action_xxxx method) */ var $action; /** * Class constructor */ function ADMIN() { } /** * Executes an action * * @param string $action action to be performed */ function action($action) { global $CONF, $manager; // list of action aliases $alias = array( 'login' => 'overview', '' => 'overview' ); if (isset($alias[$action])) $action = $alias[$action]; $methodName = 'action_' . $action; $this->action = strtolower($action); // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action // is an action that requires user interaction before something is actually done) // all safe actions are in this array: $aActionsNotToCheck = array( 'showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate', 'systemoverview' ); /* // the rest of the actions needs to be checked $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd'); */ if (!in_array($this->action, $aActionsNotToCheck)) { if (!$manager->checkTicket()) $this->error(_ERROR_BADTICKET); } if (method_exists($this, $methodName)) call_user_func(array(&$this, $methodName)); else $this->error(_BADACTION . Entity::hsc(" ($action)")); } /** * @todo document this */ function action_showlogin() { global $error; $this->action_login($error); } /** * @todo document this */ function action_login($msg = '', $passvars = 1) { global $member; // skip to overview when allowed if ($member->isLoggedIn() && $member->canLogin()) { $this->action_overview(); exit; } $this->pagehead(); echo '
' , _MESSAGE , ': ', $msg , '
'; echo '',_BATCH_EXECUTING,' ',Entity::hsc($action),'
'; echo '',_BATCH_EXECUTING,' ',Entity::hsc($action),'
'; echo '',_BATCH_EXECUTING,' ',Entity::hsc($action),'
'; echo '',_BATCH_EXECUTING,' ',Entity::hsc($action),'
'; echo '',_BATCH_EXECUTING,' ',Entity::hsc($action),'
'; echo '' , $text, '
'; if ($message != '') { echo '',$message,'
'; } if ($bNeedsPasswordChange) { ?> pagefoot(); } /** * Account activation - set password part * * @author dekarma */ function action_activatesetpwd() { global $manager; $key = postVar('key'); // clean up old activation keys Member::cleanupActivationTable(); // get activation info $info = Member::getActivationInfo($key); if (!$info || ($info['type'] == 'addresschange')) return $this->_showActivationPage($key, _ERROR_ACTIVATE); $mem =& $manager->getMember($info['vmember']); if (!$mem) return $this->_showActivationPage($key, _ERROR_ACTIVATE); $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); if ($password != $repeatpassword) return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); if ($password && (i18n::strlen($password) < 6)) return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); if ($password) { $pwdvalid = true; $pwderror = ''; global $manager; $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); if (!$pwdvalid) { return $this->_showActivationPage($key,$pwderror); } } $error = ''; $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error)); if ($error != '') return $this->_showActivationPage($key, $error); // set password $mem->setPassword($password); $mem->write(); // do the activation Member::activate($key); $this->pagehead(); echo '',_ACTIVATE_SUCCESS_TEXT,'
'; $this->pagefoot(); } /** * Admin::action_manageteam() * * Manage team * @param void * @return void */ public function action_manageteam() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $this->pagehead(); echo "(" . _BACK_TO_BLOGSETTINGS . ")
\n"; echo 'getDisplayName()) ?>getName())) ?>
pagefoot(); } /** * @todo document this */ function action_teamdeleteconfirm() { global $member; $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); $error = $this->deleteOneTeamMember($blogid, $memberid); if ($error) $this->error($error); $this->action_manageteam(); } /** * @todo document this */ function deleteOneTeamMember($blogid, $memberid) { global $member, $manager; $blogid = intval($blogid); $memberid = intval($memberid); // check if allowed if (!$member->blogAdminRights($blogid)) return _ERROR_DISALLOWED; // check if: - there remains at least one blog admin // - (there remains at least one team member) $tmem =& $manager->getMember($memberid); $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); if ($tmem->isBlogAdmin($blogid)) { // check if there are more blog members left and at least one admin // (check for at least two admins before deletion) $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1'; $r = DB::getResult($query); if ($r->rowCount() < 2) return _ERROR_ATLEASTONEBLOGADMIN; } $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid"; DB::execute($query); $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); return ''; } /** * @todo document this */ function action_teamchangeadmin() { global $manager, $member; $blogid = intRequestVar('blogid'); $memberid = intRequestVar('memberid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $mem =& $manager->getMember($memberid); // don't allow when there is only one admin at this moment if ($mem->isBlogAdmin($blogid)) { $r = DB::getResult('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); if ($r->rowCount() == 1) $this->error(_ERROR_ATLEASTONEBLOGADMIN); } if ($mem->isBlogAdmin($blogid)) $newval = 0; else $newval = 1; $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; DB::execute($query); // only show manageteam if member did not change its own admin privileges if ($member->isBlogAdmin($blogid)) $this->action_manageteam(); else $this->action_overview(_MSG_ADMINCHANGED); } /** * Admin::action_blogsettings() * * @param void * @return void */ public function action_blogsettings() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $extrahead = "\n"; $this->pagehead($extrahead); echo '\n"; echo '' . _EBLOG_CURRENT_TEAM_MEMBER; $query = "SELECT mname, mrealname FROM %s, %s WHERE mnumber=tmember AND tblog=%d;"; $query = sprintf($query, sql_table('member'), sql_table('team'), (integer) $blogid); $res = DB::getResult($query); $aMemberNames = array(); foreach ( $res as $row ) { $aMemberNames[] = Entity::hsc($row['mname']) . ' (' . Entity::hsc($row['mrealname']). ')'; } echo implode(',', $aMemberNames); echo "
\n"; echo ''; echo '' . _EBLOG_TEAM_TEXT . ''; echo "
\n"; echo '
getDisplayName()) ?>
pagefoot(); } /** * @todo document this */ function action_memberdeleteconfirm() { global $member; ======= >>>>>>> skinnable-master /** * Admin::action_adminskinieimport() * * @param void * @return void */ static private function action_adminskinieimport() { global $member; <<<<<<< HEAD $memberid = intval($memberid); $mem =& $manager->getMember($memberid); if ( !$mem->canBeDeleted() ) { return _ERROR_DELETEMEMBER; } ======= $member->isAdmin() or self::disallow(); >>>>>>> skinnable-master $skinFileRaw = postVar('skinfile'); $mode = postVar('mode'); $error = self::skinieimport($mode, $skinFileRaw); if ( $error ) { <<<<<<< HEAD $query = "UPDATE %s SET cmember=0, cuser=%s WHERE cmember=%d"; $query = sprintf($query, sql_table('comment'), DB::quoteValue($mem->getDisplayName()), $memberid); DB::execute($query); } $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid; DB::execute($query); $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid; DB::execute($query); $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid; DB::execute($query); // delete all associated plugin options NucleusPlugin::delete_option_values('member', $memberid); $manager->notify('PostDeleteMember', array('member' => &$mem)); return ''; } /** * @todo document this */ function action_createnewlog() { global $member, $CONF, $manager; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $this->pagehead(); echo ''; ?>
pagefoot(); } /** * @todo document this */ function action_addnewlog() { global $member, $manager, $CONF; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $bname = trim(postVar('name')); $bshortname = trim(postVar('shortname')); $btimeoffset = postVar('timeoffset'); $bdesc = trim(postVar('desc')); $bdefskin = postVar('defskin'); if (!isValidShortName($bshortname)) $this->error(_ERROR_BADSHORTBLOGNAME); if ($manager->existsBlog($bshortname)) $this->error(_ERROR_DUPSHORTBLOGNAME); $manager->notify( 'PreAddBlog', array( 'name' => &$bname, 'shortname' => &$bshortname, 'timeoffset' => &$btimeoffset, 'description' => &$bdesc, 'defaultskin' => &$bdefskin ) ); // create blog $query = sprintf('INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES (%s, %s, %s, %s, %s)', sql_table('blog'), DB::quoteValue($bname), DB::quoteValue($bshortname), DB::quoteValue($bdesc), DB::quoteValue($btimeoffset), DB::quoteValue($bdefskin) ); DB::execute($query); $blogid = DB::getInsertId(); $blog =& $manager->getBlog($blogid); // create new category $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General'); $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories'); $query = sprintf('INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)', sql_table('category'), $blogid, DB::quoteValue($catdefname), DB::quoteValue($catdefdesc) ); DB::execute($query); $catid = DB::getInsertId(); // set as default category $blog->setDefaultCategory($catid); $blog->writeSettings(); // create team member $memberid = $member->getID(); $query = sprintf('INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1)', sql_table('team'), $memberid, $blogid); DB::execute($query); $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); $manager->notify( 'PostAddBlog', array( 'blog' => &$blog ) ); $manager->notify( 'PostAddCategory', array( 'blog' => &$blog, 'name' => _EBLOGDEFAULTCATEGORY_NAME, 'description' => _EBLOGDEFAULTCATEGORY_DESC, 'catid' => $catid ) ); $this->pagehead(); ?>
<?php
$CONF['Self'] = '.php';
include('./config.php');
selectBlog('');
selector();
?>
0) { ?>
pagefoot(); } /** * @todo document this */ function action_skinieimport() { global $member, $DIR_LIBS, $DIR_SKINS, $manager; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $skinFileRaw= postVar('skinfile'); $mode = postVar('mode'); $importer = new SkinImport(); // get full filename if ($mode == 'file') { $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; } else { $skinFile = $skinFileRaw; } // read only metadata $error = $importer->readFile($skinFile, 1); // clashes $skinNameClashes = $importer->checkSkinNameClashes(); $templateNameClashes = $importer->checkTemplateNameClashes(); $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); if ($error) $this->error($error); $this->pagehead(); echo ''; ?>
getInfo()) ?>
'._AND.' ',$importer->getSkinNames()) ?>
'._AND.' ',$importer->getTemplateNames()) ?>
'._AND.' ',$skinNameClashes) ?>
'._AND.' ',$templateNameClashes) ?>
getInfo()) ?>
'._AND.' ',$importer->getSkinNames()) ?>
'._AND.' ',$importer->getTemplateNames()) ?>
()
pagefoot(); } /** * @todo document this */ function action_templatedeleteconfirm() { global $member, $manager; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); // 1. delete description DB::execute('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); // 2. delete parts DB::execute('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); $this->action_templateoverview(); } /** * @todo document this */ function action_templatenew() { global $member; $member->isAdmin() or $this->disallow(); $name = postVar('name'); $desc = postVar('desc'); if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); if (Template::exists($name)) $this->error(_ERROR_DUPTEMPLATENAME); $newTemplateId = Template::createNew($name, $desc); $this->action_templateoverview(); } /** * @todo document this */ function action_templateclone() { global $member; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); // 1. read old template $name = Template::getNameFromId($templateid); $desc = Template::getDesc($templateid); // 2. create desc thing $name = "cloned" . $name; // if a template with that name already exists: if (Template::exists($name)) { $i = 1; while (Template::exists($name . $i)) $i++; $name .= $i; } $newid = Template::createNew($name, $desc); // 3. create clone // go through parts of old template and add them to the new one $res = DB::getResult('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); foreach ( $res as $row ) { $this->addToTemplate($newid, $row['tpartname'], $row['tcontent']); } $this->action_templateoverview(); } /** * Admin::action_skinoverview() * * @param void * @return void */ public function action_skinoverview() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '\n"; echo '"; echo '( ' . _SKIN_BACK . " )"; echo "
\n"; echo '" . _MESSAGE . ": $msg
\n"; } echo "\n"; $this->pagefoot(); return; } /** * @todo document this */ function action_skinupdate() { global $member; $skinid = intRequestVar('skinid'); $content = trim(postVar('content')); $type = postVar('type'); $member->isAdmin() or $this->disallow(); $skin = new SKIN($skinid); $skin->update($type, $content); $this->action_skinedittype(_SKIN_UPDATED); } /** * @todo document this */ function action_skindelete() { global $member, $manager, $CONF; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // don't allow default skin to be deleted if ($skinid == $CONF['BaseSkin']) $this->error(_ERROR_DEFAULTSKIN); // don't allow deletion of default skins for blogs $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; $r = DB::getValue($query); if ( $r ) $this->error(_ERROR_SKINDEFDELETE . Entity::hsc($r)); $this->pagehead(); $skin = new SKIN($skinid); $name = $skin->getName(); $desc = $skin->getDescription(); ?>()
pagefoot(); } /** * @todo document this */ function action_skindeleteconfirm() { global $member, $CONF, $manager; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // don't allow default skin to be deleted if ($skinid == $CONF['BaseSkin']) $this->error(_ERROR_DEFAULTSKIN); // don't allow deletion of default skins for blogs $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; $r = DB::getValue($query); if ($r) $this->error(_ERROR_SKINDEFDELETE .$r); $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); // 1. delete description DB::execute('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); // 2. delete parts DB::execute('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); $this->action_skinoverview(); } /** * Admin::action_skinremovetype() * * @param void * @return void */ public function action_skinremovetype() { global $member, $manager, $CONF; $skinid = intRequestVar('skinid'); $skintype = requestVar('type'); if ( !isValidShortName($skintype) ) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $member->isAdmin() or $this->disallow(); // don't allow default skinparts to be deleted $skin = new Skin($skinid); $default_skin_types = $skin->getDefaultTypes(); if ( array_key_exists($skintype, $default_skin_types) ) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $name = $skin->getName(); $desc = $skin->getDescription(); $this->pagehead(); echo '\n"; echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; echo Entity::hsc($skintype); echo '(' . Entity::hsc($name) . ')'; echo ' (' . Entity::hsc($desc) . ')'; echo "
\n"; echo "\n"; $this->pagefoot(); return; } /** * Admin::action_skinremovetypeconfirm() * * @param void * @return void */ public function action_skinremovetypeconfirm() { global $member, $CONF, $manager; $skinid = intRequestVar('skinid'); $skintype = requestVar('type'); if ( !isValidShortName($skintype) ) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $member->isAdmin() or $this->disallow(); // don't allow default skinparts to be deleted $skin = new Skin($skinid); $default_skin_types = $skin->getDefaultTypes(); if ( array_key_exists($skintype, $default_skin_types) ) { $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); } $data = array( 'skinid' => $skinid, 'skintype' => $skintype ); $manager->notify('PreDeleteSkinPart', $data); // delete part $query = "DELETE FROM %s WHERE sdesc=%d AND stype='%s';"; $query = sprintf($query, sql_table('skin'), (integer) $skinid, $skintype); DB::execute($query); $data = array( 'skinid' => $skinid, 'skintype' => $skintype ); $manager->notify('PostDeleteSkinPart', $data); $this->action_skinedit(); return; } /** * @todo document this */ function action_skinclone() { global $member; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); // 1. read skin to clone $skin = new SKIN($skinid); $name = "clone_" . $skin->getName(); // if a skin with that name already exists: if (Skin::exists($name)) { $i = 1; while (Skin::exists($name . $i)) $i++; $name .= $i; } // 2. create skin desc $newid = Skin::createNew( $name, $skin->getDescription(), $skin->getContentType(), $skin->getIncludeMode(), $skin->getIncludePrefix() ); $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid; $res = DB::getResult($query); foreach ( $res as $row) { $this->skinclonetype($skin, $newid, $row['stype']); } $this->action_skinoverview(); } ======= if ( !is_object(self::$skin) ) { global $DIR_SKINS; $query = "SELECT min(sdnumber) FROM %s WHERE sdname != 'admin/bookmarklet' AND sdname LIKE 'admin/%%'"; $query = sprintf($query, sql_table('skin_desc')); $res = intval(DB::getValue($query)); $query = "UPDATE %s SET value = %d WHERE name = 'AdminSkin'"; $query = sprintf($query, sql_table('config'), $res); DB::execute($query); if ( $res ) { redirect($CONF['AdminURL']); exit; } $skin = new Skin(0, 'AdminActions', 'AdminSkin'); $skin->parse('importAdmin', $DIR_SKINS . 'admin/defaultimporter.skn'); } else { self::$skin->parse('adminskiniedoimport'); } return; } >>>>>>> skinnable-master /** * Admin::action_adminskinieexport() * * @param void * @return void */ static private function action_adminskinieexport() { <<<<<<< HEAD $newid = intval($newid); $content = $skin->getContentFromDB($type); if ( $content ) { $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')"; $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type); DB::execute($query); } ======= global $member; $member->isAdmin() or self::disallow(); // load skinie class $aSkins = requestIntArray('skin'); $aTemplates = requestIntArray('template'); $info = postVar('info'); self::skinieexport($aSkins, $aTemplates, $info); >>>>>>> skinnable-master return; } /** * Admin::action_settingsedit() * * @param Void * @return Void */ static private function action_settingsedit() { global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; <<<<<<< HEAD $member->isAdmin() or $this->disallow(); $this->pagehead(); echo ''; ?> ',_PLUGINS_EXTRA,''; $manager->notify( 'GeneralSettingsFormExtras', array() ); $this->pagefoot(); ======= $member->isAdmin() or self::disallow(); self::$skin->parse('settingsedit'); return; >>>>>>> skinnable-master } /** * Admin::action_settingsupdate() * Update $CONFIG and redirect * * @param void * @return void */ static private function action_settingsupdate() { global $member, $CONF; $member->isAdmin() or self::disallow(); // check if email address for admin is valid if ( !NOTIFICATION::address_validation(postVar('AdminEmail')) ) { self::error(_ERROR_BADMAILADDRESS); return; } // save settings self::updateConfig('DefaultBlog', postVar('DefaultBlog')); self::updateConfig('BaseSkin', postVar('BaseSkin')); self::updateConfig('IndexURL', postVar('IndexURL')); self::updateConfig('AdminURL', postVar('AdminURL')); self::updateConfig('PluginURL', postVar('PluginURL')); self::updateConfig('SkinsURL', postVar('SkinsURL')); self::updateConfig('ActionURL', postVar('ActionURL')); self::updateConfig('Locale', postVar('Locale')); self::updateConfig('AdminEmail', postVar('AdminEmail')); self::updateConfig('SessionCookie', postVar('SessionCookie')); self::updateConfig('AllowMemberCreate', postVar('AllowMemberCreate')); self::updateConfig('AllowMemberMail', postVar('AllowMemberMail')); self::updateConfig('NonmemberMail', postVar('NonmemberMail')); self::updateConfig('ProtectMemNames', postVar('ProtectMemNames')); self::updateConfig('SiteName', postVar('SiteName')); self::updateConfig('NewMemberCanLogon', postVar('NewMemberCanLogon')); self::updateConfig('DisableSite', postVar('DisableSite')); self::updateConfig('DisableSiteURL', postVar('DisableSiteURL')); self::updateConfig('LastVisit', postVar('LastVisit')); self::updateConfig('MediaURL', postVar('MediaURL')); self::updateConfig('AllowedTypes', postVar('AllowedTypes')); self::updateConfig('AllowUpload', postVar('AllowUpload')); self::updateConfig('MaxUploadSize', postVar('MaxUploadSize')); self::updateConfig('MediaPrefix', postVar('MediaPrefix')); self::updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); self::updateConfig('DisableJsTools', postVar('DisableJsTools')); self::updateConfig('CookieDomain', postVar('CookieDomain')); self::updateConfig('CookiePath', postVar('CookiePath')); self::updateConfig('CookieSecure', postVar('CookieSecure')); self::updateConfig('URLMode', postVar('URLMode')); self::updateConfig('CookiePrefix', postVar('CookiePrefix')); self::updateConfig('DebugVars', postVar('DebugVars')); self::updateConfig('DefaultListSize', postVar('DefaultListSize')); self::updateConfig('AdminCSS', postVar('AdminCSS')); self::updateConfig('AdminSkin', postVar('adminskin')); self::updateConfig('BookmarkletSkin', postVar('bookmarklet')); // load new config and redirect (this way, the new locale will be used is necessary) // note that when changing cookie settings, this redirect might cause the user // to have to log in again. getConfig(); redirect($CONF['AdminURL'] . '?action=manage'); return; } /** * Admin::action_systemoverview() * Output system overview * * @param void * @return void */ static private function action_systemoverview() { <<<<<<< HEAD global $member, $nucleus, $CONF; $this->pagehead(); echo '' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . " | \n"; echo "|
---|---|
' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . " | \n"; echo '' . phpversion() . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . " | \n"; echo '' . DB::getAttribute(PDO::ATTR_SERVER_VERSION) . ' (' . DB::getAttribute(PDO::ATTR_CLIENT_VERSION) . ')' . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . " | \n"; echo "|
---|---|
magic_quotes_gpc' . " | \n"; $mqg = get_magic_quotes_gpc() ? 'On' : 'Off'; echo '' . $mqg . " | \n"; echo "
magic_quotes_runtime' . " | \n"; $mqr = get_magic_quotes_runtime() ? 'On' : 'Off'; echo '' . $mqr . " | \n"; echo "
register_globals' . " | \n"; $rg = ini_get('register_globals') ? 'On' : 'Off'; echo '' . $rg . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . " | \n"; echo "|
---|---|
' . $key . " | \n"; echo '' . $value . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_MODULES . " | \n"; echo "|
---|---|
mod_rewrite' . " | \n"; $modrewrite = (i18n::strpos($im, 'mod_rewrite') !== FALSE) ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; echo '' . $modrewrite . " | \n"; echo "
Nucleus CMS' . " | \n"; echo "|
---|---|
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . " | \n"; echo '' . $nv . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . " | \n"; echo '' . $np . " | \n"; echo "
' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . " | \n"; echo "|
---|---|
' . '$CONF[' . "'Self'] | \n"; echo '' . $CONF['Self'] . " | \n"; echo "
' . '$CONF[' . "'ItemURL'] | \n"; echo '' . $CONF['ItemURL'] . " | \n"; echo "
' . '$CONF[' . "'alertOnHeadersSent'] | \n"; $ohs = $CONF['alertOnHeadersSent'] ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; echo '' . $ohs . " | \n"; echo "
i18n::get_current_charset() | \n"; echo '' . i18n::get_current_charset() . " | \n"; echo "
'; echo _BOOKMARKLET_DESC1 . _BOOKMARKLET_DESC2 . _BOOKMARKLET_DESC3 . _BOOKMARKLET_DESC4 . _BOOKMARKLET_DESC5; echo "
\n"; echo ''; echo _BOOKMARKLET_BMARKTEXT . '' . _BOOKMARKLET_BMARKTEST . ''; echo "
\n"; echo ''; echo '' . sprintf(_BOOKMARKLET_ANCHOR, Entity::hsc($blog->getName())) . ''; echo _BOOKMARKLET_BMARKFOLLOW; echo "
\n"; $this->pagefoot(); return; } /** * @todo document this */ function action_actionlog() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo ''; $url = $manager->addTicketToUrl('index.php?action=clearactionlog'); ?> ' . _ACTIONLOG_TITLE . ''; $query = 'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC'; $template['content'] = 'actionlist'; $amount = showlist($query,'table',$template); $this->pagefoot(); } /** * @todo document this */ function action_banlist() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $this->pagehead(); echo ''; echo '"._BAN_REMOVED_TEXT."
"; echo "Error: ', _ERROR_PLUGNOHELPFILE,'
'; echo ''; } $this->pagefoot(); } ======= >>>>>>> skinnable-master /** * Admin::action_pluginadd() * * @param Void * @return Void * */ static private function action_pluginadd() { global $member, $manager, $DIR_PLUGINS; // check if allowed $member->isAdmin() or self::disallow(); $name = postVar('filename'); if ( $manager->pluginInstalled($name) ) { self::error(_ERROR_DUPPLUGIN); return; } if ( !checkPlugin($name) ) { self::error(_ERROR_PLUGFILEERROR . ' (' . Entity::hsc($name) . ')'); return; } // get number of currently installed plugins <<<<<<< HEAD $res = DB::getResult('SELECT * FROM '.sql_table('plugin')); ======= $res = DB::getResult('SELECT * FROM ' . sql_table('plugin')); >>>>>>> skinnable-master $numCurrent = $res->rowCount(); // plugin will be added as last one in the list $newOrder = $numCurrent + 1; $data = array('file' => &$name); $manager->notify('PreAddPlugin', $data); // do this before calling getPlugin (in case the plugin id is used there) <<<<<<< HEAD $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.','.DB::quoteValue($name).')'; ======= $query = "INSERT INTO %s (porder, pfile) VALUES (%d, %s);"; $query = sprintf($query, sql_table('plugin'), (integer) $newOrder, DB::quoteValue($name)); >>>>>>> skinnable-master DB::execute($query); $iPid = DB::getInsertId(); $manager->clearCachedInfo('installedPlugins'); // Load the plugin for condition checking and instalation $plugin =& $manager->getPlugin($name); // check if it got loaded (could have failed) if ( !$plugin ) { <<<<<<< HEAD DB::execute('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid)); ======= $query = "DELETE FROM %s WHERE pid=%d;"; $query = sprintf($query, sql_table('plugin'), (integer) $iPid); DB::execute($query); >>>>>>> skinnable-master $manager->clearCachedInfo('installedPlugins'); self::error(_ERROR_PLUGIN_LOAD); return; } // check if plugin needs a newer Nucleus version if ( getNucleusVersion() < $plugin->getMinNucleusVersion() ) { // uninstall plugin again... self::deleteOnePlugin($plugin->getID()); // ...and show error self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc($plugin->getMinNucleusVersion())); return; } // check if plugin needs a newer Nucleus version if ( (getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) ) { // uninstall plugin again... self::deleteOnePlugin($plugin->getID()); // ...and show error self::error(_ERROR_NUCLEUSVERSIONREQ . Entity::hsc( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) ); return; } $pluginList = $plugin->getPluginDep(); foreach ( $pluginList as $pluginName ) { $res = DB::getResult('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile=' . DB::quoteValue($pluginName)); if ($res->rowCount() == 0) { // uninstall plugin again... self::deleteOnePlugin($plugin->getID()); self::error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName))); return; } } // call the install method of the plugin $plugin->install(); $data = array('plugin' => &$plugin); $manager->notify('PostAddPlugin', $data); // update all events self::action_pluginupdate(); return; } /** * ADMIN:action_pluginupdate(): * * @param Void * @return Void * */ static private function action_pluginupdate() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or self::disallow(); // delete everything from plugin_events DB::execute('DELETE FROM '.sql_table('plugin_event')); // loop over all installed plugins $res = DB::getResult('SELECT pid, pfile FROM '.sql_table('plugin')); foreach ( $res as $row ) { $pid = $row['pid']; $plug =& $manager->getPlugin($row['pfile']); if ( $plug ) { $eventList = $plug->getEventList(); foreach ( $eventList as $eventName ) { $query = "INSERT INTO %s (pid, event) VALUES (%d, %s)"; $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, DB::quoteValue($eventName)); DB::execute($query); } } } redirect($CONF['AdminURL'] . '?action=pluginlist'); return; } /** * Admin::action_plugindelete() * * @param void * @return void */ static private function action_plugindelete() { global $member, $manager; // check if allowed $member->isAdmin() or self::disallow(); $pid = intGetVar('plugid'); if ( !$manager->pidInstalled($pid) ) { self::error(_ERROR_NOSUCHPLUGIN); return; } self::$skin->parse('plugindelete'); return; } /** * Admin::action_plugindeleteconfirm() * * @param void * @return void */ static private function action_plugindeleteconfirm() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or self::disallow(); $pid = intPostVar('plugid'); $error = self::deleteOnePlugin($pid, 1); if ( $error ) { self::error($error); return; } redirect($CONF['AdminURL'] . '?action=pluginlist'); return; } /** * Admin::deleteOnePlugin() * * @param integer $pid * @param boolean $callUninstall * @return string empty or message if failed */ static public function deleteOnePlugin($pid, $callUninstall = 0) { global $manager; $pid = intval($pid); if ( !$manager->pidInstalled($pid) ) { return _ERROR_NOSUCHPLUGIN; } $query = "SELECT pfile as result FROM %s WHERE pid=%d;"; $query = sprintf($query, sql_table('plugin'), (integer) $pid); $name = DB::getValue($query); // check dependency before delete $res = DB::getResult('SELECT pfile FROM ' . sql_table('plugin')); foreach ( $res as $row ) { $plug =& $manager->getPlugin($row['pfile']); if ( $plug ) { $depList = $plug->getPluginDep(); foreach ( $depList as $depName ) { if ( $name == $depName ) { return sprintf(_ERROR_DELREQPLUGIN, $row['pfile']); } } } } $data = array('plugid' => $pid); $manager->notify('PreDeletePlugin', $data); // call the unInstall method of the plugin if ( $callUninstall ) { $plugin =& $manager->getPlugin($name); if ( $plugin ) { $plugin->unInstall(); } } // delete all subscriptions DB::execute('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid); // delete all options // get OIDs from plugin_option_desc $res = DB::getResult('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); $aOIDs = array(); foreach ( $res as $row ) { array_push($aOIDs, $row['oid']); } // delete from plugin_option and plugin_option_desc DB::execute('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); if (count($aOIDs) > 0) { DB::execute('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')'); } // update order numbers $res = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid); DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $res); // delete row DB::execute('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid); $manager->clearCachedInfo('installedPlugins'); $data = array('plugid' => $pid); $manager->notify('PostDeletePlugin', $data); return ''; } /** * Admin::action_pluginup() * * @param void * @return void */ static private function action_pluginup() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or self::disallow(); $plugid = intGetVar('plugid'); if ( !$manager->pidInstalled($plugid) ) { <<<<<<< HEAD $res = DB::getResult('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile=' . DB::quoteValue($pluginName)); if ($res->rowCount() == 0) { // uninstall plugin again... $this->deleteOnePlugin($plugin->getID()); $this->error(sprintf(_ERROR_INSREQPLUGIN, Entity::hsc($pluginName))); } ======= self::error(_ERROR_NOSUCHPLUGIN); return; >>>>>>> skinnable-master } // 1. get old order number $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid); // 2. calculate new order number $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; // 3. update plug numbers DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder); DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid); //self::action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. redirect($CONF['AdminURL'] . '?action=pluginlist'); return; } /** * Admin::action_plugindown() * * @param void * @return void */ static private function action_plugindown() { global $member, $manager, $CONF; // check if allowed <<<<<<< HEAD $member->isAdmin() or $this->disallow(); // delete everything from plugin_events DB::execute('DELETE FROM '.sql_table('plugin_event')); // loop over all installed plugins $res = DB::getResult('SELECT pid, pfile FROM '.sql_table('plugin')); foreach ( $res as $row ) { $pid = $row['pid']; $plug =& $manager->getPlugin($row['pfile']); if ( $plug ) { $eventList = $plug->getEventList(); foreach ( $eventList as $eventName ) { $query = "INSERT INTO %s (pid, event) VALUES (%d, %s)"; $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, DB::quoteValue($eventName)); DB::execute($query); } } ======= $member->isAdmin() or self::disallow(); $plugid = intGetVar('plugid'); if ( !$manager->pidInstalled($plugid) ) { self::error(_ERROR_NOSUCHPLUGIN); return; >>>>>>> skinnable-master } // 1. get old order number $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid); $res = DB::getResult('SELECT * FROM ' . sql_table('plugin')); $maxOrder = $res->rowCount(); // 2. calculate new order number $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; // 3. update plug numbers DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder); DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid); //self::action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. redirect($CONF['AdminURL'] . '?action=pluginlist'); return; } <<<<<<< HEAD /** * @todo document this */ function action_plugindelete() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $pid = intGetVar('plugid'); if (!$manager->pidInstalled($pid)) $this->error(_ERROR_NOSUCHPLUGIN); $this->pagehead(); ?>getPluginNameFromPid($pid) ?>?
pagefoot(); } /** * @todo document this */ function action_plugindeleteconfirm() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $pid = intPostVar('plugid'); $error = $this->deleteOnePlugin($pid, 1); if ($error) { $this->error($error); } redirect($CONF['AdminURL'] . '?action=pluginlist'); // $this->action_pluginlist(); } /** * @todo document this */ function deleteOnePlugin($pid, $callUninstall = 0) { global $manager; $pid = intval($pid); if (!$manager->pidInstalled($pid)) return _ERROR_NOSUCHPLUGIN; $name = DB::getValue('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid); /* // call the unInstall method of the plugin if ($callUninstall) { $plugin =& $manager->getPlugin($name); if ($plugin) $plugin->unInstall(); }*/ // check dependency before delete $res = DB::getResult('SELECT pfile FROM '.sql_table('plugin')); foreach ( $res as $row ) { $plug =& $manager->getPlugin($row['pfile']); if ($plug) { $depList = $plug->getPluginDep(); foreach ($depList as $depName) { if ($name == $depName) { return sprintf(_ERROR_DELREQPLUGIN, $row['pfile']); } } } } $manager->notify('PreDeletePlugin', array('plugid' => $pid)); // call the unInstall method of the plugin if ($callUninstall) { $plugin =& $manager->getPlugin($name); if ($plugin) $plugin->unInstall(); } // delete all subscriptions DB::execute('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid); // delete all options // get OIDs from plugin_option_desc $res = DB::getResult('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); $aOIDs = array(); foreach ( $res as $row ) { array_push($aOIDs, $row['oid']); } // delete from plugin_option and plugin_option_desc DB::execute('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid); if (count($aOIDs) > 0) DB::execute('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')'); // update order numbers $res = DB::getValue('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid); DB::execute('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$res); // delete row DB::execute('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid); $manager->clearCachedInfo('installedPlugins'); $manager->notify('PostDeletePlugin', array('plugid' => $pid)); return ''; } /** * @todo document this */ function action_pluginup() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $plugid = intGetVar('plugid'); if (!$manager->pidInstalled($plugid)) $this->error(_ERROR_NOSUCHPLUGIN); // 1. get old order number $oldOrder = DB::getValue('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); // 2. calculate new order number $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; // 3. update plug numbers DB::execute('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); DB::execute('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); //$this->action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. redirect($CONF['AdminURL'] . '?action=pluginlist'); } /** * @todo document this */ function action_plugindown() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $plugid = intGetVar('plugid'); if (!$manager->pidInstalled($plugid)) $this->error(_ERROR_NOSUCHPLUGIN); // 1. get old order number $oldOrder = DB::getValue('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); $res = DB::getResult('SELECT * FROM '.sql_table('plugin')); $maxOrder = $res->rowCount(); // 2. calculate new order number $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; // 3. update plug numbers DB::execute('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); DB::execute('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); //$this->action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. redirect($CONF['AdminURL'] . '?action=pluginlist'); } ======= >>>>>>> skinnable-master /** * Admin::action_pluginoptions() * * Output Plugin option page * * @access public * @param string $message message when fallbacked * @return void * */ static private function action_pluginoptions($message = '') { global $member, $manager; // check if allowed $member->isAdmin() or self::disallow(); $pid = intRequestVar('plugid'); if ( !$manager->pidInstalled($pid) ) { self::error(_ERROR_NOSUCHPLUGIN); return; } <<<<<<< HEAD $pname = $manager->getPluginNameFromPid($pid); /* NOTE: to include translation file */ $manager->getPlugin($pname); $extrahead = "\n"; $this->pagehead($extrahead); echo '\n"; echo '