*/
	
	/**
	 * Admin::action_templateupdate()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_templateupdate()
	{
		global $member,$manager;
		
		$templateid = intRequestVar('templateid');
		
		$member->isAdmin() or self::disallow();
		
		$name = postVar('tname');
		$desc = postVar('tdesc');
		
		if ( !isValidTemplateName($name) )
		{
			self::error(_ERROR_BADTEMPLATENAME);
		}
		
		if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
		{
			self::error(_ERROR_DUPTEMPLATENAME);
		}
		
		$name = sql_real_escape_string($name);
		$desc = sql_real_escape_string($desc);
		
		// 1. Remove all template parts
		$query = "DELETE FROM %s WHERE tdesc=%d;";
		$query = sprintf($query, sql_table('template'), (integer) $templateid);
		sql_query($query);
		
		// 2. Update description
		$query = "UPDATE %s SET tdname='%s',tddesc='%s' WHERE tdnumber=%d;";
		$query = sprintf($query, sql_real_escape_string($name), sql_real_escape_string($desc), (integer) $templateid);
		sql_query($query);
		
		// 3. Add non-empty template parts
		self::addToTemplate($templateid, 'ITEM_HEADER',			postVar('ITEM_HEADER'));
		self::addToTemplate($templateid, 'ITEM',				postVar('ITEM'));
		self::addToTemplate($templateid, 'ITEM_FOOTER',			postVar('ITEM_FOOTER'));
		self::addToTemplate($templateid, 'MORELINK',			postVar('MORELINK'));
		self::addToTemplate($templateid, 'EDITLINK',			postVar('EDITLINK'));
		self::addToTemplate($templateid, 'NEW',					postVar('NEW'));
		self::addToTemplate($templateid, 'COMMENTS_HEADER',		postVar('COMMENTS_HEADER'));
		self::addToTemplate($templateid, 'COMMENTS_BODY', 		postVar('COMMENTS_BODY'));
		self::addToTemplate($templateid, 'COMMENTS_FOOTER',		postVar('COMMENTS_FOOTER'));
		self::addToTemplate($templateid, 'COMMENTS_CONTINUED',	postVar('COMMENTS_CONTINUED'));
		self::addToTemplate($templateid, 'COMMENTS_TOOMUCH',	postVar('COMMENTS_TOOMUCH'));
		self::addToTemplate($templateid, 'COMMENTS_AUTH',		postVar('COMMENTS_AUTH'));
		self::addToTemplate($templateid, 'COMMENTS_ONE',		postVar('COMMENTS_ONE'));
		self::addToTemplate($templateid, 'COMMENTS_MANY',		postVar('COMMENTS_MANY'));
		self::addToTemplate($templateid, 'COMMENTS_NONE',		postVar('COMMENTS_NONE'));
		self::addToTemplate($templateid, 'ARCHIVELIST_HEADER',	postVar('ARCHIVELIST_HEADER'));
		self::addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
		self::addToTemplate($templateid, 'ARCHIVELIST_FOOTER',	postVar('ARCHIVELIST_FOOTER'));
		self::addToTemplate($templateid, 'BLOGLIST_HEADER',		postVar('BLOGLIST_HEADER'));
		self::addToTemplate($templateid, 'BLOGLIST_LISTITEM',	postVar('BLOGLIST_LISTITEM'));
		self::addToTemplate($templateid, 'BLOGLIST_FOOTER',		postVar('BLOGLIST_FOOTER'));
		self::addToTemplate($templateid, 'CATLIST_HEADER',		postVar('CATLIST_HEADER'));
		self::addToTemplate($templateid, 'CATLIST_LISTITEM',	postVar('CATLIST_LISTITEM'));
		self::addToTemplate($templateid, 'CATLIST_FOOTER',		postVar('CATLIST_FOOTER'));
		self::addToTemplate($templateid, 'DATE_HEADER',			postVar('DATE_HEADER'));
		self::addToTemplate($templateid, 'DATE_FOOTER',			postVar('DATE_FOOTER'));
		self::addToTemplate($templateid, 'FORMAT_DATE',			postVar('FORMAT_DATE'));
		self::addToTemplate($templateid, 'FORMAT_TIME',			postVar('FORMAT_TIME'));
		self::addToTemplate($templateid, 'LOCALE',				postVar('LOCALE'));
		self::addToTemplate($templateid, 'SEARCH_HIGHLIGHT',	postVar('SEARCH_HIGHLIGHT'));
		self::addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND'));
		self::addToTemplate($templateid, 'POPUP_CODE',			postVar('POPUP_CODE'));
		self::addToTemplate($templateid, 'MEDIA_CODE',			postVar('MEDIA_CODE'));
		self::addToTemplate($templateid, 'IMAGE_CODE',			postVar('IMAGE_CODE'));
		
		$data = array('fields' => array());
		$manager->notify('TemplateExtraFields', $data);
		foreach ( $data['fields'] as $pfkey=>$pfvalue )
		{
			foreach ( $pfvalue as $pffield => $pfdesc )
			{
				self::addToTemplate($templateid, $pffield, postVar($pffield));
			}
		}
		
		// jump back to template edit
		self::$action_templateedit(_TEMPLATE_UPDATED);
		return;
	}
	
	/**
	 * Admin::addToTemplate()
	 * 
	 * @param	Integer	$id	ID for template
	 * @param	String	$partname	parts name
	 * @param	String	$content	template contents
	 * @return	Integer	record index
	 * 
	 */
	static private function addToTemplate($id, $partname, $content)
	{
		// don't add empty parts:
		if ( !trim($content) )
		{
			return -1;
		}
		
		$partname = sql_real_escape_string($partname);
		$content  = sql_real_escape_string($content);
		
		$query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, '%s', '%s');";
		$query = sprintf($query, sql_table('template'), (integer) $id, $partname, $content);
		sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
		return sql_insert_id();
	}
	
	/**
	 * Admin::action_templatedelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_templatedelete()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		$templateid = intRequestVar('templateid');
		// TODO: check if template can be deleted
		
		self::pagehead();
		self::$skin->parse('templatedelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_templatedeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_templatedeleteconfirm()
	{
		global $member, $manager;
		
		$templateid = intRequestVar('templateid');
		
		$member->isAdmin() or self::disallow();
		
		$data = array('templateid' => $templateid);
		$manager->notify('PreDeleteTemplate', $data);
		
		// 1. delete description
		sql_query('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid);
		
		// 2. delete parts
		sql_query('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid);
		
		
		$data = array('templateid' => $templateid);
		$manager->notify('PostDeleteTemplate', $data);
		
		self::$action_templateoverview();
		return;
	}
	
	/**
	 * Admin::action_templatenew()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_templatenew()
	{
		global $member;
		
		$member->isAdmin() or self::disallow();
		
		$name = postVar('name');
		$desc = postVar('desc');
		
		if ( !isValidTemplateName($name) )
		{
			self::error(_ERROR_BADTEMPLATENAME);
		}
		
		if ( Template::exists($name) )
		{
			self::error(_ERROR_DUPTEMPLATENAME);
		}
		
		$newTemplateId = Template::createNew($name, $desc);
		
		self::$action_templateoverview();
		return;
	}
	
	/**
	 * Admin::action_templateclone()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_templateclone()
	{
		global $member;
		
		$templateid = intRequestVar('templateid');
		
		$member->isAdmin() or self::disallow();
		
		// 1. read old template
		$name = Template::getNameFromId($templateid);
		$desc = Template::getDesc($templateid);
		
		// 2. create desc thing
		$name = "cloned" . $name;
		
		// if a template with that name already exists:
		if ( Template::exists($name) )
		{
			$i = 1;
			while (Template::exists($name . $i))
			{
				$i++;
			}
			$name .= $i;
		}
		
		$newid = Template::createNew($name, $desc);
		
		// 3. create clone
		// go through parts of old template and add them to the new one
		$query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;";
		$query = sprintf($query, sql_table('template'), (integer) $templateid);
		
		$res = sql_query($query);
		while ( $o = sql_fetch_object($res) )
		{
			self::addToTemplate($newid, $o->tpartname, $o->tcontent);
		}
		
		self::$action_templateoverview();
		return;
	}
	
	/**
	 * Admin::action_admintemplateoverview()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_admintemplateoverview()
	{
		global $member, $manager;
		$member->isAdmin() or self::disallow();
		self::pagehead();
		self::$skin->parse('admntemplateoverview');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_admintemplateedit()
	 * 
	 * @param	string	$msg	message for pageheader
	 * @return	void
	 */
	static private function action_admintemplateedit($msg = '')
	{
		global $member, $manager;
		if ( $msg )
		{
			self::$headMess = $msg;
		}
		$member->isAdmin() or self::disallow();
		$extrahead  = "<script type=\"text/javascript\" src=\"javascript/templateEdit.js\"></script>\n";
		$extrahead .= '<script type="text/javascript">setTemplateEditText("' . sql_real_escape_string(_EDITTEMPLATE_EMPTY) . '");</script>' . "\n";
		self::pagehead($extrahead);
		self::$skin->parse('admintemplateedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_admintemplateupdate()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_admintemplateupdate()
	{
		global $member, $manager;
		$templateid = intRequestVar('templateid');
		$member->isAdmin() or self::disallow();
		$name = postVar('tname');
		$desc = postVar('tdesc');
		
		if ( !isValidTemplateName($name) )
		{
			self::error(_ERROR_BADTEMPLATENAME);
		}
		
		if ( (Template::getNameFromId($templateid) != $name) && Template::exists($name) )
		{
			self::error(_ERROR_DUPTEMPLATENAME);
		}
		$name = sql_real_escape_string($name);
		$desc = sql_real_escape_string($desc);
		
		// 1. Remove all template parts
		$query = "DELETE FROM %s WHERE tdesc=%d;";
		$query = sprintf($query, (integer) $templateid);
		sql_query($query);
		
		// 2. Update description
		$query = 'UPDATE %s SET tdname=%s tddesc=%s WHERE tdnumber=%d;';
		$query = sprintf($query, sql_real_escape_string($name), sql_real_escape_string($desc), (integer) $templateid);
		sql_query($query);
		
		// 3. Add non-empty template parts
		self::addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_HEAD',					postVar('ADMINSKINTYPELIST_HEAD'));
		self::addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_BODY',					postVar('ADMINSKINTYPELIST_BODY'));
		self::addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_FOOT',					postVar('ADMINSKINTYPELIST_FOOT'));
		self::addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ICON',				postVar('ADMIN_CUSTOMHELPLINK_ICON'));
		self::addToAdminTemplate($templateid, 'ADMIN_CUSTOMHELPLINK_ANCHOR',			postVar('ADMIN_CUSTOMHELPLINK_ANCHOR'));
		self::addToAdminTemplate($templateid, 'ADMIN_BLOGLINK',							postVar('ADMIN_BLOGLINK'));
		self::addToAdminTemplate($templateid, 'ADMIN_BATCHLIST',						postVar('ADMIN_BATCHLIST'));
		self::addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TITLE',					postVar('ACTIVATE_FORGOT_TITLE'));
		self::addToAdminTemplate($templateid, 'ACTIVATE_FORGOT_TEXT',					postVar('ACTIVATE_FORGOT_TEXT'));
		self::addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TITLE',				postVar('ACTIVATE_REGISTER_TITLE'));
		self::addToAdminTemplate($templateid, 'ACTIVATE_REGISTER_TEXT',					postVar('ACTIVATE_REGISTER_TEXT'));
		self::addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TITLE',					postVar('ACTIVATE_CHANGE_TITLE'));
		self::addToAdminTemplate($templateid, 'ACTIVATE_CHANGE_TEXT',					postVar('ACTIVATE_CHANGE_TEXT'));
		self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_EXPLUGNAME',				postVar('TEMPLATE_EDIT_EXPLUGNAME'));
		self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_HEAD',					postVar('TEMPLATE_EDIT_ROW_HEAD'));
		self::addToAdminTemplate($templateid, 'TEMPLATE_EDIT_ROW_TAIL',					postVar('TEMPLATE_EDIT_ROW_TAIL'));
		self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_HEAD',					postVar('SPECIALSKINLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_BODY',					postVar('SPECIALSKINLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SPECIALSKINLIST_FOOT',					postVar('SPECIALSKINLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SYSTEMINFO_GDSETTINGS',					postVar('SYSTEMINFO_GDSETTINGS'));
		self::addToAdminTemplate($templateid, 'BANLIST_DELETED_LIST',					postVar('BANLIST_DELETED_LIST'));
		self::addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_TITLE',				postVar('INSERT_PLUGOPTION_TITLE'));
		self::addToAdminTemplate($templateid, 'INSERT_PLUGOPTION_BODY',					postVar('INSERT_PLUGOPTION_BODY'));
		self::addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_ADMIN',				postVar('INPUTYESNO_TEMPLATE_ADMIN'));
		self::addToAdminTemplate($templateid, 'INPUTYESNO_TEMPLATE_NORMAL',				postVar('INPUTYESNO_TEMPLATE_NORMAL'));
		self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_HEAD',				postVar('ADMIN_SPECIALSKINLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_BODY',				postVar('ADMIN_SPECIALSKINLIST_BODY'));
		self::addToAdminTemplate($templateid, 'ADMIN_SPECIALSKINLIST_FOOT',				postVar('ADMIN_SPECIALSKINLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SKINIE_EXPORT_LIST',						postVar('SKINIE_EXPORT_LIST'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_HEAD',			postVar('SHOWLIST_LISTPLUG_SELECT_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_BODY',			postVar('SHOWLIST_LISTPLUG_SELECT_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_SELECT_FOOT',			postVar('SHOWLIST_LISTPLUG_SELECT_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_HEAD',			postVar('SHOWLIST_LISTPLUG_TABLE_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BODY',			postVar('SHOWLIST_LISTPLUG_TABLE_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_FOOT',			postVar('SHOWLIST_LISTPLUG_TABLE_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_MEMBLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_TEAMLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_GURL'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGEVENTLIST'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGNEDUPDATE'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPEND'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGIN_DEPREQ'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLISTFALSE'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ACTN'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_ADMN'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_HELP'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO',	postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OYESNO'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD',	postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OPWORD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP',	postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEP'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO',	postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEO'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC',	postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OSELEC'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA',	postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OTAREA'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT',	postVar('SHOWLIST_LISTPLUG_TABLE_PLGOPT_OITEXT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_PLUGOPTN_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_ITEMLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN',	postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_ABAN'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_CMNTLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM',	postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_TADM'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM',	postVar('SHOWLIST_LISTPLUG_TABLE_BLIST_BD_SADM'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_BLOGLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_BLOGSNAM_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_SHORTNAM_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_CATELIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_TPLTLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_SKINLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_DRFTLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_ACTNLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD',	postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_HEAD'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY',	postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_BODY'));
		self::addToAdminTemplate($templateid, 'SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT',	postVar('SHOWLIST_LISTPLUG_TABLE_IBANLIST_FOOT'));
		self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_TITLE',					postVar('PLUGIN_QUICKMENU_TITLE'));
		self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_HEAD',					postVar('PLUGIN_QUICKMENU_HEAD'));
		self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_BODY',					postVar('PLUGIN_QUICKMENU_BODY'));
		self::addToAdminTemplate($templateid, 'PLUGIN_QUICKMENU_FOOT',					postVar('PLUGIN_QUICKMENU_FOOT'));
		
		$data = array('fields' => array());
		$manager->notify('TemplateExtraFields', $data);
		foreach ( $data['fields'] as $pfkey => $pfvalue )
		{
			foreach ( $pfvalue as $pffield => $pfdesc )
			{
				self::addToAdminTemplate($templateid, $pffield, postVar($pffield));
			}
		}
		
		// jump back to template edit
		self::$action_admintemplateedit(_TEMPLATE_UPDATED);
		return;
	}
	
	/**
	 * Admin::addToAdminTemplate()
	 * 
	 * @param	integer	$id			ID for template
	 * @param	string	$partname	name of part for template
	 * @param	void	$contents	content for part of template
	 * @return	integer	ID for newly inserted Template
	 */
	static private function addToAdminTemplate($id, $partname, $content)
	{
		// don't add empty parts:
		if ( !trim($content) )
		{
			return -1;
		}
		
		$query = "INSERT INTO (tdesc, tpartname, tcontent ) VALUES (%d, '%s', '%s');";
		$query = sprintf($query, sql_table('template'), (integer) $id, sql_real_escape_string($partname), sql_real_escape_string($contents));
		sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
		return sql_insert_id();
	}
	
	/**
	 * Admin::action_admintemplatedelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_admintemplatedelete()
	{
		global $member, $manager;
		$member->isAdmin() or self::disallow();
		
		// TODO: check if template can be deleted
		self::pagehead();
		self::$skin->parse('admintemplatedelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_admintemplatedeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_admintemplatedeleteconfirm()
	{
		global $member, $manager;
		
		$templateid = intRequestVar('templateid');
		$member->isAdmin() or self::disallow();
		
		$data = array('templateid' => $templateid);
		$manager->notify('PreDeleteAdminTemplate', $data);
		
		// 1. delete description
		$query = "DELETE FROM %s WHERE tdnumber=%s;";
		$query = sprintf($query, sql_table('template_desc'), (integer) $templateid);
		sql_query($query);
		
		// 2. delete parts
		$query = "DELETE FROM %s WHERE tdesc=%d;";
		$query = sprintf($query, sql_table('template'), (integer) $templateid);
		sql_query();
		
		$data = array('templateid' => $templateid);
		$manager->notify('PostDeleteAdminTemplate', $data);
		
		self::$action_admintemplateoverview();
		return;
	}
	
	/**
	 * Admin::action_admintemplatenew()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_admintemplatenew()
	{
		global $member;
		$member->isAdmin() or self::disallow();
		$name = postVar('name');
		$desc = postVar('desc');
		
		if ( !isValidTemplateName($name) )
		{
			self::error(_ERROR_BADTEMPLATENAME);
		}
		if ( Template::exists($name) )
		{
			self::error(_ERROR_DUPTEMPLATENAME);
		}
		
		$newTemplateId = Template::createNew($name, $desc);
		self::$action_admintemplateoverview();
		return;
	}
	
	/**
	 * Admin::action_admintemplateclone()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_admintemplateclone()
	{
		global $member;
		$templateid = intRequestVar('templateid');
		$member->isAdmin() or self::disallow();
		
		// 1. read old template
		$name = Template::getNameFromId($templateid);
		$desc = Template::getDesc($templateid);
		
		// 2. create desc thing
		$name = "cloned" . $name;
		
		// if a template with that name already exists:
		if ( Template::exists($name) )
		{
			$i = 1;
			while ( Template::exists($name . $i) )
			{
				$i++;
			}
			$name .= $i;
		}
		
		$newid = Template::admincreateNew($name, $desc);
		
		// 3. create clone
		// go through parts of old template and add them to the new one
		$query = "SELECT tpartname, tcontent FROM %sWHERE tdesc=%d;";
		$query = sprintf($query, sql_table('template'), (integer) $templateid);
		
		$res = sql_query($query);
		while ( $o = sql_fetch_object($res) )
		{
			self::addToAdminTemplate($newid, $o->tpartname, $o->tcontent);
		}
		
		self::$action_admintemplateoverview();
		return;
	}

	/**
	 * Admin::action_skinoverview()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinoverview()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('skinoverview');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_skinnew()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinnew()
	{
		global $member;
		
		$member->isAdmin() or self::disallow();
		
		$name = trim(postVar('name'));
		$desc = trim(postVar('desc'));
		
		if ( !isValidSkinName($name) )
		{
			self::error(_ERROR_BADSKINNAME);
		}
		
		if ( SKIN::exists($name) )
		{
			self::error(_ERROR_DUPSKINNAME);
		}
		
		$newId = SKIN::createNew($name, $desc);
		
		self::$action_skinoverview();
		return;
	}
	
	/**
	 * Admin::action_skinedit()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinedit()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('skinedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_skineditgeneral()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skineditgeneral()
	{
		global $member;
		
		$skinid = intRequestVar('skinid');
		
		$member->isAdmin() or self::disallow();
		
		$name		= postVar('name');
		$desc		= postVar('desc');
		$type		= postVar('type');
		$inc_mode	= postVar('inc_mode');
		$inc_prefix	= postVar('inc_prefix');
		
		$skin = new Skin($skinid);
		
		// 1. Some checks
		if ( !isValidSkinName($name) )
		{
			self::error(_ERROR_BADSKINNAME);
		}
		
		if ( ($skin->getName() != $name) && SKIN::exists($name) )
		{
			self::error(_ERROR_DUPSKINNAME);
		}
		
		if ( !$type )
		{
			$type = 'text/html';
		}
		if ( !$inc_mode )
		{
			$inc_mode = 'normal';
		}
		
		// 2. Update description
		$skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
		
		self::$action_skinedit();
		return;
	}
	
	static private function action_skinedittype($msg = '')
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		if ( $msg )
		{
			self::$headMess = $msg;
		}
		
		$skinid	= intRequestVar('skinid');
		$type	= requestVar('type');
		$type	= trim($type);
		$type	= strtolower($type);
		
		if ( !isValidShortName($type) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
		}
		
		self::pagehead();
		self::$skin->parse('skinedittype');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_skinupdate()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinupdate()
	{
		global $member;
		
		$skinid = intRequestVar('skinid');
		$content = trim(postVar('content'));
		$type = postVar('type');
		
		$member->isAdmin() or self::disallow();
		
		$skin = new SKIN($skinid);
		$skin->update($type, $content);
		
		self::$action_skinedittype(_SKIN_UPDATED);
		return;
	}
	
	/**
	 * Admin::action_skindelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skindelete()
	{
		global $member, $manager, $CONF;
		
		$skinid = intRequestVar('skinid');
		
		$member->isAdmin() or self::disallow();
		
		// don't allow default skin to be deleted
		if ( $skinid == $CONF['BaseSkin'] )
		{
			self::error(_ERROR_DEFAULTSKIN);
		}
		
		// don't allow deletion of default skins for blogs
		$query = "SELECT bname FROM %s WHERE bdefskin=%d";
		$query = sprintf($query, sql_table('blog'), (integer) $skinid);
		
		$r = sql_query($query);
		if ( $o = sql_fetch_object($r) )
		{
			self::error(_ERROR_SKINDEFDELETE . Entity::hsc($o->bname));
		}
		
		self::pagehead();
		self::$skin->parse('skindelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_skindeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skindeleteconfirm()
	{
		global $member, $CONF, $manager;
		
		$skinid = intRequestVar('skinid');
		
		$member->isAdmin() or self::disallow();
		
		// don't allow default skin to be deleted
		if ( $skinid == $CONF['BaseSkin'] )
		{
			self::error(_ERROR_DEFAULTSKIN);
		}
		
		// don't allow deletion of default skins for blogs
		$query = "SELECT bname FROM %s WHERE bdefskin=%d;";
		$query = sprintf($query, sql_table('blog'), (integer) $skinid);
		
		$r = sql_query($query);
		if ( $o = sql_fetch_object($r) )
		{
			self::error(_ERROR_SKINDEFDELETE .$o->bname);
		}
		
		$data = array('skinid' => $skinid);
		$manager->notify('PreDeleteSkin', $data);
		
		// 1. delete description
		$query = "DELETE FROM %s WHERE sdnumber=%d;";
		$query = sprintf($query, sql_table('skin_desc'), (integer) $skinid);
		sql_query($query);
		
		// 2. delete parts
		$query = "DELETE FROM %s WHERE sdesc=%d;";
		$query = sprintf($query, sql_table('skin'), (integer) $skinid);
		sql_query($query);
		
		$data = array('skinid' => $skinid);
		$manager->notify('PostDeleteSkin', $data);
		
		self::$action_skinoverview();
		return;
	}
	
	/**
	 * Admin::action_skinremovetype()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinremovetype()
	{
		global $member, $manager, $CONF;
		
		$member->isAdmin() or self::disallow();
		
		$skinid = intRequestVar('skinid');
		$skintype = requestVar('type');
		
		if ( !isValidShortName($skintype) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
		}
		
		// don't allow default skinparts to be deleted
		/* TODO: this array should be retrieved from Action class */
		if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
		}
		
		self::pagehead();
		self::$skin->parse('skinremovetype');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_skinremovetypeconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinremovetypeconfirm()
	{
		global $member, $CONF, $manager;
		
		$member->isAdmin() or self::disallow();
		
		$skinid = intRequestVar('skinid');
		$skintype = requestVar('type');
		
		if ( !isValidShortName($skintype) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
		}
		
		// don't allow default skinparts to be deleted
		/* TODO: this array should be retrieved from Action class */
		if ( in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup')) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
		}
		
		$data = array(
			'skinid'   => $skinid,
			'skintype' => $skintype
		);
		$manager->notify('PreDeleteSkinPart', $data);
		
		// delete part
		$query = "DELETE FROM %s WHERE sdesc=%d AND stype='%s';";
		$query = sprintf($query, sql_table('skin'), (integer) $skinid, (integer) $skintype);
		sql_query($query);
		
		$data = array(
			'skinid'   => $skinid,
			'skintype' => $skintype
		);
		$manager->notify('PostDeleteSkinPart', $data);
		
		self::$action_skinedit();
		return;
	}

	/**
	 * Admin::action_skinclone()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_skinclone()
	{
		global $member;
		
		$member->isAdmin() or self::disallow();
		
		$skinid = intRequestVar('skinid');
		
		// 1. read skin to clone
		$skin = new Skin($skinid);
		
		$name = "clone_{$skin->getName()}";
		
		// if a skin with that name already exists:
		if ( Skin::exists($name) )
		{
			$i = 1;
			while (Skin::exists($name . $i))
				$i++;
			$name .= $i;
		}
		
		// 2. create skin desc
		$newid = Skin::createNew(
			$name,
			$skin->getDescription(),
			$skin->getContentType(),
			$skin->getIncludeMode(),
			$skin->getIncludePrefix()
		);
		
		// 3. clone
		$query = "SELECT stype FROM %s WHERE sdesc=%d;";
		$query = sprintf($query, sql_table('skin'), (integer) $skinid);
		
		$res = sql_query($query);
		while ( $row = sql_fetch_assoc($res) )
		{
			self::$skinclonetype($skin, $newid, $row['stype']);
		}
		
		self::$action_skinoverview();
		return;
	}
	
	/**
	 * Admin::skinclonetype()
	 * 
	 * @param	String	$skin	Skin object
	 * @param	Integer	$newid	ID for this clone
	 * @param	String	$type	type of skin
	 * @return	Void
	 */
	static private function skinclonetype($skin, $newid, $type)
	{
		$newid = intval($newid);
		$content = $skin->getContent($type);
		
		if ( $content )
		{
			$query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')";
			$query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type);
			sql_query($query);
		}
		return;
	}
	
	/**
	 * Admin::action_adminskinoverview()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinoverview()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('adminskinoverview');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_adminskinnew()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinnew()
	{
		global $member;
		$member->isAdmin() or self::disallow();
		$name = trim(postVar('name'));
		$desc = trim(postVar('desc'));
		
		if ( !isValidSkinName($name) )
		{
			self::error(_ERROR_BADSKINNAME);
		}
		if ( Skin::exists($name) )
		{
			self::error(_ERROR_DUPSKINNAME);
		}
		/* TODO: $newId is not reused... */
		$newId = Skin::createNew($name, $desc);
		self::$action_adminskinoverview();
		return;
	}
	
	/**
	 * Admin::action_adminskinedit()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinedit()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		self::pagehead();
		self::$skin->parse('adminskinedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_adminskineditgeneral()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskineditgeneral()
	{
		global $member;
		
		$skinid = intRequestVar('skinid');
		
		$member->isAdmin() or self::disallow();
		
		$name		= postVar('name');
		$desc		= postVar('desc');
		$type		= postVar('type');
		$inc_mode	= postVar('inc_mode');
		$inc_prefix	= postVar('inc_prefix');
		
		$skin = new Skin($skinid, 'AdminActions', 'AdminSkin');
		
		// 1. Some checks
		if ( !isValidSkinName($name) )
		{
			self::error(_ERROR_BADSKINNAME);
		}
		if ( ($skin->getName() != $name) && Skin::exists($name) )
		{
			self::error(_ERROR_DUPSKINNAME);
		}
		if ( !$type )
		{
			$type = 'text/html';
		}
		if ( !$inc_mode )
		{
			$inc_mode = 'normal';
		}
		// 2. Update description
		$skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix);
		self::$action_adminskinedit();
		return;
	}
	
	/**
	 * Admin::action_adminskinedittype()
	 * 
	 * @param	string	$msg	message for pageheader
	 * @return	void
	 */
	static private function action_adminskinedittype($msg = '')
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		if ( $msg )
		{
			self::$headMess = $msg;
		}
		$type = requestVar('type');
		$type = trim($type);
		$type = strtolower($type);
		
		if ( !isValidShortName($type) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
		}
		
		self::pagehead();
		self::$skin->parse('adminskinedittype');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_adminskinupdate()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinupdate()
	{
		global $member;
		$skinid		= intRequestVar('skinid');
		$content	= trim(postVar('content'));
		$type		= postVar('type');
		
		$member->isAdmin() or self::disallow();
		
		$skin = new Skin($skinid, 'Admin', 'AdminSkin');
		$skin->update($type, $content);
		self::$action_adminskinedittype(_SKIN_UPDATED);
		return;
	}
	
	/**
	 * Admin::action_adminskindelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskindelete()
	{
		global $member, $manager, $CONF;
		$member->isAdmin() or self::disallow();
		
		/* TODO: needless variable $skinid... */
		$skinid = intRequestVar('skinid');
		self::pagehead();
		self::$skin->parse('adminskindelete');
		self::pagefoot();
		return;
	}

	/**
	 * Admin::action_adminskindeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskindeleteconfirm()
	{
		global $member, $CONF, $manager;
		$member->isAdmin() or self::disallow();
		$skinid = intRequestVar('skinid');
		// don't allow default skin to be deleted
		if ( $skinid == $CONF['DefaultAdminSkin'] )
		{
			self::error(_ERROR_DEFAULTSKIN);
		}
		
		// don't allow deletion of default skins for members
		$memberDefaults =  $member->getAdminSkin();
		foreach ( $memberDefaults as $memID => $adminskin )
		{
			if ( $skinid == $adminskin )
			{
				$mem = MEMBER::createFromID($memID);
				self::error(_ERROR_SKINDEFDELETE . $mem->displayname);
			}
		}
		
		$data = array('skinid' => (integer) $skinid);
		$manager->notify('PreDeleteAdminSkin', $data);
		
		// 1. delete description
		$query = "DELETE FROM %s WHERE tdnumber=%s;";
		$query = sprintf($query, sql_table('template_desc'), (integer) $templateid);
		sql_query($query);
		
		// 2. delete parts
		$query = "DELETE FROM %s WHERE tdesc=%d;";
		$query = sprintf($query, sql_table('template'), (integer) $templateid);
		
		sql_query($query);
		
		$data = array('skinid' => intval($skinid));
		$manager->notify('PostDeleteAdminSkin', $data);
		self::$action_adminskinoverview();
		return;
	}
	
	/**
	 * Admin::action_adminskinremovetype()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinremovetype()
	{
		global $member, $manager, $CONF;

		$member->isAdmin() or self::disallow();
		
		$skinid		= intRequestVar('skinid');
		$skintype	= requestVar('type');
		
		if ( !isValidShortName($skintype) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
		}
		
		self::pagehead();
		self::$skin->parse('adminskinremovetype');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_adminskinremovetypeconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinremovetypeconfirm()
	{
		global $member, $CONF, $manager;
		
		$member->isAdmin() or self::disallow();
		
		$skinid		= intRequestVar('skinid');
		$skintype	= requestVar('type');
		
		if ( !isValidShortName($skintype) )
		{
			self::error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
		}
		
		$data =array(
			'skinid'	=> $skinid,
			'skintype'	=> $skintype
		);
		$manager->notify('PreDeleteAdminSkinPart', $data);
		
		// delete part
		$query = 'DELETE FROM %s WHERE sdesc = %d AND stype ="%s"';
		$query = sprintf($query, sql_table('skin'), (integer) $skinid, $skintype);
		sql_query($query);
		
		$data = array(
			'skinid'	=> $skinid,
			'skintype'	=> $skintype
		);
		$manager->notify('PostDeleteAdminSkinPart', $data);
		
		self::$action_adminskinedit();
		return;
	}

	/**
	 * Admin::action_adminskinclone()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinclone()
	{
		global $member;
		
		$member->isAdmin() or self::disallow();
		
		$skinid = intRequestVar('skinid');
		
		// 1. read skin to clone
		$skin = new Skin($skinid, 'Admin', 'AdminSkin');
		$name = "clone_{$skin->getName()}";
		
		// if a skin with that name already exists:
		if ( Skin::exists($name) )
		{
			$i = 1;
			while ( Skin::exists($name . $i) )
			{
				$i++;
			}
			$name .= $i;
		}
		
		// 2. create skin desc
		$newid = Skin::createNew(
			$name,
			$skin->getDescription(),
			$skin->getContentType(),
			$skin->getIncludeMode(),
			$skin->getIncludePrefix()
		);
		
		$query = "SELECT stype %s FROM WHERE sdesc=%d;";
		$query = sprintf($query, sql_table('skin'), (integer) $skinid);
		
		$res = sql_query($query);
		while ( $row = sql_fetch_assoc($res) )
		{
			self::$skinclonetype($skin, $newid, $row['stype']);
		}
		self::$action_adminskinoverview();
		return;
	}
	
	/**
	 * Admin::adminskinclonetype()
	 * 
	 * @param	string	$skin	an instance of Skin class
	 * @param	integer	$newid	ID for new skin
	 * @param	string	$type	skin type
	 * @return	void
	 */
	static private function adminskinclonetype($skin, $newid, $type)
	{
		$content = $skin->getContent($type);
		
		if ( $content )
		{
			$content	= sql_real_escape_string($content);
			$type		= sql_real_escape_string($type);
			
			$query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')";
			$query = sprintf(sql_table('skin'), (integer) $newid, $content, $type);
			sql_query($query);
		}
		return;
	}
	
	/**
	 * Admin::action_adminskinieoverview()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinieoverview()
	{
		global $member, $DIR_LIBS, $manager;
		
		$member->isAdmin() or self::disallow();
		
		// load skinie class
		include_once($DIR_LIBS . 'skinie.php');
		
		self::pagehead();
		self::$skin->parse('adminskinieoverview');
		self::pagefoot();
		return;
	}

	/**
	 * Admin::action_adminskinieimport()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinieimport()
	{
		global $DIR_LIBS, $DIR_ADMINSKINS, $manager, $member;
		
		$member->isAdmin() or self::disallow();
		
		// load skinie class
		include_once($DIR_LIBS . 'skinie.php');
		
		$skinFileRaw	= postVar('skinfile');
		$mode			= postVar('mode');
		
		$importer = new SKINIMPORT();
		
		// get full filename
		if ( $mode == 'file' )
		{
			$skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
			
			// backwards compatibilty (in v2.0, exports were saved as skindata.xml)
			if ( !file_exists($skinFile) )
			{
				$skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
			}
		}
		else
		{
			$skinFile = $skinFileRaw;
		}
		
		// read only metadata
		$error = $importer->readFile($skinFile, 1);
		if ( $error )
		{
			self::error($error);
		}
		
		/* TODO: we should consider to use the other way instead of this */
		$_REQUEST['skininfo']	= $importer->getInfo();
		$_REQUEST['skinnames']	= $importer->getSkinNames();
		$_REQUEST['tpltnames']	= $importer->getTemplateNames();
		
		// clashes
		$skinNameClashes			= $importer->checkSkinNameClashes();
		$templateNameClashes		= $importer->checkTemplateNameClashes();
		$hasNameClashes				= (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
		/* TODO: we should consider to use the other way instead of this */
		$_REQUEST['skinclashes']	= $skinNameClashes;
		$_REQUEST['tpltclashes']	= $templateNameClashes;
		$_REQUEST['nameclashes']	= $hasNameClashes ? 1 : 0;
		
		self::pagehead();
		self::$skin->parse('adminskinieimport');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_adminskiniedoimport()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskiniedoimport()
	{
		global $DIR_LIBS, $DIR_ADMINSKINS, $member;
		
		$member->isAdmin() or self::disallow();
		
		// load skinie class
		include_once($DIR_LIBS . 'skinie.php');
		
		$skinFileRaw	= postVar('skinfile');
		$mode			= postVar('mode');
		$allowOverwrite	= intPostVar('overwrite');
		
		// get full filename
		if ( $mode == 'file' )
		{
			$skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
			// backwards compatibilty (in v2.0, exports were saved as skindata.xml)
			if ( !file_exists($skinFile) )
			{
				$skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skindata.xml';
			}
		}
		else
		{
			$skinFile = $skinFileRaw;
		}
		
		$importer = new SKINIMPORT();
		
		$error = $importer->readFile($skinFile);
		if ( $error )
		{
			self::error($error);
		}
		
		$error = $importer->writeToDatabase($allowOverwrite);
		if ( $error )
		{
			self::error($error);
		}
		
		/* TODO: we should consider to use the other way instead of this */
		$_REQUEST['skininfo']	= $importer->getInfo();
		$_REQUEST['skinnames']	= $importer->getSkinNames();
		$_REQUEST['tpltnames']	= $importer->getTemplateNames();
		
		self::pagehead();
		self::$skin->parse('adminskiniedoimport');
		self::pagefoot();
		return;
	}

	/**
	 * Admin::action_adminskinieexport()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_adminskinieexport()
	{
		global $member, $DIR_PLUGINS;
		
		$member->isAdmin() or self::disallow();
		
		// load skinie class
		$aSkins = requestIntArray('skin');
		if (!is_array($aSkins)) {
			$aSkins = array();
		}
		$skinList = array_keys($aSkins);
		
		$aTemplates = requestIntArray('template');
		if (!is_array($aTemplates))
		{
			$aTemplates = array();
		}
		$templateList = array_keys($aTemplates);
		
		$info = postVar('info');
		
		$exporter = new SkinEXPORT();
		foreach ( $skinList as $skinId )
		{
			$exporter->addSkin($skinId);
		}
		foreach ( $templateList as $templateId )
		{
			$exporter->addTemplate($templateId);
		}
		$exporter->setInfo($info);
		$exporter->export();
		return;
	}
	
	/**
	 * Admin::action_settingsedit()
	 * 
	 * @param	Void
	 * @return	Void
	 */
	static private function action_settingsedit()
	{
		global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
		
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('settingsedit');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_settingsupdate()
	 * Update $CONFIG and redirect
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_settingsupdate()
	{
		global $member, $CONF;
		
		$member->isAdmin() or self::disallow();
		
		// check if email address for admin is valid
		if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) )
		{
			self::error(_ERROR_BADMAILADDRESS);
		}
		
		// save settings
		self::updateConfig('DefaultBlog',		postVar('DefaultBlog'));
		self::updateConfig('BaseSkin',			postVar('BaseSkin'));
		self::updateConfig('IndexURL',			postVar('IndexURL'));
		self::updateConfig('AdminURL',			postVar('AdminURL'));
		self::updateConfig('PluginURL',			postVar('PluginURL'));
		self::updateConfig('SkinsURL',			postVar('SkinsURL'));
		self::updateConfig('ActionURL',			postVar('ActionURL'));
		self::updateConfig('Locale',			postVar('Locale'));
		self::updateConfig('AdminEmail',		postVar('AdminEmail'));
		self::updateConfig('SessionCookie',		postVar('SessionCookie'));
		self::updateConfig('AllowMemberCreate',	postVar('AllowMemberCreate'));
		self::updateConfig('AllowMemberMail',	postVar('AllowMemberMail'));
		self::updateConfig('NonmemberMail',		postVar('NonmemberMail'));
		self::updateConfig('ProtectMemNames',	postVar('ProtectMemNames'));
		self::updateConfig('SiteName',			postVar('SiteName'));
		self::updateConfig('NewMemberCanLogon',	postVar('NewMemberCanLogon'));
		self::updateConfig('DisableSite',		postVar('DisableSite'));
		self::updateConfig('DisableSiteURL',	postVar('DisableSiteURL'));
		self::updateConfig('LastVisit',			postVar('LastVisit'));
		self::updateConfig('MediaURL',			postVar('MediaURL'));
		self::updateConfig('AllowedTypes',		postVar('AllowedTypes'));
		self::updateConfig('AllowUpload',		postVar('AllowUpload'));
		self::updateConfig('MaxUploadSize',		postVar('MaxUploadSize'));
		self::updateConfig('MediaPrefix',		postVar('MediaPrefix'));
		self::updateConfig('AllowLoginEdit',	postVar('AllowLoginEdit'));
		self::updateConfig('DisableJsTools',	postVar('DisableJsTools'));
		self::updateConfig('CookieDomain',		postVar('CookieDomain'));
		self::updateConfig('CookiePath',		postVar('CookiePath'));
		self::updateConfig('CookieSecure',		postVar('CookieSecure'));
		self::updateConfig('URLMode',			postVar('URLMode'));
		self::updateConfig('CookiePrefix',		postVar('CookiePrefix'));
		self::updateConfig('DebugVars',			postVar('DebugVars'));
		self::updateConfig('DefaultListSize',	postVar('DefaultListSize'));
		self::updateConfig('AdminCSS',			postVar('AdminCSS'));
		
		// load new config and redirect (this way, the new locale will be used is necessary)
		// note that when changing cookie settings, this redirect might cause the user
		// to have to log in again.
		getConfig();
		redirect($CONF['AdminURL'] . '?action=manage');
		return;
	}
	
	/**
	 * Admin::action_systemoverview()
	 * Output system overview
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_systemoverview()
	{
		self::pagehead();
		self::$skin->parse('systemoverview');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::updateConfig()
	 * 
	 * @param	string	$name	
	 * @param	string	$val	
	 * @return	integer	return the ID in which the latest query posted
	 */
	static private function updateConfig($name, $val)
	{
		$name = sql_real_escape_string($name);
		$val = trim(sql_real_escape_string($val));
		
		$query = "UPDATE %s SET value='%s' WHERE name='%s'";
		$query = sprintf($query, sql_table('config'), $val, $name);
		sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());
		return sql_insert_id();
	}
	
	/**
	 * Admin::error()
	 * Error message
	 * 
	 * @param	string	$msg	message that will be shown
	 * @return	void
	 */
	static private function error($msg)
	{
		self::pagehead();
		self::$skin->parse('adminerrorpage');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::disallow()
	 * add error log and show error page 
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function disallow()
	{
		ActionLog::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
		self::error(_ERROR_DISALLOWED);
		return;
	}
	
	/**
	 * Admin::pagehead()
	 * Output admin page head
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function pagehead($extrahead = '')
	{
		global $member, $nucleus, $CONF, $manager;

		if ( self::existsSkinContents('pagehead') )
		{
			if ( isset($extrahead) && !empty($extrahead) )
			{
			self::$extrahead = $extrahead;
			}
			self::$skin->parse('pagehead');
		}
		else
		{
			$data = array(
				'extrahead'	=> &$extrahead,
				'action'	=> self::$action
			);
			
			$manager->notify('AdminPrePageHead', $data);
			
			$baseUrl = Entity::hsc($CONF['SkinsURL']);
			
			/*
			 * TODO: obsoleted
			if ( !array_key_exists('AdminCSS', $CONF) )
			{
				sql_query("INSERT INTO " . sql_table('config') . " VALUES ('AdminCSS', 'original')");
				$CONF['AdminCSS'] = 'original';
			}
			*/
			
			/* HTTP 1.1 application for no caching */
			header("Cache-Control: no-cache, must-revalidate");
			header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
			
			$root_element = 'html';
			$charset = i18n::get_current_charset();
			$locale = preg_replace('#_#', '-', i18n::get_current_locale());
			$xml_version_info = self::$xml_version_info;
			$formal_public_identifier = self::$formal_public_identifier;
			$system_identifier = self::$system_identifier;
			$xhtml_namespace = self::$xhtml_namespace;
			
			echo "<?xml version=\"{$xml_version_info}\" encoding=\"{$charset}\" ?>\n";
			echo "<!DOCTYPE {$root_element} PUBLIC \"{$formal_public_identifier}\" \"{$system_identifier}\">\n";
			echo "<{$root_element} xmlns=\"{$xhtml_namespace}\" xml:lang=\"{$locale}\" lang=\"{$locale}\">\n";
			echo "<head>\n";
			echo '<title>' . Entity::hsc($CONF['SiteName']) . " - Admin</title>\n";
			/*
			 * TODO: obsoleted
			echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}admin/defaultadmin/styles/admin_{$CONF["AdminCSS"]}.css\" />\n";
			*/
			echo "<link rel=\"stylesheet\" title=\"Nucleus Admin Default\" type=\"text/css\" href=\"{$baseUrl}admin/defaultadmin/styles/addedit.css\" />\n";
			echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/edit.js\"></script>\n";
			echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/admin.js\"></script>\n";
			echo "<script type=\"text/javascript\" src=\"{$baseUrl}javascript/compatibility.js\"></script>\n";
			echo "{$extrahead}\n";
			echo "</head>\n\n";
			echo "<body>\n";
			echo "<div id=\"adminwrapper\">\n";
			echo "<div class=\"header\">\n";
			echo '<h1>' . Entity::hsc($CONF['SiteName']) . "</h1>\n";
			echo "</div>\n";
			echo "<div id=\"container\">\n";
			echo "<div id=\"content\">\n";
			echo "<div class=\"loginname\">\n";
			if ( $member->isLoggedIn() )
			{
				echo _LOGGEDINAS . ' ' . $member->getDisplayName() ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a><br />\n";
				echo "<a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";
			}
			else
			{
				echo '<a href="index.php?action=showlogin" title="Log in">' . _NOTLOGGEDIN . "</a><br />\n";
			}
			echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a><br />\n";
			echo '(';
			
			if (array_key_exists('codename', $nucleus) && $nucleus['codename'] != '' )
			{
				$codenamestring = ' &quot;' . $nucleus['codename'].'&quot;';
			}
			else
			{
				$codenamestring = '';
			}
			
			if ( $member->isLoggedIn() && $member->isAdmin() )
			{
				$checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());
				echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';
				
				$newestVersion = getLatestVersion();
				$newestCompare = str_replace('/', '.', $newestVersion);
				$currentVersion = str_replace(array('/','v'), array('.',''), $nucleus['version']);
				
				if ( $newestVersion && version_compare($newestCompare, $currentVersion) > 0 )
				{
					echo "<br />\n";
					echo '<a style="color:red" href="http://nucleuscms.org/upgrade.php" title="' . _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE . '">';
					echo _ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT . $newestVersion;
					echo "</a>";
				}
			}
			else
			{
				echo "Nucleus CMS {$nucleus['version']}{$codenamestring}";
			}
			echo ')';
			echo '</div>';
		}
		return;
	}
	
	/**
	 * Admin::pagefoot()
	 * Output admin page foot include quickmenu
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function pagefoot()
	{
		global $action, $member, $manager;
		
		if ( self::existsSkinContents('pagefoot') )
		{
			self::$skin->parse('pagefoot');
			exit;
		}
		else
		{
			$data = array(
				'action' => self::$action
			);
			
			$manager->notify('AdminPrePageFoot', $data);
			
			if ( $member->isLoggedIn() && ($action != 'showlogin') )
			{
				echo '<h2>' . _LOGOUT . "</h2>\n";
				echo "<ul>\n";
				echo '<li><a href="index.php?action=overview">' . _BACKHOME . "</a></li>\n";
				echo '<li><a href="index.php?action=logout">' .  _LOGOUT . "</a></li>\n";
				echo "</ul>\n";
			}
			
			echo "<div class=\"foot\">\n";
			echo '<a href="' . _ADMINPAGEFOOT_OFFICIALURL . '">Nucleus CMS</a> &copy; 2002-' . date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT;
			echo '-';
			echo '<a href="' . _ADMINPAGEFOOT_DONATEURL . '">' . _ADMINPAGEFOOT_DONATE . "</a>\n";
			echo "</div>\n";
			
			echo "<div id=\"quickmenu\">\n";
			
			if ( ($action != 'showlogin') && ($member->isLoggedIn()) )
			{
				echo "<ul>\n";
				echo '<li><a href="index.php?action=overview">' . _QMENU_HOME . "</a></li>\n";
				echo "</ul>\n";
				
				echo '<h2>' . _QMENU_ADD . "</h2>\n";
				echo "<form method=\"get\" action=\"index.php\">\n";
				echo "<p>\n";
				echo "<input type=\"hidden\" name=\"action\" value=\"createitem\" />\n";
				
				$showAll = requestVar('showall');
				
				if ( ($member->isAdmin()) && ($showAll == 'yes') )
				{
					// Super-Admins have access to all blogs! (no add item support though)
					$query = "SELECT bnumber as value, bname as text FROM %s ORDER BY bname;";
					$query = sprintf($query, sql_table('blog'));
				}
				else
				{
					$query = "SELECT bnumber as value, bname as text FROM %s, %s WHERE tblog=bnumber and tmember=%d ORDER BY bname;";
					$query = sprintf($query, sql_table('blog'), sql_table('team'), (integer) $member->getID());
				}
				$template['name']		= 'blogid';
				$template['tabindex']	= 15000;
				$template['extra']		= _QMENU_ADD_SELECT;
				$template['selected']	= -1;
				$template['shorten']	= 10;
				$template['shortenel']	= '';
				$template['javascript']	= 'onchange="return form.submit()"';
				showlist($query, 'select', $template);
				
				echo "</p>\n";
				echo "</form>\n";
				
				echo "<h2>{$member->getDisplayName()}</h2>\n";
				echo "<ul>\n";
				echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . "</a></li>\n";
				echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . "</a></li>\n";
				echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . "</a></li>\n";
				echo "</ul>\n";
				
				if ( $member->isAdmin() )
				{
					echo '<h2>' . _QMENU_MANAGE . "</h2>\n";
					echo "<ul>\n";
					echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . "</a></li>\n";
					echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . "</a></li>\n";
					echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . "</a></li>\n";
					echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . "</a></li>\n";
					echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . "</a></li>\n";
					echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . "</a></li>\n";
					echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . "</a></li>\n";
					echo "</ul>\n";
					
					echo "<h2>" . _QMENU_LAYOUT . "</h2>\n";
					echo "<ul>\n";
					echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . "</a></li>\n";
					echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . "</a></li>\n";
					echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . "</a></li>\n";
					echo "</ul>\n";
				}
				
				$data = array('options' => array());
				
				$manager->notify('QuickMenu', $data);
				
				if ( count($data['options']) > 0 )
				{
					echo "<h2>" . _QMENU_PLUGINS . "</h2>\n";
					echo "<ul>\n";
					foreach ( $data['options'] as $option )
					{
						echo '<li><a href="' . Entity::hsc($option['url']) . '" title="' . Entity::hsc($option['tooltip']) . '">' . Entity::hsc($option['title']) . "</a></li>\n";
					}
					echo "</ul>\n";
				}
			}
			else if ( ($action == 'activate') || ($action == 'activatesetpwd') )
			{
			
				echo '<h2>' . _QMENU_ACTIVATE . '</h2>' . _QMENU_ACTIVATE_TEXT;
			}
			else
			{
				echo '<h2>' . _QMENU_INTRO . '</h2>' . _QMENU_INTRO_TEXT;
			}
			
			echo "<!-- quickmenu -->\n";
			echo "</div>\n";
			
			echo "<!-- content -->\n";
			echo "</div>\n";
			
			echo "<!-- container -->\n";
			echo "</div>\n";
			
			echo "<!-- adminwrapper -->\n";
			echo "</div>\n";
			
			echo "</body>\n";
			echo "</html>\n";
		}
		return;
	}
	
	/**
	 * Admin::action_bookmarklet()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_bookmarklet()
	{
		global $member, $manager;
		
		$member->teamRights($blogid) or self::disallow();
		
		$blogid = intRequestVar('blogid');
		
		self::pagehead();
		self::$skin->parse('bookmarklet');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_actionlog()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_actionlog()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('actionlog');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_banlist()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_banlist()
	{
		global $member, $manager;
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		$blogid = intRequestVar('blogid');
		
		self::pagehead();
		self::$skin->parse('banlist');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_banlistdelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_banlistdelete()
	{
		global $member, $manager;
		
		$blogid = intRequestVar('blogid');
		$member->blogAdminRights($blogid) or self::disallow();
		
		self::pagehead();
		self::$skin->parse('banlistdelete');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_banlistdeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_banlistdeleteconfirm()
	{
		global $member, $manager;
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		$blogid		= intPostVar('blogid');
		$allblogs	= postVar('allblogs');
		$iprange	= postVar('iprange');
		
		$deleted = array();
		
		if ( !$allblogs )
		{
			if ( Ban::removeBan($blogid, $iprange) )
			{
				array_push($deleted, $blogid);
			}
		}
		else
		{
			// get blogs fot which member has admin rights
			$adminblogs = $member->getAdminBlogs();
			foreach ($adminblogs as $blogje)
			{
				if ( Ban::removeBan($blogje, $iprange) )
				{
					array_push($deleted, $blogje);
				}
			}
		}
		
		if ( sizeof($deleted) == 0 )
		{
			self::error(_ERROR_DELETEBAN);
		}
		
		self::pagehead();
		self::$skin->parse('banlistdeleteconfirm');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_banlistnewfromitem()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_banlistnewfromitem()
	{
		self::$action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));
		return;
	}
	
	/**
	 * Admin::action_banlistnew()
	 * 
	 * @param	integer	$blogid	ID for weblog
	 * @return	void
	 */
	static private function action_banlistnew($blogid = '')
	{
		global $member, $manager;
		
		if ( $blogid == '' )
		{
			$blogid = intRequestVar('blogid');
		}
		
		$ip = requestVar('ip');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		/* TODO: we should consider to use the other way instead of this */
		$_REQUEST['blogid'] = $blogid;		
		
		self::pagehead();
		self::$skin->parse('banlistnew');
		self::pagefoot();
		
		return;
	}

	/**
	 * Admin::action_banlistadd()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_banlistadd()
	{
		global $member;
		
		$blogid		= intPostVar('blogid');
		$allblogs	= postVar('allblogs');
		$iprange	= postVar('iprange');
		
		if ( $iprange == "custom" )
		{
			$iprange = postVar('customiprange');
		}
		$reason   = postVar('reason');
		
		$member->blogAdminRights($blogid) or self::disallow();
		
		// TODO: check IP range validity
		
		if ( !$allblogs )
		{
			if ( !Ban::addBan($blogid, $iprange, $reason) )
			{
				self::error(_ERROR_ADDBAN);
			}
		}
		else
		{
			// get blogs fot which member has admin rights
			$adminblogs = $member->getAdminBlogs();
			$failed = 0;
			foreach ($adminblogs as $blogje)
			{
				if ( !Ban::addBan($blogje, $iprange, $reason) )
				{
					$failed = 1;
				}
			}
			if ( $failed )
			{
				self::error(_ERROR_ADDBAN);
			}
		}
		self::$action_banlist();
		return;
	}
	
	/**
	 * Admin::action_clearactionlog()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_clearactionlog()
	{
		global $member;
		
		$member->isAdmin() or self::disallow();
		
		ActionLog::clear();
		
		self::$action_manage(_MSG_ACTIONLOGCLEARED);
		return;
	}
	
	/**
	 * Admin::action_backupoverview()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_backupoverview()
	{
		global $member, $manager;
		
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('backupoverview');
		self::pagefoot();
		return;
	}

	/**
	 * Admin::action_backupcreate()
	 * create file for backup
	 * 
	 * @param		void
	 * @return	void
	 * 
	 */
	static private function action_backupcreate()
	{
		global $member, $DIR_LIBS;
		
		$member->isAdmin() or self::disallow();
		
		// use compression ?
		$useGzip = (integer) postVar('gzip');
		
		include($DIR_LIBS . 'backup.php');
		
		// try to extend time limit
		// (creating/restoring dumps might take a while)
		@set_time_limit(1200);
		
		Backup::do_backup($useGzip);
		exit;
	}
	
	/**
	 * Admin::action_backuprestore()
	 * restoring from uploaded file
	 * 
	 * @param		void
	 * @return	void
	 */
	static private function action_backuprestore()
	{
		global $member, $DIR_LIBS;
		
		$member->isAdmin() or self::disallow();
		
		if ( intPostVar('letsgo') != 1 )
		{
			self::error(_ERROR_BACKUP_NOTSURE);
		}
		
		include($DIR_LIBS . 'backup.php');
		
		// try to extend time limit
		// (creating/restoring dumps might take a while)
		@set_time_limit(1200);
		
		$message = Backup::do_restore();
		if ( $message != '' )
		{
			self::error($message);
		}
		self::pagehead();
		self::$skin->parse('backuprestore');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_pluginlist()
	 * output the list of installed plugins
	 * 
	 * @param	void
	 * @return	void
	 * 
	 */
	static private function action_pluginlist()
	{
		global $DIR_PLUGINS, $member, $manager;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		self::pagehead();
		self::$skin->parse('pluginlist');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_pluginhelp()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_pluginhelp()
	{
		global $member, $manager, $DIR_PLUGINS, $CONF;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$plugid = intGetVar('plugid');
		
		if ( !$manager->pidInstalled($plugid) )
		{
			self::error(_ERROR_NOSUCHPLUGIN);
		}
		
		self::pagehead();
		self::$skin->parse('pluginhelp');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_pluginadd()
	 * 
	 * @param	Void
	 * @return	Void
	 * 
	 */
	static private function action_pluginadd()
	{
		global $member, $manager, $DIR_PLUGINS;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$name = postVar('filename');
		
		if ( $manager->pluginInstalled($name) )
		{
			self::error(_ERROR_DUPPLUGIN);
		}
		
		if ( !checkPlugin($name) )
		{
			self::error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')');
		}
		
		// get number of currently installed plugins
		$res = sql_query('SELECT * FROM ' . sql_table('plugin'));
		$numCurrent = sql_num_rows($res);
		
		// plugin will be added as last one in the list
		$newOrder = $numCurrent + 1;
		
		$data = array('file' => &$name);
		$manager->notify('PreAddPlugin', $data);
		
		// do this before calling getPlugin (in case the plugin id is used there)
		$query = "INSERT INTO %s (porder, pfile) VALUES (%d, '%s');";
		$query = sprintf(sql_table('plugin'), (integer) $newOrder, sql_real_escape_string($name));
		sql_query($query);
		$iPid = sql_insert_id();
		
		$manager->clearCachedInfo('installedPlugins');
		
		// Load the plugin for condition checking and instalation
		$plugin =& $manager->getPlugin($name);
		
		// check if it got loaded (could have failed)
		if ( !$plugin )
		{
			$query = "DELETE FROM %s WHERE pid=%d;";
			$query = sprintf($query, sql_table('plugin'), (integer) $iPid);
			
			sql_query($query);
			
			$manager->clearCachedInfo('installedPlugins');
			self::error(_ERROR_PLUGIN_LOAD);
		}
		
		// check if plugin needs a newer Nucleus version
		if ( getNucleusVersion() < $plugin->getMinNucleusVersion() )
		{
			// uninstall plugin again...
			self::deleteOnePlugin($plugin->getID());
			
			// ...and show error
			self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion()));
		}
		
		// check if plugin needs a newer Nucleus version
		if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) )
		{
			// uninstall plugin again...
			self::deleteOnePlugin($plugin->getID());
			
			// ...and show error
			self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
		}
		
		$pluginList = $plugin->getPluginDep();
		foreach ( $pluginList as $pluginName )
		{
			$res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
			if (sql_num_rows($res) == 0)
			{
				// uninstall plugin again...
				self::deleteOnePlugin($plugin->getID());
				self::error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName)));
			}
		}
		
		// call the install method of the plugin
		$plugin->install();
		
		$data = array('plugin' => &$plugin);
		$manager->notify('PostAddPlugin', $data);
		
		// update all events
		self::$action_pluginupdate();
		return;
	}
	
	/**
	 * ADMIN:action_pluginupdate():
	 * 
	 * @param	Void
	 * @return	Void
	 * 
	 */
	static private function action_pluginupdate()
	{
		global $member, $manager, $CONF;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		// delete everything from plugin_events
		sql_query('DELETE FROM '.sql_table('plugin_event'));
		
		// loop over all installed plugins
		$res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
		while ( $o = sql_fetch_object($res) )
		{
			$pid  =  $o->pid;
			$plug =& $manager->getPlugin($o->pfile);
			if ( $plug )
			{
				$eventList = $plug->getEventList();
				foreach ( $eventList as $eventName )
				{
					$query = "INSERT INTO %s (pid, event) VALUES (%d, '%s')";
					$query = sprintf($query, sql_table('plugin_event'), (integer) $pid, sql_real_escape_string($eventName));
					sql_query($query);
				}
			}
		}
		redirect($CONF['AdminURL'] . '?action=pluginlist');
		return;
	}
	
	/**
	 * Admin::action_plugindelete()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_plugindelete()
	{
		global $member, $manager;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$pid = intGetVar('plugid');
		
		if ( !$manager->pidInstalled($pid) )
		{
			self::error(_ERROR_NOSUCHPLUGIN);
		}
		
		self::pagehead();
		self::$skin->parse('plugindelete');
		self::pagefoot();
		return;
	}

	/**
	 * Admin::action_plugindeleteconfirm()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_plugindeleteconfirm()
	{
		global $member, $manager, $CONF;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$pid = intPostVar('plugid');
		
		$error = self::deleteOnePlugin($pid, 1);
		if ( $error )
		{
			self::error($error);
		}
		
		redirect($CONF['AdminURL'] . '?action=pluginlist');
		return;
	}
	
	/**
	 * Admin::
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function deleteOnePlugin($pid, $callUninstall = 0)
	{
		global $manager;
		
		$pid = intval($pid);
		
		if ( !$manager->pidInstalled($pid) )
		{
			return _ERROR_NOSUCHPLUGIN;
		}
		
		$query = "SELECT pfile as result FROM %s WHERE pid=%d;";
		$query = sprintf($query, sql_table('plugin'), (integer) $pid);
		$name = quickQuery($query);
		
		// check dependency before delete
		$res = sql_query('SELECT pfile FROM ' . sql_table('plugin'));
		while ($o = sql_fetch_object($res))
		{
			$plug =& $manager->getPlugin($o->pfile);
			if ( $plug )
			{
				$depList = $plug->getPluginDep();
				foreach ( $depList as $depName )
				{
					if ( $name == $depName )
					{
						return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);
					}
				}
			}
		}
		
		$data = array('plugid' => $pid);
		$manager->notify('PreDeletePlugin', $data);
		
		// call the unInstall method of the plugin
		if ( $callUninstall )
		{
			$plugin =& $manager->getPlugin($name);
			if ( $plugin )
			{
				$plugin->unInstall();
			}
		}
		
		// delete all subscriptions
		sql_query('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid);
		
		// delete all options
		// get OIDs from plugin_option_desc
		$res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
		$aOIDs = array();
		while ($o = sql_fetch_object($res))
		{
			array_push($aOIDs, $o->oid);
		}
		
		// delete from plugin_option and plugin_option_desc
		sql_query('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
		if (count($aOIDs) > 0)
		{
			sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')');
		}
		
		// update order numbers
		$res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
		$o = sql_fetch_object($res);
		sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $o->porder);
		
		// delete row
		sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid);
		
		$manager->clearCachedInfo('installedPlugins');
		$data = array('plugid' => $pid);
		$manager->notify('PostDeletePlugin', $data);
		
		return '';
	}
	
	/**
	 * Admin::action_pluginup()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_pluginup()
	{
		global $member, $manager, $CONF;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$plugid = intGetVar('plugid');
		
		if ( !$manager->pidInstalled($plugid) )
		{
			self::error(_ERROR_NOSUCHPLUGIN);
		}
		
		// 1. get old order number
		$res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
		$o = sql_fetch_object($res);
		$oldOrder = $o->porder;
		
		// 2. calculate new order number
		$newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1;
		
		// 3. update plug numbers
		sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
		sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
		
		//self::$action_pluginlist();
		// To avoid showing ticket in the URL, redirect to pluginlist, instead.
		redirect($CONF['AdminURL'] . '?action=pluginlist');
		return;
	}
	
	/**
	 * Admin::action_plugindown()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_plugindown()
	{
		global $member, $manager, $CONF;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$plugid = intGetVar('plugid');
		if ( !$manager->pidInstalled($plugid) )
		{
			self::error(_ERROR_NOSUCHPLUGIN);
		}
		
		// 1. get old order number
		$res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid);
		$o = sql_fetch_object($res);
		$oldOrder = $o->porder;
		
		$res = sql_query('SELECT * FROM ' . sql_table('plugin'));
		$maxOrder = sql_num_rows($res);
		
		// 2. calculate new order number
		$newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
		
		// 3. update plug numbers
		sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder);
		sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid);
		
		//self::$action_pluginlist();
		// To avoid showing ticket in the URL, redirect to pluginlist, instead.
		redirect($CONF['AdminURL'] . '?action=pluginlist');
		return;
	}
	
	/**
	 * Admin::action_pluginoptions()
	 * 
	 * Output Plugin option page
	 * 
	 * @access	public
	 * @param	string $message	message when fallbacked
	 * @return	void
	 * 
	 */
	static private function action_pluginoptions($message = '')
	{
		global $member, $manager;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$pid = intRequestVar('plugid');
		if ( !$manager->pidInstalled($pid) )
		{
			self::error(_ERROR_NOSUCHPLUGIN);
		}
		
		if ( isset($message) )
		{
			self::$headMess = $message;
		}
		$extrahead = "<script type=\"text/javascript\" src=\"javascript/numbercheck.js\"></script>\n";
		self::pagehead($extrahead);
		self::$skin->parse('pluginoptions');
		self::pagefoot();
		return;
	}
	
	/**
	 * Admin::action_pluginoptionsupdate()
	 * 
	 * Update plugin options and fallback to plugin option page
	 * 
	 * @access	public
	 * @param	void
	 * @return	void
	 */
	static private function action_pluginoptionsupdate()
	{
		global $member, $manager;
		
		// check if allowed
		$member->isAdmin() or self::disallow();
		
		$pid = intRequestVar('plugid');
		
		if ( !$manager->pidInstalled($pid) )
		{
			self::error(_ERROR_NOSUCHPLUGIN);
		}
		
		$aOptions = requestArray('plugoption');
		NucleusPlugin::apply_plugin_options($aOptions);
		
		$data = array(
			'context'	=> 'global',
			'plugid'	=> $pid
		);
		$manager->notify('PostPluginOptionsUpdate', $data);
		
		self::$action_pluginoptions(_PLUGS_OPTIONS_UPDATED);
		return;
	}
	
	/**
	 * Admin::insertPluginOptions()
	 * 
	 * Output plugin option field
	 * 
	 * @access	public
	 * @param string	$context	plugin option context
	 * @param integer	$contextid	plugin option context id
	 * @return	void
	 */
	static public function insertPluginOptions($context, $contextid = 0)
	{
		global $manager;
		
		// get all current values for this contextid
		// (note: this might contain doubles for overlapping contextids)
		$aIdToValue = array();
		
		$query = "SELECT oid, ovalue FROM %s WHERE ocontextid=%d;";
		$query = sprintf($query, sql_table('plugin_option'), (integer) $contextid);
		
		$res = sql_query($query);
		while ( $object = sql_fetch_object($res) )
		{
			$aIdToValue[$object->oid] = $object->ovalue;
		}
		
		// get list of oids per pid
		$query	= "SELECT * FROM %s, %s WHERE opid=pid and ocontext= '%s' ORDER BY porder, oid ASC;";
		$query	= sprintf($query, sql_table('plugin_option_desc'), sql_table('plugin'), sql_real_escape_string($context));
		$res	= sql_query($query);
		
		$aOptions = array();
		while ( $object = sql_fetch_object($res) )
		{
			if ( !in_array($object->oid, array_keys($aIdToValue)) )
			{
				$value = $object->odef;
			}
			else
			{
				$value = $aIdToValue[$object->oid];
			}
			
			array_push(
				$aOptions,
				array(
					'pid'			=> $object->pid,
					'pfile'			=> $object->pfile,
					'oid'			=> $object->oid,
					'value'			=> $value,
					'name'			=> $object->oname,
					'description'	=> $object->odesc,
					'type'			=> $object->otype,
					'typeinfo'		=> $object->oextra,
					'contextid'		=> $contextid,
					'extra'			=> ''
				)
			);
		}
		
		$data = array(
			'context'	=>  $context,
			'contextid'	=>  $contextid,
			'options'	=>& $aOptions
		);
		$manager->notify('PrePluginOptionsEdit', $data);
		
		self::$aOptions = $aOptions;
		self::$skin->parse('insertpluginoptions');
		return;
	}
	
	/**
	 * Admin::action_parseSpecialskin()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_parseSpecialskin()
	{
		self::pagehead();
		self::$skin->parse(self::$action);
		self::pagefoot();
		return;
	}
	
	/*
	 * TODO: use Skin class instead of this
	static private function parse($type)
	{
		global $manager, $CONF;
		
		if ( $type == 'pagehead' )
		{
			$data = array(
				'skin' => &self::$skin,
				'type' => $type
			);
			
			$manager->notify('InitAdminSkinParse', $data);
			sendContentType(self::$skin->getContentType(), 'skin', i18n::get_current_charset());
		}
		
		$contents = self::$skin->getContent($type);
		
		if ( !$contents )
		{
			echo _ERROR_SKIN;
			return;
		}
		
		$actions = self::$skin->getAllowedActionsForType($type);
		
		if ( $type == 'pagehead' )
		{
			$data = array(
				'skin'		=> &self::$skin,
				'type'		=> $type,
				'contents'	=> &$contents
			);
			
			$manager->notify('PreAdminSkinParse', $data);
		}
		
		PARSER::setProperty('IncludeMode', self::$skin->getIncludeMode());
		PARSER::setProperty('IncludePrefix', self::$skin->getIncludePrefix());
		
		if ( $type == 'createitem' || $type == 'itemedit' )
		{
			// TODO: where is this class???
			$handler = new Factory(intRequestVar('blogid'), $type, self::$skin, $this);
			$actions = array_merge($actions, $handler->actions);
		}
		else
		{
			// TODO: why???
			$actions = array_merge($actions, self::$skin->getAllowedActionsForType($type));
		}
		
		$parser = new Parser($actions, $handler);
		$handler->setParser($parser);
		$handler->setSkin(self::$skin);
		$parser->parse($contents);
		
		if ( $type == 'pagefoot' )
		{
			$data = array(
				'skin'	=> &self::$skin,
				'type'	=> $type,
			);
			
			$manager->notify('PostAdminSkinParse', $data);
		}
		return;
	}
	*/
	
	/**
	 * Admin::getAdminskinIDFromName()
	 * 
	 * @param	string	$skinname	name of skin
	 * @return	integer	ID for skin
	 */
	static private function getAdminskinIDFromName($skinname)
	{
		$query		= "SELECT 'sdnumber' as result FROM %s WHERE sdname = '%s';";
		$query		= sprintf($query, sql_table('skin_desc'), mysql_real_escape_string($skinname));
		$admnSknID	= quickQuery($query);
		return (integer) $adminSkinID;
	}
	
	/**
	 * Admin::getAdminskinNameFromID()
	 * 
	 * @param	integer	$skinid	ID for skin
	 * @return	integer	ID for skin
	 */
	static private function getAdminskinNameFromID($skinid)
	{
		$query		= "SELECT sdname as result FROM %s WHERE sdnumber = '%d';";
		$query		= sprintf($query, sql_table('skin_desc'), (integer) $skinid);
		$admnSknID	= quickQuery($query);
		return (integer) $adminSkinID;
	}
	
	/**
	 * Admin::getAdminextrahead()
	 */
	static function getAdminextrahead()
	{
		return self::$extrahead;
	}
	
	/**
	 * Admin::getAdminAction()
	 */
	static function getAdminAction()
	{
		return self::$action;
	}
	
	/**
	 * Admin::getAdminaOption()
	 */
	static function getAdminaOption()
	{
		return self::$aOptions;
	}
	
	/**
	 * Admin::action_importAdmin()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function action_importAdmin()
	{
		global $DIR_ADMINSKINS, $action;
		if ( $action == 'adminskinieimport' )
		{
			self::doAdminskinimport();
		}
		$skn = array();
		if ( $action == 'showlogin' )
		{
			$skinName = 'showlogin';
			$actnName = 'showlogin';
		}
		else
		{
			$skinName = 'defaultimporter';
			$actnName = 'importAdmin';
		}
		
		/* TODO: why??? */
		$contents				= file_get_contents($DIR_ADMINSKINS . $skinName . '.skn');
		$skn['id']				= 0;
		$skn['description']		= $skinName;
		$skn['contentType']		= 'importAdmin';
		$skn['includeMode']		= 'normal';
		$skn['includePrefix']	= '';
		$skn['name']			= 'defaultinporter';
		
		self::$skin				= (object) $skn;
		$handler = new AdminActions($actnName, self::$skin, $this);
		$actions = Skin::getAllowedActionsForType($actnName);
		
		$parser = new PARSER($actions, $handler);
		$handler->setParser($parser);
		$handler->setSkin(self::$skin);
		$parser->parse($contents);
		return;
	}
	
	/**
	 * Admin::doAdminskinimport()
	 * 
	 * @param	void
	 * @return	void
	 */
	static private function doAdminskinimport()
	{
		global $DIR_LIBS, $DIR_ADMINSKINS, $CONF, $member;
		
		$member->isAdmin() or self::disallow();
		
		include_once($DIR_LIBS . 'Skinie.php');
		$skinFileRaw	= postVar('skinfile');
		$mode			= postVar('mode');
		$allowOverwrite	= intPostVar('overwrite');
		
		if ( $mode == 'file' )
		{
			$skinFile = $DIR_ADMINSKINS . $skinFileRaw . '/skinbackup.xml';
		}
		else
		{
			$skinFile = $skinFileRaw;
		}
		
		$importer	= new SKINIMPORT();
		$error		= $importer->readFile($skinFile);
		if ( $error )
		{
			self::error($error);
		}
		$error = $importer->writeToDatabase($allowOverwrite);
		if ( $error )
		{
			self::error($error);
		}
		
		$_REQUEST['skininfo']	= $importer->getInfo();
		$_REQUEST['skinnames']	= $importer->getSkinNames();
		$_REQUEST['tpltnames']	= $importer->getTemplateNames();
		
		header('Location: ' . $CONF['AdminURL']);
		exit;
	}
}