+ /**
+ * Admin::action_itemdelete()
+ * Delete item
+ *
+ * @param Void
+ * @return Void
+ */
+ static private function action_itemdelete()
+ {
+ global $member, $manager;
+
+ $itemid = intRequestVar('itemid');
+
+ // only allow if user is allowed to alter item
+ $member->canAlterItem($itemid) or self::disallow();
+
+ if ( !$manager->existsItem($itemid,1,1) )
+ {
+ self::error(_ERROR_NOSUCHITEM);
+ return;
+ }
+
+ self::$skin->parse('itemdelete');
+ return;
+ }
+
+ /**
+ * Admin::action_itemdeleteconfirm()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_itemdeleteconfirm()
+ {
+ global $member, $manager;
+
+ $itemid = intRequestVar('itemid');
+
+ // only allow if user is allowed to alter item
+ $member->canAlterItem($itemid) or self::disallow();
+
+ // get item first
+ $item =& $manager->getItem($itemid, 1, 1);
+
+ // delete item (note: some checks will be performed twice)
+ self::deleteOneItem($item['itemid']);
+
+ self::action_itemlist($item['blogid']);
+ return;
+ }
+
+ /**
+ * Admin::deleteOneItem()
+ * Deletes one item and returns error if something goes wrong
+ *
+ * @param integer $itemid ID for item
+ * @return void
+ */
+ static public function deleteOneItem($itemid)
+ {
+ global $member, $manager;
+
+ // only allow if user is allowed to alter item (also checks if itemid exists)
+ if ( !$member->canAlterItem($itemid) )
+ {
+ return _ERROR_DISALLOWED;
+ }
+
+ // need to get blogid before the item is deleted
+ $item =& $manager->getItem($itemid, 1, 1);
+
+ $manager->loadClass('ITEM');
+ Item::delete($item['itemid']);
+
+ // update blog's futureposted
+ self::updateFuturePosted($item['itemid']);
+ return;
+ }
+
+ /**
+ * Admin::updateFuturePosted()
+ * Update a blog's future posted flag
+ *
+ * @param integer $blogid
+ * @return void
+ */
+ static private function updateFuturePosted($blogid)
+ {
+ global $manager;
+
+ $blogid = intval($blogid);
+ $blog =& $manager->getBlog($blogid);
+ $currenttime = $blog->getCorrectTime(time());
+
+ $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'";
+ $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime));
+ $result = DB::getResult($query);
+
+ if ( $result->rowCount() > 0 )
+ {
+ $blog->setFuturePost();
+ }
+ else
+ {
+ $blog->clearFuturePost();
+ }
+ return;
+ }
+
+ /**
+ * Admin::action_itemmove()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_itemmove()
+ {
+ global $member, $manager;
+
+ $itemid = intRequestVar('itemid');
+
+ $member->canAlterItem($itemid) or self::disallow();
+
+ self::$skin->parse('itemmove');
+ return;
+ }
+
+ /**
+ * Admin::action_itemmoveto()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_itemmoveto()
+ {
+ global $member, $manager;
+
+ $itemid = intRequestVar('itemid');
+ $catid = requestVar('catid');
+
+ // create new category if needed
+ if ( i18n::strpos($catid,'newcat') === 0 )
+ {
+ // get blogid
+ list($blogid) = sscanf($catid,'newcat-%d');
+
+ // create
+ $blog =& $manager->getBlog($blogid);
+ $catid = $blog->createNewCategory();
+
+ // show error when sth goes wrong
+ if ( !$catid )
+ {
+ self::doError(_ERROR_CATCREATEFAIL);
+ }
+ }
+
+ // only allow if user is allowed to alter item
+ $member->canUpdateItem($itemid, $catid) or self::disallow();
+
+ $old_blogid = getBlogIDFromItemId($itemid);
+
+ Item::move($itemid, $catid);
+
+ // set the futurePosted flag on the blog
+ self::updateFuturePosted(getBlogIDFromItemId($itemid));
+
+ // reset the futurePosted in case the item is moved from one blog to another
+ self::updateFuturePosted($old_blogid);
+
+ if ( $catid != intRequestVar('catid') )
+ {
+ self::action_categoryedit($catid, $blog->getID());
+ }
+ else
+ {
+ self::action_itemlist(getBlogIDFromCatID($catid));
+ }
+ return;
+ }
+
+ /**
+ * Admin::moveOneItem()
+ * Moves one item to a given category (category existance should be checked by caller)
+ * errors are returned
+ *
+ * @param integer $itemid ID for item
+ * @param integer $destCatid ID for category to which the item will be moved
+ * @return void
+ */
+ static public function moveOneItem($itemid, $destCatid)
+ {
+ global $member;
+
+ // only allow if user is allowed to move item
+ if ( !$member->canUpdateItem($itemid, $destCatid) )
+ {
+ return _ERROR_DISALLOWED;
+ }
+
+ Item::move($itemid, $destCatid);
+ return;
+ }
+
+ /**
+ * Admin::action_additem()
+ * Adds a item to the chosen blog
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_additem()
+ {
+ global $manager, $CONF;
+
+ $manager->loadClass('ITEM');
+
+ $result = Item::createFromRequest();
+
+ if ( $result['status'] == 'error' )
+ {
+ self::error($result['message']);
+ return;
+ }
+
+ $item =& $manager->getItem($result['itemid'], 0, 0);
+
+ if ( $result['status'] == 'newcategory' )
+ {
+ $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . $item['blogid']);
+ self::action_categoryedit($result['catid'], $item['blogid'], $distURI);
+ }
+ else
+ {
+ $methodName = 'action_itemlist';
+ self::action_itemlist($item['blogid']);
+ }
+ return;
+ }
+
+ /**
+ * Admin::action_commentedit()
+ * Allows to edit previously made comments
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_commentedit()
+ {
+ global $member, $manager;
+
+ $commentid = intRequestVar('commentid');
+
+ $member->canAlterComment($commentid) or self::disallow();
+
+ $comment = Comment::getComment($commentid);
+ $data = array('comment' => &$comment);
+ $manager->notify('PrepareCommentForEdit', $data);
+
+ self::$contents = $comment;
+ self::$skin->parse('commentedit');
+ return;
+ }
+
+ /**
+ * Admin::action_commentupdate()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_commentupdate()
+ {
+ global $member, $manager;
+
+ $commentid = intRequestVar('commentid');
+
+ $member->canAlterComment($commentid) or self::disallow();
+
+ $url = postVar('url');
+ $email = postVar('email');
+ $body = postVar('body');
+
+ // intercept words that are too long
+ if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
+ {
+ self::error(_ERROR_COMMENT_LONGWORD);
+ return;
+ }
+
+ // check length
+ if ( i18n::strlen($body) < 3 )
+ {
+ self::error(_ERROR_COMMENT_NOCOMMENT);
+ return;
+ }
+
+ if ( i18n::strlen($body) > 5000 )
+ {
+ self::error(_ERROR_COMMENT_TOOLONG);
+ return;
+ }
+
+ // prepare body
+ $body = Comment::prepareBody($body);
+
+ // call plugins
+ $data = array(
+ 'body' => &$body
+ );
+ $manager->notify('PreUpdateComment', $data);
+
+ $query = "UPDATE %s SET cmail=%s, cemail=%s, cbody=%s WHERE cnumber=%d;";
+ $query = sprintf($query, sql_table('comment'), DB::quoteValue($url), DB::quoteValue($email), DB::quoteValue($body), (integer) $commentid);
+ DB::execute($query);
+
+ // get itemid
+ $query = "SELECT citem FROM %s WHERE cnumber=%d;";
+ $query = sprintf($query, sql_table('comment'), (integer) $commentid);
+
+ $itemid = DB::getValue($query);
+
+ if ( $member->canAlterItem($itemid) )
+ {
+ self::action_itemcommentlist($itemid);
+ }
+ else
+ {
+ self::action_browseowncomments();
+ }
+ return;
+ }
+
+ /**
+ * Admin::action_commentdelete()
+ * Update comment
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_commentdelete()
+ {
+ global $member, $manager;
+
+ $commentid = intRequestVar('commentid');
+ $member->canAlterComment($commentid) or self::disallow();
+
+ self::$skin->parse('commentdelete');
+ return;
+ }
+
+ /**
+ * Admin::action_commentdeleteconfirm()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_commentdeleteconfirm()
+ {
+ global $member;
+
+ $commentid = intRequestVar('commentid');
+
+ // get item id first
+ $query = "SELECT citem FROM %s WHERE cnumber=%d;";
+ $query = sprintf($query, sql_table('comment'), (integer) $commentid);
+
+ $itemid = DB::getValue($query);
+
+ $error = self::deleteOneComment($commentid);
+ if ( $error )
+ {
+ self::doError($error);
+ }
+
+ if ( $member->canAlterItem($itemid) )
+ {
+ self::action_itemcommentlist($itemid);
+ }
+ else
+ {
+ self::action_browseowncomments();
+ }
+ return;
+ }
+
+ /**
+ * Admin::deleteOneComment()
+ *
+ * @param integer $commentid ID for comment
+ * @return void
+ */
+ static public function deleteOneComment($commentid)
+ {
+ global $member, $manager;
+
+ $commentid = (integer) $commentid;
+
+ if ( !$member->canAlterComment($commentid) )
+ {
+ return _ERROR_DISALLOWED;
+ }
+
+ $data = array(
+ 'commentid' => $commentid
+ );
+
+ $manager->notify('PreDeleteComment', $data);
+
+ // delete the comments associated with the item
+ $query = "DELETE FROM %s WHERE cnumber=%d;";
+ $query = sprintf($query, sql_table('comment'), (integer) $commentid);
+ DB::execute($query);
+
+ $data = array(
+ 'commentid' => $commentid
+ );
+
+ $manager->notify('PostDeleteComment', $data);
+
+ return '';
+ }
+
+ /**
+ * Admin::action_usermanagement()
+ * Usermanagement main
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_usermanagement()
+ {
+ global $member, $manager;
+
+ // check if allowed
+ $member->isAdmin() or self::disallow();
+
+ self::$skin->parse('usermanagement');
+ return;
+ }
+
+ /**
+ * Admin::action_memberedit()
+ * Edit member settings
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_memberedit()
+ {
+ self::action_editmembersettings(intRequestVar('memberid'));
+ return;
+ }
+
+ /**
+ * Admin::action_editmembersettings()
+ *
+ * @param integer $memberid ID for member
+ * @return void
+ *
+ */
+ static private function action_editmembersettings($memberid = '')
+ {
+ global $member, $manager, $CONF;
+
+ if ( $memberid == '' )
+ {
+ $memberid = $member->getID();
+ }
+
+ /* TODO: we should consider to use the other way insterad of this */
+ $_REQUEST['memberid'] = $memberid;
+
+ // check if allowed
+ ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
+
+ self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
+
+ self::$skin->parse('editmembersettings');
+ return;
+ }
+
+ /**
+ * Admin::action_changemembersettings()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_changemembersettings()
+ {
+ global $member, $CONF, $manager;
+
+ $memberid = intRequestVar('memberid');
+
+ // check if allowed
+ ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
+
+ $name = trim(strip_tags(postVar('name')));
+ $realname = trim(strip_tags(postVar('realname')));
+ $password = postVar('password');
+ $repeatpassword = postVar('repeatpassword');
+ $email = strip_tags(postVar('email'));
+ $url = strip_tags(postVar('url'));
+ $adminskin = intPostVar('adminskin');
+ $bookmarklet = intPostVar('bookmarklet');
+
+ // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
+ if ( !preg_match('#^https?://#', $url) )
+ {
+ $url = 'http://' . $url;
+ }
+
+ $admin = postVar('admin');
+ $canlogin = postVar('canlogin');
+ $notes = strip_tags(postVar('notes'));
+ $locale = postVar('locale');
+
+ $mem =& $manager->getMember($memberid);
+
+ if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
+ {
+ if ( !isValidDisplayName($name) )
+ {
+ self::error(_ERROR_BADNAME);
+ return;
+ }
+
+ if ( ($name != $mem->getDisplayName()) && Member::exists($name) )
+ {
+ self::error(_ERROR_NICKNAMEINUSE);
+ return;
+ }
+
+ if ( $password != $repeatpassword )
+ {
+ self::error(_ERROR_PASSWORDMISMATCH);
+ return;
+ }
+
+ if ( $password && (i18n::strlen($password) < 6) )
+ {
+ self::error(_ERROR_PASSWORDTOOSHORT);
+ return;
+ }
+
+ if ( $password )
+ {
+ $pwdvalid = true;
+ $pwderror = '';
+
+ $data = array(
+ 'password' => $password,
+ 'errormessage' => &$pwderror,
+ 'valid' => &$pwdvalid
+ );
+ $manager->notify('PrePasswordSet', $data);
+
+ if ( !$pwdvalid )
+ {
+ self::error($pwderror);
+ return;
+ }
+ }
+ }
+
+ if ( !NOTIFICATION::address_validation($email) )
+ {
+ self::error(_ERROR_BADMAILADDRESS);
+ return;
+ }
+ if ( !$realname )
+ {
+ self::error(_ERROR_REALNAMEMISSING);
+ return;
+ }
+ if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) )
+ {
+ self::error(_ERROR_NOSUCHTRANSLATION);
+ return;
+ }
+
+ // check if there will remain at least one site member with both the logon and admin rights
+ // (check occurs when taking away one of these rights from such a member)
+ if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
+ || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
+ )
+ {
+ $r = DB::getResult('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
+ if ( $r->rowCount() < 2 )
+ {
+ self::error(_ERROR_ATLEASTONEADMIN);
+ return;
+ }
+ }
+
+ if ( $CONF['AllowLoginEdit'] || $member->isAdmin() )
+ {
+ $mem->setDisplayName($name);
+ if ( $password )
+ {
+ $mem->setPassword($password);
+ }
+ }
+
+ $oldEmail = $mem->getEmail();
+
+ $mem->setRealName($realname);
+ $mem->setEmail($email);
+ $mem->setURL($url);
+ $mem->setNotes($notes);
+ $mem->setLocale($locale);
+ $mem->setAdminSkin($adminskin);
+ $mem->setBookmarklet($bookmarklet);
+
+ // only allow super-admins to make changes to the admin status
+ if ( $member->isAdmin() )
+ {
+ $mem->setAdmin($admin);
+ $mem->setCanLogin($canlogin);
+ }
+
+ $autosave = postVar('autosave');
+ $mem->setAutosave($autosave);
+
+ $mem->write();
+
+ // store plugin options
+ $aOptions = requestArray('plugoption');
+ NucleusPlugin::apply_plugin_options($aOptions);
+ $data = array(
+ 'context' => 'member',
+ 'memberid' => $memberid,
+ 'member' => &$mem
+ );
+ $manager->notify('PostPluginOptionsUpdate', $data);
+
+ // if email changed, generate new password
+ if ( $oldEmail != $mem->getEmail() )
+ {
+ $mem->sendActivationLink('addresschange', $oldEmail);
+ // logout member
+ $mem->newCookieKey();
+
+ // only log out if the member being edited is the current member.
+ if ( $member->getID() == $memberid )
+ {
+ $member->logout();
+ }
+ self::action_login(_MSG_ACTIVATION_SENT, 0);
+ return;
+ }
+
+ if ( ($mem->getID() == $member->getID())
+ && ($mem->getDisplayName() != $member->getDisplayName()) )
+ {
+ $mem->newCookieKey();
+ $member->logout();
+ self::action_login(_MSG_LOGINAGAIN, 0);
+ }
+ else
+ {
+ self::action_overview(_MSG_SETTINGSCHANGED);
+ }
+ return;
+ }
+
+ /**
+ * Admin::action_memberadd()
+ *
+ * @param void
+ * @return void
+ *
+ */
+ static private function action_memberadd()
+ {
+ global $member, $manager;
+
+ // check if allowed
+ $member->isAdmin() or self::disallow();
+
+ if ( postVar('password') != postVar('repeatpassword') )
+ {
+ self::error(_ERROR_PASSWORDMISMATCH);
+ return;
+ }
+
+ if ( i18n::strlen(postVar('password')) < 6 )
+ {
+ self::error(_ERROR_PASSWORDTOOSHORT);
+ return;
+ }
+
+ $res = Member::create(
+ postVar('name'),
+ postVar('realname'),
+ postVar('password'),
+ postVar('email'),
+ postVar('url'),
+ postVar('admin'),
+ postVar('canlogin'),
+ postVar('notes')
+ );
+
+ if ( $res != 1 )
+ {
+ self::error($res);
+ return;
+ }
+
+ // fire PostRegister event
+ $newmem = new Member();
+ $newmem->readFromName(postVar('name'));
+ $data = array(
+ 'member' => &$newmem
+ );
+ $manager->notify('PostRegister', $data);
+
+ self::action_usermanagement();
+ return;
+ }
+
+ /**
+ * Admin::action_forgotpassword()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_forgotpassword()
+ {
+ self::$skin->parse('forgotpassword');
+ return;
+ }
+
+ /**
+ * Admin::action_activate()
+ * Account activation
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_activate()
+ {
+ $key = getVar('key');
+ self::showActivationPage($key);
+ return;
+ }
+
+ /**
+ * Admin::showActivationPage()
+ *
+ * @param void
+ * @return void
+ */
+ static private function showActivationPage($key, $message = '')
+ {
+ global $manager;
+
+ // clean up old activation keys
+ Member::cleanupActivationTable();
+
+ // get activation info
+ $info = Member::getActivationInfo($key);
+
+ if ( !$info )
+ {
+ self::error(_ERROR_ACTIVATE);
+ return;
+ }
+
+ $mem =& $manager->getMember($info->vmember);
+
+ if ( !$mem )
+ {
+ self::error(_ERROR_ACTIVATE);
+ return;
+ }
+
+ /* TODO: we should consider to use the other way insterad of this */
+ $_POST['ackey'] = $key;
+ $_POST['bNeedsPasswordChange'] = TRUE;
+
+ self::$headMess = $message;
+ self::$skin->parse('activate');
+ return;
+ }
+
+ /**
+ * Admin::action_activatesetpwd()
+ * Account activation - set password part
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_activatesetpwd()
+ {
+ global $manager;
+ $key = postVar('key');
+
+ // clean up old activation keys
+ Member::cleanupActivationTable();
+
+ // get activation info
+ $info = Member::getActivationInfo($key);
+
+ if ( !$info || ($info->type == 'addresschange') )
+ {
+ return self::showActivationPage($key, _ERROR_ACTIVATE);
+ }
+
+ $mem =& $manager->getMember($info->vmember);
+
+ if ( !$mem )
+ {
+ return self::showActivationPage($key, _ERROR_ACTIVATE);
+ }
+
+ $password = postVar('password');
+ $repeatpassword = postVar('repeatpassword');
+
+ if ( $password != $repeatpassword )
+ {
+ return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH);
+ }
+
+ if ( $password && (i18n::strlen($password) < 6) )
+ {
+ return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
+ }
+
+ if ( $password )
+ {
+ $pwdvalid = true;
+ $pwderror = '';
+
+ $data = array(
+ 'password' => $password,
+ 'errormessage' => &$pwderror,
+ 'valid' => &$pwdvalid
+ );
+ $manager->notify('PrePasswordSet', $data);
+ if ( !$pwdvalid )
+ {
+ return self::showActivationPage($key,$pwderror);
+ }
+ }
+
+ $error = '';
+
+ $data = array(
+ 'type' => 'activation',
+ 'member' => $mem,
+ 'error' => &$error
+ );
+ $manager->notify('ValidateForm', $data);
+ if ( $error != '' )
+ {
+ return self::showActivationPage($key, $error);
+ }
+
+ // set password
+ $mem->setPassword($password);
+ $mem->write();
+
+ // do the activation
+ Member::activate($key);
+
+ self::$skin->parse('activatesetpwd');
+ return;
+ }
+
+ /**
+ * Admin::action_manageteam()
+ * Manage team
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_manageteam()
+ {
+ global $member, $manager;
+
+ $blogid = intRequestVar('blogid');
+
+ // check if allowed
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ self::$skin->parse('manageteam');
+ return;
+ }
+
+ /**
+ * Admin::action_teamaddmember()
+ * Add member to team
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_teamaddmember()
+ {
+ global $member, $manager;
+
+ $memberid = intPostVar('memberid');
+ $blogid = intPostVar('blogid');
+ $admin = intPostVar('admin');
+
+ // check if allowed
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $blog =& $manager->getBlog($blogid);
+ if ( !$blog->addTeamMember($memberid, $admin) )
+ {
+ self::error(_ERROR_ALREADYONTEAM);
+ return;
+ }
+
+ self::action_manageteam();
+ return;
+ }
+
+ /**
+ * Admin::action_teamdelete()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_teamdelete()
+ {
+ global $member, $manager;
+
+ $memberid = intRequestVar('memberid');
+ $blogid = intRequestVar('blogid');
+
+ // check if allowed
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $teammem =& $manager->getMember($memberid);
+ $blog =& $manager->getBlog($blogid);
+
+ self::$skin->parse('teamdelete');
+ return;
+ }
+
+ /**
+ * Admin::action_teamdeleteconfirm()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_teamdeleteconfirm()
+ {
+ global $member;
+
+ $memberid = intRequestVar('memberid');
+ $blogid = intRequestVar('blogid');
+
+ $error = self::deleteOneTeamMember($blogid, $memberid);
+ if ( $error )
+ {
+ self::error($error);
+ return;
+ }
+ self::action_manageteam();
+ return;
+ }
+
+ /**
+ * Admin::deleteOneTeamMember()
+ *
+ * @param void
+ * @return void
+ */
+ static public function deleteOneTeamMember($blogid, $memberid)
+ {
+ global $member, $manager;
+
+ $blogid = intval($blogid);
+ $memberid = intval($memberid);
+
+ // check if allowed
+ if ( !$member->blogAdminRights($blogid) )
+ {
+ return _ERROR_DISALLOWED;
+ }
+
+ // check if: - there remains at least one blog admin
+ // - (there remains at least one team member)
+ $tmem =& $manager->getMember($memberid);
+
+
+ $data = array(
+ 'member' => &$tmem,
+ 'blogid' => $blogid
+ );
+ $manager->notify('PreDeleteTeamMember', $data);
+
+ if ( $tmem->isBlogAdmin($blogid) )
+ {
+ /* TODO: why we did double check? */
+ // check if there are more blog members left and at least one admin
+ // (check for at least two admins before deletion)
+ $query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;";
+ $query = sprintf($query, sql_table('team'), (integer) $blogid);
+ $r = DB::getResult($query);
+ if ( $r->rowCount() < 2 )
+ {
+ return _ERROR_ATLEASTONEBLOGADMIN;
+ }
+ }
+
+ $query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;";
+ $query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid);
+ DB::execute($query);
+
+ $data = array(
+ 'member' => &$tmem,
+ 'blogid' => $blogid
+ );
+ $manager->notify('PostDeleteTeamMember', $data);
+
+ return '';
+ }
+
+ /**
+ * Admin::action_teamchangeadmin()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_teamchangeadmin()
+ {
+ global $manager, $member;
+
+ $blogid = intRequestVar('blogid');
+ $memberid = intRequestVar('memberid');
+
+ // check if allowed
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $mem =& $manager->getMember($memberid);
+
+ // don't allow when there is only one admin at this moment
+ if ( $mem->isBlogAdmin($blogid) )
+ {
+ $query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;";
+ $query = sprintf($query, sql_table('team'), (integer) $blogid);
+ $r = DB::getResult($query);
+ if ( $r->rowCount() == 1 )
+ {
+ self::error(_ERROR_ATLEASTONEBLOGADMIN);
+ return;
+ }
+ }
+
+ if ( $mem->isBlogAdmin($blogid) )
+ {
+ $newval = 0;
+ }
+ else
+ {
+ $newval = 1;
+ }
+
+ $query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;";
+ $query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid);
+ DB::execute($query);
+
+ // only show manageteam if member did not change its own admin privileges
+ if ( $member->isBlogAdmin($blogid) )
+ {
+ self::action_manageteam();
+ }
+ else
+ {
+ self::action_overview(_MSG_ADMINCHANGED);
+ }
+ return;
+ }
+
+ /**
+ * Admin::action_blogsettings()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_blogsettings()
+ {
+ global $member, $manager;
+
+ $blogid = intRequestVar('blogid');
+
+ // check if allowed
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $blog =& $manager->getBlog($blogid);
+
+ self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
+
+ self::$skin->parse('blogsettings');
+ return;
+ }
+
+ /**
+ * Admin::action_categorynew()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_categorynew()
+ {
+ global $member, $manager;
+
+ $blogid = intRequestVar('blogid');
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $cname = postVar('cname');
+ $cdesc = postVar('cdesc');
+
+ if ( !isValidCategoryName($cname) )
+ {
+ self::error(_ERROR_BADCATEGORYNAME);
+ return;
+ }
+
+ $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d;";
+ $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid);
+ $res = DB::getResult($query);
+ if ( $res->rowCount() > 0 )
+ {
+ self::error(_ERROR_DUPCATEGORYNAME);
+ return;
+ }
+
+ $blog =& $manager->getBlog($blogid);
+ $newCatID = $blog->createNewCategory($cname, $cdesc);
+
+ self::action_blogsettings();
+ return;
+ }
+
+ /**
+ * Admin::action_categoryedit()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_categoryedit($catid = '', $blogid = '', $desturl = '')
+ {
+ global $member, $manager;
+
+ if ( $blogid == '' )
+ {
+ $blogid = intGetVar('blogid');
+ }
+ else
+ {
+ $blogid = intval($blogid);
+ }
+ if ( $catid == '' )
+ {
+ $catid = intGetVar('catid');
+ }
+ else
+ {
+ $catid = intval($catid);
+ }
+
+ /* TODO: we should consider to use the other way insterad of this */
+ $_REQUEST['blogid'] = $blogid;
+ $_REQUEST['catid'] = $catid;
+ $_REQUEST['desturl'] = $desturl;
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ self::$extrahead .= "<script type=\"text/javascript\" src=\"<%skinfile(/javascripts/numbercheck.js)%>\"></script>\n";
+
+ self::$skin->parse('categoryedit');
+ return;
+ }
+
+ /**
+ * Admin::action_categoryupdate()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_categoryupdate()
+ {
+ global $member, $manager;
+
+ $blogid = intPostVar('blogid');
+ $catid = intPostVar('catid');
+ $cname = postVar('cname');
+ $cdesc = postVar('cdesc');
+ $desturl = postVar('desturl');
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ if ( !isValidCategoryName($cname) )
+ {
+ self::error(_ERROR_BADCATEGORYNAME);
+ return;
+ }
+
+ $query = "SELECT * FROM %s WHERE cname=%s AND cblog=%d AND not(catid=%d);";
+ $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), (integer) $blogid, (integer) $catid);
+ $res = DB::getResult($query);
+ if ( $res->rowCount() > 0 )
+ {
+ self::error(_ERROR_DUPCATEGORYNAME);
+ return;
+ }
+
+ $query = "UPDATE %s SET cname=%s, cdesc=%s WHERE catid=%d;";
+ $query = sprintf($query, sql_table('category'), DB::quoteValue($cname), DB::quoteValue($cdesc), (integer) $catid);
+ DB::execute($query);
+
+ // store plugin options
+ $aOptions = requestArray('plugoption');
+ NucleusPlugin::apply_plugin_options($aOptions);
+ $data = array(
+ 'context' => 'category',
+ 'catid' => $catid
+ );
+ $manager->notify('PostPluginOptionsUpdate', $data);
+
+ if ( $desturl )
+ {
+ redirect($desturl);
+ return;
+ }
+
+ self::action_blogsettings();
+
+ return;
+ }
+
+ /**
+ * Admin::action_categorydelete()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_categorydelete()
+ {
+ global $member, $manager;
+
+ $blogid = intRequestVar('blogid');
+ $catid = intRequestVar('catid');
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $blog =& $manager->getBlog($blogid);
+
+ // check if the category is valid
+ if ( !$blog->isValidCategory($catid) )
+ {
+ self::error(_ERROR_NOSUCHCATEGORY);
+ return;
+ }
+
+ // don't allow deletion of default category
+ if ( $blog->getDefaultCategory() == $catid )
+ {
+ self::error(_ERROR_DELETEDEFCATEGORY);
+ return;
+ }
+
+ // check if catid is the only category left for blogid
+ $query = "SELECT catid FROM %s WHERE cblog=%d;";
+ $query = sprintf($query, sql_table('category'), $blogid);
+ $res = DB::getResult($query);
+ if ( $res->rowCount() == 1 )
+ {
+ self::error(_ERROR_DELETELASTCATEGORY);
+ return;
+ }
+
+ self::$skin->parse('categorydelete');
+>>>>>>> skinnable-master
+ return;
+ }
+
+ /**
+<<<<<<< HEAD
+ * Admin::action_browseownitems()
+=======
+ * Admin::action_categorydeleteconfirm()
+>>>>>>> skinnable-master
+ *
+ * @param void
+ * @return void
+ */
+<<<<<<< HEAD
+ public function action_browseownitems()
+ {
+ global $member, $manager, $CONF;
+
+ $this->pagehead();
+
+ echo '<p><a href="index.php?action=overview">(' . _BACKHOME . ")</a></p>\n";
+ echo '<h2>' . _ITEMLIST_YOUR . "</h2>\n";
+
+ // start index
+ if ( postVar('start') )
+ {
+ $start = intPostVar('start');
+ }
+ else
+ {
+ $start = 0;
+ }
+
+ // amount of items to show
+ if ( postVar('amount') )
+ {
+ $amount = intPostVar('amount');
+ }
+ else
+ {
+ $amount = (integer) $CONF['DefaultListSize'];
+ if ( $amount < 1 )
+ {
+ $amount = 10;
+ }
+ }
+
+ $search = postVar('search'); // search through items
+
+ $query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime'
+ . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category')
+ . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
+
+ if ( $search )
+ {
+ $query .= " and ((ititle LIKE " . DB::quoteValue('%'.$search.'%') . ") or (ibody LIKE " . DB::quoteValue('%'.$search.'%') . ") or (imore LIKE " . DB::quoteValue('%'.$search.'%') . "))";
+ }
+
+ $query .= ' ORDER BY itime DESC'
+ . " LIMIT $start, $amount";
+
+ $template['content'] = 'itemlist';
+ $template['now'] = time();
+
+ $manager->loadClass("ENCAPSULATE");
+ $navList = new NavList('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);
+ $navList->showBatchList('item',$query,'table',$template);
+
+ $this->pagefoot();
+=======
+ static private function action_categorydeleteconfirm()
+ {
+ global $member, $manager;
+
+ $blogid = intRequestVar('blogid');
+ $catid = intRequestVar('catid');
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $error = self::deleteOneCategory($catid);
+ if ( $error )
+ {
+ self::error($error);
+ return;
+ }
+
+ self::action_blogsettings();
+ return;
+ }
+
+ /**
+ * Admin::deleteOneCategory()
+ * Delete a category by its id
+ *
+ * @param String $catid category id for deleting
+ * @return Void
+ */
+ static public function deleteOneCategory($catid)
+ {
+ global $manager, $member;
+
+ $catid = intval($catid);
+ $blogid = getBlogIDFromCatID($catid);
+
+ if ( !$member->blogAdminRights($blogid) )
+ {
+ return ERROR_DISALLOWED;
+ }
+
+ // get blog
+ $blog =& $manager->getBlog($blogid);
+
+ // check if the category is valid
+ if ( !$blog || !$blog->isValidCategory($catid) )
+ {
+ return _ERROR_NOSUCHCATEGORY;
+ }
+
+ $destcatid = $blog->getDefaultCategory();
+
+ // don't allow deletion of default category
+ if ( $blog->getDefaultCategory() == $catid )
+ {
+ return _ERROR_DELETEDEFCATEGORY;
+ }
+
+ // check if catid is the only category left for blogid
+ $query = "SELECT catid FROM %s WHERE cblog=%d;";
+ $query = sprintf($query, sql_table('category'), (integer) $blogid);
+
+ $res = DB::getResult($query);
+ if ( $res->rowCount() == 1 )
+ {
+ return _ERROR_DELETELASTCATEGORY;
+ }
+
+ $data = array('catid' => $catid);
+ $manager->notify('PreDeleteCategory', $data);
+
+ // change category for all items to the default category
+ $query = "UPDATE %s SET icat=%d WHERE icat=%d;";
+ $query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid);
+ DB::execute($query);
+
+ // delete all associated plugin options
+ NucleusPlugin::delete_option_values('category', (integer) $catid);
+
+ // delete category
+ $query = "DELETE FROM %s WHERE catid=%d;";
+ $query = sprintf($query, sql_table('category'), (integer) $catid);
+ DB::execute($query);
+
+ $data = array('catid' => $catid);
+ $manager->notify('PostDeleteCategory', $data);
+>>>>>>> skinnable-master
+ return;
+ }
+
+ /**
+<<<<<<< HEAD
+ * Admin::action_itemcommentlist()
+ *
+ * Show all the comments for a given item
+ * @param integer $itemid ID for item
+ * @return void
+ */
+ public function action_itemcommentlist($itemid = '')
+ {
+ global $member, $manager, $CONF;
+
+ if ( $itemid == '' )
+ {
+ $itemid = intRequestVar('itemid');
+ }
+
+ // only allow if user is allowed to alter item
+ $member->canAlterItem($itemid) or $this->disallow();
+
+ $blogid = getBlogIdFromItemId($itemid);
+
+ $this->pagehead();
+
+ // start index
+ if ( postVar('start') )
+ {
+ $start = intPostVar('start');
+ }
+ else
+ {
+ $start = 0;
+ }
+
+ // amount of items to show
+ if ( postVar('amount') )
+ {
+ $amount = intPostVar('amount');
+ }
+ else
+ {
+ $amount = (integer) $CONF['DefaultListSize'];
+ if ( $amount < 1 )
+ {
+ $amount = 10;
+ }
+ }
+
+ $search = postVar('search');
+
+ echo '<p>(<a href="index.php?action=itemlist&blogid=' . $blogid . '">' . _BACKTOOVERVIEW . "</a>)</p>\n";
+ echo '<h2>',_COMMENTS,'</h2>';
+
+ $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;
+
+ if ( $search )
+ {
+ $query .= " and cbody LIKE " . DB::quoteValue('%'.$search.'%');
+ }
+
+ $query .= ' ORDER BY ctime ASC'
+ . " LIMIT $start,$amount";
+
+ $template['content'] = 'commentlist';
+ $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
+
+ $manager->loadClass("ENCAPSULATE");
+ $navList = new NavList('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
+ $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
+
+ $this->pagefoot();
+=======
+ * Admin::moveOneCategory()
+ * Delete a category by its id
+ *
+ * @param int $catid category id for move
+ * @param int $destblogid blog id for destination
+ * @return void
+ */
+ static public function moveOneCategory($catid, $destblogid)
+ {
+ global $manager, $member;
+ $catid = intval($catid);
+ $destblogid = intval($destblogid);
+ $blogid = getBlogIDFromCatID($catid);
+ // mover should have admin rights on both blogs
+ if (!$member->blogAdminRights($blogid)) {
+ return _ERROR_DISALLOWED;
+ }
+ if (!$member->blogAdminRights($destblogid)) {
+ return _ERROR_DISALLOWED;
+ }
+ // cannot move to self
+ if ($blogid == $destblogid) {
+ return _ERROR_MOVETOSELF;
+ }
+ // get blogs
+ $blog =& $manager->getBlog($blogid);
+ $destblog =& $manager->getBlog($destblogid);
+ // check if the category is valid
+ if (!$blog || !$blog->isValidCategory($catid)) {
+ return _ERROR_NOSUCHCATEGORY;
+ }
+ // don't allow default category to be moved
+ if ($blog->getDefaultCategory() == $catid) {
+ return _ERROR_MOVEDEFCATEGORY;
+ }
+ $data = array(
+ 'catid' => &$catid,
+ 'sourceblog' => &$blog,
+ 'destblog' => &$destblog
+ );
+ $manager->notify('PreMoveCategory', $data);
+ // update comments table (cblog)
+ $query = 'SELECT '
+ . ' inumber '
+ . 'FROM '
+ . sql_table('item') . ' '
+ . 'WHERE '
+ . ' icat = %d';
+ $items = sql_query(sprintf($query, $catid));
+ while ($oItem = sql_fetch_object($items)) {
+ $query = 'UPDATE '
+ . sql_table('comment') . ' '
+ . 'SET '
+ . ' cblog = %d' . ' '
+ . 'WHERE '
+ . ' citem = %d';
+ sql_query(sprintf($query, $destblogid, $oItem->inumber));
+ }
+
+ // update items (iblog)
+ $query = 'UPDATE '
+ . sql_table('item') . ' '
+ . 'SET '
+ . ' iblog = %d '
+ . 'WHERE '
+ . ' icat = %d';
+ sql_query(sprintf($query, $destblogid, $catid));
+
+ // move category
+ $query = 'UPDATE '
+ . sql_table('category') . ' '
+ . 'SET '
+ . ' cblog = %d' . ' '
+ . 'WHERE '
+ . ' catid = %d';
+ sql_query(sprintf($query, $destblogid, $catid));
+
+ $data = array(
+ 'catid' => &$catid,
+ 'sourceblog' => &$blog,
+ 'destblog' => $destblog
+ );
+ $manager->notify('PostMoveCategory', $data);
+ return;
+ }
+
+ /**
+ * Admin::action_blogsettingsupdate
+ * Updating blog settings
+ *
+ * @param Void
+ * @return Void
+ */
+ static private function action_blogsettingsupdate()
+ {
+ global $member, $manager;
+
+ $blogid = intRequestVar('blogid');
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $blog =& $manager->getBlog($blogid);
+
+ $notify_address = trim(postVar('notify'));
+ $shortname = trim(postVar('shortname'));
+ $updatefile = trim(postVar('update'));
+
+ $notifyComment = intPostVar('notifyComment');
+ $notifyVote = intPostVar('notifyVote');
+ $notifyNewItem = intPostVar('notifyNewItem');
+
+ if ( $notifyComment == 0 )
+ {
+ $notifyComment = 1;
+ }
+ if ( $notifyVote == 0 )
+ {
+ $notifyVote = 1;
+ }
+ if ( $notifyNewItem == 0 )
+ {
+ $notifyNewItem = 1;
+ }
+ $notifyType = $notifyComment * $notifyVote * $notifyNewItem;
+
+ if ( $notify_address && !NOTIFICATION::address_validation($notify_address) )
+ {
+ self::error(_ERROR_BADNOTIFY);
+ return;
+ }
+
+ if ( !isValidShortName($shortname) )
+ {
+ self::error(_ERROR_BADSHORTBLOGNAME);
+ return;
+ }
+
+ if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) )
+ {
+ self::error(_ERROR_DUPSHORTBLOGNAME);
+ return;
+ }
+ // check if update file is writable
+ if ( $updatefile && !is_writeable($updatefile) )
+ {
+ self::error(_ERROR_UPDATEFILE);
+ return;
+ }
+
+ $blog->setName(trim(postVar('name')));
+ $blog->setShortName($shortname);
+ $blog->setNotifyAddress($notify_address);
+ $blog->setNotifyType($notifyType);
+ $blog->setMaxComments(postVar('maxcomments'));
+ $blog->setCommentsEnabled(postVar('comments'));
+ $blog->setTimeOffset(postVar('timeoffset'));
+ $blog->setUpdateFile($updatefile);
+ $blog->setURL(trim(postVar('url')));
+ $blog->setDefaultSkin(intPostVar('defskin'));
+ $blog->setDescription(trim(postVar('desc')));
+ $blog->setPublic(postVar('public'));
+ $blog->setConvertBreaks(intPostVar('convertbreaks'));
+ $blog->setAllowPastPosting(intPostVar('allowpastposting'));
+ $blog->setDefaultCategory(intPostVar('defcat'));
+ $blog->setSearchable(intPostVar('searchable'));
+ $blog->setEmailRequired(intPostVar('reqemail'));
+ $blog->writeSettings();
+
+ // store plugin options
+ $aOptions = requestArray('plugoption');
+ NucleusPlugin::apply_plugin_options($aOptions);
+
+ $data = array(
+ 'context' => 'blog',
+ 'blogid' => $blogid,
+ 'blog' => &$blog
+ );
+ $manager->notify('PostPluginOptionsUpdate', $data);
+
+ self::action_overview(_MSG_SETTINGSCHANGED);
+>>>>>>> skinnable-master
+ return;
+ }
+
+ /**
+<<<<<<< HEAD
+ * Admin::action_browseowncomments()
+ * Browse own comments
+=======
+ * Admin::action_deleteblog()
+>>>>>>> skinnable-master
+ *
+ * @param void
+ * @return void
+ */
+<<<<<<< HEAD
+ public function action_browseowncomments()
+ {
+ global $member, $manager, $CONF;
+
+ // start index
+ if ( postVar('start') )
+ {
+ $start = intPostVar('start');
+ }
+ else
+ {
+ $start = 0;
+ }
+
+ // amount of items to show
+ if ( postVar('amount') )
+ {
+ $amount = intPostVar('amount');
+ }
+ else
+ {
+ $amount = intval($CONF['DefaultListSize']);
+ if ( $amount < 1 )
+ {
+ $amount = 10;
+ }
+ }
+
+ $search = postVar('search');
+
+ $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
+
+ if ( $search )
+ {
+ $query .= " and cbody LIKE " . DB::quoteValue('%'.$search.'%');
+ }
+
+ $query .= ' ORDER BY ctime DESC'
+ . " LIMIT $start,$amount";
+
+ $this->pagehead();
+
+ echo '<p><a href="index.php?action=overview">(' . _BACKHOME . ")</a></p>\n";
+ echo '<h2>' . _COMMENTS_YOUR . "</h2>\n";
+
+ $template['content'] = 'commentlist';
+ $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself
+
+ $manager->loadClass("ENCAPSULATE");
+ $navList = new NavList('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
+ $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
+
+ $this->pagefoot();
+=======
+ static private function action_deleteblog()
+ {
+ global $member, $CONF, $manager;
+
+ $blogid = intRequestVar('blogid');
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ // check if blog is default blog
+ if ( $CONF['DefaultBlog'] == $blogid )
+ {
+ self::error(_ERROR_DELDEFBLOG);
+ return;
+ }
+
+ $blog =& $manager->getBlog($blogid);
+
+ self::$skin->parse('deleteblog');
+ return;
+ }
+
+ /**
+ * Admin::action_deleteblogconfirm()
+ * Delete Blog
+ *
+ * @param Void
+ * @return Void
+ */
+ static private function action_deleteblogconfirm()
+ {
+ global $member, $CONF, $manager;
+
+ $blogid = intRequestVar('blogid');
+
+ $data = array('blogid' => $blogid);
+ $manager->notify('PreDeleteBlog', $data);
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ // check if blog is default blog
+ if ( $CONF['DefaultBlog'] == $blogid )
+ {
+ self::error(_ERROR_DELDEFBLOG);
+ return;
+ }
+
+ // delete all comments
+ $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid;
+ DB::execute($query);
+
+ // delete all items
+ $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid;
+ DB::execute($query);
+
+ // delete all team members
+ $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid;
+ DB::execute($query);
+
+ // delete all bans
+ $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid;
+ DB::execute($query);
+
+ // delete all categories
+ $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid;
+ DB::execute($query);
+
+ // delete all associated plugin options
+ NucleusPlugin::delete_option_values('blog', $blogid);
+
+ // delete the blog itself
+ $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid;
+ DB::execute($query);
+
+ $data = array('blogid' => $blogid);
+ $manager->notify('PostDeleteBlog', $data);
+
+ self::action_overview(_DELETED_BLOG);
+>>>>>>> skinnable-master
+ return;
+ }
+
+ /**
+<<<<<<< HEAD
+ * Admin::action_blogcommentlist()
+ *
+ * Browse all comments for a weblog
+ * @param integer $blogid ID for weblog
+ * @return void
+ */
+ function action_blogcommentlist($blogid = '')
+ {
+ global $member, $manager, $CONF;
+
+ if ( $blogid == '' )
+ {
+ $blogid = intRequestVar('blogid');
+ }
+ else
+ {
+ $blogid = intval($blogid);
+ }
+
+ $member->teamRights($blogid) or $member->isAdmin() or $this->disallow();
+
+ // start index
+ if ( postVar('start') )
+ {
+ $start = intPostVar('start');
+ }
+ else
+ {
+ $start = 0;
+ }
+
+ // amount of items to show
+ if ( postVar('amount') )
+ {
+ $amount = intPostVar('amount');
+ }
+ else
+ {
+ $amount = intval($CONF['DefaultListSize']);
+ if ( $amount < 1 )
+ {
+ $amount = 10;
+ }
+ }
+
+ $search = postVar('search'); // search through comments
+
+ $query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
+
+ if ( $search != '' )
+ {
+ $query .= " and cbody LIKE " . DB::quoteValue('%'.$search.'%');
+ }
+
+ $query .= ' ORDER BY ctime DESC'
+ . " LIMIT $start,$amount";
+
+ $blog =& $manager->getBlog($blogid);
+
+ $this->pagehead();
+
+ echo '<p><a href="index.php?action=overview">(' . _BACKHOME . ")</a></p>\n";
+ echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>';
+
+ $template['content'] = 'commentlist';
+ $template['canAddBan'] = $member->blogAdminRights($blogid);
+
+ $manager->loadClass("ENCAPSULATE");
+ $navList = new NavList('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
+ $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
+
+ $this->pagefoot();
+=======
+ * Admin::action_memberdelete()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_memberdelete()
+ {
+ global $member, $manager;
+
+ $memberid = intRequestVar('memberid');
+
+ ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
+
+ $mem =& $manager->getMember($memberid);
+
+ self::$skin->parse('memberdelete');
+ return;
+ }
+
+ /**
+ * Admin::action_memberdeleteconfirm()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_memberdeleteconfirm()
+ {
+ global $member;
+
+ $memberid = intRequestVar('memberid');
+
+ ($member->getID() == $memberid) or $member->isAdmin() or self::disallow();
+
+ $error = self::deleteOneMember($memberid);
+ if ( $error )
+ {
+ self::error($error);
+ return;
+ }
+
+ if ( $member->isAdmin() )
+ {
+ self::action_usermanagement();
+ return;
+ }
+ else
+ {
+ self::action_overview(_DELETED_MEMBER);
+ return;
+ }
+ return;
+ }
+
+ /**
+ * Admin::deleteOneMember()
+ * Delete a member by id
+ *
+ * @static
+ * @params Integer $memberid member id
+ * @return String null string or error messages
+ */
+ static public function deleteOneMember($memberid)
+ {
+ global $manager;
+
+ $memberid = intval($memberid);
+ $mem =& $manager->getMember($memberid);
+
+ if ( !$mem->canBeDeleted() )
+ {
+ return _ERROR_DELETEMEMBER;
+ }
+
+ $data = array('member' => &$mem);
+ $manager->notify('PreDeleteMember', $data);
+
+ /* unlink comments from memberid */
+ if ( $memberid )
+ {
+ $query = "UPDATE %s SET cmember=0, cuser=%s WHERE cmember=%d;";
+ $query = sprintf($query, sql_table('comment'), DB::quoteValue($mem->getDisplayName()), $memberid);
+ DB::execute($query);
+ }
+
+ $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid;
+ DB::execute($query);
+
+ $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid;
+ DB::execute($query);
+
+ $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid;
+ DB::execute($query);
+
+ // delete all associated plugin options
+ NucleusPlugin::delete_option_values('member', $memberid);
+
+ $data = array('member' => &$mem);
+ $manager->notify('PostDeleteMember', $data);
+
+ return '';
+ }
+
+ /**
+ * Admin::action_createnewlog()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_createnewlog()
+ {
+ global $member, $CONF, $manager;
+
+ // Only Super-Admins can do this
+ $member->isAdmin() or self::disallow();
+
+ self::$skin->parse('createnewlog');
+ return;
+ }
+
+ /**
+ * Admin::action_addnewlog()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_addnewlog()
+ {
+ global $member, $manager, $CONF;
+
+ // Only Super-Admins can do this
+ $member->isAdmin() or self::disallow();
+
+ $bname = trim(postVar('name'));
+ $bshortname = trim(postVar('shortname'));
+ $btimeoffset = postVar('timeoffset');
+ $bdesc = trim(postVar('desc'));
+ $bdefskin = postVar('defskin');
+
+ if ( !isValidShortName($bshortname) )
+ {
+ self::error(_ERROR_BADSHORTBLOGNAME);
+ return;
+ }
+
+ if ( $manager->existsBlog($bshortname) )
+ {
+ self::error(_ERROR_DUPSHORTBLOGNAME);
+ return;
+ }
+
+ $data = array(
+ 'name' => &$bname,
+ 'shortname' => &$bshortname,
+ 'timeoffset' => &$btimeoffset,
+ 'description' => &$bdesc,
+ 'defaultskin' => &$bdefskin
+ );
+ $manager->notify('PreAddBlog', $data);
+
+ // add slashes for sql queries
+ $bname = DB::quoteValue($bname);
+ $bshortname = DB::quoteValue($bshortname);
+ $btimeoffset = DB::quoteValue($btimeoffset);
+ $bdesc = DB::quoteValue($bdesc);
+ $bdefskin = DB::quoteValue($bdefskin);
+
+ // create blog
+ $query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES (%s, %s, %s, %s, %s);";
+ $query = sprintf($query, sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin);
+ DB::execute($query);
+
+ $blogid = DB::getInsertId();
+ $blog =& $manager->getBlog($blogid);
+
+ // create new category
+ $catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME);
+ $catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC);
+
+ $query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)';
+ DB::execute(sprintf($query, sql_table('category'), (integer) $blogid, DB::quoteValue($catdefname), DB::quoteValue($catdefdesc)));
+ $catid = DB::getInsertId();
+
+ // set as default category
+ $blog->setDefaultCategory($catid);
+ $blog->writeSettings();
+
+ // create team member
+ $query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);";
+ $query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid);
+ DB::execute($query);
+
+ $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
+ $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
+
+ $blog->additem(
+ $blog->getDefaultCategory(),
+ $itemdeftitle,$itemdefbody,
+ '',
+ $blogid,
+ $member->getID(),
+ $blog->getCorrectTime(),
+ 0,
+ 0,
+ 0
+ );
+
+ $data = array('blog' => &$blog);
+ $manager->notify('PostAddBlog', $data);
+
+ $data = array(
+ 'blog' => &$blog,
+ 'name' => _EBLOGDEFAULTCATEGORY_NAME,
+ 'description' => _EBLOGDEFAULTCATEGORY_DESC,
+ 'catid' => $catid
+ );
+ $manager->notify('PostAddCategory', $data);
+
+ /* TODO: we should consider to use the other way insterad of this */
+ $_REQUEST['blogid'] = $blogid;
+ $_REQUEST['catid'] = $catid;
+ self::$skin->parse('addnewlog');
+>>>>>>> skinnable-master
+ return;
+ }
+
+ /**
+<<<<<<< HEAD
+ * Admin::action_createitem()
+ * Provide a page to item a new item to the given blog
+=======
+ * Admin::action_addnewlog2()
+>>>>>>> skinnable-master
+ *
+ * @param void
+ * @return void
+ */
+<<<<<<< HEAD
+ public function action_createitem()
+ {
+ global $member, $manager;
+
+ $blogid = intRequestVar('blogid');
+
+ // check if allowed
+ $member->teamRights($blogid) or $this->disallow();
+
+ $memberid = $member->getID();
+
+ $blog =& $manager->getBlog($blogid);
+
+ // generate the add-item form
+ $handler = new PageFactory($blog);
+
+ $contents = $handler->getTemplateFor('admin', 'add');
+ $manager->notify('PreAddItemForm', array('contents' => &$contents, 'blog' => &$blog));
+
+ $parser = new Parser($handler);
+
+ $this->pagehead();
+ $parser->parse($contents);
+ $this->pagefoot();
+
+=======
+ static private function action_addnewlog2()
+ {
+ global $member, $manager;
+ $blogid = intRequestVar('blogid');
+
+ $member->blogAdminRights($blogid) or self::disallow();
+
+ $burl = requestVar('url');
+
+ $blog =& $manager->getBlog($blogid);
+ $blog->setURL(trim($burl));
+ $blog->writeSettings();
+
+ self::action_overview(_MSG_NEWBLOG);
+ return;
+ }
+
+ /**
+ * Admin::action_skinieoverview()
+ *
+ * @param void
+ * @return void
+ */
+ static private function action_skinieoverview()
+ {
+ global $member, $DIR_LIBS, $manager;
+
+ $member->isAdmin() or self::disallow();
+
+ include_once($DIR_LIBS . 'skinie.php');
+
+ self::$skin->parse('skinieoverview');
+>>>>>>> skinnable-master
+ return;
+ }
+
+ /**
+<<<<<<< HEAD
+ * Admin::action_itemedit()
+=======
+ * Admin::action_skinieimport()
+>>>>>>> skinnable-master
+ *
+ * @param void
+ * @return void
+ */
+<<<<<<< HEAD
+ public function action_itemedit()
+ {
+ global $member, $manager;
+
+ $itemid = intRequestVar('itemid');
+
+ // only allow if user is allowed to alter item
+ $member->canAlterItem($itemid) or $this->disallow();
+
+ $variables =& $manager->getItem($itemid, 1, 1);
+ $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
+
+ $manager->notify('PrepareItemForEdit', array('item' => &$variables));
+
+ if ( $blog->convertBreaks() )
+ {
+ $variables['body'] = removeBreaks($variables['body']);
+ $variables['more'] = removeBreaks($variables['more']);
+ }
+
+ // form to edit blog items
+ $handler = new PageFactory($blog);
+ $handler->setVariables($variables);
+
+ $content = $handler->getTemplateFor('admin', 'edit');
+
+ $parser = new Parser($handler);
+
+ $this->pagehead();
+ $parser->parse($content);
+ $this->pagefoot();
+ return;
+ }
+
+ /**
+ * @todo document this
+ */
+ function action_itemupdate() {
+ global $member, $manager, $CONF;
+
+ $itemid = intRequestVar('itemid');
+ $catid = postVar('catid');
+
+ // only allow if user is allowed to alter item
+ $member->canUpdateItem($itemid, $catid) or $this->disallow();
+