| [ Index ] |
PHP Cross Reference of Nucleus CMS v3.51 code documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 5 * Copyright (C) 2002-2009 The Nucleus Group 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 2 10 * of the License, or (at your option) any later version. 11 * (see nucleus/documentation/index.html#license for more info) 12 */ 13 /** 14 * Actions that can be called via action.php 15 * 16 * @license http://nucleuscms.org/license.txt GNU General Public License 17 * @copyright Copyright (C) 2002-2009 The Nucleus Group 18 * @version $Id: ACTION.php 1378 2009-07-10 14:03:01Z shizuki $ 19 */ 20 class ACTION 21 { 22 /** 23 * Constructor for an new ACTION object 24 */ 25 function ACTION() 26 { 27 // do nothing 28 } 29 30 /** 31 * Calls functions that handle an action called from action.php 32 */ 33 function doAction($action) 34 { 35 switch($action) { 36 case 'autodraft': 37 return $this->autoDraft(); 38 break; 39 case 'updateticket': 40 return $this->updateTicket(); 41 break; 42 case 'addcomment': 43 return $this->addComment(); 44 break; 45 case 'sendmessage': 46 return $this->sendMessage(); 47 break; 48 case 'createaccount': 49 return $this->createAccount(); 50 break; 51 case 'forgotpassword': 52 return $this->forgotPassword(); 53 break; 54 case 'votepositive': 55 return $this->doKarma('pos'); 56 break; 57 case 'votenegative': 58 return $this->doKarma('neg'); 59 break; 60 case 'plugin': 61 return $this->callPlugin(); 62 break; 63 default: 64 doError(_ERROR_BADACTION); 65 } 66 } 67 68 /** 69 * Adds a new comment to an item (if IP isn't banned) 70 */ 71 function addComment() { 72 global $CONF, $errormessage, $manager; 73 74 $post['itemid'] = intPostVar('itemid'); 75 $post['user'] = postVar('user'); 76 $post['userid'] = postVar('userid'); 77 $post['email'] = postVar('email'); 78 $post['body'] = postVar('body'); 79 80 // set cookies when required 81 $remember = intPostVar('remember'); 82 if ($remember == 1) { 83 $lifetime = time()+2592000; 84 setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0); 85 setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0); 86 setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime,'/','',0); 87 } 88 89 $comments = new COMMENTS($post['itemid']); 90 91 $blogid = getBlogIDFromItemID($post['itemid']); 92 $this->checkban($blogid); 93 $blog =& $manager->getBlog($blogid); 94 95 // note: PreAddComment and PostAddComment gets called somewhere inside addComment 96 $errormessage = $comments->addComment($blog->getCorrectTime(),$post); 97 98 if ($errormessage == '1') { 99 // redirect when adding comments succeeded 100 if (postVar('url')) { 101 redirect(postVar('url')); 102 } else { 103 $url = createItemLink($post['itemid']); 104 redirect($url); 105 } 106 } else { 107 // else, show error message using default skin for blog 108 return array( 109 'message' => $errormessage, 110 'skinid' => $blog->getDefaultSkin() 111 ); 112 } 113 114 exit; 115 } 116 117 /** 118 * Sends a message from the current member to the member given as argument 119 */ 120 function sendMessage() { 121 global $CONF, $member; 122 123 $error = $this->validateMessage(); 124 if ($error != '') 125 return array('message' => $error); 126 127 if (!$member->isLoggedIn()) { 128 $fromMail = postVar('frommail'); 129 $fromName = _MMAIL_FROMANON; 130 } else { 131 $fromMail = $member->getEmail(); 132 $fromName = $member->getDisplayName(); 133 } 134 135 $tomem = new MEMBER(); 136 $tomem->readFromId(postVar('memberid')); 137 138 $message = _MMAIL_MSG . ' ' . $fromName . "\n" 139 . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n" 140 . _MMAIL_MAIL . " \n\n" 141 . postVar('message'); 142 $message .= getMailFooter(); 143 144 $title = _MMAIL_TITLE . ' ' . $fromName; 145 mail($tomem->getEmail(), $title, $message, 'From: '. $fromMail); 146 147 if (postVar('url')) { 148 redirect(postVar('url')); 149 } else { 150 $CONF['MemberURL'] = $CONF['IndexURL']; 151 if ($CONF['URLMode'] == 'pathinfo') 152 { 153 $url = createLink('member', array('memberid' => $tomem->getID(), 'name' => $tomem->getDisplayName())); 154 } 155 else 156 { 157 $url = $CONF['IndexURL'] . createMemberLink($tomem->getID()); 158 } 159 redirect($url); 160 } 161 exit; 162 } 163 164 /** 165 * Checks if a mail to a member is allowed 166 * Returns a string with the error message if the mail is disallowed 167 */ 168 function validateMessage() { 169 global $CONF, $member, $manager; 170 171 if (!$CONF['AllowMemberMail']) 172 return _ERROR_MEMBERMAILDISABLED; 173 174 if (!$member->isLoggedIn() && !$CONF['NonmemberMail']) 175 return _ERROR_DISALLOWED; 176 177 if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail')))) 178 return _ERROR_BADMAILADDRESS; 179 180 // let plugins do verification (any plugin which thinks the comment is invalid 181 // can change 'error' to something other than '') 182 $result = ''; 183 $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result)); 184 185 return $result; 186 187 } 188 189 /** 190 * Creates a new user account 191 */ 192 function createAccount() { 193 global $CONF, $manager; 194 195 if (!$CONF['AllowMemberCreate']) 196 doError(_ERROR_MEMBERCREATEDISABLED); 197 198 // evaluate content from FormExtra 199 $result = 1; 200 $data = array('type' => 'membermail', 'error' => &$result); 201 $manager->notify('ValidateForm', &$data); 202 203 if ($result!=1) { 204 return $result; 205 } 206 else { 207 208 // even though the member can not log in, set some random initial password. One never knows. 209 srand((double)microtime()*1000000); 210 $initialPwd = md5(uniqid(rand(), true)); 211 212 // create member (non admin/can not login/no notes/random string as password) 213 $name = shorten(postVar('name'),32,''); 214 $r = MEMBER::create($name, postVar('realname'), $initialPwd, postVar('email'), postVar('url'), 0, 0, ''); 215 216 if ($r != 1) { 217 return $r; 218 } 219 220 // send message containing password. 221 $newmem = new MEMBER(); 222 $newmem->readFromName($name); 223 $newmem->sendActivationLink('register'); 224 225 $manager->notify('PostRegister',array('member' => &$newmem)); 226 227 if (postVar('desturl')) { 228 redirect(postVar('desturl')); 229 } else { 230 echo _MSG_ACTIVATION_SENT; 231 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>'; 232 echo "\n</body>\n</html>"; 233 } 234 exit; 235 } 236 } 237 238 /** 239 * Sends a new password 240 */ 241 function forgotPassword() { 242 $membername = trim(postVar('name')); 243 244 if (!MEMBER::exists($membername)) 245 doError(_ERROR_NOSUCHMEMBER); 246 $mem = MEMBER::createFromName($membername); 247 248 /* below keeps regular users from resetting passwords using forgot password feature 249 Removing for now until clear why it is required.*/ 250 /*if (!$mem->canLogin()) 251 doError(_ERROR_NOLOGON_NOACTIVATE);*/ 252 253 // check if e-mail address is correct 254 if (!($mem->getEmail() == postVar('email'))) 255 doError(_ERROR_INCORRECTEMAIL); 256 257 // send activation link 258 $mem->sendActivationLink('forgot'); 259 260 if (postVar('url')) { 261 redirect(postVar('url')); 262 } else { 263 echo _MSG_ACTIVATION_SENT; 264 echo '<br /><br />Return to <a href="'.$CONF['IndexURL'].'" title="'.$CONF['SiteName'].'">'.$CONF['SiteName'].'</a>'; 265 } 266 exit; 267 } 268 269 /** 270 * Handle karma votes 271 */ 272 function doKarma($type) { 273 global $itemid, $member, $CONF, $manager; 274 275 // check if itemid exists 276 if (!$manager->existsItem($itemid,0,0)) 277 doError(_ERROR_NOSUCHITEM); 278 279 $blogid = getBlogIDFromItemID($itemid); 280 $this->checkban($blogid); 281 282 $karma =& $manager->getKarma($itemid); 283 284 // check if not already voted 285 if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) 286 doError(_ERROR_VOTEDBEFORE); 287 288 // check if item does allow voting 289 $item =& $manager->getItem($itemid,0,0); 290 if ($item['closed']) 291 doError(_ERROR_ITEMCLOSED); 292 293 switch($type) { 294 case 'pos': 295 $karma->votePositive(); 296 break; 297 case 'neg': 298 $karma->voteNegative(); 299 break; 300 } 301 302 // $blogid = getBlogIDFromItemID($itemid); 303 $blog =& $manager->getBlog($blogid); 304 305 // send email to notification address, if any 306 if ($blog->getNotifyAddress() && $blog->notifyOnVote()) { 307 308 $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n"; 309 // if ($CONF['URLMode'] == 'pathinfo') { 310 // $itemLink = createItemLink(intval($itemid)); 311 // } else { 312 // $itemLink = $CONF['IndexURL'] . createItemLink(intval($itemid)); 313 // } 314 // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n"; 315 $itemLink = createItemLink(intval($itemid)); 316 $temp = parse_url($itemLink); 317 if (!$temp['scheme']) { 318 $itemLink = $CONF['IndexURL'] . $itemLink; 319 } 320 $mailto_msg .= $itemLink . "\n\n"; 321 if ($member->isLoggedIn()) { 322 $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; 323 } 324 $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n"; 325 $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n"; 326 $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n"; 327 $mailto_msg .= getMailFooter(); 328 329 $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')'; 330 331 $frommail = $member->getNotifyFromMailAddress(); 332 333 $notify = new NOTIFICATION($blog->getNotifyAddress()); 334 $notify->notify($mailto_title, $mailto_msg , $frommail); 335 } 336 337 338 $refererUrl = serverVar('HTTP_REFERER'); 339 if ($refererUrl) { 340 $url = $refererUrl; 341 } else { 342 // $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid; 343 $url = $itemLink; 344 } 345 redirect($url); 346 exit; 347 } 348 349 /** 350 * Calls a plugin action 351 */ 352 function callPlugin() { 353 global $manager; 354 355 $pluginName = 'NP_' . requestVar('name'); 356 $actionType = requestVar('type'); 357 358 // 1: check if plugin is installed 359 if (!$manager->pluginInstalled($pluginName)) 360 doError(_ERROR_NOSUCHPLUGIN); 361 362 // 2: call plugin 363 $pluginObject =& $manager->getPlugin($pluginName); 364 if ($pluginObject) 365 $error = $pluginObject->doAction($actionType); 366 else 367 $error = 'Could not load plugin (see actionlog)'; 368 369 // doAction returns error when: 370 // - an error occurred (duh) 371 // - no actions are allowed (doAction is not implemented) 372 if ($error) 373 doError($error); 374 375 exit; 376 377 } 378 379 /** 380 * Checks if an IP or IP range is banned 381 */ 382 function checkban($blogid) { 383 // check if banned 384 $ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR')); 385 if ($ban != 0) { 386 doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3); 387 } 388 389 } 390 391 /** 392 * Gets a new ticket 393 */ 394 function updateTicket() { 395 global $manager; 396 if ($manager->checkTicket()) { 397 echo $manager->getNewTicket(); 398 } 399 else { 400 echo _ERROR . ':' . _ERROR_BADTICKET; 401 } 402 return false; 403 } 404 405 /** 406 * Handles AutoSaveDraft 407 */ 408 function autoDraft() { 409 global $manager; 410 if ($manager->checkTicket()) { 411 $manager->loadClass('ITEM'); 412 $info = ITEM::createDraftFromRequest(); 413 if ($info['status'] == 'error') { 414 echo $info['message']; 415 } 416 else { 417 echo $info['draftid']; 418 } 419 } 420 else { 421 echo _ERROR . ':' . _ERROR_BADTICKET; 422 } 423 return false; 424 } 425 426 427 } 428 429 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Aug 1 03:56:06 2010 |