| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.64 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 4 * Copyright (C) 2002-2009 The Nucleus Group 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 * (see nucleus/documentation/index.html#license for more info) 11 */ 12 /** 13 * The code for the Nucleus admin area 14 * 15 * @license http://nucleuscms.org/license.txt GNU General Public License 16 * @copyright Copyright (C) 2002-2009 The Nucleus Group 17 * @version $Id: ADMIN.php 1490 2010-12-22 23:26:16Z ftruscot $ 18 19 */ 20 21 if ( !function_exists('requestVar') ) exit; 22 require_once dirname(__FILE__) . '/showlist.php'; 23 24 /** 25 * Builds the admin area and executes admin actions 26 */ 27 class ADMIN { 28 29 /** 30 * @var string $action action currently being executed ($action=xxxx -> action_xxxx method) 31 */ 32 var $action; 33 34 /** 35 * Class constructor 36 */ 37 function ADMIN() { 38 39 } 40 41 /** 42 * Executes an action 43 * 44 * @param string $action action to be performed 45 */ 46 function action($action) { 47 global $CONF, $manager; 48 49 // list of action aliases 50 $alias = array( 51 'login' => 'overview', 52 '' => 'overview' 53 ); 54 55 if (isset($alias[$action])) 56 $action = $alias[$action]; 57 58 $methodName = 'action_' . $action; 59 60 $this->action = strtolower($action); 61 62 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action 63 // is an action that requires user interaction before something is actually done) 64 // all safe actions are in this array: 65 $aActionsNotToCheck = array( 66 'showlogin', 67 'login', 68 'overview', 69 'itemlist', 70 'blogcommentlist', 71 'bookmarklet', 72 'blogsettings', 73 'banlist', 74 'deleteblog', 75 'editmembersettings', 76 'browseownitems', 77 'browseowncomments', 78 'createitem', 79 'itemedit', 80 'itemmove', 81 'categoryedit', 82 'categorydelete', 83 'manage', 84 'actionlog', 85 'settingsedit', 86 'backupoverview', 87 'pluginlist', 88 'createnewlog', 89 'usermanagement', 90 'skinoverview', 91 'templateoverview', 92 'skinieoverview', 93 'itemcommentlist', 94 'commentedit', 95 'commentdelete', 96 'banlistnewfromitem', 97 'banlistdelete', 98 'itemdelete', 99 'manageteam', 100 'teamdelete', 101 'banlistnew', 102 'memberedit', 103 'memberdelete', 104 'pluginhelp', 105 'pluginoptions', 106 'plugindelete', 107 'skinedittype', 108 'skinremovetype', 109 'skindelete', 110 'skinedit', 111 'templateedit', 112 'templatedelete', 113 'activate', 114 'systemoverview' 115 ); 116 /* 117 // the rest of the actions needs to be checked 118 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd'); 119 */ 120 if (!in_array($this->action, $aActionsNotToCheck)) 121 { 122 if (!$manager->checkTicket()) 123 $this->error(_ERROR_BADTICKET); 124 } 125 126 if (method_exists($this, $methodName)) 127 call_user_func(array(&$this, $methodName)); 128 else 129 $this->error(_BADACTION . htmlspecialchars(" ($action)")); 130 131 } 132 133 /** 134 * @todo document this 135 */ 136 function action_showlogin() { 137 global $error; 138 $this->action_login($error); 139 } 140 141 /** 142 * @todo document this 143 */ 144 function action_login($msg = '', $passvars = 1) { 145 global $member; 146 147 // skip to overview when allowed 148 if ($member->isLoggedIn() && $member->canLogin()) { 149 $this->action_overview(); 150 exit; 151 } 152 153 $this->pagehead(); 154 155 echo '<h2>', _LOGIN ,'</h2>'; 156 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg); 157 ?> 158 159 <form action="index.php" method="post"><p> 160 <?php echo _LOGIN_NAME; ?> <br /><input name="login" tabindex="10" /> 161 <br /> 162 <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password" tabindex="20" type="password" /> 163 <br /> 164 <input name="action" value="login" type="hidden" /> 165 <br /> 166 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" /> 167 <br /> 168 <small> 169 <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label> 170 <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a> 171 </small> 172 <?php // pass through vars 173 174 $oldaction = postVar('oldaction'); 175 if ( ($oldaction != 'logout') && ($oldaction != 'login') && $passvars ) { 176 passRequestVars(); 177 } 178 179 180 ?> 181 </p></form> 182 <?php $this->pagefoot(); 183 } 184 185 186 /** 187 * provides a screen with the overview of the actions available 188 * @todo document parameter 189 */ 190 function action_overview($msg = '') { 191 global $member; 192 193 $this->pagehead(); 194 195 if ($msg) 196 echo _MESSAGE , ': ', $msg; 197 198 /* ---- add items ---- */ 199 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>'; 200 201 $showAll = requestVar('showall'); 202 203 if (($member->isAdmin()) && ($showAll == 'yes')) { 204 // Super-Admins have access to all blogs! (no add item support though) 205 $query = 'SELECT bnumber, bname, 1 as tadmin, burl, bshortname' 206 . ' FROM ' . sql_table('blog') 207 . ' ORDER BY bname'; 208 } else { 209 $query = 'SELECT bnumber, bname, tadmin, burl, bshortname' 210 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') 211 . ' WHERE tblog=bnumber and tmember=' . $member->getID() 212 . ' ORDER BY bname'; 213 } 214 $template['content'] = 'bloglist'; 215 $template['superadmin'] = $member->isAdmin(); 216 $amount = showlist($query,'table',$template); 217 218 if (($showAll != 'yes') && ($member->isAdmin())) { 219 $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog')); 220 if ($total > $amount) 221 echo '<p><a href="index.php?action=overview&showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>'; 222 } 223 224 if ($amount == 0) 225 echo _OVERVIEW_NOBLOGS; 226 227 if ($amount != 0) { 228 echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>'; 229 $query = 'SELECT ititle, inumber, bshortname' 230 . ' FROM ' . sql_table('item'). ', ' . sql_table('blog') 231 . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1'; 232 $template['content'] = 'draftlist'; 233 $amountdrafts = showlist($query, 'table', $template); 234 if ($amountdrafts == 0) 235 echo _OVERVIEW_NODRAFTS; 236 } 237 238 /* ---- user settings ---- */ 239 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>'; 240 echo '<ul>'; 241 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>'; 242 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>'; 243 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>'; 244 echo '</ul>'; 245 246 /* ---- general settings ---- */ 247 if ($member->isAdmin()) { 248 echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>'; 249 echo '<ul>'; 250 echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>'; 251 echo '</ul>'; 252 } 253 254 255 $this->pagefoot(); 256 } 257 258 /** 259 * Returns a link to a weblog 260 * @param object BLOG 261 */ 262 function bloglink(&$blog) { 263 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>'; 264 } 265 266 /** 267 * @todo document this 268 */ 269 function action_manage($msg = '') { 270 global $member; 271 272 $member->isAdmin() or $this->disallow(); 273 274 $this->pagehead(); 275 276 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 277 278 if ($msg) 279 echo '<p>' , _MESSAGE , ': ', $msg , '</p>'; 280 281 282 echo '<h2>' . _MANAGE_GENERAL. '</h2>'; 283 284 echo '<ul>'; 285 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>'; 286 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>'; 287 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>'; 288 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>'; 289 echo '</ul>'; 290 291 echo '<h2>' . _MANAGE_SKINS . '</h2>'; 292 echo '<ul>'; 293 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>'; 294 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>'; 295 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>'; 296 echo '</ul>'; 297 298 echo '<h2>' . _MANAGE_EXTRA . '</h2>'; 299 echo '<ul>'; 300 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>'; 301 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>'; 302 echo '</ul>'; 303 304 $this->pagefoot(); 305 } 306 307 /** 308 * @todo document this 309 */ 310 function action_itemlist($blogid = '') { 311 global $member, $manager, $CONF; 312 313 if ($blogid == '') 314 $blogid = intRequestVar('blogid'); 315 316 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 317 318 $this->pagehead(); 319 $blog =& $manager->getBlog($blogid); 320 321 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 322 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>'; 323 324 // start index 325 if (postVar('start')) 326 $start = intPostVar('start'); 327 else 328 $start = 0; 329 330 if ($start == 0) 331 echo '<p><a href="index.php?action=createitem&blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>'; 332 333 // amount of items to show 334 if (postVar('amount')) 335 $amount = intPostVar('amount'); 336 else { 337 $amount = intval($CONF['DefaultListSize']); 338 if ($amount < 1) 339 $amount = 10; 340 } 341 342 $search = postVar('search'); // search through items 343 344 $query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime' 345 . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category') 346 . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid; 347 348 if ($search) 349 $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))'; 350 351 // non-blog-admins can only edit/delete their own items 352 if (!$member->blogAdminRights($blogid)) 353 $query .= ' and iauthor=' . $member->getID(); 354 355 356 $query .= ' ORDER BY itime DESC' 357 . " LIMIT $start,$amount"; 358 359 $template['content'] = 'itemlist'; 360 $template['now'] = $blog->getCorrectTime(time()); 361 362 $manager->loadClass("ENCAPSULATE"); 363 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0); 364 $navList->showBatchList('item',$query,'table',$template); 365 366 367 $this->pagefoot(); 368 } 369 370 /** 371 * @todo document this 372 */ 373 function action_batchitem() { 374 global $member, $manager; 375 376 // check if logged in 377 $member->isLoggedIn() or $this->disallow(); 378 379 // more precise check will be done for each performed operation 380 381 // get array of itemids from request 382 $selected = requestIntArray('batch'); 383 $action = requestVar('batchaction'); 384 385 // Show error when no items were selected 386 if (!is_array($selected) || sizeof($selected) == 0) 387 $this->error(_BATCH_NOSELECTION); 388 389 // On move: when no destination blog/category chosen, show choice now 390 $destCatid = intRequestVar('destcatid'); 391 if (($action == 'move') && (!$manager->existsCategory($destCatid))) 392 $this->batchMoveSelectDestination('item',$selected); 393 394 // On delete: check if confirmation has been given 395 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 396 $this->batchAskDeleteConfirmation('item',$selected); 397 398 $this->pagehead(); 399 400 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 401 echo '<h2>',_BATCH_ITEMS,'</h2>'; 402 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 403 echo '<ul>'; 404 405 406 // walk over all itemids and perform action 407 foreach ($selected as $itemid) { 408 $itemid = intval($itemid); 409 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...'; 410 411 // perform action, display errors if needed 412 switch($action) { 413 case 'delete': 414 $error = $this->deleteOneItem($itemid); 415 break; 416 case 'move': 417 $error = $this->moveOneItem($itemid, $destCatid); 418 break; 419 default: 420 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 421 } 422 423 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 424 echo '</li>'; 425 } 426 427 echo '</ul>'; 428 echo '<b>',_BATCH_DONE,'</b>'; 429 430 $this->pagefoot(); 431 432 433 } 434 435 /** 436 * @todo document this 437 */ 438 function action_batchcomment() { 439 global $member; 440 441 // check if logged in 442 $member->isLoggedIn() or $this->disallow(); 443 444 // more precise check will be done for each performed operation 445 446 // get array of itemids from request 447 $selected = requestIntArray('batch'); 448 $action = requestVar('batchaction'); 449 450 // Show error when no items were selected 451 if (!is_array($selected) || sizeof($selected) == 0) 452 $this->error(_BATCH_NOSELECTION); 453 454 // On delete: check if confirmation has been given 455 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 456 $this->batchAskDeleteConfirmation('comment',$selected); 457 458 $this->pagehead(); 459 460 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 461 echo '<h2>',_BATCH_COMMENTS,'</h2>'; 462 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 463 echo '<ul>'; 464 465 // walk over all itemids and perform action 466 foreach ($selected as $commentid) { 467 $commentid = intval($commentid); 468 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...'; 469 470 // perform action, display errors if needed 471 switch($action) { 472 case 'delete': 473 $error = $this->deleteOneComment($commentid); 474 break; 475 default: 476 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 477 } 478 479 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 480 echo '</li>'; 481 } 482 483 echo '</ul>'; 484 echo '<b>',_BATCH_DONE,'</b>'; 485 486 $this->pagefoot(); 487 488 489 } 490 491 /** 492 * @todo document this 493 */ 494 function action_batchmember() { 495 global $member; 496 497 // check if logged in and admin 498 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); 499 500 // get array of itemids from request 501 $selected = requestIntArray('batch'); 502 $action = requestVar('batchaction'); 503 504 // Show error when no members selected 505 if (!is_array($selected) || sizeof($selected) == 0) 506 $this->error(_BATCH_NOSELECTION); 507 508 // On delete: check if confirmation has been given 509 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 510 $this->batchAskDeleteConfirmation('member',$selected); 511 512 $this->pagehead(); 513 514 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>'; 515 echo '<h2>',_BATCH_MEMBERS,'</h2>'; 516 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 517 echo '<ul>'; 518 519 // walk over all itemids and perform action 520 foreach ($selected as $memberid) { 521 $memberid = intval($memberid); 522 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...'; 523 524 // perform action, display errors if needed 525 switch($action) { 526 case 'delete': 527 $error = $this->deleteOneMember($memberid); 528 break; 529 case 'setadmin': 530 // always succeeds 531 sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid); 532 $error = ''; 533 break; 534 case 'unsetadmin': 535 // there should always remain at least one super-admin 536 $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1'); 537 if (sql_num_rows($r) < 2) 538 $error = _ERROR_ATLEASTONEADMIN; 539 else 540 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid); 541 break; 542 default: 543 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 544 } 545 546 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 547 echo '</li>'; 548 } 549 550 echo '</ul>'; 551 echo '<b>',_BATCH_DONE,'</b>'; 552 553 $this->pagefoot(); 554 555 556 } 557 558 /** 559 * @todo document this 560 */ 561 function action_batchteam() { 562 global $member; 563 564 $blogid = intRequestVar('blogid'); 565 566 // check if logged in and admin 567 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); 568 569 // get array of itemids from request 570 $selected = requestIntArray('batch'); 571 $action = requestVar('batchaction'); 572 573 // Show error when no members selected 574 if (!is_array($selected) || sizeof($selected) == 0) 575 $this->error(_BATCH_NOSELECTION); 576 577 // On delete: check if confirmation has been given 578 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 579 $this->batchAskDeleteConfirmation('team',$selected); 580 581 $this->pagehead(); 582 583 echo '<p><a href="index.php?action=manageteam&blogid=',$blogid,'">(',_BACK,')</a></p>'; 584 585 echo '<h2>',_BATCH_TEAM,'</h2>'; 586 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 587 echo '<ul>'; 588 589 // walk over all itemids and perform action 590 foreach ($selected as $memberid) { 591 $memberid = intval($memberid); 592 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...'; 593 594 // perform action, display errors if needed 595 switch($action) { 596 case 'delete': 597 $error = $this->deleteOneTeamMember($blogid, $memberid); 598 break; 599 case 'setadmin': 600 // always succeeds 601 sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid); 602 $error = ''; 603 break; 604 case 'unsetadmin': 605 // there should always remain at least one admin 606 $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid); 607 if (sql_num_rows($r) < 2) 608 $error = _ERROR_ATLEASTONEBLOGADMIN; 609 else 610 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid); 611 break; 612 default: 613 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 614 } 615 616 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 617 echo '</li>'; 618 } 619 620 echo '</ul>'; 621 echo '<b>',_BATCH_DONE,'</b>'; 622 623 $this->pagefoot(); 624 625 626 } 627 628 /** 629 * @todo document this 630 */ 631 function action_batchcategory() { 632 global $member, $manager; 633 634 // check if logged in 635 $member->isLoggedIn() or $this->disallow(); 636 637 // more precise check will be done for each performed operation 638 639 // get array of itemids from request 640 $selected = requestIntArray('batch'); 641 $action = requestVar('batchaction'); 642 643 // Show error when no items were selected 644 if (!is_array($selected) || sizeof($selected) == 0) 645 $this->error(_BATCH_NOSELECTION); 646 647 // On move: when no destination blog chosen, show choice now 648 $destBlogId = intRequestVar('destblogid'); 649 if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) 650 $this->batchMoveCategorySelectDestination('category',$selected); 651 652 // On delete: check if confirmation has been given 653 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 654 $this->batchAskDeleteConfirmation('category',$selected); 655 656 $this->pagehead(); 657 658 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 659 echo '<h2>',BATCH_CATEGORIES,'</h2>'; 660 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 661 echo '<ul>'; 662 663 // walk over all itemids and perform action 664 foreach ($selected as $catid) { 665 $catid = intval($catid); 666 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...'; 667 668 // perform action, display errors if needed 669 switch($action) { 670 case 'delete': 671 $error = $this->deleteOneCategory($catid); 672 break; 673 case 'move': 674 $error = $this->moveOneCategory($catid, $destBlogId); 675 break; 676 default: 677 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 678 } 679 680 echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>'; 681 echo '</li>'; 682 } 683 684 echo '</ul>'; 685 echo '<b>',_BATCH_DONE,'</b>'; 686 687 $this->pagefoot(); 688 689 } 690 691 /** 692 * @todo document this 693 */ 694 function batchMoveSelectDestination($type, $ids) { 695 global $manager; 696 $this->pagehead(); 697 ?> 698 <h2><?php echo _MOVE_TITLE?></h2> 699 <form method="post" action="index.php"><div> 700 701 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 702 <input type="hidden" name="batchaction" value="move" /> 703 <?php 704 $manager->addTicketHidden(); 705 706 // insert selected item numbers 707 $idx = 0; 708 foreach ($ids as $id) 709 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 710 711 // show blog/category selection list 712 $this->selectBlogCategory('destcatid'); 713 714 ?> 715 716 717 <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" /> 718 719 </div></form> 720 <?php $this->pagefoot(); 721 exit; 722 } 723 724 /** 725 * @todo document this 726 */ 727 function batchMoveCategorySelectDestination($type, $ids) { 728 global $manager; 729 $this->pagehead(); 730 ?> 731 <h2><?php echo _MOVECAT_TITLE?></h2> 732 <form method="post" action="index.php"><div> 733 734 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 735 <input type="hidden" name="batchaction" value="move" /> 736 <?php 737 $manager->addTicketHidden(); 738 739 // insert selected item numbers 740 $idx = 0; 741 foreach ($ids as $id) 742 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 743 744 // show blog/category selection list 745 $this->selectBlog('destblogid'); 746 747 ?> 748 749 750 <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" /> 751 752 </div></form> 753 <?php $this->pagefoot(); 754 exit; 755 } 756 757 /** 758 * @todo document this 759 */ 760 function batchAskDeleteConfirmation($type, $ids) { 761 global $manager; 762 763 $this->pagehead(); 764 ?> 765 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2> 766 <form method="post" action="index.php"><div> 767 768 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 769 <?php $manager->addTicketHidden() ?> 770 <input type="hidden" name="batchaction" value="delete" /> 771 <input type="hidden" name="confirmation" value="yes" /> 772 <?php // insert selected item numbers 773 $idx = 0; 774 foreach ($ids as $id) 775 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 776 777 // add hidden vars for team & comment 778 if ($type == 'team') 779 { 780 echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />'; 781 } 782 if ($type == 'comment') 783 { 784 echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />'; 785 } 786 787 ?> 788 789 <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" /> 790 791 </div></form> 792 <?php $this->pagefoot(); 793 exit; 794 } 795 796 797 /** 798 * Inserts a HTML select element with choices for all categories to which the current 799 * member has access 800 * @see function selectBlog 801 */ 802 function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 803 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); 804 } 805 806 /** 807 * Inserts a HTML select element with choices for all blogs to which the user has access 808 * mode = 'blog' => shows blognames and values are blogids 809 * mode = 'category' => show category names and values are catids 810 * 811 * @param $iForcedBlogInclude 812 * ID of a blog that always needs to be included, without checking if the 813 * member is on the blog team (-1 = none) 814 * @todo document parameters 815 */ 816 function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 817 global $member, $CONF; 818 819 // 0. get IDs of blogs to which member can post items (+ forced blog) 820 $aBlogIds = array(); 821 if ($iForcedBlogInclude != -1) 822 $aBlogIds[] = intval($iForcedBlogInclude); 823 824 if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) 825 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; 826 else 827 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); 828 $rblogids = sql_query($queryBlogs); 829 while ($o = sql_fetch_object($rblogids)) 830 if ($o->bnumber != $iForcedBlogInclude) 831 $aBlogIds[] = intval($o->bnumber); 832 833 if (count($aBlogIds) == 0) 834 return; 835 836 echo '<select name="',$name,'" tabindex="',$tabindex,'">'; 837 838 // 1. select blogs (we'll create optiongroups) 839 // (only select those blogs that have the user on the team) 840 $queryBlogs = 'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname'; 841 $blogs = sql_query($queryBlogs); 842 if ($mode == 'category') { 843 if (sql_num_rows($blogs) > 1) 844 $multipleBlogs = 1; 845 846 while ($oBlog = sql_fetch_object($blogs)) { 847 if ($multipleBlogs) 848 echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">'; 849 850 // show selection to create new category when allowed/wanted 851 if ($showNewCat) { 852 // check if allowed to do so 853 if ($member->blogAdminRights($oBlog->bnumber)) 854 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>'; 855 } 856 857 // 2. for each category in that blog 858 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC'); 859 while ($oCat = sql_fetch_object($categories)) { 860 if ($oCat->catid == $selected) 861 $selectText = ' selected="selected" '; 862 else 863 $selectText = ''; 864 echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>'; 865 } 866 867 if ($multipleBlogs) 868 echo '</optgroup>'; 869 } 870 } else { 871 // blog mode 872 while ($oBlog = sql_fetch_object($blogs)) { 873 echo '<option value="',$oBlog->bnumber,'"'; 874 if ($oBlog->bnumber == $selected) 875 echo ' selected="selected"'; 876 echo'>',htmlspecialchars($oBlog->bname),'</option>'; 877 } 878 } 879 echo '</select>'; 880 881 } 882 883 /** 884 * @todo document this 885 */ 886 function action_browseownitems() { 887 global $member, $manager, $CONF; 888 889 $this->pagehead(); 890 891 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 892 echo '<h2>' . _ITEMLIST_YOUR. '</h2>'; 893 894 // start index 895 if (postVar('start')) 896 $start = intPostVar('start'); 897 else 898 $start = 0; 899 900 // amount of items to show 901 if (postVar('amount')) 902 $amount = intPostVar('amount'); 903 else { 904 $amount = intval($CONF['DefaultListSize']); 905 if ($amount < 1) 906 $amount = 10; 907 } 908 909 $search = postVar('search'); // search through items 910 911 $query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime' 912 . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category') 913 . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid'; 914 915 if ($search) 916 $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))'; 917 918 $query .= ' ORDER BY itime DESC' 919 . " LIMIT $start,$amount"; 920 921 $template['content'] = 'itemlist'; 922 $template['now'] = time(); 923 924 $manager->loadClass("ENCAPSULATE"); 925 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0); 926 $navList->showBatchList('item',$query,'table',$template); 927 928 $this->pagefoot(); 929 930 } 931 932 /** 933 * Show all the comments for a given item 934 * @param int $itemid 935 */ 936 function action_itemcommentlist($itemid = '') { 937 global $member, $manager, $CONF; 938 939 if ($itemid == '') 940 $itemid = intRequestVar('itemid'); 941 942 // only allow if user is allowed to alter item 943 $member->canAlterItem($itemid) or $this->disallow(); 944 945 $blogid = getBlogIdFromItemId($itemid); 946 947 $this->pagehead(); 948 949 // start index 950 if (postVar('start')) 951 $start = intPostVar('start'); 952 else 953 $start = 0; 954 955 // amount of items to show 956 if (postVar('amount')) 957 $amount = intPostVar('amount'); 958 else { 959 $amount = intval($CONF['DefaultListSize']); 960 if ($amount < 1) 961 $amount = 10; 962 } 963 964 $search = postVar('search'); 965 966 echo '<p>(<a href="index.php?action=itemlist&blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>'; 967 echo '<h2>',_COMMENTS,'</h2>'; 968 969 $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid; 970 971 if ($search) 972 $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"'; 973 974 $query .= ' ORDER BY ctime ASC' 975 . " LIMIT $start,$amount"; 976 977 $template['content'] = 'commentlist'; 978 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid)); 979 980 $manager->loadClass("ENCAPSULATE"); 981 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid); 982 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS); 983 984 $this->pagefoot(); 985 } 986 987 /** 988 * Browse own comments 989 */ 990 function action_browseowncomments() { 991 global $member, $manager, $CONF; 992 993 // start index 994 if (postVar('start')) 995 $start = intPostVar('start'); 996 else 997 $start = 0; 998 999 // amount of items to show 1000 if (postVar('amount')) 1001 $amount = intPostVar('amount'); 1002 else { 1003 $amount = intval($CONF['DefaultListSize']); 1004 if ($amount < 1) 1005 $amount = 10; 1006 } 1007 1008 $search = postVar('search'); 1009 1010 1011 $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID(); 1012 1013 if ($search) 1014 $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"'; 1015 1016 $query .= ' ORDER BY ctime DESC' 1017 . " LIMIT $start,$amount"; 1018 1019 $this->pagehead(); 1020 1021 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 1022 echo '<h2>', _COMMENTS_YOUR ,'</h2>'; 1023 1024 $template['content'] = 'commentlist'; 1025 $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself 1026 1027 $manager->loadClass("ENCAPSULATE"); 1028 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0); 1029 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR); 1030 1031 $this->pagefoot(); 1032 } 1033 1034 /** 1035 * Browse all comments for a weblog 1036 * @param int $blogid 1037 */ 1038 function action_blogcommentlist($blogid = '') 1039 { 1040 global $member, $manager, $CONF; 1041 1042 if ($blogid == '') 1043 $blogid = intRequestVar('blogid'); 1044 else 1045 $blogid = intval($blogid); 1046 1047 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 1048 1049 // start index 1050 if (postVar('start')) 1051 $start = intPostVar('start'); 1052 else 1053 $start = 0; 1054 1055 // amount of items to show 1056 if (postVar('amount')) 1057 $amount = intPostVar('amount'); 1058 else { 1059 $amount = intval($CONF['DefaultListSize']); 1060 if ($amount < 1) 1061 $amount = 10; 1062 } 1063 1064 $search = postVar('search'); // search through comments 1065 1066 1067 $query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid); 1068 1069 if ($search != '') 1070 $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"'; 1071 1072 1073 $query .= ' ORDER BY ctime DESC' 1074 . " LIMIT $start,$amount"; 1075 1076 1077 $blog =& $manager->getBlog($blogid); 1078 1079 $this->pagehead(); 1080 1081 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 1082 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>'; 1083 1084 $template['content'] = 'commentlist'; 1085 $template['canAddBan'] = $member->blogAdminRights($blogid); 1086 1087 $manager->loadClass("ENCAPSULATE"); 1088 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0); 1089 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG); 1090 1091 $this->pagefoot(); 1092 } 1093 1094 /** 1095 * Provide a page to item a new item to the given blog 1096 */ 1097 function action_createitem() { 1098 global $member, $manager; 1099 1100 $blogid = intRequestVar('blogid'); 1101 1102 // check if allowed 1103 $member->teamRights($blogid) or $this->disallow(); 1104 1105 $memberid = $member->getID(); 1106 1107 $blog =& $manager->getBlog($blogid); 1108 1109 $this->pagehead(); 1110 1111 // generate the add-item form 1112 $formfactory =& new PAGEFACTORY($blogid); 1113 $formfactory->createAddForm('admin'); 1114 1115 $this->pagefoot(); 1116 } 1117 1118 /** 1119 * @todo document this 1120 */ 1121 function action_itemedit() { 1122 global $member, $manager; 1123 1124 $itemid = intRequestVar('itemid'); 1125 1126 // only allow if user is allowed to alter item 1127 $member->canAlterItem($itemid) or $this->disallow(); 1128 1129 $item =& $manager->getItem($itemid,1,1); 1130 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); 1131 1132 $manager->notify('PrepareItemForEdit', array('item' => &$item)); 1133 1134 if ($blog->convertBreaks()) { 1135 $item['body'] = removeBreaks($item['body']); 1136 $item['more'] = removeBreaks($item['more']); 1137 } 1138 1139 // form to edit blog items 1140 $this->pagehead(); 1141 $formfactory =& new PAGEFACTORY($blog->getID()); 1142 $formfactory->createEditForm('admin',$item); 1143 $this->pagefoot(); 1144 } 1145 1146 /** 1147 * @todo document this 1148 */ 1149 function action_itemupdate() { 1150 global $member, $manager, $CONF; 1151 1152 $itemid = intRequestVar('itemid'); 1153 $catid = postVar('catid'); 1154 1155 // only allow if user is allowed to alter item 1156 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 1157 1158 $actiontype = postVar('actiontype'); 1159 1160 // delete actions are handled by itemdelete (which has confirmation) 1161 if ($actiontype == 'delete') { 1162 $this->action_itemdelete(); 1163 return; 1164 } 1165 1166 $body = postVar('body'); 1167 $title = postVar('title'); 1168 $more = postVar('more'); 1169 $closed = intPostVar('closed'); 1170 $draftid = intPostVar('draftid'); 1171 1172 // default action = add now 1173 if (!$actiontype) 1174 $actiontype='addnow'; 1175 1176 // create new category if needed 1177 if (strstr($catid,'newcat')) { 1178 // get blogid 1179 list($blogid) = sscanf($catid,"newcat-%d"); 1180 1181 // create 1182 $blog =& $manager->getBlog($blogid); 1183 $catid = $blog->createNewCategory(); 1184 1185 // show error when sth goes wrong 1186 if (!$catid) 1187 $this->doError(_ERROR_CATCREATEFAIL); 1188 } 1189 1190 /* 1191 set some variables based on actiontype 1192 1193 actiontypes: 1194 draft items -> addnow, addfuture, adddraft, delete 1195 non-draft items -> edit, changedate, delete 1196 1197 variables set: 1198 $timestamp: set to a nonzero value for future dates or date changes 1199 $wasdraft: set to 1 when the item used to be a draft item 1200 $publish: set to 1 when the edited item is not a draft 1201 */ 1202 $blogid = getBlogIDFromItemID($itemid); 1203 $blog =& $manager->getBlog($blogid); 1204 1205 $wasdrafts = array('adddraft', 'addfuture', 'addnow'); 1206 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0; 1207 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0; 1208 if ($actiontype == 'addfuture' || $actiontype == 'changedate') { 1209 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); 1210 } else { 1211 $timestamp =0; 1212 } 1213 1214 // edit the item for real 1215 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); 1216 1217 $this->updateFuturePosted($blogid); 1218 1219 if ($draftid > 0) { 1220 // delete permission is checked inside ITEM::delete() 1221 ITEM::delete($draftid); 1222 } 1223 1224 // show category edit window when we created a new category 1225 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') 1226 if ($catid != intPostVar('catid')) { 1227 $this->action_categoryedit( 1228 $catid, 1229 $blog->getID(), 1230 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) 1231 ); 1232 } else { 1233 // TODO: set start item correctly for itemlist 1234 $this->action_itemlist(getBlogIDFromItemID($itemid)); 1235 } 1236 } 1237 1238 /** 1239 * @todo document this 1240 */ 1241 function action_itemdelete() { 1242 global $member, $manager; 1243 1244 $itemid = intRequestVar('itemid'); 1245 1246 // only allow if user is allowed to alter item 1247 $member->canAlterItem($itemid) or $this->disallow(); 1248 1249 if (!$manager->existsItem($itemid,1,1)) 1250 $this->error(_ERROR_NOSUCHITEM); 1251 1252 $item =& $manager->getItem($itemid,1,1); 1253 $title = htmlspecialchars(strip_tags($item['title'])); 1254 $body = strip_tags($item['body']); 1255 $body = htmlspecialchars(shorten($body,300,'...')); 1256 1257 $this->pagehead(); 1258 ?> 1259 <h2><?php echo _DELETE_CONFIRM?></h2> 1260 1261 <p><?php echo _CONFIRMTXT_ITEM?></p> 1262 1263 <div class="note"> 1264 <b>"<?php echo $title ?>"</b> 1265 <br /> 1266 <?php echo $body?> 1267 </div> 1268 1269 <form method="post" action="index.php"><div> 1270 <input type="hidden" name="action" value="itemdeleteconfirm" /> 1271 <?php $manager->addTicketHidden() ?> 1272 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 1273 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" tabindex="10" /> 1274 </div></form> 1275 <?php 1276 $this->pagefoot(); 1277 } 1278 1279 /** 1280 * @todo document this 1281 */ 1282 function action_itemdeleteconfirm() { 1283 global $member; 1284 1285 $itemid = intRequestVar('itemid'); 1286 1287 // only allow if user is allowed to alter item 1288 $member->canAlterItem($itemid) or $this->disallow(); 1289 1290 // get blogid first 1291 $blogid = getBlogIdFromItemId($itemid); 1292 1293 // delete item (note: some checks will be performed twice) 1294 $this->deleteOneItem($itemid); 1295 1296 $this->action_itemlist($blogid); 1297 } 1298 1299 /** 1300 * Deletes one item and returns error if something goes wrong 1301 * @param int $itemid 1302 */ 1303 function deleteOneItem($itemid) { 1304 global $member, $manager; 1305 1306 // only allow if user is allowed to alter item (also checks if itemid exists) 1307 if (!$member->canAlterItem($itemid)) 1308 return _ERROR_DISALLOWED; 1309 1310 // need to get blogid before the item is deleted 1311 $blogid = getBlogIDFromItemId($itemid); 1312 1313 $manager->loadClass('ITEM'); 1314 ITEM::delete($itemid); 1315 1316 // update blog's futureposted 1317 $this->updateFuturePosted($blogid); 1318 } 1319 1320 /** 1321 * Update a blog's future posted flag 1322 * @param int $blogid 1323 */ 1324 function updateFuturePosted($blogid) { 1325 global $manager; 1326 1327 $blog =& $manager->getBlog($blogid); 1328 $currenttime = $blog->getCorrectTime(time()); 1329 $result = sql_query("SELECT * FROM ".sql_table('item'). 1330 " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime)); 1331 if (sql_num_rows($result) > 0) { 1332 $blog->setFuturePost(); 1333 } 1334 else { 1335 $blog->clearFuturePost(); 1336 } 1337 } 1338 1339 /** 1340 * @todo document this 1341 */ 1342 function action_itemmove() { 1343 global $member, $manager; 1344 1345 $itemid = intRequestVar('itemid'); 1346 1347 // only allow if user is allowed to alter item 1348 $member->canAlterItem($itemid) or $this->disallow(); 1349 1350 $item =& $manager->getItem($itemid,1,1); 1351 1352 $this->pagehead(); 1353 ?> 1354 <h2><?php echo _MOVE_TITLE?></h2> 1355 <form method="post" action="index.php"><div> 1356 <input type="hidden" name="action" value="itemmoveto" /> 1357 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 1358 1359 <?php 1360 1361 $manager->addTicketHidden(); 1362 $this->selectBlogCategory('catid',$item['catid'],10,1); 1363 ?> 1364 1365 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" /> 1366 </div></form> 1367 <?php 1368 $this->pagefoot(); 1369 } 1370 1371 /** 1372 * @todo document this 1373 */ 1374 function action_itemmoveto() { 1375 global $member, $manager; 1376 1377 $itemid = intRequestVar('itemid'); 1378 $catid = requestVar('catid'); 1379 1380 // create new category if needed 1381 if (strstr($catid,'newcat')) { 1382 // get blogid 1383 list($blogid) = sscanf($catid,'newcat-%d'); 1384 1385 // create 1386 $blog =& $manager->getBlog($blogid); 1387 $catid = $blog->createNewCategory(); 1388 1389 // show error when sth goes wrong 1390 if (!$catid) 1391 $this->doError(_ERROR_CATCREATEFAIL); 1392 } 1393 1394 // only allow if user is allowed to alter item 1395 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 1396 1397 $old_blogid = getBlogIDFromItemId($itemid); 1398 1399 ITEM::move($itemid, $catid); 1400 1401 // set the futurePosted flag on the blog 1402 $this->updateFuturePosted(getBlogIDFromItemId($itemid)); 1403 1404 // reset the futurePosted in case the item is moved from one blog to another 1405 $this->updateFuturePosted($old_blogid); 1406 1407 if ($catid != intRequestVar('catid')) 1408 $this->action_categoryedit($catid, $blog->getID()); 1409 else 1410 $this->action_itemlist(getBlogIDFromCatID($catid)); 1411 } 1412 1413 /** 1414 * Moves one item to a given category (category existance should be checked by caller) 1415 * errors are returned 1416 * @param int $itemid 1417 * @param int $destCatid category ID to which the item will be moved 1418 */ 1419 function moveOneItem($itemid, $destCatid) { 1420 global $member; 1421 1422 // only allow if user is allowed to move item 1423 if (!$member->canUpdateItem($itemid, $destCatid)) 1424 return _ERROR_DISALLOWED; 1425 1426 ITEM::move($itemid, $destCatid); 1427 } 1428 1429 /** 1430 * Adds a item to the chosen blog 1431 */ 1432 function action_additem() { 1433 global $manager, $CONF; 1434 1435 $manager->loadClass('ITEM'); 1436 1437 $result = ITEM::createFromRequest(); 1438 1439 if ($result['status'] == 'error') 1440 $this->error($result['message']); 1441 1442 $blogid = getBlogIDFromItemID($result['itemid']); 1443 $blog =& $manager->getBlog($blogid); 1444 $btimestamp = $blog->getCorrectTime(); 1445 $item = $manager->getItem(intval($result['itemid']), 1, 1); 1446 1447 if ($result['status'] == 'newcategory') { 1448 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid)); 1449 $this->action_categoryedit($result['catid'], $blogid, $distURI); 1450 } else { 1451 $methodName = 'action_itemList'; 1452 call_user_func(array(&$this, $methodName), $blogid); 1453 } 1454 } 1455 1456 /** 1457 * Allows to edit previously made comments 1458 **/ 1459 function action_commentedit() { 1460 1461 global $member, $manager; 1462 1463 $commentid = intRequestVar('commentid'); 1464 1465 $member->canAlterComment($commentid) or $this->disallow(); 1466 1467 $comment = COMMENT::getComment($commentid); 1468 1469 $manager->notify('PrepareCommentForEdit', array('comment' => &$comment) ); 1470 1471 // change <br /> to \n 1472 $comment['body'] = str_replace('<br />', '', $comment['body']); 1473 1474 // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0 1475 /* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */ 1476 1477 $comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#i", "\\1", $comment['body']); 1478 1479 $this->pagehead(); 1480 1481 ?> 1482 <h2><?php echo _EDITC_TITLE?></h2> 1483 1484 <form action="index.php" method="post"><div> 1485 1486 <input type="hidden" name="action" value="commentupdate" /> 1487 <?php $manager->addTicketHidden(); ?> 1488 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 1489 <table><tr> 1490 <th colspan="2"><?php echo _EDITC_TITLE?></th> 1491 </tr><tr> 1492 <td><?php echo _EDITC_WHO?></td> 1493 <td> 1494 <?php if ($comment['member']) 1495 echo $comment['member'] . " (" . _EDITC_MEMBER . ")"; 1496 else 1497 echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")"; 1498 ?> 1499 </td> 1500 </tr><tr> 1501 <td><?php echo _EDITC_WHEN?></td> 1502 <td><?php echo date("Y-m-d @ H:i",$comment['timestamp']); ?></td> 1503 </tr><tr> 1504 <td><?php echo _EDITC_HOST?></td> 1505 <td><?php echo $comment['host']; ?></td> 1506 </tr> 1507 <tr> 1508 <td><?php echo _EDITC_URL; ?></td> 1509 <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td> 1510 </tr> 1511 <tr> 1512 <td><?php echo _EDITC_EMAIL; ?></td> 1513 <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td> 1514 </tr> 1515 <tr> 1516 <td><?php echo _EDITC_TEXT?></td> 1517 <td> 1518 <textarea name="body" tabindex="10" rows="10" cols="50"><?php // htmlspecialchars not needed (things should be escaped already) 1519 echo $comment['body']; 1520 ?></textarea> 1521 </td> 1522 </tr><tr> 1523 <td><?php echo _EDITC_EDIT?></td> 1524 <td><input type="submit" tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td> 1525 </tr></table> 1526 1527 </div></form> 1528 <?php 1529 $this->pagefoot(); 1530 } 1531 1532 /** 1533 * @todo document this 1534 */ 1535 function action_commentupdate() { 1536 global $member, $manager; 1537 1538 $commentid = intRequestVar('commentid'); 1539 1540 $member->canAlterComment($commentid) or $this->disallow(); 1541 1542 $url = postVar('url'); 1543 $email = postVar('email'); 1544 $body = postVar('body'); 1545 1546 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 1547 # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE 1548 # important note that '\' must be matched with '\\\\' in preg* expressions 1549 1550 // intercept words that are too long 1551 if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE) 1552 { 1553 $this->error(_ERROR_COMMENT_LONGWORD); 1554 } 1555 1556 // check length 1557 if (strlen($body) < 3) 1558 { 1559 $this->error(_ERROR_COMMENT_NOCOMMENT); 1560 } 1561 1562 if (strlen($body) > 5000) 1563 { 1564 $this->error(_ERROR_COMMENT_TOOLONG); 1565 } 1566 1567 // prepare body 1568 $body = COMMENT::prepareBody($body); 1569 1570 // call plugins 1571 $manager->notify('PreUpdateComment',array('body' => &$body)); 1572 1573 $query = 'UPDATE ' . sql_table('comment') 1574 . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'" 1575 . " WHERE cnumber = " . $commentid; 1576 sql_query($query); 1577 1578 // get itemid 1579 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); 1580 $o = sql_fetch_object($res); 1581 $itemid = $o->citem; 1582 1583 if ($member->canAlterItem($itemid)) 1584 $this->action_itemcommentlist($itemid); 1585 else 1586 $this->action_browseowncomments(); 1587 1588 } 1589 1590 /** 1591 * @todo document this 1592 */ 1593 function action_commentdelete() { 1594 global $member, $manager; 1595 1596 $commentid = intRequestVar('commentid'); 1597 1598 $member->canAlterComment($commentid) or $this->disallow(); 1599 1600 $comment = COMMENT::getComment($commentid); 1601 1602 $body = strip_tags($comment['body']); 1603 $body = htmlspecialchars(shorten($body, 300, '...')); 1604 1605 if ($comment['member']) 1606 $author = $comment['member']; 1607 else 1608 $author = $comment['user']; 1609 1610 $this->pagehead(); 1611 ?> 1612 1613 <h2><?php echo _DELETE_CONFIRM?></h2> 1614 1615 <p><?php echo _CONFIRMTXT_COMMENT?></p> 1616 1617 <div class="note"> 1618 <b><?php echo _EDITC_WHO?>:</b> <?php echo $author ?> 1619 <br /> 1620 <b><?php echo _EDITC_TEXT?>:</b> <?php echo $body ?> 1621 </div> 1622 1623 <form method="post" action="index.php"><div> 1624 <input type="hidden" name="action" value="commentdeleteconfirm" /> 1625 <?php $manager->addTicketHidden() ?> 1626 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 1627 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 1628 </div></form> 1629 <?php 1630 $this->pagefoot(); 1631 } 1632 1633 /** 1634 * @todo document this 1635 */ 1636 function action_commentdeleteconfirm() { 1637 global $member; 1638 1639 $commentid = intRequestVar('commentid'); 1640 1641 // get item id first 1642 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); 1643 $o = sql_fetch_object($res); 1644 $itemid = $o->citem; 1645 1646 $error = $this->deleteOneComment($commentid); 1647 if ($error) 1648 $this->doError($error); 1649 1650 if ($member->canAlterItem($itemid)) 1651 $this->action_itemcommentlist($itemid); 1652 else 1653 $this->action_browseowncomments(); 1654 } 1655 1656 /** 1657 * @todo document this 1658 */ 1659 function deleteOneComment($commentid) { 1660 global $member, $manager; 1661 1662 $commentid = intval($commentid); 1663 1664 if (!$member->canAlterComment($commentid)) 1665 return _ERROR_DISALLOWED; 1666 1667 $manager->notify('PreDeleteComment', array('commentid' => $commentid)); 1668 1669 // delete the comments associated with the item 1670 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid; 1671 sql_query($query); 1672 1673 $manager->notify('PostDeleteComment', array('commentid' => $commentid)); 1674 1675 return ''; 1676 } 1677 1678 /** 1679 * Usermanagement main 1680 */ 1681 function action_usermanagement() { 1682 global $member, $manager; 1683 1684 // check if allowed 1685 $member->isAdmin() or $this->disallow(); 1686 1687 $this->pagehead(); 1688 1689 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 1690 1691 echo '<h2>' . _MEMBERS_TITLE .'</h2>'; 1692 1693 echo '<h3>' . _MEMBERS_CURRENT .'</h3>'; 1694 1695 // show list of members with actions 1696 $query = 'SELECT *' 1697 . ' FROM '.sql_table('member'); 1698 $template['content'] = 'memberlist'; 1699 $template['tabindex'] = 10; 1700 1701 $manager->loadClass("ENCAPSULATE"); 1702 $batch =& new BATCH('member'); 1703 $batch->showlist($query,'table',$template); 1704 1705 echo '<h3>' . _MEMBERS_NEW .'</h3>'; 1706 ?> 1707 <form method="post" action="index.php" name="memberedit"><div> 1708 1709 <input type="hidden" name="action" value="memberadd" /> 1710 <?php $manager->addTicketHidden() ?> 1711 1712 <table> 1713 <tr> 1714 <th colspan="2"><?php echo _MEMBERS_NEW?></th> 1715 </tr><tr> 1716 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 1717 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 1718 </td> 1719 <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td> 1720 </tr><tr> 1721 <td><?php echo _MEMBERS_REALNAME?></td> 1722 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td> 1723 </tr><tr> 1724 <td><?php echo _MEMBERS_PWD?></td> 1725 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td> 1726 </tr><tr> 1727 <td><?php echo _MEMBERS_REPPWD?></td> 1728 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td> 1729 </tr><tr> 1730 <td><?php echo _MEMBERS_EMAIL?></td> 1731 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td> 1732 </tr><tr> 1733 <td><?php echo _MEMBERS_URL?></td> 1734 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td> 1735 </tr><tr> 1736 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 1737 <td><?php $this->input_yesno('admin',0,10060); ?> </td> 1738 </tr><tr> 1739 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 1740 <td><?php $this->input_yesno('canlogin',1,10070); ?></td> 1741 </tr><tr> 1742 <td><?php echo _MEMBERS_NOTES?></td> 1743 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td> 1744 </tr><tr> 1745 <td><?php echo _MEMBERS_NEW?></td> 1746 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td> 1747 </tr></table> 1748 1749 </div></form> 1750 <?php 1751 $this->pagefoot(); 1752 } 1753 1754 /** 1755 * Edit member settings 1756 */ 1757 function action_memberedit() { 1758 $this->action_editmembersettings(intRequestVar('memberid')); 1759 } 1760 1761 /** 1762 * @todo document this 1763 */ 1764 function action_editmembersettings($memberid = '') { 1765 global $member, $manager, $CONF; 1766 1767 if ($memberid == '') 1768 $memberid = $member->getID(); 1769 1770 // check if allowed 1771 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 1772 1773 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 1774 $this->pagehead($extrahead); 1775 1776 // show message to go back to member overview (only for admins) 1777 if ($member->isAdmin()) 1778 echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>'; 1779 else 1780 echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>'; 1781 1782 echo '<h2>' . _MEMBERS_EDIT . '</h2>'; 1783 1784 $mem = MEMBER::createFromID($memberid); 1785 1786 ?> 1787 <form method="post" action="index.php" name="memberedit"><div> 1788 1789 <input type="hidden" name="action" value="changemembersettings" /> 1790 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 1791 <?php $manager->addTicketHidden() ?> 1792 1793 <table><tr> 1794 <th colspan="2"><?php echo _MEMBERS_EDIT?></th> 1795 </tr><tr> 1796 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 1797 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 1798 </td> 1799 <td> 1800 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 1801 <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo htmlspecialchars($mem->getDisplayName()); ?>" /> 1802 <?php } else { 1803 echo htmlspecialchars($member->getDisplayName()); 1804 } 1805 ?> 1806 </td> 1807 </tr><tr> 1808 <td><?php echo _MEMBERS_REALNAME?></td> 1809 <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo htmlspecialchars($mem->getRealName()); ?>" /></td> 1810 </tr><tr> 1811 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 1812 <td><?php echo _MEMBERS_PWD?></td> 1813 <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td> 1814 </tr><tr> 1815 <td><?php echo _MEMBERS_REPPWD?></td> 1816 <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td> 1817 <?php } ?> 1818 </tr><tr> 1819 <td><?php echo _MEMBERS_EMAIL?> 1820 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small> 1821 </td> 1822 <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo htmlspecialchars($mem->getEmail()); ?>" /></td> 1823 </tr><tr> 1824 <td><?php echo _MEMBERS_URL?></td> 1825 <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getURL()); ?>" /></td> 1826 <?php // only allow to change this by super-admins 1827 // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-) 1828 if ($member->isAdmin()) { 1829 ?> 1830 </tr><tr> 1831 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 1832 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td> 1833 </tr><tr> 1834 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 1835 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td> 1836 <?php } ?> 1837 </tr><tr> 1838 <td><?php echo _MEMBERS_NOTES?></td> 1839 <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getNotes()); ?>" /></td> 1840 </tr><tr> 1841 <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?> 1842 </td> 1843 <td> 1844 1845 <select name="deflang" tabindex="85"> 1846 <option value=""><?php echo _MEMBERS_USESITELANG?></option> 1847 <?php // show a dropdown list of all available languages 1848 global $DIR_LANG; 1849 $dirhandle = opendir($DIR_LANG); 1850 1851 while ($filename = readdir($dirhandle)) 1852 { 1853 1854 # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 1855 # original ereg: ereg("^(.*)\.php$", $filename, $matches) 1856 1857 if (preg_match('#^(.*)\.php$#', $filename, $matches) ) 1858 { 1859 1860 $name = $matches[1]; 1861 echo "<option value=\"$name\""; 1862 1863 if ($name == $mem->getLanguage() ) 1864 { 1865 echo " selected=\"selected\""; 1866 } 1867 1868 echo ">$name</option>"; 1869 1870 } 1871 1872 } 1873 1874 closedir($dirhandle); 1875 1876 ?> 1877 </select> 1878 1879 </td> 1880 </tr> 1881 <tr> 1882 <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td> 1883 <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td> 1884 </tr> 1885 <?php 1886 // plugin options 1887 $this->_insertPluginOptions('member',$memberid); 1888 ?> 1889 <tr> 1890 <th colspan="2"><?php echo _MEMBERS_EDIT ?></th> 1891 </tr><tr> 1892 <td><?php echo _MEMBERS_EDIT?></td> 1893 <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td> 1894 </tr></table> 1895 1896 </div></form> 1897 1898 <?php 1899 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 1900 1901 $manager->notify( 1902 'MemberSettingsFormExtras', 1903 array( 1904 'member' => &$mem 1905 ) 1906 ); 1907 1908 $this->pagefoot(); 1909 } 1910 1911 /** 1912 * @todo document this 1913 */ 1914 function action_changemembersettings() { 1915 global $member, $CONF, $manager; 1916 1917 $memberid = intRequestVar('memberid'); 1918 1919 // check if allowed 1920 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 1921 1922 $name = trim(strip_tags(postVar('name'))); 1923 $realname = trim(strip_tags(postVar('realname'))); 1924 $password = postVar('password'); 1925 $repeatpassword = postVar('repeatpassword'); 1926 $email = strip_tags(postVar('email')); 1927 $url = strip_tags(postVar('url')); 1928 1929 # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 1930 # original eregi: !eregi("^https?://", $url) 1931 1932 // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. 1933 if (!preg_match('#^https?://#', $url) ) 1934 { 1935 $url = 'http://' . $url; 1936 } 1937 1938 $admin = postVar('admin'); 1939 $canlogin = postVar('canlogin'); 1940 $notes = strip_tags(postVar('notes')); 1941 $deflang = postVar('deflang'); 1942 1943 $mem = MEMBER::createFromID($memberid); 1944 1945 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 1946 1947 if (!isValidDisplayName($name)) 1948 $this->error(_ERROR_BADNAME); 1949 1950 if (($name != $mem->getDisplayName()) && MEMBER::exists($name)) 1951 $this->error(_ERROR_NICKNAMEINUSE); 1952 1953 if ($password != $repeatpassword) 1954 $this->error(_ERROR_PASSWORDMISMATCH); 1955 1956 if ($password && (strlen($password) < 6)) 1957 $this->error(_ERROR_PASSWORDTOOSHORT); 1958 1959 if ($password) { 1960 $pwdvalid = true; 1961 $pwderror = ''; 1962 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); 1963 if (!$pwdvalid) { 1964 $this->error($pwderror); 1965 } 1966 } 1967 } 1968 1969 if (!isValidMailAddress($email)) 1970 $this->error(_ERROR_BADMAILADDRESS); 1971 1972 1973 if (!$realname) 1974 $this->error(_ERROR_REALNAMEMISSING); 1975 1976 if (($deflang != '') && (!checkLanguage($deflang))) 1977 $this->error(_ERROR_NOSUCHLANGUAGE); 1978 1979 // check if there will remain at least one site member with both the logon and admin rights 1980 // (check occurs when taking away one of these rights from such a member) 1981 if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) 1982 || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) 1983 ) 1984 { 1985 $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); 1986 if (sql_num_rows($r) < 2) 1987 $this->error(_ERROR_ATLEASTONEADMIN); 1988 } 1989 1990 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 1991 $mem->setDisplayName($name); 1992 if ($password) 1993 $mem->setPassword($password); 1994 } 1995 1996 $oldEmail = $mem->getEmail(); 1997 1998 $mem->setRealName($realname); 1999 $mem->setEmail($email); 2000 $mem->setURL($url); 2001 $mem->setNotes($notes); 2002 $mem->setLanguage($deflang); 2003 2004 2005 // only allow super-admins to make changes to the admin status 2006 if ($member->isAdmin()) { 2007 $mem->setAdmin($admin); 2008 $mem->setCanLogin($canlogin); 2009 } 2010 2011 $autosave = postVar ('autosave'); 2012 $mem->setAutosave($autosave); 2013 2014 $mem->write(); 2015 2016 // store plugin options 2017 $aOptions = requestArray('plugoption'); 2018 NucleusPlugin::_applyPluginOptions($aOptions); 2019 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); 2020 2021 // if email changed, generate new password 2022 if ($oldEmail != $mem->getEmail()) 2023 { 2024 $mem->sendActivationLink('addresschange', $oldEmail); 2025 // logout member 2026 $mem->newCookieKey(); 2027 2028 // only log out if the member being edited is the current member. 2029 if ($member->getID() == $memberid) 2030 $member->logout(); 2031 $this->action_login(_MSG_ACTIVATION_SENT, 0); 2032 return; 2033 } 2034 2035 2036 if ( ( $mem->getID() == $member->getID() ) 2037 && ( $mem->getDisplayName() != $member->getDisplayName() ) 2038 ) { 2039 $mem->newCookieKey(); 2040 $member->logout(); 2041 $this->action_login(_MSG_LOGINAGAIN, 0); 2042 } else { 2043 $this->action_overview(_MSG_SETTINGSCHANGED); 2044 } 2045 } 2046 2047 /** 2048 * @todo document this 2049 */ 2050 function action_memberadd() { 2051 global $member, $manager; 2052 2053 // check if allowed 2054 $member->isAdmin() or $this->disallow(); 2055 2056 if (postVar('password') != postVar('repeatpassword')) 2057 $this->error(_ERROR_PASSWORDMISMATCH); 2058 if (strlen(postVar('password')) < 6) 2059 $this->error(_ERROR_PASSWORDTOOSHORT); 2060 2061 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes')); 2062 if ($res != 1) 2063 $this->error($res); 2064 2065 // fire PostRegister event 2066 $newmem = new MEMBER(); 2067 $newmem->readFromName(postVar('name')); 2068 $manager->notify('PostRegister',array('member' => &$newmem)); 2069 2070 $this->action_usermanagement(); 2071 } 2072 2073 /** 2074 * Account activation 2075 * 2076 * @author dekarma 2077 */ 2078 function action_activate() { 2079 2080 $key = getVar('key'); 2081 $this->_showActivationPage($key); 2082 } 2083 2084 /** 2085 * @todo document this 2086 */ 2087 function _showActivationPage($key, $message = '') 2088 { 2089 global $manager; 2090 2091 // clean up old activation keys 2092 MEMBER::cleanupActivationTable(); 2093 2094 // get activation info 2095 $info = MEMBER::getActivationInfo($key); 2096 2097 if (!$info) 2098 $this->error(_ERROR_ACTIVATE); 2099 2100 $mem = MEMBER::createFromId($info->vmember); 2101 2102 if (!$mem) 2103 $this->error(_ERROR_ACTIVATE); 2104 2105 $text = ''; 2106 $title = ''; 2107 $bNeedsPasswordChange = true; 2108 2109 switch ($info->vtype) 2110 { 2111 case 'forgot': 2112 $title = _ACTIVATE_FORGOT_TITLE; 2113 $text = _ACTIVATE_FORGOT_TEXT; 2114 break; 2115 case 'register': 2116 $title = _ACTIVATE_REGISTER_TITLE; 2117 $text = _ACTIVATE_REGISTER_TEXT; 2118 break; 2119 case 'addresschange': 2120 $title = _ACTIVATE_CHANGE_TITLE; 2121 $text = _ACTIVATE_CHANGE_TEXT; 2122 $bNeedsPasswordChange = false; 2123 MEMBER::activate($key); 2124 break; 2125 } 2126 2127 $aVars = array( 2128 'memberName' => htmlspecialchars($mem->getDisplayName()) 2129 ); 2130 $title = TEMPLATE::fill($title, $aVars); 2131 $text = TEMPLATE::fill($text, $aVars); 2132 2133 $this->pagehead(); 2134 2135 echo '<h2>' , $title, '</h2>'; 2136 echo '<p>' , $text, '</p>'; 2137 2138 if ($message != '') 2139 { 2140 echo '<p class="error">',$message,'</p>'; 2141 } 2142 2143 if ($bNeedsPasswordChange) 2144 { 2145 ?> 2146 <div><form action="index.php" method="post"> 2147 2148 <input type="hidden" name="action" value="activatesetpwd" /> 2149 <?php $manager->addTicketHidden() ?> 2150 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" /> 2151 2152 <table><tr> 2153 <td><?php echo _MEMBERS_PWD?></td> 2154 <td><input type="password" maxlength="40" size="16" name="password" /></td> 2155 </tr><tr> 2156 <td><?php echo _MEMBERS_REPPWD?></td> 2157 <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td> 2158 <?php 2159 2160 global $manager; 2161 $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem)); 2162 2163 ?> 2164 </tr><tr> 2165 <td><?php echo _MEMBERS_SETPWD ?></td> 2166 <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td> 2167 </tr></table> 2168 2169 2170 </form></div> 2171 2172 <?php 2173 2174 } 2175 2176 $this->pagefoot(); 2177 2178 } 2179 2180 /** 2181 * Account activation - set password part 2182 * 2183 * @author dekarma 2184 */ 2185 function action_activatesetpwd() { 2186 2187 $key = postVar('key'); 2188 2189 // clean up old activation keys 2190 MEMBER::cleanupActivationTable(); 2191 2192 // get activation info 2193 $info = MEMBER::getActivationInfo($key); 2194 2195 if (!$info || ($info->type == 'addresschange')) 2196 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 2197 2198 $mem = MEMBER::createFromId($info->vmember); 2199 2200 if (!$mem) 2201 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 2202 2203 $password = postVar('password'); 2204 $repeatpassword = postVar('repeatpassword'); 2205 2206 if ($password != $repeatpassword) 2207 return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); 2208 2209 if ($password && (strlen($password) < 6)) 2210 return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); 2211 2212 if ($password) { 2213 $pwdvalid = true; 2214 $pwderror = ''; 2215 global $manager; 2216 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); 2217 if (!$pwdvalid) { 2218 return $this->_showActivationPage($key,$pwderror); 2219 } 2220 } 2221 2222 $error = ''; 2223 2224 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error)); 2225 if ($error != '') 2226 return $this->_showActivationPage($key, $error); 2227 2228 2229 // set password 2230 $mem->setPassword($password); 2231 $mem->write(); 2232 2233 // do the activation 2234 MEMBER::activate($key); 2235 2236 $this->pagehead(); 2237 echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>'; 2238 echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>'; 2239 $this->pagefoot(); 2240 } 2241 2242 /** 2243 * Manage team 2244 */ 2245 function action_manageteam() { 2246 global $member, $manager; 2247 2248 $blogid = intRequestVar('blogid'); 2249 2250 // check if allowed 2251 $member->blogAdminRights($blogid) or $this->disallow(); 2252 2253 $this->pagehead(); 2254 2255 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 2256 2257 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>'; 2258 2259 echo '<h3>' . _TEAM_CURRENT . '</h3>'; 2260 2261 2262 2263 $query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin' 2264 . ' FROM '.sql_table('member').', '.sql_table('team') 2265 . ' WHERE tmember=mnumber and tblog=' . $blogid; 2266 2267 $template['content'] = 'teamlist'; 2268 $template['tabindex'] = 10; 2269 2270 $manager->loadClass("ENCAPSULATE"); 2271 $batch =& new BATCH('team'); 2272 $batch->showlist($query, 'table', $template); 2273 2274 ?> 2275 <h3><?php echo _TEAM_ADDNEW?></h3> 2276 2277 <form method='post' action='index.php'><div> 2278 2279 <input type='hidden' name='action' value='teamaddmember' /> 2280 <input type='hidden' name='blogid' value='<?php echo $blogid; ?>' /> 2281 <?php $manager->addTicketHidden() ?> 2282 2283 <table><tr> 2284 <td><?php echo _TEAM_CHOOSEMEMBER?></td> 2285 <td><?php // TODO: try to make it so only non-team-members are listed 2286 $query = 'SELECT mname as text, mnumber as value' 2287 . ' FROM '.sql_table('member'); 2288 2289 $template['name'] = 'memberid'; 2290 $template['tabindex'] = 10000; 2291 showlist($query,'select',$template); 2292 ?></td> 2293 </tr><tr> 2294 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td> 2295 <td><?php $this->input_yesno('admin',0,10020); ?></td> 2296 </tr><tr> 2297 <td><?php echo _TEAM_ADD?></td> 2298 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td> 2299 </tr></table> 2300 2301 </div></form> 2302 <?php 2303 $this->pagefoot(); 2304 } 2305 2306 /** 2307 * Add member to team 2308 */ 2309 function action_teamaddmember() { 2310 global $member, $manager; 2311 2312 $memberid = intPostVar('memberid'); 2313 $blogid = intPostVar('blogid'); 2314 $admin = intPostVar('admin'); 2315 2316 // check if allowed 2317 $member->blogAdminRights($blogid) or $this->disallow(); 2318 2319 $blog =& $manager->getBlog($blogid); 2320 if (!$blog->addTeamMember($memberid, $admin)) 2321 $this->error(_ERROR_ALREADYONTEAM); 2322 2323 $this->action_manageteam(); 2324 2325 } 2326 2327 /** 2328 * @todo document this 2329 */ 2330 function action_teamdelete() { 2331 global $member, $manager; 2332 2333 $memberid = intRequestVar('memberid'); 2334 $blogid = intRequestVar('blogid'); 2335 2336 // check if allowed 2337 $member->blogAdminRights($blogid) or $this->disallow(); 2338 2339 $teammem = MEMBER::createFromID($memberid); 2340 $blog =& $manager->getBlog($blogid); 2341 2342 $this->pagehead(); 2343 ?> 2344 <h2><?php echo _DELETE_CONFIRM?></h2> 2345 2346 <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b> 2347 </p> 2348 2349 2350 <form method="post" action="index.php"><div> 2351 <input type="hidden" name="action" value="teamdeleteconfirm" /> 2352 <?php $manager->addTicketHidden() ?> 2353 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 2354 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 2355 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 2356 </div></form> 2357 <?php 2358 $this->pagefoot(); 2359 } 2360 2361 /** 2362 * @todo document this 2363 */ 2364 function action_teamdeleteconfirm() { 2365 global $member; 2366 2367 $memberid = intRequestVar('memberid'); 2368 $blogid = intRequestVar('blogid'); 2369 2370 $error = $this->deleteOneTeamMember($blogid, $memberid); 2371 if ($error) 2372 $this->error($error); 2373 2374 2375 $this->action_manageteam(); 2376 } 2377 2378 /** 2379 * @todo document this 2380 */ 2381 function deleteOneTeamMember($blogid, $memberid) { 2382 global $member, $manager; 2383 2384 $blogid = intval($blogid); 2385 $memberid = intval($memberid); 2386 2387 // check if allowed 2388 if (!$member->blogAdminRights($blogid)) 2389 return _ERROR_DISALLOWED; 2390 2391 // check if: - there remains at least one blog admin 2392 // - (there remains at least one team member) 2393 $tmem = MEMBER::createFromID($memberid); 2394 2395 $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); 2396 2397 if ($tmem->isBlogAdmin($blogid)) { 2398 // check if there are more blog members left and at least one admin 2399 // (check for at least two admins before deletion) 2400 $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1'; 2401 $r = sql_query($query); 2402 if (sql_num_rows($r) < 2) 2403 return _ERROR_ATLEASTONEBLOGADMIN; 2404 } 2405 2406 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid"; 2407 sql_query($query); 2408 2409 $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); 2410 2411 return ''; 2412 } 2413 2414 /** 2415 * @todo document this 2416 */ 2417 function action_teamchangeadmin() { 2418 global $member; 2419 2420 $blogid = intRequestVar('blogid'); 2421 $memberid = intRequestVar('memberid'); 2422 2423 // check if allowed 2424 $member->blogAdminRights($blogid) or $this->disallow(); 2425 2426 $mem = MEMBER::createFromID($memberid); 2427 2428 // don't allow when there is only one admin at this moment 2429 if ($mem->isBlogAdmin($blogid)) { 2430 $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); 2431 if (sql_num_rows($r) == 1) 2432 $this->error(_ERROR_ATLEASTONEBLOGADMIN); 2433 } 2434 2435 if ($mem->isBlogAdmin($blogid)) 2436 $newval = 0; 2437 else 2438 $newval = 1; 2439 2440 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; 2441 sql_query($query); 2442 2443 // only show manageteam if member did not change its own admin privileges 2444 if ($member->isBlogAdmin($blogid)) 2445 $this->action_manageteam(); 2446 else 2447 $this->action_overview(_MSG_ADMINCHANGED); 2448 } 2449 2450 /** 2451 * @todo document this 2452 */ 2453 function action_blogsettings() { 2454 global $member, $manager; 2455 2456 $blogid = intRequestVar('blogid'); 2457 2458 // check if allowed 2459 $member->blogAdminRights($blogid) or $this->disallow(); 2460 2461 $blog =& $manager->getBlog($blogid); 2462 2463 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 2464 $this->pagehead($extrahead); 2465 2466 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 2467 ?> 2468 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2> 2469 2470 <h3><?php echo _EBLOG_TEAM_TITLE?></h3> 2471 2472 <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?> 2473 <?php 2474 $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid)); 2475 $aMemberNames = array(); 2476 while ($o = sql_fetch_object($res)) 2477 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')'); 2478 echo implode(',', $aMemberNames); 2479 ?> 2480 </p> 2481 2482 2483 2484 <p> 2485 <a href="index.php?action=manageteam&blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a> 2486 </p> 2487 2488 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3> 2489 2490 <form method="post" action="index.php"><div> 2491 2492 <input type="hidden" name="action" value="blogsettingsupdate" /> 2493 <?php $manager->addTicketHidden() ?> 2494 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 2495 <table><tr> 2496 <td><?php echo _EBLOG_NAME?></td> 2497 <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getName()) ?>" /></td> 2498 </tr><tr> 2499 <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?> 2500 <?php echo _EBLOG_SHORTNAME_EXTRA?> 2501 </td> 2502 <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo htmlspecialchars($blog->getShortName()) ?>" /></td> 2503 </tr><tr> 2504 <td><?php echo _EBLOG_DESC?></td> 2505 <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo htmlspecialchars($blog->getDescription()) ?>" /></td> 2506 </tr><tr> 2507 <td><?php echo _EBLOG_URL?></td> 2508 <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo htmlspecialchars($blog->getURL()) ?>" /></td> 2509 </tr><tr> 2510 <td><?php echo _EBLOG_DEFSKIN?> 2511 <?php help('blogdefaultskin'); ?> 2512 </td> 2513 <td> 2514 <?php 2515 $query = 'SELECT sdname as text, sdnumber as value' 2516 . ' FROM '.sql_table('skin_desc'); 2517 $template['name'] = 'defskin'; 2518 $template['selected'] = $blog->getDefaultSkin(); 2519 $template['tabindex'] = 50; 2520 showlist($query,'select',$template); 2521 ?> 2522 2523 </td> 2524 </tr><tr> 2525 <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?> 2526 </td> 2527 <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td> 2528 </tr><tr> 2529 <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?> 2530 </td> 2531 <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td> 2532 </tr><tr> 2533 <td><?php echo _EBLOG_DISABLECOMMENTS?> 2534 </td> 2535 <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td> 2536 </tr><tr> 2537 <td><?php echo _EBLOG_ANONYMOUS?> 2538 </td> 2539 <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td> 2540 </tr><tr> 2541 <td><?php echo _EBLOG_REQUIREDEMAIL?> 2542 </td> 2543 <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td> 2544 </tr><tr> 2545 <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td> 2546 <td><input name="notify" tabindex="80" maxlength="128" size="40" value="<?php echo htmlspecialchars($blog->getNotifyAddress()); ?>" /></td> 2547 </tr><tr> 2548 <td><?php echo _EBLOG_NOTIFY_ON?></td> 2549 <td> 2550 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment" 2551 <?php if ($blog->notifyOnComment()) echo "checked='checked'" ?> 2552 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label> 2553 <br /> 2554 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote" 2555 <?php if ($blog->notifyOnVote()) echo "checked='checked'" ?> 2556 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label> 2557 <br /> 2558 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem" 2559 <?php if ($blog->notifyOnNewItem()) echo "checked='checked'" ?> 2560 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label> 2561 </td> 2562 </tr><tr> 2563 <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td> 2564 <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo htmlspecialchars($blog->getMaxComments()); ?>" /></td> 2565 </tr><tr> 2566 <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td> 2567 <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getUpdateFile()) ?>" /></td> 2568 </tr><tr> 2569 <td><?php echo _EBLOG_DEFCAT?></td> 2570 <td> 2571 <?php 2572 $query = 'SELECT cname as text, catid as value' 2573 . ' FROM '.sql_table('category') 2574 . ' WHERE cblog=' . $blog->getID(); 2575 $template['name'] = 'defcat'; 2576 $template['selected'] = $blog->getDefaultCategory(); 2577 $template['tabindex'] = 110; 2578 showlist($query,'select',$template); 2579 ?> 2580 </td> 2581 </tr><tr> 2582 <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?> 2583 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 2584 <br /><?php echo _EBLOG_BTIME?> <b><?php echo strftime("%H:%M",$blog->getCorrectTime()); ?></b> 2585 </td> 2586 <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo htmlspecialchars($blog->getTimeOffset()); ?>" /></td> 2587 </tr><tr> 2588 <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td> 2589 <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td> 2590 </tr> 2591 <?php 2592 // plugin options 2593 $this->_insertPluginOptions('blog',$blogid); 2594 ?> 2595 <tr> 2596 <th colspan="2"><?php echo _EBLOG_CHANGE?></th> 2597 </tr><tr> 2598 <td><?php echo _EBLOG_CHANGE?></td> 2599 <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td> 2600 </tr></table> 2601 2602 </div></form> 2603 2604 <h3><?php echo _EBLOG_CAT_TITLE?></h3> 2605 2606 2607 <?php 2608 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname'; 2609 $template['content'] = 'categorylist'; 2610 $template['tabindex'] = 200; 2611 2612 $manager->loadClass("ENCAPSULATE"); 2613 $batch =& new BATCH('category'); 2614 $batch->showlist($query,'table',$template); 2615 2616 ?> 2617 2618 2619 <form action="index.php" method="post"><div> 2620 <input name="action" value="categorynew" type="hidden" /> 2621 <?php $manager->addTicketHidden() ?> 2622 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" /> 2623 2624 <table><tr> 2625 <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th> 2626 </tr><tr> 2627 <td><?php echo _EBLOG_CAT_NAME?></td> 2628 <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td> 2629 </tr><tr> 2630 <td><?php echo _EBLOG_CAT_DESC?></td> 2631 <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td> 2632 </tr><tr> 2633 <td><?php echo _EBLOG_CAT_CREATE?></td> 2634 <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td> 2635 </tr></table> 2636 2637 </div></form> 2638 2639 <?php 2640 2641 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 2642 2643 $manager->notify( 2644 'BlogSettingsFormExtras', 2645 array( 2646 'blog' => &$blog 2647 ) 2648 ); 2649 2650 $this->pagefoot(); 2651 } 2652 2653 /** 2654 * @todo document this 2655 */ 2656 function action_categorynew() { 2657 global $member, $manager; 2658 2659 $blogid = intRequestVar('blogid'); 2660 2661 $member->blogAdminRights($blogid) or $this->disallow(); 2662 2663 $cname = postVar('cname'); 2664 $cdesc = postVar('cdesc'); 2665 2666 if (!isValidCategoryName($cname)) 2667 $this->error(_ERROR_BADCATEGORYNAME); 2668 2669 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid); 2670 $res = sql_query($query); 2671 if (sql_num_rows($res) > 0) 2672 $this->error(_ERROR_DUPCATEGORYNAME); 2673 2674 $blog =& $manager->getBlog($blogid); 2675 $newCatID = $blog->createNewCategory($cname, $cdesc); 2676 2677 $this->action_blogsettings(); 2678 } 2679 2680 /** 2681 * @todo document this 2682 */ 2683 function action_categoryedit($catid = '', $blogid = '', $desturl = '') { 2684 global $member, $manager; 2685 2686 if ($blogid == '') 2687 $blogid = intGetVar('blogid'); 2688 else 2689 $blogid = intval($blogid); 2690 if ($catid == '') 2691 $catid = intGetVar('catid'); 2692 else 2693 $catid = intval($catid); 2694 2695 $member->blogAdminRights($blogid) or $this->disallow(); 2696 2697 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid"); 2698 $obj = sql_fetch_object($res); 2699 2700 $cname = $obj->cname; 2701 $cdesc = $obj->cdesc; 2702 2703 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 2704 $this->pagehead($extrahead); 2705 2706 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 2707 2708 ?> 2709 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2> 2710 <form method='post' action='index.php'><div> 2711 <input name="blogid" type="hidden" value="<?php echo $blogid?>" /> 2712 <input name="catid" type="hidden" value="<?php echo $catid?>" /> 2713 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" /> 2714 <input name="action" type="hidden" value="categoryupdate" /> 2715 <?php $manager->addTicketHidden(); ?> 2716 2717 <table><tr> 2718 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 2719 </tr><tr> 2720 <td><?php echo _EBLOG_CAT_NAME?></td> 2721 <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td> 2722 </tr><tr> 2723 <td><?php echo _EBLOG_CAT_DESC?></td> 2724 <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td> 2725 </tr> 2726 <?php 2727 // insert plugin options 2728 $this->_insertPluginOptions('category',$catid); 2729 ?> 2730 <tr> 2731 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 2732 </tr><tr> 2733 <td><?php echo _EBLOG_CAT_UPDATE?></td> 2734 <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td> 2735 </tr></table> 2736 2737 </div></form> 2738 <?php 2739 $this->pagefoot(); 2740 } 2741 2742 /** 2743 * @todo document this 2744 */ 2745 function action_categoryupdate() { 2746 global $member, $manager; 2747 2748 $blogid = intPostVar('blogid'); 2749 $catid = intPostVar('catid'); 2750 $cname = postVar('cname'); 2751 $cdesc = postVar('cdesc'); 2752 $desturl = postVar('desturl'); 2753 2754 $member->blogAdminRights($blogid) or $this->disallow(); 2755 2756 if (!isValidCategoryName($cname)) 2757 $this->error(_ERROR_BADCATEGORYNAME); 2758 2759 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)"; 2760 $res = sql_query($query); 2761 if (sql_num_rows($res) > 0) 2762 $this->error(_ERROR_DUPCATEGORYNAME); 2763 2764 $query = 'UPDATE '.sql_table('category').' SET' 2765 . " cname='" . sql_real_escape_string($cname) . "'," 2766 . " cdesc='" . sql_real_escape_string($cdesc) . "'" 2767 . " WHERE catid=" . $catid; 2768 2769 sql_query($query); 2770 2771 // store plugin options 2772 $aOptions = requestArray('plugoption'); 2773 NucleusPlugin::_applyPluginOptions($aOptions); 2774 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid)); 2775 2776 2777 if ($desturl) { 2778 redirect($desturl); 2779 exit; 2780 } else { 2781 $this->action_blogsettings(); 2782 } 2783 } 2784 2785 /** 2786 * @todo document this 2787 */ 2788 function action_categorydelete() { 2789 global $member, $manager; 2790 2791 $blogid = intRequestVar('blogid'); 2792 $catid = intRequestVar('catid'); 2793 2794 $member->blogAdminRights($blogid) or $this->disallow(); 2795 2796 $blog =& $manager->getBlog($blogid); 2797 2798 // check if the category is valid 2799 if (!$blog->isValidCategory($catid)) 2800 $this->error(_ERROR_NOSUCHCATEGORY); 2801 2802 // don't allow deletion of default category 2803 if ($blog->getDefaultCategory() == $catid) 2804 $this->error(_ERROR_DELETEDEFCATEGORY); 2805 2806 // check if catid is the only category left for blogid 2807 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 2808 $res = sql_query($query); 2809 if (sql_num_rows($res) == 1) 2810 $this->error(_ERROR_DELETELASTCATEGORY); 2811 2812 2813 $this->pagehead(); 2814 ?> 2815 <h2><?php echo _DELETE_CONFIRM?></h2> 2816 2817 <div> 2818 <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo htmlspecialchars($blog->getCategoryName($catid))?></b> 2819 </div> 2820 2821 <form method="post" action="index.php"><div> 2822 <input type="hidden" name="action" value="categorydeleteconfirm" /> 2823 <?php $manager->addTicketHidden() ?> 2824 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 2825 <input type="hidden" name="catid" value="<?php echo $catid?>" /> 2826 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 2827 </div></form> 2828 <?php 2829 $this->pagefoot(); 2830 } 2831 2832 /** 2833 * @todo document this 2834 */ 2835 function action_categorydeleteconfirm() { 2836 global $member, $manager; 2837 2838 $blogid = intRequestVar('blogid'); 2839 $catid = intRequestVar('catid'); 2840 2841 $member->blogAdminRights($blogid) or $this->disallow(); 2842 2843 $error = $this->deleteOneCategory($catid); 2844 if ($error) 2845 $this->error($error); 2846 2847 $this->action_blogsettings(); 2848 } 2849 2850 /** 2851 * @todo document this 2852 */ 2853 function deleteOneCategory($catid) { 2854 global $manager, $member; 2855 2856 $catid = intval($catid); 2857 2858 $blogid = getBlogIDFromCatID($catid); 2859 2860 if (!$member->blogAdminRights($blogid)) 2861 return ERROR_DISALLOWED; 2862 2863 // get blog 2864 $blog =& $manager->getBlog($blogid); 2865 2866 // check if the category is valid 2867 if (!$blog || !$blog->isValidCategory($catid)) 2868 return _ERROR_NOSUCHCATEGORY; 2869 2870 $destcatid = $blog->getDefaultCategory(); 2871 2872 // don't allow deletion of default category 2873 if ($blog->getDefaultCategory() == $catid) 2874 return _ERROR_DELETEDEFCATEGORY; 2875 2876 // check if catid is the only category left for blogid 2877 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 2878 $res = sql_query($query); 2879 if (sql_num_rows($res) == 1) 2880 return _ERROR_DELETELASTCATEGORY; 2881 2882 $manager->notify('PreDeleteCategory', array('catid' => $catid)); 2883 2884 // change category for all items to the default category 2885 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid"; 2886 sql_query($query); 2887 2888 // delete all associated plugin options 2889 NucleusPlugin::_deleteOptionValues('category', $catid); 2890 2891 // delete category 2892 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid; 2893 sql_query($query); 2894 2895 $manager->notify('PostDeleteCategory', array('catid' => $catid)); 2896 2897 } 2898 2899 /** 2900 * @todo document this 2901 */ 2902 function moveOneCategory($catid, $destblogid) { 2903 global $manager, $member; 2904 2905 $catid = intval($catid); 2906 $destblogid = intval($destblogid); 2907 2908 $blogid = getBlogIDFromCatID($catid); 2909 2910 // mover should have admin rights on both blogs 2911 if (!$member->blogAdminRights($blogid)) 2912 return _ERROR_DISALLOWED; 2913 if (!$member->blogAdminRights($destblogid)) 2914 return _ERROR_DISALLOWED; 2915 2916 // cannot move to self 2917 if ($blogid == $destblogid) 2918 return _ERROR_MOVETOSELF; 2919 2920 // get blogs 2921 $blog =& $manager->getBlog($blogid); 2922 $destblog =& $manager->getBlog($destblogid); 2923 2924 // check if the category is valid 2925 if (!$blog || !$blog->isValidCategory($catid)) 2926 return _ERROR_NOSUCHCATEGORY; 2927 2928 // don't allow default category to be moved 2929 if ($blog->getDefaultCategory() == $catid) 2930 return _ERROR_MOVEDEFCATEGORY; 2931 2932 $manager->notify( 2933 'PreMoveCategory', 2934 array( 2935 'catid' => &$catid, 2936 'sourceblog' => &$blog, 2937 'destblog' => &$destblog 2938 ) 2939 ); 2940 2941 // update comments table (cblog) 2942 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid; 2943 $items = sql_query($query); 2944 while ($oItem = sql_fetch_object($items)) { 2945 sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber); 2946 } 2947 2948 // update items (iblog) 2949 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid; 2950 sql_query($query); 2951 2952 // move category 2953 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid; 2954 sql_query($query); 2955 2956 $manager->notify( 2957 'PostMoveCategory', 2958 array( 2959 'catid' => &$catid, 2960 'sourceblog' => &$blog, 2961 'destblog' => $destblog 2962 ) 2963 ); 2964 2965 } 2966 2967 /** 2968 * @todo document this 2969 */ 2970 function action_blogsettingsupdate() { 2971 global $member, $manager; 2972 2973 $blogid = intRequestVar('blogid'); 2974 2975 $member->blogAdminRights($blogid) or $this->disallow(); 2976 2977 $blog =& $manager->getBlog($blogid); 2978 2979 $notify = trim(postVar('notify')); 2980 $shortname = trim(postVar('shortname')); 2981 $updatefile = trim(postVar('update')); 2982 2983 $notifyComment = intPostVar('notifyComment'); 2984 $notifyVote = intPostVar('notifyVote'); 2985 $notifyNewItem = intPostVar('notifyNewItem'); 2986 2987 if ($notifyComment == 0) $notifyComment = 1; 2988 if ($notifyVote == 0) $notifyVote = 1; 2989 if ($notifyNewItem == 0) $notifyNewItem = 1; 2990 2991 $notifyType = $notifyComment * $notifyVote * $notifyNewItem; 2992 2993 2994 if ($notify) { 2995 $not =& new NOTIFICATION($notify); 2996 if (!$not->validAddresses()) 2997 $this->error(_ERROR_BADNOTIFY); 2998 2999 } 3000 3001 if (!isValidShortName($shortname)) 3002 $this->error(_ERROR_BADSHORTBLOGNAME); 3003 3004 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname)) 3005 $this->error(_ERROR_DUPSHORTBLOGNAME); 3006 3007 // check if update file is writable 3008 if ($updatefile && !is_writeable($updatefile)) 3009 $this->error(_ERROR_UPDATEFILE); 3010 3011 $blog->setName(trim(postVar('name'))); 3012 $blog->setShortName($shortname); 3013 $blog->setNotifyAddress($notify); 3014 $blog->setNotifyType($notifyType); 3015 $blog->setMaxComments(postVar('maxcomments')); 3016 $blog->setCommentsEnabled(postVar('comments')); 3017 $blog->setTimeOffset(postVar('timeoffset')); 3018 $blog->setUpdateFile($updatefile); 3019 $blog->setURL(trim(postVar('url'))); 3020 $blog->setDefaultSkin(intPostVar('defskin')); 3021 $blog->setDescription(trim(postVar('desc'))); 3022 $blog->setPublic(postVar('public')); 3023 $blog->setConvertBreaks(intPostVar('convertbreaks')); 3024 $blog->setAllowPastPosting(intPostVar('allowpastposting')); 3025 $blog->setDefaultCategory(intPostVar('defcat')); 3026 $blog->setSearchable(intPostVar('searchable')); 3027 $blog->setEmailRequired(intPostVar('reqemail')); 3028 3029 $blog->writeSettings(); 3030 3031 // store plugin options 3032 $aOptions = requestArray('plugoption'); 3033 NucleusPlugin::_applyPluginOptions($aOptions); 3034 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog)); 3035 3036 3037 $this->action_overview(_MSG_SETTINGSCHANGED); 3038 } 3039 3040 /** 3041 * @todo document this 3042 */ 3043 function action_deleteblog() { 3044 global $member, $CONF, $manager; 3045 3046 $blogid = intRequestVar('blogid'); 3047 3048 $member->blogAdminRights($blogid) or $this->disallow(); 3049 3050 // check if blog is default blog 3051 if ($CONF['DefaultBlog'] == $blogid) 3052 $this->error(_ERROR_DELDEFBLOG); 3053 3054 $blog =& $manager->getBlog($blogid); 3055 3056 $this->pagehead(); 3057 ?> 3058 <h2><?php echo _DELETE_CONFIRM?></h2> 3059 3060 <p><?php echo _WARNINGTXT_BLOGDEL?> 3061 </p> 3062 3063 <div> 3064 <?php echo _CONFIRMTXT_BLOG?><b><?php echo htmlspecialchars($blog->getName())?></b> 3065 </div> 3066 3067 <form method="post" action="index.php"><div> 3068 <input type="hidden" name="action" value="deleteblogconfirm" /> 3069 <?php $manager->addTicketHidden() ?> 3070 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 3071 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 3072 </div></form> 3073 <?php 3074 $this->pagefoot(); 3075 } 3076 3077 /** 3078 * @todo document this 3079 */ 3080 function action_deleteblogconfirm() { 3081 global $member, $CONF, $manager; 3082 3083 $blogid = intRequestVar('blogid'); 3084 3085 $manager->notify('PreDeleteBlog', array('blogid' => $blogid)); 3086 3087 $member->blogAdminRights($blogid) or $this->disallow(); 3088 3089 // check if blog is default blog 3090 if ($CONF['DefaultBlog'] == $blogid) 3091 $this->error(_ERROR_DELDEFBLOG); 3092 3093 // delete all comments 3094 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid; 3095 sql_query($query); 3096 3097 // delete all items 3098 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid; 3099 sql_query($query); 3100 3101 // delete all team members 3102 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid; 3103 sql_query($query); 3104 3105 // delete all bans 3106 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid; 3107 sql_query($query); 3108 3109 // delete all categories 3110 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid; 3111 sql_query($query); 3112 3113 // delete all associated plugin options 3114 NucleusPlugin::_deleteOptionValues('blog', $blogid); 3115 3116 // delete the blog itself 3117 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid; 3118 sql_query($query); 3119 3120 $manager->notify('PostDeleteBlog', array('blogid' => $blogid)); 3121 3122 $this->action_overview(_DELETED_BLOG); 3123 } 3124 3125 /** 3126 * @todo document this 3127 */ 3128 function action_memberdelete() { 3129 global $member, $manager; 3130 3131 $memberid = intRequestVar('memberid'); 3132 3133 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 3134 3135 $mem = MEMBER::createFromID($memberid); 3136 3137 $this->pagehead(); 3138 ?> 3139 <h2><?php echo _DELETE_CONFIRM?></h2> 3140 3141 <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b> 3142 </p> 3143 3144 <p> 3145 <?php echo _WARNINGTXT_NOTDELMEDIAFILES ?> 3146 </p> 3147 3148 <form method="post" action="index.php"><div> 3149 <input type="hidden" name="action" value="memberdeleteconfirm" /> 3150 <?php $manager->addTicketHidden() ?> 3151 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 3152 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 3153 </div></form> 3154 <?php 3155 $this->pagefoot(); 3156 } 3157 3158 /** 3159 * @todo document this 3160 */ 3161 function action_memberdeleteconfirm() { 3162 global $member; 3163 3164 $memberid = intRequestVar('memberid'); 3165 3166 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 3167 3168 $error = $this->deleteOneMember($memberid); 3169 if ($error) 3170 $this->error($error); 3171 3172 if ($member->isAdmin()) 3173 $this->action_usermanagement(); 3174 else 3175 $this->action_overview(_DELETED_MEMBER); 3176 } 3177 3178 /** 3179 * @static 3180 * @todo document this 3181 */ 3182 function deleteOneMember($memberid) { 3183 global $manager; 3184 3185 $memberid = intval($memberid); 3186 $mem = MEMBER::createFromID($memberid); 3187 3188 if (!$mem->canBeDeleted()) 3189 return _ERROR_DELETEMEMBER; 3190 3191 $manager->notify('PreDeleteMember', array('member' => &$mem)); 3192 3193 /* unlink comments from memberid */ 3194 if ($memberid) { 3195 $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName()) 3196 .'" WHERE cmember='.$memberid; 3197 sql_query($query); 3198 } 3199 3200 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid; 3201 sql_query($query); 3202 3203 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid; 3204 sql_query($query); 3205 3206 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid; 3207 sql_query($query); 3208 3209 // delete all associated plugin options 3210 NucleusPlugin::_deleteOptionValues('member', $memberid); 3211 3212 $manager->notify('PostDeleteMember', array('member' => &$mem)); 3213 3214 return ''; 3215 } 3216 3217 /** 3218 * @todo document this 3219 */ 3220 function action_createnewlog() { 3221 global $member, $CONF, $manager; 3222 3223 // Only Super-Admins can do this 3224 $member->isAdmin() or $this->disallow(); 3225 3226 $this->pagehead(); 3227 3228 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3229 ?> 3230 <h2><?php echo _EBLOG_CREATE_TITLE?></h2> 3231 3232 <h3><?php echo _ADMIN_NOTABILIA ?></h3> 3233 3234 <p><?php echo _ADMIN_PLEASE_READ ?></p> 3235 3236 <p><?php echo _ADMIN_HOW_TO_ACCESS ?></p> 3237 3238 <ol> 3239 <li><?php echo _ADMIN_SIMPLE_WAY ?></li> 3240 <li><?php echo _ADMIN_ADVANCED_WAY ?></li> 3241 </ol> 3242 3243 <h3><?php echo _ADMIN_HOW_TO_CREATE ?></h3> 3244 3245 <p> 3246 <?php echo _EBLOG_CREATE_TEXT?> 3247 </p> 3248 3249 <form method="post" action="index.php"><div> 3250 3251 <input type="hidden" name="action" value="addnewlog" /> 3252 <?php $manager->addTicketHidden() ?> 3253 3254 3255 <table><tr> 3256 <td><?php echo _EBLOG_NAME?></td> 3257 <td><input name="name" tabindex="10" size="40" maxlength="60" /></td> 3258 </tr><tr> 3259 <td><?php echo _EBLOG_SHORTNAME?> 3260 <?php help('shortblogname'); ?> 3261 </td> 3262 <td><input name="shortname" tabindex="20" maxlength="15" size="15" /></td> 3263 </tr><tr> 3264 <td><?php echo _EBLOG_DESC?></td> 3265 <td><input name="desc" tabindex="30" maxlength="200" size="40" /></td> 3266 </tr><tr> 3267 <td><?php echo _EBLOG_DEFSKIN?> 3268 <?php help('blogdefaultskin'); ?> 3269 </td> 3270 <td> 3271 <?php 3272 $query = 'SELECT sdname as text, sdnumber as value' 3273 . ' FROM '.sql_table('skin_desc'); 3274 $template['name'] = 'defskin'; 3275 $template['tabindex'] = 50; 3276 $template['selected'] = $CONF['BaseSkin']; // set default selected skin to be globally defined base skin 3277 showlist($query,'select',$template); 3278 ?> 3279 </td> 3280 </tr><tr> 3281 <td><?php echo _EBLOG_OFFSET?> 3282 <?php help('blogtimeoffset'); ?> 3283 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 3284 </td> 3285 <td><input name="timeoffset" tabindex="110" size="3" value="0" /></td> 3286 </tr><tr> 3287 <td><?php echo _EBLOG_ADMIN?> 3288 <?php help('teamadmin'); ?> 3289 </td> 3290 <td><?php echo _EBLOG_ADMIN_MSG?></td> 3291 </tr><tr> 3292 <td><?php echo _EBLOG_CREATE?></td> 3293 <td><input type="submit" tabindex="120" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3294 </tr></table> 3295 3296 </div></form> 3297 <?php 3298 $this->pagefoot(); 3299 } 3300 3301 /** 3302 * @todo document this 3303 */ 3304 function action_addnewlog() { 3305 global $member, $manager, $CONF; 3306 3307 // Only Super-Admins can do this 3308 $member->isAdmin() or $this->disallow(); 3309 3310 $bname = trim(postVar('name')); 3311 $bshortname = trim(postVar('shortname')); 3312 $btimeoffset = postVar('timeoffset'); 3313 $bdesc = trim(postVar('desc')); 3314 $bdefskin = postVar('defskin'); 3315 3316 if (!isValidShortName($bshortname)) 3317 $this->error(_ERROR_BADSHORTBLOGNAME); 3318 3319 if ($manager->existsBlog($bshortname)) 3320 $this->error(_ERROR_DUPSHORTBLOGNAME); 3321 3322 $manager->notify( 3323 'PreAddBlog', 3324 array( 3325 'name' => &$bname, 3326 'shortname' => &$bshortname, 3327 'timeoffset' => &$btimeoffset, 3328 'description' => &$bdesc, 3329 'defaultskin' => &$bdefskin 3330 ) 3331 ); 3332 3333 3334 // add slashes for sql queries 3335 $bname = sql_real_escape_string($bname); 3336 $bshortname = sql_real_escape_string($bshortname); 3337 $btimeoffset = sql_real_escape_string($btimeoffset); 3338 $bdesc = sql_real_escape_string($bdesc); 3339 $bdefskin = sql_real_escape_string($bdefskin); 3340 3341 // create blog 3342 $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')"; 3343 sql_query($query); 3344 $blogid = sql_insert_id(); 3345 $blog =& $manager->getBlog($blogid); 3346 3347 // create new category 3348 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General'); 3349 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories'); 3350 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")'; 3351 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc)); 3352 // sql_query(sprintf($sql, sql_table('category'), $blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)); 3353 // sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)"); 3354 $catid = sql_insert_id(); 3355 3356 // set as default category 3357 $blog->setDefaultCategory($catid); 3358 $blog->writeSettings(); 3359 3360 // create team member 3361 $memberid = $member->getID(); 3362 $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)"; 3363 sql_query($query); 3364 3365 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); 3366 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); 3367 3368 $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); 3369 //$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); 3370 3371 3372 3373 $manager->notify( 3374 'PostAddBlog', 3375 array( 3376 'blog' => &$blog 3377 ) 3378 ); 3379 3380 $manager->notify( 3381 'PostAddCategory', 3382 array( 3383 'blog' => &$blog, 3384 'name' => _EBLOGDEFAULTCATEGORY_NAME, 3385 'description' => _EBLOGDEFAULTCATEGORY_DESC, 3386 'catid' => $catid 3387 ) 3388 ); 3389 3390 $this->pagehead(); 3391 ?> 3392 <h2><?php echo _BLOGCREATED_TITLE ?></h2> 3393 3394 <p><?php echo sprintf(_BLOGCREATED_ADDEDTXT, htmlspecialchars($bname)) ?></p> 3395 3396 <ol> 3397 <li><a href="#index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></a></li> 3398 <li><a href="#skins"><?php echo _BLOGCREATED_ADVANCEDWAY ?></a></li> 3399 </ol> 3400 3401 <h3><a id="index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3> 3402 3403 <p><?php echo sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p> 3404 <pre><code><?php 3405 3406 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>'; 3407 3408 include('<i>./config.php</i>'); 3409 3410 selectBlog('<b><?php echo htmlspecialchars($bshortname)?></b>'); 3411 selector(); 3412 3413 ?></code></pre> 3414 3415 <p><?php echo _BLOGCREATED_SIMPLEDESC3 ?></p> 3416 3417 <p><?php echo _BLOGCREATED_SIMPLEDESC4 ?></p> 3418 3419 <form action="index.php" method="post"><div> 3420 <input type="hidden" name="action" value="addnewlog2" /> 3421 <?php $manager->addTicketHidden() ?> 3422 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 3423 <table><tr> 3424 <td><?php echo _EBLOG_URL?></td> 3425 <td><input name="url" maxlength="100" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL'].$bshortname.'.php')?>" /></td> 3426 </tr><tr> 3427 <td><?php echo _EBLOG_CREATE?></td> 3428 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3429 </tr></table> 3430 </div></form> 3431 3432 <h3><a id="skins"><?php echo _BLOGCREATED_ADVANCEDWAY2 ?></a></h3> 3433 3434 <p><?php echo _BLOGCREATED_ADVANCEDWAY3 ?></p> 3435 3436 <form action="index.php" method="post"><div> 3437 <input type="hidden" name="action" value="addnewlog2" /> 3438 <?php $manager->addTicketHidden() ?> 3439 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 3440 <table><tr> 3441 <td><?php echo _EBLOG_URL?></td> 3442 <td><input name="url" maxlength="100" size="40" /></td> 3443 </tr><tr> 3444 <td><?php echo _EBLOG_CREATE?></td> 3445 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3446 </tr></table> 3447 </div></form> 3448 3449 <?php $this->pagefoot(); 3450 3451 } 3452 3453 /** 3454 * @todo document this 3455 */ 3456 function action_addnewlog2() { 3457 global $member, $manager; 3458 3459 $member->blogAdminRights($blogid) or $this->disallow(); 3460 3461 $burl = requestVar('url'); 3462 $blogid = intRequestVar('blogid'); 3463 3464 $blog =& $manager->getBlog($blogid); 3465 $blog->setURL(trim($burl)); 3466 $blog->writeSettings(); 3467 3468 $this->action_overview(_MSG_NEWBLOG); 3469 } 3470 3471 /** 3472 * @todo document this 3473 */ 3474 function action_skinieoverview() { 3475 global $member, $DIR_LIBS, $manager; 3476 3477 $member->isAdmin() or $this->disallow(); 3478 3479 // load skinie class 3480 include_once ($DIR_LIBS . 'skinie.php'); 3481 3482 $this->pagehead(); 3483 3484 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3485 3486 ?> 3487 <h2><?php echo _SKINIE_TITLE_IMPORT?></h2> 3488 3489 <p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label> 3490 <?php global $DIR_SKINS; 3491 3492 $candidates = SKINIMPORT::searchForCandidates($DIR_SKINS); 3493 3494 if (sizeof($candidates) > 0) { 3495 ?> 3496 <form method="post" action="index.php"><div> 3497 <input type="hidden" name="action" value="skinieimport" /> 3498 <?php $manager->addTicketHidden() ?> 3499 <input type="hidden" name="mode" value="file" /> 3500 <select name="skinfile" id="skinie_import_local"> 3501 <?php foreach ($candidates as $skinname => $skinfile) { 3502 $html = htmlspecialchars($skinfile); 3503 echo '<option value="',$html,'">',$skinname,'</option>'; 3504 } 3505 ?> 3506 </select> 3507 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 3508 </div></form> 3509 <?php } else { 3510 echo _SKINIE_NOCANDIDATES; 3511 } 3512 ?> 3513 </p> 3514 3515 <p><em><?php echo _OR?></em></p> 3516 3517 <form method="post" action="index.php"><p> 3518 <?php $manager->addTicketHidden() ?> 3519 <input type="hidden" name="action" value="skinieimport" /> 3520 <input type="hidden" name="mode" value="url" /> 3521 <label for="skinie_import_url"><?php echo _SKINIE_FROMURL?></label> 3522 <input type="text" name="skinfile" id="skinie_import_url" size="60" value="http://" /> 3523 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 3524 </p></form> 3525 3526 3527 <h2><?php echo _SKINIE_TITLE_EXPORT?></h2> 3528 <form method="post" action="index.php"><div> 3529 <input type="hidden" name="action" value="skinieexport" /> 3530 <?php $manager->addTicketHidden() ?> 3531 3532 <p><?php echo _SKINIE_EXPORT_INTRO?></p> 3533 3534 <table><tr> 3535 <th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th> 3536 </tr><tr> 3537 <?php // show list of skins 3538 $res = sql_query('SELECT * FROM '.sql_table('skin_desc')); 3539 while ($skinObj = sql_fetch_object($res)) { 3540 $id = 'skinexp' . $skinObj->sdnumber; 3541 echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']" id="',$id,'" />'; 3542 echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>'; 3543 echo '<td>',htmlspecialchars($skinObj->sddesc),'</td>'; 3544 echo '</tr><tr>'; 3545 } 3546 3547 echo '<th colspan="2">',_SKINIE_EXPORT_TEMPLATES,'</th></tr><tr>'; 3548 3549 // show list of templates 3550 $res = sql_query('SELECT * FROM '.sql_table('template_desc')); 3551 while ($templateObj = sql_fetch_object($res)) { 3552 $id = 'templateexp' . $templateObj->tdnumber; 3553 echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />'; 3554 echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>'; 3555 echo '<td>',htmlspecialchars($templateObj->tddesc),'</td>'; 3556 echo '</tr><tr>'; 3557 } 3558 3559 ?> 3560 <th colspan="2"><?php echo _SKINIE_EXPORT_EXTRA?></th> 3561 </tr><tr> 3562 <td colspan="2"><textarea cols="40" rows="5" name="info"></textarea></td> 3563 </tr><tr> 3564 <th colspan="2"><?php echo _SKINIE_TITLE_EXPORT?></th> 3565 </tr><tr> 3566 <td colspan="2"><input type="submit" value="<?php echo _SKINIE_BTN_EXPORT?>" /></td> 3567 </tr></table> 3568 </div></form> 3569 3570 <?php 3571 $this->pagefoot(); 3572 3573 } 3574 3575 /** 3576 * @todo document this 3577 */ 3578 function action_skinieimport() { 3579 global $member, $DIR_LIBS, $DIR_SKINS, $manager; 3580 3581 $member->isAdmin() or $this->disallow(); 3582 3583 // load skinie class 3584 include_once ($DIR_LIBS . 'skinie.php'); 3585 3586 $skinFileRaw= postVar('skinfile'); 3587 $mode = postVar('mode'); 3588 3589 $importer =& new SKINIMPORT(); 3590 3591 // get full filename 3592 if ($mode == 'file') 3593 { 3594 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 3595 3596 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 3597 if (!file_exists($skinFile)) 3598 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 3599 } else { 3600 $skinFile = $skinFileRaw; 3601 } 3602 3603 // read only metadata 3604 $error = $importer->readFile($skinFile, 1); 3605 3606 // clashes 3607 $skinNameClashes = $importer->checkSkinNameClashes(); 3608 $templateNameClashes = $importer->checkTemplateNameClashes(); 3609 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); 3610 3611 if ($error) $this->error($error); 3612 3613 $this->pagehead(); 3614 3615 echo '<p><a href="index.php?action=skinieoverview">(',_BACK,')</a></p>'; 3616 ?> 3617 <h2><?php echo _SKINIE_CONFIRM_TITLE?></h2> 3618 3619 <ul> 3620 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 3621 <li><p><strong><?php echo _SKINIE_INFO_SKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 3622 <li><p><strong><?php echo _SKINIE_INFO_TEMPLATES?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 3623 <?php 3624 if ($hasNameClashes) 3625 { 3626 ?> 3627 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_SKINCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$skinNameClashes)?></p></li> 3628 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_TEMPLCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$templateNameClashes)?></p></li> 3629 <?php 3630 } // if (hasNameClashes) 3631 ?> 3632 </ul> 3633 3634 <form method="post" action="index.php"><div> 3635 <input type="hidden" name="action" value="skiniedoimport" /> 3636 <?php $manager->addTicketHidden() ?> 3637 <input type="hidden" name="skinfile" value="<?php echo htmlspecialchars(postVar('skinfile'))?>" /> 3638 <input type="hidden" name="mode" value="<?php echo htmlspecialchars($mode)?>" /> 3639 <input type="submit" value="<?php echo _SKINIE_CONFIRM_IMPORT?>" /> 3640 <?php 3641 if ($hasNameClashes) 3642 { 3643 ?> 3644 <br /> 3645 <input type="checkbox" name="overwrite" value="1" id="cb_overwrite" /><label for="cb_overwrite"><?php echo _SKINIE_CONFIRM_OVERWRITE?></label> 3646 <?php 3647 } // if (hasNameClashes) 3648 ?> 3649 </div></form> 3650 3651 3652 <?php 3653 $this->pagefoot(); 3654 } 3655 3656 /** 3657 * @todo document this 3658 */ 3659 function action_skiniedoimport() { 3660 global $member, $DIR_LIBS, $DIR_SKINS; 3661 3662 $member->isAdmin() or $this->disallow(); 3663 3664 // load skinie class 3665 include_once ($DIR_LIBS . 'skinie.php'); 3666 3667 $skinFileRaw= postVar('skinfile'); 3668 $mode = postVar('mode'); 3669 3670 $allowOverwrite = intPostVar('overwrite'); 3671 3672 // get full filename 3673 if ($mode == 'file') 3674 { 3675 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 3676 3677 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 3678 if (!file_exists($skinFile)) 3679 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 3680 3681 } else { 3682 $skinFile = $skinFileRaw; 3683 } 3684 3685 $importer =& new SKINIMPORT(); 3686 3687 $error = $importer->readFile($skinFile); 3688 3689 if ($error) 3690 $this->error($error); 3691 3692 $error = $importer->writeToDatabase($allowOverwrite); 3693 3694 if ($error) 3695 $this->error($error); 3696 3697 $this->pagehead(); 3698 3699 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3700 ?> 3701 <h2><?php echo _SKINIE_DONE?></h2> 3702 3703 <ul> 3704 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 3705 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDSKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 3706 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 3707 </ul> 3708 3709 <?php $this->pagefoot(); 3710 3711 } 3712 3713 /** 3714 * @todo document this 3715 */ 3716 function action_skinieexport() { 3717 global $member, $DIR_LIBS; 3718 3719 $member->isAdmin() or $this->disallow(); 3720 3721 // load skinie class 3722 include_once ($DIR_LIBS . 'skinie.php'); 3723 3724 $aSkins = requestIntArray('skin'); 3725 $aTemplates = requestIntArray('template'); 3726 3727 if (!is_array($aTemplates)) $aTemplates = array(); 3728 if (!is_array($aSkins)) $aSkins = array(); 3729 3730 $skinList = array_keys($aSkins); 3731 $templateList = array_keys($aTemplates); 3732 3733 $info = postVar('info'); 3734 3735 $exporter =& new SKINEXPORT(); 3736 foreach ($skinList as $skinId) { 3737 $exporter->addSkin($skinId); 3738 } 3739 foreach ($templateList as $templateId) { 3740 $exporter->addTemplate($templateId); 3741 } 3742 $exporter->setInfo($info); 3743 3744 $exporter->export(); 3745 } 3746 3747 /** 3748 * @todo document this 3749 */ 3750 function action_templateoverview() { 3751 global $member, $manager; 3752 3753 $member->isAdmin() or $this->disallow(); 3754 3755 $this->pagehead(); 3756 3757 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3758 3759 echo '<h2>' . _TEMPLATE_TITLE . '</h2>'; 3760 echo '<h3>' . _TEMPLATE_AVAILABLE_TITLE . '</h3>'; 3761 3762 $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname'; 3763 $template['content'] = 'templatelist'; 3764 $template['tabindex'] = 10; 3765 showlist($query,'table',$template); 3766 3767 echo '<h3>' . _TEMPLATE_NEW_TITLE . '</h3>'; 3768 3769 ?> 3770 <form method="post" action="index.php"><div> 3771 3772 <input name="action" value="templatenew" type="hidden" /> 3773 <?php $manager->addTicketHidden() ?> 3774 <table><tr> 3775 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 3776 <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td> 3777 </tr><tr> 3778 <td><?php echo _TEMPLATE_DESC?></td> 3779 <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td> 3780 </tr><tr> 3781 <td><?php echo _TEMPLATE_CREATE?></td> 3782 <td><input type="submit" tabindex="10030" value="<?php echo _TEMPLATE_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3783 </tr></table> 3784 3785 </div></form> 3786 3787 <?php 3788 $this->pagefoot(); 3789 } 3790 3791 /** 3792 * @todo document this 3793 */ 3794 function action_templateedit($msg = '') { 3795 global $member, $manager; 3796 3797 $templateid = intRequestVar('templateid'); 3798 3799 $member->isAdmin() or $this->disallow(); 3800 3801 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>'; 3802 $extrahead .= '<script type="text/javascript">setTemplateEditText("'.sql_real_escape_string(_EDITTEMPLATE_EMPTY).'");</script>'; 3803 3804 $this->pagehead($extrahead); 3805 3806 $templatename = TEMPLATE::getNameFromId($templateid); 3807 $templatedescription = TEMPLATE::getDesc($templateid); 3808 $template =& $manager->getTemplate($templatename); 3809 3810 ?> 3811 <p> 3812 <a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a> 3813 </p> 3814 3815 <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo htmlspecialchars($templatename); ?>'</h2> 3816 3817 <?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>"; 3818 ?> 3819 3820 <p><?php echo _TEMPLATE_EDIT_MSG?></p> 3821 3822 <form method="post" action="index.php"> 3823 <div> 3824 3825 <input type="hidden" name="action" value="templateupdate" /> 3826 <?php $manager->addTicketHidden() ?> 3827 <input type="hidden" name="templateid" value="<?php echo $templateid; ?>" /> 3828 3829 <table><tr> 3830 <th colspan="2"><?php echo _TEMPLATE_SETTINGS?></th> 3831 </tr><tr> 3832 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 3833 <td><input name="tname" tabindex="4" size="20" maxlength="20" value="<?php echo htmlspecialchars($templatename) ?>" /></td> 3834 </tr><tr> 3835 <td><?php echo _TEMPLATE_DESC?></td> 3836 <td><input name="tdesc" tabindex="5" size="50" maxlength="200" value="<?php echo htmlspecialchars($templatedescription) ?>" /></td> 3837 </tr><tr> 3838 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 3839 </tr><tr> 3840 <td><?php echo _TEMPLATE_UPDATE?></td> 3841 <td> 3842 <input type="submit" tabindex="6" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 3843 <input type="reset" tabindex="7" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 3844 </td> 3845 </tr><tr> 3846 <th colspan="2"><?php echo _TEMPLATE_ITEMS?> <?php help('templateitems'); ?></th> 3847 <?php $this->_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); 3848 $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); 3849 $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); 3850 $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); 3851 $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); 3852 $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); 3853 ?> 3854 </tr><tr> 3855 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_ANY?> <?php help('templatecomments'); ?></th> 3856 <?php $this->_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); 3857 $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); 3858 $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); 3859 $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); 3860 $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); 3861 $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); 3862 $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); 3863 ?> 3864 </tr><tr> 3865 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_NONE?> <?php help('templatecomments'); ?></th> 3866 <?php 3867 $this->_templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); 3868 ?> 3869 </tr><tr> 3870 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_TOOMUCH?> <?php help('templatecomments'); ?></th> 3871 <?php $this->_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); 3872 ?> 3873 </tr><tr> 3874 <th colspan="2"><?php echo _TEMPLATE_ARCHIVELIST?> <?php help('templatearchivelists'); ?></th> 3875 <?php $this->_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); 3876 $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); 3877 $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); 3878 ?> 3879 </tr><tr> 3880 <th colspan="2"><?php echo _TEMPLATE_BLOGLIST?> <?php help('templatebloglists'); ?></th> 3881 <?php $this->_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160); 3882 $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170); 3883 $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180); 3884 ?> 3885 </tr><tr> 3886 <th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th> 3887 <?php $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190); 3888 $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200); 3889 $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210); 3890 ?> 3891 </tr><tr> 3892 <th colspan="2"><?php echo _TEMPLATE_DATETIME?></th> 3893 <?php $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220); 3894 $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230); 3895 $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240); 3896 $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250); 3897 $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260); 3898 ?> 3899 </tr><tr> 3900 <th colspan="2"><?php echo _TEMPLATE_IMAGE?> <?php help('templatepopups'); ?></th> 3901 <?php $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270); 3902 $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280); 3903 $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290); 3904 ?> 3905 </tr><tr> 3906 <th colspan="2"><?php echo _TEMPLATE_SEARCH?></th> 3907 <?php $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300); 3908 $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310); 3909 ?> 3910 </tr><tr> 3911 <th colspan="2"><?php echo _TEMPLATE_PLUGIN_FIELDS?></th> 3912 <?php 3913 $tab = 600; 3914 $pluginfields = array(); 3915 $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields)); 3916 3917 foreach ($pluginfields as $pfkey=>$pfvalue) { 3918 echo "</tr><tr>\n"; 3919 echo '<th colspan="2">'.htmlentities($pfkey)."</th>\n"; 3920 foreach ($pfvalue as $pffield=>$pfdesc) { 3921 $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0); 3922 } 3923 } 3924 ?> 3925 </tr><tr> 3926 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 3927 </tr><tr> 3928 <td><?php echo _TEMPLATE_UPDATE?></td> 3929 <td> 3930 <input type="submit" tabindex="800" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 3931 <input type="reset" tabindex="810" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 3932 </td> 3933 </tr></table> 3934 3935 </div> 3936 </form> 3937 <?php 3938 $this->pagefoot(); 3939 } 3940 3941 /** 3942 * @todo document this 3943 */ 3944 function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { 3945 static $count = 1; 3946 if (!isset($template[$name])) $template[$name] = ''; 3947 ?> 3948 </tr><tr> 3949 <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td> 3950 <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo htmlspecialchars($template[$name]); ?></textarea></td> 3951 <?php $count++; 3952 } 3953 3954 /** 3955 * @todo document this 3956 */ 3957 function action_templateupdate() { 3958 global $member,$manager; 3959 3960 $templateid = intRequestVar('templateid'); 3961 3962 $member->isAdmin() or $this->disallow(); 3963 3964 $name = postVar('tname'); 3965 $desc = postVar('tdesc'); 3966 3967 if (!isValidTemplateName($name)) 3968 $this->error(_ERROR_BADTEMPLATENAME); 3969 3970 if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name)) 3971 $this->error(_ERROR_DUPTEMPLATENAME); 3972 3973 3974 $name = sql_real_escape_string($name); 3975 $desc = sql_real_escape_string($desc); 3976 3977 // 1. Remove all template parts 3978 $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid; 3979 sql_query($query); 3980 3981 // 2. Update description 3982 $query = 'UPDATE '.sql_table('template_desc').' SET' 3983 . " tdname='" . $name . "'," 3984 . " tddesc='" . $desc . "'" 3985 . " WHERE tdnumber=" . $templateid; 3986 sql_query($query); 3987 3988 // 3. Add non-empty template parts 3989 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); 3990 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM')); 3991 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER')); 3992 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK')); 3993 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); 3994 $this->addToTemplate($templateid, 'NEW', postVar('NEW')); 3995 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER')); 3996 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY')); 3997 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER')); 3998 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED')); 3999 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH')); 4000 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH')); 4001 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE')); 4002 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY')); 4003 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE')); 4004 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER')); 4005 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM')); 4006 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER')); 4007 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER')); 4008 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM')); 4009 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER')); 4010 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER')); 4011 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM')); 4012 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER')); 4013 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER')); 4014 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER')); 4015 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE')); 4016 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME')); 4017 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE')); 4018 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT')); 4019 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND')); 4020 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE')); 4021 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE')); 4022 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE')); 4023 4024 $pluginfields = array(); 4025 $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields)); 4026 foreach ($pluginfields as $pfkey=>$pfvalue) { 4027 foreach ($pfvalue as $pffield=>$pfdesc) { 4028 $this->addToTemplate($templateid, $pffield, postVar($pffield)); 4029 } 4030 } 4031 4032 // jump back to template edit 4033 $this->action_templateedit(_TEMPLATE_UPDATED); 4034 4035 } 4036 4037 /** 4038 * @todo document this 4039 */ 4040 function addToTemplate($id, $partname, $content) { 4041 $partname = sql_real_escape_string($partname); 4042 $content = sql_real_escape_string($content); 4043 4044 $id = intval($id); 4045 4046 // don't add empty parts: 4047 if (!trim($content)) return -1; 4048 4049 $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) " 4050 . "VALUES ($id, '$partname', '$content')"; 4051 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error()); 4052 return sql_insert_id(); 4053 } 4054 4055 /** 4056 * @todo document this 4057 */ 4058 function action_templatedelete() { 4059 global $member, $manager; 4060 4061 $member->isAdmin() or $this->disallow(); 4062 4063 $templateid = intRequestVar('templateid'); 4064 // TODO: check if template can be deleted 4065 4066 $this->pagehead(); 4067 4068 $name = TEMPLATE::getNameFromId($templateid); 4069 $desc = TEMPLATE::getDesc($templateid); 4070 4071 ?> 4072 <h2><?php echo _DELETE_CONFIRM?></h2> 4073 4074 <p> 4075 <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo htmlspecialchars($name)?></b> (<?php echo htmlspecialchars($desc) ?>) 4076 </p> 4077 4078 <form method="post" action="index.php"><div> 4079 <input type="hidden" name="action" value="templatedeleteconfirm" /> 4080 <?php $manager->addTicketHidden() ?> 4081 <input type="hidden" name="templateid" value="<?php echo $templateid ?>" /> 4082 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 4083 </div></form> 4084 <?php 4085 $this->pagefoot(); 4086 } 4087 4088 /** 4089 * @todo document this 4090 */ 4091 function action_templatedeleteconfirm() { 4092 global $member, $manager; 4093 4094 $templateid = intRequestVar('templateid'); 4095 4096 $member->isAdmin() or $this->disallow(); 4097 4098 $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); 4099 4100 // 1. delete description 4101 sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); 4102 4103 // 2. delete parts 4104 sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); 4105 4106 $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); 4107 4108 $this->action_templateoverview(); 4109 } 4110 4111 /** 4112 * @todo document this 4113 */ 4114 function action_templatenew() { 4115 global $member; 4116 4117 $member->isAdmin() or $this->disallow(); 4118 4119 $name = postVar('name'); 4120 $desc = postVar('desc'); 4121 4122 if (!isValidTemplateName($name)) 4123 $this->error(_ERROR_BADTEMPLATENAME); 4124 4125 if (TEMPLATE::exists($name)) 4126 $this->error(_ERROR_DUPTEMPLATENAME); 4127 4128 $newTemplateId = TEMPLATE::createNew($name, $desc); 4129 4130 $this->action_templateoverview(); 4131 } 4132 4133 /** 4134 * @todo document this 4135 */ 4136 function action_templateclone() { 4137 global $member; 4138 4139 $templateid = intRequestVar('templateid'); 4140 4141 $member->isAdmin() or $this->disallow(); 4142 4143 // 1. read old template 4144 $name = TEMPLATE::getNameFromId($templateid); 4145 $desc = TEMPLATE::getDesc($templateid); 4146 4147 // 2. create desc thing 4148 $name = "cloned" . $name; 4149 4150 // if a template with that name already exists: 4151 if (TEMPLATE::exists($name)) { 4152 $i = 1; 4153 while (TEMPLATE::exists($name . $i)) 4154 $i++; 4155 $name .= $i; 4156 } 4157 4158 $newid = TEMPLATE::createNew($name, $desc); 4159 4160 // 3. create clone 4161 // go through parts of old template and add them to the new one 4162 $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); 4163 while ($o = sql_fetch_object($res)) { 4164 $this->addToTemplate($newid, $o->tpartname, $o->tcontent); 4165 } 4166 4167 $this->action_templateoverview(); 4168 } 4169 4170 /** 4171 * @todo document this 4172 */ 4173 function action_skinoverview() { 4174 global $member, $manager; 4175 4176 $member->isAdmin() or $this->disallow(); 4177 4178 $this->pagehead(); 4179 4180 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 4181 4182 echo '<h2>' . _SKIN_EDIT_TITLE . '</h2>'; 4183 4184 echo '<h3>' . _SKIN_AVAILABLE_TITLE . '</h3>'; 4185 4186 $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname'; 4187 $template['content'] = 'skinlist'; 4188 $template['tabindex'] = 10; 4189 showlist($query,'table',$template); 4190 4191 echo '<h3>' . _SKIN_NEW_TITLE . '</h3>'; 4192 4193 ?> 4194 <form method="post" action="index.php"> 4195 <div> 4196 4197 <input name="action" value="skinnew" type="hidden" /> 4198 <?php $manager->addTicketHidden() ?> 4199 <table><tr> 4200 <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td> 4201 <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td> 4202 </tr><tr> 4203 <td><?php echo _SKIN_DESC?></td> 4204 <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td> 4205 </tr><tr> 4206 <td><?php echo _SKIN_CREATE?></td> 4207 <td><input type="submit" tabindex="10030" value="<?php echo _SKIN_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 4208 </tr></table> 4209 4210 </div> 4211 </form> 4212 4213 <?php 4214 $this->pagefoot(); 4215 } 4216 4217 /** 4218 * @todo document this 4219 */ 4220 function action_skinnew() { 4221 global $member; 4222 4223 $member->isAdmin() or $this->disallow(); 4224 4225 $name = trim(postVar('name')); 4226 $desc = trim(postVar('desc')); 4227 4228 if (!isValidSkinName($name)) 4229 $this->error(_ERROR_BADSKINNAME); 4230 4231 if (SKIN::exists($name)) 4232 $this->error(_ERROR_DUPSKINNAME); 4233 4234 $newId = SKIN::createNew($name, $desc); 4235 4236 $this->action_skinoverview(); 4237 } 4238 4239 /** 4240 * @todo document this 4241 */ 4242 function action_skinedit() { 4243 global $member, $manager; 4244 4245 $skinid = intRequestVar('skinid'); 4246 4247 $member->isAdmin() or $this->disallow(); 4248 4249 $skin =& new SKIN($skinid); 4250 4251 $this->pagehead(); 4252 ?> 4253 <p> 4254 <a href="index.php?action=skinoverview">(<?php echo _SKIN_BACK?>)</a> 4255 </p> 4256 <h2><?php echo _SKIN_EDITONE_TITLE?> '<?php echo $skin->getName() ?>'</h2> 4257 4258 <h3><?php echo _SKIN_PARTS_TITLE?></h3> 4259 <?php echo _SKIN_PARTS_MSG?> 4260 <ul> 4261 <li><a tabindex="10" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=index"><?php echo _SKIN_PART_MAIN?></a> <?php help('skinpartindex')?></li> 4262 <li><a tabindex="20" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=item"><?php echo _SKIN_PART_ITEM?></a> <?php help('skinpartitem')?></li> 4263 <li><a tabindex="30" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=archivelist"><?php echo _SKIN_PART_ALIST?></a> <?php help('skinpartarchivelist')?></li> 4264 <li><a tabindex="40" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=archive"><?php echo _SKIN_PART_ARCHIVE?></a> <?php help('skinpartarchive')?></li> 4265 <li><a tabindex="50" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=search"><?php echo _SKIN_PART_SEARCH?></a> <?php help('skinpartsearch')?></li> 4266 <li><a tabindex="60" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=error"><?php echo _SKIN_PART_ERROR?></a> <?php help('skinparterror')?></li> 4267 <li><a tabindex="70" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=member"><?php echo _SKIN_PART_MEMBER?></a> <?php help('skinpartmember')?></li> 4268 <li><a tabindex="75" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=imagepopup"><?php echo _SKIN_PART_POPUP?></a> <?php help('skinpartimagepopup')?></li> 4269 </ul> 4270 4271 <?php 4272 4273 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE stype NOT IN ('index', 'item', 'error', 'search', 'archive', 'archivelist', 'imagepopup', 'member') and sdesc = " . $skinid; 4274 $res = sql_query($query); 4275 4276 echo '<h3>' . _SKIN_PARTS_SPECIAL . '</h3>'; 4277 echo '<form method="get" action="index.php">' . "\r\n"; 4278 echo '<input type="hidden" name="action" value="skinedittype" />' . "\r\n"; 4279 echo '<input type="hidden" name="skinid" value="' . $skinid . '" />' . "\r\n"; 4280 echo '<input name="type" tabindex="89" size="20" maxlength="20" />' . "\r\n"; 4281 echo '<input type="submit" tabindex="140" value="' . _SKIN_CREATE . '" onclick="return checkSubmit();" />' . "\r\n"; 4282 echo '</form>' . "\r\n"; 4283 4284 if ($res && sql_num_rows($res) > 0) { 4285 echo '<ul>'; 4286 $tabstart = 75; 4287 4288 while ($row = sql_fetch_assoc($res)) { 4289 echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">remove</a>)</li>'; 4290 } 4291 4292 echo '</ul>'; 4293 } 4294 4295 ?> 4296 4297 <h3><?php echo _SKIN_GENSETTINGS_TITLE; ?></h3> 4298 <form method="post" action="index.php"> 4299 <div> 4300 4301 <input type="hidden" name="action" value="skineditgeneral" /> 4302 <?php $manager->addTicketHidden() ?> 4303 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 4304 <table><tr> 4305 <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td> 4306 <td><input name="name" tabindex="90" value="<?php echo htmlspecialchars($skin->getName()) ?>" maxlength="20" size="20" /></td> 4307 </tr><tr> 4308 <td><?php echo _SKIN_DESC?></td> 4309 <td><input name="desc" tabindex="100" value="<?php echo htmlspecialchars($skin->getDescription()) ?>" maxlength="200" size="50" /></td> 4310 </tr><tr> 4311 <td><?php echo _SKIN_TYPE?></td> 4312 <td><input name="type" tabindex="110" value="<?php echo htmlspecialchars($skin->getContentType()) ?>" maxlength="40" size="20" /></td> 4313 </tr><tr> 4314 <td><?php echo _SKIN_INCLUDE_MODE?> <?php help('includemode')?></td> 4315 <td><?php $this->input_yesno('inc_mode',$skin->getIncludeMode(),120,'skindir','normal',_PARSER_INCMODE_SKINDIR,_PARSER_INCMODE_NORMAL);?></td> 4316 </tr><tr> 4317 <td><?php echo _SKIN_INCLUDE_PREFIX?> <?php help('includeprefix')?></td> 4318 <td><input name="inc_prefix" tabindex="130" value="<?php echo htmlspecialchars($skin->getIncludePrefix()) ?>" maxlength="40" size="20" /></td> 4319 </tr><tr> 4320 <td><?php echo _SKIN_CHANGE?></td> 4321 <td><input type="submit" tabindex="140" value="<?php echo _SKIN_CHANGE_BTN?>" onclick="return checkSubmit();" /></td> 4322 </tr></table> 4323 4324 </div> 4325 </form> 4326 4327 4328 <?php $this->pagefoot(); 4329 } 4330 4331 /** 4332 * @todo document this 4333 */ 4334 function action_skineditgeneral() { 4335 global $member; 4336 4337 $skinid = intRequestVar('skinid'); 4338 4339 $member->isAdmin() or $this->disallow(); 4340 4341 $name = postVar('name'); 4342 $desc = postVar('desc'); 4343 $type = postVar('type'); 4344 $inc_mode = postVar('inc_mode'); 4345 $inc_prefix = postVar('inc_prefix'); 4346 4347 $skin =& new SKIN($skinid); 4348 4349 // 1. Some checks 4350 if (!isValidSkinName($name)) 4351 $this->error(_ERROR_BADSKINNAME); 4352 4353 if (($skin->getName() != $name) && SKIN::exists($name)) 4354 $this->error(_ERROR_DUPSKINNAME); 4355 4356 if (!$type) $type = 'text/html'; 4357 if (!$inc_mode) $inc_mode = 'normal'; 4358 4359 // 2. Update description 4360 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix); 4361 4362 $this->action_skinedit(); 4363 4364 } 4365 4366 /** 4367 * @todo document this 4368 */ 4369 function action_skinedittype($msg = '') { 4370 global $member, $manager; 4371 4372 $skinid = intRequestVar('skinid'); 4373 $type = requestVar('type'); 4374 4375 $member->isAdmin() or $this->disallow(); 4376 4377 $type = trim($type); 4378 $type = strtolower($type); 4379 4380 if (!isValidShortName($type)) { 4381 $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT); 4382 } 4383 4384 $skin =& new SKIN($skinid); 4385 4386 $friendlyNames = SKIN::getFriendlyNames(); 4387 4388 $this->pagehead(); 4389 ?> 4390 <p>(<a href="index.php?action=skinoverview"><?php echo _SKIN_GOBACK?></a>)</p> 4391 4392 <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2> 4393 4394 <?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>"; 4395 ?> 4396 4397 4398 <form method="post" action="index.php"> 4399 <div> 4400 4401 <input type="hidden" name="action" value="skinupdate" /> 4402 <?php $manager->addTicketHidden() ?> 4403 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 4404 <input type="hidden" name="type" value="<?php echo $type ?>" /> 4405 4406 <input type="submit" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" /> 4407 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" /> 4408 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>) 4409 <?php if (in_array($type, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 4410 help('skinpart' . $type); 4411 } else { 4412 help('skinpartspecial'); 4413 }?> 4414 <br /> 4415 4416 <textarea class="skinedit" tabindex="10" rows="20" cols="80" name="content"><?php echo htmlspecialchars($skin->getContent($type)) ?></textarea> 4417 4418 <br /> 4419 <input type="submit" tabindex="20" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" /> 4420 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" /> 4421 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>) 4422 4423 <br /><br /> 4424 <?php echo _SKIN_ALLOWEDVARS?> 4425 <?php $actions = SKIN::getAllowedActionsForType($type); 4426 4427 sort($actions); 4428 4429 while ($current = array_shift($actions)) { 4430 // skip deprecated vars 4431 if ($current == 'ifcat') continue; 4432 if ($current == 'imagetext') continue; 4433 if ($current == 'vars') continue; 4434 4435 echo helplink('skinvar-' . $current) . "$current</a>"; 4436 if (count($actions) != 0) echo ", "; 4437 } 4438 echo '<br /><br />' . _SKINEDIT_ALLOWEDBLOGS; 4439 $query = 'SELECT bshortname, bname FROM '.sql_table('blog'); 4440 showlist($query,'table',array('content'=>'shortblognames')); 4441 echo '<br />' . _SKINEDIT_ALLOWEDTEMPLATESS; 4442 $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc'); 4443 showlist($query,'table',array('content'=>'shortnames')); 4444 echo '</div></form>'; 4445 $this->pagefoot(); 4446 } 4447 4448 /** 4449 * @todo document this 4450 */ 4451 function action_skinupdate() { 4452 global $member; 4453 4454 $skinid = intRequestVar('skinid'); 4455 $content = trim(postVar('content')); 4456 $type = postVar('type'); 4457 4458 $member->isAdmin() or $this->disallow(); 4459 4460 $skin =& new SKIN($skinid); 4461 $skin->update($type, $content); 4462 4463 $this->action_skinedittype(_SKIN_UPDATED); 4464 } 4465 4466 /** 4467 * @todo document this 4468 */ 4469 function action_skindelete() { 4470 global $member, $manager, $CONF; 4471 4472 $skinid = intRequestVar('skinid'); 4473 4474 $member->isAdmin() or $this->disallow(); 4475 4476 // don't allow default skin to be deleted 4477 if ($skinid == $CONF['BaseSkin']) 4478 $this->error(_ERROR_DEFAULTSKIN); 4479 4480 // don't allow deletion of default skins for blogs 4481 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; 4482 $r = sql_query($query); 4483 if ($o = sql_fetch_object($r)) 4484 $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname)); 4485 4486 $this->pagehead(); 4487 4488 $skin =& new SKIN($skinid); 4489 $name = $skin->getName(); 4490 $desc = $skin->getDescription(); 4491 4492 ?> 4493 <h2><?php echo _DELETE_CONFIRM?></h2> 4494 4495 <p> 4496 <?php echo _CONFIRMTXT_SKIN?><b><?php echo htmlspecialchars($name) ?></b> (<?php echo htmlspecialchars($desc)?>) 4497 </p> 4498 4499 <form method="post" action="index.php"><div> 4500 <input type="hidden" name="action" value="skindeleteconfirm" /> 4501 <?php $manager->addTicketHidden() ?> 4502 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 4503 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 4504 </div></form> 4505 <?php 4506 $this->pagefoot(); 4507 } 4508 4509 /** 4510 * @todo document this 4511 */ 4512 function action_skindeleteconfirm() { 4513 global $member, $CONF, $manager; 4514 4515 $skinid = intRequestVar('skinid'); 4516 4517 $member->isAdmin() or $this->disallow(); 4518 4519 // don't allow default skin to be deleted 4520 if ($skinid == $CONF['BaseSkin']) 4521 $this->error(_ERROR_DEFAULTSKIN); 4522 4523 // don't allow deletion of default skins for blogs 4524 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; 4525 $r = sql_query($query); 4526 if ($o = sql_fetch_object($r)) 4527 $this->error(_ERROR_SKINDEFDELETE .$o->bname); 4528 4529 $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); 4530 4531 // 1. delete description 4532 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); 4533 4534 // 2. delete parts 4535 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); 4536 4537 $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); 4538 4539 $this->action_skinoverview(); 4540 } 4541 4542 /** 4543 * @todo document this 4544 */ 4545 function action_skinremovetype() { 4546 global $member, $manager, $CONF; 4547 4548 $skinid = intRequestVar('skinid'); 4549 $skintype = requestVar('type'); 4550 4551 if (!isValidShortName($skintype)) { 4552 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4553 } 4554 4555 $member->isAdmin() or $this->disallow(); 4556 4557 // don't allow default skinparts to be deleted 4558 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 4559 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4560 } 4561 4562 $this->pagehead(); 4563 4564 $skin =& new SKIN($skinid); 4565 $name = $skin->getName(); 4566 $desc = $skin->getDescription(); 4567 4568 ?> 4569 <h2><?php echo _DELETE_CONFIRM?></h2> 4570 4571 <p> 4572 <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo htmlspecialchars($skintype); ?> (<?php echo htmlspecialchars($name); ?>)</b> (<?php echo htmlspecialchars($desc)?>) 4573 </p> 4574 4575 <form method="post" action="index.php"><div> 4576 <input type="hidden" name="action" value="skinremovetypeconfirm" /> 4577 <?php $manager->addTicketHidden() ?> 4578 <input type="hidden" name="skinid" value="<?php echo $skinid; ?>" /> 4579 <input type="hidden" name="type" value="<?php echo htmlspecialchars($skintype); ?>" /> 4580 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 4581 </div></form> 4582 <?php 4583 $this->pagefoot(); 4584 } 4585 4586 /** 4587 * @todo document this 4588 */ 4589 function action_skinremovetypeconfirm() { 4590 global $member, $CONF, $manager; 4591 4592 $skinid = intRequestVar('skinid'); 4593 $skintype = requestVar('type'); 4594 4595 if (!isValidShortName($skintype)) { 4596 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4597 } 4598 4599 $member->isAdmin() or $this->disallow(); 4600 4601 // don't allow default skinparts to be deleted 4602 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 4603 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4604 } 4605 4606 $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); 4607 4608 // delete part 4609 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\''); 4610 4611 $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); 4612 4613 $this->action_skinedit(); 4614 } 4615 4616 /** 4617 * @todo document this 4618 */ 4619 function action_skinclone() { 4620 global $member; 4621 4622 $skinid = intRequestVar('skinid'); 4623 4624 $member->isAdmin() or $this->disallow(); 4625 4626 // 1. read skin to clone 4627 $skin =& new SKIN($skinid); 4628 4629 $name = "clone_" . $skin->getName(); 4630 4631 // if a skin with that name already exists: 4632 if (SKIN::exists($name)) { 4633 $i = 1; 4634 while (SKIN::exists($name . $i)) 4635 $i++; 4636 $name .= $i; 4637 } 4638 4639 // 2. create skin desc 4640 $newid = SKIN::createNew( 4641 $name, 4642 $skin->getDescription(), 4643 $skin->getContentType(), 4644 $skin->getIncludeMode(), 4645 $skin->getIncludePrefix() 4646 ); 4647 4648 4649 // 3. clone 4650 /* 4651 $this->skinclonetype($skin, $newid, 'index'); 4652 $this->skinclonetype($skin, $newid, 'item'); 4653 $this->skinclonetype($skin, $newid, 'archivelist'); 4654 $this->skinclonetype($skin, $newid, 'archive'); 4655 $this->skinclonetype($skin, $newid, 'search'); 4656 $this->skinclonetype($skin, $newid, 'error'); 4657 $this->skinclonetype($skin, $newid, 'member'); 4658 $this->skinclonetype($skin, $newid, 'imagepopup'); 4659 */ 4660 4661 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid; 4662 $res = sql_query($query); 4663 while ($row = sql_fetch_assoc($res)) { 4664 $this->skinclonetype($skin, $newid, $row['stype']); 4665 } 4666 4667 $this->action_skinoverview(); 4668 4669 } 4670 4671 /** 4672 * @todo document this 4673 */ 4674 function skinclonetype($skin, $newid, $type) { 4675 $newid = intval($newid); 4676 $content = $skin->getContent($type); 4677 if ($content) { 4678 $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". sql_real_escape_string($content)."', '". sql_real_escape_string($type)."')"; 4679 sql_query($query); 4680 } 4681 } 4682 4683 /** 4684 * @todo document this 4685 */ 4686 function action_settingsedit() { 4687 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; 4688 4689 $member->isAdmin() or $this->disallow(); 4690 4691 $this->pagehead(); 4692 4693 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 4694 ?> 4695 4696 <h2><?php echo _SETTINGS_TITLE?></h2> 4697 4698 <form action="index.php" method="post"> 4699 <div> 4700 4701 <input type="hidden" name="action" value="settingsupdate" /> 4702 <?php $manager->addTicketHidden() ?> 4703 4704 <table><tr> 4705 <th colspan="2"><?php echo _SETTINGS_SUB_GENERAL?></th> 4706 </tr><tr> 4707 <td><?php echo _SETTINGS_DEFBLOG?> <?php help('defaultblog'); ?></td> 4708 <td> 4709 <?php 4710 $query = 'SELECT bname as text, bnumber as value' 4711 . ' FROM '.sql_table('blog'); 4712 $template['name'] = 'DefaultBlog'; 4713 $template['selected'] = $CONF['DefaultBlog']; 4714 $template['tabindex'] = 10; 4715 showlist($query,'select',$template); 4716 ?> 4717 </td> 4718 </tr><tr> 4719 <td><?php echo _SETTINGS_BASESKIN?> <?php help('baseskin'); ?></td> 4720 <td> 4721 <?php 4722 $query = 'SELECT sdname as text, sdnumber as value' 4723 . ' FROM '.sql_table('skin_desc'); 4724 $template['name'] = 'BaseSkin'; 4725 $template['selected'] = $CONF['BaseSkin']; 4726 $template['tabindex'] = 1; 4727 showlist($query,'select',$template); 4728 ?> 4729 </td> 4730 </tr><tr> 4731 <td><?php echo _SETTINGS_ADMINMAIL?></td> 4732 <td><input name="AdminEmail" tabindex="10010" size="40" value="<?php echo htmlspecialchars($CONF['AdminEmail']) ?>" /></td> 4733 </tr><tr> 4734 <td><?php echo _SETTINGS_SITENAME?></td> 4735 <td><input name="SiteName" tabindex="10020" size="40" value="<?php echo htmlspecialchars($CONF['SiteName']) ?>" /></td> 4736 </tr><tr> 4737 <td><?php echo _SETTINGS_SITEURL?></td> 4738 <td><input name="IndexURL" tabindex="10030" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL']) ?>" /></td> 4739 </tr><tr> 4740 <td><?php echo _SETTINGS_ADMINURL?></td> 4741 <td><input name="AdminURL" tabindex="10040" size="40" value="<?php echo htmlspecialchars($CONF['AdminURL']) ?>" /></td> 4742 </tr><tr> 4743 <td><?php echo _SETTINGS_PLUGINURL?> <?php help('pluginurl');?></td> 4744 <td><input name="PluginURL" tabindex="10045" size="40" value="<?php echo htmlspecialchars($CONF['PluginURL']) ?>" /></td> 4745 </tr><tr> 4746 <td><?php echo _SETTINGS_SKINSURL?> <?php help('skinsurl');?></td> 4747 <td><input name="SkinsURL" tabindex="10046" size="40" value="<?php echo htmlspecialchars($CONF['SkinsURL']) ?>" /></td> 4748 </tr><tr> 4749 <td><?php echo _SETTINGS_ACTIONSURL?> <?php help('actionurl');?></td> 4750 <td><input name="ActionURL" tabindex="10047" size="40" value="<?php echo htmlspecialchars($CONF['ActionURL']) ?>" /></td> 4751 </tr><tr> 4752 <td><?php echo _SETTINGS_LANGUAGE?> <?php help('language'); ?> 4753 </td> 4754 <td> 4755 4756 <select name="Language" tabindex="10050"> 4757 <?php // show a dropdown list of all available languages 4758 global $DIR_LANG; 4759 $dirhandle = opendir($DIR_LANG); 4760 4761 while ($filename = readdir($dirhandle) ) 4762 { 4763 4764 # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 4765 # original ereg: ereg("^(.*)\.php$",$filename,$matches) 4766 4767 if (preg_match('#^(.*)\.php$#', $filename, $matches) ) 4768 { 4769 4770 $name = $matches[1]; 4771 echo "<option value=\"$name\""; 4772 4773 if ($name == $CONF['Language']) 4774 { 4775 echo " selected=\"selected\""; 4776 } 4777 4778 echo ">$name</option>"; 4779 4780 } 4781 4782 } 4783 4784 closedir($dirhandle); 4785 4786 ?> 4787 </select> 4788 4789 </td> 4790 </tr><tr> 4791 <td><?php echo _SETTINGS_DISABLESITE?> <?php help('disablesite'); ?> 4792 </td> 4793 <td><?php $this->input_yesno('DisableSite',$CONF['DisableSite'],10060); ?> 4794 <br /> 4795 <?php echo _SETTINGS_DISABLESITEURL ?> <input name="DisableSiteURL" tabindex="10070" size="40" value="<?php echo htmlspecialchars($CONF['DisableSiteURL'])?>" /> 4796 </td> 4797 </tr><tr> 4798 <td><?php echo _SETTINGS_DIRS?></td> 4799 <td><?php echo htmlspecialchars($DIR_NUCLEUS) ?> 4800 <i><?php echo _SETTINGS_SEECONFIGPHP?></i></td> 4801 </tr><tr> 4802 <td><?php echo _SETTINGS_DBLOGIN?></td> 4803 <td><i><?php echo _SETTINGS_SEECONFIGPHP?></i></td> 4804 </tr><tr> 4805 <td> 4806 <?php 4807 echo _SETTINGS_JSTOOLBAR 4808 /* =_SETTINGS_DISABLEJS 4809 4810 I temporary changed the meaning of DisableJsTools, until I can find a good 4811 way to select the javascript version to use 4812 4813 now, its: 4814 0 : IE 4815 1 : all javascript disabled 4816 2 : 'simpler' javascript (for mozilla/opera/mac) 4817 */ 4818 ?> 4819 </td> 4820 <td><?php /* $this->input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?> 4821 <select name="DisableJsTools" tabindex="10075"> 4822 <?php $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : ''; 4823 echo "<option $extra value='1'>",_SETTINGS_JSTOOLBAR_NONE,"</option>"; 4824 $extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : ''; 4825 echo "<option $extra value='2'>",_SETTINGS_JSTOOLBAR_SIMPLE,"</option>"; 4826 $extra = ($CONF['DisableJsTools'] == 0) ? 'selected="selected"' : ''; 4827 echo "<option $extra value='0'>",_SETTINGS_JSTOOLBAR_FULL,"</option>"; 4828 ?> 4829 </select> 4830 </td> 4831 </tr><tr> 4832 <td><?php echo _SETTINGS_URLMODE?> <?php help('urlmode');?></td> 4833 <td><?php 4834 4835 $this->input_yesno('URLMode',$CONF['URLMode'],10077, 4836 'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO); 4837 4838 echo ' ', _SETTINGS_URLMODE_HELP; 4839 4840 ?> 4841 4842 </td> 4843 </tr><tr> 4844 <td><?php echo _SETTINGS_DEBUGVARS?> <?php help('debugvars');?></td> 4845 <td><?php 4846 4847 $this->input_yesno('DebugVars',$CONF['DebugVars'],10078); 4848 4849 ?> 4850 4851 </td> 4852 </tr><tr> 4853 <td><?php echo _SETTINGS_DEFAULTLISTSIZE?> <?php help('defaultlistsize');?></td> 4854 <td> 4855 <?php 4856 if (!array_key_exists('DefaultListSize',$CONF)) { 4857 sql_query("INSERT INTO ".sql_table('config')." VALUES ('DefaultListSize', '10')"); 4858 $CONF['DefaultListSize'] = 10; 4859 } 4860 ?> 4861 <input name="DefaultListSize" tabindex="10079" size="40" value="<?php echo htmlspecialchars((intval($CONF['DefaultListSize']) < 1 ? '10' : $CONF['DefaultListSize'])) ?>" /> 4862 </td> 4863 </tr><tr> 4864 <td><?php echo _SETTINGS_ADMINCSS?> 4865 </td> 4866 <td> 4867 4868 <select name="AdminCSS" tabindex="10080"> 4869 <?php // show a dropdown list of all available admin css files 4870 global $DIR_NUCLEUS; 4871 4872 $dirhandle = opendir($DIR_NUCLEUS."styles/"); 4873 4874 while ($filename = readdir($dirhandle) ) 4875 { 4876 4877 # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 4878 # original ereg: ereg("^(.*)\.php$",$filename,$matches) 4879 4880 if (preg_match('#^admin_(.*)\.css$#', $filename, $matches) ) 4881 { 4882 4883 $name = $matches[1]; 4884 echo "<option value=\"$name\""; 4885 4886 if ($name == $CONF['AdminCSS']) 4887 { 4888 echo " selected=\"selected\""; 4889 } 4890 4891 echo ">$name</option>"; 4892 4893 } 4894 4895 } 4896 4897 closedir($dirhandle); 4898 4899 ?> 4900 </select> 4901 4902 </td> 4903 </tr><tr> 4904 <th colspan="2"><?php echo _SETTINGS_MEDIA?> <?php help('media'); ?></th> 4905 </tr><tr> 4906 <td><?php echo _SETTINGS_MEDIADIR?></td> 4907 <td><?php echo htmlspecialchars($DIR_MEDIA) ?> 4908 <i><?php echo _SETTINGS_SEECONFIGPHP?></i> 4909 <?php if (!is_dir($DIR_MEDIA)) 4910 echo "<br /><b>" . _WARNING_NOTADIR . "</b>"; 4911 if (!is_readable($DIR_MEDIA)) 4912 echo "<br /><b>" . _WARNING_NOTREADABLE . "</b>"; 4913 if (!is_writeable($DIR_MEDIA)) 4914 echo "<br /><b>" . _WARNING_NOTWRITABLE . "</b>"; 4915 ?> 4916 </td> 4917 </tr><tr> 4918 <td><?php echo _SETTINGS_MEDIAURL?></td> 4919 <td> 4920 <input name="MediaURL" tabindex="10090" size="40" value="<?php echo htmlspecialchars($CONF['MediaURL']) ?>" /> 4921 </td> 4922 </tr><tr> 4923 <td><?php echo _SETTINGS_ALLOWUPLOAD?></td> 4924 <td><?php $this->input_yesno('AllowUpload',$CONF['AllowUpload'],10090); ?></td> 4925 </tr><tr> 4926 <td><?php echo _SETTINGS_ALLOWUPLOADTYPES?></td> 4927 <td> 4928 <input name="AllowedTypes" tabindex="10100" size="40" value="<?php echo htmlspecialchars($CONF['AllowedTypes']) ?>" /> 4929 </td> 4930 </tr><tr> 4931 <td><?php echo _SETTINGS_MAXUPLOADSIZE?></td> 4932 <td> 4933 <input name="MaxUploadSize" tabindex="10105" size="40" value="<?php echo htmlspecialchars($CONF['MaxUploadSize']) ?>" /> 4934 </td> 4935 </tr><tr> 4936 <td><?php echo _SETTINGS_MEDIAPREFIX?></td> 4937 <td><?php $this->input_yesno('MediaPrefix',$CONF['MediaPrefix'],10110); ?></td> 4938 4939 </tr><tr> 4940 <th colspan="2"><?php echo _SETTINGS_MEMBERS?></th> 4941 </tr><tr> 4942 <td><?php echo _SETTINGS_CHANGELOGIN?></td> 4943 <td><?php $this->input_yesno('AllowLoginEdit',$CONF['AllowLoginEdit'],10120); ?></td> 4944 </tr><tr> 4945 <td><?php echo _SETTINGS_ALLOWCREATE?> 4946 <?php help('allowaccountcreation'); ?> 4947 </td> 4948 <td><?php $this->input_yesno('AllowMemberCreate',$CONF['AllowMemberCreate'],10130); ?> 4949 </td> 4950 </tr><tr> 4951 <td><?php echo _SETTINGS_NEWLOGIN?> <?php help('allownewmemberlogin'); ?> 4952 <br /><?php echo _SETTINGS_NEWLOGIN2?> 4953 </td> 4954 <td><?php $this->input_yesno('NewMemberCanLogon',$CONF['NewMemberCanLogon'],10140); ?> 4955 </td> 4956 </tr><tr> 4957 <td><?php echo _SETTINGS_MEMBERMSGS?> 4958 <?php help('messageservice'); ?> 4959 </td> 4960 <td><?php $this->input_yesno('AllowMemberMail',$CONF['AllowMemberMail'],10150); ?> 4961 </td> 4962 </tr><tr> 4963 <td><?php echo _SETTINGS_NONMEMBERMSGS?> 4964 <?php help('messageservice'); ?> 4965 </td> 4966 <td><?php $this->input_yesno('NonmemberMail',$CONF['NonmemberMail'],10155); ?> 4967 </td> 4968 </tr><tr> 4969 <td><?php echo _SETTINGS_PROTECTMEMNAMES?> 4970 <?php help('protectmemnames'); ?> 4971 </td> 4972 <td><?php $this->input_yesno('ProtectMemNames',$CONF['ProtectMemNames'],10156); ?> 4973 </td> 4974 4975 4976 4977 </tr><tr> 4978 <th colspan="2"><?php echo _SETTINGS_COOKIES_TITLE?> <?php help('cookies'); ?></th> 4979 </tr><tr> 4980 <td><?php echo _SETTINGS_COOKIEPREFIX?></td> 4981 <td><input name="CookiePrefix" tabindex="10159" size="40" value="<?php echo htmlspecialchars($CONF['CookiePrefix'])?>" /></td> 4982 </tr><tr> 4983 <td><?php echo _SETTINGS_COOKIEDOMAIN?></td> 4984 <td><input name="CookieDomain" tabindex="10160" size="40" value="<?php echo htmlspecialchars($CONF['CookieDomain'])?>" /></td> 4985 </tr><tr> 4986 <td><?php echo _SETTINGS_COOKIEPATH?></td> 4987 <td><input name="CookiePath" tabindex="10170" size="40" value="<?php echo htmlspecialchars($CONF['CookiePath'])?>" /></td> 4988 </tr><tr> 4989 <td><?php echo _SETTINGS_COOKIESECURE?></td> 4990 <td><?php $this->input_yesno('CookieSecure',$CONF['CookieSecure'],10180); ?></td> 4991 </tr><tr> 4992 <td><?php echo _SETTINGS_COOKIELIFE?></td> 4993 <td><?php $this->input_yesno('SessionCookie',$CONF['SessionCookie'],10190, 4994 1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?> 4995 </td> 4996 </tr><tr> 4997 <td><?php echo _SETTINGS_LASTVISIT?></td> 4998 <td><?php $this->input_yesno('LastVisit',$CONF['LastVisit'],10200); ?></td> 4999 5000 5001 5002 </tr><tr> 5003 <th colspan="2"><?php echo _SETTINGS_UPDATE?></th> 5004 </tr><tr> 5005 <td><?php echo _SETTINGS_UPDATE?></td> 5006 <td><input type="submit" tabindex="10210" value="<?php echo _SETTINGS_UPDATE_BTN?>" onclick="return checkSubmit();" /></td> 5007 </tr></table> 5008 5009 </div> 5010 </form> 5011 5012 <?php 5013 echo '<h2>',_PLUGINS_EXTRA,'</h2>'; 5014 5015 $manager->notify( 5016 'GeneralSettingsFormExtras', 5017 array() 5018 ); 5019 5020 $this->pagefoot(); 5021 } 5022 5023 /** 5024 * @todo document this 5025 */ 5026 function action_settingsupdate() { 5027 global $member, $CONF; 5028 5029 $member->isAdmin() or $this->disallow(); 5030 5031 // check if email address for admin is valid 5032 if (!isValidMailAddress(postVar('AdminEmail'))) 5033 $this->error(_ERROR_BADMAILADDRESS); 5034 5035 5036 // save settings 5037 $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); 5038 $this->updateConfig('BaseSkin', postVar('BaseSkin')); 5039 $this->updateConfig('IndexURL', postVar('IndexURL')); 5040 $this->updateConfig('AdminURL', postVar('AdminURL')); 5041 $this->updateConfig('PluginURL', postVar('PluginURL')); 5042 $this->updateConfig('SkinsURL', postVar('SkinsURL')); 5043 $this->updateConfig('ActionURL', postVar('ActionURL')); 5044 $this->updateConfig('Language', postVar('Language')); 5045 $this->updateConfig('AdminEmail', postVar('AdminEmail')); 5046 $this->updateConfig('SessionCookie', postVar('SessionCookie')); 5047 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); 5048 $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); 5049 $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); 5050 $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); 5051 $this->updateConfig('SiteName', postVar('SiteName')); 5052 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon')); 5053 $this->updateConfig('DisableSite', postVar('DisableSite')); 5054 $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); 5055 $this->updateConfig('LastVisit', postVar('LastVisit')); 5056 $this->updateConfig('MediaURL', postVar('MediaURL')); 5057 $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); 5058 $this->updateConfig('AllowUpload', postVar('AllowUpload')); 5059 $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); 5060 $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); 5061 $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); 5062 $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); 5063 $this->updateConfig('CookieDomain', postVar('CookieDomain')); 5064 $this->updateConfig('CookiePath', postVar('CookiePath')); 5065 $this->updateConfig('CookieSecure', postVar('CookieSecure')); 5066 $this->updateConfig('URLMode', postVar('URLMode')); 5067 $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); 5068 $this->updateConfig('DebugVars', postVar('DebugVars')); 5069 $this->updateConfig('DefaultListSize', postVar('DefaultListSize')); 5070 $this->updateConfig('AdminCSS', postVar('AdminCSS')); 5071 5072 // load new config and redirect (this way, the new language will be used is necessary) 5073 // note that when changing cookie settings, this redirect might cause the user 5074 // to have to log in again. 5075 getConfig(); 5076 redirect($CONF['AdminURL'] . '?action=manage'); 5077 exit; 5078 5079 } 5080 5081 /** 5082 * Give an overview over the used system 5083 */ 5084 function action_systemoverview() { 5085 global $member, $nucleus, $CONF; 5086 5087 $this->pagehead(); 5088 5089 echo '<h2>' . _ADMIN_SYSTEMOVERVIEW_HEADING . "</h2>\n"; 5090 5091 if ($member->isLoggedIn() && $member->isAdmin()) { 5092 5093 // Information about the used PHP and MySQL installation 5094 echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_PHPANDMYSQL . "</h3>\n"; 5095 5096 // Version of PHP MySQL 5097 echo "<table>\n"; 5098 echo "\t<tr>\n"; 5099 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . "</th>\n"; 5100 echo "\t</tr><tr>\n"; 5101 echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . "</td>\n"; 5102 echo "\t\t" . '<td>' . phpversion() . "</td>\n"; 5103 echo "\t</tr><tr>\n"; 5104 echo "\t\t" . '<td>' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . "</td>\n"; 5105 echo "\t\t" . '<td>' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . "</td>\n"; 5106 echo "\t</tr>"; 5107 echo "</table>\n"; 5108 5109 // Important PHP settings 5110 echo "<table>\n"; 5111 echo "\t<tr>\n"; 5112 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . "</th>\n"; 5113 echo "\t</tr><tr>\n"; 5114 echo "\t\t" . '<td width="50%">magic_quotes_gpc' . "</td>\n"; 5115 $mqg = get_magic_quotes_gpc() ? 'On' : 'Off'; 5116 echo "\t\t" . '<td>' . $mqg . "</td>\n"; 5117 echo "\t</tr><tr>\n"; 5118 echo "\t\t" . '<td>magic_quotes_runtime' . "</td>\n"; 5119 $mqr = get_magic_quotes_runtime() ? 'On' : 'Off'; 5120 echo "\t\t" . '<td>' . $mqr . "</td>\n"; 5121 echo "\t</tr><tr>\n"; 5122 echo "\t\t" . '<td>register_globals' . "</td>\n"; 5123 $rg = ini_get('register_globals') ? 'On' : 'Off'; 5124 echo "\t\t" . '<td>' . $rg . "</td>\n"; 5125 echo "\t</tr>"; 5126 echo "</table>\n"; 5127 5128 // Information about GD library 5129 $gdinfo = gd_info(); 5130 echo "<table>\n"; 5131 echo "\t<tr>"; 5132 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . "</th>\n"; 5133 echo "\t</tr>\n"; 5134 foreach ($gdinfo as $key=>$value) { 5135 if (is_bool($value)) { 5136 $value = $value ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; 5137 } else { 5138 $value = htmlspecialchars($value, ENT_QUOTES); 5139 } 5140 echo "\t<tr>"; 5141 echo "\t\t" . '<td width="50%">' . $key . "</td>\n"; 5142 echo "\t\t" . '<td>' . $value . "</td>\n"; 5143 echo "\t</tr>\n"; 5144 } 5145 echo "</table>\n"; 5146 5147 // Check if special modules are loaded 5148 ob_start(); 5149 phpinfo(INFO_MODULES); 5150 $im = ob_get_contents(); 5151 ob_clean(); 5152 echo "<table>\n"; 5153 echo "\t<tr>"; 5154 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_MODULES . "</th>\n"; 5155 echo "\t</tr><tr>\n"; 5156 echo "\t\t" . '<td width="50%">mod_rewrite' . "</td>\n"; 5157 $modrewrite = (strstr($im, 'mod_rewrite') != '') ? 5158 _ADMIN_SYSTEMOVERVIEW_ENABLE : 5159 _ADMIN_SYSTEMOVERVIEW_DISABLE; 5160 echo "\t\t" . '<td>' . $modrewrite . "</td>\n"; 5161 echo "\t</tr>\n"; 5162 echo "</table>\n"; 5163 5164 // Information about the used Nucleus CMS 5165 echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . "</h3>\n"; 5166 global $nucleus; 5167 $nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')'; 5168 $np = getNucleusPatchLevel(); 5169 echo "<table>\n"; 5170 echo "\t<tr>"; 5171 echo "\t\t" . '<th colspan="2">Nucleus CMS' . "</th>\n"; 5172 echo "\t</tr><tr>\n"; 5173 echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . "</td>\n"; 5174 echo "\t\t" . '<td>' . $nv . "</td>\n"; 5175 echo "\t</tr><tr>\n"; 5176 echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . "</td>\n"; 5177 echo "\t\t" . '<td>' . $np . "</td>\n"; 5178 echo "\t</tr>\n"; 5179 echo "</table>\n"; 5180 5181 // Important settings of the installation 5182 echo "<table>\n"; 5183 echo "\t<tr>"; 5184 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . "</th>\n"; 5185 echo "\t</tr><tr>\n"; 5186 echo "\t\t" . '<td width="50%">' . '$CONF[' . "'Self']</td>\n"; 5187 echo "\t\t" . '<td>' . $CONF['Self'] . "</td>\n"; 5188 echo "\t</tr><tr>\n"; 5189 echo "\t\t" . '<td width="50%">' . '$CONF[' . "'ItemURL']</td>\n"; 5190 echo "\t\t" . '<td>' . $CONF['ItemURL'] . "</td>\n"; 5191 echo "\t</tr><tr>\n"; 5192 echo "\t\t" . '<td width="50%">' . '$CONF[' . "'alertOnHeadersSent']</td>\n"; 5193 $ohs = $CONF['alertOnHeadersSent'] ? 5194 _ADMIN_SYSTEMOVERVIEW_ENABLE : 5195 _ADMIN_SYSTEMOVERVIEW_DISABLE; 5196 echo "\t\t" . '<td>' . $ohs . "</td>\n"; 5197 echo "\t</tr>\n"; 5198 echo "</table>\n"; 5199 5200 // Link to the online version test at the Nucleus CMS website 5201 echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK . "</h3>\n"; 5202 if ($nucleus['codename'] != '') { 5203 $codenamestring = ' "' . $nucleus['codename'] . '"'; 5204 } else { 5205 $codenamestring = ''; 5206 } 5207 echo _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TXT; 5208 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel()); 5209 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">'; 5210 echo 'Nucleus CMS ' . $nv . $codenamestring; 5211 echo '</a>'; 5212 //echo '<br />'; 5213 } 5214 else { 5215 echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN; 5216 } 5217 5218 $this->pagefoot(); 5219 } 5220 5221 /** 5222 * @todo document this 5223 */ 5224 function updateConfig($name, $val) { 5225 $name = sql_real_escape_string($name); 5226 $val = trim(sql_real_escape_string($val)); 5227 5228 $query = 'UPDATE '.sql_table('config') 5229 . " SET value='$val'" 5230 . " WHERE name='$name'"; 5231 5232 sql_query($query) or die("Query error: " . sql_error()); 5233 return sql_insert_id(); 5234 } 5235 5236 /** 5237 * Error message 5238 * @param string $msg message that will be shown 5239 */ 5240 function error($msg) { 5241 $this->pagehead(); 5242 ?> 5243 <h2>Error!</h2> 5244 <?php echo $msg; 5245 echo "<br />"; 5246 echo "<a href='index.php' onclick='history.back()'>"._BACK."</a>"; 5247 $this->pagefoot(); 5248 exit; 5249 } 5250 5251 /** 5252 * @todo document this 5253 */ 5254 function disallow() { 5255 ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI')); 5256 5257 $this->error(_ERROR_DISALLOWED); 5258 } 5259 5260 /** 5261 * @todo document this 5262 */ 5263 function pagehead($extrahead = '') { 5264 global $member, $nucleus, $CONF, $manager; 5265 5266 $manager->notify( 5267 'AdminPrePageHead', 5268 array( 5269 'extrahead' => &$extrahead, 5270 'action' => $this->action 5271 ) 5272 ); 5273 5274 $baseUrl = htmlspecialchars($CONF['AdminURL']); 5275 if (!array_key_exists('AdminCSS',$CONF)) 5276 { 5277 sql_query("INSERT INTO ".sql_table('config')." VALUES ('AdminCSS', 'original')"); 5278 $CONF['AdminCSS'] = 'original'; 5279 } 5280 5281 ?> 5282 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 5283 <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>> 5284 <head> 5285 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" /> 5286 <title><?php echo htmlspecialchars($CONF['SiteName'])?> - Admin</title> 5287 <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" href="<?php echo $baseUrl?>styles/admin_<?php echo $CONF["AdminCSS"]?>.css" /> 5288 <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" 5289 href="<?php echo $baseUrl?>styles/addedit.css" /> 5290 5291 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/edit.js"></script> 5292 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/admin.js"></script> 5293 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/compatibility.js"></script> 5294 5295 <meta http-equiv='Pragma' content='no-cache' /> 5296 <meta http-equiv='Cache-Control' content='no-cache, must-revalidate' /> 5297 <meta http-equiv='Expires' content='-1' /> 5298 5299 <?php echo $extrahead?> 5300 </head> 5301 <body> 5302 <div id="adminwrapper"> 5303 <div class="header"> 5304 <h1><?php echo htmlspecialchars($CONF['SiteName'])?></h1> 5305 </div> 5306 <div id="container"> 5307 <div id="content"> 5308 <div class="loginname"> 5309 <?php if ($member->isLoggedIn()) 5310 echo _LOGGEDINAS . ' ' . $member->getDisplayName() 5311 ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a>" 5312 . "<br /><a href='index.php?action=overview'>" . _ADMINHOME . "</a> - "; 5313 else 5314 echo '<a href="index.php?action=showlogin" title="Log in">' , _NOTLOGGEDIN , '</a> <br />'; 5315 5316 echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a>"; 5317 5318 echo '<br />('; 5319 5320 $codenamestring = ($nucleus['codename']!='')? ' "'.$nucleus['codename'].'"':''; 5321 5322 if ($member->isLoggedIn() && $member->isAdmin()) { 5323 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel()); 5324 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>'; 5325 $newestVersion = getLatestVersion(); 5326 $newestCompare = str_replace('/','.',$newestVersion); 5327 $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']); 5328 if ($newestVersion && version_compare($newestCompare,$currentVersion) > 0) { 5329 echo '<br /><a style="color:red" href="http://nucleuscms.org/upgrade.php" title="'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE.'">'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT.$newestVersion.'</a>'; 5330 } 5331 } else { 5332 echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring; 5333 } 5334 echo ')'; 5335 echo '</div>'; 5336 } 5337 5338 /** 5339 * @todo document this 5340 */ 5341 function pagefoot() { 5342 global $action, $member, $manager; 5343 5344 $manager->notify( 5345 'AdminPrePageFoot', 5346 array( 5347 'action' => $this->action 5348 ) 5349 ); 5350 5351 if ($member->isLoggedIn() && ($action != 'showlogin')) { 5352 ?> 5353 <h2><?php echo _LOGOUT ?></h2> 5354 <ul> 5355 <li><a href="index.php?action=overview"><?php echo _BACKHOME?></a></li> 5356 <li><a href='index.php?action=logout'><?php echo _LOGOUT?></a></li> 5357 </ul> 5358 <?php } 5359 ?> 5360 <div class="foot"> 5361 <a href="<?php echo _ADMINPAGEFOOT_OFFICIALURL ?>">Nucleus CMS</a> © 2002-<?php echo date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT; ?> 5362 - 5363 <a href="<?php echo _ADMINPAGEFOOT_DONATEURL ?>"><?php echo _ADMINPAGEFOOT_DONATE ?></a> 5364 </div> 5365 5366 </div><!-- content --> 5367 5368 <div id="quickmenu"> 5369 5370 <?php // ---- user settings ---- 5371 if (($action != 'showlogin') && ($member->isLoggedIn())) { 5372 echo '<ul>'; 5373 echo '<li><a href="index.php?action=overview">',_QMENU_HOME,'</a></li>'; 5374 echo '</ul>'; 5375 5376 echo '<h2>',_QMENU_ADD,'</h2>'; 5377 echo '<form method="get" action="index.php"><div>'; 5378 echo '<input type="hidden" name="action" value="createitem" />'; 5379 5380 $showAll = requestVar('showall'); 5381 if (($member->isAdmin()) && ($showAll == 'yes')) { 5382 // Super-Admins have access to all blogs! (no add item support though) 5383 $query = 'SELECT bnumber as value, bname as text' 5384 . ' FROM ' . sql_table('blog') 5385 . ' ORDER BY bname'; 5386 } else { 5387 $query = 'SELECT bnumber as value, bname as text' 5388 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') 5389 . ' WHERE tblog=bnumber and tmember=' . $member->getID() 5390 . ' ORDER BY bname'; 5391 } 5392 $template['name'] = 'blogid'; 5393 $template['tabindex'] = 15000; 5394 $template['extra'] = _QMENU_ADD_SELECT; 5395 $template['selected'] = -1; 5396 $template['shorten'] = 10; 5397 $template['shortenel'] = ''; 5398 $template['javascript'] = 'onchange="return form.submit()"'; 5399 showlist($query,'select',$template); 5400 5401 echo '</div></form>'; 5402 5403 echo '<h2>' . $member->getDisplayName(). '</h2>'; 5404 echo '<ul>'; 5405 echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . '</a></li>'; 5406 echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . '</a></li>'; 5407 echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . '</a></li>'; 5408 echo '</ul>'; 5409 5410 5411 5412 5413 // ---- general settings ---- 5414 if ($member->isAdmin()) { 5415 5416 echo '<h2>',_QMENU_MANAGE,'</h2>'; 5417 5418 echo '<ul>'; 5419 echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . '</a></li>'; 5420 echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . '</a></li>'; 5421 echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . '</a></li>'; 5422 echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . '</a></li>'; 5423 echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . '</a></li>'; 5424 echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . '</a></li>'; 5425 echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . '</a></li>'; 5426 echo '</ul>'; 5427 5428 echo '<h2>',_QMENU_LAYOUT,'</h2>'; 5429 echo '<ul>'; 5430 echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . '</a></li>'; 5431 echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . '</a></li>'; 5432 echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . '</a></li>'; 5433 echo '</ul>'; 5434 5435 } 5436 5437 $aPluginExtras = array(); 5438 $manager->notify( 5439 'QuickMenu', 5440 array( 5441 'options' => &$aPluginExtras 5442 ) 5443 ); 5444 if (count($aPluginExtras) > 0) 5445 { 5446 echo '<h2>', _QMENU_PLUGINS, '</h2>'; 5447 echo '<ul>'; 5448 foreach ($aPluginExtras as $aInfo) 5449 { 5450 echo '<li><a href="'.htmlspecialchars($aInfo['url']).'" title="'.htmlspecialchars($aInfo['tooltip']).'">'.htmlspecialchars($aInfo['title']).'</a></li>'; 5451 } 5452 echo '</ul>'; 5453 } 5454 5455 } else if (($action == 'activate') || ($action == 'activatesetpwd')) { 5456 5457 echo '<h2>', _QMENU_ACTIVATE, '</h2>', _QMENU_ACTIVATE_TEXT; 5458 } else { 5459 // introduction text on login screen 5460 echo '<h2>', _QMENU_INTRO, '</h2>', _QMENU_INTRO_TEXT; 5461 } 5462 ?> 5463 </div> 5464 5465 <!-- content / quickmenu container --> 5466 <div class="clear"></div> <!-- new --> 5467 </div> 5468 5469 <!-- adminwrapper --> <!-- new --> 5470 </div> <!-- new --> 5471 </body> 5472 </html> 5473 <?php } 5474 5475 /** 5476 * @todo document this 5477 */ 5478 function action_regfile() { 5479 global $member, $CONF; 5480 5481 $blogid = intRequestVar('blogid'); 5482 5483 $member->teamRights($blogid) or $this->disallow(); 5484 5485 // header-code stolen from phpMyAdmin 5486 // REGEDIT and bookmarklet code stolen from GreyMatter 5487 5488 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid)); 5489 5490 5491 header('Content-Type: application/octetstream'); 5492 header('Content-Disposition: filename="nucleus.reg"'); 5493 header('Pragma: no-cache'); 5494 header('Expires: 0'); 5495 5496 echo "REGEDIT4\n"; 5497 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n"; 5498 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n"; 5499 echo '"contexts"=hex:31'; 5500 } 5501 5502 /** 5503 * @todo document this 5504 */ 5505 function action_bookmarklet() { 5506 global $member, $manager; 5507 5508 $blogid = intRequestVar('blogid'); 5509 5510 $member->teamRights($blogid) or $this->disallow(); 5511 5512 $blog =& $manager->getBlog($blogid); 5513 $bm = getBookmarklet($blogid); 5514 5515 $this->pagehead(); 5516 5517 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 5518 5519 ?> 5520 5521 <h2><?php echo _BOOKMARKLET_TITLE ?></h2> 5522 5523 <p> 5524 <?php echo _BOOKMARKLET_DESC1 . _BOOKMARKLET_DESC2 . _BOOKMARKLET_DESC3 . _BOOKMARKLET_DESC4 . _BOOKMARKLET_DESC5 ?> 5525 </p> 5526 5527 <h3><?php echo _BOOKMARKLET_BOOKARKLET ?></h3> 5528 <p> 5529 <?php echo _BOOKMARKLET_BMARKTEXT ?><small><?php echo _BOOKMARKLET_BMARKTEST ?></small> 5530 <br /> 5531 <br /> 5532 <?php echo '<a href="' . htmlspecialchars($bm, ENT_QUOTES) . '">' . sprintf(_BOOKMARKLET_ANCHOR, htmlspecialchars($blog->getName(), ENT_QUOTES)) . '</a>' . _BOOKMARKLET_BMARKFOLLOW; ?> 5533 </p> 5534 5535 <h3><?php echo _BOOKMARKLET_RIGHTCLICK ?></h3> 5536 <p> 5537 <?php 5538 $url = 'index.php?action=regfile&blogid=' . intval($blogid); 5539 $url = $manager->addTicketToUrl($url); 5540 ?> 5541 <?php echo _BOOKMARKLET_RIGHTTEXT1 . '<a href="' . htmlspecialchars($url, ENT_QUOTES, "SJIS") . '">' . _BOOKMARKLET_RIGHTLABEL . '</a>' . _BOOKMARKLET_RIGHTTEXT2; ?> 5542 </p> 5543 5544 <p> 5545 <?php echo _BOOKMARKLET_RIGHTTEXT3 ?> 5546 </p> 5547 5548 <h3><?php echo _BOOKMARKLET_UNINSTALLTT ?></h3> 5549 <p> 5550 <?php echo _BOOKMARKLET_DELETEBAR ?> 5551 </p> 5552 5553 <p> 5554 <?php echo _BOOKMARKLET_DELETERIGHTT ?> 5555 </p> 5556 5557 <ol> 5558 <li><?php echo _BOOKMARKLET_DELETERIGHT1 ?></li> 5559 <li><?php echo _BOOKMARKLET_DELETERIGHT2 ?></li> 5560 <li><?php echo _BOOKMARKLET_DELETERIGHT3 ?></li> 5561 <li><?php echo _BOOKMARKLET_DELETERIGHT4 ?></li> 5562 <li><?php echo _BOOKMARKLET_DELETERIGHT5 ?></li> 5563 </ol> 5564 5565 <?php 5566 $this->pagefoot(); 5567 5568 } 5569 5570 /** 5571 * @todo document this 5572 */ 5573 function action_actionlog() { 5574 global $member, $manager; 5575 5576 $member->isAdmin() or $this->disallow(); 5577 5578 $this->pagehead(); 5579 5580 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 5581 5582 $url = $manager->addTicketToUrl('index.php?action=clearactionlog'); 5583 5584 ?> 5585 <h2><?php echo _ACTIONLOG_CLEAR_TITLE?></h2> 5586 <p><a href="<?php echo htmlspecialchars($url)?>"><?php echo _ACTIONLOG_CLEAR_TEXT?></a></p> 5587 <?php 5588 echo '<h2>' . _ACTIONLOG_TITLE . '</h2>'; 5589 5590 $query = 'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC'; 5591 $template['content'] = 'actionlist'; 5592 $amount = showlist($query,'table',$template); 5593 5594 $this->pagefoot(); 5595 5596 } 5597 5598 /** 5599 * @todo document this 5600 */ 5601 function action_banlist() { 5602 global $member, $manager; 5603 5604 $blogid = intRequestVar('blogid'); 5605 5606 $member->blogAdminRights($blogid) or $this->disallow(); 5607 5608 $blog =& $manager->getBlog($blogid); 5609 5610 $this->pagehead(); 5611 5612 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 5613 5614 echo '<h2>' . _BAN_TITLE . " '". $this->bloglink($blog) ."'</h2>"; 5615 5616 $query = 'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid.' ORDER BY iprange'; 5617 $template['content'] = 'banlist'; 5618 $amount = showlist($query,'table',$template); 5619 5620 if ($amount == 0) 5621 echo _BAN_NONE; 5622 5623 echo '<h2>'._BAN_NEW_TITLE.'</h2>'; 5624 echo "<p><a href='index.php?action=banlistnew&blogid=$blogid'>"._BAN_NEW_TEXT."</a></p>"; 5625 5626 5627 $this->pagefoot(); 5628 5629 } 5630 5631 /** 5632 * @todo document this 5633 */ 5634 function action_banlistdelete() { 5635 global $member, $manager; 5636 5637 $blogid = intRequestVar('blogid'); 5638 $iprange = requestVar('iprange'); 5639 5640 $member->blogAdminRights($blogid) or $this->disallow(); 5641 5642 $blog =& $manager->getBlog($blogid); 5643 $banBlogName = htmlspecialchars($blog->getName(), ENT_QUOTES); 5644 5645 $this->pagehead(); 5646 ?> 5647 <h2><?php echo _BAN_REMOVE_TITLE?></h2> 5648 5649 <form method="post" action="index.php"> 5650 5651 <h3><?php echo _BAN_IPRANGE?></h3> 5652 5653 <p> 5654 <?php echo _CONFIRMTXT_BAN?> <?php echo htmlspecialchars($iprange) ?> 5655 <input name="iprange" type="hidden" value="<?php echo htmlspecialchars($iprange)?>" /> 5656 </p> 5657 5658 <h3><?php echo _BAN_BLOGS?></h3> 5659 5660 <div> 5661 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 5662 <input name="allblogs" type="radio" value="0" id="allblogs_one" /> 5663 <label for="allblogs_one"><?php echo sprintf(_BAN_BANBLOGNAME, $banBlogName) ?></label> 5664 <br /> 5665 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label> 5666 </div> 5667 5668 <h3><?php echo _BAN_DELETE_TITLE?></h3> 5669 5670 <div> 5671 <?php $manager->addTicketHidden() ?> 5672 <input type="hidden" name="action" value="banlistdeleteconfirm" /> 5673 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 5674 </div> 5675 5676 </form> 5677 <?php 5678 $this->pagefoot(); 5679 } 5680 5681 /** 5682 * @todo document this 5683 */ 5684 function action_banlistdeleteconfirm() { 5685 global $member, $manager; 5686 5687 $blogid = intPostVar('blogid'); 5688 $allblogs = postVar('allblogs'); 5689 $iprange = postVar('iprange'); 5690 5691 $member->blogAdminRights($blogid) or $this->disallow(); 5692 5693 $deleted = array(); 5694 5695 if (!$allblogs) { 5696 if (BAN::removeBan($blogid, $iprange)) 5697 array_push($deleted, $blogid); 5698 } else { 5699 // get blogs fot which member has admin rights 5700 $adminblogs = $member->getAdminBlogs(); 5701 foreach ($adminblogs as $blogje) { 5702 if (BAN::removeBan($blogje, $iprange)) 5703 array_push($deleted, $blogje); 5704 } 5705 } 5706 5707 if (sizeof($deleted) == 0) 5708 $this->error(_ERROR_DELETEBAN); 5709 5710 $this->pagehead(); 5711 5712 echo '<a href="index.php?action=banlist&blogid=',$blogid,'">(',_BACK,')</a>'; 5713 echo '<h2>'._BAN_REMOVED_TITLE.'</h2>'; 5714 echo "<p>"._BAN_REMOVED_TEXT."</p>"; 5715 5716 echo "<ul>"; 5717 foreach ($deleted as $delblog) { 5718 $b =& $manager->getBlog($delblog); 5719 echo "<li>" . htmlspecialchars($b->getName()). "</li>"; 5720 } 5721 echo "</ul>"; 5722 5723 $this->pagefoot(); 5724 5725 } 5726 5727 /** 5728 * @todo document this 5729 */ 5730 function action_banlistnewfromitem() { 5731 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid'))); 5732 } 5733 5734 /** 5735 * @todo document this 5736 */ 5737 function action_banlistnew($blogid = '') { 5738 global $member, $manager; 5739 5740 if ($blogid == '') 5741 $blogid = intRequestVar('blogid'); 5742 5743 $ip = requestVar('ip'); 5744 5745 $member->blogAdminRights($blogid) or $this->disallow(); 5746 5747 $blog =& $manager->getBlog($blogid); 5748 5749 $this->pagehead(); 5750 ?> 5751 <h2><?php echo _BAN_ADD_TITLE?></h2> 5752 5753 5754 <form method="post" action="index.php"> 5755 5756 <h3><?php echo _BAN_IPRANGE?></h3> 5757 5758 <p><?php echo _BAN_IPRANGE_TEXT?></p> 5759 5760 <div class="note"> 5761 <strong><?php echo _BAN_EXAMPLE_TITLE ?></strong> 5762 <?php echo _BAN_EXAMPLE_TEXT ?> 5763 </div> 5764 5765 <div> 5766 <?php 5767 if ($ip) { 5768 $iprangeVal = htmlspecialchars($ip, ENT_QUOTES); 5769 ?> 5770 <input name="iprange" type="radio" value="<?php echo $iprangeVal ?>" checked="checked" id="ip_fixed" /> 5771 <label for="ip_fixed"><?php echo $iprangeVal ?></label> 5772 <br /> 5773 <input name="iprange" type="radio" value="custom" id="ip_custom" /> 5774 <label for="ip_custom"><?php echo _BAN_IP_CUSTOM ?></label> 5775 <input name='customiprange' value='<?php echo $iprangeVal ?>' maxlength='15' size='15' /> 5776 <?php 5777 } else { 5778 echo "<input name='iprange' value='custom' type='hidden' />"; 5779 echo "<input name='customiprange' value='' maxlength='15' size='15' />"; 5780 } 5781 ?> 5782 </div> 5783 5784 <h3><?php echo _BAN_BLOGS?></h3> 5785 5786 <p><?php echo _BAN_BLOGS_TEXT?></p> 5787 5788 <div> 5789 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 5790 <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">'<?php echo htmlspecialchars($blog->getName())?>'</label> 5791 <br /> 5792 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label> 5793 </div> 5794 5795 <h3><?php echo _BAN_REASON_TITLE?></h3> 5796 5797 <p><?php echo _BAN_REASON_TEXT?></p> 5798 5799 <div><textarea name="reason" cols="40" rows="5"></textarea></div> 5800 5801 <h3><?php echo _BAN_ADD_TITLE?></h3> 5802 5803 <div> 5804 <input name="action" type="hidden" value="banlistadd" /> 5805 <?php $manager->addTicketHidden() ?> 5806 <input type="submit" value="<?php echo _BAN_ADD_BTN?>" /> 5807 </div> 5808 5809 </form> 5810 5811 <?php $this->pagefoot(); 5812 } 5813 5814 /** 5815 * @todo document this 5816 */ 5817 function action_banlistadd() { 5818 global $member; 5819 5820 $blogid = intPostVar('blogid'); 5821 $allblogs = postVar('allblogs'); 5822 $iprange = postVar('iprange'); 5823 if ($iprange == "custom") 5824 $iprange = postVar('customiprange'); 5825 $reason = postVar('reason'); 5826 5827 $member->blogAdminRights($blogid) or $this->disallow(); 5828 5829 // TODO: check IP range validity 5830 5831 if (!$allblogs) { 5832 if (!BAN::addBan($blogid, $iprange, $reason)) 5833 $this->error(_ERROR_ADDBAN); 5834 } else { 5835 // get blogs fot which member has admin rights 5836 $adminblogs = $member->getAdminBlogs(); 5837 $failed = 0; 5838 foreach ($adminblogs as $blogje) { 5839 if (!BAN::addBan($blogje, $iprange, $reason)) 5840 $failed = 1; 5841 } 5842 if ($failed) 5843 $this->error(_ERROR_ADDBAN); 5844 } 5845 5846 $this->action_banlist(); 5847 5848 } 5849 5850 /** 5851 * @todo document this 5852 */ 5853 function action_clearactionlog() { 5854 global $member; 5855 5856 $member->isAdmin() or $this->disallow(); 5857 5858 ACTIONLOG::clear(); 5859 5860 $this->action_manage(_MSG_ACTIONLOGCLEARED); 5861 } 5862 5863 /** 5864 * @todo document this 5865 */ 5866 function action_backupoverview() { 5867 global $member, $manager; 5868 5869 $member->isAdmin() or $this->disallow(); 5870 5871 $this->pagehead(); 5872 5873 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 5874 ?> 5875 <h2><?php echo _BACKUPS_TITLE?></h2> 5876 5877 <h3><?php echo _BACKUP_TITLE?></h3> 5878 5879 <p><?php echo _BACKUP_INTRO?></p> 5880 5881 <form method="post" action="index.php"><p> 5882 <input type="hidden" name="action" value="backupcreate" /> 5883 <?php $manager->addTicketHidden() ?> 5884 5885 <input type="radio" name="gzip" value="1" checked="checked" id="gzip_yes" tabindex="10" /><label for="gzip_yes"><?php echo _BACKUP_ZIP_YES?></label> 5886 <br /> 5887 <input type="radio" name="gzip" value="0" id="gzip_no" tabindex="10" /><label for="gzip_no" ><?php echo _BACKUP_ZIP_NO?></label> 5888 <br /><br /> 5889 <input type="submit" value="<?php echo _BACKUP_BTN?>" tabindex="20" /> 5890 5891 </p></form> 5892 5893 <div class="note"><?php echo _BACKUP_NOTE?></div> 5894 5895 5896 <h3><?php echo _RESTORE_TITLE?></h3> 5897 5898 <div class="note"><?php echo _RESTORE_NOTE?></div> 5899 5900 <p><?php echo _RESTORE_INTRO?></p> 5901 5902 <form method="post" action="index.php" enctype="multipart/form-data"><p> 5903 <input type="hidden" name="action" value="backuprestore" /> 5904 <?php $manager->addTicketHidden() ?> 5905 <input name="backup_file" type="file" tabindex="30" /> 5906 <br /><br /> 5907 <input type="submit" value="<?php echo _RESTORE_BTN?>" tabindex="40" /> 5908 <br /><input type="checkbox" name="letsgo" value="1" id="letsgo" tabindex="50" /><label for="letsgo"><?php echo _RESTORE_IMSURE?></label> 5909 <br /><?php echo _RESTORE_WARNING?> 5910 </p></form> 5911 5912 <?php $this->pagefoot(); 5913 } 5914 5915 /** 5916 * @todo document this 5917 */ 5918 function action_backupcreate() { 5919 global $member, $DIR_LIBS; 5920 5921 $member->isAdmin() or $this->disallow(); 5922 5923 // use compression ? 5924 $useGzip = intval(postVar('gzip')); 5925 5926 include ($DIR_LIBS . 'backup.php'); 5927 5928 // try to extend time limit 5929 // (creating/restoring dumps might take a while) 5930 @set_time_limit(1200); 5931 5932 $bu = new Backup(); 5933 $bu->do_backup($useGzip); 5934 exit; 5935 } 5936 5937 /** 5938 * @todo document this 5939 */ 5940 function action_backuprestore() { 5941 global $member, $DIR_LIBS; 5942 5943 $member->isAdmin() or $this->disallow(); 5944 5945 if (intPostVar('letsgo') != 1) 5946 $this->error(_ERROR_BACKUP_NOTSURE); 5947 5948 include ($DIR_LIBS . 'backup.php'); 5949 5950 // try to extend time limit 5951 // (creating/restoring dumps might take a while) 5952 @set_time_limit(1200); 5953 5954 $bu = new Backup(); 5955 $message = $bu->do_restore(); 5956 if ($message != '') 5957 $this->error($message); 5958 5959 $this->pagehead(); 5960 ?> 5961 <h2><?php echo _RESTORE_COMPLETE?></h2> 5962 <?php $this->pagefoot(); 5963 5964 } 5965 5966 /** 5967 * @todo document this 5968 */ 5969 function action_pluginlist() { 5970 global $member, $manager; 5971 5972 // check if allowed 5973 $member->isAdmin() or $this->disallow(); 5974 5975 $this->pagehead(); 5976 5977 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 5978 5979 echo '<h2>' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '</h2>'; 5980 5981 echo '<h3>' , _PLUGS_TITLE_INSTALLED , ' <span style="font-size:smaller">', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, '</a></span></h3>'; 5982 5983 5984 $query = 'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC'; 5985 5986 $template['content'] = 'pluginlist'; 5987 $template['tabindex'] = 10; 5988 showlist($query, 'table', $template); 5989 5990 ?> 5991 <h3><?php echo _PLUGS_TITLE_UPDATE?></h3> 5992 5993 <p><?php echo _PLUGS_TEXT_UPDATE?></p> 5994 5995 <form method="post" action="index.php"><div> 5996 <input type="hidden" name="action" value="pluginupdate" /> 5997 <?php $manager->addTicketHidden() ?> 5998 <input type="submit" value="<?php echo _PLUGS_BTN_UPDATE ?>" tabindex="20" /> 5999 </div></form> 6000 6001 <h3><?php echo _PLUGS_TITLE_NEW?></h3> 6002 6003 <?php 6004 // find a list of possibly non-installed plugins 6005 $candidates = array(); 6006 6007 global $DIR_PLUGINS; 6008 6009 $dirhandle = opendir($DIR_PLUGINS); 6010 6011 while ($filename = readdir($dirhandle) ) 6012 { 6013 6014 # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 6015 # original ereg: ereg('^NP_(.*)\.php$',$filename,$matches) 6016 6017 if (preg_match('#^NP_(.*)\.php$#', $filename, $matches) ) 6018 { 6019 6020 $name = $matches[1]; 6021 // only show in list when not yet installed 6022 $res = sql_query('SELECT * FROM ' . sql_table('plugin') . ' WHERE `pfile` = "NP_' . sql_real_escape_string($name) . '"'); 6023 6024 if (sql_num_rows($res) == 0) 6025 { 6026 array_push($candidates, $name); 6027 } 6028 6029 } 6030 6031 } 6032 6033 closedir($dirhandle); 6034 6035 if (sizeof($candidates) > 0) 6036 { 6037 ?> 6038 <p><?php echo _PLUGS_ADD_TEXT?></p> 6039 6040 <form method='post' action='index.php'><div> 6041 <input type='hidden' name='action' value='pluginadd' /> 6042 <?php $manager->addTicketHidden() ?> 6043 <select name="filename" tabindex="30"> 6044 <?php 6045 foreach($candidates as $name) 6046 { 6047 echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>'; 6048 } 6049 ?> 6050 </select> 6051 <input type='submit' tabindex="40" value='<?php echo _PLUGS_BTN_INSTALL?>' /> 6052 </div></form> 6053 6054 <?php 6055 } 6056 else 6057 { 6058 echo '<p>', _PLUGS_NOCANDIDATES, '</p>'; 6059 } 6060 6061 $this->pagefoot(); 6062 6063 } 6064 6065 /** 6066 * @todo document this 6067 */ 6068 function action_pluginhelp() { 6069 global $member, $manager, $DIR_PLUGINS, $CONF; 6070 6071 // check if allowed 6072 $member->isAdmin() or $this->disallow(); 6073 6074 $plugid = intGetVar('plugid'); 6075 6076 if (!$manager->pidInstalled($plugid)) 6077 $this->error(_ERROR_NOSUCHPLUGIN); 6078 6079 $plugName = getPluginNameFromPid($plugid); 6080 6081 $this->pagehead(); 6082 6083 echo '<p><a href="index.php?action=pluginlist">(',_PLUGS_BACK,')</a></p>'; 6084 6085 echo '<h2>',_PLUGS_HELP_TITLE,': ',htmlspecialchars($plugName),'</h2>'; 6086 6087 $plug =& $manager->getPlugin($plugName); 6088 $helpFile = $DIR_PLUGINS.$plug->getShortName().'/help.html'; 6089 6090 if (($plug->supportsFeature('HelpPage') > 0) && (@file_exists($helpFile))) { 6091 @readfile($helpFile); 6092 } else { 6093 echo '<p>Error: ', _ERROR_PLUGNOHELPFILE,'</p>'; 6094 echo '<p><a href="index.php?action=pluginlist">(',_BACK,')</a></p>'; 6095 } 6096 6097 6098 $this->pagefoot(); 6099 } 6100 6101 /** 6102 * @todo document this 6103 */ 6104 function action_pluginadd() { 6105 global $member, $manager, $DIR_PLUGINS; 6106 6107 // check if allowed 6108 $member->isAdmin() or $this->disallow(); 6109 6110 $name = postVar('filename'); 6111 6112 if ($manager->pluginInstalled($name)) 6113 $this->error(_ERROR_DUPPLUGIN); 6114 if (!checkPlugin($name)) 6115 $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')'); 6116 6117 // get number of currently installed plugins 6118 $res = sql_query('SELECT * FROM '.sql_table('plugin')); 6119 $numCurrent = sql_num_rows($res); 6120 6121 // plugin will be added as last one in the list 6122 $newOrder = $numCurrent + 1; 6123 6124 $manager->notify( 6125 'PreAddPlugin', 6126 array( 6127 'file' => &$name 6128 ) 6129 ); 6130 6131 // do this before calling getPlugin (in case the plugin id is used there) 6132 $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")'; 6133 sql_query($query); 6134 $iPid = sql_insert_id(); 6135 6136 $manager->clearCachedInfo('installedPlugins'); 6137 6138 // Load the plugin for condition checking and instalation 6139 $plugin =& $manager->getPlugin($name); 6140 6141 // check if it got loaded (could have failed) 6142 if (!$plugin) 6143 { 6144 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid)); 6145 $manager->clearCachedInfo('installedPlugins'); 6146 $this->error(_ERROR_PLUGIN_LOAD); 6147 } 6148 6149 // check if plugin needs a newer Nucleus version 6150 if (getNucleusVersion() < $plugin->getMinNucleusVersion()) 6151 { 6152 // uninstall plugin again... 6153 $this->deleteOnePlugin($plugin->getID()); 6154 6155 // ...and show error 6156 $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion())); 6157 } 6158 6159 // check if plugin needs a newer Nucleus version 6160 if ((getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel())) 6161 { 6162 // uninstall plugin again... 6163 $this->deleteOnePlugin($plugin->getID()); 6164 6165 // ...and show error 6166 $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) ); 6167 } 6168 6169 $pluginList = $plugin->getPluginDep(); 6170 foreach ($pluginList as $pluginName) 6171 { 6172 6173 $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"'); 6174 if (sql_num_rows($res) == 0) 6175 { 6176 // uninstall plugin again... 6177 $this->deleteOnePlugin($plugin->getID()); 6178 6179 $this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES))); 6180 } 6181 } 6182 6183 // call the install method of the plugin 6184 $plugin->install(); 6185 6186 $manager->notify( 6187 'PostAddPlugin', 6188 array( 6189 'plugin' => &$plugin 6190 ) 6191 ); 6192 6193 // update all events 6194 $this->action_pluginupdate(); 6195 } 6196 6197 /** 6198 * @todo document this 6199 */ 6200 function action_pluginupdate() { 6201 global $member, $manager, $CONF; 6202 6203 // check if allowed 6204 $member->isAdmin() or $this->disallow(); 6205 6206 // delete everything from plugin_events 6207 sql_query('DELETE FROM '.sql_table('plugin_event')); 6208 6209 // loop over all installed plugins 6210 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin')); 6211 while($o = sql_fetch_object($res)) { 6212 $pid = $o->pid; 6213 $plug =& $manager->getPlugin($o->pfile); 6214 if ($plug) 6215 { 6216 $eventList = $plug->getEventList(); 6217 foreach ($eventList as $eventName) 6218 sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.sql_real_escape_string($eventName).'\')'); 6219 } 6220 } 6221 6222 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6223 // $this->action_pluginlist(); 6224 } 6225 6226 /** 6227 * @todo document this 6228 */ 6229 function action_plugindelete() { 6230 global $member, $manager; 6231 6232 // check if allowed 6233 $member->isAdmin() or $this->disallow(); 6234 6235 $pid = intGetVar('plugid'); 6236 6237 if (!$manager->pidInstalled($pid)) 6238 $this->error(_ERROR_NOSUCHPLUGIN); 6239 6240 $this->pagehead(); 6241 ?> 6242 <h2><?php echo _DELETE_CONFIRM?></h2> 6243 6244 <p><?php echo _CONFIRMTXT_PLUGIN?> <strong><?php echo getPluginNameFromPid($pid)?></strong>?</p> 6245 6246 <form method="post" action="index.php"><div> 6247 <?php $manager->addTicketHidden() ?> 6248 <input type="hidden" name="action" value="plugindeleteconfirm" /> 6249 <input type="hidden" name="plugid" value="<?php echo $pid; ?>" /> 6250 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 6251 </div></form> 6252 <?php 6253 $this->pagefoot(); 6254 } 6255 6256 /** 6257 * @todo document this 6258 */ 6259 function action_plugindeleteconfirm() { 6260 global $member, $manager, $CONF; 6261 6262 // check if allowed 6263 $member->isAdmin() or $this->disallow(); 6264 6265 $pid = intPostVar('plugid'); 6266 6267 $error = $this->deleteOnePlugin($pid, 1); 6268 if ($error) { 6269 $this->error($error); 6270 } 6271 6272 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6273 // $this->action_pluginlist(); 6274 } 6275 6276 /** 6277 * @todo document this 6278 */ 6279 function deleteOnePlugin($pid, $callUninstall = 0) { 6280 global $manager; 6281 6282 $pid = intval($pid); 6283 6284 if (!$manager->pidInstalled($pid)) 6285 return _ERROR_NOSUCHPLUGIN; 6286 6287 $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid); 6288 6289 /* // call the unInstall method of the plugin 6290 if ($callUninstall) { 6291 $plugin =& $manager->getPlugin($name); 6292 if ($plugin) $plugin->unInstall(); 6293 }*/ 6294 6295 // check dependency before delete 6296 $res = sql_query('SELECT pfile FROM '.sql_table('plugin')); 6297 while($o = sql_fetch_object($res)) { 6298 $plug =& $manager->getPlugin($o->pfile); 6299 if ($plug) 6300 { 6301 $depList = $plug->getPluginDep(); 6302 foreach ($depList as $depName) 6303 { 6304 if ($name == $depName) 6305 { 6306 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile); 6307 } 6308 } 6309 } 6310 } 6311 6312 $manager->notify('PreDeletePlugin', array('plugid' => $pid)); 6313 6314 // call the unInstall method of the plugin 6315 if ($callUninstall) { 6316 $plugin =& $manager->getPlugin($name); 6317 if ($plugin) $plugin->unInstall(); 6318 } 6319 6320 // delete all subscriptions 6321 sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid); 6322 6323 // delete all options 6324 // get OIDs from plugin_option_desc 6325 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); 6326 $aOIDs = array(); 6327 while ($o = sql_fetch_object($res)) { 6328 array_push($aOIDs, $o->oid); 6329 } 6330 6331 // delete from plugin_option and plugin_option_desc 6332 sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid); 6333 if (count($aOIDs) > 0) 6334 sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')'); 6335 6336 // update order numbers 6337 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid); 6338 $o = sql_fetch_object($res); 6339 sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder); 6340 6341 // delete row 6342 sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid); 6343 6344 $manager->clearCachedInfo('installedPlugins'); 6345 $manager->notify('PostDeletePlugin', array('plugid' => $pid)); 6346 6347 return ''; 6348 } 6349 6350 /** 6351 * @todo document this 6352 */ 6353 function action_pluginup() { 6354 global $member, $manager, $CONF; 6355 6356 // check if allowed 6357 $member->isAdmin() or $this->disallow(); 6358 6359 $plugid = intGetVar('plugid'); 6360 6361 if (!$manager->pidInstalled($plugid)) 6362 $this->error(_ERROR_NOSUCHPLUGIN); 6363 6364 // 1. get old order number 6365 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); 6366 $o = sql_fetch_object($res); 6367 $oldOrder = $o->porder; 6368 6369 // 2. calculate new order number 6370 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; 6371 6372 // 3. update plug numbers 6373 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); 6374 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); 6375 6376 //$this->action_pluginlist(); 6377 // To avoid showing ticket in the URL, redirect to pluginlist, instead. 6378 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6379 } 6380 6381 /** 6382 * @todo document this 6383 */ 6384 function action_plugindown() { 6385 global $member, $manager, $CONF; 6386 6387 // check if allowed 6388 $member->isAdmin() or $this->disallow(); 6389 6390 $plugid = intGetVar('plugid'); 6391 if (!$manager->pidInstalled($plugid)) 6392 $this->error(_ERROR_NOSUCHPLUGIN); 6393 6394 // 1. get old order number 6395 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); 6396 $o = sql_fetch_object($res); 6397 $oldOrder = $o->porder; 6398 6399 $res = sql_query('SELECT * FROM '.sql_table('plugin')); 6400 $maxOrder = sql_num_rows($res); 6401 6402 // 2. calculate new order number 6403 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; 6404 6405 // 3. update plug numbers 6406 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); 6407 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); 6408 6409 //$this->action_pluginlist(); 6410 // To avoid showing ticket in the URL, redirect to pluginlist, instead. 6411 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6412 } 6413 6414 /** 6415 * @todo document this 6416 */ 6417 function action_pluginoptions($message = '') { 6418 global $member, $manager; 6419 6420 // check if allowed 6421 $member->isAdmin() or $this->disallow(); 6422 6423 $pid = intRequestVar('plugid'); 6424 if (!$manager->pidInstalled($pid)) 6425 $this->error(_ERROR_NOSUCHPLUGIN); 6426 6427 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 6428 $pluginName = htmlspecialchars(getPluginNameFromPid($pid), ENT_QUOTES); 6429 $this->pagehead($extrahead); 6430 6431 ?> 6432 <p><a href="index.php?action=pluginlist">(<?php echo _PLUGS_BACK?>)</a></p> 6433 6434 <h2><?php echo sprintf(_PLUGIN_OPTIONS_TITLE, $pluginName) ?></h2> 6435 6436 <?php if ($message) echo $message?> 6437 6438 <form action="index.php" method="post"> 6439 <div> 6440 <input type="hidden" name="action" value="pluginoptionsupdate" /> 6441 <input type="hidden" name="plugid" value="<?php echo $pid?>" /> 6442 6443 <?php 6444 6445 $manager->addTicketHidden(); 6446 6447 $aOptions = array(); 6448 $aOIDs = array(); 6449 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC'; 6450 $r = sql_query($query); 6451 while ($o = sql_fetch_object($r)) { 6452 array_push($aOIDs, $o->oid); 6453 $aOptions[$o->oid] = array( 6454 'oid' => $o->oid, 6455 'value' => $o->odef, 6456 'name' => $o->oname, 6457 'description' => $o->odesc, 6458 'type' => $o->otype, 6459 'typeinfo' => $o->oextra, 6460 'contextid' => 0 6461 ); 6462 } 6463 // fill out actual values 6464 if (count($aOIDs) > 0) { 6465 $r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')'); 6466 while ($o = sql_fetch_object($r)) 6467 $aOptions[$o->oid]['value'] = $o->ovalue; 6468 } 6469 6470 // call plugins 6471 $manager->notify('PrePluginOptionsEdit',array('context' => 'global', 'plugid' => $pid, 'options'=>&$aOptions)); 6472 6473 $template['content'] = 'plugoptionlist'; 6474 $amount = showlist($aOptions,'table',$template); 6475 if ($amount == 0) 6476 echo '<p>',_ERROR_NOPLUGOPTIONS,'</p>'; 6477 6478 ?> 6479 </div> 6480 </form> 6481 <?php $this->pagefoot(); 6482 6483 6484 6485 } 6486 6487 /** 6488 * @todo document this 6489 */ 6490 function action_pluginoptionsupdate() { 6491 global $member, $manager; 6492 6493 // check if allowed 6494 $member->isAdmin() or $this->disallow(); 6495 6496 $pid = intRequestVar('plugid'); 6497 if (!$manager->pidInstalled($pid)) 6498 $this->error(_ERROR_NOSUCHPLUGIN); 6499 6500 $aOptions = requestArray('plugoption'); 6501 NucleusPlugin::_applyPluginOptions($aOptions); 6502 6503 $manager->notify('PostPluginOptionsUpdate',array('context' => 'global', 'plugid' => $pid)); 6504 6505 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED); 6506 } 6507 6508 /** 6509 * @static 6510 * @todo document this 6511 */ 6512 function _insertPluginOptions($context, $contextid = 0) { 6513 // get all current values for this contextid 6514 // (note: this might contain doubles for overlapping contextids) 6515 $aIdToValue = array(); 6516 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid)); 6517 while ($o = sql_fetch_object($res)) { 6518 $aIdToValue[$o->oid] = $o->ovalue; 6519 } 6520 6521 // get list of oids per pid 6522 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin') 6523 . ' WHERE opid=pid and ocontext=\''.sql_real_escape_string($context).'\' ORDER BY porder, oid ASC'; 6524 $res = sql_query($query); 6525 $aOptions = array(); 6526 while ($o = sql_fetch_object($res)) { 6527 if (in_array($o->oid, array_keys($aIdToValue))) 6528 $value = $aIdToValue[$o->oid]; 6529 else 6530 $value = $o->odef; 6531 6532 array_push($aOptions, array( 6533 'pid' => $o->pid, 6534 'pfile' => $o->pfile, 6535 'oid' => $o->oid, 6536 'value' => $value, 6537 'name' => $o->oname, 6538 'description' => $o->odesc, 6539 'type' => $o->otype, 6540 'typeinfo' => $o->oextra, 6541 'contextid' => $contextid, 6542 'extra' => '' 6543 )); 6544 } 6545 6546 global $manager; 6547 $manager->notify('PrePluginOptionsEdit',array('context' => $context, 'contextid' => $contextid, 'options'=>&$aOptions)); 6548 6549 6550 $iPrevPid = -1; 6551 foreach ($aOptions as $aOption) { 6552 6553 // new plugin? 6554 if ($iPrevPid != $aOption['pid']) { 6555 $iPrevPid = $aOption['pid']; 6556 if (!defined('_PLUGIN_OPTIONS_TITLE')) { 6557 define('_PLUGIN_OPTIONS_TITLE', 'Options for %s'); 6558 } 6559 echo '<tr><th colspan="2">'.sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)).'</th></tr>'; 6560 } 6561 6562 $meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']); 6563 if (@$meta['access'] != 'hidden') { 6564 echo '<tr>'; 6565 listplug_plugOptionRow($aOption); 6566 echo '</tr>'; 6567 } 6568 6569 } 6570 6571 6572 } 6573 6574 /** 6575 * Helper functions to create option forms etc. 6576 * @todo document parameters 6577 */ 6578 function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO, $isAdmin = 0) { 6579 $id = htmlspecialchars($name); 6580 $id = str_replace('[','-',$id); 6581 $id = str_replace(']','-',$id); 6582 $id1 = $id . htmlspecialchars($value1); 6583 $id2 = $id . htmlspecialchars($value2); 6584 6585 if ($name=="admin") { 6586 echo '<input onclick="selectCanLogin(true);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" '; 6587 } else { 6588 echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" '; 6589 } 6590 6591 if ($checkedval == $value1) 6592 echo "tabindex='$tabindex' checked='checked'"; 6593 echo ' id="'.$id1.'" /><label for="'.$id1.'">' . $yesval . '</label>'; 6594 echo ' '; 6595 if ($name=="admin") { 6596 echo '<input onclick="selectCanLogin(false);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" '; 6597 } else { 6598 echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" '; 6599 } 6600 if ($checkedval != $value1) 6601 echo "tabindex='$tabindex' checked='checked'"; 6602 if ($isAdmin && $name=="canlogin") 6603 echo ' disabled="disabled"'; 6604 echo ' id="'.$id2.'" /><label for="'.$id2.'">' . $noval . '</label>'; 6605 } 6606 6607 } // class ADMIN 6608 6609 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon May 2 16:14:08 2011 | Cross-referenced by PHPXref 0.7.1 |