| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.64 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 4 * Copyright (C) 2002-2009 The Nucleus Group 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 * (see nucleus/documentation/index.html#license for more info) 11 */ 12 /** 13 * The code for the Nucleus admin area 14 * 15 * @license http://nucleuscms.org/license.txt GNU General Public License 16 * @copyright Copyright (C) 2002-2009 The Nucleus Group 17 * @version $Id: ADMIN.php 1490 2010-12-22 23:26:16Z ftruscot $ 18 19 */ 20 21 if ( !function_exists('requestVar') ) exit; 22 require_once dirname(__FILE__) . '/showlist.php'; 23 24 /** 25 * Builds the admin area and executes admin actions 26 */ 27 class ADMIN { 28 29 /** 30 * @var string $action action currently being executed ($action=xxxx -> action_xxxx method) 31 */ 32 var $action; 33 34 /** 35 * Class constructor 36 */ 37 function ADMIN() { 38 39 } 40 41 /** 42 * Executes an action 43 * 44 * @param string $action action to be performed 45 */ 46 function action($action) { 47 global $CONF, $manager; 48 49 // list of action aliases 50 $alias = array( 51 'login' => 'overview', 52 '' => 'overview' 53 ); 54 55 if (isset($alias[$action])) 56 $action = $alias[$action]; 57 58 $methodName = 'action_' . $action; 59 60 $this->action = strtolower($action); 61 62 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action 63 // is an action that requires user interaction before something is actually done) 64 // all safe actions are in this array: 65 $aActionsNotToCheck = array( 66 'showlogin', 67 'login', 68 'overview', 69 'itemlist', 70 'blogcommentlist', 71 'bookmarklet', 72 'blogsettings', 73 'banlist', 74 'deleteblog', 75 'editmembersettings', 76 'browseownitems', 77 'browseowncomments', 78 'createitem', 79 'itemedit', 80 'itemmove', 81 'categoryedit', 82 'categorydelete', 83 'manage', 84 'actionlog', 85 'settingsedit', 86 'backupoverview', 87 'pluginlist', 88 'createnewlog', 89 'usermanagement', 90 'skinoverview', 91 'templateoverview', 92 'skinieoverview', 93 'itemcommentlist', 94 'commentedit', 95 'commentdelete', 96 'banlistnewfromitem', 97 'banlistdelete', 98 'itemdelete', 99 'manageteam', 100 'teamdelete', 101 'banlistnew', 102 'memberedit', 103 'memberdelete', 104 'pluginhelp', 105 'pluginoptions', 106 'plugindelete', 107 'skinedittype', 108 'skinremovetype', 109 'skindelete', 110 'skinedit', 111 'templateedit', 112 'templatedelete', 113 'activate', 114 'systemoverview' 115 ); 116 /* 117 // the rest of the actions needs to be checked 118 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd'); 119 */ 120 if (!in_array($this->action, $aActionsNotToCheck)) 121 { 122 if (!$manager->checkTicket()) 123 $this->error(_ERROR_BADTICKET); 124 } 125 126 if (method_exists($this, $methodName)) 127 call_user_func(array(&$this, $methodName)); 128 else 129 $this->error(_BADACTION . htmlspecialchars(" ($action)")); 130 131 } 132 133 /** 134 * @todo document this 135 */ 136 function action_showlogin() { 137 global $error; 138 $this->action_login($error); 139 } 140 141 /** 142 * @todo document this 143 */ 144 function action_login($msg = '', $passvars = 1) { 145 global $member; 146 147 // skip to overview when allowed 148 if ($member->isLoggedIn() && $member->canLogin()) { 149 $this->action_overview(); 150 exit; 151 } 152 153 $this->pagehead(); 154 155 echo '<h2>', _LOGIN ,'</h2>'; 156 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg); 157 ?> 158 159 <form action="index.php" method="post"><p> 160 <?php echo _LOGIN_NAME; ?> <br /><input name="login" tabindex="10" /> 161 <br /> 162 <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password" tabindex="20" type="password" /> 163 <br /> 164 <input name="action" value="login" type="hidden" /> 165 <br /> 166 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" /> 167 <br /> 168 <small> 169 <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label> 170 <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a> 171 </small> 172 <?php // pass through vars 173 174 $oldaction = postVar('oldaction'); 175 if ( ($oldaction != 'logout') && ($oldaction != 'login') && $passvars ) { 176 passRequestVars(); 177 } 178 179 180 ?> 181 </p></form> 182 <?php $this->pagefoot(); 183 } 184 185 186 /** 187 * provides a screen with the overview of the actions available 188 * @todo document parameter 189 */ 190 function action_overview($msg = '') { 191 global $member; 192 193 $this->pagehead(); 194 195 if ($msg) 196 echo _MESSAGE , ': ', $msg; 197 198 /* ---- add items ---- */ 199 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>'; 200 201 $showAll = requestVar('showall'); 202 203 if (($member->isAdmin()) && ($showAll == 'yes')) { 204 // Super-Admins have access to all blogs! (no add item support though) 205 $query = 'SELECT bnumber, bname, 1 as tadmin, burl, bshortname' 206 . ' FROM ' . sql_table('blog') 207 . ' ORDER BY bname'; 208 } else { 209 $query = 'SELECT bnumber, bname, tadmin, burl, bshortname' 210 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') 211 . ' WHERE tblog=bnumber and tmember=' . $member->getID() 212 . ' ORDER BY bname'; 213 } 214 $template['content'] = 'bloglist'; 215 $template['superadmin'] = $member->isAdmin(); 216 $amount = showlist($query,'table',$template); 217 218 if (($showAll != 'yes') && ($member->isAdmin())) { 219 $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog')); 220 if ($total > $amount) 221 echo '<p><a href="index.php?action=overview&showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>'; 222 } 223 224 if ($amount == 0) 225 echo _OVERVIEW_NOBLOGS; 226 227 if ($amount != 0) { 228 echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>'; 229 $query = 'SELECT ititle, inumber, bshortname' 230 . ' FROM ' . sql_table('item'). ', ' . sql_table('blog') 231 . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1'; 232 $template['content'] = 'draftlist'; 233 $amountdrafts = showlist($query, 'table', $template); 234 if ($amountdrafts == 0) 235 echo _OVERVIEW_NODRAFTS; 236 } 237 238 /* ---- user settings ---- */ 239 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>'; 240 echo '<ul>'; 241 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>'; 242 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>'; 243 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>'; 244 echo '</ul>'; 245 246 /* ---- general settings ---- */ 247 if ($member->isAdmin()) { 248 echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>'; 249 echo '<ul>'; 250 echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>'; 251 echo '</ul>'; 252 } 253 254 255 $this->pagefoot(); 256 } 257 258 /** 259 * Returns a link to a weblog 260 * @param object BLOG 261 */ 262 function bloglink(&$blog) { 263 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>'; 264 } 265 266 /** 267 * @todo document this 268 */ 269 function action_manage($msg = '') { 270 global $member; 271 272 $member->isAdmin() or $this->disallow(); 273 274 $this->pagehead(); 275 276 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 277 278 if ($msg) 279 echo '<p>' , _MESSAGE , ': ', $msg , '</p>'; 280 281 282 echo '<h2>' . _MANAGE_GENERAL. '</h2>'; 283 284 echo '<ul>'; 285 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>'; 286 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>'; 287 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>'; 288 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>'; 289 echo '</ul>'; 290 291 echo '<h2>' . _MANAGE_SKINS . '</h2>'; 292 echo '<ul>'; 293 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>'; 294 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>'; 295 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>'; 296 echo '</ul>'; 297 298 echo '<h2>' . _MANAGE_EXTRA . '</h2>'; 299 echo '<ul>'; 300 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>'; 301 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>'; 302 echo '</ul>'; 303 304 $this->pagefoot(); 305 } 306 307 /** 308 * @todo document this 309 */ 310 function action_itemlist($blogid = '') { 311 global $member, $manager, $CONF; 312 313 if ($blogid == '') 314 $blogid = intRequestVar('blogid'); 315 316 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 317 318 $this->pagehead(); 319 $blog =& $manager->getBlog($blogid); 320 321 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 322 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>'; 323 324 // start index 325 if (postVar('start')) 326 $start = intPostVar('start'); 327 else 328 $start = 0; 329 330 if ($start == 0) 331 echo '<p><a href="index.php?action=createitem&blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>'; 332 333 // amount of items to show 334 if (postVar('amount')) 335 $amount = intPostVar('amount'); 336 else { 337 $amount = intval($CONF['DefaultListSize']); 338 if ($amount < 1) 339 $amount = 10; 340 } 341 342 $search = postVar('search'); // search through items 343 344 $query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime' 345 . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category') 346 . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid; 347 348 if ($search) 349 $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))'; 350 351 // non-blog-admins can only edit/delete their own items 352 if (!$member->blogAdminRights($blogid)) 353 $query .= ' and iauthor=' . $member->getID(); 354 355 356 $query .= ' ORDER BY itime DESC' 357 . " LIMIT $start,$amount"; 358 359 $template['content'] = 'itemlist'; 360 $template['now'] = $blog->getCorrectTime(time()); 361 362 $manager->loadClass("ENCAPSULATE"); 363 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0); 364 $navList->showBatchList('item',$query,'table',$template); 365 366 367 $this->pagefoot(); 368 } 369 370 /** 371 * @todo document this 372 */ 373 function action_batchitem() { 374 global $member, $manager; 375 376 // check if logged in 377 $member->isLoggedIn() or $this->disallow(); 378 379 // more precise check will be done for each performed operation 380 381 // get array of itemids from request 382 $selected = requestIntArray('batch'); 383 $action = requestVar('batchaction'); 384 385 // Show error when no items were selected 386 if (!is_array($selected) || sizeof($selected) == 0) 387 $this->error(_BATCH_NOSELECTION); 388 389 // On move: when no destination blog/category chosen, show choice now 390 $destCatid = intRequestVar('destcatid'); 391 if (($action == 'move') && (!$manager->existsCategory($destCatid))) 392 $this->batchMoveSelectDestination('item',$selected); 393 394 // On delete: check if confirmation has been given 395 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 396 $this->batchAskDeleteConfirmation('item',$selected); 397 398 $this->pagehead(); 399 400 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 401 echo '<h2>',_BATCH_ITEMS,'</h2>'; 402 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 403 echo '<ul>'; 404 405 406 // walk over all itemids and perform action 407 foreach ($selected as $itemid) { 408 $itemid = intval($itemid); 409 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...'; 410 411 // perform action, display errors if needed 412 switch($action) { 413 case 'delete': 414 $error = $this->deleteOneItem($itemid); 415 break; 416 case 'move': 417 $error = $this->moveOneItem($itemid, $destCatid); 418 break; 419 default: 420 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 421 } 422 423 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 424 echo '</li>'; 425 } 426 427 echo '</ul>'; 428 echo '<b>',_BATCH_DONE,'</b>'; 429 430 $this->pagefoot(); 431 432 433 } 434 435 /** 436 * @todo document this 437 */ 438 function action_batchcomment() { 439 global $member; 440 441 // check if logged in 442 $member->isLoggedIn() or $this->disallow(); 443 444 // more precise check will be done for each performed operation 445 446 // get array of itemids from request 447 $selected = requestIntArray('batch'); 448 $action = requestVar('batchaction'); 449 450 // Show error when no items were selected 451 if (!is_array($selected) || sizeof($selected) == 0) 452 $this->error(_BATCH_NOSELECTION); 453 454 // On delete: check if confirmation has been given 455 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 456 $this->batchAskDeleteConfirmation('comment',$selected); 457 458 $this->pagehead(); 459 460 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 461 echo '<h2>',_BATCH_COMMENTS,'</h2>'; 462 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 463 echo '<ul>'; 464 465 // walk over all itemids and perform action 466 foreach ($selected as $commentid) { 467 $commentid = intval($commentid); 468 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...'; 469 470 // perform action, display errors if needed 471 switch($action) { 472 case 'delete': 473 $error = $this->deleteOneComment($commentid); 474 break; 475 default: 476 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 477 } 478 479 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 480 echo '</li>'; 481 } 482 483 echo '</ul>'; 484 echo '<b>',_BATCH_DONE,'</b>'; 485 486 $this->pagefoot(); 487 488 489 } 490 491 /** 492 * @todo document this 493 */ 494 function action_batchmember() { 495 global $member; 496 497 // check if logged in and admin 498 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); 499 500 // get array of itemids from request 501 $selected = requestIntArray('batch'); 502 $action = requestVar('batchaction'); 503 504 // Show error when no members selected 505 if (!is_array($selected) || sizeof($selected) == 0) 506 $this->error(_BATCH_NOSELECTION); 507 508 // On delete: check if confirmation has been given 509 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 510 $this->batchAskDeleteConfirmation('member',$selected); 511 512 $this->pagehead(); 513 514 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>'; 515 echo '<h2>',_BATCH_MEMBERS,'</h2>'; 516 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 517 echo '<ul>'; 518 519 // walk over all itemids and perform action 520 foreach ($selected as $memberid) { 521 $memberid = intval($memberid); 522 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...'; 523 524 // perform action, display errors if needed 525 switch($action) { 526 case 'delete': 527 $error = $this->deleteOneMember($memberid); 528 break; 529 case 'setadmin': 530 // always succeeds 531 sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid); 532 $error = ''; 533 break; 534 case 'unsetadmin': 535 // there should always remain at least one super-admin 536 $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1'); 537 if (sql_num_rows($r) < 2) 538 $error = _ERROR_ATLEASTONEADMIN; 539 else 540 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid); 541 break; 542 default: 543 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 544 } 545 546 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 547 echo '</li>'; 548 } 549 550 echo '</ul>'; 551 echo '<b>',_BATCH_DONE,'</b>'; 552 553 $this->pagefoot(); 554 555 556 } 557 558 /** 559 * @todo document this 560 */ 561 function action_batchteam() { 562 global $member; 563 564 $blogid = intRequestVar('blogid'); 565 566 // check if logged in and admin 567 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); 568 569 // get array of itemids from request 570 $selected = requestIntArray('batch'); 571 $action = requestVar('batchaction'); 572 573 // Show error when no members selected 574 if (!is_array($selected) || sizeof($selected) == 0) 575 $this->error(_BATCH_NOSELECTION); 576 577 // On delete: check if confirmation has been given 578 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 579 $this->batchAskDeleteConfirmation('team',$selected); 580 581 $this->pagehead(); 582 583 echo '<p><a href="index.php?action=manageteam&blogid=',$blogid,'">(',_BACK,')</a></p>'; 584 585 echo '<h2>',_BATCH_TEAM,'</h2>'; 586 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 587 echo '<ul>'; 588 589 // walk over all itemids and perform action 590 foreach ($selected as $memberid) { 591 $memberid = intval($memberid); 592 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...'; 593 594 // perform action, display errors if needed 595 switch($action) { 596 case 'delete': 597 $error = $this->deleteOneTeamMember($blogid, $memberid); 598 break; 599 case 'setadmin': 600 // always succeeds 601 sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid); 602 $error = ''; 603 break; 604 case 'unsetadmin': 605 // there should always remain at least one admin 606 $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid); 607 if (sql_num_rows($r) < 2) 608 $error = _ERROR_ATLEASTONEBLOGADMIN; 609 else 610 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid); 611 break; 612 default: 613 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 614 } 615 616 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 617 echo '</li>'; 618 } 619 620 echo '</ul>'; 621 echo '<b>',_BATCH_DONE,'</b>'; 622 623 $this->pagefoot(); 624 625 626 } 627 628 /** 629 * @todo document this 630 */ 631 function action_batchcategory() { 632 global $member, $manager; 633 634 // check if logged in 635 $member->isLoggedIn() or $this->disallow(); 636 637 // more precise check will be done for each performed operation 638 639 // get array of itemids from request 640 $selected = requestIntArray('batch'); 641 $action = requestVar('batchaction'); 642 643 // Show error when no items were selected 644 if (!is_array($selected) || sizeof($selected) == 0) 645 $this->error(_BATCH_NOSELECTION); 646 647 // On move: when no destination blog chosen, show choice now 648 $destBlogId = intRequestVar('destblogid'); 649 if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) 650 $this->batchMoveCategorySelectDestination('category',$selected); 651 652 // On delete: check if confirmation has been given 653 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 654 $this->batchAskDeleteConfirmation('category',$selected); 655 656 $this->pagehead(); 657 658 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 659 echo '<h2>',BATCH_CATEGORIES,'</h2>'; 660 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 661 echo '<ul>'; 662 663 // walk over all itemids and perform action 664 foreach ($selected as $catid) { 665 $catid = intval($catid); 666 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...'; 667 668 // perform action, display errors if needed 669 switch($action) { 670 case 'delete': 671 $error = $this->deleteOneCategory($catid); 672 break; 673 case 'move': 674 $error = $this->moveOneCategory($catid, $destBlogId); 675 break; 676 default: 677 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 678 } 679 680 echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>'; 681 echo '</li>'; 682 } 683 684 echo '</ul>'; 685 echo '<b>',_BATCH_DONE,'</b>'; 686 687 $this->pagefoot(); 688 689 } 690 691 /** 692 * @todo document this 693 */ 694 function batchMoveSelectDestination($type, $ids) { 695 global $manager; 696 $this->pagehead(); 697 ?> 698 <h2><?php echo _MOVE_TITLE?></h2> 699 <form method="post" action="index.php"><div> 700 701 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 702 <input type="hidden" name="batchaction" value="move" /> 703 <?php 704 $manager->addTicketHidden(); 705 706 // insert selected item numbers 707 $idx = 0; 708 foreach ($ids as $id) 709 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 710 711 // show blog/category selection list 712 $this->selectBlogCategory('destcatid'); 713 714 ?> 715 716 717 <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" /> 718 719 </div></form> 720 <?php $this->pagefoot(); 721 exit; 722 } 723 724 /** 725 * @todo document this 726 */ 727 function batchMoveCategorySelectDestination($type, $ids) { 728 global $manager; 729 $this->pagehead(); 730 ?> 731 <h2><?php echo _MOVECAT_TITLE?></h2> 732 <form method="post" action="index.php"><div> 733 734 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 735 <input type="hidden" name="batchaction" value="move" /> 736 <?php 737 $manager->addTicketHidden(); 738 739 // insert selected item numbers 740 $idx = 0; 741 foreach ($ids as $id) 742 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 743 744 // show blog/category selection list 745 $this->selectBlog('destblogid'); 746 747 ?> 748 749 750 <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" /> 751 752 </div></form> 753 <?php $this->pagefoot(); 754 exit; 755 } 756 757 /** 758 * @todo document this 759 */ 760 function batchAskDeleteConfirmation($type, $ids) { 761 global $manager; 762 763 $this->pagehead(); 764 ?> 765 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2> 766 <form method="post" action="index.php"><div> 767 768 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 769 <?php $manager->addTicketHidden() ?> 770 <input type="hidden" name="batchaction" value="delete" /> 771 <input type="hidden" name="confirmation" value="yes" /> 772 <?php // insert selected item numbers 773 $idx = 0; 774 foreach ($ids as $id) 775 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 776 777 // add hidden vars for team & comment 778 if ($type == 'team') 779 { 780 echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />'; 781 } 782 if ($type == 'comment') 783 { 784 echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />'; 785 } 786 787 ?> 788 789 <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" /> 790 791 </div></form> 792 <?php $this->pagefoot(); 793 exit; 794 } 795 796 797 /** 798 * Inserts a HTML select element with choices for all categories to which the current 799 * member has access 800 * @see function selectBlog 801 */ 802 function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 803 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); 804 } 805 806 /** 807 * Inserts a HTML select element with choices for all blogs to which the user has access 808 * mode = 'blog' => shows blognames and values are blogids 809 * mode = 'category' => show category names and values are catids 810 * 811 * @param $iForcedBlogInclude 812 * ID of a blog that always needs to be included, without checking if the 813 * member is on the blog team (-1 = none) 814 * @todo document parameters 815 */ 816 function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 817 global $member, $CONF; 818 819 // 0. get IDs of blogs to which member can post items (+ forced blog) 820 $aBlogIds = array(); 821 if ($iForcedBlogInclude != -1) 822 $aBlogIds[] = intval($iForcedBlogInclude); 823 824 if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) 825 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; 826 else 827 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); 828 $rblogids = sql_query($queryBlogs); 829 while ($o = sql_fetch_object($rblogids)) 830 if ($o->bnumber != $iForcedBlogInclude) 831 $aBlogIds[] = intval($o->bnumber); 832 833 if (count($aBlogIds) == 0) 834 return; 835 836 echo '<select name="',$name,'" tabindex="',$tabindex,'">'; 837 838 // 1. select blogs (we'll create optiongroups) 839 // (only select those blogs that have the user on the team) 840 $queryBlogs = 'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname'; 841 $blogs = sql_query($queryBlogs); 842 if ($mode == 'category') { 843 if (sql_num_rows($blogs) > 1) 844 $multipleBlogs = 1; 845 846 while ($oBlog = sql_fetch_object($blogs)) { 847 if ($multipleBlogs) 848 echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">'; 849 850 // show selection to create new category when allowed/wanted 851 if ($showNewCat) { 852 // check if allowed to do so 853 if ($member->blogAdminRights($oBlog->bnumber)) 854 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>'; 855 } 856 857 // 2. for each category in that blog 858 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC'); 859 while ($oCat = sql_fetch_object($categories)) { 860 if ($oCat->catid == $selected) 861 $selectText = ' selected="selected" '; 862 else 863 $selectText = ''; 864 echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>'; 865 } 866 867 if ($multipleBlogs) 868 echo '</optgroup>'; 869 } 870 } else { 871 // blog mode 872 while ($oBlog = sql_fetch_object($blogs)) { 873 echo '<option value="',$oBlog->bnumber,'"'; 874 if ($oBlog->bnumber == $selected) 875 echo ' selected="selected"'; 876 echo'>',htmlspecialchars($oBlog->bname),'</option>'; 877 } 878 } 879 echo '</select>'; 880 881 } 882 883 /** 884 * @todo document this 885 */ 886 function action_browseownitems() { 887 global $member, $manager, $CONF; 888 889 $this->pagehead(); 890 891 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 892 echo '<h2>' . _ITEMLIST_YOUR. '</h2>'; 893 894 // start index 895 if (postVar('start')) 896 $start = intPostVar('start'); 897 else 898 $start = 0; 899 900 // amount of items to show 901 if (postVar('amount')) 902 $amount = intPostVar('amount'); 903 else { 904 $amount = intval($CONF['DefaultListSize']); 905 if ($amount < 1) 906 $amount = 10; 907 } 908 909 $search = postVar('search'); // search through items 910 911 $query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime' 912 . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category') 913 . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid'; 914 915 if ($search) 916 $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))'; 917 918 $query .= ' ORDER BY itime DESC' 919 . " LIMIT $start,$amount"; 920 921 $template['content'] = 'itemlist'; 922 $template['now'] = time(); 923 924 $manager->loadClass("ENCAPSULATE"); 925 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0); 926 $navList->showBatchList('item',$query,'table',$template); 927 928 $this->pagefoot(); 929 930 } 931 932 /** 933 * Show all the comments for a given item 934 * @param int $itemid 935 */ 936 function action_itemcommentlist($itemid = '') { 937 global $member, $manager, $CONF; 938 939 if ($itemid == '') 940 $itemid = intRequestVar('itemid'); 941 942 // only allow if user is allowed to alter item 943 $member->canAlterItem($itemid) or $this->disallow(); 944 945 $blogid = getBlogIdFromItemId($itemid); 946 947 $this->pagehead(); 948 949 // start index 950 if (postVar('start')) 951 $start = intPostVar('start'); 952 else 953 $start = 0; 954 955 // amount of items to show 956 if (postVar('amount')) 957 $amount = intPostVar('amount'); 958 else { 959 $amount = intval($CONF['DefaultListSize']); 960 if ($amount < 1) 961 $amount = 10; 962 } 963 964 $search = postVar('search'); 965 966 echo '<p>(<a href="index.php?action=itemlist&blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>'; 967 echo '<h2>',_COMMENTS,'</h2>'; 968 969 $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid; 970 971 if ($search) 972 $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"'; 973 974 $query .= ' ORDER BY ctime ASC' 975 . " LIMIT $start,$amount"; 976 977 $template['content'] = 'commentlist'; 978 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid)); 979 980 $manager->loadClass("ENCAPSULATE"); 981 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid); 982 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS); 983 984 $this->pagefoot(); 985 } 986 987 /** 988 * Browse own comments 989 */ 990 function action_browseowncomments() { 991 global $member, $manager, $CONF; 992 993 // start index 994 if (postVar('start')) 995 $start = intPostVar('start'); 996 else 997 $start = 0; 998 999 // amount of items to show 1000 if (postVar('amount')) 1001 $amount = intPostVar('amount'); 1002 else { 1003 $amount = intval($CONF['DefaultListSize']); 1004 if ($amount < 1) 1005 $amount = 10; 1006 } 1007 1008 $search = postVar('search'); 1009 1010 1011 $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID(); 1012 1013 if ($search) 1014 $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"'; 1015 1016 $query .= ' ORDER BY ctime DESC' 1017 . " LIMIT $start,$amount"; 1018 1019 $this->pagehead(); 1020 1021 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 1022 echo '<h2>', _COMMENTS_YOUR ,'</h2>'; 1023 1024 $template['content'] = 'commentlist'; 1025 $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself 1026 1027 $manager->loadClass("ENCAPSULATE"); 1028 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0); 1029 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR); 1030 1031 $this->pagefoot(); 1032 } 1033 1034 /** 1035 * Browse all comments for a weblog 1036 * @param int $blogid 1037 */ 1038 function action_blogcommentlist($blogid = '') 1039 { 1040 global $member, $manager, $CONF; 1041 1042 if ($blogid == '') 1043 $blogid = intRequestVar('blogid'); 1044 else 1045 $blogid = intval($blogid); 1046 1047 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 1048 1049 // start index 1050 if (postVar('start')) 1051 $start = intPostVar('start'); 1052 else 1053 $start = 0; 1054 1055 // amount of items to show 1056 if (postVar('amount')) 1057 $amount = intPostVar('amount'); 1058 else { 1059 $amount = intval($CONF['DefaultListSize']); 1060 if ($amount < 1) 1061 $amount = 10; 1062 } 1063 1064 $search = postVar('search'); // search through comments 1065 1066 1067 $query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid); 1068 1069 if ($search != '') 1070 $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"'; 1071 1072 1073 $query .= ' ORDER BY ctime DESC' 1074 . " LIMIT $start,$amount"; 1075 1076 1077 $blog =& $manager->getBlog($blogid); 1078 1079 $this->pagehead(); 1080 1081 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 1082 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>'; 1083 1084 $template['content'] = 'commentlist'; 1085 $template['canAddBan'] = $member->blogAdminRights($blogid); 1086 1087 $manager->loadClass("ENCAPSULATE"); 1088 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0); 1089 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG); 1090 1091 $this->pagefoot(); 1092 } 1093 1094 /** 1095 * Provide a page to item a new item to the given blog 1096 */ 1097 function action_createitem() { 1098 global $member, $manager; 1099 1100 $blogid = intRequestVar('blogid'); 1101 1102 // check if allowed 1103 $member->teamRights($blogid) or $this->disallow(); 1104 1105 $memberid = $member->getID(); 1106 1107 $blog =& $manager->getBlog($blogid); 1108 1109 $this->pagehead(); 1110 1111 // generate the add-item form 1112 $formfactory =& new PAGEFACTORY($blogid); 1113 $formfactory->createAddForm('admin'); 1114 1115 $this->pagefoot(); 1116 } 1117 1118 /** 1119 * @todo document this 1120 */ 1121 function action_itemedit() { 1122 global $member, $manager; 1123 1124 $itemid = intRequestVar('itemid'); 1125 1126 // only allow if user is allowed to alter item 1127 $member->canAlterItem($itemid) or $this->disallow(); 1128 1129 $item =& $manager->getItem($itemid,1,1); 1130 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); 1131 1132 $manager->notify('PrepareItemForEdit', array('item' => &$item)); 1133 1134 if ($blog->convertBreaks()) { 1135 $item['body'] = removeBreaks($item['body']); 1136 $item['more'] = removeBreaks($item['more']); 1137 } 1138 1139 // form to edit blog items 1140 $this->pagehead(); 1141 $formfactory =& new PAGEFACTORY($blog->getID()); 1142 $formfactory->createEditForm('admin',$item); 1143 $this->pagefoot(); 1144 } 1145 1146 /** 1147 * @todo document this 1148 */ 1149 function action_itemupdate() { 1150 global $member, $manager, $CONF; 1151 1152 $itemid = intRequestVar('itemid'); 1153 $catid = postVar('catid'); 1154 1155 // only allow if user is allowed to alter item 1156 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 1157 1158 $actiontype = postVar('actiontype'); 1159 1160 // delete actions are handled by itemdelete (which has confirmation) 1161 if ($actiontype == 'delete') { 1162 $this->action_itemdelete(); 1163 return; 1164 } 1165 1166 $body = postVar('body'); 1167 $title = postVar('title'); 1168 $more = postVar('more'); 1169 $closed = intPostVar('closed'); 1170 $draftid = intPostVar('draftid'); 1171 1172 // default action = add now 1173 if (!$actiontype) 1174 $actiontype='addnow'; 1175 1176 // create new category if needed 1177 if (strstr($catid,'newcat')) { 1178 // get blogid 1179 list($blogid) = sscanf($catid,"newcat-%d"); 1180 1181 // create 1182 $blog =& $manager->getBlog($blogid); 1183 $catid = $blog->createNewCategory(); 1184 1185 // show error when sth goes wrong 1186 if (!$catid) 1187 $this->doError(_ERROR_CATCREATEFAIL); 1188 } 1189 1190 /* 1191 set some variables based on actiontype 1192 1193 actiontypes: 1194 draft items -> addnow, addfuture, adddraft, delete 1195 non-draft items -> edit, changedate, delete 1196 1197 variables set: 1198 $timestamp: set to a nonzero value for future dates or date changes 1199 $wasdraft: set to 1 when the item used to be a draft item 1200 $publish: set to 1 when the edited item is not a draft 1201 */ 1202 $blogid = getBlogIDFromItemID($itemid); 1203 $blog =& $manager->getBlog($blogid); 1204 1205 $wasdrafts = array('adddraft', 'addfuture', 'addnow'); 1206 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0; 1207 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0; 1208 if ($actiontype == 'addfuture' || $actiontype == 'changedate') { 1209 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); 1210 } else { 1211 $timestamp =0; 1212 } 1213 1214 // edit the item for real 1215 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); 1216 1217 $this->updateFuturePosted($blogid); 1218 1219 if ($draftid > 0) { 1220 // delete permission is checked inside ITEM::delete() 1221 ITEM::delete($draftid); 1222 } 1223 1224 // show category edit window when we created a new category 1225 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') 1226 if ($catid != intPostVar('catid')) { 1227 $this->action_categoryedit( 1228 $catid, 1229 $blog->getID(), 1230 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) 1231 ); 1232 } else { 1233 // TODO: set start item correctly for itemlist 1234 $this->action_itemlist(getBlogIDFromItemID($itemid)); 1235 } 1236 } 1237 1238 /** 1239 * @todo document this 1240 */ 1241 function action_itemdelete() { 1242 global $member, $manager; 1243 1244 $itemid = intRequestVar('itemid'); 1245 1246 // only allow if user is allowed to alter item 1247 $member->canAlterItem($itemid) or $this->disallow(); 1248 1249 if (!$manager->existsItem($itemid,1,1)) 1250 $this->error(_ERROR_NOSUCHITEM); 1251 1252 $item =& $manager->getItem($itemid,1,1); 1253 $title = htmlspecialchars(strip_tags($item['title'])); 1254 $body = strip_tags($item['body']); 1255 $body = htmlspecialchars(shorten($body,300,'...')); 1256 1257 $this->pagehead(); 1258 ?> 1259 <h2><?php echo _DELETE_CONFIRM?></h2> 1260 1261 <p><?php echo _CONFIRMTXT_ITEM?></p> 1262 1263 <div class="note"> 1264 <b>"<?php echo $title ?>"</b> 1265 <br /> 1266 <?php echo $body?> 1267 </div> 1268 1269 <form method="post" action="index.php"><div> 1270 <input type="hidden" name="action" value="itemdeleteconfirm" /> 1271 <?php $manager->addTicketHidden() ?> 1272 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 1273 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" tabindex="10" /> 1274 </div></form> 1275 <?php 1276 $this->pagefoot(); 1277 } 1278 1279 /** 1280 * @todo document this 1281 */ 1282 function action_itemdeleteconfirm() { 1283 global $member; 1284 1285 $itemid = intRequestVar('itemid'); 1286 1287 // only allow if user is allowed to alter item 1288 $member->canAlterItem($itemid) or $this->disallow(); 1289 1290 // get blogid first 1291 $blogid = getBlogIdFromItemId($itemid); 1292 1293 // delete item (note: some checks will be performed twice) 1294 $this->deleteOneItem($itemid); 1295 1296 $this->action_itemlist($blogid); 1297 } 1298 1299 /** 1300 * Deletes one item and returns error if something goes wrong 1301 * @param int $itemid 1302 */ 1303 function deleteOneItem($itemid) { 1304 global $member, $manager; 1305 1306 // only allow if user is allowed to alter item (also checks if itemid exists) 1307 if (!$member->canAlterItem($itemid)) 1308 return _ERROR_DISALLOWED; 1309 1310 // need to get blogid before the item is deleted 1311 $blogid = getBlogIDFromItemId($itemid); 1312 1313 $manager->loadClass('ITEM'); 1314 ITEM::delete($itemid); 1315 1316 // update blog's futureposted 1317 $this->updateFuturePosted($blogid); 1318 } 1319 1320 /** 1321 * Update a blog's future posted flag 1322 * @param int $blogid 1323 */ 1324 function updateFuturePosted($blogid) { 1325 global $manager; 1326 1327 $blog =& $manager->getBlog($blogid); 1328 $currenttime = $blog->getCorrectTime(time()); 1329 $result = sql_query("SELECT * FROM ".sql_table('item'). 1330 " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime)); 1331 if (sql_num_rows($result) > 0) { 1332 $blog->setFuturePost(); 1333 } 1334 else { 1335 $blog->clearFuturePost(); 1336 } 1337 } 1338 1339 /** 1340 * @todo document this 1341 */ 1342 function action_itemmove() { 1343 global $member, $manager; 1344 1345 $itemid = intRequestVar('itemid'); 1346 1347 // only allow if user is allowed to alter item 1348 $member->canAlterItem($itemid) or $this->disallow(); 1349 1350 $item =& $manager->getItem($itemid,1,1); 1351 1352 $this->pagehead(); 1353 ?> 1354 <h2><?php echo _MOVE_TITLE?></h2> 1355 <form method="post" action="index.php"><div> 1356 <input type="hidden" name="action" value="itemmoveto" /> 1357 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 1358 1359 <?php 1360 1361 $manager->addTicketHidden(); 1362 $this->selectBlogCategory('catid',$item['catid'],10,1); 1363 ?> 1364 1365 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" /> 1366 </div></form> 1367 <?php 1368 $this->pagefoot(); 1369 } 1370 1371 /** 1372 * @todo document this 1373 */ 1374 function action_itemmoveto() { 1375 global $member, $manager; 1376 1377 $itemid = intRequestVar('itemid'); 1378 $catid = requestVar('catid'); 1379 1380 // create new category if needed 1381 if (strstr($catid,'newcat')) { 1382 // get blogid 1383 list($blogid) = sscanf($catid,'newcat-%d'); 1384 1385 // create 1386 $blog =& $manager->getBlog($blogid); 1387 $catid = $blog->createNewCategory(); 1388 1389 // show error when sth goes wrong 1390 if (!$catid) 1391 $this->doError(_ERROR_CATCREATEFAIL); 1392 } 1393 1394 // only allow if user is allowed to alter item 1395 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 1396 1397 $old_blogid = getBlogIDFromItemId($itemid); 1398 1399 ITEM::move($itemid, $catid); 1400 1401 // set the futurePosted flag on the blog 1402 $this->updateFuturePosted(getBlogIDFromItemId($itemid)); 1403 1404 // reset the futurePosted in case the item is moved from one blog to another 1405 $this->updateFuturePosted($old_blogid); 1406 1407 if ($catid != intRequestVar('catid')) 1408 $this->action_categoryedit($catid, $blog->getID()); 1409 else 1410 $this->action_itemlist(getBlogIDFromCatID($catid)); 1411 } 1412 1413 /** 1414 * Moves one item to a given category (category existance should be checked by caller) 1415 * errors are returned 1416 * @param int $itemid 1417 * @param int $destCatid category ID to which the item will be moved 1418 */ 1419 function moveOneItem($itemid, $destCatid) { 1420 global $member; 1421 1422 // only allow if user is allowed to move item 1423 if (!$member->canUpdateItem($itemid, $destCatid)) 1424 return _ERROR_DISALLOWED; 1425 1426 ITEM::move($itemid, $destCatid); 1427 } 1428 1429 /** 1430 * Adds a item to the chosen blog 1431 */ 1432 function action_additem() { 1433 global $manager, $CONF; 1434 1435 $manager->loadClass('ITEM'); 1436 1437 $result = ITEM::createFromRequest(); 1438 1439 if ($result['status'] == 'error') 1440 $this->error($result['message']); 1441 1442 $blogid = getBlogIDFromItemID($result['itemid']); 1443 $blog =& $manager->getBlog($blogid); 1444 $btimestamp = $blog->getCorrectTime(); 1445 $item = $manager->getItem(intval($result['itemid']), 1, 1); 1446 1447 if ($result['status'] == 'newcategory') { 1448 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid)); 1449 $this->action_categoryedit($result['catid'], $blogid, $distURI); 1450 } else { 1451 $methodName = 'action_itemList'; 1452 call_user_func(array(&$this, $methodName), $blogid); 1453 } 1454 } 1455 1456 /** 1457 * Allows to edit previously made comments 1458 **/ 1459 function action_commentedit() { 1460 1461 global $member, $manager; 1462 1463 $commentid = intRequestVar('commentid'); 1464 1465 $member->canAlterComment($commentid) or $this->disallow(); 1466 1467 $comment = COMMENT::getComment($commentid); 1468 1469 $manager->notify('PrepareCommentForEdit', array('comment' => &$comment) ); 1470 1471 // change <br /> to \n 1472 $comment['body'] = str_replace('<br />', '', $comment['body']); 1473 1474 // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0 1475 /* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */ 1476 1477 $comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#i", "\\1", $comment['body']); 1478 1479 $this->pagehead(); 1480 1481 ?> 1482 <h2><?php echo _EDITC_TITLE?></h2> 1483 1484 <form action="index.php" method="post"><div> 1485 1486 <input type="hidden" name="action" value="commentupdate" /> 1487 <?php $manager->addTicketHidden(); ?> 1488 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 1489 <table><tr> 1490 <th colspan="2"><?php echo _EDITC_TITLE?></th> 1491 </tr><tr> 1492 <td><?php echo _EDITC_WHO?></td> 1493 <td> 1494 <?php if ($comment['member']) 1495 echo $comment['member'] . " (" . _EDITC_MEMBER . ")"; 1496 else 1497 echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")"; 1498 ?> 1499 </td> 1500 </tr><tr> 1501 <td><?php echo _EDITC_WHEN?></td> 1502 <td><?php echo date("Y-m-d @ H:i",$comment['timestamp']); ?></td> 1503 </tr><tr> 1504 <td><?php echo _EDITC_HOST?></td> 1505 <td><?php echo $comment['host']; ?></td> 1506 </tr> 1507 <tr> 1508 <td><?php echo _EDITC_URL; ?></td> 1509 <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td> 1510 </tr> 1511 <tr> 1512 <td><?php echo _EDITC_EMAIL; ?></td> 1513 <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td> 1514 </tr> 1515 <tr> 1516 <td><?php echo _EDITC_TEXT?></td> 1517 <td> 1518 <textarea name="body" tabindex="10" rows="10" cols="50"><?php // htmlspecialchars not needed (things should be escaped already) 1519 echo $comment['body']; 1520 ?></textarea> 1521 </td> 1522 </tr><tr> 1523 <td><?php echo _EDITC_EDIT?></td> 1524 <td><input type="submit" tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td> 1525 </tr></table> 1526 1527 </div></form> 1528 <?php 1529 $this->pagefoot(); 1530 } 1531 1532 /** 1533 * @todo document this 1534 */ 1535 function action_commentupdate() { 1536 global $member, $manager; 1537 1538 $commentid = intRequestVar('commentid'); 1539 1540 $member->canAlterComment($commentid) or $this->disallow(); 1541 1542 $url = postVar('url'); 1543 $email = postVar('email'); 1544 $body = postVar('body'); 1545 1546 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 1547 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE 1548 # important note that '\' must be matched with '\\\\' in preg* expressions 1549 1550 // intercept words that are too long 1551 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE) 1552 { 1553 $this->error(_ERROR_COMMENT_LONGWORD); 1554 } 1555 1556 // check length 1557 if (strlen($body) < 3) 1558 { 1559 $this->error(_ERROR_COMMENT_NOCOMMENT); 1560 } 1561 1562 if (strlen($body) > 5000) 1563 { 1564 $this->error(_ERROR_COMMENT_TOOLONG); 1565 } 1566 1567 // prepare body 1568 $body = COMMENT::prepareBody($body); 1569 1570 // call plugins 1571 $manager->notify('PreUpdateComment',array('body' => &$body)); 1572 1573 $query = 'UPDATE ' . sql_table('comment') 1574 . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'" 1575 . " WHERE cnumber = " . $commentid; 1576 sql_query($query); 1577 1578 // get itemid 1579 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); 1580 $o = sql_fetch_object($res); 1581 $itemid = $o->citem; 1582 1583 if ($member->canAlterItem($itemid)) 1584 $this->action_itemcommentlist($itemid); 1585 else 1586 $this->action_browseowncomments(); 1587 1588 } 1589 1590 /** 1591 * @todo document this 1592 */ 1593 function action_commentdelete() { 1594 global $member, $manager; 1595 1596 $commentid = intRequestVar('commentid'); 1597 1598 $member->canAlterComment($commentid) or $this->disallow(); 1599 1600 $comment = COMMENT::getComment($commentid); 1601 1602 $body = strip_tags($comment['body']); 1603 $body = htmlspecialchars(shorten($body, 300, '...')); 1604 1605 if ($comment['member']) 1606 $author = $comment['member']; 1607 else 1608 $author = $comment['user']; 1609 1610 $this->pagehead(); 1611 ?> 1612 1613 <h2><?php echo _DELETE_CONFIRM?></h2> 1614 1615 <p><?php echo _CONFIRMTXT_COMMENT?></p> 1616 1617 <div class="note"> 1618 <b><?php echo _EDITC_WHO?>:</b> <?php echo $author ?> 1619 <br /> 1620 <b><?php echo _EDITC_TEXT?>:</b> <?php echo $body ?> 1621 </div> 1622 1623 <form method="post" action="index.php"><div> 1624 <input type="hidden" name="action" value="commentdeleteconfirm" /> 1625 <?php $manager->addTicketHidden() ?> 1626 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 1627 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 1628 </div></form> 1629 <?php 1630 $this->pagefoot(); 1631 } 1632 1633 /** 1634 * @todo document this 1635 */ 1636 function action_commentdeleteconfirm() { 1637 global $member; 1638 1639 $commentid = intRequestVar('commentid'); 1640 1641 // get item id first 1642 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); 1643 $o = sql_fetch_object($res); 1644 $itemid = $o->citem; 1645 1646 $error = $this->deleteOneComment($commentid); 1647 if ($error) 1648 $this->doError($error); 1649 1650 if ($member->canAlterItem($itemid)) 1651 $this->action_itemcommentlist($itemid); 1652 else 1653 $this->action_browseowncomments(); 1654 } 1655 1656 /** 1657 * @todo document this 1658 */ 1659 function deleteOneComment($commentid) { 1660 global $member, $manager; 1661 1662 $commentid = intval($commentid); 1663 1664 if (!$member->canAlterComment($commentid)) 1665 return _ERROR_DISALLOWED; 1666 1667 $manager->notify('PreDeleteComment', array('commentid' => $commentid)); 1668 1669 // delete the comments associated with the item 1670 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid; 1671 sql_query($query); 1672 1673 $manager->notify('PostDeleteComment', array('commentid' => $commentid)); 1674 1675 return ''; 1676 } 1677 1678 /** 1679 * Usermanagement main 1680 */ 1681 function action_usermanagement() { 1682 global $member, $manager; 1683 1684 // check if allowed 1685 $member->isAdmin() or $this->disallow(); 1686 1687 $this->pagehead(); 1688 1689 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 1690 1691 echo '<h2>' . _MEMBERS_TITLE .'</h2>'; 1692 1693 echo '<h3>' . _MEMBERS_CURRENT .'</h3>'; 1694 1695 // show list of members with actions 1696 $query = 'SELECT *' 1697 . ' FROM '.sql_table('member'); 1698 $template['content'] = 'memberlist'; 1699 $template['tabindex'] = 10; 1700 1701 $manager->loadClass("ENCAPSULATE"); 1702 $batch =& new BATCH('member'); 1703 $batch->showlist($query,'table',$template); 1704 1705 echo '<h3>' . _MEMBERS_NEW .'</h3>'; 1706 ?> 1707 <form method="post" action="index.php" name="memberedit"><div> 1708 1709 <input type="hidden" name="action" value="memberadd" /> 1710 <?php $manager->addTicketHidden() ?> 1711 1712 <table> 1713 <tr> 1714 <th colspan="2"><?php echo _MEMBERS_NEW?></th> 1715 </tr><tr> 1716 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 1717 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 1718 </td> 1719 <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td> 1720 </tr><tr> 1721 <td><?php echo _MEMBERS_REALNAME?></td> 1722 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td> 1723 </tr><tr> 1724 <td><?php echo _MEMBERS_PWD?></td> 1725 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td> 1726 </tr><tr> 1727 <td><?php echo _MEMBERS_REPPWD?></td> 1728 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td> 1729 </tr><tr> 1730 <td><?php echo _MEMBERS_EMAIL?></td> 1731 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td> 1732 </tr><tr> 1733 <td><?php echo _MEMBERS_URL?></td> 1734 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td> 1735 </tr><tr> 1736 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 1737 <td><?php $this->input_yesno('admin',0,10060); ?> </td> 1738 </tr><tr> 1739 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 1740 <td><?php $this->input_yesno('canlogin',1,10070); ?></td> 1741 </tr><tr> 1742 <td><?php echo _MEMBERS_NOTES?></td> 1743 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td> 1744 </tr><tr> 1745 <td><?php echo _MEMBERS_NEW?></td> 1746 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td> 1747 </tr></table> 1748 1749 </div></form> 1750 <?php 1751 $this->pagefoot(); 1752 } 1753 1754 /** 1755 * Edit member settings 1756 */ 1757 function action_memberedit() { 1758 $this->action_editmembersettings(intRequestVar('memberid')); 1759 } 1760 1761 /** 1762 * @todo document this 1763 */ 1764 function action_editmembersettings($memberid = '') { 1765 global $member, $manager, $CONF; 1766 1767 if ($memberid == '') 1768 $memberid = $member->getID(); 1769 1770 // check if allowed 1771 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 1772 1773 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 1774 $this->pagehead($extrahead); 1775 1776 // show message to go back to member overview (only for admins) 1777 if ($member->isAdmin()) 1778 echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>'; 1779 else 1780 echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>'; 1781 1782 echo '<h2>' . _MEMBERS_EDIT . '</h2>'; 1783 1784 $mem = MEMBER::createFromID($memberid); 1785 1786 ?> 1787 <form method="post" action="index.php" name="memberedit"><div> 1788 1789 <input type="hidden" name="action" value="changemembersettings" /> 1790 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 1791 <?php $manager->addTicketHidden() ?> 1792 1793 <table><tr> 1794 <th colspan="2"><?php echo _MEMBERS_EDIT?></th> 1795 </tr><tr> 1796 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 1797 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 1798 </td> 1799 <td> 1800 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 1801 <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo htmlspecialchars($mem->getDisplayName()); ?>" /> 1802 <?php } else { 1803 echo htmlspecialchars($member->getDisplayName()); 1804 } 1805 ?> 1806 </td> 1807 </tr><tr> 1808 <td><?php echo _MEMBERS_REALNAME?></td> 1809 <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo htmlspecialchars($mem->getRealName()); ?>" /></td> 1810 </tr><tr> 1811 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 1812 <td><?php echo _MEMBERS_PWD?></td> 1813 <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td> 1814 </tr><tr> 1815 <td><?php echo _MEMBERS_REPPWD?></td> 1816 <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td> 1817 <?php } ?> 1818 </tr><tr> 1819 <td><?php echo _MEMBERS_EMAIL?> 1820 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small> 1821 </td> 1822 <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo htmlspecialchars($mem->getEmail()); ?>" /></td> 1823 </tr><tr> 1824 <td><?php echo _MEMBERS_URL?></td> 1825 <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getURL()); ?>" /></td> 1826 <?php // only allow to change this by super-admins 1827 // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-) 1828 if ($member->isAdmin()) { 1829 ?> 1830 </tr><tr> 1831 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 1832 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td> 1833 </tr><tr> 1834 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 1835 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td> 1836 <?php } ?> 1837 </tr><tr> 1838 <td><?php echo _MEMBERS_NOTES?></td> 1839 <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getNotes()); ?>" /></td> 1840 </tr><tr> 1841 <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?> 1842 </td> 1843 <td> 1844 1845 <select name="deflang" tabindex="85"> 1846 <option value=""><?php echo _MEMBERS_USESITELANG?></option> 1847 <?php // show a dropdown list of all available languages 1848 global $DIR_LANG; 1849 $dirhandle = opendir($DIR_LANG); 1850 1851 while ($filename = readdir($dirhandle)) 1852 { 1853 1854 # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 1855 # original ereg: ereg("^(.*)\.php$", $filename, $matches) 1856 1857 if (preg_match('#^(.*)\.php$#', $filename, $matches) ) 1858 { 1859 1860 $name = $matches[1]; 1861 echo "<option value=\"$name\""; 1862 1863 if ($name == $mem->getLanguage() ) 1864 { 1865 echo " selected=\"selected\""; 1866 } 1867 1868 echo ">$name</option>"; 1869 1870 } 1871 1872 } 1873 1874 closedir($dirhandle); 1875 1876 ?> 1877 </select> 1878 1879 </td> 1880 </tr> 1881 <tr> 1882 <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td> 1883 <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td> 1884 </tr> 1885 <?php 1886 // plugin options 1887 $this->_insertPluginOptions('member',$memberid); 1888 ?> 1889 <tr> 1890 <th colspan="2"><?php echo _MEMBERS_EDIT ?></th> 1891 </tr><tr> 1892 <td><?php echo _MEMBERS_EDIT?></td> 1893 <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td> 1894 </tr></table> 1895 1896 </div></form> 1897 1898 <?php 1899 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 1900 1901 $manager->notify( 1902 'MemberSettingsFormExtras', 1903 array( 1904 'member' => &$mem 1905 ) 1906 ); 1907 1908 $this->pagefoot(); 1909 } 1910 1911 /** 1912 * @todo document this 1913 */ 1914 function action_changemembersettings() { 1915 global $member, $CONF, $manager; 1916 1917 $memberid = intRequestVar('memberid'); 1918 1919 // check if allowed 1920 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 1921 1922 $name = trim(strip_tags(postVar('name'))); 1923 $realname = trim(strip_tags(postVar('realname'))); 1924 $password = postVar('password'); 1925 $repeatpassword = postVar('repeatpassword'); 1926 $email = strip_tags(postVar('email')); 1927 $url = strip_tags(postVar('url')); 1928 1929 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 1930 # original eregi: !eregi("^https?://", $url) 1931 1932 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. 1933 if (!preg_match('#^https?://#', $url) ) 1934 { 1935 $url = 'http://' . $url; 1936 } 1937 1938 $admin = postVar('admin'); 1939 $canlogin = postVar('canlogin'); 1940 $notes = strip_tags(postVar('notes')); 1941 $deflang = postVar('deflang'); 1942 1943 $mem = MEMBER::createFromID($memberid); 1944 1945 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 1946 1947 if (!isValidDisplayName($name)) 1948 $this->error(_ERROR_BADNAME); 1949 1950 if (($name != $mem->getDisplayName()) && MEMBER::exists($name)) 1951 $this->error(_ERROR_NICKNAMEINUSE); 1952 1953 if ($password != $repeatpassword) 1954 $this->error(_ERROR_PASSWORDMISMATCH); 1955 1956 if ($password && (strlen($password) < 6)) 1957 $this->error(_ERROR_PASSWORDTOOSHORT); 1958 1959 if ($password) { 1960 $pwdvalid = true; 1961 $pwderror = ''; 1962 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); 1963 if (!$pwdvalid) { 1964 $this->error($pwderror); 1965 } 1966 } 1967 } 1968 1969 if (!isValidMailAddress($email)) 1970 $this->error(_ERROR_BADMAILADDRESS); 1971 1972 1973 if (!$realname) 1974 $this->error(_ERROR_REALNAMEMISSING); 1975 1976 if (($deflang != '') && (!checkLanguage($deflang))) 1977 $this->error(_ERROR_NOSUCHLANGUAGE); 1978 1979 // check if there will remain at least one site member with both the logon and admin rights 1980 // (check occurs when taking away one of these rights from such a member) 1981 if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) 1982 || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) 1983 ) 1984 { 1985 $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); 1986 if (sql_num_rows($r) < 2) 1987 $this->error(_ERROR_ATLEASTONEADMIN); 1988 } 1989 1990 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 1991 $mem->setDisplayName($name); 1992 if ($password) 1993 $mem->setPassword($password); 1994 } 1995 1996 $oldEmail = $mem->getEmail(); 1997 1998 $mem->setRealName($realname); 1999 $mem->setEmail($email); 2000 $mem->setURL($url); 2001 $mem->setNotes($notes); 2002 $mem->setLanguage($deflang); 2003 2004 2005 // only allow super-admins to make changes to the admin status 2006 if ($member->isAdmin()) { 2007 $mem->setAdmin($admin); 2008 $mem->setCanLogin($canlogin); 2009 } 2010 2011 $autosave = postVar ('autosave'); 2012 $mem->setAutosave($autosave); 2013 2014 $mem->write(); 2015 2016 // store plugin options 2017 $aOptions = requestArray('plugoption'); 2018 NucleusPlugin::_applyPluginOptions($aOptions); 2019 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); 2020 2021 // if email changed, generate new password 2022 if ($oldEmail != $mem->getEmail()) 2023 { 2024 $mem->sendActivationLink('addresschange', $oldEmail); 2025 // logout member 2026 $mem->newCookieKey(); 2027 2028 // only log out if the member being edited is the current member. 2029 if ($member->getID() == $memberid) 2030 $member->logout(); 2031 $this->action_login(_MSG_ACTIVATION_SENT, 0); 2032 return; 2033 } 2034 2035 2036 if ( ( $mem->getID() == $member->getID() ) 2037 && ( $mem->getDisplayName() != $member->getDisplayName() ) 2038 ) { 2039 $mem->newCookieKey(); 2040 $member->logout(); 2041 $this->action_login(_MSG_LOGINAGAIN, 0); 2042 } else { 2043 $this->action_overview(_MSG_SETTINGSCHANGED); 2044 } 2045 } 2046 2047 /** 2048 * @todo document this 2049 */ 2050 function action_memberadd() { 2051 global $member, $manager; 2052 2053 // check if allowed 2054 $member->isAdmin() or $this->disallow(); 2055 2056 if (postVar('password') != postVar('repeatpassword')) 2057 $this->error(_ERROR_PASSWORDMISMATCH); 2058 if (strlen(postVar('password')) < 6) 2059 $this->error(_ERROR_PASSWORDTOOSHORT); 2060 2061 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes')); 2062 if ($res != 1) 2063 $this->error($res); 2064 2065 // fire PostRegister event 2066 $newmem = new MEMBER(); 2067 $newmem->readFromName(postVar('name')); 2068 $manager->notify('PostRegister',array('member' => &$newmem)); 2069 2070 $this->action_usermanagement(); 2071 } 2072 2073 /** 2074 * Account activation 2075 * 2076 * @author dekarma 2077 */ 2078 function action_activate() { 2079 2080 $key = getVar('key'); 2081 $this->_showActivationPage($key); 2082 } 2083 2084 /** 2085 * @todo document this 2086 */ 2087 function _showActivationPage($key, $message = '') 2088 { 2089 global $manager; 2090 2091 // clean up old activation keys 2092 MEMBER::cleanupActivationTable(); 2093 2094 // get activation info 2095 $info = MEMBER::getActivationInfo($key); 2096 2097 if (!$info) 2098 $this->error(_ERROR_ACTIVATE); 2099 2100 $mem = MEMBER::createFromId($info->vmember); 2101 2102 if (!$mem) 2103 $this->error(_ERROR_ACTIVATE); 2104 2105 $text = ''; 2106 $title = ''; 2107 $bNeedsPasswordChange = true; 2108 2109 switch ($info->vtype) 2110 { 2111 case 'forgot': 2112 $title = _ACTIVATE_FORGOT_TITLE; 2113 $text = _ACTIVATE_FORGOT_TEXT; 2114 break; 2115 case 'register': 2116 $title = _ACTIVATE_REGISTER_TITLE; 2117 $text = _ACTIVATE_REGISTER_TEXT; 2118 break; 2119 case 'addresschange': 2120 $title = _ACTIVATE_CHANGE_TITLE; 2121 $text = _ACTIVATE_CHANGE_TEXT; 2122 $bNeedsPasswordChange = false; 2123 MEMBER::activate($key); 2124 break; 2125 } 2126 2127 $aVars = array( 2128 'memberName' => htmlspecialchars($mem->getDisplayName()) 2129 ); 2130 $title = TEMPLATE::fill($title, $aVars); 2131 $text = TEMPLATE::fill($text, $aVars); 2132 2133 $this->pagehead(); 2134 2135 echo '<h2>' , $title, '</h2>'; 2136 echo '<p>' , $text, '</p>'; 2137 2138 if ($message != '') 2139 { 2140 echo '<p class="error">',$message,'</p>'; 2141 } 2142 2143 if ($bNeedsPasswordChange) 2144 { 2145 ?> 2146 <div><form action="index.php" method="post"> 2147 2148 <input type="hidden" name="action" value="activatesetpwd" /> 2149 <?php $manager->addTicketHidden() ?> 2150 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" /> 2151 2152 <table><tr> 2153 <td><?php echo _MEMBERS_PWD?></td> 2154 <td><input type="password" maxlength="40" size="16" name="password" /></td> 2155 </tr><tr> 2156 <td><?php echo _MEMBERS_REPPWD?></td> 2157 <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td> 2158 <?php 2159 2160 global $manager; 2161 $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem)); 2162 2163 ?> 2164 </tr><tr> 2165 <td><?php echo _MEMBERS_SETPWD ?></td> 2166 <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td> 2167 </tr></table> 2168 2169 2170 </form></div> 2171 2172 <?php 2173 2174 } 2175 2176 $this->pagefoot(); 2177 2178 } 2179 2180 /** 2181 * Account activation - set password part 2182 * 2183 * @author dekarma 2184 */ 2185 function action_activatesetpwd() { 2186 2187 $key = postVar('key'); 2188 2189 // clean up old activation keys 2190 MEMBER::cleanupActivationTable(); 2191 2192 // get activation info 2193 $info = MEMBER::getActivationInfo($key); 2194 2195 if (!$info || ($info->type == 'addresschange')) 2196 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 2197 2198 $mem = MEMBER::createFromId($info->vmember); 2199 2200 if (!$mem) 2201 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 2202 2203 $password = postVar('password'); 2204 $repeatpassword = postVar('repeatpassword'); 2205 2206 if ($password != $repeatpassword) 2207 return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); 2208 2209 if ($password && (strlen($password) < 6)) 2210 return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); 2211 2212 if ($password) { 2213 $pwdvalid = true; 2214 $pwderror = ''; 2215 global $manager; 2216 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); 2217 if (!$pwdvalid) { 2218 return $this->_showActivationPage($key,$pwderror); 2219 } 2220 } 2221 2222 $error = ''; 2223 2224 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error)); 2225 if ($error != '') 2226 return $this->_showActivationPage($key, $error); 2227 2228 2229 // set password 2230 $mem->setPassword($password); 2231 $mem->write(); 2232 2233 // do the activation 2234 MEMBER::activate($key); 2235 2236 $this->pagehead(); 2237 echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>'; 2238 echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>'; 2239 $this->pagefoot(); 2240 } 2241 2242 /** 2243 * Manage team 2244 */ 2245 function action_manageteam() { 2246 global $member, $manager; 2247 2248 $blogid = intRequestVar('blogid'); 2249 2250 // check if allowed 2251 $member->blogAdminRights($blogid) or $this->disallow(); 2252 2253 $this->pagehead(); 2254 2255 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 2256 2257 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>'; 2258 2259 echo '<h3>' . _TEAM_CURRENT . '</h3>'; 2260 2261 2262 2263 $query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin' 2264 . ' FROM '.sql_table('member').', '.sql_table('team') 2265 . ' WHERE tmember=mnumber and tblog=' . $blogid; 2266 2267 $template['content'] = 'teamlist'; 2268 $template['tabindex'] = 10; 2269 2270 $manager->loadClass("ENCAPSULATE"); 2271 $batch =& new BATCH('team'); 2272 $batch->showlist($query, 'table', $template); 2273 2274 ?> 2275 <h3><?php echo _TEAM_ADDNEW?></h3> 2276 2277 <form method='post' action='index.php'><div> 2278 2279 <input type='hidden' name='action' value='teamaddmember' /> 2280 <input type='hidden' name='blogid' value='<?php echo $blogid; ?>' /> 2281 <?php $manager->addTicketHidden() ?> 2282 2283 <table><tr> 2284 <td><?php echo _TEAM_CHOOSEMEMBER?></td> 2285 <td><?php // TODO: try to make it so only non-team-members are listed 2286 $query = 'SELECT mname as text, mnumber as value' 2287 . ' FROM '.sql_table('member'); 2288 2289 $template['name'] = 'memberid'; 2290 $template['tabindex'] = 10000; 2291 showlist($query,'select',$template); 2292 ?></td> 2293 </tr><tr> 2294 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td> 2295 <td><?php $this->input_yesno('admin',0,10020); ?></td> 2296 </tr><tr> 2297 <td><?php echo _TEAM_ADD?></td> 2298 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td> 2299 </tr></table> 2300 2301 </div></form> 2302 <?php 2303 $this->pagefoot(); 2304 } 2305 2306 /** 2307 * Add member to team 2308 */ 2309 function action_teamaddmember() { 2310 global $member, $manager; 2311 2312 $memberid = intPostVar('memberid'); 2313 $blogid = intPostVar('blogid'); 2314 $admin = intPostVar('admin'); 2315 2316 // check if allowed 2317 $member->blogAdminRights($blogid) or $this->disallow(); 2318 2319 $blog =& $manager->getBlog($blogid); 2320 if (!$blog->addTeamMember($memberid, $admin)) 2321 $this->error(_ERROR_ALREADYONTEAM); 2322 2323 $this->action_manageteam(); 2324 2325 } 2326 2327 /** 2328 * @todo document this 2329 */ 2330 function action_teamdelete() { 2331 global $member, $manager; 2332 2333 $memberid = intRequestVar('memberid'); 2334 $blogid = intRequestVar('blogid'); 2335 2336 // check if allowed 2337 $member->blogAdminRights($blogid) or $this->disallow(); 2338 2339 $teammem = MEMBER::createFromID($memberid); 2340 $blog =& $manager->getBlog($blogid); 2341 2342 $this->pagehead(); 2343 ?> 2344 <h2><?php echo _DELETE_CONFIRM?></h2> 2345 2346 <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b> 2347 </p> 2348 2349 2350 <form method="post" action="index.php"><div> 2351 <input type="hidden" name="action" value="teamdeleteconfirm" /> 2352 <?php $manager->addTicketHidden() ?> 2353 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 2354 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 2355 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 2356 </div></form> 2357 <?php 2358 $this->pagefoot(); 2359 } 2360 2361 /** 2362 * @todo document this 2363 */ 2364 function action_teamdeleteconfirm() { 2365 global $member; 2366 2367 $memberid = intRequestVar('memberid'); 2368 $blogid = intRequestVar('blogid'); 2369 2370 $error = $this->deleteOneTeamMember($blogid, $memberid); 2371 if ($error) 2372 $this->error($error); 2373 2374 2375 $this->action_manageteam(); 2376 } 2377 2378 /** 2379 * @todo document this 2380 */ 2381 function deleteOneTeamMember($blogid, $memberid) { 2382 global $member, $manager; 2383 2384 $blogid = intval($blogid); 2385 $memberid = intval($memberid); 2386 2387 // check if allowed 2388 if (!$member->blogAdminRights($blogid)) 2389 return _ERROR_DISALLOWED; 2390 2391 // check if: - there remains at least one blog admin 2392 // - (there remains at least one team member) 2393 $tmem = MEMBER::createFromID($memberid); 2394 2395 $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); 2396 2397 if ($tmem->isBlogAdmin($blogid)) { 2398 // check if there are more blog members left and at least one admin 2399 // (check for at least two admins before deletion) 2400 $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1'; 2401 $r = sql_query($query); 2402 if (sql_num_rows($r) < 2) 2403 return _ERROR_ATLEASTONEBLOGADMIN; 2404 } 2405 2406 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid"; 2407 sql_query($query); 2408 2409 $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); 2410 2411 return ''; 2412 } 2413 2414 /** 2415 * @todo document this 2416 */ 2417 function action_teamchangeadmin() { 2418 global $member; 2419 2420 $blogid = intRequestVar('blogid'); 2421 $memberid = intRequestVar('memberid'); 2422 2423 // check if allowed 2424 $member->blogAdminRights($blogid) or $this->disallow(); 2425 2426 $mem = MEMBER::createFromID($memberid); 2427 2428 // don't allow when there is only one admin at this moment 2429 if ($mem->isBlogAdmin($blogid)) { 2430 $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); 2431 if (sql_num_rows($r) == 1) 2432 $this->error(_ERROR_ATLEASTONEBLOGADMIN); 2433 } 2434 2435 if ($mem->isBlogAdmin($blogid)) 2436 $newval = 0; 2437 else 2438 $newval = 1; 2439 2440 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; 2441 sql_query($query); 2442 2443 // only show manageteam if member did not change its own admin privileges 2444 if ($member->isBlogAdmin($blogid)) 2445 $this->action_manageteam(); 2446 else 2447 $this->action_overview(_MSG_ADMINCHANGED); 2448 } 2449 2450 /** 2451 * @todo document this 2452 */ 2453 function action_blogsettings() { 2454 global $member, $manager; 2455 2456 $blogid = intRequestVar('blogid'); 2457 2458 // check if allowed 2459 $member->blogAdminRights($blogid) or $this->disallow(); 2460 2461 $blog =& $manager->getBlog($blogid); 2462 2463 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 2464 $this->pagehead($extrahead); 2465 2466 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 2467 ?> 2468 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2> 2469 2470 <h3><?php echo _EBLOG_TEAM_TITLE?></h3> 2471 2472 <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?> 2473 <?php 2474 $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid)); 2475 $aMemberNames = array(); 2476 while ($o = sql_fetch_object($res)) 2477 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')'); 2478 echo implode(',', $aMemberNames); 2479 ?> 2480 </p> 2481 2482 2483 2484 <p> 2485 <a href="index.php?action=manageteam&blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a> 2486 </p> 2487 2488 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3> 2489 2490 <form method="post" action="index.php"><div> 2491 2492 <input type="hidden" name="action" value="blogsettingsupdate" /> 2493 <?php $manager->addTicketHidden() ?> 2494 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 2495 <table><tr> 2496 <td><?php echo _EBLOG_NAME?></td> 2497 <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getName()) ?>" /></td> 2498 </tr><tr> 2499 <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?> 2500 <?php echo _EBLOG_SHORTNAME_EXTRA?> 2501 </td> 2502 <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo htmlspecialchars($blog->getShortName()) ?>" /></td> 2503 </tr><tr> 2504 <td><?php echo _EBLOG_DESC?></td> 2505 <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo htmlspecialchars($blog->getDescription()) ?>" /></td> 2506 </tr><tr> 2507 <td><?php echo _EBLOG_URL?></td> 2508 <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo htmlspecialchars($blog->getURL()) ?>" /></td> 2509 </tr><tr> 2510 <td><?php echo _EBLOG_DEFSKIN?> 2511 <?php help('blogdefaultskin'); ?> 2512 </td> 2513 <td> 2514 <?php 2515 $query = 'SELECT sdname as text, sdnumber as value' 2516 . ' FROM '.sql_table('skin_desc'); 2517 $template['name'] = 'defskin'; 2518 $template['selected'] = $blog->getDefaultSkin(); 2519 $template['tabindex'] = 50; 2520 showlist($query,'select',$template); 2521 ?> 2522 2523 </td> 2524 </tr><tr> 2525 <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?> 2526 </td> 2527 <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td> 2528 </tr><tr> 2529 <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?> 2530 </td> 2531 <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td> 2532 </tr><tr> 2533 <td><?php echo _EBLOG_DISABLECOMMENTS?> 2534 </td> 2535 <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td> 2536 </tr><tr> 2537 <td><?php echo _EBLOG_ANONYMOUS?> 2538 </td> 2539 <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td> 2540 </tr><tr> 2541 <td><?php echo _EBLOG_REQUIREDEMAIL?> 2542 </td> 2543 <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td> 2544 </tr><tr> 2545 <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td> 2546 <td><input name="notify" tabindex="80" maxlength="128" size="40" value="<?php echo htmlspecialchars($blog->getNotifyAddress()); ?>" /></td> 2547 </tr><tr> 2548 <td><?php echo _EBLOG_NOTIFY_ON?></td> 2549 <td> 2550 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment" 2551 <?php if ($blog->notifyOnComment()) echo "checked='checked'" ?> 2552 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label> 2553 <br /> 2554 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote" 2555 <?php if ($blog->notifyOnVote()) echo "checked='checked'" ?> 2556 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label> 2557 <br /> 2558 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem" 2559 <?php if ($blog->notifyOnNewItem()) echo "checked='checked'" ?> 2560 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label> 2561 </td> 2562 </tr><tr> 2563 <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td> 2564 <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo htmlspecialchars($blog->getMaxComments()); ?>" /></td> 2565 </tr><tr> 2566 <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td> 2567 <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getUpdateFile()) ?>" /></td> 2568 </tr><tr> 2569 <td><?php echo _EBLOG_DEFCAT?></td> 2570 <td> 2571 <?php 2572 $query = 'SELECT cname as text, catid as value' 2573 . ' FROM '.sql_table('category') 2574 . ' WHERE cblog=' . $blog->getID(); 2575 $template['name'] = 'defcat'; 2576 $template['selected'] = $blog->getDefaultCategory(); 2577 $template['tabindex'] = 110; 2578 showlist($query,'select',$template); 2579 ?> 2580 </td> 2581 </tr><tr> 2582 <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?> 2583 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 2584 <br /><?php echo _EBLOG_BTIME?> <b><?php echo strftime("%H:%M",$blog->getCorrectTime()); ?></b> 2585 </td> 2586 <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo htmlspecialchars($blog->getTimeOffset()); ?>" /></td> 2587 </tr><tr> 2588 <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td> 2589 <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td> 2590 </tr> 2591 <?php 2592 // plugin options 2593 $this->_insertPluginOptions('blog',$blogid); 2594 ?> 2595 <tr> 2596 <th colspan="2"><?php echo _EBLOG_CHANGE?></th> 2597 </tr><tr> 2598 <td><?php echo _EBLOG_CHANGE?></td> 2599 <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td> 2600 </tr></table> 2601 2602 </div></form> 2603 2604 <h3><?php echo _EBLOG_CAT_TITLE?></h3> 2605 2606 2607 <?php 2608 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname'; 2609 $template['content'] = 'categorylist'; 2610 $template['tabindex'] = 200; 2611 2612 $manager->loadClass("ENCAPSULATE"); 2613 $batch =& new BATCH('category'); 2614 $batch->showlist($query,'table',$template); 2615 2616 ?> 2617 2618 2619 <form action="index.php" method="post"><div> 2620 <input name="action" value="categorynew" type="hidden" /> 2621 <?php $manager->addTicketHidden() ?> 2622 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" /> 2623 2624 <table><tr> 2625 <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th> 2626 </tr><tr> 2627 <td><?php echo _EBLOG_CAT_NAME?></td> 2628 <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td> 2629 </tr><tr> 2630 <td><?php echo _EBLOG_CAT_DESC?></td> 2631 <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td> 2632 </tr><tr> 2633 <td><?php echo _EBLOG_CAT_CREATE?></td> 2634 <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td> 2635 </tr></table> 2636 2637 </div></form> 2638 2639 <?php 2640 2641 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 2642 2643 $manager->notify( 2644 'BlogSettingsFormExtras', 2645 array( 2646 'blog' => &$blog 2647 ) 2648 ); 2649 2650 $this->pagefoot(); 2651 } 2652 2653 /** 2654 * @todo document this 2655 */ 2656 function action_categorynew() { 2657 global $member, $manager; 2658 2659 $blogid = intRequestVar('blogid'); 2660 2661 $member->blogAdminRights($blogid) or $this->disallow(); 2662 2663 $cname = postVar('cname'); 2664 $cdesc = postVar('cdesc'); 2665 2666 if (!isValidCategoryName($cname)) 2667 $this->error(_ERROR_BADCATEGORYNAME); 2668 2669 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid); 2670 $res = sql_query($query); 2671 if (sql_num_rows($res) > 0) 2672 $this->error(_ERROR_DUPCATEGORYNAME); 2673 2674 $blog =& $manager->getBlog($blogid); 2675 $newCatID = $blog->createNewCategory($cname, $cdesc); 2676 2677 $this->action_blogsettings(); 2678 } 2679 2680 /** 2681 * @todo document this 2682 */ 2683 function action_categoryedit($catid = '', $blogid = '', $desturl = '') { 2684 global $member, $manager; 2685 2686 if ($blogid == '') 2687 $blogid = intGetVar('blogid'); 2688 else 2689 $blogid = intval($blogid); 2690 if ($catid == '') 2691 $catid = intGetVar('catid'); 2692 else 2693 $catid = intval($catid); 2694 2695 $member->blogAdminRights($blogid) or $this->disallow(); 2696 2697 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid"); 2698 $obj = sql_fetch_object($res); 2699 2700 $cname = $obj->cname; 2701 $cdesc = $obj->cdesc; 2702 2703 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 2704 $this->pagehead($extrahead); 2705 2706 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 2707 2708 ?> 2709 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2> 2710 <form method='post' action='index.php'><div> 2711 <input name="blogid" type="hidden" value="<?php echo $blogid?>" /> 2712 <input name="catid" type="hidden" value="<?php echo $catid?>" /> 2713 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" /> 2714 <input name="action" type="hidden" value="categoryupdate" /> 2715 <?php $manager->addTicketHidden(); ?> 2716 2717 <table><tr> 2718 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 2719 </tr><tr> 2720 <td><?php echo _EBLOG_CAT_NAME?></td> 2721 <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td> 2722 </tr><tr> 2723 <td><?php echo _EBLOG_CAT_DESC?></td> 2724 <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td> 2725 </tr> 2726 <?php 2727 // insert plugin options 2728 $this->_insertPluginOptions('category',$catid); 2729 ?> 2730 <tr> 2731 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 2732 </tr><tr> 2733 <td><?php echo _EBLOG_CAT_UPDATE?></td> 2734 <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td> 2735 </tr></table> 2736 2737 </div></form> 2738 <?php 2739 $this->pagefoot(); 2740 } 2741 2742 /** 2743 * @todo document this 2744 */ 2745 function action_categoryupdate() { 2746 global $member, $manager; 2747 2748 $blogid = intPostVar('blogid'); 2749 $catid = intPostVar('catid'); 2750 $cname = postVar('cname'); 2751 $cdesc = postVar('cdesc'); 2752 $desturl = postVar('desturl'); 2753 2754 $member->blogAdminRights($blogid) or $this->disallow(); 2755 2756 if (!isValidCategoryName($cname)) 2757 $this->error(_ERROR_BADCATEGORYNAME); 2758 2759 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)"; 2760 $res = sql_query($query); 2761 if (sql_num_rows($res) > 0) 2762 $this->error(_ERROR_DUPCATEGORYNAME); 2763 2764 $query = 'UPDATE '.sql_table('category').' SET' 2765 . " cname='" . sql_real_escape_string($cname) . "'," 2766 . " cdesc='" . sql_real_escape_string($cdesc) . "'" 2767 . " WHERE catid=" . $catid; 2768 2769 sql_query($query); 2770 2771 // store plugin options 2772 $aOptions = requestArray('plugoption'); 2773 NucleusPlugin::_applyPluginOptions($aOptions); 2774 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid)); 2775 2776 2777 if ($desturl) { 2778 redirect($desturl); 2779 exit; 2780 } else { 2781 $this->action_blogsettings(); 2782 } 2783 } 2784 2785 /** 2786 * @todo document this 2787 */ 2788 function action_categorydelete() { 2789 global $member, $manager; 2790 2791 $blogid = intRequestVar('blogid'); 2792 $catid = intRequestVar('catid'); 2793 2794 $member->blogAdminRights($blogid) or $this->disallow(); 2795 2796 $blog =& $manager->getBlog($blogid); 2797 2798 // check if the category is valid 2799 if (!$blog->isValidCategory($catid)) 2800 $this->error(_ERROR_NOSUCHCATEGORY); 2801 2802 // don't allow deletion of default category 2803 if ($blog->getDefaultCategory() == $catid) 2804 $this->error(_ERROR_DELETEDEFCATEGORY); 2805 2806 // check if catid is the only category left for blogid 2807 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 2808 $res = sql_query($query); 2809 if (sql_num_rows($res) == 1) 2810 $this->error(_ERROR_DELETELASTCATEGORY); 2811 2812 2813 $this->pagehead(); 2814 ?> 2815 <h2><?php echo _DELETE_CONFIRM?></h2> 2816 2817 <div> 2818 <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo htmlspecialchars($blog->getCategoryName($catid))?></b> 2819 </div> 2820 2821 <form method="post" action="index.php"><div> 2822 <input type="hidden" name="action" value="categorydeleteconfirm" /> 2823 <?php $manager->addTicketHidden() ?> 2824 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 2825 <input type="hidden" name="catid" value="<?php echo $catid?>" /> 2826 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 2827 </div></form> 2828 <?php 2829 $this->pagefoot(); 2830 } 2831 2832 /** 2833 * @todo document this 2834 */ 2835 function action_categorydeleteconfirm() { 2836 global $member, $manager; 2837 2838 $blogid = intRequestVar('blogid'); 2839 $catid = intRequestVar('catid'); 2840 2841 $member->blogAdminRights($blogid) or $this->disallow(); 2842 2843 $error = $this->deleteOneCategory($catid); 2844 if ($error) 2845 $this->error($error); 2846 2847 $this->action_blogsettings(); 2848 } 2849 2850 /** 2851 * @todo document this 2852 */ 2853 function deleteOneCategory($catid) { 2854 global $manager, $member; 2855 2856 $catid = intval($catid); 2857 2858 $blogid = getBlogIDFromCatID($catid); 2859 2860 if (!$member->blogAdminRights($blogid)) 2861 return ERROR_DISALLOWED; 2862 2863 // get blog 2864 $blog =& $manager->getBlog($blogid); 2865 2866 // check if the category is valid 2867 if (!$blog || !$blog->isValidCategory($catid)) 2868 return _ERROR_NOSUCHCATEGORY; 2869 2870 $destcatid = $blog->getDefaultCategory(); 2871 2872 // don't allow deletion of default category 2873 if ($blog->getDefaultCategory() == $catid) 2874 return _ERROR_DELETEDEFCATEGORY; 2875 2876 // check if catid is the only category left for blogid 2877 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 2878 $res = sql_query($query); 2879 if (sql_num_rows($res) == 1) 2880 return _ERROR_DELETELASTCATEGORY; 2881 2882 $manager->notify('PreDeleteCategory', array('catid' => $catid)); 2883 2884 // change category for all items to the default category 2885 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid"; 2886 sql_query($query); 2887 2888 // delete all associated plugin options 2889 NucleusPlugin::_deleteOptionValues('category', $catid); 2890 2891 // delete category 2892 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid; 2893 sql_query($query); 2894 2895 $manager->notify('PostDeleteCategory', array('catid' => $catid)); 2896 2897 } 2898 2899 /** 2900 * @todo document this 2901 */ 2902 function moveOneCategory($catid, $destblogid) { 2903 global $manager, $member; 2904 2905 $catid = intval($catid); 2906 $destblogid = intval($destblogid); 2907 2908 $blogid = getBlogIDFromCatID($catid); 2909 2910 // mover should have admin rights on both blogs 2911 if (!$member->blogAdminRights($blogid)) 2912 return _ERROR_DISALLOWED; 2913 if (!$member->blogAdminRights($destblogid)) 2914 return _ERROR_DISALLOWED; 2915 2916 // cannot move to self 2917 if ($blogid == $destblogid) 2918 return _ERROR_MOVETOSELF; 2919 2920 // get blogs 2921 $blog =& $manager->getBlog($blogid); 2922 $destblog =& $manager->getBlog($destblogid); 2923 2924 // check if the category is valid 2925 if (!$blog || !$blog->isValidCategory($catid)) 2926 return _ERROR_NOSUCHCATEGORY; 2927 2928 // don't allow default category to be moved 2929 if ($blog->getDefaultCategory() == $catid) 2930 return _ERROR_MOVEDEFCATEGORY; 2931 2932 $manager->notify( 2933 'PreMoveCategory', 2934 array( 2935 'catid' => &$catid, 2936 'sourceblog' => &$blog, 2937 'destblog' => &$destblog 2938 ) 2939 ); 2940 2941 // update comments table (cblog) 2942 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid; 2943 $items = sql_query($query); 2944 while ($oItem = sql_fetch_object($items)) { 2945 sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber); 2946 } 2947 2948 // update items (iblog) 2949 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid; 2950 sql_query($query); 2951 2952 // move category 2953 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid; 2954 sql_query($query); 2955 2956 $manager->notify( 2957 'PostMoveCategory', 2958 array( 2959 'catid' => &$catid, 2960 'sourceblog' => &$blog, 2961 'destblog' => $destblog 2962 ) 2963 ); 2964 2965 } 2966 2967 /** 2968 * @todo document this 2969 */ 2970 function action_blogsettingsupdate() { 2971 global $member, $manager; 2972 2973 $blogid = intRequestVar('blogid'); 2974 2975 $member->blogAdminRights($blogid) or $this->disallow(); 2976 2977 $blog =& $manager->getBlog($blogid); 2978 2979 $notify = trim(postVar('notify')); 2980 $shortname = trim(postVar('shortname')); 2981 $updatefile = trim(postVar('update')); 2982 2983 $notifyComment = intPostVar('notifyComment'); 2984 $notifyVote = intPostVar('notifyVote'); 2985 $notifyNewItem = intPostVar('notifyNewItem'); 2986 2987 if ($notifyComment == 0) $notifyComment = 1; 2988 if ($notifyVote == 0) $notifyVote = 1; 2989 if ($notifyNewItem == 0) $notifyNewItem = 1; 2990 2991 $notifyType = $notifyComment * $notifyVote * $notifyNewItem; 2992 2993 2994 if ($notify) { 2995 $not =& new NOTIFICATION($notify); 2996 if (!$not->validAddresses()) 2997 $this->error(_ERROR_BADNOTIFY); 2998 2999 } 3000 3001 if (!isValidShortName($shortname)) 3002 $this->error(_ERROR_BADSHORTBLOGNAME); 3003 3004 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname)) 3005 $this->error(_ERROR_DUPSHORTBLOGNAME); 3006 3007 // check if update file is writable 3008 if ($updatefile && !is_writeable($updatefile)) 3009 $this->error(_ERROR_UPDATEFILE); 3010 3011 $blog->setName(trim(postVar('name'))); 3012 $blog->setShortName($shortname); 3013 $blog->setNotifyAddress($notify); 3014 $blog->setNotifyType($notifyType); 3015 $blog->setMaxComments(postVar('maxcomments')); 3016 $blog->setCommentsEnabled(postVar('comments')); 3017 $blog->setTimeOffset(postVar('timeoffset')); 3018 $blog->setUpdateFile($updatefile); 3019 $blog->setURL(trim(postVar('url'))); 3020 $blog->setDefaultSkin(intPostVar('defskin')); 3021 $blog->setDescription(trim(postVar('desc'))); 3022 $blog->setPublic(postVar('public')); 3023 $blog->setConvertBreaks(intPostVar('convertbreaks')); 3024 $blog->setAllowPastPosting(intPostVar('allowpastposting')); 3025 $blog->setDefaultCategory(intPostVar('defcat')); 3026 $blog->setSearchable(intPostVar('searchable')); 3027 $blog->setEmailRequired(intPostVar('reqemail')); 3028 3029 $blog->writeSettings(); 3030 3031 // store plugin options 3032 $aOptions = requestArray('plugoption'); 3033 NucleusPlugin::_applyPluginOptions($aOptions); 3034 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog)); 3035 3036 3037 $this->action_overview(_MSG_SETTINGSCHANGED); 3038 } 3039 3040 /** 3041 * @todo document this 3042 */ 3043 function action_deleteblog() { 3044 global $member, $CONF, $manager; 3045 3046 $blogid = intRequestVar('blogid'); 3047 3048 $member->blogAdminRights($blogid) or $this->disallow(); 3049 3050 // check if blog is default blog 3051 if ($CONF['DefaultBlog'] == $blogid) 3052 $this->error(_ERROR_DELDEFBLOG); 3053 3054 $blog =& $manager->getBlog($blogid); 3055 3056 $this->pagehead(); 3057 ?> 3058 <h2><?php echo _DELETE_CONFIRM?></h2> 3059 3060 <p><?php echo _WARNINGTXT_BLOGDEL?> 3061 </p> 3062 3063 <div> 3064 <?php echo _CONFIRMTXT_BLOG?><b><?php echo htmlspecialchars($blog->getName())?></b> 3065 </div> 3066 3067 <form method="post" action="index.php"><div> 3068 <input type="hidden" name="action" value="deleteblogconfirm" /> 3069 <?php $manager->addTicketHidden() ?> 3070 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 3071 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 3072 </div></form> 3073 <?php 3074 $this->pagefoot(); 3075 } 3076 3077 /** 3078 * @todo document this 3079 */ 3080 function action_deleteblogconfirm() { 3081 global $member, $CONF, $manager; 3082 3083 $blogid = intRequestVar('blogid'); 3084 3085 $manager->notify('PreDeleteBlog', array('blogid' => $blogid)); 3086 3087 $member->blogAdminRights($blogid) or $this->disallow(); 3088 3089 // check if blog is default blog 3090 if ($CONF['DefaultBlog'] == $blogid) 3091 $this->error(_ERROR_DELDEFBLOG); 3092 3093 // delete all comments 3094 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid; 3095 sql_query($query); 3096 3097 // delete all items 3098 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid; 3099 sql_query($query); 3100 3101 // delete all team members 3102 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid; 3103 sql_query($query); 3104 3105 // delete all bans 3106 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid; 3107 sql_query($query); 3108 3109 // delete all categories 3110 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid; 3111 sql_query($query); 3112 3113 // delete all associated plugin options 3114 NucleusPlugin::_deleteOptionValues('blog', $blogid); 3115 3116 // delete the blog itself 3117 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid; 3118 sql_query($query); 3119 3120 $manager->notify('PostDeleteBlog', array('blogid' => $blogid)); 3121 3122 $this->action_overview(_DELETED_BLOG); 3123 } 3124 3125 /** 3126 * @todo document this 3127 */ 3128 function action_memberdelete() { 3129 global $member, $manager; 3130 3131 $memberid = intRequestVar('memberid'); 3132 3133 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 3134 3135 $mem = MEMBER::createFromID($memberid); 3136 3137 $this->pagehead(); 3138 ?> 3139 <h2><?php echo _DELETE_CONFIRM?></h2> 3140 3141 <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b> 3142 </p> 3143 3144 <p> 3145 <?php echo _WARNINGTXT_NOTDELMEDIAFILES ?> 3146 </p> 3147 3148 <form method="post" action="index.php"><div> 3149 <input type="hidden" name="action" value="memberdeleteconfirm" /> 3150 <?php $manager->addTicketHidden() ?> 3151 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 3152 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 3153 </div></form> 3154 <?php 3155 $this->pagefoot(); 3156 } 3157 3158 /** 3159 * @todo document this 3160 */ 3161 function action_memberdeleteconfirm() { 3162 global $member; 3163 3164 $memberid = intRequestVar('memberid'); 3165 3166 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 3167 3168 $error = $this->deleteOneMember($memberid); 3169 if ($error) 3170 $this->error($error); 3171 3172 if ($member->isAdmin()) 3173 $this->action_usermanagement(); 3174 else 3175 $this->action_overview(_DELETED_MEMBER); 3176 } 3177 3178 /** 3179 * @static 3180 * @todo document this 3181 */ 3182 function deleteOneMember($memberid) { 3183 global $manager; 3184 3185 $memberid = intval($memberid); 3186 $mem = MEMBER::createFromID($memberid); 3187 3188 if (!$mem->canBeDeleted()) 3189 return _ERROR_DELETEMEMBER; 3190 3191 $manager->notify('PreDeleteMember', array('member' => &$mem)); 3192 3193 /* unlink comments from memberid */ 3194 if ($memberid) { 3195 $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName()) 3196 .'" WHERE cmember='.$memberid; 3197 sql_query($query); 3198 } 3199 3200 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid; 3201 sql_query($query); 3202 3203 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid; 3204 sql_query($query); 3205 3206 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid; 3207 sql_query($query); 3208 3209 // delete all associated plugin options 3210 NucleusPlugin::_deleteOptionValues('member', $memberid); 3211 3212 $manager->notify('PostDeleteMember', array('member' => &$mem)); 3213 3214 return ''; 3215 } 3216 3217 /** 3218 * @todo document this 3219 */ 3220 function action_createnewlog() { 3221 global $member, $CONF, $manager; 3222 3223 // Only Super-Admins can do this 3224 $member->isAdmin() or $this->disallow(); 3225 3226 $this->pagehead(); 3227 3228 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3229 ?> 3230 <h2><?php echo _EBLOG_CREATE_TITLE?></h2> 3231 3232 <h3><?php echo _ADMIN_NOTABILIA ?></h3> 3233 3234 <p><?php echo _ADMIN_PLEASE_READ ?></p> 3235 3236 <p><?php echo _ADMIN_HOW_TO_ACCESS ?></p> 3237 3238 <ol> 3239 <li><?php echo _ADMIN_SIMPLE_WAY ?></li> 3240 <li><?php echo _ADMIN_ADVANCED_WAY ?></li> 3241 </ol> 3242 3243 <h3><?php echo _ADMIN_HOW_TO_CREATE ?></h3> 3244 3245 <p> 3246 <?php echo _EBLOG_CREATE_TEXT?> 3247 </p> 3248 3249 <form method="post" action="index.php"><div> 3250 3251 <input type="hidden" name="action" value="addnewlog" /> 3252 <?php $manager->addTicketHidden() ?> 3253 3254 3255 <table><tr> 3256 <td><?php echo _EBLOG_NAME?></td> 3257 <td><input name="name" tabindex="10" size="40" maxlength="60" /></td> 3258 </tr><tr> 3259 <td><?php echo _EBLOG_SHORTNAME?> 3260 <?php help('shortblogname'); ?> 3261 </td> 3262 <td><input name="shortname" tabindex="20" maxlength="15" size="15" /></td> 3263 </tr><tr> 3264 <td><?php echo _EBLOG_DESC?></td> 3265 <td><input name="desc" tabindex="30" maxlength="200" size="40" /></td> 3266 </tr><tr> 3267 <td><?php echo _EBLOG_DEFSKIN?> 3268 <?php help('blogdefaultskin'); ?> 3269 </td> 3270 <td> 3271 <?php 3272 $query = 'SELECT sdname as text, sdnumber as value' 3273 . ' FROM '.sql_table('skin_desc'); 3274 $template['name'] = 'defskin'; 3275 $template['tabindex'] = 50; 3276 $template['selected'] = $CONF['BaseSkin']; // set default selected skin to be globally defined base skin 3277 showlist($query,'select',$template); 3278 ?> 3279 </td> 3280 </tr><tr> 3281 <td><?php echo _EBLOG_OFFSET?> 3282 <?php help('blogtimeoffset'); ?> 3283 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 3284 </td> 3285 <td><input name="timeoffset" tabindex="110" size="3" value="0" /></td> 3286 </tr><tr> 3287 <td><?php echo _EBLOG_ADMIN?> 3288 <?php help('teamadmin'); ?> 3289 </td> 3290 <td><?php echo _EBLOG_ADMIN_MSG?></td> 3291 </tr><tr> 3292 <td><?php echo _EBLOG_CREATE?></td> 3293 <td><input type="submit" tabindex="120" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3294 </tr></table> 3295 3296 </div></form> 3297 <?php 3298 $this->pagefoot(); 3299 } 3300 3301 /** 3302 * @todo document this 3303 */ 3304 function action_addnewlog() { 3305 global $member, $manager, $CONF; 3306 3307 // Only Super-Admins can do this 3308 $member->isAdmin() or $this->disallow(); 3309 3310 $bname = trim(postVar('name')); 3311 $bshortname = trim(postVar('shortname')); 3312 $btimeoffset = postVar('timeoffset'); 3313 $bdesc = trim(postVar('desc')); 3314 $bdefskin = postVar('defskin'); 3315 3316 if (!isValidShortName($bshortname)) 3317 $this->error(_ERROR_BADSHORTBLOGNAME); 3318 3319 if ($manager->existsBlog($bshortname)) 3320 $this->error(_ERROR_DUPSHORTBLOGNAME); 3321 3322 $manager->notify( 3323 'PreAddBlog', 3324 array( 3325 'name' => &$bname, 3326 'shortname' => &$bshortname, 3327 'timeoffset' => &$btimeoffset, 3328 'description' => &$bdesc, 3329 'defaultskin' => &$bdefskin 3330 ) 3331 ); 3332 3333 3334 // add slashes for sql queries 3335 $bname = sql_real_escape_string($bname); 3336 $bshortname = sql_real_escape_string($bshortname); 3337 $btimeoffset = sql_real_escape_string($btimeoffset); 3338 $bdesc = sql_real_escape_string($bdesc); 3339 $bdefskin = sql_real_escape_string($bdefskin); 3340 3341 // create blog 3342 $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')"; 3343 sql_query($query); 3344 $blogid = sql_insert_id(); 3345 $blog =& $manager->getBlog($blogid); 3346 3347 // create new category 3348 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General'); 3349 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories'); 3350 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")'; 3351 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc)); 3352 // sql_query(sprintf($sql, sql_table('category'), $blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)); 3353 // sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)"); 3354 $catid = sql_insert_id(); 3355 3356 // set as default category 3357 $blog->setDefaultCategory($catid); 3358 $blog->writeSettings(); 3359 3360 // create team member 3361 $memberid = $member->getID(); 3362 $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)"; 3363 sql_query($query); 3364 3365 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); 3366 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); 3367 3368 $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); 3369 //$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); 3370 3371 3372 3373 $manager->notify( 3374 'PostAddBlog', 3375 array( 3376 'blog' => &$blog 3377 ) 3378 ); 3379 3380 $manager->notify( 3381 'PostAddCategory', 3382 array( 3383 'blog' => &$blog, 3384 'name' => _EBLOGDEFAULTCATEGORY_NAME, 3385 'description' => _EBLOGDEFAULTCATEGORY_DESC, 3386 'catid' => $catid 3387 ) 3388 ); 3389 3390 $this->pagehead(); 3391 ?> 3392 <h2><?php echo _BLOGCREATED_TITLE ?></h2> 3393 3394 <p><?php echo sprintf(_BLOGCREATED_ADDEDTXT, htmlspecialchars($bname)) ?></p> 3395 3396 <ol> 3397 <li><a href="#index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></a></li> 3398 <li><a href="#skins"><?php echo _BLOGCREATED_ADVANCEDWAY ?></a></li> 3399 </ol> 3400 3401 <h3><a id="index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3> 3402 3403 <p><?php echo sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p> 3404 <pre><code><?php 3405 3406 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>'; 3407 3408 include('<i>./config.php</i>'); 3409 3410 selectBlog('<b><?php echo htmlspecialchars($bshortname)?></b>'); 3411 selector(); 3412 3413 ?></code></pre> 3414 3415 <p><?php echo _BLOGCREATED_SIMPLEDESC3 ?></p> 3416 3417 <p><?php echo _BLOGCREATED_SIMPLEDESC4 ?></p> 3418 3419 <form action="index.php" method="post"><div> 3420 <input type="hidden" name="action" value="addnewlog2" /> 3421 <?php $manager->addTicketHidden() ?> 3422 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 3423 <table><tr> 3424 <td><?php echo _EBLOG_URL?></td> 3425 <td><input name="url" maxlength="100" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL'].$bshortname.'.php')?>" /></td> 3426 </tr><tr> 3427 <td><?php echo _EBLOG_CREATE?></td> 3428 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3429 </tr></table> 3430 </div></form> 3431 3432 <h3><a id="skins"><?php echo _BLOGCREATED_ADVANCEDWAY2 ?></a></h3> 3433 3434 <p><?php echo _BLOGCREATED_ADVANCEDWAY3 ?></p> 3435 3436 <form action="index.php" method="post"><div> 3437 <input type="hidden" name="action" value="addnewlog2" /> 3438 <?php $manager->addTicketHidden() ?> 3439 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 3440 <table><tr> 3441 <td><?php echo _EBLOG_URL?></td> 3442 <td><input name="url" maxlength="100" size="40" /></td> 3443 </tr><tr> 3444 <td><?php echo _EBLOG_CREATE?></td> 3445 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3446 </tr></table> 3447 </div></form> 3448 3449 <?php $this->pagefoot(); 3450 3451 } 3452 3453 /** 3454 * @todo document this 3455 */ 3456 function action_addnewlog2() { 3457 global $member, $manager; 3458 3459 $member->blogAdminRights($blogid) or $this->disallow(); 3460 3461 $burl = requestVar('url'); 3462 $blogid = intRequestVar('blogid'); 3463 3464 $blog =& $manager->getBlog($blogid); 3465 $blog->setURL(trim($burl)); 3466 $blog->writeSettings(); 3467 3468 $this->action_overview(_MSG_NEWBLOG); 3469 } 3470 3471 /** 3472 * @todo document this 3473 */ 3474 function action_skinieoverview() { 3475 global $member, $DIR_LIBS, $manager; 3476 3477 $member->isAdmin() or $this->disallow(); 3478 3479 // load skinie class 3480 include_once ($DIR_LIBS . 'skinie.php'); 3481 3482 $this->pagehead(); 3483 3484 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3485 3486 ?> 3487 <h2><?php echo _SKINIE_TITLE_IMPORT?></h2> 3488 3489 <p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label> 3490 <?php global $DIR_SKINS; 3491 3492 $candidates = SKINIMPORT::searchForCandidates($DIR_SKINS); 3493 3494 if (sizeof($candidates) > 0) { 3495 ?> 3496 <form method="post" action="index.php"><div> 3497 <input type="hidden" name="action" value="skinieimport" /> 3498 <?php $manager->addTicketHidden() ?> 3499 <input type="hidden" name="mode" value="file" /> 3500 <select name="skinfile" id="skinie_import_local"> 3501 <?php foreach ($candidates as $skinname => $skinfile) { 3502 $html = htmlspecialchars($skinfile); 3503 echo '<option value="',$html,'">',$skinname,'</option>'; 3504 } 3505 ?> 3506 </select> 3507 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 3508 </div></form> 3509 <?php } else { 3510 echo _SKINIE_NOCANDIDATES; 3511 } 3512 ?> 3513 </p> 3514 3515 <p><em><?php echo _OR?></em></p> 3516 3517 <form method="post" action="index.php"><p> 3518 <?php $manager->addTicketHidden() ?> 3519 <input type="hidden" name="action" value="skinieimport" /> 3520 <input type="hidden" name="mode" value="url" /> 3521 <label for="skinie_import_url"><?php echo _SKINIE_FROMURL?></label> 3522 <input type="text" name="skinfile" id="skinie_import_url" size="60" value="http://" /> 3523 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 3524 </p></form> 3525 3526 3527 <h2><?php echo _SKINIE_TITLE_EXPORT?></h2> 3528 <form method="post" action="index.php"><div> 3529 <input type="hidden" name="action" value="skinieexport" /> 3530 <?php $manager->addTicketHidden() ?> 3531 3532 <p><?php echo _SKINIE_EXPORT_INTRO?></p> 3533 3534 <table><tr> 3535 <th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th> 3536 </tr><tr> 3537 <?php // show list of skins 3538 $res = sql_query('SELECT * FROM '.sql_table('skin_desc')); 3539 while ($skinObj = sql_fetch_object($res)) { 3540 $id = 'skinexp' . $skinObj->sdnumber; 3541 echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']" id="',$id,'" />'; 3542 echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>'; 3543 echo '<td>',htmlspecialchars($skinObj->sddesc),'</td>'; 3544 echo '</tr><tr>'; 3545 } 3546 3547 echo '<th colspan="2">',_SKINIE_EXPORT_TEMPLATES,'</th></tr><tr>'; 3548 3549 // show list of templates 3550 $res = sql_query('SELECT * FROM '.sql_table('template_desc')); 3551 while ($templateObj = sql_fetch_object($res)) { 3552 $id = 'templateexp' . $templateObj->tdnumber; 3553 echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />'; 3554 echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>'; 3555 echo '<td>',htmlspecialchars($templateObj->tddesc),'</td>'; 3556 echo '</tr><tr>'; 3557 } 3558 3559 ?> 3560 <th colspan="2"><?php echo _SKINIE_EXPORT_EXTRA?></th> 3561 </tr><tr> 3562 <td colspan="2"><textarea cols="40" rows="5" name="info"></textarea></td> 3563 </tr><tr> 3564 <th colspan="2"><?php echo _SKINIE_TITLE_EXPORT?></th> 3565 </tr><tr> 3566 <td colspan="2"><input type="submit" value="<?php echo _SKINIE_BTN_EXPORT?>" /></td> 3567 </tr></table> 3568 </div></form> 3569 3570 <?php 3571 $this->pagefoot(); 3572 3573 } 3574 3575 /** 3576 * @todo document this 3577 */ 3578 function action_skinieimport() { 3579 global $member, $DIR_LIBS, $DIR_SKINS, $manager; 3580 3581 $member->isAdmin() or $this->disallow(); 3582 3583 // load skinie class 3584 include_once ($DIR_LIBS . 'skinie.php'); 3585 3586 $skinFileRaw= postVar('skinfile'); 3587 $mode = postVar('mode'); 3588 3589 $importer =& new SKINIMPORT(); 3590 3591 // get full filename 3592 if ($mode == 'file') 3593 { 3594 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 3595 3596 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 3597 if (!file_exists($skinFile)) 3598 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 3599 } else { 3600 $skinFile = $skinFileRaw; 3601 } 3602 3603 // read only metadata 3604 $error = $importer->readFile($skinFile, 1); 3605 3606 // clashes 3607 $skinNameClashes = $importer->checkSkinNameClashes(); 3608 $templateNameClashes = $importer->checkTemplateNameClashes(); 3609 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); 3610 3611 if ($error) $this->error($error); 3612 3613 $this->pagehead(); 3614 3615 echo '<p><a href="index.php?action=skinieoverview">(',_BACK,')</a></p>'; 3616 ?> 3617 <h2><?php echo _SKINIE_CONFIRM_TITLE?></h2> 3618 3619 <ul> 3620 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 3621 <li><p><strong><?php echo _SKINIE_INFO_SKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 3622 <li><p><strong><?php echo _SKINIE_INFO_TEMPLATES?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 3623 <?php 3624 if ($hasNameClashes) 3625 { 3626 ?> 3627 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_SKINCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$skinNameClashes)?></p></li> 3628 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_TEMPLCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$templateNameClashes)?></p></li> 3629 <?php 3630 } // if (hasNameClashes) 3631 ?> 3632 </ul> 3633 3634 <form method="post" action="index.php"><div> 3635 <input type="hidden" name="action" value="skiniedoimport" /> 3636 <?php $manager->addTicketHidden() ?> 3637 <input type="hidden" name="skinfile" value="<?php echo htmlspecialchars(postVar('skinfile'))?>" /> 3638 <input type="hidden" name="mode" value="<?php echo htmlspecialchars($mode)?>" /> 3639 <input type="submit" value="<?php echo _SKINIE_CONFIRM_IMPORT?>" /> 3640 <?php 3641 if ($hasNameClashes) 3642 { 3643 ?> 3644 <br /> 3645 <input type="checkbox" name="overwrite" value="1" id="cb_overwrite" /><label for="cb_overwrite"><?php echo _SKINIE_CONFIRM_OVERWRITE?></label> 3646 <?php 3647 } // if (hasNameClashes) 3648 ?> 3649 </div></form> 3650 3651 3652 <?php 3653 $this->pagefoot(); 3654 } 3655 3656 /** 3657 * @todo document this 3658 */ 3659 function action_skiniedoimport() { 3660 global $member, $DIR_LIBS, $DIR_SKINS; 3661 3662 $member->isAdmin() or $this->disallow(); 3663 3664 // load skinie class 3665 include_once ($DIR_LIBS . 'skinie.php'); 3666 3667 $skinFileRaw= postVar('skinfile'); 3668 $mode = postVar('mode'); 3669 3670 $allowOverwrite = intPostVar('overwrite'); 3671 3672 // get full filename 3673 if ($mode == 'file') 3674 { 3675 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 3676 3677 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 3678 if (!file_exists($skinFile)) 3679 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 3680 3681 } else { 3682 $skinFile = $skinFileRaw; 3683 } 3684 3685 $importer =& new SKINIMPORT(); 3686 3687 $error = $importer->readFile($skinFile); 3688 3689 if ($error) 3690 $this->error($error); 3691 3692 $error = $importer->writeToDatabase($allowOverwrite); 3693 3694 if ($error) 3695 $this->error($error); 3696 3697 $this->pagehead(); 3698 3699 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3700 ?> 3701 <h2><?php echo _SKINIE_DONE?></h2> 3702 3703 <ul> 3704 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 3705 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDSKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 3706 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 3707 </ul> 3708 3709 <?php $this->pagefoot(); 3710 3711 } 3712 3713 /** 3714 * @todo document this 3715 */ 3716 function action_skinieexport() { 3717 global $member, $DIR_LIBS; 3718 3719 $member->isAdmin() or $this->disallow(); 3720 3721 // load skinie class 3722 include_once ($DIR_LIBS . 'skinie.php'); 3723 3724 $aSkins = requestIntArray('skin'); 3725 $aTemplates = requestIntArray('template'); 3726 3727 if (!is_array($aTemplates)) $aTemplates = array(); 3728 if (!is_array($aSkins)) $aSkins = array(); 3729 3730 $skinList = array_keys($aSkins); 3731 $templateList = array_keys($aTemplates); 3732 3733 $info = postVar('info'); 3734 3735 $exporter =& new SKINEXPORT(); 3736 foreach ($skinList as $skinId) { 3737 $exporter->addSkin($skinId); 3738 } 3739 foreach ($templateList as $templateId) { 3740 $exporter->addTemplate($templateId); 3741 } 3742 $exporter->setInfo($info); 3743 3744 $exporter->export(); 3745 } 3746 3747 /** 3748 * @todo document this 3749 */ 3750 function action_templateoverview() { 3751 global $member, $manager; 3752 3753 $member->isAdmin() or $this->disallow(); 3754 3755 $this->pagehead(); 3756 3757 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3758 3759 echo '<h2>' . _TEMPLATE_TITLE . '</h2>'; 3760 echo '<h3>' . _TEMPLATE_AVAILABLE_TITLE . '</h3>'; 3761 3762 $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname'; 3763 $template['content'] = 'templatelist'; 3764 $template['tabindex'] = 10; 3765 showlist($query,'table',$template); 3766 3767 echo '<h3>' . _TEMPLATE_NEW_TITLE . '</h3>'; 3768 3769 ?> 3770 <form method="post" action="index.php"><div> 3771 3772 <input name="action" value="templatenew" type="hidden" /> 3773 <?php $manager->addTicketHidden() ?> 3774 <table><tr> 3775 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 3776 <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td> 3777 </tr><tr> 3778 <td><?php echo _TEMPLATE_DESC?></td> 3779 <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td> 3780 </tr><tr> 3781 <td><?php echo _TEMPLATE_CREATE?></td> 3782 <td><input type="submit" tabindex="10030" value="<?php echo _TEMPLATE_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3783 </tr></table> 3784 3785 </div></form> 3786 3787 <?php 3788 $this->pagefoot(); 3789 } 3790 3791 /** 3792 * @todo document this 3793 */ 3794 function action_templateedit($msg = '') { 3795 global $member, $manager; 3796 3797 $templateid = intRequestVar('templateid'); 3798 3799 $member->isAdmin() or $this->disallow(); 3800 3801 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>'; 3802 $extrahead .= '<script type="text/javascript">setTemplateEditText("'.sql_real_escape_string(_EDITTEMPLATE_EMPTY).'");</script>'; 3803 3804 $this->pagehead($extrahead); 3805 3806 $templatename = TEMPLATE::getNameFromId($templateid); 3807 $templatedescription = TEMPLATE::getDesc($templateid); 3808 $template =& $manager->getTemplate($templatename); 3809 3810 ?> 3811 <p> 3812 <a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a> 3813 </p> 3814 3815 <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo htmlspecialchars($templatename); ?>'</h2> 3816 3817 <?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>"; 3818 ?> 3819 3820 <p><?php echo _TEMPLATE_EDIT_MSG?></p> 3821 3822 <form method="post" action="index.php"> 3823 <div> 3824 3825 <input type="hidden" name="action" value="templateupdate" /> 3826 <?php $manager->addTicketHidden() ?> 3827 <input type="hidden" name="templateid" value="<?php echo $templateid; ?>" /> 3828 3829 <table><tr> 3830 <th colspan="2"><?php echo _TEMPLATE_SETTINGS?></th> 3831 </tr><tr> 3832 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 3833 <td><input name="tname" tabindex="4" size="20" maxlength="20" value="<?php echo htmlspecialchars($templatename) ?>" /></td> 3834 </tr><tr> 3835 <td><?php echo _TEMPLATE_DESC?></td> 3836 <td><input name="tdesc" tabindex="5" size="50" maxlength="200" value="<?php echo htmlspecialchars($templatedescription) ?>" /></td> 3837 </tr><tr> 3838 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 3839 </tr><tr> 3840 <td><?php echo _TEMPLATE_UPDATE?></td> 3841 <td> 3842 <input type="submit" tabindex="6" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 3843 <input type="reset" tabindex="7" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 3844 </td> 3845 </tr><tr> 3846 <th colspan="2"><?php echo _TEMPLATE_ITEMS?> <?php help('templateitems'); ?></th> 3847 <?php $this->_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); 3848 $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); 3849 $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); 3850 $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); 3851 $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); 3852 $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); 3853 ?> 3854 </tr><tr> 3855 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_ANY?> <?php help('templatecomments'); ?></th> 3856 <?php $this->_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); 3857 $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); 3858 $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); 3859 $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); 3860 $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); 3861 $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); 3862 $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); 3863 ?> 3864 </tr><tr> 3865 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_NONE?> <?php help('templatecomments'); ?></th> 3866 <?php 3867 $this->_templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); 3868 ?> 3869 </tr><tr> 3870 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_TOOMUCH?> <?php help('templatecomments'); ?></th> 3871 <?php $this->_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); 3872 ?> 3873 </tr><tr> 3874 <th colspan="2"><?php echo _TEMPLATE_ARCHIVELIST?> <?php help('templatearchivelists'); ?></th> 3875 <?php $this->_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); 3876 $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); 3877 $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); 3878 ?> 3879 </tr><tr> 3880 <th colspan="2"><?php echo _TEMPLATE_BLOGLIST?> <?php help('templatebloglists'); ?></th> 3881 <?php $this->_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160); 3882 $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170); 3883 $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180); 3884 ?> 3885 </tr><tr> 3886 <th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th> 3887 <?php $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190); 3888 $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200); 3889 $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210); 3890 ?> 3891 </tr><tr> 3892 <th colspan="2"><?php echo _TEMPLATE_DATETIME?></th> 3893 <?php $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220); 3894 $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230); 3895 $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240); 3896 $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250); 3897 $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260); 3898 ?> 3899 </tr><tr> 3900 <th colspan="2"><?php echo _TEMPLATE_IMAGE?> <?php help('templatepopups'); ?></th> 3901 <?php $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270); 3902 $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280); 3903 $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290); 3904 ?> 3905 </tr><tr> 3906 <th colspan="2"><?php echo _TEMPLATE_SEARCH?></th> 3907 <?php $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300); 3908 $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310); 3909 ?> 3910 </tr><tr> 3911 <th colspan="2"><?php echo _TEMPLATE_PLUGIN_FIELDS?></th> 3912 <?php 3913 $tab = 600; 3914 $pluginfields = array(); 3915 $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields)); 3916 3917 foreach ($pluginfields as $pfkey=>$pfvalue) { 3918 echo "</tr><tr>\n"; 3919 echo '<th colspan="2">'.htmlentities($pfkey)."</th>\n"; 3920 foreach ($pfvalue as $pffield=>$pfdesc) { 3921 $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0); 3922 } 3923 } 3924 ?> 3925 </tr><tr> 3926 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 3927 </tr><tr> 3928 <td><?php echo _TEMPLATE_UPDATE?></td> 3929 <td> 3930 <input type="submit" tabindex="800" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 3931 <input type="reset" tabindex="810" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 3932 </td> 3933 </tr></table> 3934 3935 </div> 3936 </form> 3937 <?php 3938 $this->pagefoot(); 3939 } 3940 3941 /** 3942 * @todo document this 3943 */ 3944 function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { 3945 static $count = 1; 3946 if (!isset($template[$name])) $template[$name] = ''; 3947 ?> 3948 </tr><tr> 3949 <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td> 3950 <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo htmlspecialchars($template[$name]); ?></textarea></td> 3951 <?php $count++; 3952 } 3953 3954 /** 3955 * @todo document this 3956 */ 3957 function action_templateupdate() { 3958 global $member,$manager; 3959 3960 $templateid = intRequestVar('templateid'); 3961 3962 $member->isAdmin() or $this->disallow(); 3963 3964 $name = postVar('tname'); 3965 $desc = postVar('tdesc'); 3966 3967 if (!isValidTemplateName($name)) 3968 $this->error(_ERROR_BADTEMPLATENAME); 3969 3970 if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name)) 3971 $this->error(_ERROR_DUPTEMPLATENAME); 3972 3973 3974 $name = sql_real_escape_string($name); 3975 $desc = sql_real_escape_string($desc); 3976 3977 // 1. Remove all template parts 3978 $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid; 3979 sql_query($query); 3980 3981 // 2. Update description 3982 $query = 'UPDATE '.sql_table('template_desc').' SET' 3983 . " tdname='" . $name . "'," 3984 . " tddesc='" . $desc . "'" 3985 . " WHERE tdnumber=" . $templateid; 3986 sql_query($query); 3987 3988 // 3. Add non-empty template parts 3989 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); 3990 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM')); 3991 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER')); 3992 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK')); 3993 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); 3994 $this->addToTemplate($templateid, 'NEW', postVar('NEW')); 3995 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER')); 3996 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY')); 3997 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER')); 3998 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED')); 3999 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH')); 4000 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH')); 4001 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE')); 4002 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY')); 4003 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE')); 4004 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER')); 4005 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM')); 4006 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER')); 4007 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER')); 4008 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM')); 4009 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER')); 4010 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER')); 4011 $this->addToTemplate($templateid, 'CATLIST_LISTITEM',