X-Git-Url: http://git.osdn.net/view?p=nucleus-jp%2Fnucleus-next.git;a=blobdiff_plain;f=nucleus%2Flibs%2FADMIN.php;h=2bbcc40ad859852772641899e2816e2296776bbe;hp=3426a5ae4d28889abb143ac48a88dbe8acea3f07;hb=c90b0980cfa3e79cd4bc7eed551a64a5e2b02a5c;hpb=e1da5b20c069e0b90ae1a93fca17a448920b05b2 diff --git a/nucleus/libs/ADMIN.php b/nucleus/libs/ADMIN.php index 3426a5a..2bbcc40 100644 --- a/nucleus/libs/ADMIN.php +++ b/nucleus/libs/ADMIN.php @@ -1,6059 +1,11513 @@ -isLoggedIn()) - { - $memskin = $member->getAdminSkin(); - if ( $memskin ) - { - $skinid = $memskin; - } - } - */ - - /* NOTE: 2. make an instance of skin object */ - if ( !Skin::existsID($skinid) ) - { - return FALSE; - } - - /* NOTE: 3. initializing each members */ - self::$skin = new Skin($skinid, 'AdminActions', 'AdminSkin'); - self::$action = ''; - self::$extrahead = ''; - self::$passvar = ''; - self::$headMess = ''; - self::$aOptions = ''; - return TRUE; - } - - /** - * Admin::action() - * Executes an action - * - * @param string $action action to be performed - * @return void - */ - static public function action($action) - { - global $CONF, $DIR_LIBS, $manager, $member; - - /* 1. decide action name */ - $customAction = postvar('customaction'); - if ( !empty($customAction) ) - { - $alias = array( - 'login' => $customAction, - '' => $customAction - ); - } - else - { - $alias = array( - 'login' => 'overview', - '' => 'overview' - ); - } - if ( array_key_exists($action, $alias) && isset($alias[$action]) ) - { - $action = $alias[$action]; - } - $methodName = "action_{$action}"; - self::$action = strtolower($action); - - /* 2. check the action */ - $synonimActions = array( - 'banlistnewfromitem', - 'memberedit', - 'login', - ); - $allowActions = array_merge($synonimActions, self::$skinless_actions); - $aActionsNotToCheck = array_merge(self::$actions_needless_to_check, self::$edit_actions, $allowActions); - if ( !in_array(self::$action, $aActionsNotToCheck) && !self::existsSkinContents($action) ) - { - if (!$manager->checkTicket()) - { - self::error(_ERROR_BADTICKET); - } - } - - /* 3. parse according to the action */ - if ( !method_exists('Admin', $methodName) && !in_array(self::$action, $allowActions) && self::existsSkinContents($action) ) - { - /* TODO: what is this? - self::action_parseSpecialskin(); - */ - } - elseif ( method_exists('Admin', $methodName) ) - { - call_user_func(array(__CLASS__, $methodName)); - } - else if ( self::existsSkinContents('adminerrorpage') ) - { - self::error(_BADACTION . ENTITY::hsc($action)); - } - elseif ( $id != $CONF['DefaultAdminSkin'] ) - { - self::$skin = new Skin($CONF['DefaultAdminSkin']); - if ( self::$skin && self::existsSkinContents('adminerrorpage') ) - { - self::error(_BADACTION . ENTITY::hsc($action)); - } - } - else - { - self::error(_BADACTION . ENTITY::hsc($action)); - } - exit; - } - - /** - * Action::existsSkinContents() - * Check skin contents - * - * @param string $action action type - * @return boolean - */ - static private function existsSkinContents($action) - { - $in_array = in_array($action, self::$skinless_actions); - - if ( $in_array ) - { - return $in_array; - } - else - { - $query = "SELECT scontent as result FROM %s WHERE sdesc=%d AND stype='%s';"; - /* TODO: skinid should be a default */ - if ( !is_object(self::$skin) ) - { - global $CONF; - return quickQuery(sprintf($query, sql_table('skin'), $CONF['DefaultAdminSkin'], sql_real_escape_string($action))); - } - else - { - return quickQuery(sprintf($query, sql_table('skin'), self::$skin->getID(), sql_real_escape_string($action))); - } - } - return; - } - - /** - * Action::specialActionsAllow() - * Check exists specialskinparts - * - * @param string $action action type - * @return boolean - */ - static private function specialActionsAllow($action) - { - $query = "SELECT sdesc as result FROM %s WHERE sdesc = %d AND stype = '%s';"; - $query = sprintf($query, sql_table('skin'), (integer) self::$skin->id, sql_real_escape_string($action)); - return quickQuery($query); - } - - /** - * Action::action_showlogin() - * - * @param void - * @return void - */ - static private function action_showlogin() - { - global $error; - self::action_login($error); - return; - } - - /** - * Action::action_login() - * - * @param string $msg message for pageheader - * @param integer $passvars ??? - */ - static private function action_login($msg = '', $passvars = 1) - { - global $member; - - // skip to overview when allowed - if ( $member->isLoggedIn() && $member->canLogin() ) - { - self::action_overview(); - exit; - } - - /* TODO: needless variable??? */ - self::$passvar = $passvars; - if ( $msg ) - { - self::$headMess = $msg; - } - - self::pagehead(); - self::$skin->parse('showlogin'); - self::pagefoot(); - } - - /** - * Action::action_overview() - * provides a screen with the overview of the actions available - * - * @param string $msg message for pageheader - * @return void - */ - static private function action_overview($msg = '') - { - if ( $msg ) - { - self::$headMess = $msg; - } - - self::pagehead(); - self::$skin->parse('overview'); - self::pagefoot(); - return; - } - - /** - * Admin::action_manage() - * - * @param string $msg message for pageheader - * @retrn void - */ - static private function action_manage($msg = '') - { - global $member; - - if ( $msg ) - { - self::$headMess = $msg; - } - $member->isAdmin() or self::disallow(); - - self::pagehead(); - self::$skin->parse('manage'); - self::pagefoot(); - return; - } - - /** - * Action::action_itemlist() - * - * @param integer id for weblod - * @return void - */ - static private function action_itemlist($blogid = '') - { - global $member, $manager, $CONF; - - if ( $blogid == '' ) - { - $blogid = intRequestVar('blogid'); - } - - $member->teamRights($blogid) or $member->isAdmin() or self::disallow(); - - self::pagehead(); - self::$skin->parse('itemlist'); - self::pagefoot(); - return; - } - - /** - * Action::action_batchitem() - * - * @param void - * @return void - */ - static private function action_batchitem() - { - global $member, $manager; - - $member->isLoggedIn() or self::disallow(); - - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - self::error(_BATCH_NOSELECTION); - } - - // On move: when no destination blog/category chosen, show choice now - $destCatid = intRequestVar('destcatid'); - if ( ($action == 'move') && (!$manager->existsCategory($destCatid)) ) - { - self::batchMoveSelectDestination('item', $selected); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - self::batchAskDeleteConfirmation('item', $selected); - } - - self::pagehead(); - self::$skin->parse('batchitem'); - self::pagefoot(); - return; - } - - /** - * Action::action_batchcomment() - * - * @param void - * @return void - */ - static private function action_batchcomment() - { - global $member; - - $member->isLoggedIn() or self::disallow(); - - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - // Show error when no items were selected - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - self::error(_BATCH_NOSELECTION); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - self::batchAskDeleteConfirmation('comment',$selected); - } - - self::pagehead(); - self::$skin->parse('batchcomment'); - self::pagefoot(); - return; - } - - /** - * Admin::setAdminAction() - * - * @param string $action - * @return void - */ - static public function setAdminAction($action) - { - self::$action = $action; - return; - } - - /** - * Admin::action_batchmember() - * - * @param void - * @return void - */ - static private function action_batchmember() - { - global $member; - - ($member->isLoggedIn() && $member->isAdmin()) or self::disallow(); - - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - // Show error when no members selected - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - self::error(_BATCH_NOSELECTION); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - self::batchAskDeleteConfirmation('member',$selected); - } - - self::pagehead(); - self::$skin->parse('batchmember'); - self::pagefoot(); - return; - } - - /** - * Admin::action_batchteam() - * - * @param void - * @return void - */ - static private function action_batchteam() - { - global $member; - - $blogid = intRequestVar('blogid'); - - ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or self::disallow(); - - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - self::error(_BATCH_NOSELECTION); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - self::batchAskDeleteConfirmation('team',$selected); - } - - self::pagehead(); - self::$skin->parse('batchteam'); - self::pagefoot(); - return; - } - - /** - * Admin::action_batchcategory() - * - * @param void - * @return void - */ - static private function action_batchcategory() - { - global $member, $manager; - - $member->isLoggedIn() or self::disallow(); - - $selected = requestIntArray('batch'); - $action = requestVar('batchaction'); - - if ( !is_array($selected) || sizeof($selected) == 0 ) - { - self::error(_BATCH_NOSELECTION); - } - - // On move: when no destination blog chosen, show choice now - $destBlogId = intRequestVar('destblogid'); - if ( ($action == 'move') && (!$manager->existsBlogID($destBlogId)) ) - { - self::batchMoveCategorySelectDestination('category', $selected); - } - - // On delete: check if confirmation has been given - if ( ($action == 'delete') && (requestVar('confirmation') != 'yes') ) - { - self::batchAskDeleteConfirmation('category', $selected); - } - - self::pagehead(); - self::$skin->parse('batchcategory'); - self::pagefoot(); - return; - } - - /** - * Admin::batchMoveSelectDestination() - * - * @param string $type type of batch action - * @param integer $ids needless??? - * @return void - * - * TODO: remove needless argument - */ - static private function batchMoveSelectDestination($type, $ids) - { - $_POST['batchmove'] = $type; - self::pagehead(); - self::$skin->parse('batchmove'); - self::pagefoot(); - return; - } - - /** - * Admin::batchMoveCategorySelectDestination() - * - * @param string $type type of batch action - * @param integer $ids needless??? - * @return void - * - * TODO: remove needless argument - */ - static private function batchMoveCategorySelectDestination($type, $ids) - { - $_POST['batchmove'] = $type; - global $manager; - self::pagehead(); - self::$skin->parse('batchmovecat'); - self::pagefoot(); - return; - } - - /** - * Admin::batchAskDeleteConfirmation() - * - * @param string $type type of batch action - * @param integer $ids needless??? - * @return void - * - * TODO: remove needless argument - */ - static private function batchAskDeleteConfirmation($type, $ids) - { - self::pagehead(); - self::$skin->parse('batchdelete'); - self::pagefoot(); - return; - } - - /** - * Admin::selectBlogCategory() - * Inserts a HTML select element with choices for all categories to which the current - * member has access - * - * @see function selectBlog - * @param string $name name of weblod - * @param integer $selected - * @param integer $tabindex - * @param integer $showNewCat - * @param integer $iForcedBlogInclude ID for weblog always included - * @return void - * - * NOTE: callback from AdminAction - */ - static public function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) - { - Admin::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); - return; - } - - /** - * Admin::selectBlog() - * Inserts a HTML select element with choices for all blogs to which the user has access - * mode = 'blog' => shows blognames and values are blogids - * mode = 'category' => show category names and values are catids - * - * @param string $name name of weblod - * @param string $mode - * @param integer $selected - * @param integer $tabindex - * @param integer $showNewCat - * @param integer $iForcedBlogInclude ID for weblog always included - * @param $iForcedBlogInclude - * ID of a blog that always needs to be included, without checking if the - * member is on the blog team (-1 = none) - * @return void - */ - static private function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) - { - global $member, $CONF; - - // 0. get IDs of blogs to which member can post items (+ forced blog) - $aBlogIds = array(); - if ( $iForcedBlogInclude != -1 ) - { - $aBlogIds[] = intval($iForcedBlogInclude); - } - - if ( $member->isAdmin() && array_key_exists('ShowAllBlogs', $CONF) && $CONF['ShowAllBlogs'] ) - { - $query = "SELECT bnumber FROM %s ORDER BY bname;"; - $query = sprintf($query, sql_table('blog')); - } - else - { - $query = "SELECT bnumber FROM %s, %s WHERE tblog=bnumber AND tmember=%d;"; - $query = sprintf($query, sql_table('blog'), sql_table('team'), (integer) $member->getID()); - } - - $rblogids = sql_query($query); - while ($o = sql_fetch_object($rblogids)) - { - if ( $o->bnumber != $iForcedBlogInclude ) - { - $aBlogIds[] = intval($o->bnumber); - } - } - - if ( count($aBlogIds) == 0 ) - { - return; - } - - /* TODO: we should consider to use the other way instead of this */ - $_REQUEST['selectData'] = array( - 'name' => $name, - 'tabindex' => $tabindex, - 'mode' => $mode, - 'selected' => $selected, - 'showNewCat' => $showNewCat, - 'aBlogIds' => $aBlogIds, - ); - self::$skin->parse('blogselectbox'); - return; - } - - /** - * Admin::action_browseownitems() - * - * @param void - * @return void - */ - static private function action_browseownitems() - { - global $member, $manager, $CONF; - - self::pagehead(); - self::$skin->parse('browseownitems'); - self::pagefoot(); - return; - } - - /** - * Admin::action_itemcommentlist() - * Show all the comments for a given item - * - * @param integer $itemid ID for item - * @return void - */ - static private function action_itemcommentlist($itemid = '') - { - global $member, $manager, $CONF; - - if ( $itemid == '' ) - { - $itemid = intRequestVar('itemid'); - } - - /* TODO: we consider to use the other way insterad of this */ - $_REQUEST['itemid'] = $itemid; - $_REQUEST['blogid'] = getBlogIdFromItemId($itemid); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or self::disallow(); - - $blogid = getBlogIdFromItemId($itemid); - - self::pagehead(); - self::$skin->parse('itemcommentlist'); - self::pagefoot(); - return; - } - - /** - * Admin::action_browseowncomments() - * Browse own comments - * - * @param void - * @return void - */ - static private function action_browseowncomments() - { - self::pagehead(); - self::$skin->parse('browseowncomments'); - self::pagefoot(); - return; - } - - /** - * Admin::action_blogcommentlist() - * Browse all comments for a weblog - * - * @param integer $blogid ID for weblog - * @return void - */ - static private function action_blogcommentlist($blogid = '') - { - global $member, $manager, $CONF; - - if ( $blogid == '' ) - { - $blogid = intRequestVar('blogid'); - } - else - { - $blogid = intval($blogid); - } - - $member->teamRights($blogid) or $member->isAdmin() or self::disallow(); - - /* TODO: we consider to use the other way insterad of this */ - $_REQUEST['blogid'] = $blogid; - - self::pagehead(); - self::$skin->parse('blogcommentlist'); - self::pagefoot(); - return; - } - - /** - * Admin::action_createitem() - * Provide a page to item a new item to the given blog - * - * @param void - * @return void - */ - static private function action_createitem() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->teamRights($blogid) or self::disallow(); - - $memberid = $member->getID(); - - $blog =& $manager->getBlog($blogid); - - self::pagehead(); - self::$skin->parse('createitem'); - self::pagefoot(); - return; - } - - /** - * Admin::action_itemedit() - * - * @param void - * @return void - */ - static private function action_itemedit() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or self::disallow(); - - $itemid = intRequestVar('itemid'); - $blogid = getBlogIDFromItemID($itemid); - $item =& $manager->getItem($itemid, 1, 1); - $manager->notify( - 'PrepareItemForEdit', - array( - 'item' => &$item - ) - ); - - self::pagehead(); - self::$skin->parse('itemedit'); - self::pagefoot(); - return; - } - - /** - * Admin::action_itemupdate() - * - * @param void - * @return void - */ - static private function action_itemupdate() - { - global $member, $manager, $CONF; - - $itemid = intRequestVar('itemid'); - $catid = postVar('catid'); - - // only allow if user is allowed to alter item - $member->canUpdateItem($itemid, $catid) or self::disallow(); - - $actiontype = postVar('actiontype'); - - // delete actions are handled by itemdelete (which has confirmation) - if ( $actiontype == 'delete' ) - { - self::action_itemdelete(); - return; - } - - $body = postVar('body'); - $title = postVar('title'); - $more = postVar('more'); - $closed = intPostVar('closed'); - $draftid = intPostVar('draftid'); - - // default action = add now - if ( !$actiontype ) - { - $actiontype='addnow'; - } - - // create new category if needed - if ( i18n::strpos($catid,'newcat') === 0 ) - { - // get blogid - list($blogid) = sscanf($catid,"newcat-%d"); - - // create - $blog =& $manager->getBlog($blogid); - $catid = $blog->createNewCategory(); - - // show error when sth goes wrong - if ( !$catid ) - { - self::doError(_ERROR_CATCREATEFAIL); - } - } - - /* - set some variables based on actiontype - - actiontypes: - draft items -> addnow, addfuture, adddraft, delete - non-draft items -> edit, changedate, delete - - variables set: - $timestamp: set to a nonzero value for future dates or date changes - $wasdraft: set to 1 when the item used to be a draft item - $publish: set to 1 when the edited item is not a draft - */ - $blogid = getBlogIDFromItemID($itemid); - $blog =& $manager->getBlog($blogid); - - $wasdrafts = array('adddraft', 'addfuture', 'addnow'); - $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0; - $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0; - if ( $actiontype == 'addfuture' || $actiontype == 'changedate' ) - { - $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); - } - else - { - $timestamp =0; - } - - // edit the item for real - Item::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); - - self::updateFuturePosted($blogid); - - if ( $draftid > 0 ) - { - // delete permission is checked inside Item::delete() - Item::delete($draftid); - } - - if ( $catid != intPostVar('catid') ) - { - self::action_categoryedit( - $catid, - $blog->getID(), - $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) - ); - } - else - { - // TODO: set start item correctly for itemlist - $item = Item::getItem($itemid, 0, 0); - $cnt = quickQuery('SELECT COUNT(*) FROM ' . sql_table('item') . ' WHERE unix_timestamp(itime) <= ' . $item['timestamp']); - $_REQUEST['start'] = $cnt + 1; - self::action_itemlist(getBlogIDFromItemID($itemid)); - } - return; - } - - /** - * Admin::action_itemdelete() - * Delete item - * - * @param Void - * @return Void - */ - static private function action_itemdelete() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or self::disallow(); - - if ( !$manager->existsItem($itemid,1,1) ) - { - self::error(_ERROR_NOSUCHITEM); - } - - self::pagehead(); - self::$skin->parse('itemdelete'); - self::pagefoot(); - return; - } - - /** - * Admin::action_itemdeleteconfirm() - * - * @param void - * @return void - */ - static private function action_itemdeleteconfirm() - { - global $member; - - $itemid = intRequestVar('itemid'); - - // only allow if user is allowed to alter item - $member->canAlterItem($itemid) or self::disallow(); - - // get blogid first - $blogid = getBlogIdFromItemId($itemid); - - // delete item (note: some checks will be performed twice) - self::deleteOneItem($itemid); - - self::action_itemlist($blogid); - return; - } - - /** - * Admin::deleteOneItem() - * Deletes one item and returns error if something goes wrong - * - * @param integer $itemid ID for item - * @return void - */ - static private function deleteOneItem($itemid) - { - global $member, $manager; - - // only allow if user is allowed to alter item (also checks if itemid exists) - if ( !$member->canAlterItem($itemid) ) - { - return _ERROR_DISALLOWED; - } - - // need to get blogid before the item is deleted - $blogid = getBlogIDFromItemId($itemid); - - $manager->loadClass('ITEM'); - Item::delete($itemid); - - // update blog's futureposted - self::updateFuturePosted($blogid); - return; - } - - /** - * Admin::updateFuturePosted() - * Update a blog's future posted flag - * - * @param integer $blogid - * @return void - */ - static private function updateFuturePosted($blogid) - { - global $manager; - - $blogid = intval($blogid); - $blog =& $manager->getBlog($blogid); - $currenttime = $blog->getCorrectTime(time()); - - $query = "SELECT * FROM %s WHERE iblog=%d AND iposted=0 AND itime>'%s'"; - $query = sprintf($query, sql_table('item'), (integer) $blogid, i18n::formatted_datetime('mysql', $currenttime)); - $result = sql_query($query); - - if ( sql_num_rows($result) > 0 ) - { - $blog->setFuturePost(); - } - else - { - $blog->clearFuturePost(); - } - return; - } - - /** - * Admin::action_itemmove() - * - * @param void - * @return void - */ - static private function action_itemmove() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - - $member->canAlterItem($itemid) or self::disallow(); - - self::pagehead(); - self::$skin->parse('itemmove'); - self::pagefoot(); - return; - } - - /** - * Admin::action_itemmoveto() - * - * @param void - * @return void - */ - static private function action_itemmoveto() - { - global $member, $manager; - - $itemid = intRequestVar('itemid'); - $catid = requestVar('catid'); - - // create new category if needed - if ( i18n::strpos($catid,'newcat') === 0 ) - { - // get blogid - list($blogid) = sscanf($catid,'newcat-%d'); - - // create - $blog =& $manager->getBlog($blogid); - $catid = $blog->createNewCategory(); - - // show error when sth goes wrong - if ( !$catid ) - { - self::doError(_ERROR_CATCREATEFAIL); - } - } - - // only allow if user is allowed to alter item - $member->canUpdateItem($itemid, $catid) or self::disallow(); - - $old_blogid = getBlogIDFromItemId($itemid); - - Item::move($itemid, $catid); - - // set the futurePosted flag on the blog - self::updateFuturePosted(getBlogIDFromItemId($itemid)); - - // reset the futurePosted in case the item is moved from one blog to another - self::updateFuturePosted($old_blogid); - - if ( $catid != intRequestVar('catid') ) - { - self::action_categoryedit($catid, $blog->getID()); - } - else - { - self::action_itemlist(getBlogIDFromCatID($catid)); - } - return; - } - - /** - * Admin::moveOneItem() - * Moves one item to a given category (category existance should be checked by caller) - * errors are returned - * - * @param integer $itemid ID for item - * @param integer $destCatid ID for category to which the item will be moved - * @return void - */ - static private function moveOneItem($itemid, $destCatid) - { - global $member; - - // only allow if user is allowed to move item - if ( !$member->canUpdateItem($itemid, $destCatid) ) - { - return _ERROR_DISALLOWED; - } - - Item::move($itemid, $destCatid); - return; - } - - /** - * Admin::action_additem() - * Adds a item to the chosen blog - * - * @param void - * @return void - */ - static private function action_additem() - { - global $manager, $CONF; - - $manager->loadClass('ITEM'); - - $result = Item::createFromRequest(); - - if ( $result['status'] == 'error' ) - { - self::error($result['message']); - } - - $blogid = getBlogIDFromItemID($result['itemid']); - $blog =& $manager->getBlog($blogid); - $btimestamp = $blog->getCorrectTime(); - $item = $manager->getItem(intval($result['itemid']), 1, 1); - - if ( $result['status'] == 'newcategory' ) - { - $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid)); - self::action_categoryedit($result['catid'], $blogid, $distURI); - } - else - { - $methodName = 'action_itemList'; - call_user_func(array(&$this, $methodName), $blogid); - } - return; - } - - /** - * Admin::action_commentedit() - * Allows to edit previously made comments - * - * @param void - * @return void - */ - static private function action_commentedit() - { - global $member, $manager; - - $commentid = intRequestVar('commentid'); - - $member->canAlterComment($commentid) or self::disallow(); - - self::pagehead(); - self::$skin->parse('commentedit'); - self::pagefoot(); - return; - } - - /** - * Admin::action_commentupdate() - * - * @param void - * @return void - */ - static private function action_commentupdate() - { - global $member, $manager; - - $commentid = intRequestVar('commentid'); - - $member->canAlterComment($commentid) or self::disallow(); - - $url = postVar('url'); - $email = postVar('email'); - $body = postVar('body'); - - // intercept words that are too long - if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE) - { - self::error(_ERROR_COMMENT_LONGWORD); - } - - // check length - if ( i18n::strlen($body) < 3 ) - { - self::error(_ERROR_COMMENT_NOCOMMENT); - } - - if ( i18n::strlen($body) > 5000 ) - { - self::error(_ERROR_COMMENT_TOOLONG); - } - - // prepare body - $body = Comment::prepareBody($body); - - // call plugins - $data = array( - 'body' => &$body - ); - $manager->notify('PreUpdateComment', $data); - - $query = "UPDATE %s SET cmail='%s', cemail = '%s', cbody= '%s' WHERE cnumber=%d;"; - $query = sprintf($query, sql_real_escape_string($url), sql_real_escape_string($url), sql_real_escape_string($url), (integer) $commentid); - sql_query($query); - - // get itemid - $query = "SELECT citem FROM %s WHERE cnumber=%d;"; - $query = sprintf($query, sql_table('comment'), (integer) $commentid); - - $res = sql_query($query); - $o = sql_fetch_object($res); - $itemid = $o->citem; - - if ( $member->canAlterItem($itemid) ) - { - self::action_itemcommentlist($itemid); - } - else - { - self::action_browseowncomments(); - } - return; - } - - /** - * Admin::action_commentdelete() - * Update comment - * - * @param void - * @return void - */ - static private function action_commentdelete() - { - global $member, $manager; - - $commentid = intRequestVar('commentid'); - $member->canAlterComment($commentid) or self::disallow(); - - self::pagehead(); - self::$skin->parse('commentdelete'); - self::pagefoot(); - return; - } - - /** - * Admin::action_commentdeleteconfirm() - * - * @param void - * @return void - */ - static private function action_commentdeleteconfirm() - { - global $member; - - $commentid = intRequestVar('commentid'); - - // get item id first - $query = "SELECT citem FROM %s WHERE cnumber=%d;"; - $query = sprintf($query, sql_table('comment'), (integer) $commentid); - - $res = sql_query($query); - $o = sql_fetch_object($res); - $itemid = $o->citem; - - $error = self::deleteOneComment($commentid); - if ( $error ) - { - self::doError($error); - } - - if ( $member->canAlterItem($itemid) ) - { - self::action_itemcommentlist($itemid); - } - else - { - self::action_browseowncomments(); - } - return; - } - - /** - * Admin::deleteOneComment() - * - * @param integer $commentid ID for comment - * @return void - */ - static private function deleteOneComment($commentid) - { - global $member, $manager; - - $commentid = (integer) $commentid; - - if ( !$member->canAlterComment($commentid) ) - { - return _ERROR_DISALLOWED; - } - - $data = array( - 'commentid' => $commentid - ); - - $manager->notify('PreDeleteComment', $data); - - // delete the comments associated with the item - $query = "DELETE FROM %s WHERE cnumber=%d;"; - $query = sprintf($query, sql_table('comment'), (integer) $commentid); - sql_query($query); - - $data = array( - 'commentid' => $commentid - ); - - $manager->notify('PostDeleteComment', $data); - - return ''; - } - - /** - * Admin::action_usermanagement() - * Usermanagement main - * - * @param void - * @return void - */ - static private function action_usermanagement() - { - global $member, $manager; - - // check if allowed - $member->isAdmin() or self::disallow(); - - self::pagehead(); - self::$skin->parse('usermanagement'); - self::pagefoot(); - return; - } - - /** - * Admin::action_memberedit() - * Edit member settings - * - * @param void - * @return void - */ - static private function action_memberedit() - { - self::action_editmembersettings(intRequestVar('memberid')); - return; - } - - /** - * Admin::action_editmembersettings() - * - * @param integer $memberid ID for member - * @return void - * - */ - static private function action_editmembersettings($memberid = '') - { - global $member, $manager, $CONF; - - if ( $memberid == '' ) - { - $memberid = $member->getID(); - } - - /* TODO: we should consider to use the other way insterad of this */ - $_REQUEST['memberid'] = $memberid; - - // check if allowed - ($member->getID() == $memberid) or $member->isAdmin() or self::disallow(); - - $extrahead = ''; - self::pagehead($extrahead); - self::$skin->parse('editmembersettings'); - self::pagefoot(); - return; - } - - /** - * Admin::action_changemembersettings() - * - * @param void - * @return void - */ - static private function action_changemembersettings() - { - global $member, $CONF, $manager; - - $memberid = intRequestVar('memberid'); - - // check if allowed - ($member->getID() == $memberid) or $member->isAdmin() or self::disallow(); - - $name = trim(strip_tags(postVar('name'))); - $realname = trim(strip_tags(postVar('realname'))); - $password = postVar('password'); - $repeatpassword = postVar('repeatpassword'); - $email = strip_tags(postVar('email')); - $url = strip_tags(postVar('url')); - $adminskin = intPostVar('adminskin'); - - // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. - if ( !preg_match('#^https?://#', $url) ) - { - $url = 'http://' . $url; - } - - $admin = postVar('admin'); - $canlogin = postVar('canlogin'); - $notes = strip_tags(postVar('notes')); - $locale = postVar('locale'); - - $mem = Member::createFromID($memberid); - - if ( $CONF['AllowLoginEdit'] || $member->isAdmin() ) - { - if ( !isValidDisplayName($name) ) - { - self::error(_ERROR_BADNAME); - } - - if ( ($name != $mem->getDisplayName()) && Member::exists($name) ) - { - self::error(_ERROR_NICKNAMEINUSE); - } - - if ( $password != $repeatpassword ) - { - self::error(_ERROR_PASSWORDMISMATCH); - } - - if ( $password && (i18n::strlen($password) < 6) ) - { - self::error(_ERROR_PASSWORDTOOSHORT); - } - - if ( $password ) - { - $pwdvalid = true; - $pwderror = ''; - - $data = array( - 'password' => $password, - 'errormessage' => &$pwderror, - 'valid' => &$pwdvalid - ); - $manager->notify('PrePasswordSet', $data); - - if ( !$pwdvalid ) - { - self::error($pwderror); - } - } - } - - if ( !NOTIFICATION::address_validation($email) ) - { - self::error(_ERROR_BADMAILADDRESS); - } - if ( !$realname ) - { - self::error(_ERROR_REALNAMEMISSING); - } - if ( ($locale != '') && (!in_array($locale, i18n::get_available_locale_list())) ) - { - self::error(_ERROR_NOSUCHTRANSLATION); - } - - // check if there will remain at least one site member with both the logon and admin rights - // (check occurs when taking away one of these rights from such a member) - if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) - || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) - ) - { - $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); - if ( sql_num_rows($r) < 2 ) - { - self::error(_ERROR_ATLEASTONEADMIN); - } - } - - if ( $CONF['AllowLoginEdit'] || $member->isAdmin() ) - { - $mem->setDisplayName($name); - if ( $password ) - { - $mem->setPassword($password); - } - } - - $oldEmail = $mem->getEmail(); - - $mem->setRealName($realname); - $mem->setEmail($email); - $mem->setURL($url); - $mem->setNotes($notes); - $mem->setLocale($locale); - - // only allow super-admins to make changes to the admin status - if ( $member->isAdmin() ) - { - $mem->setAdmin($admin); - $mem->setCanLogin($canlogin); - } - - $autosave = postVar('autosave'); - $mem->setAutosave($autosave); - - $mem->write(); - - // store plugin options - $aOptions = requestArray('plugoption'); - NucleusPlugin::apply_plugin_options($aOptions); - $data = array( - 'context' => 'member', - 'memberid' => $memberid, - 'member' => &$mem - ); - $manager->notify('PostPluginOptionsUpdate', $data); - - // if email changed, generate new password - if ( $oldEmail != $mem->getEmail() ) - { - $mem->sendActivationLink('addresschange', $oldEmail); - // logout member - $mem->newCookieKey(); - - // only log out if the member being edited is the current member. - if ( $member->getID() == $memberid ) - { - $member->logout(); - } - self::action_login(_MSG_ACTIVATION_SENT, 0); - return; - } - - if ( ($mem->getID() == $member->getID()) - && ($mem->getDisplayName() != $member->getDisplayName()) ) - { - $mem->newCookieKey(); - $member->logout(); - self::action_login(_MSG_LOGINAGAIN, 0); - } - else - { - self::action_overview(_MSG_SETTINGSCHANGED); - } - return; - } - - /** - * Admin::action_memberadd() - * - * @param void - * @return void - * - */ - static private function action_memberadd() - { - global $member, $manager; - - // check if allowed - $member->isAdmin() or self::disallow(); - - if ( postVar('password') != postVar('repeatpassword') ) - { - self::error(_ERROR_PASSWORDMISMATCH); - } - - if ( i18n::strlen(postVar('password')) < 6 ) - { - self::error(_ERROR_PASSWORDTOOSHORT); - } - - $res = Member::create( - postVar('name'), - postVar('realname'), - postVar('password'), - postVar('email'), - postVar('url'), - postVar('admin'), - postVar('canlogin'), - postVar('notes') - ); - - if ( $res != 1 ) - { - self::error($res); - } - - // fire PostRegister event - $newmem = new Member(); - $newmem->readFromName(postVar('name')); - $data = array( - 'member' => &$newmem - ); - $manager->notify('PostRegister', $data); - - self::action_usermanagement(); - return; - } - - /** - * Admin::action_activate() - * Account activation - * - * @param void - * @return void - */ - static private function action_activate() - { - $key = getVar('key'); - self::showActivationPage($key); - return; - } - - /** - * Admin::showActivationPage() - * - * @param void - * @return void - */ - static private function showActivationPage($key, $message = '') - { - global $manager; - - // clean up old activation keys - Member::cleanupActivationTable(); - - // get activation info - $info = Member::getActivationInfo($key); - - if ( !$info ) - { - self::error(_ERROR_ACTIVATE); - } - - $mem = Member::createFromId($info->vmember); - - if ( !$mem ) - { - self::error(_ERROR_ACTIVATE); - } - - /* TODO: we should consider to use the other way insterad of this */ - $_POST['ackey'] = $key; - $_POST['bNeedsPasswordChange'] = TRUE; - - self::$headMess = $message; - self::pagehead(); - self::$skin->parse('activate'); - self::pagefoot(); - return; - } - - /** - * Admin::action_activatesetpwd() - * Account activation - set password part - * - * @param void - * @return void - */ - static private function action_activatesetpwd() - { - global $manager; - $key = postVar('key'); - - // clean up old activation keys - Member::cleanupActivationTable(); - - // get activation info - $info = Member::getActivationInfo($key); - - if ( !$info || ($info->type == 'addresschange') ) - { - return self::showActivationPage($key, _ERROR_ACTIVATE); - } - - $mem = Member::createFromId($info->vmember); - - if ( !$mem ) - { - return self::showActivationPage($key, _ERROR_ACTIVATE); - } - - $password = postVar('password'); - $repeatpassword = postVar('repeatpassword'); - - if ( $password != $repeatpassword ) - { - return self::showActivationPage($key, _ERROR_PASSWORDMISMATCH); - } - - if ( $password && (i18n::strlen($password) < 6) ) - { - return self::showActivationPage($key, _ERROR_PASSWORDTOOSHORT); - } - - if ( $password ) - { - $pwdvalid = true; - $pwderror = ''; - - $data = array( - 'password' => $password, - 'errormessage' => &$pwderror, - 'valid' => &$pwdvalid - ); - $manager->notify('PrePasswordSet', $data); - if ( !$pwdvalid ) - { - return self::showActivationPage($key,$pwderror); - } - } - - $error = ''; - - $data = array( - 'type' => 'activation', - 'member' => $mem, - 'error' => &$error - ); - $manager->notify('ValidateForm', $data); - if ( $error != '' ) - { - return self::showActivationPage($key, $error); - } - - // set password - $mem->setPassword($password); - $mem->write(); - - // do the activation - Member::activate($key); - - self::pagehead(); - self::$skin->parse('activatesetpwd'); - self::pagefoot(); - return; - } - - /** - * Admin::action_manageteam() - * Manage team - * - * @param void - * @return void - */ - static private function action_manageteam() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->blogAdminRights($blogid) or self::disallow(); - - self::pagehead(); - self::$skin->parse('manageteam'); - self::pagefoot(); - return; - } - - /** - * Admin::action_teamaddmember() - * Add member to team - * - * @param void - * @return void - */ - static private function action_teamaddmember() - { - global $member, $manager; - - $memberid = intPostVar('memberid'); - $blogid = intPostVar('blogid'); - $admin = intPostVar('admin'); - - // check if allowed - $member->blogAdminRights($blogid) or self::disallow(); - - $blog =& $manager->getBlog($blogid); - if ( !$blog->addTeamMember($memberid, $admin) ) - { - self::error(_ERROR_ALREADYONTEAM); - } - - self::action_manageteam(); - return; - } - - /** - * Admin::action_teamdelete() - * - * @param void - * @return void - */ - static private function action_teamdelete() - { - global $member, $manager; - - $memberid = intRequestVar('memberid'); - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->blogAdminRights($blogid) or self::disallow(); - - $teammem = Member::createFromID($memberid); - $blog =& $manager->getBlog($blogid); - - self::pagehead(); - self::$skin->parse('teamdelete'); - self::pagefoot(); - return; - } - - /** - * Admin::action_teamdeleteconfirm() - * - * @param void - * @return void - */ - static private function action_teamdeleteconfirm() - { - global $member; - - $memberid = intRequestVar('memberid'); - $blogid = intRequestVar('blogid'); - - $error = self::deleteOneTeamMember($blogid, $memberid); - if ( $error ) - { - self::error($error); - } - self::action_manageteam(); - return; - } - - /** - * Admin::deleteOneTeamMember() - * - * @param void - * @return void - */ - static private function deleteOneTeamMember($blogid, $memberid) - { - global $member, $manager; - - $blogid = intval($blogid); - $memberid = intval($memberid); - - // check if allowed - if ( !$member->blogAdminRights($blogid) ) - { - return _ERROR_DISALLOWED; - } - - // check if: - there remains at least one blog admin - // - (there remains at least one team member) - $tmem = Member::createFromID($memberid); - - - $data = array( - 'member' => &$tmem, - 'blogid' => $blogid - ); $manager->notify('PreDeleteTeamMember', $data); - - if ( $tmem->isBlogAdmin($blogid) ) - { - /* TODO: why we did double check? */ - // check if there are more blog members left and at least one admin - // (check for at least two admins before deletion) - $query = "SELECT * FROM %s WHERE tblog=%d and tadmin=1;"; - $query = sprintf($query, sql_table('team'), (integer) $blogid); - $r = sql_query($query); - if ( sql_num_rows($r) < 2 ) - { - return _ERROR_ATLEASTONEBLOGADMIN; - } - } - - $query = "DELETE FROM %s WHERE tblog=%d AND tmember=%d;"; - $query = sprintf($query, sql_table('team'), (integer) $blogid, (integer) $memberid); - sql_query($query); - - $data = array( - 'member' => &$tmem, - 'blogid' => $blogid - ); - $manager->notify('PostDeleteTeamMember', $data); - - return ''; - } - - /** - * Admin::action_teamchangeadmin() - * - * @param void - * @return void - */ - static private function action_teamchangeadmin() - { - global $member; - - $blogid = intRequestVar('blogid'); - $memberid = intRequestVar('memberid'); - - // check if allowed - $member->blogAdminRights($blogid) or self::disallow(); - - $mem = Member::createFromID($memberid); - - // don't allow when there is only one admin at this moment - if ( $mem->isBlogAdmin($blogid) ) - { - $query = "SELECT * FROM %s WHERE tblog=%d AND tadmin=1;"; - $query = sprintf($query, sql_table('team'), (integer) $blogid); - $r = sql_query($query); - if ( sql_num_rows($r) == 1 ) - { - self::error(_ERROR_ATLEASTONEBLOGADMIN); - } - } - - if ( $mem->isBlogAdmin($blogid) ) - { - $newval = 0; - } - else - { - $newval = 1; - } - - $query = "UPDATE %s SET tadmin=%d WHERE tblog=%d and tmember=%d;"; - $query = sprintf($query, (integer) $blogid, (integer) $newval, (integer) $blogid, (integer) $memberid); - sql_query($query); - - // only show manageteam if member did not change its own admin privileges - if ( $member->isBlogAdmin($blogid) ) - { - self::action_manageteam(); - } - else - { - self::action_overview(_MSG_ADMINCHANGED); - } - return; - } - - /** - * Admin::action_blogsettings() - * - * @param void - * @return void - */ - static private function action_blogsettings() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - // check if allowed - $member->blogAdminRights($blogid) or self::disallow(); - - $blog =& $manager->getBlog($blogid); - - $extrahead = ''; - self::pagehead($extrahead); - self::$skin->parse('blogsettings'); - self::pagefoot(); - return; - } - - /** - * Admin::action_categorynew() - * - * @param void - * @return void - */ - static private function action_categorynew() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or self::disallow(); - - $cname = postVar('cname'); - $cdesc = postVar('cdesc'); - - if ( !isValidCategoryName($cname) ) - { - self::error(_ERROR_BADCATEGORYNAME); - } - - $query = "SELECT * FROM %s WHERE cname='%s' AND cblog=%d;"; - $query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), (integer) $blogid); - $res = sql_query($query); - if ( sql_num_rows($res) > 0 ) - { - self::error(_ERROR_DUPCATEGORYNAME); - } - - $blog =& $manager->getBlog($blogid); - $newCatID = $blog->createNewCategory($cname, $cdesc); - - self::action_blogsettings(); - return; - } - - /** - * Admin::action_categoryedit() - * - * @param void - * @return void - */ - static private function action_categoryedit($catid = '', $blogid = '', $desturl = '') - { - global $member, $manager; - - if ( $blogid == '' ) - { - $blogid = intGetVar('blogid'); - } - else - { - $blogid = intval($blogid); - } - if ( $catid == '' ) - { - $catid = intGetVar('catid'); - } - else - { - $catid = intval($catid); - } - - /* TODO: we should consider to use the other way insterad of this */ - $_REQUEST['blogid'] = $blogid; - $_REQUEST['catid'] = $catid; - $_REQUEST['desturl'] = $desturl; - $member->blogAdminRights($blogid) or self::disallow(); - - $extrahead = ''; - self::pagehead($extrahead); - self::$skin->parse('categoryedit'); - self::pagefoot(); - return; - } - - /** - * Admin::action_categoryupdate() - * - * @param void - * @return void - */ - static private function action_categoryupdate() - { - global $member, $manager; - - $blogid = intPostVar('blogid'); - $catid = intPostVar('catid'); - $cname = postVar('cname'); - $cdesc = postVar('cdesc'); - $desturl = postVar('desturl'); - - $member->blogAdminRights($blogid) or self::disallow(); - - if ( !isValidCategoryName($cname) ) - { - self::error(_ERROR_BADCATEGORYNAME); - } - - $query = "SELECT * FROM %s WHERE cname='%s' AND cblog=%d AND not(catid=%d);"; - $query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), (integer) $blogid, (integer) $catid); - $res = sql_query($query); - if ( sql_num_rows($res) > 0 ) - { - self::error(_ERROR_DUPCATEGORYNAME); - } - - $query = "UPDATE %s SET cname='%s', cdesc='%s' WHERE catid=%d;"; - $query = sprintf($query, sql_table('category'), sql_real_escape_string($cname), sql_real_escape_string($cdesc), (integer) $catid); - sql_query($query); - - // store plugin options - $aOptions = requestArray('plugoption'); - NucleusPlugin::apply_plugin_options($aOptions); - $data = array( - 'context' => 'category', - 'catid' => $catid - ); - $manager->notify('PostPluginOptionsUpdate', $data); - - if ( $desturl ) - { - redirect($desturl); - exit; - } - else - { - self::action_blogsettings(); - } - return; - } - - /** - * Admin::action_categorydelete() - * - * @param void - * @return void - */ - static private function action_categorydelete() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - $catid = intRequestVar('catid'); - - $member->blogAdminRights($blogid) or self::disallow(); - - $blog =& $manager->getBlog($blogid); - - // check if the category is valid - if ( !$blog->isValidCategory($catid) ) - { - self::error(_ERROR_NOSUCHCATEGORY); - } - - // don't allow deletion of default category - if ( $blog->getDefaultCategory() == $catid ) - { - self::error(_ERROR_DELETEDEFCATEGORY); - } - - // check if catid is the only category left for blogid - $query = "SELECT catid FROM %s WHERE cblog=%d;"; - $query = sprintf($query, sql_table('category'), $blogid); - $res = sql_query($query); - if ( sql_num_rows($res) == 1 ) - { - self::error(_ERROR_DELETELASTCATEGORY); - } - - self::pagehead(); - self::$skin->parse('categorydelete'); - self::pagefoot(); - return; - } - - /** - * Admin::action_categorydeleteconfirm() - * - * @param void - * @return void - */ - static private function action_categorydeleteconfirm() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - $catid = intRequestVar('catid'); - - $member->blogAdminRights($blogid) or self::disallow(); - - $error = self::deleteOneCategory($catid); - if ( $error ) - { - self::error($error); - } - - self::action_blogsettings(); - return; - } - - /** - * Admin::deleteOneCategory() - * Delete a category by its id - * - * @param String $catid category id for deleting - * @return Void - */ - static private function deleteOneCategory($catid) - { - global $manager, $member; - - $catid = intval($catid); - $blogid = getBlogIDFromCatID($catid); - - if ( !$member->blogAdminRights($blogid) ) - { - return ERROR_DISALLOWED; - } - - // get blog - $blog =& $manager->getBlog($blogid); - - // check if the category is valid - if ( !$blog || !$blog->isValidCategory($catid) ) - { - return _ERROR_NOSUCHCATEGORY; - } - - $destcatid = $blog->getDefaultCategory(); - - // don't allow deletion of default category - if ( $blog->getDefaultCategory() == $catid ) - { - return _ERROR_DELETEDEFCATEGORY; - } - - // check if catid is the only category left for blogid - $query = "SELECT catid FROM %s WHERE cblog=%d;"; - $query = sprintf(sql_table('category'), (integer) $blogid); - - $res = sql_query($query); - if ( sql_num_rows($res) == 1 ) - { - return _ERROR_DELETELASTCATEGORY; - } - - $data = array('catid' => $catid); - $manager->notify('PreDeleteCategory', $data); - - // change category for all items to the default category - $query = "UPDATE %s SET icat=%d WHERE icat=%d;"; - $query =sprintf($query, sql_table('item'), (integer) $destcatid, (integer) $catid); - sql_query($query); - - // delete all associated plugin options - NucleusPlugin::delete_option_values('category', $catid); - - // delete category - $query = "DELETE FROM %s WHERE catid=%d;"; - $query = sprintf($query, (integer) $catid); - sql_query($query); - - $data = array('catid' => $catid); - $manager->notify('PostDeleteCategory', $data); - return; - } - - /** - * Admin::action_blogsettingsupdate - * Updating blog settings - * - * @param Void - * @return Void - */ - static private function action_blogsettingsupdate() - { - global $member, $manager; - - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or self::disallow(); - - $blog =& $manager->getBlog($blogid); - - $notify_address = trim(postVar('notify')); - $shortname = trim(postVar('shortname')); - $updatefile = trim(postVar('update')); - - $notifyComment = intPostVar('notifyComment'); - $notifyVote = intPostVar('notifyVote'); - $notifyNewItem = intPostVar('notifyNewItem'); - - if ( $notifyComment == 0 ) - { - $notifyComment = 1; - } - if ( $notifyVote == 0 ) - { - $notifyVote = 1; - } - if ( $notifyNewItem == 0 ) - { - $notifyNewItem = 1; - } - $notifyType = $notifyComment * $notifyVote * $notifyNewItem; - - if ( $notify_address && !NOTIFICATION::address_validation($notify_address) ) - { - self::error(_ERROR_BADNOTIFY); - } - - if ( !isValidShortName($shortname) ) - { - self::error(_ERROR_BADSHORTBLOGNAME); - } - - if ( ($blog->getShortName() != $shortname) && $manager->existsBlog($shortname) ) - { - self::error(_ERROR_DUPSHORTBLOGNAME); - } - // check if update file is writable - if ( $updatefile && !is_writeable($updatefile) ) - { - self::error(_ERROR_UPDATEFILE); - } - - $blog->setName(trim(postVar('name'))); - $blog->setShortName($shortname); - $blog->setNotifyAddress($notify_address); - $blog->setNotifyType($notifyType); - $blog->setMaxComments(postVar('maxcomments')); - $blog->setCommentsEnabled(postVar('comments')); - $blog->setTimeOffset(postVar('timeoffset')); - $blog->setUpdateFile($updatefile); - $blog->setURL(trim(postVar('url'))); - $blog->setDefaultSkin(intPostVar('defskin')); - $blog->setDescription(trim(postVar('desc'))); - $blog->setPublic(postVar('public')); - $blog->setConvertBreaks(intPostVar('convertbreaks')); - $blog->setAllowPastPosting(intPostVar('allowpastposting')); - $blog->setDefaultCategory(intPostVar('defcat')); - $blog->setSearchable(intPostVar('searchable')); - $blog->setEmailRequired(intPostVar('reqemail')); - $blog->writeSettings(); - - // store plugin options - $aOptions = requestArray('plugoption'); - NucleusPlugin::apply_plugin_options($aOptions); - - $data = array( - 'context' => 'blog', - 'blogid' => $blogid, - 'blog' => &$blog - ); - $manager->notify('PostPluginOptionsUpdate', $data); - - self::action_overview(_MSG_SETTINGSCHANGED); - return; - } - - /** - * Admin::action_deleteblog() - * - * @param void - * @return void - */ - static private function action_deleteblog() - { - global $member, $CONF, $manager; - - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or self::disallow(); - - // check if blog is default blog - if ( $CONF['DefaultBlog'] == $blogid ) - { - self::error(_ERROR_DELDEFBLOG); - } - - $blog =& $manager->getBlog($blogid); - - self::pagehead(); - self::$skin->parse('deleteblog'); - self::pagefoot(); - return; - } - - /** - * Admin::action_deleteblogconfirm() - * Delete Blog - * - * @param Void - * @return Void - */ - static private function action_deleteblogconfirm() - { - global $member, $CONF, $manager; - - $blogid = intRequestVar('blogid'); - - $data = array('blogid' => $blogid); - $manager->notify('PreDeleteBlog', $data); - - $member->blogAdminRights($blogid) or self::disallow(); - - // check if blog is default blog - if ( $CONF['DefaultBlog'] == $blogid ) - { - self::error(_ERROR_DELDEFBLOG); - } - - // delete all comments - $query = 'DELETE FROM ' . sql_table('comment') . ' WHERE cblog='.$blogid; - sql_query($query); - - // delete all items - $query = 'DELETE FROM ' . sql_table('item') . ' WHERE iblog=' . $blogid; - sql_query($query); - - // delete all team members - $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tblog=' . $blogid; - sql_query($query); - - // delete all bans - $query = 'DELETE FROM ' . sql_table('ban') . ' WHERE blogid=' . $blogid; - sql_query($query); - - // delete all categories - $query = 'DELETE FROM ' . sql_table('category') . ' WHERE cblog=' . $blogid; - sql_query($query); - - // delete all associated plugin options - NucleusPlugin::delete_option_values('blog', $blogid); - - // delete the blog itself - $query = 'DELETE FROM ' . sql_table('blog') . ' WHERE bnumber=' . $blogid; - sql_query($query); - - $data = array('blogid' => $blogid); - $manager->notify('PostDeleteBlog', $data); - - self::action_overview(_DELETED_BLOG); - return; - } - - /** - * Admin::action_memberdelete() - * - * @param void - * @return void - */ - static private function action_memberdelete() - { - global $member, $manager; - - $memberid = intRequestVar('memberid'); - - ($member->getID() == $memberid) or $member->isAdmin() or self::disallow(); - - $mem = Member::createFromID($memberid); - - self::pagehead(); - self::$skin->parse('memberdelete'); - self::pagefoot(); - return; - } - - /** - * Admin::action_memberdeleteconfirm() - * - * @param void - * @return void - */ - static private function action_memberdeleteconfirm() - { - global $member; - - $memberid = intRequestVar('memberid'); - - ($member->getID() == $memberid) or $member->isAdmin() or self::disallow(); - - $error = self::deleteOneMember($memberid); - if ( $error ) - { - self::error($error); - } - - if ( $member->isAdmin() ) - { - self::action_usermanagement(); - } - else - { - self::action_overview(_DELETED_MEMBER); - } - return; - } - - /** - * Admin::deleteOneMember() - * Delete a member by id - * - * @static - * @params Integer $memberid member id - * @return String null string or error messages - */ - static private function deleteOneMember($memberid) - { - global $manager; - - $memberid = intval($memberid); - $mem = Member::createFromID($memberid); - - if ( !$mem->canBeDeleted() ) - { - return _ERROR_DELETEMEMBER; - } - - $data = array('member' => &$mem); - $manager->notify('PreDeleteMember', $data); - - /* unlink comments from memberid */ - if ( $memberid ) - { - $query = "UPDATE %s SET cmember=0, cuser='%s' WHERE cmember=%d;"; - $query = sprintf($query, sql_table('comment'), sql_real_escape_string($mem->getDisplayName()), $memberid); - sql_query($query); - } - - $query = 'DELETE FROM ' . sql_table('member') . ' WHERE mnumber=' . $memberid; - sql_query($query); - - $query = 'DELETE FROM ' . sql_table('team') . ' WHERE tmember=' . $memberid; - sql_query($query); - - $query = 'DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . $memberid; - sql_query($query); - - // delete all associated plugin options - NucleusPlugin::delete_option_values('member', $memberid); - - $data = array('member' => &$mem); - $manager->notify('PostDeleteMember', $data); - - return ''; - } - - /** - * Admin::action_createnewlog() - * - * @param void - * @return void - */ - static private function action_createnewlog() - { - global $member, $CONF, $manager; - - // Only Super-Admins can do this - $member->isAdmin() or self::disallow(); - - self::pagehead(); - self::$skin->parse('createnewlog'); - self::pagefoot(); - return; - } - - /** - * Admin::action_addnewlog() - * - * @param void - * @return void - */ - static private function action_addnewlog() - { - global $member, $manager, $CONF; - - // Only Super-Admins can do this - $member->isAdmin() or self::disallow(); - - $bname = trim(postVar('name')); - $bshortname = trim(postVar('shortname')); - $btimeoffset = postVar('timeoffset'); - $bdesc = trim(postVar('desc')); - $bdefskin = postVar('defskin'); - - if ( !isValidShortName($bshortname) ) - { - self::error(_ERROR_BADSHORTBLOGNAME); - } - - if ( $manager->existsBlog($bshortname) ) - { - self::error(_ERROR_DUPSHORTBLOGNAME); - } - - $data = array( - 'name' => &$bname, - 'shortname' => &$bshortname, - 'timeoffset' => &$btimeoffset, - 'description' => &$bdesc, - 'defaultskin' => &$bdefskin - ); - $manager->notify('PreAddBlog', $data); - - // add slashes for sql queries - $bname = sql_real_escape_string($bname); - $bshortname = sql_real_escape_string($bshortname); - $btimeoffset = sql_real_escape_string($btimeoffset); - $bdesc = sql_real_escape_string($bdesc); - $bdefskin = sql_real_escape_string($bdefskin); - - // create blog - $query = "INSERT INTO %s (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('%s', '%s', '%s', '%s', '%s');"; - $query = sprintf(sql_table('blog'), $bname, $bshortname, $bdesc, $btimeoffset, $bdefskin); - sql_query($query); - - $blogid = sql_insert_id(); - $blog =& $manager->getBlog($blogid); - - // create new category - $catdefname = (!defined('_EBLOGDEFAULTCATEGORY_NAME') ? 'General' : _EBLOGDEFAULTCATEGORY_NAME); - $catdefdesc = (!defined('_EBLOGDEFAULTCATEGORY_DESC') ? 'Items that do not fit in other categories' : _EBLOGDEFAULTCATEGORY_DESC); - - $query = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")'; - sql_query(sprintf($query, sql_table('category'), (integer) $blogid, $catdefname, $catdefdesc)); - $catid = sql_insert_id(); - - // set as default category - $blog->setDefaultCategory($catid); - $blog->writeSettings(); - - // create team member - $query = "INSERT INTO %s (tmember, tblog, tadmin) VALUES (%d, %d, 1);"; - $query = sprintf($query, sql_table('team'), (integer) $member->getID(), (integer) $blogid); - sql_query($query); - - $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); - $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); - - $blog->additem( - $blog->getDefaultCategory(), - $itemdeftitle,$itemdefbody, - '', - $blogid, - $member->getID(), - $blog->getCorrectTime(), - 0, - 0, - 0 - ); - - $data = array('blog' => &$blog); - $manager->notify('PostAddBlog', $data); - - $data = array( - 'blog' => &$blog, - 'name' => _EBLOGDEFAULTCATEGORY_NAME, - 'description' => _EBLOGDEFAULTCATEGORY_DESC, - 'catid' => $catid - ); - $manager->notify('PostAddCategory', $data); - - /* TODO: we should consider to use the other way insterad of this */ - $_REQUEST['blogid'] = $blogid; - $_REQUEST['catid'] = $catid; - self::pagehead(); - self::$skin->parse('addnewlog'); - self::pagefoot(); - return; - } - - /** - * Admin::action_addnewlog2() - * - * @param void - * @return void - */ - static private function action_addnewlog2() - { - global $member, $manager; - $blogid = intRequestVar('blogid'); - - $member->blogAdminRights($blogid) or self::disallow(); - - $burl = requestVar('url'); - - $blog =& $manager->getBlog($blogid); - $blog->setURL(trim($burl)); - $blog->writeSettings(); - - self::action_overview(_MSG_NEWBLOG); - return; - } - - /** - * Admin::action_skinieoverview() - * - * @param void - * @return void - */ - static private function action_skinieoverview() - { - global $member, $DIR_LIBS, $manager; - - $member->isAdmin() or self::disallow(); - - include_once($DIR_LIBS . 'skinie.php'); - - self::pagehead(); - self::$skin->parse('skinieoverview'); - self::pagefoot(); - return; - } - - /** - * Admin::action_skinieimport() - * - * @param void - * @return void - */ - static private function action_skinieimport() - { - global $member, $DIR_LIBS, $DIR_SKINS, $manager; - - $member->isAdmin() or self::disallow(); - - // load skinie class - include_once($DIR_LIBS . 'skinie.php'); - - $skinFileRaw = postVar('skinfile'); - $mode = postVar('mode'); - - $importer = new SkinImport(); - - // get full filename - if ($mode == 'file') - { - $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; - - /* TODO: remove this - // backwards compatibilty (in v2.0, exports were saved as skindata.xml) - if ( !file_exists($skinFile) ) - { - $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; - } - */ - } - else - { - $skinFile = $skinFileRaw; - } - - // read only metadata - $error = $importer->readFile($skinFile, 1); - - /* TODO: we should consider to use the other way insterad of this */ - $_REQUEST['skininfo'] = $importer->getInfo(); - $_REQUEST['skinnames'] = $importer->getSkinNames(); - $_REQUEST['tpltnames'] = $importer->getTemplateNames(); - - // clashes - $skinNameClashe = $importer->checkSkinNameClashes(); - $templateNameClashes = $importer->checkTemplateNameClashes(); - $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); - - /* TODO: we should consider to use the other way insterad of this */ - $_REQUEST['skinclashes'] = $skinNameClashes; - $_REQUEST['tpltclashes'] = $templateNameClashes; - $_REQUEST['nameclashes'] = $hasNameClashes ? 1 : 0; - - if ( $error ) - { - self::error($error); - } - - self::pagehead(); - self::$skin->parse('skinieimport'); - self::pagefoot(); - return; - } - - /** - * Admin::action_skiniedoimport() - * - * @param void - * @return void - */ - static private function action_skiniedoimport() - { - global $member, $DIR_LIBS, $DIR_SKINS; - - $member->isAdmin() or self::disallow(); - - // load skinie class - include_once($DIR_LIBS . 'skinie.php'); - - $skinFileRaw = postVar('skinfile'); - $mode = postVar('mode'); - - $allowOverwrite = intPostVar('overwrite'); - - // get full filename - if ( $mode == 'file' ) - { - $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; - - /* TODO: remove this - // backwards compatibilty (in v2.0, exports were saved as skindata.xml) - if ( !file_exists($skinFile) ) - { - $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; - } - */ - } - else - { - $skinFile = $skinFileRaw; - } - - $importer = new SkinImport(); - - $error = $importer->readFile($skinFile); - - if ( $error ) - { - self::error($error); - } - - $error = $importer->writeToDatabase($allowOverwrite); - - if ( $error ) - { - self::error($error); - } - - /* TODO: we should consider to use the other way insterad of this */ - $_REQUEST['skininfo'] = $importer->getInfo(); - $_REQUEST['skinnames'] = $importer->getSkinNames(); - $_REQUEST['tpltnames'] = $importer->getTemplateNames(); - - self::pagehead(); - self::$skin->parse('skiniedoimport'); - self::pagefoot(); - return; - } - - /** - * Admin::action_skinieexport() - * - * @param void - * @return void - */ - static private function action_skinieexport() - { - global $member, $DIR_LIBS; - - $member->isAdmin() or self::disallow(); - - // load skinie class - include_once($DIR_LIBS . 'skinie.php'); - - $aSkins = requestIntArray('skin'); - $aTemplates = requestIntArray('template'); - - if ( !is_array($aTemplates) ) - { - $aTemplates = array(); - } - if ( !is_array($aSkins) ) - { - $aSkins = array(); - } - - $skinList = array_keys($aSkins); - $templateList = array_keys($aTemplates); - - $info = postVar('info'); - - $exporter = new SkinExport(); - foreach ( $skinList as $skinId ) - { - $exporter->addSkin($skinId); - } - foreach ($templateList as $templateId) - { - $exporter->addTemplate($templateId); - } - $exporter->setInfo($info); - - $exporter->export(); - return; - } - - /** - * Admin::action_templateoverview() - * - * @param void - * @return void - */ - static private function action_templateoverview() - { - global $member, $manager; - - $member->isAdmin() or self::disallow(); - - self::pagehead(); - self::$skin->parse('templateoverview'); - self::pagefoot(); - return; - } - - /** - * Admin::action_templateedit() - * - * @param string $msg message for pageheader - * @return void - */ - static private function action_templateedit($msg = '') - { - global $member, $manager; - if ( $msg ) - { - self::$headMess = $msg; - } - - $templateid = intRequestVar('templateid'); - - $member->isAdmin() or self::disallow(); - - $extrahead = "\n"; - $extrahead .= '\n"; - - self::pagehead($extrahead); - self::$skin->parse('templateedit'); - self::pagefoot(); - return; - } - - /** - * TODO: remove this - * - static private function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { - static $count = 1; - if (!isset($template[$name])) $template[$name] = ''; - ?> -