| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.32 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 5 * Copyright (C) 2002-2007 The Nucleus Group 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 2 10 * of the License, or (at your option) any later version. 11 * (see nucleus/documentation/index.html#license for more info) 12 */ 13 /** 14 * Actions that can be called via action.php 15 * 16 * @license http://nucleuscms.org/license.txt GNU General Public License 17 * @copyright Copyright (C) 2002-2007 The Nucleus Group 18 * @version $Id: ACTION.php 1209 2007-10-13 19:59:05Z kaigreve $ 19 */ 20 class ACTION 21 { 22 /** 23 * Constructor for an new ACTION object 24 */ 25 function ACTION() 26 { 27 // do nothing 28 } 29 30 /** 31 * Calls functions that handle an action called from action.php 32 */ 33 function doAction($action) 34 { 35 switch($action) { 36 case 'autodraft': 37 return $this->autoDraft(); 38 break; 39 case 'updateticket': 40 return $this->updateTicket(); 41 break; 42 case 'addcomment': 43 return $this->addComment(); 44 break; 45 case 'sendmessage': 46 return $this->sendMessage(); 47 break; 48 case 'createaccount': 49 return $this->createAccount(); 50 break; 51 case 'forgotpassword': 52 return $this->forgotPassword(); 53 break; 54 case 'votepositive': 55 return $this->doKarma('pos'); 56 break; 57 case 'votenegative': 58 return $this->doKarma('neg'); 59 break; 60 case 'plugin': 61 return $this->callPlugin(); 62 break; 63 default: 64 doError(_ERROR_BADACTION); 65 } 66 } 67 68 /** 69 * Adds a new comment to an item (if IP isn't banned) 70 */ 71 function addComment() { 72 global $CONF, $errormessage, $manager; 73 74 $post['itemid'] = intPostVar('itemid'); 75 $post['user'] = postVar('user'); 76 $post['userid'] = postVar('userid'); 77 $post['email'] = postVar('email'); 78 $post['body'] = postVar('body'); 79 80 // set cookies when required 81 $remember = intPostVar('remember'); 82 if ($remember == 1) { 83 $lifetime = time()+2592000; 84 setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0); 85 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0); 86 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime,'/','',0); 87 } 88 89 $comments = new COMMENTS($post['itemid']); 90 91 $blogid = getBlogIDFromItemID($post['itemid']); 92 $this->checkban($blogid); 93 $blog =& $manager->getBlog($blogid); 94 95 // note: PreAddComment and PostAddComment gets called somewhere inside addComment 96 $errormessage = $comments->addComment($blog->getCorrectTime(),$post); 97 98 if ($errormessage == '1') { 99 // redirect when adding comments succeeded 100 if (postVar('url')) { 101 redirect(postVar('url')); 102 } else { 103 $url = createItemLink($post['itemid']); 104 redirect($url); 105 } 106 } else { 107 // else, show error message using default skin for blog 108 return array( 109 'message' => $errormessage, 110 'skinid' => $blog->getDefaultSkin() 111 ); 112 } 113 114 exit; 115 } 116 117 /** 118 * Sends a message from the current member to the member given as argument 119 */ 120 function sendMessage() { 121 global $CONF, $member; 122 123 $error = $this->validateMessage(); 124 if ($error != '') 125 return array('message' => $error); 126 127 if (!$member->isLoggedIn()) { 128 $fromMail = postVar('frommail'); 129 $fromName = _MMAIL_FROMANON; 130 } else { 131 $fromMail = $member->getEmail(); 132 $fromName = $member->getDisplayName(); 133 } 134 135 $tomem = new MEMBER(); 136 $tomem->readFromId(postVar('memberid')); 137 138 $message = _MMAIL_MSG . ' ' . $fromName . "\n" 139 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n" 140 . _MMAIL_MAIL . " \n\n" 141 . postVar('message'); 142 $message .= getMailFooter(); 143 144 $title = _MMAIL_TITLE . ' ' . $fromName; 145 mail($tomem->getEmail(), $title, $message, 'From: '. $fromMail); 146 147 if (postVar('url')) { 148 redirect(postVar('url')); 149 } else { 150 $CONF['MemberURL'] = $CONF['IndexURL']; 151 if ($CONF['URLMode'] == 'pathinfo') 152 { 153 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName())); 154 } 155 else 156 { 157 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID()); 158 } 159 redirect($url); 160 } 161 exit; 162 } 163 164 /** 165 * Checks if a mail to a member is allowed 166 * Returns a string with the error message if the mail is disallowed 167 */ 168 function validateMessage() { 169 global $CONF, $member, $manager; 170 171 if (!$CONF['AllowMemberMail']) 172 return _ERROR_MEMBERMAILDISABLED; 173 174 if (!$member->isLoggedIn() && !$CONF['NonmemberMail']) 175 return _ERROR_DISALLOWED; 176 177 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail')))) 178 return _ERROR_BADMAILADDRESS; 179 180 // let plugins do verification (any plugin which thinks the comment is invalid 181 // can change 'error' to something other than '') 182 $result = ''; 183 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result)); 184 185 return $result; 186 187 } 188 189 /** 190 * Creates a new user account 191 */ 192 function createAccount() { 193 global $CONF, $manager; 194 195 if (!$CONF['AllowMemberCreate']) 196 doError(_ERROR_MEMBERCREATEDISABLED); 197 198 // evaluate content from FormExtra 199 $result = 1; 200 $data = array('type' => 'membermail', 'error' => &$result); 201 $manager->notify('ValidateForm', &$data); 202 203 if ($result!=1) { 204 return $result; 205 } 206 else { 207 208 // even though the member can not log in, set some random initial password. One never knows. 209 srand((double)microtime()*1000000); 210 $initialPwd = md5(uniqid(rand(), true)); 211 212 // create member (non admin/can not login/no notes/random string as password) 213 $r = MEMBER::create(postVar('name'), postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, ''); 214 215 if ($r != 1) { 216 return $r; 217 } 218 219 // send message containing password. 220 $newmem = new MEMBER(); 221 $newmem->readFromName(postVar('name')); 222 $newmem->sendActivationLink('register'); 223 224 $manager->notify('PostRegister',array('member' => &$newmem)); 225 226 if (postVar('desturl')) { 227 redirect(postVar('desturl')); 228 } else { 229 echo _MSG_ACTIVATION_SENT; 230 } 231 exit; 232 } 233 } 234 235 /** 236 * Sends a new password 237 */ 238 function forgotPassword() { 239 $membername = trim(postVar('name')); 240 241 if (!MEMBER::exists($membername)) 242 doError(_ERROR_NOSUCHMEMBER); 243 $mem = MEMBER::createFromName($membername); 244 245 if (!$mem->canLogin()) 246 doError(_ERROR_NOLOGON_NOACTIVATE); 247 248 // check if e-mail address is correct 249 if (!($mem->getEmail() == postVar('email'))) 250 doError(_ERROR_INCORRECTEMAIL); 251 252 // send activation link 253 $mem->sendActivationLink('forgot'); 254 255 if (postVar('url')) { 256 redirect(postVar('url')); 257 } else { 258 echo _MSG_ACTIVATION_SENT; 259 } 260 exit; 261 } 262 263 /** 264 * Handle karma votes 265 */ 266 function doKarma($type) { 267 global $itemid, $member, $CONF, $manager; 268 269 // check if itemid exists 270 if (!$manager->existsItem($itemid,0,0)) 271 doError(_ERROR_NOSUCHITEM); 272 273 $blogid = getBlogIDFromItemID($itemid); 274 $this->checkban($blogid); 275 276 $karma =& $manager->getKarma($itemid); 277 278 // check if not already voted 279 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) 280 doError(_ERROR_VOTEDBEFORE); 281 282 // check if item does allow voting 283 $item =& $manager->getItem($itemid,0,0); 284 if ($item['closed']) 285 doError(_ERROR_ITEMCLOSED); 286 287 switch($type) { 288 case 'pos': 289 $karma->votePositive(); 290 break; 291 case 'neg': 292 $karma->voteNegative(); 293 break; 294 } 295 296 $blogid = getBlogIDFromItemID($itemid); 297 $blog =& $manager->getBlog($blogid); 298 299 // send email to notification address, if any 300 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) { 301 302 $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n"; 303 $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n"; 304 if ($member->isLoggedIn()) { 305 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; 306 } 307 $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n"; 308 $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n"; 309 $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n"; 310 $mailto_msg .= getMailFooter(); 311 312 $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')'; 313 314 $frommail = $member->getNotifyFromMailAddress(); 315 316 $notify = new NOTIFICATION($blog->getNotifyAddress()); 317 $notify->notify($mailto_title, $mailto_msg , $frommail); 318 } 319 320 321 $refererUrl = serverVar('HTTP_REFERER'); 322 if ($refererUrl) 323 $url = $refererUrl; 324 else 325 $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid; 326 327 redirect($url); 328 exit; 329 } 330 331 /** 332 * Calls a plugin action 333 */ 334 function callPlugin() { 335 global $manager; 336 337 $pluginName = 'NP_' . requestVar('name'); 338 $actionType = requestVar('type'); 339 340 // 1: check if plugin is installed 341 if (!$manager->pluginInstalled($pluginName)) 342 doError(_ERROR_NOSUCHPLUGIN); 343 344 // 2: call plugin 345 $pluginObject =& $manager->getPlugin($pluginName); 346 if ($pluginObject) 347 $error = $pluginObject->doAction($actionType); 348 else 349 $error = 'Could not load plugin (see actionlog)'; 350 351 // doAction returns error when: 352 // - an error occurred (duh) 353 // - no actions are allowed (doAction is not implemented) 354 if ($error) 355 doError($error); 356 357 exit; 358 359 } 360 361 /** 362 * Checks if an IP or IP range is banned 363 */ 364 function checkban($blogid) { 365 // check if banned 366 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR')); 367 if ($ban != 0) { 368 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3); 369 } 370 371 } 372 373 /** 374 * Gets a new ticket 375 */ 376 function updateTicket() { 377 global $manager; 378 if ($manager->checkTicket()) { 379 echo $manager->getNewTicket(); 380 } 381 else { 382 echo 'err:' . _ERROR_BADTICKET; 383 } 384 return false; 385 } 386 387 /** 388 * Handles AutoSaveDraft 389 */ 390 function autoDraft() { 391 global $manager; 392 if ($manager->checkTicket()) { 393 $manager->loadClass('ITEM'); 394 $info = ITEM::CreateDraftFromRequest(); 395 if ($info['status'] == 'error') { 396 echo $info['message']; 397 } 398 else { 399 echo $info['draftid']; 400 } 401 } 402 else { 403 echo 'err:' . _ERROR_BADTICKET; 404 } 405 return false; 406 } 407 408 409 } 410 411 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Feb 12 15:34:36 2008 | Cross-referenced by PHPXref 0.7 |