action_xxxx method) */ var $action; /** * Class constructor */ function ADMIN() { } /** * Executes an action * * @param string $action action to be performed */ function action($action) { global $CONF, $manager; // list of action aliases $alias = array( 'login' => 'overview', '' => 'overview' ); if (isset($alias[$action])) $action = $alias[$action]; $methodName = 'action_' . $action; $this->action = strtolower($action); // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action // is an action that requires user interaction before something is actually done) // all safe actions are in this array: $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate'); /* // the rest of the actions needs to be checked $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd'); */ if (!in_array($this->action, $aActionsNotToCheck)) { if (!$manager->checkTicket()) $this->error(_ERROR_BADTICKET); } if (method_exists($this, $methodName)) call_user_func(array(&$this, $methodName)); else $this->error(_BADACTION . htmlspecialchars(" ($action)")); } /** * @todo document this */ function action_showlogin() { global $error; $this->action_login($error); } /** * @todo document this */ function action_login($msg = '', $passvars = 1) { global $member; // skip to overview when allowed if ($member->isLoggedIn() && $member->canLogin()) { $this->action_overview(); exit; } $this->pagehead(); echo '

', _LOGIN ,'

'; if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg); ?>

:

:




pagefoot(); } /** * provides a screen with the overview of the actions available * @todo document parameter */ function action_overview($msg = '') { global $member; $this->pagehead(); if ($msg) echo _MESSAGE , ': ', $msg; /* ---- add items ---- */ echo '

' . _OVERVIEW_YRBLOGS . '

'; $showAll = requestVar('showall'); if (($member->isAdmin()) && ($showAll == 'yes')) { // Super-Admins have access to all blogs! (no add item support though) $query = 'SELECT bnumber, bname, 1 as tadmin, burl, bshortname' . ' FROM ' . sql_table('blog') . ' ORDER BY bname'; } else { $query = 'SELECT bnumber, bname, tadmin, burl, bshortname' . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') . ' WHERE tblog=bnumber and tmember=' . $member->getID() . ' ORDER BY bname'; } $template['content'] = 'bloglist'; $template['superadmin'] = $member->isAdmin(); $amount = showlist($query,'table',$template); if (($showAll != 'yes') && ($member->isAdmin())) { $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog')); if ($total > $amount) echo '

Show all blogs

'; } if ($amount == 0) echo _OVERVIEW_NOBLOGS; if ($amount != 0) { echo '

' . _OVERVIEW_YRDRAFTS . '

'; $query = 'SELECT ititle, inumber, bshortname' . ' FROM ' . sql_table('item'). ', ' . sql_table('blog') . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1'; $template['content'] = 'draftlist'; $amountdrafts = showlist($query, 'table', $template); if ($amountdrafts == 0) echo _OVERVIEW_NODRAFTS; } /* ---- user settings ---- */ echo '

' . _OVERVIEW_YRSETTINGS . '

'; echo ''; /* ---- general settings ---- */ if ($member->isAdmin()) { echo '

' . _OVERVIEW_MANAGEMENT. '

'; echo ''; } $this->pagefoot(); } /** * Returns a link to a weblog * @param object BLOG */ function bloglink(&$blog) { return ''. htmlspecialchars( $blog->getName() ) .''; } /** * @todo document this */ function action_manage($msg = '') { global $member; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKHOME,')

'; if ($msg) echo '

' , _MESSAGE , ': ', $msg , '

'; echo '

' . _MANAGE_GENERAL. '

'; echo ''; echo '

' . _MANAGE_SKINS . '

'; echo ''; echo '

' . _MANAGE_EXTRA . '

'; echo ''; $this->pagefoot(); } /** * @todo document this */ function action_itemlist($blogid = '') { global $member, $manager; if ($blogid == '') $blogid = intRequestVar('blogid'); $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); $this->pagehead(); $blog =& $manager->getBlog($blogid); echo '

(',_BACKHOME,')

'; echo '

' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '

'; // start index if (postVar('start')) $start = intPostVar('start'); else $start = 0; if ($start == 0) echo '

',_ITEMLIST_ADDNEW,'

'; // amount of items to show if (postVar('amount')) $amount = intPostVar('amount'); else $amount = 10; $search = postVar('search'); // search through items $query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime' . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category') . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid; if ($search) $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; // non-blog-admins can only edit/delete their own items if (!$member->blogAdminRights($blogid)) $query .= ' and iauthor=' . $member->getID(); $query .= ' ORDER BY itime DESC' . " LIMIT $start,$amount"; $template['content'] = 'itemlist'; $template['now'] = $blog->getCorrectTime(time()); $manager->loadClass("ENCAPSULATE"); $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0); $navList->showBatchList('item',$query,'table',$template); $this->pagefoot(); } /** * @todo document this */ function action_batchitem() { global $member, $manager; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); // On move: when no destination blog/category chosen, show choice now $destCatid = intRequestVar('destcatid'); if (($action == 'move') && (!$manager->existsCategory($destCatid))) $this->batchMoveSelectDestination('item',$selected); // On delete: check if confirmation has been given if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('item',$selected); $this->pagehead(); echo '(',_BACKHOME,')'; echo '

',_BATCH_ITEMS,'

'; echo '

',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

'; echo ''; echo '',_BATCH_DONE,''; $this->pagefoot(); } /** * @todo document this */ function action_batchcomment() { global $member; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); // On delete: check if confirmation has been given if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('comment',$selected); $this->pagehead(); echo '(',_BACKHOME,')'; echo '

',_BATCH_COMMENTS,'

'; echo '

',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

'; echo ''; echo '',_BATCH_DONE,''; $this->pagefoot(); } /** * @todo document this */ function action_batchmember() { global $member; // check if logged in and admin ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no members selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); // On delete: check if confirmation has been given if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('member',$selected); $this->pagehead(); echo '(',_MEMBERS_BACKTOOVERVIEW,')'; echo '

',_BATCH_MEMBERS,'

'; echo '

',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

'; echo ''; echo '',_BATCH_DONE,''; $this->pagefoot(); } /** * @todo document this */ function action_batchteam() { global $member; $blogid = intRequestVar('blogid'); // check if logged in and admin ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no members selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); // On delete: check if confirmation has been given if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('team',$selected); $this->pagehead(); echo '

(',_BACK,')

'; echo '

',_BATCH_TEAM,'

'; echo '

',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

'; echo ''; echo '',_BATCH_DONE,''; $this->pagefoot(); } /** * @todo document this */ function action_batchcategory() { global $member, $manager; // check if logged in $member->isLoggedIn() or $this->disallow(); // more precise check will be done for each performed operation // get array of itemids from request $selected = requestIntArray('batch'); $action = requestVar('batchaction'); // Show error when no items were selected if (!is_array($selected) || sizeof($selected) == 0) $this->error(_BATCH_NOSELECTION); // On move: when no destination blog chosen, show choice now $destBlogId = intRequestVar('destblogid'); if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) $this->batchMoveCategorySelectDestination('category',$selected); // On delete: check if confirmation has been given if (($action == 'delete') && (requestVar('confirmation') != 'yes')) $this->batchAskDeleteConfirmation('category',$selected); $this->pagehead(); echo '(',_BACKHOME,')'; echo '

',BATCH_CATEGORIES,'

'; echo '

',_BATCH_EXECUTING,' ',htmlspecialchars($action),'

'; echo ''; echo '',_BATCH_DONE,''; $this->pagefoot(); } /** * @todo document this */ function batchMoveSelectDestination($type, $ids) { global $manager; $this->pagehead(); ?>

addTicketHidden(); // insert selected item numbers $idx = 0; foreach ($ids as $id) echo ''; // show blog/category selection list $this->selectBlogCategory('destcatid'); ?>
pagefoot(); exit; } /** * @todo document this */ function batchMoveCategorySelectDestination($type, $ids) { global $manager; $this->pagehead(); ?>

addTicketHidden(); // insert selected item numbers $idx = 0; foreach ($ids as $id) echo ''; // show blog/category selection list $this->selectBlog('destblogid'); ?>
pagefoot(); exit; } /** * @todo document this */ function batchAskDeleteConfirmation($type, $ids) { global $manager; $this->pagehead(); ?>

addTicketHidden() ?> '; // add hidden vars for team & comment if ($type == 'team') { echo ''; } if ($type == 'comment') { echo ''; } ?>
pagefoot(); exit; } /** * Inserts a HTML select element with choices for all categories to which the current * member has access * @see function selectBlog */ function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); } /** * Inserts a HTML select element with choices for all blogs to which the user has access * mode = 'blog' => shows blognames and values are blogids * mode = 'category' => show category names and values are catids * * @param $iForcedBlogInclude * ID of a blog that always needs to be included, without checking if the * member is on the blog team (-1 = none) * @todo document parameters */ function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { global $member, $CONF; // 0. get IDs of blogs to which member can post items (+ forced blog) $aBlogIds = array(); if ($iForcedBlogInclude != -1) $aBlogIds[] = intval($iForcedBlogInclude); if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; else $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); $rblogids = sql_query($queryBlogs); while ($o = mysql_fetch_object($rblogids)) if ($o->bnumber != $iForcedBlogInclude) $aBlogIds[] = intval($o->bnumber); if (count($aBlogIds) == 0) return; echo ''; } /** * @todo document this */ function action_browseownitems() { global $member, $manager; $this->pagehead(); echo '

(',_BACKHOME,')

'; echo '

' . _ITEMLIST_YOUR. '

'; // start index if (postVar('start')) $start = intPostVar('start'); else $start = 0; // amount of items to show if (postVar('amount')) $amount = intPostVar('amount'); else $amount = 10; $search = postVar('search'); // search through items $query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime' . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category') . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid'; if ($search) $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; $query .= ' ORDER BY itime DESC' . " LIMIT $start,$amount"; $template['content'] = 'itemlist'; $template['now'] = time(); $manager->loadClass("ENCAPSULATE"); $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0); $navList->showBatchList('item',$query,'table',$template); $this->pagefoot(); } /** * Show all the comments for a given item * @param int $itemid */ function action_itemcommentlist($itemid = '') { global $member, $manager; if ($itemid == '') $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $blogid = getBlogIdFromItemId($itemid); $this->pagehead(); // start index if (postVar('start')) $start = intPostVar('start'); else $start = 0; // amount of items to show if (postVar('amount')) $amount = intPostVar('amount'); else $amount = 10; $search = postVar('search'); echo '

(',_BACKTOOVERVIEW,')

'; echo '

',_COMMENTS,'

'; $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid; if ($search) $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; $query .= ' ORDER BY ctime ASC' . " LIMIT $start,$amount"; $template['content'] = 'commentlist'; $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid)); $manager->loadClass("ENCAPSULATE"); $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid); $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS); $this->pagefoot(); } /** * Browse own comments */ function action_browseowncomments() { global $member, $manager; // start index if (postVar('start')) $start = intPostVar('start'); else $start = 0; // amount of items to show if (postVar('amount')) $amount = intPostVar('amount'); else $amount = 10; $search = postVar('search'); $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID(); if ($search) $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; $query .= ' ORDER BY ctime DESC' . " LIMIT $start,$amount"; $this->pagehead(); echo '

(',_BACKHOME,')

'; echo '

', _COMMENTS_YOUR ,'

'; $template['content'] = 'commentlist'; $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself $manager->loadClass("ENCAPSULATE"); $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0); $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR); $this->pagefoot(); } /** * Browse all comments for a weblog * @param int $blogid */ function action_blogcommentlist($blogid = '') { global $member, $manager; if ($blogid == '') $blogid = intRequestVar('blogid'); else $blogid = intval($blogid); $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); // start index if (postVar('start')) $start = intPostVar('start'); else $start = 0; // amount of items to show if (postVar('amount')) $amount = intPostVar('amount'); else $amount = 10; $search = postVar('search'); // search through comments $query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid); if ($search != '') $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; $query .= ' ORDER BY ctime DESC' . " LIMIT $start,$amount"; $blog =& $manager->getBlog($blogid); $this->pagehead(); echo '

(',_BACKHOME,')

'; echo '

', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '

'; $template['content'] = 'commentlist'; $template['canAddBan'] = $member->blogAdminRights($blogid); $manager->loadClass("ENCAPSULATE"); $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0); $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG); $this->pagefoot(); } /** * Provide a page to item a new item to the given blog */ function action_createitem() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->teamRights($blogid) or $this->disallow(); $memberid = $member->getID(); $blog =& $manager->getBlog($blogid); $this->pagehead(); // generate the add-item form $formfactory =& new PAGEFACTORY($blogid); $formfactory->createAddForm('admin'); $this->pagefoot(); } /** * @todo document this */ function action_itemedit() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $item =& $manager->getItem($itemid,1,1); $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); $manager->notify('PrepareItemForEdit', array('item' => &$item)); if ($blog->convertBreaks()) { $item['body'] = removeBreaks($item['body']); $item['more'] = removeBreaks($item['more']); } // form to edit blog items $this->pagehead(); $formfactory =& new PAGEFACTORY($blog->getID()); $formfactory->createEditForm('admin',$item); $this->pagefoot(); } /** * @todo document this */ function action_itemupdate() { global $member, $manager, $CONF; $itemid = intRequestVar('itemid'); $catid = postVar('catid'); // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); $actiontype = postVar('actiontype'); // delete actions are handled by itemdelete (which has confirmation) if ($actiontype == 'delete') { $this->action_itemdelete(); return; } $body = postVar('body'); $title = postVar('title'); $more = postVar('more'); $closed = intPostVar('closed'); $draftid = intPostVar('draftid'); // default action = add now if (!$actiontype) $actiontype='addnow'; // create new category if needed if (strstr($catid,'newcat')) { // get blogid list($blogid) = sscanf($catid,"newcat-%d"); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if (!$catid) $this->doError(_ERROR_CATCREATEFAIL); } /* set some variables based on actiontype actiontypes: draft items -> addnow, addfuture, adddraft, delete non-draft items -> edit, changedate, delete variables set: $timestamp: set to a nonzero value for future dates or date changes $wasdraft: set to 1 when the item used to be a draft item $publish: set to 1 when the edited item is not a draft */ switch ($actiontype) { case 'adddraft': $publish = 0; $wasdraft = 1; $timestamp = 0; break; case 'addfuture': $wasdraft = 1; $publish = 1; $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year')); break; case 'addnow': $wasdraft = 1; $publish = 1; $timestamp = 0; break; case 'changedate': $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year')); $publish = 1; $wasdraft = 0; break; case 'edit': default: $publish = 1; $wasdraft = 0; $timestamp = 0; } // edit the item for real ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); $blogid = getBlogIDFromItemID($itemid); $blog =& $manager->getBlog($blogid); $isFuture = 0; if ($timestamp > $blog->getCorrectTime(time())) { $isFuture = 1; } $this->updateFuturePosted($blogid); if ($draftid > 0 && $member->canAlterItem($draftid)) { ITEM::delete($draftid); } if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) { $this->action_sendping($blogid); return; } // show category edit window when we created a new category // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') if ($catid != intPostVar('catid')) { $this->action_categoryedit( $catid, $blog->getID(), $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) ); } else { // TODO: set start item correctly for itemlist $this->action_itemlist(getBlogIDFromItemID($itemid)); } } /** * @todo document this */ function action_itemdelete() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); if (!$manager->existsItem($itemid,1,1)) $this->error(_ERROR_NOSUCHITEM); $item =& $manager->getItem($itemid,1,1); $title = htmlspecialchars(strip_tags($item['title'])); $body = strip_tags($item['body']); $body = htmlspecialchars(shorten($body,300,'...')); $this->pagehead(); ?>

""
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_itemdeleteconfirm() { global $member; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); // get blogid first $blogid = getBlogIdFromItemId($itemid); // delete item (note: some checks will be performed twice) $this->deleteOneItem($itemid); $this->action_itemlist($blogid); } /** * Deletes one item and returns error if something goes wrong * @param int $itemid */ function deleteOneItem($itemid) { global $member, $manager; // only allow if user is allowed to alter item (also checks if itemid exists) if (!$member->canAlterItem($itemid)) return _ERROR_DISALLOWED; // need to get blogid before the item is deleted $blogid = getBlogIDFromItemId($itemid); $manager->loadClass('ITEM'); ITEM::delete($itemid); // update blog's futureposted $this->updateFuturePosted($blogid); } /** * Update a blog's future posted flag * @param int $blogid */ function updateFuturePosted($blogid) { global $manager; $blog =& $manager->getBlog($blogid); $currenttime = $blog->getCorrectTime(time()); $result = sql_query("SELECT * FROM ".sql_table('item'). " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime)); if (mysql_num_rows($result) > 0) { $blog->setFuturePost(); } else { $blog->clearFuturePost(); } } /** * @todo document this */ function action_itemmove() { global $member, $manager; $itemid = intRequestVar('itemid'); // only allow if user is allowed to alter item $member->canAlterItem($itemid) or $this->disallow(); $item =& $manager->getItem($itemid,1,1); $this->pagehead(); ?>

addTicketHidden(); $this->selectBlogCategory('catid',$item['catid'],10,1); ?>
pagefoot(); } /** * @todo document this */ function action_itemmoveto() { global $member, $manager; $itemid = intRequestVar('itemid'); $catid = requestVar('catid'); // create new category if needed if (strstr($catid,'newcat')) { // get blogid list($blogid) = sscanf($catid,'newcat-%d'); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if (!$catid) $this->doError(_ERROR_CATCREATEFAIL); } // only allow if user is allowed to alter item $member->canUpdateItem($itemid, $catid) or $this->disallow(); $old_blogid = getBlogIDFromItemId($itemid); ITEM::move($itemid, $catid); // set the futurePosted flag on the blog $this->updateFuturePosted(getBlogIDFromItemId($itemid)); // reset the futurePosted in case the item is moved from one blog to another $this->updateFuturePosted($old_blogid); if ($catid != intRequestVar('catid')) $this->action_categoryedit($catid, $blog->getID()); else $this->action_itemlist(getBlogIDFromCatID($catid)); } /** * Moves one item to a given category (category existance should be checked by caller) * errors are returned * @param int $itemid * @param int $destCatid category ID to which the item will be moved */ function moveOneItem($itemid, $destCatid) { global $member; // only allow if user is allowed to move item if (!$member->canUpdateItem($itemid, $destCatid)) return _ERROR_DISALLOWED; ITEM::move($itemid, $destCatid); } /** * Adds a item to the chosen blog */ function action_additem() { global $member, $manager, $CONF; $manager->loadClass('ITEM'); $result = ITEM::createFromRequest(); if ($result['status'] == 'error') $this->error($result['message']); $blogid = getBlogIDFromItemID($result['itemid']); $blog =& $manager->getBlog($blogid); $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid)); if ($result['status'] == 'newcategory') $this->action_categoryedit( $result['catid'], $blogid, $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : '' ); elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0) $this->action_sendping($blogid); else $this->action_itemlist($blogid); } /** * Shows a window that says we're about to ping. * immediately refresh to the real pinging page, which will * show an error, or redirect to the blog. * * @param int $blogid ID of blog for which ping needs to be sent out */ function action_sendping($blogid = -1) { global $member, $manager; if ($blogid == -1) $blogid = intRequestVar('blogid'); $member->isLoggedIn() or $this->disallow(); $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid)); $this->pagehead(''); ?>

Site Updated, Now pinging various weblog listing services...

This can take a while...

If you aren't automatically passed through, try again

pagefoot(); } /** * Sends the real ping (can take up to 10 seconds!) */ function action_rawping() { global $manager; // TODO: checks? $blogid = intRequestVar('blogid'); $blog =& $manager->getBlog($blogid); $this->pagehead(); ?>

Pinging services, please wait...

notify('SendPing', array('blogid' => $blogid)); ?>
pagefoot(); } /** * Allows to edit previously made comments */ function action_commentedit() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $comment = COMMENT::getComment($commentid); $manager->notify('PrepareCommentForEdit',array('comment' => &$comment)); // change
to \n $comment['body'] = str_replace('
','',$comment['body']); $comment['body'] = eregi_replace("[^<]*","\\1",$comment['body']); $this->pagehead(); ?>

addTicketHidden(); ?>
pagefoot(); } /** * @todo document this */ function action_commentupdate() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $body = postVar('body'); // intercept words that are too long if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) $this->error(_ERROR_COMMENT_LONGWORD); // check length if (strlen($body)<3) $this->error(_ERROR_COMMENT_NOCOMMENT); if (strlen($body)>5000) $this->error(_ERROR_COMMENT_TOOLONG); // prepare body $body = COMMENT::prepareBody($body); // call plugins $manager->notify('PreUpdateComment',array('body' => &$body)); $query = 'UPDATE '.sql_table('comment') . " SET cbody='" .addslashes($body). "'" . " WHERE cnumber=" . $commentid; sql_query($query); // get itemid $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); $o = mysql_fetch_object($res); $itemid = $o->citem; if ($member->canAlterItem($itemid)) $this->action_itemcommentlist($itemid); else $this->action_browseowncomments(); } /** * @todo document this */ function action_commentdelete() { global $member, $manager; $commentid = intRequestVar('commentid'); $member->canAlterComment($commentid) or $this->disallow(); $comment = COMMENT::getComment($commentid); $body = strip_tags($comment['body']); $body = htmlspecialchars(shorten($body, 300, '...')); if ($comment['member']) $author = $comment['member']; else $author = $comment['user']; $this->pagehead(); ?>

:
:
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_commentdeleteconfirm() { global $member; $commentid = intRequestVar('commentid'); // get item id first $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); $o = mysql_fetch_object($res); $itemid = $o->citem; $error = $this->deleteOneComment($commentid); if ($error) $this->doError($error); if ($member->canAlterItem($itemid)) $this->action_itemcommentlist($itemid); else $this->action_browseowncomments(); } /** * @todo document this */ function deleteOneComment($commentid) { global $member, $manager; $commentid = intval($commentid); if (!$member->canAlterComment($commentid)) return _ERROR_DISALLOWED; $manager->notify('PreDeleteComment', array('commentid' => $commentid)); // delete the comments associated with the item $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid; sql_query($query); $manager->notify('PostDeleteComment', array('commentid' => $commentid)); return ''; } /** * Usermanagement main */ function action_usermanagement() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; echo '

' . _MEMBERS_TITLE .'

'; echo '

' . _MEMBERS_CURRENT .'

'; // show list of members with actions $query = 'SELECT *' . ' FROM '.sql_table('member'); $template['content'] = 'memberlist'; $template['tabindex'] = 10; $manager->loadClass("ENCAPSULATE"); $batch =& new BATCH('member'); $batch->showlist($query,'table',$template); echo '

' . _MEMBERS_NEW .'

'; ?>
addTicketHidden() ?>

input_yesno('admin',0,10060); ?>
input_yesno('canlogin',1,10070); ?>
pagefoot(); } /** * Edit member settings */ function action_memberedit() { $this->action_editmembersettings(intRequestVar('memberid')); } /** * @todo document this */ function action_editmembersettings($memberid = '') { global $member, $manager, $CONF; if ($memberid == '') $memberid = $member->getID(); // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $extrahead = ''; $this->pagehead($extrahead); // show message to go back to member overview (only for admins) if ($member->isAdmin()) echo '(' ._MEMBERS_BACKTOOVERVIEW. ')'; else echo '(' ._BACKHOME. ')'; echo '

' . _MEMBERS_EDIT . '

'; $mem = MEMBER::createFromID($memberid); ?>
addTicketHidden() ?> isAdmin()) { ?> isAdmin()) { ?> _insertPluginOptions('member',$memberid); ?>

isAdmin()) { ?> getDisplayName()); } ?>

input_yesno('admin',$mem->isAdmin(),60); ?>
input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?>
',_PLUGINS_EXTRA,''; $manager->notify( 'MemberSettingsFormExtras', array( 'member' => &$mem ) ); $this->pagefoot(); } /** * @todo document this */ function action_changemembersettings() { global $member, $CONF, $manager; $memberid = intRequestVar('memberid'); // check if allowed ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $name = trim(strip_tags(postVar('name'))); $realname = trim(strip_tags(postVar('realname'))); $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); $email = strip_tags(postVar('email')); $url = strip_tags(postVar('url')); // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it. if (!eregi("^https?://", $url)) $url = "http://".$url; $admin = postVar('admin'); $canlogin = postVar('canlogin'); $notes = strip_tags(postVar('notes')); $deflang = postVar('deflang'); $mem = MEMBER::createFromID($memberid); if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { if (!isValidDisplayName($name)) $this->error(_ERROR_BADNAME); if (($name != $mem->getDisplayName()) && MEMBER::exists($name)) $this->error(_ERROR_NICKNAMEINUSE); if ($password != $repeatpassword) $this->error(_ERROR_PASSWORDMISMATCH); if ($password && (strlen($password) < 6)) $this->error(_ERROR_PASSWORDTOOSHORT); } if (!isValidMailAddress($email)) $this->error(_ERROR_BADMAILADDRESS); if (!$realname) $this->error(_ERROR_REALNAMEMISSING); if (($deflang != '') && (!checkLanguage($deflang))) $this->error(_ERROR_NOSUCHLANGUAGE); // check if there will remain at least one site member with both the logon and admin rights // (check occurs when taking away one of these rights from such a member) if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) ) { $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); if (mysql_num_rows($r) < 2) $this->error(_ERROR_ATLEASTONEADMIN); } if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { $mem->setDisplayName($name); if ($password) $mem->setPassword($password); } $oldEmail = $mem->getEmail(); $mem->setRealName($realname); $mem->setEmail($email); $mem->setURL($url); $mem->setNotes($notes); $mem->setLanguage($deflang); // only allow super-admins to make changes to the admin status if ($member->isAdmin()) { $mem->setAdmin($admin); $mem->setCanLogin($canlogin); } $mem->write(); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); // if email changed, generate new password if ($oldEmail != $mem->getEmail()) { $mem->sendActivationLink('addresschange', $oldEmail); // logout member $mem->newCookieKey(); // only log out if the member being edited is the current member. if ($member->getID() == $memberid) $member->logout(); $this->action_login(_MSG_ACTIVATION_SENT, 0); return; } if ( ( $mem->getID() == $member->getID() ) && ( $mem->getDisplayName() != $member->getDisplayName() ) ) { $mem->newCookieKey(); $member->logout(); $this->action_login(_MSG_LOGINAGAIN, 0); } else { $this->action_overview(_MSG_SETTINGSCHANGED); } } /** * @todo document this */ function action_memberadd() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); if (postVar('password') != postVar('repeatpassword')) $this->error(_ERROR_PASSWORDMISMATCH); if (strlen(postVar('password')) < 6) $this->error(_ERROR_PASSWORDTOOSHORT); $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes')); if ($res != 1) $this->error($res); // fire PostRegister event $newmem = new MEMBER(); $newmem->readFromName(postVar('name')); $manager->notify('PostRegister',array('member' => &$newmem)); $this->action_usermanagement(); } /** * Account activation * * @author dekarma */ function action_activate() { $key = getVar('key'); $this->_showActivationPage($key); } /** * @todo document this */ function _showActivationPage($key, $message = '') { global $manager; // clean up old activation keys MEMBER::cleanupActivationTable(); // get activation info $info = MEMBER::getActivationInfo($key); if (!$info) $this->error(_ERROR_ACTIVATE); $mem = MEMBER::createFromId($info->vmember); if (!$mem) $this->error(_ERROR_ACTIVATE); $text = ''; $title = ''; $bNeedsPasswordChange = true; switch ($info->vtype) { case 'forgot': $title = _ACTIVATE_FORGOT_TITLE; $text = _ACTIVATE_FORGOT_TEXT; break; case 'register': $title = _ACTIVATE_REGISTER_TITLE; $text = _ACTIVATE_REGISTER_TEXT; break; case 'addresschange': $title = _ACTIVATE_CHANGE_TITLE; $text = _ACTIVATE_CHANGE_TEXT; $bNeedsPasswordChange = false; MEMBER::activate($key); break; } $aVars = array( 'memberName' => htmlspecialchars($mem->getDisplayName()) ); $title = TEMPLATE::fill($title, $aVars); $text = TEMPLATE::fill($text, $aVars); $this->pagehead(); echo '

' , $title, '

'; echo '

' , $text, '

'; if ($message != '') { echo '

',$message,'

'; } if ($bNeedsPasswordChange) { ?>
addTicketHidden() ?> notify('FormExtra', array('type' => 'activation', 'member' => $mem)); ?>
pagefoot(); } /** * Account activation - set password part * * @author dekarma */ function action_activatesetpwd() { $key = postVar('key'); // clean up old activation keys MEMBER::cleanupActivationTable(); // get activation info $info = MEMBER::getActivationInfo($key); if (!$info || ($info->type == 'addresschange')) return $this->_showActivationPage($key, _ERROR_ACTIVATE); $mem = MEMBER::createFromId($info->vmember); if (!$mem) return $this->_showActivationPage($key, _ERROR_ACTIVATE); $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); if ($password != $repeatpassword) return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); if ($password && (strlen($password) < 6)) return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); $error = ''; global $manager; $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error)); if ($error != '') return $this->_showActivationPage($key, $error); // set password $mem->setPassword($password); $mem->write(); // do the activation MEMBER::activate($key); $this->pagehead(); echo '

',_ACTIVATE_SUCCESS_TITLE,'

'; echo '

',_ACTIVATE_SUCCESS_TEXT,'

'; $this->pagefoot(); } /** * Manage team */ function action_manageteam() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $this->pagehead(); echo "

(",_BACK_TO_BLOGSETTINGS,")

"; echo '

' . _TEAM_TITLE . getBlogNameFromID($blogid) . '

'; echo '

' . _TEAM_CURRENT . '

'; $query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin' . ' FROM '.sql_table('member').', '.sql_table('team') . ' WHERE tmember=mnumber and tblog=' . $blogid; $template['content'] = 'teamlist'; $template['tabindex'] = 10; $manager->loadClass("ENCAPSULATE"); $batch =& new BATCH('team'); $batch->showlist($query, 'table', $template); ?>

addTicketHidden() ?>
input_yesno('admin',0,10020); ?>
pagefoot(); } /** * Add member to team */ function action_teamaddmember() { global $member, $manager; $memberid = intPostVar('memberid'); $blogid = intPostVar('blogid'); $admin = intPostVar('admin'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); if (!$blog->addTeamMember($memberid, $admin)) $this->error(_ERROR_ALREADYONTEAM); $this->action_manageteam(); } /** * @todo document this */ function action_teamdelete() { global $member, $manager; $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $teammem = MEMBER::createFromID($memberid); $blog =& $manager->getBlog($blogid); $this->pagehead(); ?>

getDisplayName()) ?>getName())) ?>

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_teamdeleteconfirm() { global $member; $memberid = intRequestVar('memberid'); $blogid = intRequestVar('blogid'); $error = $this->deleteOneTeamMember($blogid, $memberid); if ($error) $this->error($error); $this->action_manageteam(); } /** * @todo document this */ function deleteOneTeamMember($blogid, $memberid) { global $member, $manager; $blogid = intval($blogid); $memberid = intval($memberid); // check if allowed if (!$member->blogAdminRights($blogid)) return _ERROR_DISALLOWED; // check if: - there remains at least one blog admin // - (there remains at least one team member) $tmem = MEMBER::createFromID($memberid); $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); if ($tmem->isBlogAdmin($blogid)) { // check if there are more blog members left and at least one admin // (check for at least two admins before deletion) $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1'; $r = sql_query($query); if (mysql_num_rows($r) < 2) return _ERROR_ATLEASTONEBLOGADMIN; } $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); return ''; } /** * @todo document this */ function action_teamchangeadmin() { global $member; $blogid = intRequestVar('blogid'); $memberid = intRequestVar('memberid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $mem = MEMBER::createFromID($memberid); // don't allow when there is only one admin at this moment if ($mem->isBlogAdmin($blogid)) { $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); if (mysql_num_rows($r) == 1) $this->error(_ERROR_ATLEASTONEBLOGADMIN); } if ($mem->isBlogAdmin($blogid)) $newval = 0; else $newval = 1; $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; sql_query($query); // only show manageteam if member did not change its own admin privileges if ($member->isBlogAdmin($blogid)) $this->action_manageteam(); else $this->action_overview(_MSG_ADMINCHANGED); } /** * @todo document this */ function action_blogsettings() { global $member, $manager; $blogid = intRequestVar('blogid'); // check if allowed $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $extrahead = ''; $this->pagehead($extrahead); echo '

(',_BACKHOME,')

'; ?>

: 'bloglink($blog)?>'

Members currently on your team: mname) . ' (' . htmlspecialchars($o->mrealname). ')'); echo implode(',', $aMemberNames); ?>

addTicketHidden() ?> 0) { ?> _insertPluginOptions('blog',$blogid); ?>
getDefaultSkin(); $template['tabindex'] = 50; showlist($query,'select',$template); ?>
input_yesno('convertbreaks',$blog->convertBreaks(),55); ?>
input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?>
input_yesno('comments',$blog->commentsEnabled(),60); ?>
input_yesno('public',$blog->isPublic(),70); ?>
input_yesno('reqemail',$blog->emailRequired(),72); ?>
notifyOnComment()) echo "checked='checked'" ?> />
notifyOnVote()) echo "checked='checked'" ?> />
notifyOnNewItem()) echo "checked='checked'" ?> />
input_yesno('sendping',$blog->sendPing(),85); ?>
getID(); $template['name'] = 'defcat'; $template['selected'] = $blog->getDefaultCategory(); $template['tabindex'] = 110; showlist($query,'select',$template); ?>


getCorrectTime()); ?>
input_yesno('searchable',$blog->getSearchable(),122); ?>

getID().' ORDER BY cname'; $template['content'] = 'categorylist'; $template['tabindex'] = 200; $manager->loadClass("ENCAPSULATE"); $batch =& new BATCH('category'); $batch->showlist($query,'table',$template); ?>
addTicketHidden() ?>
',_PLUGINS_EXTRA,''; $manager->notify( 'BlogSettingsFormExtras', array( 'blog' => &$blog ) ); $this->pagefoot(); } /** * @todo document this */ function action_categorynew() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $cname = postVar('cname'); $cdesc = postVar('cdesc'); if (!isValidCategoryName($cname)) $this->error(_ERROR_BADCATEGORYNAME); $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid); $res = sql_query($query); if (mysql_num_rows($res) > 0) $this->error(_ERROR_DUPCATEGORYNAME); $blog =& $manager->getBlog($blogid); $newCatID = $blog->createNewCategory($cname, $cdesc); $this->action_blogsettings(); } /** * @todo document this */ function action_categoryedit($catid = '', $blogid = '', $desturl = '') { global $member, $manager; if ($blogid == '') $blogid = intGetVar('blogid'); else $blogid = intval($blogid); if ($catid == '') $catid = intGetVar('catid'); else $catid = intval($catid); $member->blogAdminRights($blogid) or $this->disallow(); $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid"); $obj = mysql_fetch_object($res); $cname = $obj->cname; $cdesc = $obj->cdesc; $extrahead = ''; $this->pagehead($extrahead); echo "

(",_BACK_TO_BLOGSETTINGS,")

"; ?>

''

addTicketHidden(); ?> _insertPluginOptions('category',$catid); ?>
pagefoot(); } /** * @todo document this */ function action_categoryupdate() { global $member, $manager; $blogid = intPostVar('blogid'); $catid = intPostVar('catid'); $cname = postVar('cname'); $cdesc = postVar('cdesc'); $desturl = postVar('desturl'); $member->blogAdminRights($blogid) or $this->disallow(); if (!isValidCategoryName($cname)) $this->error(_ERROR_BADCATEGORYNAME); $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)"; $res = sql_query($query); if (mysql_num_rows($res) > 0) $this->error(_ERROR_DUPCATEGORYNAME); $query = 'UPDATE '.sql_table('category').' SET' . " cname='" . addslashes($cname) . "'," . " cdesc='" . addslashes($cdesc) . "'" . " WHERE catid=" . $catid; sql_query($query); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid)); if ($desturl) { redirect($desturl); exit; } else { $this->action_blogsettings(); } } /** * @todo document this */ function action_categorydelete() { global $member, $manager; $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); // check if the category is valid if (!$blog->isValidCategory($catid)) $this->error(_ERROR_NOSUCHCATEGORY); // don't allow deletion of default category if ($blog->getDefaultCategory() == $catid) $this->error(_ERROR_DELETEDEFCATEGORY); // check if catid is the only category left for blogid $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; $res = sql_query($query); if (mysql_num_rows($res) == 1) $this->error(_ERROR_DELETELASTCATEGORY); $this->pagehead(); ?>

getCategoryName($catid))?>
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_categorydeleteconfirm() { global $member, $manager; $blogid = intRequestVar('blogid'); $catid = intRequestVar('catid'); $member->blogAdminRights($blogid) or $this->disallow(); $error = $this->deleteOneCategory($catid); if ($error) $this->error($error); $this->action_blogsettings(); } /** * @todo document this */ function deleteOneCategory($catid) { global $manager, $member; $catid = intval($catid); $manager->notify('PreDeleteCategory', array('catid' => $catid)); $blogid = getBlogIDFromCatID($catid); if (!$member->blogAdminRights($blogid)) return ERROR_DISALLOWED; // get blog $blog =& $manager->getBlog($blogid); // check if the category is valid if (!$blog || !$blog->isValidCategory($catid)) return _ERROR_NOSUCHCATEGORY; $destcatid = $blog->getDefaultCategory(); // don't allow deletion of default category if ($blog->getDefaultCategory() == $catid) return _ERROR_DELETEDEFCATEGORY; // check if catid is the only category left for blogid $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; $res = sql_query($query); if (mysql_num_rows($res) == 1) return _ERROR_DELETELASTCATEGORY; // change category for all items to the default category $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid"; sql_query($query); // delete all associated plugin options NucleusPlugin::_deleteOptionValues('category', $catid); // delete category $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid; sql_query($query); $manager->notify('PostDeleteCategory', array('catid' => $catid)); } /** * @todo document this */ function moveOneCategory($catid, $destblogid) { global $manager, $member; $catid = intval($catid); $destblogid = intval($destblogid); $blogid = getBlogIDFromCatID($catid); // mover should have admin rights on both blogs if (!$member->blogAdminRights($blogid)) return _ERROR_DISALLOWED; if (!$member->blogAdminRights($destblogid)) return _ERROR_DISALLOWED; // cannot move to self if ($blogid == $destblogid) return _ERROR_MOVETOSELF; // get blogs $blog =& $manager->getBlog($blogid); $destblog =& $manager->getBlog($destblogid); // check if the category is valid if (!$blog || !$blog->isValidCategory($catid)) return _ERROR_NOSUCHCATEGORY; // don't allow default category to be moved if ($blog->getDefaultCategory() == $catid) return _ERROR_MOVEDEFCATEGORY; $manager->notify( 'PreMoveCategory', array( 'catid' => &$catid, 'sourceblog' => &$blog, 'destblog' => &$destblog ) ); // update comments table (cblog) $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid; $items = sql_query($query); while ($oItem = mysql_fetch_object($items)) { sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber); } // update items (iblog) $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid; sql_query($query); // move category $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid; sql_query($query); $manager->notify( 'PostMoveCategory', array( 'catid' => &$catid, 'sourceblog' => &$blog, 'destblog' => $destblog ) ); } /** * @todo document this */ function action_blogsettingsupdate() { global $member, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); $blog =& $manager->getBlog($blogid); $notify = trim(postVar('notify')); $shortname = trim(postVar('shortname')); $updatefile = trim(postVar('update')); $notifyComment = intPostVar('notifyComment'); $notifyVote = intPostVar('notifyVote'); $notifyNewItem = intPostVar('notifyNewItem'); if ($notifyComment == 0) $notifyComment = 1; if ($notifyVote == 0) $notifyVote = 1; if ($notifyNewItem == 0) $notifyNewItem = 1; $notifyType = $notifyComment * $notifyVote * $notifyNewItem; if ($notify) { $not =& new NOTIFICATION($notify); if (!$not->validAddresses()) $this->error(_ERROR_BADNOTIFY); } if (!isValidShortName($shortname)) $this->error(_ERROR_BADSHORTBLOGNAME); if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname)) $this->error(_ERROR_DUPSHORTBLOGNAME); // check if update file is writable if ($updatefile && !is_writeable($updatefile)) $this->error(_ERROR_UPDATEFILE); $blog->setName(trim(postVar('name'))); $blog->setShortName($shortname); $blog->setNotifyAddress($notify); $blog->setNotifyType($notifyType); $blog->setMaxComments(postVar('maxcomments')); $blog->setCommentsEnabled(postVar('comments')); $blog->setTimeOffset(postVar('timeoffset')); $blog->setUpdateFile($updatefile); $blog->setURL(trim(postVar('url'))); $blog->setDefaultSkin(intPostVar('defskin')); $blog->setDescription(trim(postVar('desc'))); $blog->setPublic(postVar('public')); $blog->setPingUserland(postVar('sendping')); $blog->setConvertBreaks(intPostVar('convertbreaks')); $blog->setAllowPastPosting(intPostVar('allowpastposting')); $blog->setDefaultCategory(intPostVar('defcat')); $blog->setSearchable(intPostVar('searchable')); $blog->setEmailRequired(intPostVar('reqemail')); $blog->writeSettings(); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog)); $this->action_overview(_MSG_SETTINGSCHANGED); } /** * @todo document this */ function action_deleteblog() { global $member, $CONF, $manager; $blogid = intRequestVar('blogid'); $member->blogAdminRights($blogid) or $this->disallow(); // check if blog is default blog if ($CONF['DefaultBlog'] == $blogid) $this->error(_ERROR_DELDEFBLOG); $blog =& $manager->getBlog($blogid); $this->pagehead(); ?>

getName())?>
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_deleteblogconfirm() { global $member, $CONF, $manager; $blogid = intRequestVar('blogid'); $manager->notify('PreDeleteBlog', array('blogid' => $blogid)); $member->blogAdminRights($blogid) or $this->disallow(); // check if blog is default blog if ($CONF['DefaultBlog'] == $blogid) $this->error(_ERROR_DELDEFBLOG); // delete all comments $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid; sql_query($query); // delete all items $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid; sql_query($query); // delete all team members $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid; sql_query($query); // delete all bans $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid; sql_query($query); // delete all categories $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid; sql_query($query); // delete all associated plugin options NucleusPlugin::_deleteOptionValues('blog', $blogid); // delete the blog itself $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid; sql_query($query); $manager->notify('PostDeleteBlog', array('blogid' => $blogid)); $this->action_overview(_DELETED_BLOG); } /** * @todo document this */ function action_memberdelete() { global $member, $manager; $memberid = intRequestVar('memberid'); ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $mem = MEMBER::createFromID($memberid); $this->pagehead(); ?>

getDisplayName()) ?>

Please note that media files will NOT be deleted. (At least not in this Nucleus version)

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_memberdeleteconfirm() { global $member; $memberid = intRequestVar('memberid'); ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); $error = $this->deleteOneMember($memberid); if ($error) $this->error($error); if ($member->isAdmin()) $this->action_usermanagement(); else $this->action_overview(_DELETED_MEMBER); } /** * @static * @todo document this */ function deleteOneMember($memberid) { global $manager; $memberid = intval($memberid); $mem = MEMBER::createFromID($memberid); if (!$mem->canBeDeleted()) return _ERROR_DELETEMEMBER; $manager->notify('PreDeleteMember', array('member' => &$mem)); /* unlink comments from memberid */ $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. addslashes($mem->getDisplayName()) .'" WHERE cmember='.$memberid; sql_query($query); $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid; sql_query($query); $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid; sql_query($query); $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid; sql_query($query); // delete all associated plugin options NucleusPlugin::_deleteOptionValues('member', $memberid); $manager->notify('PostDeleteMember', array('member' => &$mem)); return ''; } /** * @todo document this */ function action_createnewlog() { global $member, $CONF, $manager; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; ?>

Some information

Before you start, here's some important information

After you've created a new weblog, you'll need to perform some actions to make your blog accessible. There are two possibilities:

  1. Simple: Create a copy of index.php and modify it to display your new weblog. Further instructions on how to do this will be provided after you've submitted this first form.
  2. Advanced: Insert the blog content into your current skins using skinvars like otherblog. This way, you can place multiple blogs on the same page.

Create Weblog

addTicketHidden() ?>

pagefoot(); } /** * @todo document this */ function action_addnewlog() { global $member, $manager, $CONF; // Only Super-Admins can do this $member->isAdmin() or $this->disallow(); $bname = trim(postVar('name')); $bshortname = trim(postVar('shortname')); $btimeoffset = postVar('timeoffset'); $bdesc = trim(postVar('desc')); $bdefskin = postVar('defskin'); if (!isValidShortName($bshortname)) $this->error(_ERROR_BADSHORTBLOGNAME); if ($manager->existsBlog($bshortname)) $this->error(_ERROR_DUPSHORTBLOGNAME); $manager->notify( 'PreAddBlog', array( 'name' => &$bname, 'shortname' => &$bshortname, 'timeoffset' => &$btimeoffset, 'description' => &$bdescription, 'defaultskin' => &$bdefskin ) ); // add slashes for sql queries $bname = addslashes($bname); $bshortname = addslashes($bshortname); $btimeoffset = addslashes($btimeoffset); $bdesc = addslashes($bdesc); $bdefskin = addslashes($bdefskin); // create blog $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')"; sql_query($query); $blogid = mysql_insert_id(); $blog =& $manager->getBlog($blogid); // create new category sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, 'General','Items that do not fit in other categories')"); $catid = mysql_insert_id(); // set as default category $blog->setDefaultCategory($catid); $blog->writeSettings(); // create team member $memberid = $member->getID(); $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)"; sql_query($query); $blog->additem($blog->getDefaultCategory(),'First Item','This is the first item in your weblog. Feel free to delete it.','',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); $manager->notify( 'PostAddBlog', array( 'blog' => &$blog ) ); $manager->notify( 'PostAddCategory', array( 'blog' => &$blog, 'name' => 'General', 'description' => 'Items that do not fit in other categories', 'catid' => $catid ) ); $this->pagehead(); ?>

New weblog created

Your new weblog () has been created. To continue, choose the way you'll want to make it viewable:

  1. Easiest: A copy of .php
  2. Advanced: Call the weblog from existing skins

Method 1: Create an extra .php file

Create a file called .php, and copy-paste the following code into it:

<?php

$CONF['Self'] = '.php';

include('./config.php');

selectBlog('');
selector();

?>

Upload the file next to your existing index.php file, and you should be all set.

To finish the weblog creation process, please fill out the final URL for your weblog (the proposed value is a guess, don't take it for granted):

addTicketHidden() ?>

Method 2: Call the weblog from existing skins

To finish the weblog creation process, simply please fill out the final URL for your weblog: (might be the same as another already existing weblog)

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_addnewlog2() { global $member, $manager; $member->blogAdminRights($blogid) or $this->disallow(); $burl = requestVar('url'); $blogid = intRequestVar('blogid'); $blog =& $manager->getBlog($blogid); $blog->setURL(trim($burl)); $blog->writeSettings(); $this->action_overview(_MSG_NEWBLOG); } /** * @todo document this */ function action_skinieoverview() { global $member, $DIR_LIBS, $manager; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; ?>

0) { ?>

addTicketHidden() ?>

addTicketHidden() ?>

addTicketHidden() ?>

sdnumber; echo ''; echo ''; echo ''; } echo ''; // show list of templates $res = sql_query('SELECT * FROM '.sql_table('template_desc')); while ($templateObj = mysql_fetch_object($res)) { $id = 'templateexp' . $templateObj->tdnumber; echo ''; echo ''; echo ''; } ?>
'; echo '',htmlspecialchars($skinObj->sddesc),'
',_SKINIE_EXPORT_TEMPLATES,'
'; echo '',htmlspecialchars($templateObj->tddesc),'
pagefoot(); } /** * @todo document this */ function action_skinieimport() { global $member, $DIR_LIBS, $DIR_SKINS, $manager; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $skinFileRaw= postVar('skinfile'); $mode = postVar('mode'); $importer =& new SKINIMPORT(); // get full filename if ($mode == 'file') { $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; } else { $skinFile = $skinFileRaw; } // read only metadata $error = $importer->readFile($skinFile, 1); // clashes $skinNameClashes = $importer->checkSkinNameClashes(); $templateNameClashes = $importer->checkTemplateNameClashes(); $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); if ($error) $this->error($error); $this->pagehead(); echo '

(',_BACK,')

'; ?>

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_skiniedoimport() { global $member, $DIR_LIBS, $DIR_SKINS; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $skinFileRaw= postVar('skinfile'); $mode = postVar('mode'); $allowOverwrite = intPostVar('overwrite'); // get full filename if ($mode == 'file') { $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; // backwards compatibilty (in v2.0, exports were saved as skindata.xml) if (!file_exists($skinFile)) $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; } else { $skinFile = $skinFileRaw; } $importer =& new SKINIMPORT(); $error = $importer->readFile($skinFile); if ($error) $this->error($error); $error = $importer->writeToDatabase($allowOverwrite); if ($error) $this->error($error); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; ?>

pagefoot(); } /** * @todo document this */ function action_skinieexport() { global $member, $DIR_LIBS; $member->isAdmin() or $this->disallow(); // load skinie class include_once($DIR_LIBS . 'skinie.php'); $aSkins = requestIntArray('skin'); $aTemplates = requestIntArray('template'); if (!is_array($aTemplates)) $aTemplates = array(); if (!is_array($aSkins)) $aSkins = array(); $skinList = array_keys($aSkins); $templateList = array_keys($aTemplates); $info = postVar('info'); $exporter =& new SKINEXPORT(); foreach ($skinList as $skinId) { $exporter->addSkin($skinId); } foreach ($templateList as $templateId) { $exporter->addTemplate($templateId); } $exporter->setInfo($info); $exporter->export(); } /** * @todo document this */ function action_templateoverview() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; echo '

' . _TEMPLATE_TITLE . '

'; echo '

' . _TEMPLATE_AVAILABLE_TITLE . '

'; $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname'; $template['content'] = 'templatelist'; $template['tabindex'] = 10; showlist($query,'table',$template); echo '

' . _TEMPLATE_NEW_TITLE . '

'; ?>
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_templateedit($msg = '') { global $member, $manager; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); $extrahead = ''; $extrahead .= ''; $this->pagehead($extrahead); $templatename = TEMPLATE::getNameFromId($templateid); $templatedescription = TEMPLATE::getDesc($templateid); $template =& $manager->getTemplate($templatename); ?>

()

''

"._MESSAGE.": $msg

"; ?>

addTicketHidden() ?> _templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); ?> _templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); ?> _templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); ?> _templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); ?> _templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); ?> _templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160); $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170); $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180); ?> _templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 160); $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 170); $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 180); ?> _templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 190); $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 200); $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 210); $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 220); $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 230); ?> _templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 240); $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 250); $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 260); ?> _templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',270); $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',280); ?>
pagefoot(); } /** * @todo document this */ function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { static $count = 1; ?> isAdmin() or $this->disallow(); $name = postVar('tname'); $desc = postVar('tdesc'); if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name)) $this->error(_ERROR_DUPTEMPLATENAME); $name = addslashes($name); $desc = addslashes($desc); // 1. Remove all template parts $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid; sql_query($query); // 2. Update description $query = 'UPDATE '.sql_table('template_desc').' SET' . " tdname='" . $name . "'," . " tddesc='" . $desc . "'" . " WHERE tdnumber=" . $templateid; sql_query($query); // 3. Add non-empty template parts $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); $this->addToTemplate($templateid, 'ITEM', postVar('ITEM')); $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER')); $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK')); $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); $this->addToTemplate($templateid, 'NEW', postVar('NEW')); $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER')); $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY')); $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER')); $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED')); $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH')); $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH')); $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE')); $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY')); $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE')); $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER')); $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM')); $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER')); $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER')); $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM')); $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER')); $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER')); $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM')); $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER')); $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER')); $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER')); $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE')); $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME')); $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE')); $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT')); $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND')); $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE')); $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE')); $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE')); // jump back to template edit $this->action_templateedit(_TEMPLATE_UPDATED); } /** * @todo document this */ function addToTemplate($id, $partname, $content) { $partname = addslashes($partname); $content = addslashes($content); $id = intval($id); // don't add empty parts: if (!trim($content)) return -1; $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) " . "VALUES ($id, '$partname', '$content')"; sql_query($query) or die("Query error: " . mysql_error()); return mysql_insert_id(); } /** * @todo document this */ function action_templatedelete() { global $member, $manager; $member->isAdmin() or $this->disallow(); $templateid = intRequestVar('templateid'); // TODO: check if template can be deleted $this->pagehead(); $name = TEMPLATE::getNameFromId($templateid); $desc = TEMPLATE::getDesc($templateid); ?>

()

addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_templatedeleteconfirm() { global $member, $manager; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); // 1. delete description sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); // 2. delete parts sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); $this->action_templateoverview(); } /** * @todo document this */ function action_templatenew() { global $member; $member->isAdmin() or $this->disallow(); $name = postVar('name'); $desc = postVar('desc'); if (!isValidTemplateName($name)) $this->error(_ERROR_BADTEMPLATENAME); if (TEMPLATE::exists($name)) $this->error(_ERROR_DUPTEMPLATENAME); $newTemplateId = TEMPLATE::createNew($name, $desc); $this->action_templateoverview(); } /** * @todo document this */ function action_templateclone() { global $member; $templateid = intRequestVar('templateid'); $member->isAdmin() or $this->disallow(); // 1. read old template $name = TEMPLATE::getNameFromId($templateid); $desc = TEMPLATE::getDesc($templateid); // 2. create desc thing $name = "cloned" . $name; // if a template with that name already exists: if (TEMPLATE::exists($name)) { $i = 1; while (TEMPLATE::exists($name . $i)) $i++; $name .= $i; } $newid = TEMPLATE::createNew($name, $desc); // 3. create clone // go through parts of old template and add them to the new one $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); while ($o = mysql_fetch_object($res)) { $this->addToTemplate($newid, $o->tpartname, $o->tcontent); } $this->action_templateoverview(); } /** * @todo document this */ function action_skinoverview() { global $member, $manager; $member->isAdmin() or $this->disallow(); $this->pagehead(); echo '

(',_BACKTOMANAGE,')

'; echo '

' . _SKIN_EDIT_TITLE . '

'; echo '

' . _SKIN_AVAILABLE_TITLE . '

'; $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname'; $template['content'] = 'skinlist'; $template['tabindex'] = 10; showlist($query,'table',$template); echo '

' . _SKIN_NEW_TITLE . '

'; ?>
addTicketHidden() ?>
pagefoot(); } /** * @todo document this */ function action_skinnew() { global $member; $member->isAdmin() or $this->disallow(); $name = trim(postVar('name')); $desc = trim(postVar('desc')); if (!isValidSkinName($name)) $this->error(_ERROR_BADSKINNAME); if (SKIN::exists($name)) $this->error(_ERROR_DUPSKINNAME); $newId = SKIN::createNew($name, $desc); $this->action_skinoverview(); } /** * @todo document this */ function action_skinedit() { global $member, $manager; $skinid = intRequestVar('skinid'); $member->isAdmin() or $this->disallow(); $skin =& new SKIN($skinid); $this->pagehead(); ?>

()

'getName() ?>'