| [ Index ] |
PHP Cross Reference of Nucleus CMS v3.51 code documentation |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 4 * Copyright (C) 2002-2009 The Nucleus Group 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 * (see nucleus/documentation/index.html#license for more info) 11 */ 12 /** 13 * The code for the Nucleus admin area 14 * 15 * @license http://nucleuscms.org/license.txt GNU General Public License 16 * @copyright Copyright (C) 2002-2009 The Nucleus Group 17 * @version $Id: ADMIN.php 1416 2009-09-24 15:58:08Z ftruscot $ 18 19 */ 20 21 if ( !function_exists('requestVar') ) exit; 22 require_once dirname(__FILE__) . '/showlist.php'; 23 24 /** 25 * Builds the admin area and executes admin actions 26 */ 27 class ADMIN { 28 29 /** 30 * @var string $action action currently being executed ($action=xxxx -> action_xxxx method) 31 */ 32 var $action; 33 34 /** 35 * Class constructor 36 */ 37 function ADMIN() { 38 39 } 40 41 /** 42 * Executes an action 43 * 44 * @param string $action action to be performed 45 */ 46 function action($action) { 47 global $CONF, $manager; 48 49 // list of action aliases 50 $alias = array( 51 'login' => 'overview', 52 '' => 'overview' 53 ); 54 55 if (isset($alias[$action])) 56 $action = $alias[$action]; 57 58 $methodName = 'action_' . $action; 59 60 $this->action = strtolower($action); 61 62 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action 63 // is an action that requires user interaction before something is actually done) 64 // all safe actions are in this array: 65 $aActionsNotToCheck = array( 66 'showlogin', 67 'login', 68 'overview', 69 'itemlist', 70 'blogcommentlist', 71 'bookmarklet', 72 'blogsettings', 73 'banlist', 74 'deleteblog', 75 'editmembersettings', 76 'browseownitems', 77 'browseowncomments', 78 'createitem', 79 'itemedit', 80 'itemmove', 81 'categoryedit', 82 'categorydelete', 83 'manage', 84 'actionlog', 85 'settingsedit', 86 'backupoverview', 87 'pluginlist', 88 'createnewlog', 89 'usermanagement', 90 'skinoverview', 91 'templateoverview', 92 'skinieoverview', 93 'itemcommentlist', 94 'commentedit', 95 'commentdelete', 96 'banlistnewfromitem', 97 'banlistdelete', 98 'itemdelete', 99 'manageteam', 100 'teamdelete', 101 'banlistnew', 102 'memberedit', 103 'memberdelete', 104 'pluginhelp', 105 'pluginoptions', 106 'plugindelete', 107 'skinedittype', 108 'skinremovetype', 109 'skindelete', 110 'skinedit', 111 'templateedit', 112 'templatedelete', 113 'activate', 114 'systemoverview' 115 ); 116 /* 117 // the rest of the actions needs to be checked 118 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd'); 119 */ 120 if (!in_array($this->action, $aActionsNotToCheck)) 121 { 122 if (!$manager->checkTicket()) 123 $this->error(_ERROR_BADTICKET); 124 } 125 126 if (method_exists($this, $methodName)) 127 call_user_func(array(&$this, $methodName)); 128 else 129 $this->error(_BADACTION . htmlspecialchars(" ($action)")); 130 131 } 132 133 /** 134 * @todo document this 135 */ 136 function action_showlogin() { 137 global $error; 138 $this->action_login($error); 139 } 140 141 /** 142 * @todo document this 143 */ 144 function action_login($msg = '', $passvars = 1) { 145 global $member; 146 147 // skip to overview when allowed 148 if ($member->isLoggedIn() && $member->canLogin()) { 149 $this->action_overview(); 150 exit; 151 } 152 153 $this->pagehead(); 154 155 echo '<h2>', _LOGIN ,'</h2>'; 156 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg); 157 ?> 158 159 <form action="index.php" method="post"><p> 160 <?php echo _LOGIN_NAME; ?> <br /><input name="login" tabindex="10" /> 161 <br /> 162 <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password" tabindex="20" type="password" /> 163 <br /> 164 <input name="action" value="login" type="hidden" /> 165 <br /> 166 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" /> 167 <br /> 168 <small> 169 <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label> 170 <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a> 171 </small> 172 <?php // pass through vars 173 174 $oldaction = postVar('oldaction'); 175 if ( ($oldaction != 'logout') && ($oldaction != 'login') && $passvars ) { 176 passRequestVars(); 177 } 178 179 180 ?> 181 </p></form> 182 <?php $this->pagefoot(); 183 } 184 185 186 /** 187 * provides a screen with the overview of the actions available 188 * @todo document parameter 189 */ 190 function action_overview($msg = '') { 191 global $member; 192 193 $this->pagehead(); 194 195 if ($msg) 196 echo _MESSAGE , ': ', $msg; 197 198 /* ---- add items ---- */ 199 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>'; 200 201 $showAll = requestVar('showall'); 202 203 if (($member->isAdmin()) && ($showAll == 'yes')) { 204 // Super-Admins have access to all blogs! (no add item support though) 205 $query = 'SELECT bnumber, bname, 1 as tadmin, burl, bshortname' 206 . ' FROM ' . sql_table('blog') 207 . ' ORDER BY bname'; 208 } else { 209 $query = 'SELECT bnumber, bname, tadmin, burl, bshortname' 210 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') 211 . ' WHERE tblog=bnumber and tmember=' . $member->getID() 212 . ' ORDER BY bname'; 213 } 214 $template['content'] = 'bloglist'; 215 $template['superadmin'] = $member->isAdmin(); 216 $amount = showlist($query,'table',$template); 217 218 if (($showAll != 'yes') && ($member->isAdmin())) { 219 $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog')); 220 if ($total > $amount) 221 echo '<p><a href="index.php?action=overview&showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>'; 222 } 223 224 if ($amount == 0) 225 echo _OVERVIEW_NOBLOGS; 226 227 if ($amount != 0) { 228 echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>'; 229 $query = 'SELECT ititle, inumber, bshortname' 230 . ' FROM ' . sql_table('item'). ', ' . sql_table('blog') 231 . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1'; 232 $template['content'] = 'draftlist'; 233 $amountdrafts = showlist($query, 'table', $template); 234 if ($amountdrafts == 0) 235 echo _OVERVIEW_NODRAFTS; 236 } 237 238 /* ---- user settings ---- */ 239 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>'; 240 echo '<ul>'; 241 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>'; 242 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>'; 243 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>'; 244 echo '</ul>'; 245 246 /* ---- general settings ---- */ 247 if ($member->isAdmin()) { 248 echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>'; 249 echo '<ul>'; 250 echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>'; 251 echo '</ul>'; 252 } 253 254 255 $this->pagefoot(); 256 } 257 258 /** 259 * Returns a link to a weblog 260 * @param object BLOG 261 */ 262 function bloglink(&$blog) { 263 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>'; 264 } 265 266 /** 267 * @todo document this 268 */ 269 function action_manage($msg = '') { 270 global $member; 271 272 $member->isAdmin() or $this->disallow(); 273 274 $this->pagehead(); 275 276 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 277 278 if ($msg) 279 echo '<p>' , _MESSAGE , ': ', $msg , '</p>'; 280 281 282 echo '<h2>' . _MANAGE_GENERAL. '</h2>'; 283 284 echo '<ul>'; 285 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>'; 286 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>'; 287 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>'; 288 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>'; 289 echo '</ul>'; 290 291 echo '<h2>' . _MANAGE_SKINS . '</h2>'; 292 echo '<ul>'; 293 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>'; 294 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>'; 295 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>'; 296 echo '</ul>'; 297 298 echo '<h2>' . _MANAGE_EXTRA . '</h2>'; 299 echo '<ul>'; 300 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>'; 301 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>'; 302 echo '</ul>'; 303 304 $this->pagefoot(); 305 } 306 307 /** 308 * @todo document this 309 */ 310 function action_itemlist($blogid = '') { 311 global $member, $manager, $CONF; 312 313 if ($blogid == '') 314 $blogid = intRequestVar('blogid'); 315 316 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 317 318 $this->pagehead(); 319 $blog =& $manager->getBlog($blogid); 320 321 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 322 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>'; 323 324 // start index 325 if (postVar('start')) 326 $start = intPostVar('start'); 327 else 328 $start = 0; 329 330 if ($start == 0) 331 echo '<p><a href="index.php?action=createitem&blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>'; 332 333 // amount of items to show 334 if (postVar('amount')) 335 $amount = intPostVar('amount'); 336 else { 337 $amount = intval($CONF['DefaultListSize']); 338 if ($amount < 1) 339 $amount = 10; 340 } 341 342 $search = postVar('search'); // search through items 343 344 $query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime' 345 . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category') 346 . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid; 347 348 if ($search) 349 $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; 350 351 // non-blog-admins can only edit/delete their own items 352 if (!$member->blogAdminRights($blogid)) 353 $query .= ' and iauthor=' . $member->getID(); 354 355 356 $query .= ' ORDER BY itime DESC' 357 . " LIMIT $start,$amount"; 358 359 $template['content'] = 'itemlist'; 360 $template['now'] = $blog->getCorrectTime(time()); 361 362 $manager->loadClass("ENCAPSULATE"); 363 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0); 364 $navList->showBatchList('item',$query,'table',$template); 365 366 367 $this->pagefoot(); 368 } 369 370 /** 371 * @todo document this 372 */ 373 function action_batchitem() { 374 global $member, $manager; 375 376 // check if logged in 377 $member->isLoggedIn() or $this->disallow(); 378 379 // more precise check will be done for each performed operation 380 381 // get array of itemids from request 382 $selected = requestIntArray('batch'); 383 $action = requestVar('batchaction'); 384 385 // Show error when no items were selected 386 if (!is_array($selected) || sizeof($selected) == 0) 387 $this->error(_BATCH_NOSELECTION); 388 389 // On move: when no destination blog/category chosen, show choice now 390 $destCatid = intRequestVar('destcatid'); 391 if (($action == 'move') && (!$manager->existsCategory($destCatid))) 392 $this->batchMoveSelectDestination('item',$selected); 393 394 // On delete: check if confirmation has been given 395 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 396 $this->batchAskDeleteConfirmation('item',$selected); 397 398 $this->pagehead(); 399 400 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 401 echo '<h2>',_BATCH_ITEMS,'</h2>'; 402 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 403 echo '<ul>'; 404 405 406 // walk over all itemids and perform action 407 foreach ($selected as $itemid) { 408 $itemid = intval($itemid); 409 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...'; 410 411 // perform action, display errors if needed 412 switch($action) { 413 case 'delete': 414 $error = $this->deleteOneItem($itemid); 415 break; 416 case 'move': 417 $error = $this->moveOneItem($itemid, $destCatid); 418 break; 419 default: 420 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 421 } 422 423 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 424 echo '</li>'; 425 } 426 427 echo '</ul>'; 428 echo '<b>',_BATCH_DONE,'</b>'; 429 430 $this->pagefoot(); 431 432 433 } 434 435 /** 436 * @todo document this 437 */ 438 function action_batchcomment() { 439 global $member; 440 441 // check if logged in 442 $member->isLoggedIn() or $this->disallow(); 443 444 // more precise check will be done for each performed operation 445 446 // get array of itemids from request 447 $selected = requestIntArray('batch'); 448 $action = requestVar('batchaction'); 449 450 // Show error when no items were selected 451 if (!is_array($selected) || sizeof($selected) == 0) 452 $this->error(_BATCH_NOSELECTION); 453 454 // On delete: check if confirmation has been given 455 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 456 $this->batchAskDeleteConfirmation('comment',$selected); 457 458 $this->pagehead(); 459 460 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 461 echo '<h2>',_BATCH_COMMENTS,'</h2>'; 462 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 463 echo '<ul>'; 464 465 // walk over all itemids and perform action 466 foreach ($selected as $commentid) { 467 $commentid = intval($commentid); 468 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...'; 469 470 // perform action, display errors if needed 471 switch($action) { 472 case 'delete': 473 $error = $this->deleteOneComment($commentid); 474 break; 475 default: 476 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 477 } 478 479 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 480 echo '</li>'; 481 } 482 483 echo '</ul>'; 484 echo '<b>',_BATCH_DONE,'</b>'; 485 486 $this->pagefoot(); 487 488 489 } 490 491 /** 492 * @todo document this 493 */ 494 function action_batchmember() { 495 global $member; 496 497 // check if logged in and admin 498 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); 499 500 // get array of itemids from request 501 $selected = requestIntArray('batch'); 502 $action = requestVar('batchaction'); 503 504 // Show error when no members selected 505 if (!is_array($selected) || sizeof($selected) == 0) 506 $this->error(_BATCH_NOSELECTION); 507 508 // On delete: check if confirmation has been given 509 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 510 $this->batchAskDeleteConfirmation('member',$selected); 511 512 $this->pagehead(); 513 514 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>'; 515 echo '<h2>',_BATCH_MEMBERS,'</h2>'; 516 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 517 echo '<ul>'; 518 519 // walk over all itemids and perform action 520 foreach ($selected as $memberid) { 521 $memberid = intval($memberid); 522 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...'; 523 524 // perform action, display errors if needed 525 switch($action) { 526 case 'delete': 527 $error = $this->deleteOneMember($memberid); 528 break; 529 case 'setadmin': 530 // always succeeds 531 sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid); 532 $error = ''; 533 break; 534 case 'unsetadmin': 535 // there should always remain at least one super-admin 536 $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1'); 537 if (sql_num_rows($r) < 2) 538 $error = _ERROR_ATLEASTONEADMIN; 539 else 540 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid); 541 break; 542 default: 543 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 544 } 545 546 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 547 echo '</li>'; 548 } 549 550 echo '</ul>'; 551 echo '<b>',_BATCH_DONE,'</b>'; 552 553 $this->pagefoot(); 554 555 556 } 557 558 /** 559 * @todo document this 560 */ 561 function action_batchteam() { 562 global $member; 563 564 $blogid = intRequestVar('blogid'); 565 566 // check if logged in and admin 567 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); 568 569 // get array of itemids from request 570 $selected = requestIntArray('batch'); 571 $action = requestVar('batchaction'); 572 573 // Show error when no members selected 574 if (!is_array($selected) || sizeof($selected) == 0) 575 $this->error(_BATCH_NOSELECTION); 576 577 // On delete: check if confirmation has been given 578 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 579 $this->batchAskDeleteConfirmation('team',$selected); 580 581 $this->pagehead(); 582 583 echo '<p><a href="index.php?action=manageteam&blogid=',$blogid,'">(',_BACK,')</a></p>'; 584 585 echo '<h2>',_BATCH_TEAM,'</h2>'; 586 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 587 echo '<ul>'; 588 589 // walk over all itemids and perform action 590 foreach ($selected as $memberid) { 591 $memberid = intval($memberid); 592 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...'; 593 594 // perform action, display errors if needed 595 switch($action) { 596 case 'delete': 597 $error = $this->deleteOneTeamMember($blogid, $memberid); 598 break; 599 case 'setadmin': 600 // always succeeds 601 sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid); 602 $error = ''; 603 break; 604 case 'unsetadmin': 605 // there should always remain at least one admin 606 $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid); 607 if (sql_num_rows($r) < 2) 608 $error = _ERROR_ATLEASTONEBLOGADMIN; 609 else 610 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid); 611 break; 612 default: 613 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 614 } 615 616 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 617 echo '</li>'; 618 } 619 620 echo '</ul>'; 621 echo '<b>',_BATCH_DONE,'</b>'; 622 623 $this->pagefoot(); 624 625 626 } 627 628 /** 629 * @todo document this 630 */ 631 function action_batchcategory() { 632 global $member, $manager; 633 634 // check if logged in 635 $member->isLoggedIn() or $this->disallow(); 636 637 // more precise check will be done for each performed operation 638 639 // get array of itemids from request 640 $selected = requestIntArray('batch'); 641 $action = requestVar('batchaction'); 642 643 // Show error when no items were selected 644 if (!is_array($selected) || sizeof($selected) == 0) 645 $this->error(_BATCH_NOSELECTION); 646 647 // On move: when no destination blog chosen, show choice now 648 $destBlogId = intRequestVar('destblogid'); 649 if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) 650 $this->batchMoveCategorySelectDestination('category',$selected); 651 652 // On delete: check if confirmation has been given 653 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 654 $this->batchAskDeleteConfirmation('category',$selected); 655 656 $this->pagehead(); 657 658 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 659 echo '<h2>',BATCH_CATEGORIES,'</h2>'; 660 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 661 echo '<ul>'; 662 663 // walk over all itemids and perform action 664 foreach ($selected as $catid) { 665 $catid = intval($catid); 666 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...'; 667 668 // perform action, display errors if needed 669 switch($action) { 670 case 'delete': 671 $error = $this->deleteOneCategory($catid); 672 break; 673 case 'move': 674 $error = $this->moveOneCategory($catid, $destBlogId); 675 break; 676 default: 677 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 678 } 679 680 echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>'; 681 echo '</li>'; 682 } 683 684 echo '</ul>'; 685 echo '<b>',_BATCH_DONE,'</b>'; 686 687 $this->pagefoot(); 688 689 } 690 691 /** 692 * @todo document this 693 */ 694 function batchMoveSelectDestination($type, $ids) { 695 global $manager; 696 $this->pagehead(); 697 ?> 698 <h2><?php echo _MOVE_TITLE?></h2> 699 <form method="post" action="index.php"><div> 700 701 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 702 <input type="hidden" name="batchaction" value="move" /> 703 <?php 704 $manager->addTicketHidden(); 705 706 // insert selected item numbers 707 $idx = 0; 708 foreach ($ids as $id) 709 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 710 711 // show blog/category selection list 712 $this->selectBlogCategory('destcatid'); 713 714 ?> 715 716 717 <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" /> 718 719 </div></form> 720 <?php $this->pagefoot(); 721 exit; 722 } 723 724 /** 725 * @todo document this 726 */ 727 function batchMoveCategorySelectDestination($type, $ids) { 728 global $manager; 729 $this->pagehead(); 730 ?> 731 <h2><?php echo _MOVECAT_TITLE?></h2> 732 <form method="post" action="index.php"><div> 733 734 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 735 <input type="hidden" name="batchaction" value="move" /> 736 <?php 737 $manager->addTicketHidden(); 738 739 // insert selected item numbers 740 $idx = 0; 741 foreach ($ids as $id) 742 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 743 744 // show blog/category selection list 745 $this->selectBlog('destblogid'); 746 747 ?> 748 749 750 <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" /> 751 752 </div></form> 753 <?php $this->pagefoot(); 754 exit; 755 } 756 757 /** 758 * @todo document this 759 */ 760 function batchAskDeleteConfirmation($type, $ids) { 761 global $manager; 762 763 $this->pagehead(); 764 ?> 765 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2> 766 <form method="post" action="index.php"><div> 767 768 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 769 <?php $manager->addTicketHidden() ?> 770 <input type="hidden" name="batchaction" value="delete" /> 771 <input type="hidden" name="confirmation" value="yes" /> 772 <?php // insert selected item numbers 773 $idx = 0; 774 foreach ($ids as $id) 775 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 776 777 // add hidden vars for team & comment 778 if ($type == 'team') 779 { 780 echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />'; 781 } 782 if ($type == 'comment') 783 { 784 echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />'; 785 } 786 787 ?> 788 789 <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" /> 790 791 </div></form> 792 <?php $this->pagefoot(); 793 exit; 794 } 795 796 797 /** 798 * Inserts a HTML select element with choices for all categories to which the current 799 * member has access 800 * @see function selectBlog 801 */ 802 function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 803 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); 804 } 805 806 /** 807 * Inserts a HTML select element with choices for all blogs to which the user has access 808 * mode = 'blog' => shows blognames and values are blogids 809 * mode = 'category' => show category names and values are catids 810 * 811 * @param $iForcedBlogInclude 812 * ID of a blog that always needs to be included, without checking if the 813 * member is on the blog team (-1 = none) 814 * @todo document parameters 815 */ 816 function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 817 global $member, $CONF; 818 819 // 0. get IDs of blogs to which member can post items (+ forced blog) 820 $aBlogIds = array(); 821 if ($iForcedBlogInclude != -1) 822 $aBlogIds[] = intval($iForcedBlogInclude); 823 824 if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) 825 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; 826 else 827 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); 828 $rblogids = sql_query($queryBlogs); 829 while ($o = sql_fetch_object($rblogids)) 830 if ($o->bnumber != $iForcedBlogInclude) 831 $aBlogIds[] = intval($o->bnumber); 832 833 if (count($aBlogIds) == 0) 834 return; 835 836 echo '<select name="',$name,'" tabindex="',$tabindex,'">'; 837 838 // 1. select blogs (we'll create optiongroups) 839 // (only select those blogs that have the user on the team) 840 $queryBlogs = 'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname'; 841 $blogs = sql_query($queryBlogs); 842 if ($mode == 'category') { 843 if (sql_num_rows($blogs) > 1) 844 $multipleBlogs = 1; 845 846 while ($oBlog = sql_fetch_object($blogs)) { 847 if ($multipleBlogs) 848 echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">'; 849 850 // show selection to create new category when allowed/wanted 851 if ($showNewCat) { 852 // check if allowed to do so 853 if ($member->blogAdminRights($oBlog->bnumber)) 854 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>'; 855 } 856 857 // 2. for each category in that blog 858 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC'); 859 while ($oCat = sql_fetch_object($categories)) { 860 if ($oCat->catid == $selected) 861 $selectText = ' selected="selected" '; 862 else 863 $selectText = ''; 864 echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>'; 865 } 866 867 if ($multipleBlogs) 868 echo '</optgroup>'; 869 } 870 } else { 871 // blog mode 872 while ($oBlog = sql_fetch_object($blogs)) { 873 echo '<option value="',$oBlog->bnumber,'"'; 874 if ($oBlog->bnumber == $selected) 875 echo ' selected="selected"'; 876 echo'>',htmlspecialchars($oBlog->bname),'</option>'; 877 } 878 } 879 echo '</select>'; 880 881 } 882 883 /** 884 * @todo document this 885 */ 886 function action_browseownitems() { 887 global $member, $manager, $CONF; 888 889 $this->pagehead(); 890 891 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 892 echo '<h2>' . _ITEMLIST_YOUR. '</h2>'; 893 894 // start index 895 if (postVar('start')) 896 $start = intPostVar('start'); 897 else 898 $start = 0; 899 900 // amount of items to show 901 if (postVar('amount')) 902 $amount = intPostVar('amount'); 903 else { 904 $amount = intval($CONF['DefaultListSize']); 905 if ($amount < 1) 906 $amount = 10; 907 } 908 909 $search = postVar('search'); // search through items 910 911 $query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime' 912 . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category') 913 . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid'; 914 915 if ($search) 916 $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; 917 918 $query .= ' ORDER BY itime DESC' 919 . " LIMIT $start,$amount"; 920 921 $template['content'] = 'itemlist'; 922 $template['now'] = time(); 923 924 $manager->loadClass("ENCAPSULATE"); 925 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0); 926 $navList->showBatchList('item',$query,'table',$template); 927 928 $this->pagefoot(); 929 930 } 931 932 /** 933 * Show all the comments for a given item 934 * @param int $itemid 935 */ 936 function action_itemcommentlist($itemid = '') { 937 global $member, $manager, $CONF; 938 939 if ($itemid == '') 940 $itemid = intRequestVar('itemid'); 941 942 // only allow if user is allowed to alter item 943 $member->canAlterItem($itemid) or $this->disallow(); 944 945 $blogid = getBlogIdFromItemId($itemid); 946 947 $this->pagehead(); 948 949 // start index 950 if (postVar('start')) 951 $start = intPostVar('start'); 952 else 953 $start = 0; 954 955 // amount of items to show 956 if (postVar('amount')) 957 $amount = intPostVar('amount'); 958 else { 959 $amount = intval($CONF['DefaultListSize']); 960 if ($amount < 1) 961 $amount = 10; 962 } 963 964 $search = postVar('search'); 965 966 echo '<p>(<a href="index.php?action=itemlist&blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>'; 967 echo '<h2>',_COMMENTS,'</h2>'; 968 969 $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid; 970 971 if ($search) 972 $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; 973 974 $query .= ' ORDER BY ctime ASC' 975 . " LIMIT $start,$amount"; 976 977 $template['content'] = 'commentlist'; 978 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid)); 979 980 $manager->loadClass("ENCAPSULATE"); 981 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid); 982 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS); 983 984 $this->pagefoot(); 985 } 986 987 /** 988 * Browse own comments 989 */ 990 function action_browseowncomments() { 991 global $member, $manager, $CONF; 992 993 // start index 994 if (postVar('start')) 995 $start = intPostVar('start'); 996 else 997 $start = 0; 998 999 // amount of items to show 1000 if (postVar('amount')) 1001 $amount = intPostVar('amount'); 1002 else { 1003 $amount = intval($CONF['DefaultListSize']); 1004 if ($amount < 1) 1005 $amount = 10; 1006 } 1007 1008 $search = postVar('search'); 1009 1010 1011 $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID(); 1012 1013 if ($search) 1014 $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; 1015 1016 $query .= ' ORDER BY ctime DESC' 1017 . " LIMIT $start,$amount"; 1018 1019 $this->pagehead(); 1020 1021 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 1022 echo '<h2>', _COMMENTS_YOUR ,'</h2>'; 1023 1024 $template['content'] = 'commentlist'; 1025 $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself 1026 1027 $manager->loadClass("ENCAPSULATE"); 1028 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0); 1029 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR); 1030 1031 $this->pagefoot(); 1032 } 1033 1034 /** 1035 * Browse all comments for a weblog 1036 * @param int $blogid 1037 */ 1038 function action_blogcommentlist($blogid = '') 1039 { 1040 global $member, $manager, $CONF; 1041 1042 if ($blogid == '') 1043 $blogid = intRequestVar('blogid'); 1044 else 1045 $blogid = intval($blogid); 1046 1047 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 1048 1049 // start index 1050 if (postVar('start')) 1051 $start = intPostVar('start'); 1052 else 1053 $start = 0; 1054 1055 // amount of items to show 1056 if (postVar('amount')) 1057 $amount = intPostVar('amount'); 1058 else { 1059 $amount = intval($CONF['DefaultListSize']); 1060 if ($amount < 1) 1061 $amount = 10; 1062 } 1063 1064 $search = postVar('search'); // search through comments 1065 1066 1067 $query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid); 1068 1069 if ($search != '') 1070 $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; 1071 1072 1073 $query .= ' ORDER BY ctime DESC' 1074 . " LIMIT $start,$amount"; 1075 1076 1077 $blog =& $manager->getBlog($blogid); 1078 1079 $this->pagehead(); 1080 1081 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 1082 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>'; 1083 1084 $template['content'] = 'commentlist'; 1085 $template['canAddBan'] = $member->blogAdminRights($blogid); 1086 1087 $manager->loadClass("ENCAPSULATE"); 1088 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0); 1089 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG); 1090 1091 $this->pagefoot(); 1092 } 1093 1094 /** 1095 * Provide a page to item a new item to the given blog 1096 */ 1097 function action_createitem() { 1098 global $member, $manager; 1099 1100 $blogid = intRequestVar('blogid'); 1101 1102 // check if allowed 1103 $member->teamRights($blogid) or $this->disallow(); 1104 1105 $memberid = $member->getID(); 1106 1107 $blog =& $manager->getBlog($blogid); 1108 1109 $this->pagehead(); 1110 1111 // generate the add-item form 1112 $formfactory =& new PAGEFACTORY($blogid); 1113 $formfactory->createAddForm('admin'); 1114 1115 $this->pagefoot(); 1116 } 1117 1118 /** 1119 * @todo document this 1120 */ 1121 function action_itemedit() { 1122 global $member, $manager; 1123 1124 $itemid = intRequestVar('itemid'); 1125 1126 // only allow if user is allowed to alter item 1127 $member->canAlterItem($itemid) or $this->disallow(); 1128 1129 $item =& $manager->getItem($itemid,1,1); 1130 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); 1131 1132 $manager->notify('PrepareItemForEdit', array('item' => &$item)); 1133 1134 if ($blog->convertBreaks()) { 1135 $item['body'] = removeBreaks($item['body']); 1136 $item['more'] = removeBreaks($item['more']); 1137 } 1138 1139 // form to edit blog items 1140 $this->pagehead(); 1141 $formfactory =& new PAGEFACTORY($blog->getID()); 1142 $formfactory->createEditForm('admin',$item); 1143 $this->pagefoot(); 1144 } 1145 1146 /** 1147 * @todo document this 1148 */ 1149 function action_itemupdate() { 1150 global $member, $manager, $CONF; 1151 1152 $itemid = intRequestVar('itemid'); 1153 $catid = postVar('catid'); 1154 1155 // only allow if user is allowed to alter item 1156 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 1157 1158 $actiontype = postVar('actiontype'); 1159 1160 // delete actions are handled by itemdelete (which has confirmation) 1161 if ($actiontype == 'delete') { 1162 $this->action_itemdelete(); 1163 return; 1164 } 1165 1166 $body = postVar('body'); 1167 $title = postVar('title'); 1168 $more = postVar('more'); 1169 $closed = intPostVar('closed'); 1170 $draftid = intPostVar('draftid'); 1171 1172 // default action = add now 1173 if (!$actiontype) 1174 $actiontype='addnow'; 1175 1176 // create new category if needed 1177 if (strstr($catid,'newcat')) { 1178 // get blogid 1179 list($blogid) = sscanf($catid,"newcat-%d"); 1180 1181 // create 1182 $blog =& $manager->getBlog($blogid); 1183 $catid = $blog->createNewCategory(); 1184 1185 // show error when sth goes wrong 1186 if (!$catid) 1187 $this->doError(_ERROR_CATCREATEFAIL); 1188 } 1189 1190 /* 1191 set some variables based on actiontype 1192 1193 actiontypes: 1194 draft items -> addnow, addfuture, adddraft, delete 1195 non-draft items -> edit, changedate, delete 1196 1197 variables set: 1198 $timestamp: set to a nonzero value for future dates or date changes 1199 $wasdraft: set to 1 when the item used to be a draft item 1200 $publish: set to 1 when the edited item is not a draft 1201 */ 1202 $blogid = getBlogIDFromItemID($itemid); 1203 $blog =& $manager->getBlog($blogid); 1204 1205 $wasdrafts = array('adddraft', 'addfuture', 'addnow'); 1206 $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0; 1207 $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0; 1208 if ($actiontype == 'addfuture' || $actiontype == 'changedate') { 1209 $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); 1210 } else { 1211 $timestamp =0; 1212 } 1213 1214 // edit the item for real 1215 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); 1216 1217 $this->updateFuturePosted($blogid); 1218 1219 if ($draftid > 0) { 1220 // delete permission is checked inside ITEM::delete() 1221 ITEM::delete($draftid); 1222 } 1223 1224 // show category edit window when we created a new category 1225 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') 1226 if ($catid != intPostVar('catid')) { 1227 $this->action_categoryedit( 1228 $catid, 1229 $blog->getID(), 1230 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) 1231 ); 1232 } else { 1233 // TODO: set start item correctly for itemlist 1234 $this->action_itemlist(getBlogIDFromItemID($itemid)); 1235 } 1236 } 1237 1238 /** 1239 * @todo document this 1240 */ 1241 function action_itemdelete() { 1242 global $member, $manager; 1243 1244 $itemid = intRequestVar('itemid'); 1245 1246 // only allow if user is allowed to alter item 1247 $member->canAlterItem($itemid) or $this->disallow(); 1248 1249 if (!$manager->existsItem($itemid,1,1)) 1250 $this->error(_ERROR_NOSUCHITEM); 1251 1252 $item =& $manager->getItem($itemid,1,1); 1253 $title = htmlspecialchars(strip_tags($item['title'])); 1254 $body = strip_tags($item['body']); 1255 $body = htmlspecialchars(shorten($body,300,'...')); 1256 1257 $this->pagehead(); 1258 ?> 1259 <h2><?php echo _DELETE_CONFIRM?></h2> 1260 1261 <p><?php echo _CONFIRMTXT_ITEM?></p> 1262 1263 <div class="note"> 1264 <b>"<?php echo $title ?>"</b> 1265 <br /> 1266 <?php echo $body?> 1267 </div> 1268 1269 <form method="post" action="index.php"><div> 1270 <input type="hidden" name="action" value="itemdeleteconfirm" /> 1271 <?php $manager->addTicketHidden() ?> 1272 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 1273 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" tabindex="10" /> 1274 </div></form> 1275 <?php 1276 $this->pagefoot(); 1277 } 1278 1279 /** 1280 * @todo document this 1281 */ 1282 function action_itemdeleteconfirm() { 1283 global $member; 1284 1285 $itemid = intRequestVar('itemid'); 1286 1287 // only allow if user is allowed to alter item 1288 $member->canAlterItem($itemid) or $this->disallow(); 1289 1290 // get blogid first 1291 $blogid = getBlogIdFromItemId($itemid); 1292 1293 // delete item (note: some checks will be performed twice) 1294 $this->deleteOneItem($itemid); 1295 1296 $this->action_itemlist($blogid); 1297 } 1298 1299 /** 1300 * Deletes one item and returns error if something goes wrong 1301 * @param int $itemid 1302 */ 1303 function deleteOneItem($itemid) { 1304 global $member, $manager; 1305 1306 // only allow if user is allowed to alter item (also checks if itemid exists) 1307 if (!$member->canAlterItem($itemid)) 1308 return _ERROR_DISALLOWED; 1309 1310 // need to get blogid before the item is deleted 1311 $blogid = getBlogIDFromItemId($itemid); 1312 1313 $manager->loadClass('ITEM'); 1314 ITEM::delete($itemid); 1315 1316 // update blog's futureposted 1317 $this->updateFuturePosted($blogid); 1318 } 1319 1320 /** 1321 * Update a blog's future posted flag 1322 * @param int $blogid 1323 */ 1324 function updateFuturePosted($blogid) { 1325 global $manager; 1326 1327 $blog =& $manager->getBlog($blogid); 1328 $currenttime = $blog->getCorrectTime(time()); 1329 $result = sql_query("SELECT * FROM ".sql_table('item'). 1330 " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime)); 1331 if (sql_num_rows($result) > 0) { 1332 $blog->setFuturePost(); 1333 } 1334 else { 1335 $blog->clearFuturePost(); 1336 } 1337 } 1338 1339 /** 1340 * @todo document this 1341 */ 1342 function action_itemmove() { 1343 global $member, $manager; 1344 1345 $itemid = intRequestVar('itemid'); 1346 1347 // only allow if user is allowed to alter item 1348 $member->canAlterItem($itemid) or $this->disallow(); 1349 1350 $item =& $manager->getItem($itemid,1,1); 1351 1352 $this->pagehead(); 1353 ?> 1354 <h2><?php echo _MOVE_TITLE?></h2> 1355 <form method="post" action="index.php"><div> 1356 <input type="hidden" name="action" value="itemmoveto" /> 1357 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 1358 1359 <?php 1360 1361 $manager->addTicketHidden(); 1362 $this->selectBlogCategory('catid',$item['catid'],10,1); 1363 ?> 1364 1365 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" /> 1366 </div></form> 1367 <?php 1368 $this->pagefoot(); 1369 } 1370 1371 /** 1372 * @todo document this 1373 */ 1374 function action_itemmoveto() { 1375 global $member, $manager; 1376 1377 $itemid = intRequestVar('itemid'); 1378 $catid = requestVar('catid'); 1379 1380 // create new category if needed 1381 if (strstr($catid,'newcat')) { 1382 // get blogid 1383 list($blogid) = sscanf($catid,'newcat-%d'); 1384 1385 // create 1386 $blog =& $manager->getBlog($blogid); 1387 $catid = $blog->createNewCategory(); 1388 1389 // show error when sth goes wrong 1390 if (!$catid) 1391 $this->doError(_ERROR_CATCREATEFAIL); 1392 } 1393 1394 // only allow if user is allowed to alter item 1395 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 1396 1397 $old_blogid = getBlogIDFromItemId($itemid); 1398 1399 ITEM::move($itemid, $catid); 1400 1401 // set the futurePosted flag on the blog 1402 $this->updateFuturePosted(getBlogIDFromItemId($itemid)); 1403 1404 // reset the futurePosted in case the item is moved from one blog to another 1405 $this->updateFuturePosted($old_blogid); 1406 1407 if ($catid != intRequestVar('catid')) 1408 $this->action_categoryedit($catid, $blog->getID()); 1409 else 1410 $this->action_itemlist(getBlogIDFromCatID($catid)); 1411 } 1412 1413 /** 1414 * Moves one item to a given category (category existance should be checked by caller) 1415 * errors are returned 1416 * @param int $itemid 1417 * @param int $destCatid category ID to which the item will be moved 1418 */ 1419 function moveOneItem($itemid, $destCatid) { 1420 global $member; 1421 1422 // only allow if user is allowed to move item 1423 if (!$member->canUpdateItem($itemid, $destCatid)) 1424 return _ERROR_DISALLOWED; 1425 1426 ITEM::move($itemid, $destCatid); 1427 } 1428 1429 /** 1430 * Adds a item to the chosen blog 1431 */ 1432 function action_additem() { 1433 global $manager, $CONF; 1434 1435 $manager->loadClass('ITEM'); 1436 1437 $result = ITEM::createFromRequest(); 1438 1439 if ($result['status'] == 'error') 1440 $this->error($result['message']); 1441 1442 $blogid = getBlogIDFromItemID($result['itemid']); 1443 $blog =& $manager->getBlog($blogid); 1444 $btimestamp = $blog->getCorrectTime(); 1445 $item = $manager->getItem(intval($result['itemid']), 1, 1); 1446 1447 if ($result['status'] == 'newcategory') { 1448 $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid)); 1449 $this->action_categoryedit($result['catid'], $blogid, $distURI); 1450 } else { 1451 $methodName = 'action_itemList'; 1452 call_user_func(array(&$this, $methodName), $blogid); 1453 } 1454 } 1455 1456 /** 1457 * Allows to edit previously made comments 1458 */ 1459 function action_commentedit() { 1460 global $member, $manager; 1461 1462 $commentid = intRequestVar('commentid'); 1463 1464 $member->canAlterComment($commentid) or $this->disallow(); 1465 1466 $comment = COMMENT::getComment($commentid); 1467 1468 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment)); 1469 1470 // change <br /> to \n 1471 $comment['body'] = str_replace('<br />','',$comment['body']); 1472 1473 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']); 1474 1475 $this->pagehead(); 1476 1477 ?> 1478 <h2><?php echo _EDITC_TITLE?></h2> 1479 1480 <form action="index.php" method="post"><div> 1481 1482 <input type="hidden" name="action" value="commentupdate" /> 1483 <?php $manager->addTicketHidden(); ?> 1484 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 1485 <table><tr> 1486 <th colspan="2"><?php echo _EDITC_TITLE?></th> 1487 </tr><tr> 1488 <td><?php echo _EDITC_WHO?></td> 1489 <td> 1490 <?php if ($comment['member']) 1491 echo $comment['member'] . " (" . _EDITC_MEMBER . ")"; 1492 else 1493 echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")"; 1494 ?> 1495 </td> 1496 </tr><tr> 1497 <td><?php echo _EDITC_WHEN?></td> 1498 <td><?php echo date("Y-m-d @ H:i",$comment['timestamp']); ?></td> 1499 </tr><tr> 1500 <td><?php echo _EDITC_HOST?></td> 1501 <td><?php echo $comment['host']; ?></td> 1502 </tr> 1503 <tr> 1504 <td><?php echo _EDITC_URL; ?></td> 1505 <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td> 1506 </tr> 1507 <tr> 1508 <td><?php echo _EDITC_EMAIL; ?></td> 1509 <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td> 1510 </tr> 1511 <tr> 1512 <td><?php echo _EDITC_TEXT?></td> 1513 <td> 1514 <textarea name="body" tabindex="10" rows="10" cols="50"><?php // htmlspecialchars not needed (things should be escaped already) 1515 echo $comment['body']; 1516 ?></textarea> 1517 </td> 1518 </tr><tr> 1519 <td><?php echo _EDITC_EDIT?></td> 1520 <td><input type="submit" tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td> 1521 </tr></table> 1522 1523 </div></form> 1524 <?php 1525 $this->pagefoot(); 1526 } 1527 1528 /** 1529 * @todo document this 1530 */ 1531 function action_commentupdate() { 1532 global $member, $manager; 1533 1534 $commentid = intRequestVar('commentid'); 1535 1536 $member->canAlterComment($commentid) or $this->disallow(); 1537 1538 $url = postVar('url'); 1539 $email = postVar('email'); 1540 $body = postVar('body'); 1541 1542 // intercept words that are too long 1543 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) 1544 $this->error(_ERROR_COMMENT_LONGWORD); 1545 1546 // check length 1547 if (strlen($body)<3) 1548 $this->error(_ERROR_COMMENT_NOCOMMENT); 1549 if (strlen($body)>5000) 1550 $this->error(_ERROR_COMMENT_TOOLONG); 1551 1552 1553 // prepare body 1554 $body = COMMENT::prepareBody($body); 1555 1556 // call plugins 1557 $manager->notify('PreUpdateComment',array('body' => &$body)); 1558 1559 $query = 'UPDATE ' . sql_table('comment') 1560 . " SET cmail = '" . addslashes($url) . "', cemail = '" . addslashes($email) . "', cbody = '" . addslashes($body) . "'" 1561 . " WHERE cnumber = " . $commentid; 1562 sql_query($query); 1563 1564 // get itemid 1565 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); 1566 $o = sql_fetch_object($res); 1567 $itemid = $o->citem; 1568 1569 if ($member->canAlterItem($itemid)) 1570 $this->action_itemcommentlist($itemid); 1571 else 1572 $this->action_browseowncomments(); 1573 1574 } 1575 1576 /** 1577 * @todo document this 1578 */ 1579 function action_commentdelete() { 1580 global $member, $manager; 1581 1582 $commentid = intRequestVar('commentid'); 1583 1584 $member->canAlterComment($commentid) or $this->disallow(); 1585 1586 $comment = COMMENT::getComment($commentid); 1587 1588 $body = strip_tags($comment['body']); 1589 $body = htmlspecialchars(shorten($body, 300, '...')); 1590 1591 if ($comment['member']) 1592 $author = $comment['member']; 1593 else 1594 $author = $comment['user']; 1595 1596 $this->pagehead(); 1597 ?> 1598 1599 <h2><?php echo _DELETE_CONFIRM?></h2> 1600 1601 <p><?php echo _CONFIRMTXT_COMMENT?></p> 1602 1603 <div class="note"> 1604 <b><?php echo _EDITC_WHO?>:</b> <?php echo $author ?> 1605 <br /> 1606 <b><?php echo _EDITC_TEXT?>:</b> <?php echo $body ?> 1607 </div> 1608 1609 <form method="post" action="index.php"><div> 1610 <input type="hidden" name="action" value="commentdeleteconfirm" /> 1611 <?php $manager->addTicketHidden() ?> 1612 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 1613 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 1614 </div></form> 1615 <?php 1616 $this->pagefoot(); 1617 } 1618 1619 /** 1620 * @todo document this 1621 */ 1622 function action_commentdeleteconfirm() { 1623 global $member; 1624 1625 $commentid = intRequestVar('commentid'); 1626 1627 // get item id first 1628 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); 1629 $o = sql_fetch_object($res); 1630 $itemid = $o->citem; 1631 1632 $error = $this->deleteOneComment($commentid); 1633 if ($error) 1634 $this->doError($error); 1635 1636 if ($member->canAlterItem($itemid)) 1637 $this->action_itemcommentlist($itemid); 1638 else 1639 $this->action_browseowncomments(); 1640 } 1641 1642 /** 1643 * @todo document this 1644 */ 1645 function deleteOneComment($commentid) { 1646 global $member, $manager; 1647 1648 $commentid = intval($commentid); 1649 1650 if (!$member->canAlterComment($commentid)) 1651 return _ERROR_DISALLOWED; 1652 1653 $manager->notify('PreDeleteComment', array('commentid' => $commentid)); 1654 1655 // delete the comments associated with the item 1656 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid; 1657 sql_query($query); 1658 1659 $manager->notify('PostDeleteComment', array('commentid' => $commentid)); 1660 1661 return ''; 1662 } 1663 1664 /** 1665 * Usermanagement main 1666 */ 1667 function action_usermanagement() { 1668 global $member, $manager; 1669 1670 // check if allowed 1671 $member->isAdmin() or $this->disallow(); 1672 1673 $this->pagehead(); 1674 1675 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 1676 1677 echo '<h2>' . _MEMBERS_TITLE .'</h2>'; 1678 1679 echo '<h3>' . _MEMBERS_CURRENT .'</h3>'; 1680 1681 // show list of members with actions 1682 $query = 'SELECT *' 1683 . ' FROM '.sql_table('member'); 1684 $template['content'] = 'memberlist'; 1685 $template['tabindex'] = 10; 1686 1687 $manager->loadClass("ENCAPSULATE"); 1688 $batch =& new BATCH('member'); 1689 $batch->showlist($query,'table',$template); 1690 1691 echo '<h3>' . _MEMBERS_NEW .'</h3>'; 1692 ?> 1693 <form method="post" action="index.php" name="memberedit"><div> 1694 1695 <input type="hidden" name="action" value="memberadd" /> 1696 <?php $manager->addTicketHidden() ?> 1697 1698 <table> 1699 <tr> 1700 <th colspan="2"><?php echo _MEMBERS_NEW?></th> 1701 </tr><tr> 1702 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 1703 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 1704 </td> 1705 <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td> 1706 </tr><tr> 1707 <td><?php echo _MEMBERS_REALNAME?></td> 1708 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td> 1709 </tr><tr> 1710 <td><?php echo _MEMBERS_PWD?></td> 1711 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td> 1712 </tr><tr> 1713 <td><?php echo _MEMBERS_REPPWD?></td> 1714 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td> 1715 </tr><tr> 1716 <td><?php echo _MEMBERS_EMAIL?></td> 1717 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td> 1718 </tr><tr> 1719 <td><?php echo _MEMBERS_URL?></td> 1720 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td> 1721 </tr><tr> 1722 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 1723 <td><?php $this->input_yesno('admin',0,10060); ?> </td> 1724 </tr><tr> 1725 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 1726 <td><?php $this->input_yesno('canlogin',1,10070); ?></td> 1727 </tr><tr> 1728 <td><?php echo _MEMBERS_NOTES?></td> 1729 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td> 1730 </tr><tr> 1731 <td><?php echo _MEMBERS_NEW?></td> 1732 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td> 1733 </tr></table> 1734 1735 </div></form> 1736 <?php 1737 $this->pagefoot(); 1738 } 1739 1740 /** 1741 * Edit member settings 1742 */ 1743 function action_memberedit() { 1744 $this->action_editmembersettings(intRequestVar('memberid')); 1745 } 1746 1747 /** 1748 * @todo document this 1749 */ 1750 function action_editmembersettings($memberid = '') { 1751 global $member, $manager, $CONF; 1752 1753 if ($memberid == '') 1754 $memberid = $member->getID(); 1755 1756 // check if allowed 1757 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 1758 1759 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 1760 $this->pagehead($extrahead); 1761 1762 // show message to go back to member overview (only for admins) 1763 if ($member->isAdmin()) 1764 echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>'; 1765 else 1766 echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>'; 1767 1768 echo '<h2>' . _MEMBERS_EDIT . '</h2>'; 1769 1770 $mem = MEMBER::createFromID($memberid); 1771 1772 ?> 1773 <form method="post" action="index.php" name="memberedit"><div> 1774 1775 <input type="hidden" name="action" value="changemembersettings" /> 1776 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 1777 <?php $manager->addTicketHidden() ?> 1778 1779 <table><tr> 1780 <th colspan="2"><?php echo _MEMBERS_EDIT?></th> 1781 </tr><tr> 1782 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 1783 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 1784 </td> 1785 <td> 1786 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 1787 <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo htmlspecialchars($mem->getDisplayName()); ?>" /> 1788 <?php } else { 1789 echo htmlspecialchars($member->getDisplayName()); 1790 } 1791 ?> 1792 </td> 1793 </tr><tr> 1794 <td><?php echo _MEMBERS_REALNAME?></td> 1795 <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo htmlspecialchars($mem->getRealName()); ?>" /></td> 1796 </tr><tr> 1797 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 1798 <td><?php echo _MEMBERS_PWD?></td> 1799 <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td> 1800 </tr><tr> 1801 <td><?php echo _MEMBERS_REPPWD?></td> 1802 <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td> 1803 <?php } ?> 1804 </tr><tr> 1805 <td><?php echo _MEMBERS_EMAIL?> 1806 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small> 1807 </td> 1808 <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo htmlspecialchars($mem->getEmail()); ?>" /></td> 1809 </tr><tr> 1810 <td><?php echo _MEMBERS_URL?></td> 1811 <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getURL()); ?>" /></td> 1812 <?php // only allow to change this by super-admins 1813 // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-) 1814 if ($member->isAdmin()) { 1815 ?> 1816 </tr><tr> 1817 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 1818 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td> 1819 </tr><tr> 1820 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 1821 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td> 1822 <?php } ?> 1823 </tr><tr> 1824 <td><?php echo _MEMBERS_NOTES?></td> 1825 <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getNotes()); ?>" /></td> 1826 </tr><tr> 1827 <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?> 1828 </td> 1829 <td> 1830 1831 <select name="deflang" tabindex="85"> 1832 <option value=""><?php echo _MEMBERS_USESITELANG?></option> 1833 <?php // show a dropdown list of all available languages 1834 global $DIR_LANG; 1835 $dirhandle = opendir($DIR_LANG); 1836 while ($filename = readdir($dirhandle)) { 1837 if (ereg("^(.*)\.php$",$filename,$matches)) { 1838 $name = $matches[1]; 1839 echo "<option value='$name'"; 1840 if ($name == $mem->getLanguage()) 1841 echo " selected='selected'"; 1842 echo ">$name</option>"; 1843 } 1844 } 1845 closedir($dirhandle); 1846 1847 ?> 1848 </select> 1849 1850 </td> 1851 </tr> 1852 <tr> 1853 <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td> 1854 <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td> 1855 </tr> 1856 <?php 1857 // plugin options 1858 $this->_insertPluginOptions('member',$memberid); 1859 ?> 1860 <tr> 1861 <th colspan="2"><?php echo _MEMBERS_EDIT ?></th> 1862 </tr><tr> 1863 <td><?php echo _MEMBERS_EDIT?></td> 1864 <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td> 1865 </tr></table> 1866 1867 </div></form> 1868 1869 <?php 1870 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 1871 1872 $manager->notify( 1873 'MemberSettingsFormExtras', 1874 array( 1875 'member' => &$mem 1876 ) 1877 ); 1878 1879 $this->pagefoot(); 1880 } 1881 1882 /** 1883 * @todo document this 1884 */ 1885 function action_changemembersettings() { 1886 global $member, $CONF, $manager; 1887 1888 $memberid = intRequestVar('memberid'); 1889 1890 // check if allowed 1891 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 1892 1893 $name = trim(strip_tags(postVar('name'))); 1894 $realname = trim(strip_tags(postVar('realname'))); 1895 $password = postVar('password'); 1896 $repeatpassword = postVar('repeatpassword'); 1897 $email = strip_tags(postVar('email')); 1898 $url = strip_tags(postVar('url')); 1899 1900 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it. 1901 if (!eregi("^https?://", $url)) 1902 $url = "http://".$url; 1903 1904 $admin = postVar('admin'); 1905 $canlogin = postVar('canlogin'); 1906 $notes = strip_tags(postVar('notes')); 1907 $deflang = postVar('deflang'); 1908 1909 $mem = MEMBER::createFromID($memberid); 1910 1911 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 1912 1913 if (!isValidDisplayName($name)) 1914 $this->error(_ERROR_BADNAME); 1915 1916 if (($name != $mem->getDisplayName()) && MEMBER::exists($name)) 1917 $this->error(_ERROR_NICKNAMEINUSE); 1918 1919 if ($password != $repeatpassword) 1920 $this->error(_ERROR_PASSWORDMISMATCH); 1921 1922 if ($password && (strlen($password) < 6)) 1923 $this->error(_ERROR_PASSWORDTOOSHORT); 1924 1925 $pwdvalid = true; 1926 $pwderror = ''; 1927 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); 1928 if (!$pwdvalid) { 1929 $this->error($pwderror); 1930 } 1931 } 1932 1933 if (!isValidMailAddress($email)) 1934 $this->error(_ERROR_BADMAILADDRESS); 1935 1936 1937 if (!$realname) 1938 $this->error(_ERROR_REALNAMEMISSING); 1939 1940 if (($deflang != '') && (!checkLanguage($deflang))) 1941 $this->error(_ERROR_NOSUCHLANGUAGE); 1942 1943 // check if there will remain at least one site member with both the logon and admin rights 1944 // (check occurs when taking away one of these rights from such a member) 1945 if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) 1946 || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) 1947 ) 1948 { 1949 $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); 1950 if (sql_num_rows($r) < 2) 1951 $this->error(_ERROR_ATLEASTONEADMIN); 1952 } 1953 1954 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 1955 $mem->setDisplayName($name); 1956 if ($password) 1957 $mem->setPassword($password); 1958 } 1959 1960 $oldEmail = $mem->getEmail(); 1961 1962 $mem->setRealName($realname); 1963 $mem->setEmail($email); 1964 $mem->setURL($url); 1965 $mem->setNotes($notes); 1966 $mem->setLanguage($deflang); 1967 1968 1969 // only allow super-admins to make changes to the admin status 1970 if ($member->isAdmin()) { 1971 $mem->setAdmin($admin); 1972 $mem->setCanLogin($canlogin); 1973 } 1974 1975 $autosave = postVar ('autosave'); 1976 $mem->setAutosave($autosave); 1977 1978 $mem->write(); 1979 1980 // store plugin options 1981 $aOptions = requestArray('plugoption'); 1982 NucleusPlugin::_applyPluginOptions($aOptions); 1983 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); 1984 1985 // if email changed, generate new password 1986 if ($oldEmail != $mem->getEmail()) 1987 { 1988 $mem->sendActivationLink('addresschange', $oldEmail); 1989 // logout member 1990 $mem->newCookieKey(); 1991 1992 // only log out if the member being edited is the current member. 1993 if ($member->getID() == $memberid) 1994 $member->logout(); 1995 $this->action_login(_MSG_ACTIVATION_SENT, 0); 1996 return; 1997 } 1998 1999 2000 if ( ( $mem->getID() == $member->getID() ) 2001 && ( $mem->getDisplayName() != $member->getDisplayName() ) 2002 ) { 2003 $mem->newCookieKey(); 2004 $member->logout(); 2005 $this->action_login(_MSG_LOGINAGAIN, 0); 2006 } else { 2007 $this->action_overview(_MSG_SETTINGSCHANGED); 2008 } 2009 } 2010 2011 /** 2012 * @todo document this 2013 */ 2014 function action_memberadd() { 2015 global $member, $manager; 2016 2017 // check if allowed 2018 $member->isAdmin() or $this->disallow(); 2019 2020 if (postVar('password') != postVar('repeatpassword')) 2021 $this->error(_ERROR_PASSWORDMISMATCH); 2022 if (strlen(postVar('password')) < 6) 2023 $this->error(_ERROR_PASSWORDTOOSHORT); 2024 2025 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes')); 2026 if ($res != 1) 2027 $this->error($res); 2028 2029 // fire PostRegister event 2030 $newmem = new MEMBER(); 2031 $newmem->readFromName(postVar('name')); 2032 $manager->notify('PostRegister',array('member' => &$newmem)); 2033 2034 $this->action_usermanagement(); 2035 } 2036 2037 /** 2038 * Account activation 2039 * 2040 * @author dekarma 2041 */ 2042 function action_activate() { 2043 2044 $key = getVar('key'); 2045 $this->_showActivationPage($key); 2046 } 2047 2048 /** 2049 * @todo document this 2050 */ 2051 function _showActivationPage($key, $message = '') 2052 { 2053 global $manager; 2054 2055 // clean up old activation keys 2056 MEMBER::cleanupActivationTable(); 2057 2058 // get activation info 2059 $info = MEMBER::getActivationInfo($key); 2060 2061 if (!$info) 2062 $this->error(_ERROR_ACTIVATE); 2063 2064 $mem = MEMBER::createFromId($info->vmember); 2065 2066 if (!$mem) 2067 $this->error(_ERROR_ACTIVATE); 2068 2069 $text = ''; 2070 $title = ''; 2071 $bNeedsPasswordChange = true; 2072 2073 switch ($info->vtype) 2074 { 2075 case 'forgot': 2076 $title = _ACTIVATE_FORGOT_TITLE; 2077 $text = _ACTIVATE_FORGOT_TEXT; 2078 break; 2079 case 'register': 2080 $title = _ACTIVATE_REGISTER_TITLE; 2081 $text = _ACTIVATE_REGISTER_TEXT; 2082 break; 2083 case 'addresschange': 2084 $title = _ACTIVATE_CHANGE_TITLE; 2085 $text = _ACTIVATE_CHANGE_TEXT; 2086 $bNeedsPasswordChange = false; 2087 MEMBER::activate($key); 2088 break; 2089 } 2090 2091 $aVars = array( 2092 'memberName' => htmlspecialchars($mem->getDisplayName()) 2093 ); 2094 $title = TEMPLATE::fill($title, $aVars); 2095 $text = TEMPLATE::fill($text, $aVars); 2096 2097 $this->pagehead(); 2098 2099 echo '<h2>' , $title, '</h2>'; 2100 echo '<p>' , $text, '</p>'; 2101 2102 if ($message != '') 2103 { 2104 echo '<p class="error">',$message,'</p>'; 2105 } 2106 2107 if ($bNeedsPasswordChange) 2108 { 2109 ?> 2110 <div><form action="index.php" method="post"> 2111 2112 <input type="hidden" name="action" value="activatesetpwd" /> 2113 <?php $manager->addTicketHidden() ?> 2114 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" /> 2115 2116 <table><tr> 2117 <td><?php echo _MEMBERS_PWD?></td> 2118 <td><input type="password" maxlength="40" size="16" name="password" /></td> 2119 </tr><tr> 2120 <td><?php echo _MEMBERS_REPPWD?></td> 2121 <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td> 2122 <?php 2123 2124 global $manager; 2125 $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem)); 2126 2127 ?> 2128 </tr><tr> 2129 <td><?php echo _MEMBERS_SETPWD ?></td> 2130 <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td> 2131 </tr></table> 2132 2133 2134 </form></div> 2135 2136 <?php 2137 2138 } 2139 2140 $this->pagefoot(); 2141 2142 } 2143 2144 /** 2145 * Account activation - set password part 2146 * 2147 * @author dekarma 2148 */ 2149 function action_activatesetpwd() { 2150 2151 $key = postVar('key'); 2152 2153 // clean up old activation keys 2154 MEMBER::cleanupActivationTable(); 2155 2156 // get activation info 2157 $info = MEMBER::getActivationInfo($key); 2158 2159 if (!$info || ($info->type == 'addresschange')) 2160 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 2161 2162 $mem = MEMBER::createFromId($info->vmember); 2163 2164 if (!$mem) 2165 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 2166 2167 $password = postVar('password'); 2168 $repeatpassword = postVar('repeatpassword'); 2169 2170 if ($password != $repeatpassword) 2171 return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); 2172 2173 if ($password && (strlen($password) < 6)) 2174 return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); 2175 2176 $pwdvalid = true; 2177 $pwderror = ''; 2178 global $manager; 2179 $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); 2180 if (!$pwdvalid) { 2181 return $this->_showActivationPage($key,$pwderror); 2182 } 2183 2184 $error = ''; 2185 2186 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error)); 2187 if ($error != '') 2188 return $this->_showActivationPage($key, $error); 2189 2190 2191 // set password 2192 $mem->setPassword($password); 2193 $mem->write(); 2194 2195 // do the activation 2196 MEMBER::activate($key); 2197 2198 $this->pagehead(); 2199 echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>'; 2200 echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>'; 2201 $this->pagefoot(); 2202 } 2203 2204 /** 2205 * Manage team 2206 */ 2207 function action_manageteam() { 2208 global $member, $manager; 2209 2210 $blogid = intRequestVar('blogid'); 2211 2212 // check if allowed 2213 $member->blogAdminRights($blogid) or $this->disallow(); 2214 2215 $this->pagehead(); 2216 2217 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 2218 2219 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>'; 2220 2221 echo '<h3>' . _TEAM_CURRENT . '</h3>'; 2222 2223 2224 2225 $query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin' 2226 . ' FROM '.sql_table('member').', '.sql_table('team') 2227 . ' WHERE tmember=mnumber and tblog=' . $blogid; 2228 2229 $template['content'] = 'teamlist'; 2230 $template['tabindex'] = 10; 2231 2232 $manager->loadClass("ENCAPSULATE"); 2233 $batch =& new BATCH('team'); 2234 $batch->showlist($query, 'table', $template); 2235 2236 ?> 2237 <h3><?php echo _TEAM_ADDNEW?></h3> 2238 2239 <form method='post' action='index.php'><div> 2240 2241 <input type='hidden' name='action' value='teamaddmember' /> 2242 <input type='hidden' name='blogid' value='<?php echo $blogid; ?>' /> 2243 <?php $manager->addTicketHidden() ?> 2244 2245 <table><tr> 2246 <td><?php echo _TEAM_CHOOSEMEMBER?></td> 2247 <td><?php // TODO: try to make it so only non-team-members are listed 2248 $query = 'SELECT mname as text, mnumber as value' 2249 . ' FROM '.sql_table('member'); 2250 2251 $template['name'] = 'memberid'; 2252 $template['tabindex'] = 10000; 2253 showlist($query,'select',$template); 2254 ?></td> 2255 </tr><tr> 2256 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td> 2257 <td><?php $this->input_yesno('admin',0,10020); ?></td> 2258 </tr><tr> 2259 <td><?php echo _TEAM_ADD?></td> 2260 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td> 2261 </tr></table> 2262 2263 </div></form> 2264 <?php 2265 $this->pagefoot(); 2266 } 2267 2268 /** 2269 * Add member to team 2270 */ 2271 function action_teamaddmember() { 2272 global $member, $manager; 2273 2274 $memberid = intPostVar('memberid'); 2275 $blogid = intPostVar('blogid'); 2276 $admin = intPostVar('admin'); 2277 2278 // check if allowed 2279 $member->blogAdminRights($blogid) or $this->disallow(); 2280 2281 $blog =& $manager->getBlog($blogid); 2282 if (!$blog->addTeamMember($memberid, $admin)) 2283 $this->error(_ERROR_ALREADYONTEAM); 2284 2285 $this->action_manageteam(); 2286 2287 } 2288 2289 /** 2290 * @todo document this 2291 */ 2292 function action_teamdelete() { 2293 global $member, $manager; 2294 2295 $memberid = intRequestVar('memberid'); 2296 $blogid = intRequestVar('blogid'); 2297 2298 // check if allowed 2299 $member->blogAdminRights($blogid) or $this->disallow(); 2300 2301 $teammem = MEMBER::createFromID($memberid); 2302 $blog =& $manager->getBlog($blogid); 2303 2304 $this->pagehead(); 2305 ?> 2306 <h2><?php echo _DELETE_CONFIRM?></h2> 2307 2308 <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b> 2309 </p> 2310 2311 2312 <form method="post" action="index.php"><div> 2313 <input type="hidden" name="action" value="teamdeleteconfirm" /> 2314 <?php $manager->addTicketHidden() ?> 2315 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 2316 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 2317 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 2318 </div></form> 2319 <?php 2320 $this->pagefoot(); 2321 } 2322 2323 /** 2324 * @todo document this 2325 */ 2326 function action_teamdeleteconfirm() { 2327 global $member; 2328 2329 $memberid = intRequestVar('memberid'); 2330 $blogid = intRequestVar('blogid'); 2331 2332 $error = $this->deleteOneTeamMember($blogid, $memberid); 2333 if ($error) 2334 $this->error($error); 2335 2336 2337 $this->action_manageteam(); 2338 } 2339 2340 /** 2341 * @todo document this 2342 */ 2343 function deleteOneTeamMember($blogid, $memberid) { 2344 global $member, $manager; 2345 2346 $blogid = intval($blogid); 2347 $memberid = intval($memberid); 2348 2349 // check if allowed 2350 if (!$member->blogAdminRights($blogid)) 2351 return _ERROR_DISALLOWED; 2352 2353 // check if: - there remains at least one blog admin 2354 // - (there remains at least one team member) 2355 $tmem = MEMBER::createFromID($memberid); 2356 2357 $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); 2358 2359 if ($tmem->isBlogAdmin($blogid)) { 2360 // check if there are more blog members left and at least one admin 2361 // (check for at least two admins before deletion) 2362 $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1'; 2363 $r = sql_query($query); 2364 if (sql_num_rows($r) < 2) 2365 return _ERROR_ATLEASTONEBLOGADMIN; 2366 } 2367 2368 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid"; 2369 sql_query($query); 2370 2371 $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid)); 2372 2373 return ''; 2374 } 2375 2376 /** 2377 * @todo document this 2378 */ 2379 function action_teamchangeadmin() { 2380 global $member; 2381 2382 $blogid = intRequestVar('blogid'); 2383 $memberid = intRequestVar('memberid'); 2384 2385 // check if allowed 2386 $member->blogAdminRights($blogid) or $this->disallow(); 2387 2388 $mem = MEMBER::createFromID($memberid); 2389 2390 // don't allow when there is only one admin at this moment 2391 if ($mem->isBlogAdmin($blogid)) { 2392 $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); 2393 if (sql_num_rows($r) == 1) 2394 $this->error(_ERROR_ATLEASTONEBLOGADMIN); 2395 } 2396 2397 if ($mem->isBlogAdmin($blogid)) 2398 $newval = 0; 2399 else 2400 $newval = 1; 2401 2402 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; 2403 sql_query($query); 2404 2405 // only show manageteam if member did not change its own admin privileges 2406 if ($member->isBlogAdmin($blogid)) 2407 $this->action_manageteam(); 2408 else 2409 $this->action_overview(_MSG_ADMINCHANGED); 2410 } 2411 2412 /** 2413 * @todo document this 2414 */ 2415 function action_blogsettings() { 2416 global $member, $manager; 2417 2418 $blogid = intRequestVar('blogid'); 2419 2420 // check if allowed 2421 $member->blogAdminRights($blogid) or $this->disallow(); 2422 2423 $blog =& $manager->getBlog($blogid); 2424 2425 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 2426 $this->pagehead($extrahead); 2427 2428 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 2429 ?> 2430 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2> 2431 2432 <h3><?php echo _EBLOG_TEAM_TITLE?></h3> 2433 2434 <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?> 2435 <?php 2436 $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid)); 2437 $aMemberNames = array(); 2438 while ($o = sql_fetch_object($res)) 2439 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')'); 2440 echo implode(',', $aMemberNames); 2441 ?> 2442 </p> 2443 2444 2445 2446 <p> 2447 <a href="index.php?action=manageteam&blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a> 2448 </p> 2449 2450 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3> 2451 2452 <form method="post" action="index.php"><div> 2453 2454 <input type="hidden" name="action" value="blogsettingsupdate" /> 2455 <?php $manager->addTicketHidden() ?> 2456 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 2457 <table><tr> 2458 <td><?php echo _EBLOG_NAME?></td> 2459 <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getName()) ?>" /></td> 2460 </tr><tr> 2461 <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?> 2462 <?php echo _EBLOG_SHORTNAME_EXTRA?> 2463 </td> 2464 <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo htmlspecialchars($blog->getShortName()) ?>" /></td> 2465 </tr><tr> 2466 <td><?php echo _EBLOG_DESC?></td> 2467 <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo htmlspecialchars($blog->getDescription()) ?>" /></td> 2468 </tr><tr> 2469 <td><?php echo _EBLOG_URL?></td> 2470 <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo htmlspecialchars($blog->getURL()) ?>" /></td> 2471 </tr><tr> 2472 <td><?php echo _EBLOG_DEFSKIN?> 2473 <?php help('blogdefaultskin'); ?> 2474 </td> 2475 <td> 2476 <?php 2477 $query = 'SELECT sdname as text, sdnumber as value' 2478 . ' FROM '.sql_table('skin_desc'); 2479 $template['name'] = 'defskin'; 2480 $template['selected'] = $blog->getDefaultSkin(); 2481 $template['tabindex'] = 50; 2482 showlist($query,'select',$template); 2483 ?> 2484 2485 </td> 2486 </tr><tr> 2487 <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?> 2488 </td> 2489 <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td> 2490 </tr><tr> 2491 <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?> 2492 </td> 2493 <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td> 2494 </tr><tr> 2495 <td><?php echo _EBLOG_DISABLECOMMENTS?> 2496 </td> 2497 <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td> 2498 </tr><tr> 2499 <td><?php echo _EBLOG_ANONYMOUS?> 2500 </td> 2501 <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td> 2502 </tr><tr> 2503 <td><?php echo _EBLOG_REQUIREDEMAIL?> 2504 </td> 2505 <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td> 2506 </tr><tr> 2507 <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td> 2508 <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo htmlspecialchars($blog->getNotifyAddress()); ?>" /></td> 2509 </tr><tr> 2510 <td><?php echo _EBLOG_NOTIFY_ON?></td> 2511 <td> 2512 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment" 2513 <?php if ($blog->notifyOnComment()) echo "checked='checked'" ?> 2514 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label> 2515 <br /> 2516 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote" 2517 <?php if ($blog->notifyOnVote()) echo "checked='checked'" ?> 2518 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label> 2519 <br /> 2520 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem" 2521 <?php if ($blog->notifyOnNewItem()) echo "checked='checked'" ?> 2522 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label> 2523 </td> 2524 </tr><tr> 2525 <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td> 2526 <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo htmlspecialchars($blog->getMaxComments()); ?>" /></td> 2527 </tr><tr> 2528 <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td> 2529 <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getUpdateFile()) ?>" /></td> 2530 </tr><tr> 2531 <td><?php echo _EBLOG_DEFCAT?></td> 2532 <td> 2533 <?php 2534 $query = 'SELECT cname as text, catid as value' 2535 . ' FROM '.sql_table('category') 2536 . ' WHERE cblog=' . $blog->getID(); 2537 $template['name'] = 'defcat'; 2538 $template['selected'] = $blog->getDefaultCategory(); 2539 $template['tabindex'] = 110; 2540 showlist($query,'select',$template); 2541 ?> 2542 </td> 2543 </tr><tr> 2544 <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?> 2545 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 2546 <br /><?php echo _EBLOG_BTIME?> <b><?php echo strftime("%H:%M",$blog->getCorrectTime()); ?></b> 2547 </td> 2548 <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo htmlspecialchars($blog->getTimeOffset()); ?>" /></td> 2549 </tr><tr> 2550 <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td> 2551 <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td> 2552 </tr> 2553 <?php 2554 // plugin options 2555 $this->_insertPluginOptions('blog',$blogid); 2556 ?> 2557 <tr> 2558 <th colspan="2"><?php echo _EBLOG_CHANGE?></th> 2559 </tr><tr> 2560 <td><?php echo _EBLOG_CHANGE?></td> 2561 <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td> 2562 </tr></table> 2563 2564 </div></form> 2565 2566 <h3><?php echo _EBLOG_CAT_TITLE?></h3> 2567 2568 2569 <?php 2570 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname'; 2571 $template['content'] = 'categorylist'; 2572 $template['tabindex'] = 200; 2573 2574 $manager->loadClass("ENCAPSULATE"); 2575 $batch =& new BATCH('category'); 2576 $batch->showlist($query,'table',$template); 2577 2578 ?> 2579 2580 2581 <form action="index.php" method="post"><div> 2582 <input name="action" value="categorynew" type="hidden" /> 2583 <?php $manager->addTicketHidden() ?> 2584 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" /> 2585 2586 <table><tr> 2587 <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th> 2588 </tr><tr> 2589 <td><?php echo _EBLOG_CAT_NAME?></td> 2590 <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td> 2591 </tr><tr> 2592 <td><?php echo _EBLOG_CAT_DESC?></td> 2593 <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td> 2594 </tr><tr> 2595 <td><?php echo _EBLOG_CAT_CREATE?></td> 2596 <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td> 2597 </tr></table> 2598 2599 </div></form> 2600 2601 <?php 2602 2603 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 2604 2605 $manager->notify( 2606 'BlogSettingsFormExtras', 2607 array( 2608 'blog' => &$blog 2609 ) 2610 ); 2611 2612 $this->pagefoot(); 2613 } 2614 2615 /** 2616 * @todo document this 2617 */ 2618 function action_categorynew() { 2619 global $member, $manager; 2620 2621 $blogid = intRequestVar('blogid'); 2622 2623 $member->blogAdminRights($blogid) or $this->disallow(); 2624 2625 $cname = postVar('cname'); 2626 $cdesc = postVar('cdesc'); 2627 2628 if (!isValidCategoryName($cname)) 2629 $this->error(_ERROR_BADCATEGORYNAME); 2630 2631 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid); 2632 $res = sql_query($query); 2633 if (sql_num_rows($res) > 0) 2634 $this->error(_ERROR_DUPCATEGORYNAME); 2635 2636 $blog =& $manager->getBlog($blogid); 2637 $newCatID = $blog->createNewCategory($cname, $cdesc); 2638 2639 $this->action_blogsettings(); 2640 } 2641 2642 /** 2643 * @todo document this 2644 */ 2645 function action_categoryedit($catid = '', $blogid = '', $desturl = '') { 2646 global $member, $manager; 2647 2648 if ($blogid == '') 2649 $blogid = intGetVar('blogid'); 2650 else 2651 $blogid = intval($blogid); 2652 if ($catid == '') 2653 $catid = intGetVar('catid'); 2654 else 2655 $catid = intval($catid); 2656 2657 $member->blogAdminRights($blogid) or $this->disallow(); 2658 2659 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid"); 2660 $obj = sql_fetch_object($res); 2661 2662 $cname = $obj->cname; 2663 $cdesc = $obj->cdesc; 2664 2665 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 2666 $this->pagehead($extrahead); 2667 2668 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 2669 2670 ?> 2671 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2> 2672 <form method='post' action='index.php'><div> 2673 <input name="blogid" type="hidden" value="<?php echo $blogid?>" /> 2674 <input name="catid" type="hidden" value="<?php echo $catid?>" /> 2675 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" /> 2676 <input name="action" type="hidden" value="categoryupdate" /> 2677 <?php $manager->addTicketHidden(); ?> 2678 2679 <table><tr> 2680 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 2681 </tr><tr> 2682 <td><?php echo _EBLOG_CAT_NAME?></td> 2683 <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td> 2684 </tr><tr> 2685 <td><?php echo _EBLOG_CAT_DESC?></td> 2686 <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td> 2687 </tr> 2688 <?php 2689 // insert plugin options 2690 $this->_insertPluginOptions('category',$catid); 2691 ?> 2692 <tr> 2693 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 2694 </tr><tr> 2695 <td><?php echo _EBLOG_CAT_UPDATE?></td> 2696 <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td> 2697 </tr></table> 2698 2699 </div></form> 2700 <?php 2701 $this->pagefoot(); 2702 } 2703 2704 /** 2705 * @todo document this 2706 */ 2707 function action_categoryupdate() { 2708 global $member, $manager; 2709 2710 $blogid = intPostVar('blogid'); 2711 $catid = intPostVar('catid'); 2712 $cname = postVar('cname'); 2713 $cdesc = postVar('cdesc'); 2714 $desturl = postVar('desturl'); 2715 2716 $member->blogAdminRights($blogid) or $this->disallow(); 2717 2718 if (!isValidCategoryName($cname)) 2719 $this->error(_ERROR_BADCATEGORYNAME); 2720 2721 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)"; 2722 $res = sql_query($query); 2723 if (sql_num_rows($res) > 0) 2724 $this->error(_ERROR_DUPCATEGORYNAME); 2725 2726 $query = 'UPDATE '.sql_table('category').' SET' 2727 . " cname='" . addslashes($cname) . "'," 2728 . " cdesc='" . addslashes($cdesc) . "'" 2729 . " WHERE catid=" . $catid; 2730 2731 sql_query($query); 2732 2733 // store plugin options 2734 $aOptions = requestArray('plugoption'); 2735 NucleusPlugin::_applyPluginOptions($aOptions); 2736 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid)); 2737 2738 2739 if ($desturl) { 2740 redirect($desturl); 2741 exit; 2742 } else { 2743 $this->action_blogsettings(); 2744 } 2745 } 2746 2747 /** 2748 * @todo document this 2749 */ 2750 function action_categorydelete() { 2751 global $member, $manager; 2752 2753 $blogid = intRequestVar('blogid'); 2754 $catid = intRequestVar('catid'); 2755 2756 $member->blogAdminRights($blogid) or $this->disallow(); 2757 2758 $blog =& $manager->getBlog($blogid); 2759 2760 // check if the category is valid 2761 if (!$blog->isValidCategory($catid)) 2762 $this->error(_ERROR_NOSUCHCATEGORY); 2763 2764 // don't allow deletion of default category 2765 if ($blog->getDefaultCategory() == $catid) 2766 $this->error(_ERROR_DELETEDEFCATEGORY); 2767 2768 // check if catid is the only category left for blogid 2769 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 2770 $res = sql_query($query); 2771 if (sql_num_rows($res) == 1) 2772 $this->error(_ERROR_DELETELASTCATEGORY); 2773 2774 2775 $this->pagehead(); 2776 ?> 2777 <h2><?php echo _DELETE_CONFIRM?></h2> 2778 2779 <div> 2780 <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo htmlspecialchars($blog->getCategoryName($catid))?></b> 2781 </div> 2782 2783 <form method="post" action="index.php"><div> 2784 <input type="hidden" name="action" value="categorydeleteconfirm" /> 2785 <?php $manager->addTicketHidden() ?> 2786 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 2787 <input type="hidden" name="catid" value="<?php echo $catid?>" /> 2788 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 2789 </div></form> 2790 <?php 2791 $this->pagefoot(); 2792 } 2793 2794 /** 2795 * @todo document this 2796 */ 2797 function action_categorydeleteconfirm() { 2798 global $member, $manager; 2799 2800 $blogid = intRequestVar('blogid'); 2801 $catid = intRequestVar('catid'); 2802 2803 $member->blogAdminRights($blogid) or $this->disallow(); 2804 2805 $error = $this->deleteOneCategory($catid); 2806 if ($error) 2807 $this->error($error); 2808 2809 $this->action_blogsettings(); 2810 } 2811 2812 /** 2813 * @todo document this 2814 */ 2815 function deleteOneCategory($catid) { 2816 global $manager, $member; 2817 2818 $catid = intval($catid); 2819 2820 $blogid = getBlogIDFromCatID($catid); 2821 2822 if (!$member->blogAdminRights($blogid)) 2823 return ERROR_DISALLOWED; 2824 2825 // get blog 2826 $blog =& $manager->getBlog($blogid); 2827 2828 // check if the category is valid 2829 if (!$blog || !$blog->isValidCategory($catid)) 2830 return _ERROR_NOSUCHCATEGORY; 2831 2832 $destcatid = $blog->getDefaultCategory(); 2833 2834 // don't allow deletion of default category 2835 if ($blog->getDefaultCategory() == $catid) 2836 return _ERROR_DELETEDEFCATEGORY; 2837 2838 // check if catid is the only category left for blogid 2839 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 2840 $res = sql_query($query); 2841 if (sql_num_rows($res) == 1) 2842 return _ERROR_DELETELASTCATEGORY; 2843 2844 $manager->notify('PreDeleteCategory', array('catid' => $catid)); 2845 2846 // change category for all items to the default category 2847 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid"; 2848 sql_query($query); 2849 2850 // delete all associated plugin options 2851 NucleusPlugin::_deleteOptionValues('category', $catid); 2852 2853 // delete category 2854 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid; 2855 sql_query($query); 2856 2857 $manager->notify('PostDeleteCategory', array('catid' => $catid)); 2858 2859 } 2860 2861 /** 2862 * @todo document this 2863 */ 2864 function moveOneCategory($catid, $destblogid) { 2865 global $manager, $member; 2866 2867 $catid = intval($catid); 2868 $destblogid = intval($destblogid); 2869 2870 $blogid = getBlogIDFromCatID($catid); 2871 2872 // mover should have admin rights on both blogs 2873 if (!$member->blogAdminRights($blogid)) 2874 return _ERROR_DISALLOWED; 2875 if (!$member->blogAdminRights($destblogid)) 2876 return _ERROR_DISALLOWED; 2877 2878 // cannot move to self 2879 if ($blogid == $destblogid) 2880 return _ERROR_MOVETOSELF; 2881 2882 // get blogs 2883 $blog =& $manager->getBlog($blogid); 2884 $destblog =& $manager->getBlog($destblogid); 2885 2886 // check if the category is valid 2887 if (!$blog || !$blog->isValidCategory($catid)) 2888 return _ERROR_NOSUCHCATEGORY; 2889 2890 // don't allow default category to be moved 2891 if ($blog->getDefaultCategory() == $catid) 2892 return _ERROR_MOVEDEFCATEGORY; 2893 2894 $manager->notify( 2895 'PreMoveCategory', 2896 array( 2897 'catid' => &$catid, 2898 'sourceblog' => &$blog, 2899 'destblog' => &$destblog 2900 ) 2901 ); 2902 2903 // update comments table (cblog) 2904 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid; 2905 $items = sql_query($query); 2906 while ($oItem = sql_fetch_object($items)) { 2907 sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber); 2908 } 2909 2910 // update items (iblog) 2911 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid; 2912 sql_query($query); 2913 2914 // move category 2915 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid; 2916 sql_query($query); 2917 2918 $manager->notify( 2919 'PostMoveCategory', 2920 array( 2921 'catid' => &$catid, 2922 'sourceblog' => &$blog, 2923 'destblog' => $destblog 2924 ) 2925 ); 2926 2927 } 2928 2929 /** 2930 * @todo document this 2931 */ 2932 function action_blogsettingsupdate() { 2933 global $member, $manager; 2934 2935 $blogid = intRequestVar('blogid'); 2936 2937 $member->blogAdminRights($blogid) or $this->disallow(); 2938 2939 $blog =& $manager->getBlog($blogid); 2940 2941 $notify = trim(postVar('notify')); 2942 $shortname = trim(postVar('shortname')); 2943 $updatefile = trim(postVar('update')); 2944 2945 $notifyComment = intPostVar('notifyComment'); 2946 $notifyVote = intPostVar('notifyVote'); 2947 $notifyNewItem = intPostVar('notifyNewItem'); 2948 2949 if ($notifyComment == 0) $notifyComment = 1; 2950 if ($notifyVote == 0) $notifyVote = 1; 2951 if ($notifyNewItem == 0) $notifyNewItem = 1; 2952 2953 $notifyType = $notifyComment * $notifyVote * $notifyNewItem; 2954 2955 2956 if ($notify) { 2957 $not =& new NOTIFICATION($notify); 2958 if (!$not->validAddresses()) 2959 $this->error(_ERROR_BADNOTIFY); 2960 2961 } 2962 2963 if (!isValidShortName($shortname)) 2964 $this->error(_ERROR_BADSHORTBLOGNAME); 2965 2966 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname)) 2967 $this->error(_ERROR_DUPSHORTBLOGNAME); 2968 2969 // check if update file is writable 2970 if ($updatefile && !is_writeable($updatefile)) 2971 $this->error(_ERROR_UPDATEFILE); 2972 2973 $blog->setName(trim(postVar('name'))); 2974 $blog->setShortName($shortname); 2975 $blog->setNotifyAddress($notify); 2976 $blog->setNotifyType($notifyType); 2977 $blog->setMaxComments(postVar('maxcomments')); 2978 $blog->setCommentsEnabled(postVar('comments')); 2979 $blog->setTimeOffset(postVar('timeoffset')); 2980 $blog->setUpdateFile($updatefile); 2981 $blog->setURL(trim(postVar('url'))); 2982 $blog->setDefaultSkin(intPostVar('defskin')); 2983 $blog->setDescription(trim(postVar('desc'))); 2984 $blog->setPublic(postVar('public')); 2985 $blog->setConvertBreaks(intPostVar('convertbreaks')); 2986 $blog->setAllowPastPosting(intPostVar('allowpastposting')); 2987 $blog->setDefaultCategory(intPostVar('defcat')); 2988 $blog->setSearchable(intPostVar('searchable')); 2989 $blog->setEmailRequired(intPostVar('reqemail')); 2990 2991 $blog->writeSettings(); 2992 2993 // store plugin options 2994 $aOptions = requestArray('plugoption'); 2995 NucleusPlugin::_applyPluginOptions($aOptions); 2996 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog)); 2997 2998 2999 $this->action_overview(_MSG_SETTINGSCHANGED); 3000 } 3001 3002 /** 3003 * @todo document this 3004 */ 3005 function action_deleteblog() { 3006 global $member, $CONF, $manager; 3007 3008 $blogid = intRequestVar('blogid'); 3009 3010 $member->blogAdminRights($blogid) or $this->disallow(); 3011 3012 // check if blog is default blog 3013 if ($CONF['DefaultBlog'] == $blogid) 3014 $this->error(_ERROR_DELDEFBLOG); 3015 3016 $blog =& $manager->getBlog($blogid); 3017 3018 $this->pagehead(); 3019 ?> 3020 <h2><?php echo _DELETE_CONFIRM?></h2> 3021 3022 <p><?php echo _WARNINGTXT_BLOGDEL?> 3023 </p> 3024 3025 <div> 3026 <?php echo _CONFIRMTXT_BLOG?><b><?php echo htmlspecialchars($blog->getName())?></b> 3027 </div> 3028 3029 <form method="post" action="index.php"><div> 3030 <input type="hidden" name="action" value="deleteblogconfirm" /> 3031 <?php $manager->addTicketHidden() ?> 3032 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 3033 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 3034 </div></form> 3035 <?php 3036 $this->pagefoot(); 3037 } 3038 3039 /** 3040 * @todo document this 3041 */ 3042 function action_deleteblogconfirm() { 3043 global $member, $CONF, $manager; 3044 3045 $blogid = intRequestVar('blogid'); 3046 3047 $manager->notify('PreDeleteBlog', array('blogid' => $blogid)); 3048 3049 $member->blogAdminRights($blogid) or $this->disallow(); 3050 3051 // check if blog is default blog 3052 if ($CONF['DefaultBlog'] == $blogid) 3053 $this->error(_ERROR_DELDEFBLOG); 3054 3055 // delete all comments 3056 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid; 3057 sql_query($query); 3058 3059 // delete all items 3060 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid; 3061 sql_query($query); 3062 3063 // delete all team members 3064 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid; 3065 sql_query($query); 3066 3067 // delete all bans 3068 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid; 3069 sql_query($query); 3070 3071 // delete all categories 3072 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid; 3073 sql_query($query); 3074 3075 // delete all associated plugin options 3076 NucleusPlugin::_deleteOptionValues('blog', $blogid); 3077 3078 // delete the blog itself 3079 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid; 3080 sql_query($query); 3081 3082 $manager->notify('PostDeleteBlog', array('blogid' => $blogid)); 3083 3084 $this->action_overview(_DELETED_BLOG); 3085 } 3086 3087 /** 3088 * @todo document this 3089 */ 3090 function action_memberdelete() { 3091 global $member, $manager; 3092 3093 $memberid = intRequestVar('memberid'); 3094 3095 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 3096 3097 $mem = MEMBER::createFromID($memberid); 3098 3099 $this->pagehead(); 3100 ?> 3101 <h2><?php echo _DELETE_CONFIRM?></h2> 3102 3103 <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b> 3104 </p> 3105 3106 <p> 3107 <?php echo _WARNINGTXT_NOTDELMEDIAFILES ?> 3108 </p> 3109 3110 <form method="post" action="index.php"><div> 3111 <input type="hidden" name="action" value="memberdeleteconfirm" /> 3112 <?php $manager->addTicketHidden() ?> 3113 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 3114 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 3115 </div></form> 3116 <?php 3117 $this->pagefoot(); 3118 } 3119 3120 /** 3121 * @todo document this 3122 */ 3123 function action_memberdeleteconfirm() { 3124 global $member; 3125 3126 $memberid = intRequestVar('memberid'); 3127 3128 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 3129 3130 $error = $this->deleteOneMember($memberid); 3131 if ($error) 3132 $this->error($error); 3133 3134 if ($member->isAdmin()) 3135 $this->action_usermanagement(); 3136 else 3137 $this->action_overview(_DELETED_MEMBER); 3138 } 3139 3140 /** 3141 * @static 3142 * @todo document this 3143 */ 3144 function deleteOneMember($memberid) { 3145 global $manager; 3146 3147 $memberid = intval($memberid); 3148 $mem = MEMBER::createFromID($memberid); 3149 3150 if (!$mem->canBeDeleted()) 3151 return _ERROR_DELETEMEMBER; 3152 3153 $manager->notify('PreDeleteMember', array('member' => &$mem)); 3154 3155 /* unlink comments from memberid */ 3156 if ($memberid) { 3157 $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. addslashes($mem->getDisplayName()) 3158 .'" WHERE cmember='.$memberid; 3159 sql_query($query); 3160 } 3161 3162 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid; 3163 sql_query($query); 3164 3165 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid; 3166 sql_query($query); 3167 3168 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid; 3169 sql_query($query); 3170 3171 // delete all associated plugin options 3172 NucleusPlugin::_deleteOptionValues('member', $memberid); 3173 3174 $manager->notify('PostDeleteMember', array('member' => &$mem)); 3175 3176 return ''; 3177 } 3178 3179 /** 3180 * @todo document this 3181 */ 3182 function action_createnewlog() { 3183 global $member, $CONF, $manager; 3184 3185 // Only Super-Admins can do this 3186 $member->isAdmin() or $this->disallow(); 3187 3188 $this->pagehead(); 3189 3190 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3191 ?> 3192 <h2><?php echo _EBLOG_CREATE_TITLE?></h2> 3193 3194 <h3><?php echo _ADMIN_NOTABILIA ?></h3> 3195 3196 <p><?php echo _ADMIN_PLEASE_READ ?></p> 3197 3198 <p><?php echo _ADMIN_HOW_TO_ACCESS ?></p> 3199 3200 <ol> 3201 <li><?php echo _ADMIN_SIMPLE_WAY ?></li> 3202 <li><?php echo _ADMIN_ADVANCED_WAY ?></li> 3203 </ol> 3204 3205 <h3><?php echo _ADMIN_HOW_TO_CREATE ?></h3> 3206 3207 <p> 3208 <?php echo _EBLOG_CREATE_TEXT?> 3209 </p> 3210 3211 <form method="post" action="index.php"><div> 3212 3213 <input type="hidden" name="action" value="addnewlog" /> 3214 <?php $manager->addTicketHidden() ?> 3215 3216 3217 <table><tr> 3218 <td><?php echo _EBLOG_NAME?></td> 3219 <td><input name="name" tabindex="10" size="40" maxlength="60" /></td> 3220 </tr><tr> 3221 <td><?php echo _EBLOG_SHORTNAME?> 3222 <?php help('shortblogname'); ?> 3223 </td> 3224 <td><input name="shortname" tabindex="20" maxlength="15" size="15" /></td> 3225 </tr><tr> 3226 <td><?php echo _EBLOG_DESC?></td> 3227 <td><input name="desc" tabindex="30" maxlength="200" size="40" /></td> 3228 </tr><tr> 3229 <td><?php echo _EBLOG_DEFSKIN?> 3230 <?php help('blogdefaultskin'); ?> 3231 </td> 3232 <td> 3233 <?php 3234 $query = 'SELECT sdname as text, sdnumber as value' 3235 . ' FROM '.sql_table('skin_desc'); 3236 $template['name'] = 'defskin'; 3237 $template['tabindex'] = 50; 3238 $template['selected'] = $CONF['BaseSkin']; // set default selected skin to be globally defined base skin 3239 showlist($query,'select',$template); 3240 ?> 3241 </td> 3242 </tr><tr> 3243 <td><?php echo _EBLOG_OFFSET?> 3244 <?php help('blogtimeoffset'); ?> 3245 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 3246 </td> 3247 <td><input name="timeoffset" tabindex="110" size="3" value="0" /></td> 3248 </tr><tr> 3249 <td><?php echo _EBLOG_ADMIN?> 3250 <?php help('teamadmin'); ?> 3251 </td> 3252 <td><?php echo _EBLOG_ADMIN_MSG?></td> 3253 </tr><tr> 3254 <td><?php echo _EBLOG_CREATE?></td> 3255 <td><input type="submit" tabindex="120" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3256 </tr></table> 3257 3258 </div></form> 3259 <?php 3260 $this->pagefoot(); 3261 } 3262 3263 /** 3264 * @todo document this 3265 */ 3266 function action_addnewlog() { 3267 global $member, $manager, $CONF; 3268 3269 // Only Super-Admins can do this 3270 $member->isAdmin() or $this->disallow(); 3271 3272 $bname = trim(postVar('name')); 3273 $bshortname = trim(postVar('shortname')); 3274 $btimeoffset = postVar('timeoffset'); 3275 $bdesc = trim(postVar('desc')); 3276 $bdefskin = postVar('defskin'); 3277 3278 if (!isValidShortName($bshortname)) 3279 $this->error(_ERROR_BADSHORTBLOGNAME); 3280 3281 if ($manager->existsBlog($bshortname)) 3282 $this->error(_ERROR_DUPSHORTBLOGNAME); 3283 3284 $manager->notify( 3285 'PreAddBlog', 3286 array( 3287 'name' => &$bname, 3288 'shortname' => &$bshortname, 3289 'timeoffset' => &$btimeoffset, 3290 'description' => &$bdesc, 3291 'defaultskin' => &$bdefskin 3292 ) 3293 ); 3294 3295 3296 // add slashes for sql queries 3297 $bname = addslashes($bname); 3298 $bshortname = addslashes($bshortname); 3299 $btimeoffset = addslashes($btimeoffset); 3300 $bdesc = addslashes($bdesc); 3301 $bdefskin = addslashes($bdefskin); 3302 3303 // create blog 3304 $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')"; 3305 sql_query($query); 3306 $blogid = sql_insert_id(); 3307 $blog =& $manager->getBlog($blogid); 3308 3309 // create new category 3310 $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General'); 3311 $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories'); 3312 $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")'; 3313 sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc)); 3314 // sql_query(sprintf($sql, sql_table('category'), $blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)); 3315 // sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)"); 3316 $catid = sql_insert_id(); 3317 3318 // set as default category 3319 $blog->setDefaultCategory($catid); 3320 $blog->writeSettings(); 3321 3322 // create team member 3323 $memberid = $member->getID(); 3324 $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)"; 3325 sql_query($query); 3326 3327 $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item'); 3328 $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.'); 3329 3330 $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); 3331 //$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); 3332 3333 3334 3335 $manager->notify( 3336 'PostAddBlog', 3337 array( 3338 'blog' => &$blog 3339 ) 3340 ); 3341 3342 $manager->notify( 3343 'PostAddCategory', 3344 array( 3345 'blog' => &$blog, 3346 'name' => _EBLOGDEFAULTCATEGORY_NAME, 3347 'description' => _EBLOGDEFAULTCATEGORY_DESC, 3348 'catid' => $catid 3349 ) 3350 ); 3351 3352 $this->pagehead(); 3353 ?> 3354 <h2><?php echo _BLOGCREATED_TITLE ?></h2> 3355 3356 <p><?php echo sprintf(_BLOGCREATED_ADDEDTXT, htmlspecialchars($bname)) ?></p> 3357 3358 <ol> 3359 <li><a href="#index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></a></li> 3360 <li><a href="#skins"><?php echo _BLOGCREATED_ADVANCEDWAY ?></a></li> 3361 </ol> 3362 3363 <h3><a id="index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3> 3364 3365 <p><?php echo sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p> 3366 <pre><code><?php 3367 3368 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>'; 3369 3370 include('<i>./config.php</i>'); 3371 3372 selectBlog('<b><?php echo htmlspecialchars($bshortname)?></b>'); 3373 selector(); 3374 3375 ?></code></pre> 3376 3377 <p><?php echo _BLOGCREATED_SIMPLEDESC3 ?></p> 3378 3379 <p><?php echo _BLOGCREATED_SIMPLEDESC4 ?></p> 3380 3381 <form action="index.php" method="post"><div> 3382 <input type="hidden" name="action" value="addnewlog2" /> 3383 <?php $manager->addTicketHidden() ?> 3384 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 3385 <table><tr> 3386 <td><?php echo _EBLOG_URL?></td> 3387 <td><input name="url" maxlength="100" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL'].$bshortname.'.php')?>" /></td> 3388 </tr><tr> 3389 <td><?php echo _EBLOG_CREATE?></td> 3390 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3391 </tr></table> 3392 </div></form> 3393 3394 <h3><a id="skins"><?php echo _BLOGCREATED_ADVANCEDWAY2 ?></a></h3> 3395 3396 <p><?php echo _BLOGCREATED_ADVANCEDWAY3 ?></p> 3397 3398 <form action="index.php" method="post"><div> 3399 <input type="hidden" name="action" value="addnewlog2" /> 3400 <?php $manager->addTicketHidden() ?> 3401 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 3402 <table><tr> 3403 <td><?php echo _EBLOG_URL?></td> 3404 <td><input name="url" maxlength="100" size="40" /></td> 3405 </tr><tr> 3406 <td><?php echo _EBLOG_CREATE?></td> 3407 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3408 </tr></table> 3409 </div></form> 3410 3411 <?php $this->pagefoot(); 3412 3413 } 3414 3415 /** 3416 * @todo document this 3417 */ 3418 function action_addnewlog2() { 3419 global $member, $manager; 3420 3421 $member->blogAdminRights($blogid) or $this->disallow(); 3422 3423 $burl = requestVar('url'); 3424 $blogid = intRequestVar('blogid'); 3425 3426 $blog =& $manager->getBlog($blogid); 3427 $blog->setURL(trim($burl)); 3428 $blog->writeSettings(); 3429 3430 $this->action_overview(_MSG_NEWBLOG); 3431 } 3432 3433 /** 3434 * @todo document this 3435 */ 3436 function action_skinieoverview() { 3437 global $member, $DIR_LIBS, $manager; 3438 3439 $member->isAdmin() or $this->disallow(); 3440 3441 // load skinie class 3442 include_once ($DIR_LIBS . 'skinie.php'); 3443 3444 $this->pagehead(); 3445 3446 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3447 3448 ?> 3449 <h2><?php echo _SKINIE_TITLE_IMPORT?></h2> 3450 3451 <p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label> 3452 <?php global $DIR_SKINS; 3453 3454 $candidates = SKINIMPORT::searchForCandidates($DIR_SKINS); 3455 3456 if (sizeof($candidates) > 0) { 3457 ?> 3458 <form method="post" action="index.php"><div> 3459 <input type="hidden" name="action" value="skinieimport" /> 3460 <?php $manager->addTicketHidden() ?> 3461 <input type="hidden" name="mode" value="file" /> 3462 <select name="skinfile" id="skinie_import_local"> 3463 <?php foreach ($candidates as $skinname => $skinfile) { 3464 $html = htmlspecialchars($skinfile); 3465 echo '<option value="',$html,'">',$skinname,'</option>'; 3466 } 3467 ?> 3468 </select> 3469 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 3470 </div></form> 3471 <?php } else { 3472 echo _SKINIE_NOCANDIDATES; 3473 } 3474 ?> 3475 </p> 3476 3477 <p><em><?php echo _OR?></em></p> 3478 3479 <form method="post" action="index.php"><p> 3480 <?php $manager->addTicketHidden() ?> 3481 <input type="hidden" name="action" value="skinieimport" /> 3482 <input type="hidden" name="mode" value="url" /> 3483 <label for="skinie_import_url"><?php echo _SKINIE_FROMURL?></label> 3484 <input type="text" name="skinfile" id="skinie_import_url" size="60" value="http://" /> 3485 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 3486 </p></form> 3487 3488 3489 <h2><?php echo _SKINIE_TITLE_EXPORT?></h2> 3490 <form method="post" action="index.php"><div> 3491 <input type="hidden" name="action" value="skinieexport" /> 3492 <?php $manager->addTicketHidden() ?> 3493 3494 <p><?php echo _SKINIE_EXPORT_INTRO?></p> 3495 3496 <table><tr> 3497 <th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th> 3498 </tr><tr> 3499 <?php // show list of skins 3500 $res = sql_query('SELECT * FROM '.sql_table('skin_desc')); 3501 while ($skinObj = sql_fetch_object($res)) { 3502 $id = 'skinexp' . $skinObj->sdnumber; 3503 echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']" id="',$id,'" />'; 3504 echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>'; 3505 echo '<td>',htmlspecialchars($skinObj->sddesc),'</td>'; 3506 echo '</tr><tr>'; 3507 } 3508 3509 echo '<th colspan="2">',_SKINIE_EXPORT_TEMPLATES,'</th></tr><tr>'; 3510 3511 // show list of templates 3512 $res = sql_query('SELECT * FROM '.sql_table('template_desc')); 3513 while ($templateObj = sql_fetch_object($res)) { 3514 $id = 'templateexp' . $templateObj->tdnumber; 3515 echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />'; 3516 echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>'; 3517 echo '<td>',htmlspecialchars($templateObj->tddesc),'</td>'; 3518 echo '</tr><tr>'; 3519 } 3520 3521 ?> 3522 <th colspan="2"><?php echo _SKINIE_EXPORT_EXTRA?></th> 3523 </tr><tr> 3524 <td colspan="2"><textarea cols="40" rows="5" name="info"></textarea></td> 3525 </tr><tr> 3526 <th colspan="2"><?php echo _SKINIE_TITLE_EXPORT?></th> 3527 </tr><tr> 3528 <td colspan="2"><input type="submit" value="<?php echo _SKINIE_BTN_EXPORT?>" /></td> 3529 </tr></table> 3530 </div></form> 3531 3532 <?php 3533 $this->pagefoot(); 3534 3535 } 3536 3537 /** 3538 * @todo document this 3539 */ 3540 function action_skinieimport() { 3541 global $member, $DIR_LIBS, $DIR_SKINS, $manager; 3542 3543 $member->isAdmin() or $this->disallow(); 3544 3545 // load skinie class 3546 include_once ($DIR_LIBS . 'skinie.php'); 3547 3548 $skinFileRaw= postVar('skinfile'); 3549 $mode = postVar('mode'); 3550 3551 $importer =& new SKINIMPORT(); 3552 3553 // get full filename 3554 if ($mode == 'file') 3555 { 3556 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 3557 3558 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 3559 if (!file_exists($skinFile)) 3560 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 3561 } else { 3562 $skinFile = $skinFileRaw; 3563 } 3564 3565 // read only metadata 3566 $error = $importer->readFile($skinFile, 1); 3567 3568 // clashes 3569 $skinNameClashes = $importer->checkSkinNameClashes(); 3570 $templateNameClashes = $importer->checkTemplateNameClashes(); 3571 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); 3572 3573 if ($error) $this->error($error); 3574 3575 $this->pagehead(); 3576 3577 echo '<p><a href="index.php?action=skinieoverview">(',_BACK,')</a></p>'; 3578 ?> 3579 <h2><?php echo _SKINIE_CONFIRM_TITLE?></h2> 3580 3581 <ul> 3582 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 3583 <li><p><strong><?php echo _SKINIE_INFO_SKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 3584 <li><p><strong><?php echo _SKINIE_INFO_TEMPLATES?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 3585 <?php 3586 if ($hasNameClashes) 3587 { 3588 ?> 3589 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_SKINCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$skinNameClashes)?></p></li> 3590 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_TEMPLCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$templateNameClashes)?></p></li> 3591 <?php 3592 } // if (hasNameClashes) 3593 ?> 3594 </ul> 3595 3596 <form method="post" action="index.php"><div> 3597 <input type="hidden" name="action" value="skiniedoimport" /> 3598 <?php $manager->addTicketHidden() ?> 3599 <input type="hidden" name="skinfile" value="<?php echo htmlspecialchars(postVar('skinfile'))?>" /> 3600 <input type="hidden" name="mode" value="<?php echo htmlspecialchars($mode)?>" /> 3601 <input type="submit" value="<?php echo _SKINIE_CONFIRM_IMPORT?>" /> 3602 <?php 3603 if ($hasNameClashes) 3604 { 3605 ?> 3606 <br /> 3607 <input type="checkbox" name="overwrite" value="1" id="cb_overwrite" /><label for="cb_overwrite"><?php echo _SKINIE_CONFIRM_OVERWRITE?></label> 3608 <?php 3609 } // if (hasNameClashes) 3610 ?> 3611 </div></form> 3612 3613 3614 <?php 3615 $this->pagefoot(); 3616 } 3617 3618 /** 3619 * @todo document this 3620 */ 3621 function action_skiniedoimport() { 3622 global $member, $DIR_LIBS, $DIR_SKINS; 3623 3624 $member->isAdmin() or $this->disallow(); 3625 3626 // load skinie class 3627 include_once ($DIR_LIBS . 'skinie.php'); 3628 3629 $skinFileRaw= postVar('skinfile'); 3630 $mode = postVar('mode'); 3631 3632 $allowOverwrite = intPostVar('overwrite'); 3633 3634 // get full filename 3635 if ($mode == 'file') 3636 { 3637 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 3638 3639 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 3640 if (!file_exists($skinFile)) 3641 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 3642 3643 } else { 3644 $skinFile = $skinFileRaw; 3645 } 3646 3647 $importer =& new SKINIMPORT(); 3648 3649 $error = $importer->readFile($skinFile); 3650 3651 if ($error) 3652 $this->error($error); 3653 3654 $error = $importer->writeToDatabase($allowOverwrite); 3655 3656 if ($error) 3657 $this->error($error); 3658 3659 $this->pagehead(); 3660 3661 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3662 ?> 3663 <h2><?php echo _SKINIE_DONE?></h2> 3664 3665 <ul> 3666 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 3667 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDSKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 3668 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 3669 </ul> 3670 3671 <?php $this->pagefoot(); 3672 3673 } 3674 3675 /** 3676 * @todo document this 3677 */ 3678 function action_skinieexport() { 3679 global $member, $DIR_LIBS; 3680 3681 $member->isAdmin() or $this->disallow(); 3682 3683 // load skinie class 3684 include_once ($DIR_LIBS . 'skinie.php'); 3685 3686 $aSkins = requestIntArray('skin'); 3687 $aTemplates = requestIntArray('template'); 3688 3689 if (!is_array($aTemplates)) $aTemplates = array(); 3690 if (!is_array($aSkins)) $aSkins = array(); 3691 3692 $skinList = array_keys($aSkins); 3693 $templateList = array_keys($aTemplates); 3694 3695 $info = postVar('info'); 3696 3697 $exporter =& new SKINEXPORT(); 3698 foreach ($skinList as $skinId) { 3699 $exporter->addSkin($skinId); 3700 } 3701 foreach ($templateList as $templateId) { 3702 $exporter->addTemplate($templateId); 3703 } 3704 $exporter->setInfo($info); 3705 3706 $exporter->export(); 3707 } 3708 3709 /** 3710 * @todo document this 3711 */ 3712 function action_templateoverview() { 3713 global $member, $manager; 3714 3715 $member->isAdmin() or $this->disallow(); 3716 3717 $this->pagehead(); 3718 3719 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 3720 3721 echo '<h2>' . _TEMPLATE_TITLE . '</h2>'; 3722 echo '<h3>' . _TEMPLATE_AVAILABLE_TITLE . '</h3>'; 3723 3724 $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname'; 3725 $template['content'] = 'templatelist'; 3726 $template['tabindex'] = 10; 3727 showlist($query,'table',$template); 3728 3729 echo '<h3>' . _TEMPLATE_NEW_TITLE . '</h3>'; 3730 3731 ?> 3732 <form method="post" action="index.php"><div> 3733 3734 <input name="action" value="templatenew" type="hidden" /> 3735 <?php $manager->addTicketHidden() ?> 3736 <table><tr> 3737 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 3738 <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td> 3739 </tr><tr> 3740 <td><?php echo _TEMPLATE_DESC?></td> 3741 <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td> 3742 </tr><tr> 3743 <td><?php echo _TEMPLATE_CREATE?></td> 3744 <td><input type="submit" tabindex="10030" value="<?php echo _TEMPLATE_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 3745 </tr></table> 3746 3747 </div></form> 3748 3749 <?php 3750 $this->pagefoot(); 3751 } 3752 3753 /** 3754 * @todo document this 3755 */ 3756 function action_templateedit($msg = '') { 3757 global $member, $manager; 3758 3759 $templateid = intRequestVar('templateid'); 3760 3761 $member->isAdmin() or $this->disallow(); 3762 3763 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>'; 3764 $extrahead .= '<script type="text/javascript">setTemplateEditText("'.addslashes(_EDITTEMPLATE_EMPTY).'");</script>'; 3765 3766 $this->pagehead($extrahead); 3767 3768 $templatename = TEMPLATE::getNameFromId($templateid); 3769 $templatedescription = TEMPLATE::getDesc($templateid); 3770 $template =& $manager->getTemplate($templatename); 3771 3772 ?> 3773 <p> 3774 <a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a> 3775 </p> 3776 3777 <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo htmlspecialchars($templatename); ?>'</h2> 3778 3779 <?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>"; 3780 ?> 3781 3782 <p><?php echo _TEMPLATE_EDIT_MSG?></p> 3783 3784 <form method="post" action="index.php"> 3785 <div> 3786 3787 <input type="hidden" name="action" value="templateupdate" /> 3788 <?php $manager->addTicketHidden() ?> 3789 <input type="hidden" name="templateid" value="<?php echo $templateid; ?>" /> 3790 3791 <table><tr> 3792 <th colspan="2"><?php echo _TEMPLATE_SETTINGS?></th> 3793 </tr><tr> 3794 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 3795 <td><input name="tname" tabindex="4" size="20" maxlength="20" value="<?php echo htmlspecialchars($templatename) ?>" /></td> 3796 </tr><tr> 3797 <td><?php echo _TEMPLATE_DESC?></td> 3798 <td><input name="tdesc" tabindex="5" size="50" maxlength="200" value="<?php echo htmlspecialchars($templatedescription) ?>" /></td> 3799 </tr><tr> 3800 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 3801 </tr><tr> 3802 <td><?php echo _TEMPLATE_UPDATE?></td> 3803 <td> 3804 <input type="submit" tabindex="6" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 3805 <input type="reset" tabindex="7" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 3806 </td> 3807 </tr><tr> 3808 <th colspan="2"><?php echo _TEMPLATE_ITEMS?> <?php help('templateitems'); ?></th> 3809 <?php $this->_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); 3810 $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); 3811 $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); 3812 $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); 3813 $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); 3814 $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); 3815 ?> 3816 </tr><tr> 3817 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_ANY?> <?php help('templatecomments'); ?></th> 3818 <?php $this->_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); 3819 $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); 3820 $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); 3821 $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); 3822 $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); 3823 $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); 3824 $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); 3825 ?> 3826 </tr><tr> 3827 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_NONE?> <?php help('templatecomments'); ?></th> 3828 <?php 3829 $this->_templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); 3830 ?> 3831 </tr><tr> 3832 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_TOOMUCH?> <?php help('templatecomments'); ?></th> 3833 <?php $this->_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); 3834 ?> 3835 </tr><tr> 3836 <th colspan="2"><?php echo _TEMPLATE_ARCHIVELIST?> <?php help('templatearchivelists'); ?></th> 3837 <?php $this->_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); 3838 $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); 3839 $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); 3840 ?> 3841 </tr><tr> 3842 <th colspan="2"><?php echo _TEMPLATE_BLOGLIST?> <?php help('templatebloglists'); ?></th> 3843 <?php $this->_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160); 3844 $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170); 3845 $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180); 3846 ?> 3847 </tr><tr> 3848 <th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th> 3849 <?php $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190); 3850 $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200); 3851 $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210); 3852 ?> 3853 </tr><tr> 3854 <th colspan="2"><?php echo _TEMPLATE_DATETIME?></th> 3855 <?php $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220); 3856 $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230); 3857 $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240); 3858 $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250); 3859 $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260); 3860 ?> 3861 </tr><tr> 3862 <th colspan="2"><?php echo _TEMPLATE_IMAGE?> <?php help('templatepopups'); ?></th> 3863 <?php $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270); 3864 $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280); 3865 $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290); 3866 ?> 3867 </tr><tr> 3868 <th colspan="2"><?php echo _TEMPLATE_SEARCH?></th> 3869 <?php $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300); 3870 $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310); 3871 ?> 3872 </tr><tr> 3873 <th colspan="2"><?php echo _TEMPLATE_PLUGIN_FIELDS?></th> 3874 <?php 3875 $tab = 600; 3876 $pluginfields = array(); 3877 $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields)); 3878 3879 foreach ($pluginfields as $pfkey=>$pfvalue) { 3880 echo "</tr><tr>\n"; 3881 echo '<th colspan="2">'.htmlentities($pfkey)."</th>\n"; 3882 foreach ($pfvalue as $pffield=>$pfdesc) { 3883 $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0); 3884 } 3885 } 3886 ?> 3887 </tr><tr> 3888 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 3889 </tr><tr> 3890 <td><?php echo _TEMPLATE_UPDATE?></td> 3891 <td> 3892 <input type="submit" tabindex="800" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 3893 <input type="reset" tabindex="810" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 3894 </td> 3895 </tr></table> 3896 3897 </div> 3898 </form> 3899 <?php 3900 $this->pagefoot(); 3901 } 3902 3903 /** 3904 * @todo document this 3905 */ 3906 function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { 3907 static $count = 1; 3908 if (!isset($template[$name])) $template[$name] = ''; 3909 ?> 3910 </tr><tr> 3911 <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td> 3912 <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo htmlspecialchars($template[$name]); ?></textarea></td> 3913 <?php $count++; 3914 } 3915 3916 /** 3917 * @todo document this 3918 */ 3919 function action_templateupdate() { 3920 global $member,$manager; 3921 3922 $templateid = intRequestVar('templateid'); 3923 3924 $member->isAdmin() or $this->disallow(); 3925 3926 $name = postVar('tname'); 3927 $desc = postVar('tdesc'); 3928 3929 if (!isValidTemplateName($name)) 3930 $this->error(_ERROR_BADTEMPLATENAME); 3931 3932 if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name)) 3933 $this->error(_ERROR_DUPTEMPLATENAME); 3934 3935 3936 $name = addslashes($name); 3937 $desc = addslashes($desc); 3938 3939 // 1. Remove all template parts 3940 $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid; 3941 sql_query($query); 3942 3943 // 2. Update description 3944 $query = 'UPDATE '.sql_table('template_desc').' SET' 3945 . " tdname='" . $name . "'," 3946 . " tddesc='" . $desc . "'" 3947 . " WHERE tdnumber=" . $templateid; 3948 sql_query($query); 3949 3950 // 3. Add non-empty template parts 3951 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); 3952 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM')); 3953 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER')); 3954 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK')); 3955 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); 3956 $this->addToTemplate($templateid, 'NEW', postVar('NEW')); 3957 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER')); 3958 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY')); 3959 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER')); 3960 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED')); 3961 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH')); 3962 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH')); 3963 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE')); 3964 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY')); 3965 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE')); 3966 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER')); 3967 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM')); 3968 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER')); 3969 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER')); 3970 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM')); 3971 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER')); 3972 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER')); 3973 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM')); 3974 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER')); 3975 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER')); 3976 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER')); 3977 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE')); 3978 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME')); 3979 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE')); 3980 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT')); 3981 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND')); 3982 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE')); 3983 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE')); 3984 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE')); 3985 3986 $pluginfields = array(); 3987 $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields)); 3988 foreach ($pluginfields as $pfkey=>$pfvalue) { 3989 foreach ($pfvalue as $pffield=>$pfdesc) { 3990 $this->addToTemplate($templateid, $pffield, postVar($pffield)); 3991 } 3992 } 3993 3994 // jump back to template edit 3995 $this->action_templateedit(_TEMPLATE_UPDATED); 3996 3997 } 3998 3999 /** 4000 * @todo document this 4001 */ 4002 function addToTemplate($id, $partname, $content) { 4003 $partname = addslashes($partname); 4004 $content = addslashes($content); 4005 4006 $id = intval($id); 4007 4008 // don't add empty parts: 4009 if (!trim($content)) return -1; 4010 4011 $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) " 4012 . "VALUES ($id, '$partname', '$content')"; 4013 sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error()); 4014 return sql_insert_id(); 4015 } 4016 4017 /** 4018 * @todo document this 4019 */ 4020 function action_templatedelete() { 4021 global $member, $manager; 4022 4023 $member->isAdmin() or $this->disallow(); 4024 4025 $templateid = intRequestVar('templateid'); 4026 // TODO: check if template can be deleted 4027 4028 $this->pagehead(); 4029 4030 $name = TEMPLATE::getNameFromId($templateid); 4031 $desc = TEMPLATE::getDesc($templateid); 4032 4033 ?> 4034 <h2><?php echo _DELETE_CONFIRM?></h2> 4035 4036 <p> 4037 <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo htmlspecialchars($name)?></b> (<?php echo htmlspecialchars($desc) ?>) 4038 </p> 4039 4040 <form method="post" action="index.php"><div> 4041 <input type="hidden" name="action" value="templatedeleteconfirm" /> 4042 <?php $manager->addTicketHidden() ?> 4043 <input type="hidden" name="templateid" value="<?php echo $templateid ?>" /> 4044 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 4045 </div></form> 4046 <?php 4047 $this->pagefoot(); 4048 } 4049 4050 /** 4051 * @todo document this 4052 */ 4053 function action_templatedeleteconfirm() { 4054 global $member, $manager; 4055 4056 $templateid = intRequestVar('templateid'); 4057 4058 $member->isAdmin() or $this->disallow(); 4059 4060 $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); 4061 4062 // 1. delete description 4063 sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); 4064 4065 // 2. delete parts 4066 sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); 4067 4068 $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); 4069 4070 $this->action_templateoverview(); 4071 } 4072 4073 /** 4074 * @todo document this 4075 */ 4076 function action_templatenew() { 4077 global $member; 4078 4079 $member->isAdmin() or $this->disallow(); 4080 4081 $name = postVar('name'); 4082 $desc = postVar('desc'); 4083 4084 if (!isValidTemplateName($name)) 4085 $this->error(_ERROR_BADTEMPLATENAME); 4086 4087 if (TEMPLATE::exists($name)) 4088 $this->error(_ERROR_DUPTEMPLATENAME); 4089 4090 $newTemplateId = TEMPLATE::createNew($name, $desc); 4091 4092 $this->action_templateoverview(); 4093 } 4094 4095 /** 4096 * @todo document this 4097 */ 4098 function action_templateclone() { 4099 global $member; 4100 4101 $templateid = intRequestVar('templateid'); 4102 4103 $member->isAdmin() or $this->disallow(); 4104 4105 // 1. read old template 4106 $name = TEMPLATE::getNameFromId($templateid); 4107 $desc = TEMPLATE::getDesc($templateid); 4108 4109 // 2. create desc thing 4110 $name = "cloned" . $name; 4111 4112 // if a template with that name already exists: 4113 if (TEMPLATE::exists($name)) { 4114 $i = 1; 4115 while (TEMPLATE::exists($name . $i)) 4116 $i++; 4117 $name .= $i; 4118 } 4119 4120 $newid = TEMPLATE::createNew($name, $desc); 4121 4122 // 3. create clone 4123 // go through parts of old template and add them to the new one 4124 $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); 4125 while ($o = sql_fetch_object($res)) { 4126 $this->addToTemplate($newid, $o->tpartname, $o->tcontent); 4127 } 4128 4129 $this->action_templateoverview(); 4130 } 4131 4132 /** 4133 * @todo document this 4134 */ 4135 function action_skinoverview() { 4136 global $member, $manager; 4137 4138 $member->isAdmin() or $this->disallow(); 4139 4140 $this->pagehead(); 4141 4142 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 4143 4144 echo '<h2>' . _SKIN_EDIT_TITLE . '</h2>'; 4145 4146 echo '<h3>' . _SKIN_AVAILABLE_TITLE . '</h3>'; 4147 4148 $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname'; 4149 $template['content'] = 'skinlist'; 4150 $template['tabindex'] = 10; 4151 showlist($query,'table',$template); 4152 4153 echo '<h3>' . _SKIN_NEW_TITLE . '</h3>'; 4154 4155 ?> 4156 <form method="post" action="index.php"> 4157 <div> 4158 4159 <input name="action" value="skinnew" type="hidden" /> 4160 <?php $manager->addTicketHidden() ?> 4161 <table><tr> 4162 <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td> 4163 <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td> 4164 </tr><tr> 4165 <td><?php echo _SKIN_DESC?></td> 4166 <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td> 4167 </tr><tr> 4168 <td><?php echo _SKIN_CREATE?></td> 4169 <td><input type="submit" tabindex="10030" value="<?php echo _SKIN_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 4170 </tr></table> 4171 4172 </div> 4173 </form> 4174 4175 <?php 4176 $this->pagefoot(); 4177 } 4178 4179 /** 4180 * @todo document this 4181 */ 4182 function action_skinnew() { 4183 global $member; 4184 4185 $member->isAdmin() or $this->disallow(); 4186 4187 $name = trim(postVar('name')); 4188 $desc = trim(postVar('desc')); 4189 4190 if (!isValidSkinName($name)) 4191 $this->error(_ERROR_BADSKINNAME); 4192 4193 if (SKIN::exists($name)) 4194 $this->error(_ERROR_DUPSKINNAME); 4195 4196 $newId = SKIN::createNew($name, $desc); 4197 4198 $this->action_skinoverview(); 4199 } 4200 4201 /** 4202 * @todo document this 4203 */ 4204 function action_skinedit() { 4205 global $member, $manager; 4206 4207 $skinid = intRequestVar('skinid'); 4208 4209 $member->isAdmin() or $this->disallow(); 4210 4211 $skin =& new SKIN($skinid); 4212 4213 $this->pagehead(); 4214 ?> 4215 <p> 4216 <a href="index.php?action=skinoverview">(<?php echo _SKIN_BACK?>)</a> 4217 </p> 4218 <h2><?php echo _SKIN_EDITONE_TITLE?> '<?php echo $skin->getName() ?>'</h2> 4219 4220 <h3><?php echo _SKIN_PARTS_TITLE?></h3> 4221 <?php echo _SKIN_PARTS_MSG?> 4222 <ul> 4223 <li><a tabindex="10" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=index"><?php echo _SKIN_PART_MAIN?></a> <?php help('skinpartindex')?></li> 4224 <li><a tabindex="20" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=item"><?php echo _SKIN_PART_ITEM?></a> <?php help('skinpartitem')?></li> 4225 <li><a tabindex="30" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=archivelist"><?php echo _SKIN_PART_ALIST?></a> <?php help('skinpartarchivelist')?></li> 4226 <li><a tabindex="40" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=archive"><?php echo _SKIN_PART_ARCHIVE?></a> <?php help('skinpartarchive')?></li> 4227 <li><a tabindex="50" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=search"><?php echo _SKIN_PART_SEARCH?></a> <?php help('skinpartsearch')?></li> 4228 <li><a tabindex="60" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=error"><?php echo _SKIN_PART_ERROR?></a> <?php help('skinparterror')?></li> 4229 <li><a tabindex="70" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=member"><?php echo _SKIN_PART_MEMBER?></a> <?php help('skinpartmember')?></li> 4230 <li><a tabindex="75" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=imagepopup"><?php echo _SKIN_PART_POPUP?></a> <?php help('skinpartimagepopup')?></li> 4231 </ul> 4232 4233 <?php 4234 4235 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE stype NOT IN ('index', 'item', 'error', 'search', 'archive', 'archivelist', 'imagepopup', 'member') and sdesc = " . $skinid; 4236 $res = sql_query($query); 4237 4238 echo '<h3>' . _SKIN_PARTS_SPECIAL . '</h3>'; 4239 echo '<form method="get" action="index.php">' . "\r\n"; 4240 echo '<input type="hidden" name="action" value="skinedittype" />' . "\r\n"; 4241 echo '<input type="hidden" name="skinid" value="' . $skinid . '" />' . "\r\n"; 4242 echo '<input name="type" tabindex="89" size="20" maxlength="20" />' . "\r\n"; 4243 echo '<input type="submit" tabindex="140" value="' . _SKIN_CREATE . '" onclick="return checkSubmit();" />' . "\r\n"; 4244 echo '</form>' . "\r\n"; 4245 4246 if ($res && sql_num_rows($res) > 0) { 4247 echo '<ul>'; 4248 $tabstart = 75; 4249 4250 while ($row = sql_fetch_assoc($res)) { 4251 echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">remove</a>)</li>'; 4252 } 4253 4254 echo '</ul>'; 4255 } 4256 4257 ?> 4258 4259 <h3><?php echo _SKIN_GENSETTINGS_TITLE; ?></h3> 4260 <form method="post" action="index.php"> 4261 <div> 4262 4263 <input type="hidden" name="action" value="skineditgeneral" /> 4264 <?php $manager->addTicketHidden() ?> 4265 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 4266 <table><tr> 4267 <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td> 4268 <td><input name="name" tabindex="90" value="<?php echo htmlspecialchars($skin->getName()) ?>" maxlength="20" size="20" /></td> 4269 </tr><tr> 4270 <td><?php echo _SKIN_DESC?></td> 4271 <td><input name="desc" tabindex="100" value="<?php echo htmlspecialchars($skin->getDescription()) ?>" maxlength="200" size="50" /></td> 4272 </tr><tr> 4273 <td><?php echo _SKIN_TYPE?></td> 4274 <td><input name="type" tabindex="110" value="<?php echo htmlspecialchars($skin->getContentType()) ?>" maxlength="40" size="20" /></td> 4275 </tr><tr> 4276 <td><?php echo _SKIN_INCLUDE_MODE?> <?php help('includemode')?></td> 4277 <td><?php $this->input_yesno('inc_mode',$skin->getIncludeMode(),120,'skindir','normal',_PARSER_INCMODE_SKINDIR,_PARSER_INCMODE_NORMAL);?></td> 4278 </tr><tr> 4279 <td><?php echo _SKIN_INCLUDE_PREFIX?> <?php help('includeprefix')?></td> 4280 <td><input name="inc_prefix" tabindex="130" value="<?php echo htmlspecialchars($skin->getIncludePrefix()) ?>" maxlength="40" size="20" /></td> 4281 </tr><tr> 4282 <td><?php echo _SKIN_CHANGE?></td> 4283 <td><input type="submit" tabindex="140" value="<?php echo _SKIN_CHANGE_BTN?>" onclick="return checkSubmit();" /></td> 4284 </tr></table> 4285 4286 </div> 4287 </form> 4288 4289 4290 <?php $this->pagefoot(); 4291 } 4292 4293 /** 4294 * @todo document this 4295 */ 4296 function action_skineditgeneral() { 4297 global $member; 4298 4299 $skinid = intRequestVar('skinid'); 4300 4301 $member->isAdmin() or $this->disallow(); 4302 4303 $name = postVar('name'); 4304 $desc = postVar('desc'); 4305 $type = postVar('type'); 4306 $inc_mode = postVar('inc_mode'); 4307 $inc_prefix = postVar('inc_prefix'); 4308 4309 $skin =& new SKIN($skinid); 4310 4311 // 1. Some checks 4312 if (!isValidSkinName($name)) 4313 $this->error(_ERROR_BADSKINNAME); 4314 4315 if (($skin->getName() != $name) && SKIN::exists($name)) 4316 $this->error(_ERROR_DUPSKINNAME); 4317 4318 if (!$type) $type = 'text/html'; 4319 if (!$inc_mode) $inc_mode = 'normal'; 4320 4321 // 2. Update description 4322 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix); 4323 4324 $this->action_skinedit(); 4325 4326 } 4327 4328 /** 4329 * @todo document this 4330 */ 4331 function action_skinedittype($msg = '') { 4332 global $member, $manager; 4333 4334 $skinid = intRequestVar('skinid'); 4335 $type = requestVar('type'); 4336 4337 $member->isAdmin() or $this->disallow(); 4338 4339 $type = trim($type); 4340 $type = strtolower($type); 4341 4342 if (!isValidShortName($type)) { 4343 $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT); 4344 } 4345 4346 $skin =& new SKIN($skinid); 4347 4348 $friendlyNames = SKIN::getFriendlyNames(); 4349 4350 $this->pagehead(); 4351 ?> 4352 <p>(<a href="index.php?action=skinoverview"><?php echo _SKIN_GOBACK?></a>)</p> 4353 4354 <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2> 4355 4356 <?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>"; 4357 ?> 4358 4359 4360 <form method="post" action="index.php"> 4361 <div> 4362 4363 <input type="hidden" name="action" value="skinupdate" /> 4364 <?php $manager->addTicketHidden() ?> 4365 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 4366 <input type="hidden" name="type" value="<?php echo $type ?>" /> 4367 4368 <input type="submit" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" /> 4369 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" /> 4370 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>) 4371 <?php if (in_array($type, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 4372 help('skinpart' . $type); 4373 } else { 4374 help('skinpartspecial'); 4375 }?> 4376 <br /> 4377 4378 <textarea class="skinedit" tabindex="10" rows="20" cols="80" name="content"><?php echo htmlspecialchars($skin->getContent($type)) ?></textarea> 4379 4380 <br /> 4381 <input type="submit" tabindex="20" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" /> 4382 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" /> 4383 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>) 4384 4385 <br /><br /> 4386 <?php echo _SKIN_ALLOWEDVARS?> 4387 <?php $actions = SKIN::getAllowedActionsForType($type); 4388 4389 sort($actions); 4390 4391 while ($current = array_shift($actions)) { 4392 // skip deprecated vars 4393 if ($current == 'ifcat') continue; 4394 if ($current == 'imagetext') continue; 4395 if ($current == 'vars') continue; 4396 4397 echo helplink('skinvar-' . $current) . "$current</a>"; 4398 if (count($actions) != 0) echo ", "; 4399 } 4400 echo '<br /><br />' . _SKINEDIT_ALLOWEDBLOGS; 4401 $query = 'SELECT bshortname, bname FROM '.sql_table('blog'); 4402 showlist($query,'table',array('content'=>'shortblognames')); 4403 echo '<br />' . _SKINEDIT_ALLOWEDTEMPLATESS; 4404 $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc'); 4405 showlist($query,'table',array('content'=>'shortnames')); 4406 echo '</div></form>'; 4407 $this->pagefoot(); 4408 } 4409 4410 /** 4411 * @todo document this 4412 */ 4413 function action_skinupdate() { 4414 global $member; 4415 4416 $skinid = intRequestVar('skinid'); 4417 $content = trim(postVar('content')); 4418 $type = postVar('type'); 4419 4420 $member->isAdmin() or $this->disallow(); 4421 4422 $skin =& new SKIN($skinid); 4423 $skin->update($type, $content); 4424 4425 $this->action_skinedittype(_SKIN_UPDATED); 4426 } 4427 4428 /** 4429 * @todo document this 4430 */ 4431 function action_skindelete() { 4432 global $member, $manager, $CONF; 4433 4434 $skinid = intRequestVar('skinid'); 4435 4436 $member->isAdmin() or $this->disallow(); 4437 4438 // don't allow default skin to be deleted 4439 if ($skinid == $CONF['BaseSkin']) 4440 $this->error(_ERROR_DEFAULTSKIN); 4441 4442 // don't allow deletion of default skins for blogs 4443 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; 4444 $r = sql_query($query); 4445 if ($o = sql_fetch_object($r)) 4446 $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname)); 4447 4448 $this->pagehead(); 4449 4450 $skin =& new SKIN($skinid); 4451 $name = $skin->getName(); 4452 $desc = $skin->getDescription(); 4453 4454 ?> 4455 <h2><?php echo _DELETE_CONFIRM?></h2> 4456 4457 <p> 4458 <?php echo _CONFIRMTXT_SKIN?><b><?php echo htmlspecialchars($name) ?></b> (<?php echo htmlspecialchars($desc)?>) 4459 </p> 4460 4461 <form method="post" action="index.php"><div> 4462 <input type="hidden" name="action" value="skindeleteconfirm" /> 4463 <?php $manager->addTicketHidden() ?> 4464 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 4465 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 4466 </div></form> 4467 <?php 4468 $this->pagefoot(); 4469 } 4470 4471 /** 4472 * @todo document this 4473 */ 4474 function action_skindeleteconfirm() { 4475 global $member, $CONF, $manager; 4476 4477 $skinid = intRequestVar('skinid'); 4478 4479 $member->isAdmin() or $this->disallow(); 4480 4481 // don't allow default skin to be deleted 4482 if ($skinid == $CONF['BaseSkin']) 4483 $this->error(_ERROR_DEFAULTSKIN); 4484 4485 // don't allow deletion of default skins for blogs 4486 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; 4487 $r = sql_query($query); 4488 if ($o = sql_fetch_object($r)) 4489 $this->error(_ERROR_SKINDEFDELETE .$o->bname); 4490 4491 $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); 4492 4493 // 1. delete description 4494 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); 4495 4496 // 2. delete parts 4497 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); 4498 4499 $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); 4500 4501 $this->action_skinoverview(); 4502 } 4503 4504 /** 4505 * @todo document this 4506 */ 4507 function action_skinremovetype() { 4508 global $member, $manager, $CONF; 4509 4510 $skinid = intRequestVar('skinid'); 4511 $skintype = requestVar('type'); 4512 4513 if (!isValidShortName($skintype)) { 4514 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4515 } 4516 4517 $member->isAdmin() or $this->disallow(); 4518 4519 // don't allow default skinparts to be deleted 4520 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 4521 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4522 } 4523 4524 $this->pagehead(); 4525 4526 $skin =& new SKIN($skinid); 4527 $name = $skin->getName(); 4528 $desc = $skin->getDescription(); 4529 4530 ?> 4531 <h2><?php echo _DELETE_CONFIRM?></h2> 4532 4533 <p> 4534 <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo htmlspecialchars($skintype); ?> (<?php echo htmlspecialchars($name); ?>)</b> (<?php echo htmlspecialchars($desc)?>) 4535 </p> 4536 4537 <form method="post" action="index.php"><div> 4538 <input type="hidden" name="action" value="skinremovetypeconfirm" /> 4539 <?php $manager->addTicketHidden() ?> 4540 <input type="hidden" name="skinid" value="<?php echo $skinid; ?>" /> 4541 <input type="hidden" name="type" value="<?php echo htmlspecialchars($skintype); ?>" /> 4542 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 4543 </div></form> 4544 <?php 4545 $this->pagefoot(); 4546 } 4547 4548 /** 4549 * @todo document this 4550 */ 4551 function action_skinremovetypeconfirm() { 4552 global $member, $CONF, $manager; 4553 4554 $skinid = intRequestVar('skinid'); 4555 $skintype = requestVar('type'); 4556 4557 if (!isValidShortName($skintype)) { 4558 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4559 } 4560 4561 $member->isAdmin() or $this->disallow(); 4562 4563 // don't allow default skinparts to be deleted 4564 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 4565 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 4566 } 4567 4568 $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); 4569 4570 // delete part 4571 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\''); 4572 4573 $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); 4574 4575 $this->action_skinedit(); 4576 } 4577 4578 /** 4579 * @todo document this 4580 */ 4581 function action_skinclone() { 4582 global $member; 4583 4584 $skinid = intRequestVar('skinid'); 4585 4586 $member->isAdmin() or $this->disallow(); 4587 4588 // 1. read skin to clone 4589 $skin =& new SKIN($skinid); 4590 4591 $name = "clone_" . $skin->getName(); 4592 4593 // if a skin with that name already exists: 4594 if (SKIN::exists($name)) { 4595 $i = 1; 4596 while (SKIN::exists($name . $i)) 4597 $i++; 4598 $name .= $i; 4599 } 4600 4601 // 2. create skin desc 4602 $newid = SKIN::createNew( 4603 $name, 4604 $skin->getDescription(), 4605 $skin->getContentType(), 4606 $skin->getIncludeMode(), 4607 $skin->getIncludePrefix() 4608 ); 4609 4610 4611 // 3. clone 4612 /* 4613 $this->skinclonetype($skin, $newid, 'index'); 4614 $this->skinclonetype($skin, $newid, 'item'); 4615 $this->skinclonetype($skin, $newid, 'archivelist'); 4616 $this->skinclonetype($skin, $newid, 'archive'); 4617 $this->skinclonetype($skin, $newid, 'search'); 4618 $this->skinclonetype($skin, $newid, 'error'); 4619 $this->skinclonetype($skin, $newid, 'member'); 4620 $this->skinclonetype($skin, $newid, 'imagepopup'); 4621 */ 4622 4623 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid; 4624 $res = sql_query($query); 4625 while ($row = sql_fetch_assoc($res)) { 4626 $this->skinclonetype($skin, $newid, $row['stype']); 4627 } 4628 4629 $this->action_skinoverview(); 4630 4631 } 4632 4633 /** 4634 * @todo document this 4635 */ 4636 function skinclonetype($skin, $newid, $type) { 4637 $newid = intval($newid); 4638 $content = $skin->getContent($type); 4639 if ($content) { 4640 $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". addslashes($content)."', '". addslashes($type)."')"; 4641 sql_query($query); 4642 } 4643 } 4644 4645 /** 4646 * @todo document this 4647 */ 4648 function action_settingsedit() { 4649 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; 4650 4651 $member->isAdmin() or $this->disallow(); 4652 4653 $this->pagehead(); 4654 4655 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 4656 ?> 4657 4658 <h2><?php echo _SETTINGS_TITLE?></h2> 4659 4660 <form action="index.php" method="post"> 4661 <div> 4662 4663 <input type="hidden" name="action" value="settingsupdate" /> 4664 <?php $manager->addTicketHidden() ?> 4665 4666 <table><tr> 4667 <th colspan="2"><?php echo _SETTINGS_SUB_GENERAL?></th> 4668 </tr><tr> 4669 <td><?php echo _SETTINGS_DEFBLOG?> <?php help('defaultblog'); ?></td> 4670 <td> 4671 <?php 4672 $query = 'SELECT bname as text, bnumber as value' 4673 . ' FROM '.sql_table('blog'); 4674 $template['name'] = 'DefaultBlog'; 4675 $template['selected'] = $CONF['DefaultBlog']; 4676 $template['tabindex'] = 10; 4677 showlist($query,'select',$template); 4678 ?> 4679 </td> 4680 </tr><tr> 4681 <td><?php echo _SETTINGS_BASESKIN?> <?php help('baseskin'); ?></td> 4682 <td> 4683 <?php 4684 $query = 'SELECT sdname as text, sdnumber as value' 4685 . ' FROM '.sql_table('skin_desc'); 4686 $template['name'] = 'BaseSkin'; 4687 $template['selected'] = $CONF['BaseSkin']; 4688 $template['tabindex'] = 1; 4689 showlist($query,'select',$template); 4690 ?> 4691 </td> 4692 </tr><tr> 4693 <td><?php echo _SETTINGS_ADMINMAIL?></td> 4694 <td><input name="AdminEmail" tabindex="10010" size="40" value="<?php echo htmlspecialchars($CONF['AdminEmail']) ?>" /></td> 4695 </tr><tr> 4696 <td><?php echo _SETTINGS_SITENAME?></td> 4697 <td><input name="SiteName" tabindex="10020" size="40" value="<?php echo htmlspecialchars($CONF['SiteName']) ?>" /></td> 4698 </tr><tr> 4699 <td><?php echo _SETTINGS_SITEURL?></td> 4700 <td><input name="IndexURL" tabindex="10030" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL']) ?>" /></td> 4701 </tr><tr> 4702 <td><?php echo _SETTINGS_ADMINURL?></td> 4703 <td><input name="AdminURL" tabindex="10040" size="40" value="<?php echo htmlspecialchars($CONF['AdminURL']) ?>" /></td> 4704 </tr><tr> 4705 <td><?php echo _SETTINGS_PLUGINURL?> <?php help('pluginurl');?></td> 4706 <td><input name="PluginURL" tabindex="10045" size="40" value="<?php echo htmlspecialchars($CONF['PluginURL']) ?>" /></td> 4707 </tr><tr> 4708 <td><?php echo _SETTINGS_SKINSURL?> <?php help('skinsurl');?></td> 4709 <td><input name="SkinsURL" tabindex="10046" size="40" value="<?php echo htmlspecialchars($CONF['SkinsURL']) ?>" /></td> 4710 </tr><tr> 4711 <td><?php echo _SETTINGS_ACTIONSURL?> <?php help('actionurl');?></td> 4712 <td><input name="ActionURL" tabindex="10047" size="40" value="<?php echo htmlspecialchars($CONF['ActionURL']) ?>" /></td> 4713 </tr><tr> 4714 <td><?php echo _SETTINGS_LANGUAGE?> <?php help('language'); ?> 4715 </td> 4716 <td> 4717 4718 <select name="Language" tabindex="10050"> 4719 <?php // show a dropdown list of all available languages 4720 global $DIR_LANG; 4721 $dirhandle = opendir($DIR_LANG); 4722 while ($filename = readdir($dirhandle)) { 4723 if (ereg("^(.*)\.php$",$filename,$matches)) { 4724 $name = $matches[1]; 4725 echo "<option value='$name'"; 4726 if ($name == $CONF['Language']) 4727 echo " selected='selected'"; 4728 echo ">$name</option>"; 4729 } 4730 } 4731 closedir($dirhandle); 4732 4733 ?> 4734 </select> 4735 4736 </td> 4737 </tr><tr> 4738 <td><?php echo _SETTINGS_DISABLESITE?> <?php help('disablesite'); ?> 4739 </td> 4740 <td><?php $this->input_yesno('DisableSite',$CONF['DisableSite'],10060); ?> 4741 <br /> 4742 <?php echo _SETTINGS_DISABLESITEURL ?> <input name="DisableSiteURL" tabindex="10070" size="40" value="<?php echo htmlspecialchars($CONF['DisableSiteURL'])?>" /> 4743 </td> 4744 </tr><tr> 4745 <td><?php echo _SETTINGS_DIRS?></td> 4746 <td><?php echo htmlspecialchars($DIR_NUCLEUS) ?> 4747 <i><?php echo _SETTINGS_SEECONFIGPHP?></i></td> 4748 </tr><tr> 4749 <td><?php echo _SETTINGS_DBLOGIN?></td> 4750 <td><i><?php echo _SETTINGS_SEECONFIGPHP?></i></td> 4751 </tr><tr> 4752 <td> 4753 <?php 4754 echo _SETTINGS_JSTOOLBAR 4755 /* =_SETTINGS_DISABLEJS 4756 4757 I temporary changed the meaning of DisableJsTools, until I can find a good 4758 way to select the javascript version to use 4759 4760 now, its: 4761 0 : IE 4762 1 : all javascript disabled 4763 2 : 'simpler' javascript (for mozilla/opera/mac) 4764 */ 4765 ?> 4766 </td> 4767 <td><?php /* $this->input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?> 4768 <select name="DisableJsTools" tabindex="10075"> 4769 <?php $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : ''; 4770 echo "<option $extra value='1'>",_SETTINGS_JSTOOLBAR_NONE,"</option>"; 4771 $extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : ''; 4772 echo "<option $extra value='2'>",_SETTINGS_JSTOOLBAR_SIMPLE,"</option>"; 4773 $extra = ($CONF['DisableJsTools'] == 0) ? 'selected="selected"' : ''; 4774 echo "<option $extra value='0'>",_SETTINGS_JSTOOLBAR_FULL,"</option>"; 4775 ?> 4776 </select> 4777 </td> 4778 </tr><tr> 4779 <td><?php echo _SETTINGS_URLMODE?> <?php help('urlmode');?></td> 4780 <td><?php 4781 4782 $this->input_yesno('URLMode',$CONF['URLMode'],10077, 4783 'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO); 4784 4785 echo ' ', _SETTINGS_URLMODE_HELP; 4786 4787 ?> 4788 4789 </td> 4790 </tr><tr> 4791 <td><?php echo _SETTINGS_DEBUGVARS?> <?php help('debugvars');?></td> 4792 <td><?php 4793 4794 $this->input_yesno('DebugVars',$CONF['DebugVars'],10078); 4795 4796 ?> 4797 4798 </td> 4799 </tr><tr> 4800 <td><?php echo _SETTINGS_DEFAULTLISTSIZE?> <?php help('defaultlistsize');?></td> 4801 <td> 4802 <?php 4803 if (!array_key_exists('DefaultListSize',$CONF)) { 4804 sql_query("INSERT INTO ".sql_table('config')." VALUES ('DefaultListSize', '10')"); 4805 $CONF['DefaultListSize'] = 10; 4806 } 4807 ?> 4808 <input name="DefaultListSize" tabindex="10079" size="40" value="<?php echo htmlspecialchars((intval($CONF['DefaultListSize']) < 1 ? '10' : $CONF['DefaultListSize'])) ?>" /> 4809 </td> 4810 </tr><tr> 4811 <th colspan="2"><?php echo _SETTINGS_MEDIA?> <?php help('media'); ?></th> 4812 </tr><tr> 4813 <td><?php echo _SETTINGS_MEDIADIR?></td> 4814 <td><?php echo htmlspecialchars($DIR_MEDIA) ?> 4815 <i><?php echo _SETTINGS_SEECONFIGPHP?></i> 4816 <?php if (!is_dir($DIR_MEDIA)) 4817 echo "<br /><b>" . _WARNING_NOTADIR . "</b>"; 4818 if (!is_readable($DIR_MEDIA)) 4819 echo "<br /><b>" . _WARNING_NOTREADABLE . "</b>"; 4820 if (!is_writeable($DIR_MEDIA)) 4821 echo "<br /><b>" . _WARNING_NOTWRITABLE . "</b>"; 4822 ?> 4823 </td> 4824 </tr><tr> 4825 <td><?php echo _SETTINGS_MEDIAURL?></td> 4826 <td> 4827 <input name="MediaURL" tabindex="10080" size="40" value="<?php echo htmlspecialchars($CONF['MediaURL']) ?>" /> 4828 </td> 4829 </tr><tr> 4830 <td><?php echo _SETTINGS_ALLOWUPLOAD?></td> 4831 <td><?php $this->input_yesno('AllowUpload',$CONF['AllowUpload'],10090); ?></td> 4832 </tr><tr> 4833 <td><?php echo _SETTINGS_ALLOWUPLOADTYPES?></td> 4834 <td> 4835 <input name="AllowedTypes" tabindex="10100" size="40" value="<?php echo htmlspecialchars($CONF['AllowedTypes']) ?>" /> 4836 </td> 4837 </tr><tr> 4838 <td><?php echo _SETTINGS_MAXUPLOADSIZE?></td> 4839 <td> 4840 <input name="MaxUploadSize" tabindex="10105" size="40" value="<?php echo htmlspecialchars($CONF['MaxUploadSize']) ?>" /> 4841 </td> 4842 </tr><tr> 4843 <td><?php echo _SETTINGS_MEDIAPREFIX?></td> 4844 <td><?php $this->input_yesno('MediaPrefix',$CONF['MediaPrefix'],10110); ?></td> 4845 4846 </tr><tr> 4847 <th colspan="2"><?php echo _SETTINGS_MEMBERS?></th> 4848 </tr><tr> 4849 <td><?php echo _SETTINGS_CHANGELOGIN?></td> 4850 <td><?php $this->input_yesno('AllowLoginEdit',$CONF['AllowLoginEdit'],10120); ?></td> 4851 </tr><tr> 4852 <td><?php echo _SETTINGS_ALLOWCREATE?> 4853 <?php help('allowaccountcreation'); ?> 4854 </td> 4855 <td><?php $this->input_yesno('AllowMemberCreate',$CONF['AllowMemberCreate'],10130); ?> 4856 </td> 4857 </tr><tr> 4858 <td><?php echo _SETTINGS_NEWLOGIN?> <?php help('allownewmemberlogin'); ?> 4859 <br /><?php echo _SETTINGS_NEWLOGIN2?> 4860 </td> 4861 <td><?php $this->input_yesno('NewMemberCanLogon',$CONF['NewMemberCanLogon'],10140); ?> 4862 </td> 4863 </tr><tr> 4864 <td><?php echo _SETTINGS_MEMBERMSGS?> 4865 <?php help('messageservice'); ?> 4866 </td> 4867 <td><?php $this->input_yesno('AllowMemberMail',$CONF['AllowMemberMail'],10150); ?> 4868 </td> 4869 </tr><tr> 4870 <td><?php echo _SETTINGS_NONMEMBERMSGS?> 4871 <?php help('messageservice'); ?> 4872 </td> 4873 <td><?php $this->input_yesno('NonmemberMail',$CONF['NonmemberMail'],10155); ?> 4874 </td> 4875 </tr><tr> 4876 <td><?php echo _SETTINGS_PROTECTMEMNAMES?> 4877 <?php help('protectmemnames'); ?> 4878 </td> 4879 <td><?php $this->input_yesno('ProtectMemNames',$CONF['ProtectMemNames'],10156); ?> 4880 </td> 4881 4882 4883 4884 </tr><tr> 4885 <th colspan="2"><?php echo _SETTINGS_COOKIES_TITLE?> <?php help('cookies'); ?></th> 4886 </tr><tr> 4887 <td><?php echo _SETTINGS_COOKIEPREFIX?></td> 4888 <td><input name="CookiePrefix" tabindex="10159" size="40" value="<?php echo htmlspecialchars($CONF['CookiePrefix'])?>" /></td> 4889 </tr><tr> 4890 <td><?php echo _SETTINGS_COOKIEDOMAIN?></td> 4891 <td><input name="CookieDomain" tabindex="10160" size="40" value="<?php echo htmlspecialchars($CONF['CookieDomain'])?>" /></td> 4892 </tr><tr> 4893 <td><?php echo _SETTINGS_COOKIEPATH?></td> 4894 <td><input name="CookiePath" tabindex="10170" size="40" value="<?php echo htmlspecialchars($CONF['CookiePath'])?>" /></td> 4895 </tr><tr> 4896 <td><?php echo _SETTINGS_COOKIESECURE?></td> 4897 <td><?php $this->input_yesno('CookieSecure',$CONF['CookieSecure'],10180); ?></td> 4898 </tr><tr> 4899 <td><?php echo _SETTINGS_COOKIELIFE?></td> 4900 <td><?php $this->input_yesno('SessionCookie',$CONF['SessionCookie'],10190, 4901 1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?> 4902 </td> 4903 </tr><tr> 4904 <td><?php echo _SETTINGS_LASTVISIT?></td> 4905 <td><?php $this->input_yesno('LastVisit',$CONF['LastVisit'],10200); ?></td> 4906 4907 4908 4909 </tr><tr> 4910 <th colspan="2"><?php echo _SETTINGS_UPDATE?></th> 4911 </tr><tr> 4912 <td><?php echo _SETTINGS_UPDATE?></td> 4913 <td><input type="submit" tabindex="10210" value="<?php echo _SETTINGS_UPDATE_BTN?>" onclick="return checkSubmit();" /></td> 4914 </tr></table> 4915 4916 </div> 4917 </form> 4918 4919 <?php 4920 echo '<h2>',_PLUGINS_EXTRA,'</h2>'; 4921 4922 $manager->notify( 4923 'GeneralSettingsFormExtras', 4924 array() 4925 ); 4926 4927 $this->pagefoot(); 4928 } 4929 4930 /** 4931 * @todo document this 4932 */ 4933 function action_settingsupdate() { 4934 global $member, $CONF; 4935 4936 $member->isAdmin() or $this->disallow(); 4937 4938 // check if email address for admin is valid 4939 if (!isValidMailAddress(postVar('AdminEmail'))) 4940 $this->error(_ERROR_BADMAILADDRESS); 4941 4942 4943 // save settings 4944 $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); 4945 $this->updateConfig('BaseSkin', postVar('BaseSkin')); 4946 $this->updateConfig('IndexURL', postVar('IndexURL')); 4947 $this->updateConfig('AdminURL', postVar('AdminURL')); 4948 $this->updateConfig('PluginURL', postVar('PluginURL')); 4949 $this->updateConfig('SkinsURL', postVar('SkinsURL')); 4950 $this->updateConfig('ActionURL', postVar('ActionURL')); 4951 $this->updateConfig('Language', postVar('Language')); 4952 $this->updateConfig('AdminEmail', postVar('AdminEmail')); 4953 $this->updateConfig('SessionCookie', postVar('SessionCookie')); 4954 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); 4955 $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); 4956 $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); 4957 $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); 4958 $this->updateConfig('SiteName', postVar('SiteName')); 4959 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon')); 4960 $this->updateConfig('DisableSite', postVar('DisableSite')); 4961 $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); 4962 $this->updateConfig('LastVisit', postVar('LastVisit')); 4963 $this->updateConfig('MediaURL', postVar('MediaURL')); 4964 $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); 4965 $this->updateConfig('AllowUpload', postVar('AllowUpload')); 4966 $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); 4967 $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); 4968 $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); 4969 $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); 4970 $this->updateConfig('CookieDomain', postVar('CookieDomain')); 4971 $this->updateConfig('CookiePath', postVar('CookiePath')); 4972 $this->updateConfig('CookieSecure', postVar('CookieSecure')); 4973 $this->updateConfig('URLMode', postVar('URLMode')); 4974 $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); 4975 $this->updateConfig('DebugVars', postVar('DebugVars')); 4976 $this->updateConfig('DefaultListSize', postVar('DefaultListSize')); 4977 4978 // load new config and redirect (this way, the new language will be used is necessary) 4979 // note that when changing cookie settings, this redirect might cause the user 4980 // to have to log in again. 4981 getConfig(); 4982 redirect($CONF['AdminURL'] . '?action=manage'); 4983 exit; 4984 4985 } 4986 4987 /** 4988 * Give an overview over the used system 4989 */ 4990 function action_systemoverview() { 4991 global $member, $nucleus, $CONF; 4992 4993 $this->pagehead(); 4994 4995 echo '<h2>' . _ADMIN_SYSTEMOVERVIEW_HEADING . "</h2>\n"; 4996 4997 if ($member->isLoggedIn() && $member->isAdmin()) { 4998 4999 // Information about the used PHP and MySQL installation 5000 echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_PHPANDMYSQL . "</h3>\n"; 5001 5002 // Version of PHP MySQL 5003 echo "<table>\n"; 5004 echo "\t<tr>\n"; 5005 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . "</th>\n"; 5006 echo "\t</tr><tr>\n"; 5007 echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . "</td>\n"; 5008 echo "\t\t" . '<td>' . phpversion() . "</td>\n"; 5009 echo "\t</tr><tr>\n"; 5010 echo "\t\t" . '<td>' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . "</td>\n"; 5011 echo "\t\t" . '<td>' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . "</td>\n"; 5012 echo "\t</tr>"; 5013 echo "</table>\n"; 5014 5015 // Important PHP settings 5016 echo "<table>\n"; 5017 echo "\t<tr>\n"; 5018 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . "</th>\n"; 5019 echo "\t</tr><tr>\n"; 5020 echo "\t\t" . '<td width="50%">magic_quotes_gpc' . "</td>\n"; 5021 $mqg = get_magic_quotes_gpc() ? 'On' : 'Off'; 5022 echo "\t\t" . '<td>' . $mqg . "</td>\n"; 5023 echo "\t</tr><tr>\n"; 5024 echo "\t\t" . '<td>magic_quotes_runtime' . "</td>\n"; 5025 $mqr = get_magic_quotes_runtime() ? 'On' : 'Off'; 5026 echo "\t\t" . '<td>' . $mqr . "</td>\n"; 5027 echo "\t</tr><tr>\n"; 5028 echo "\t\t" . '<td>register_globals' . "</td>\n"; 5029 $rg = ini_get('register_globals') ? 'On' : 'Off'; 5030 echo "\t\t" . '<td>' . $rg . "</td>\n"; 5031 echo "\t</tr>"; 5032 echo "</table>\n"; 5033 5034 // Information about GD library 5035 $gdinfo = gd_info(); 5036 echo "<table>\n"; 5037 echo "\t<tr>"; 5038 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . "</th>\n"; 5039 echo "\t</tr>\n"; 5040 foreach ($gdinfo as $key=>$value) { 5041 if (is_bool($value)) { 5042 $value = $value ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE; 5043 } else { 5044 $value = htmlspecialchars($value, ENT_QUOTES); 5045 } 5046 echo "\t<tr>"; 5047 echo "\t\t" . '<td width="50%">' . $key . "</td>\n"; 5048 echo "\t\t" . '<td>' . $value . "</td>\n"; 5049 echo "\t</tr>\n"; 5050 } 5051 echo "</table>\n"; 5052 5053 // Check if special modules are loaded 5054 ob_start(); 5055 phpinfo(INFO_MODULES); 5056 $im = ob_get_contents(); 5057 ob_clean(); 5058 echo "<table>\n"; 5059 echo "\t<tr>"; 5060 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_MODULES . "</th>\n"; 5061 echo "\t</tr><tr>\n"; 5062 echo "\t\t" . '<td width="50%">mod_rewrite' . "</td>\n"; 5063 $modrewrite = (strstr($im, 'mod_rewrite') != '') ? 5064 _ADMIN_SYSTEMOVERVIEW_ENABLE : 5065 _ADMIN_SYSTEMOVERVIEW_DISABLE; 5066 echo "\t\t" . '<td>' . $modrewrite . "</td>\n"; 5067 echo "\t</tr>\n"; 5068 echo "</table>\n"; 5069 5070 // Information about the used Nucleus CMS 5071 echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . "</h3>\n"; 5072 global $nucleus; 5073 $nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')'; 5074 $np = getNucleusPatchLevel(); 5075 echo "<table>\n"; 5076 echo "\t<tr>"; 5077 echo "\t\t" . '<th colspan="2">Nucleus CMS' . "</th>\n"; 5078 echo "\t</tr><tr>\n"; 5079 echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . "</td>\n"; 5080 echo "\t\t" . '<td>' . $nv . "</td>\n"; 5081 echo "\t</tr><tr>\n"; 5082 echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . "</td>\n"; 5083 echo "\t\t" . '<td>' . $np . "</td>\n"; 5084 echo "\t</tr>\n"; 5085 echo "</table>\n"; 5086 5087 // Important settings of the installation 5088 echo "<table>\n"; 5089 echo "\t<tr>"; 5090 echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . "</th>\n"; 5091 echo "\t</tr><tr>\n"; 5092 echo "\t\t" . '<td width="50%">' . '$CONF[' . "'Self']</td>\n"; 5093 echo "\t\t" . '<td>' . $CONF['Self'] . "</td>\n"; 5094 echo "\t</tr><tr>\n"; 5095 echo "\t\t" . '<td width="50%">' . '$CONF[' . "'ItemURL']</td>\n"; 5096 echo "\t\t" . '<td>' . $CONF['ItemURL'] . "</td>\n"; 5097 echo "\t</tr><tr>\n"; 5098 echo "\t\t" . '<td width="50%">' . '$CONF[' . "'alertOnHeadersSent']</td>\n"; 5099 $ohs = $CONF['alertOnHeadersSent'] ? 5100 _ADMIN_SYSTEMOVERVIEW_ENABLE : 5101 _ADMIN_SYSTEMOVERVIEW_DISABLE; 5102 echo "\t\t" . '<td>' . $ohs . "</td>\n"; 5103 echo "\t</tr>\n"; 5104 echo "</table>\n"; 5105 5106 // Link to the online version test at the Nucleus CMS website 5107 echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK . "</h3>\n"; 5108 if ($nucleus['codename'] != '') { 5109 $codenamestring = ' "' . $nucleus['codename'] . '"'; 5110 } else { 5111 $codenamestring = ''; 5112 } 5113 echo _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TXT; 5114 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel()); 5115 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">'; 5116 echo 'Nucleus CMS ' . $nv . $codenamestring; 5117 echo '</a>'; 5118 //echo '<br />'; 5119 } 5120 else { 5121 echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN; 5122 } 5123 5124 $this->pagefoot(); 5125 } 5126 5127 /** 5128 * @todo document this 5129 */ 5130 function updateConfig($name, $val) { 5131 $name = addslashes($name); 5132 $val = trim(addslashes($val)); 5133 5134 $query = 'UPDATE '.sql_table('config') 5135 . " SET value='$val'" 5136 . " WHERE name='$name'"; 5137 5138 sql_query($query) or die("Query error: " . sql_error()); 5139 return sql_insert_id(); 5140 } 5141 5142 /** 5143 * Error message 5144 * @param string $msg message that will be shown 5145 */ 5146 function error($msg) { 5147 $this->pagehead(); 5148 ?> 5149 <h2>Error!</h2> 5150 <?php echo $msg; 5151 echo "<br />"; 5152 echo "<a href='index.php' onclick='history.back()'>"._BACK."</a>"; 5153 $this->pagefoot(); 5154 exit; 5155 } 5156 5157 /** 5158 * @todo document this 5159 */ 5160 function disallow() { 5161 ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI')); 5162 5163 $this->error(_ERROR_DISALLOWED); 5164 } 5165 5166 /** 5167 * @todo document this 5168 */ 5169 function pagehead($extrahead = '') { 5170 global $member, $nucleus, $CONF, $manager; 5171 5172 $manager->notify( 5173 'AdminPrePageHead', 5174 array( 5175 'extrahead' => &$extrahead, 5176 'action' => $this->action 5177 ) 5178 ); 5179 5180 $baseUrl = htmlspecialchars($CONF['AdminURL']); 5181 5182 ?> 5183 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 5184 <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>> 5185 <head> 5186 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" /> 5187 <title><?php echo htmlspecialchars($CONF['SiteName'])?> - Admin</title> 5188 <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" href="<?php echo $baseUrl?>styles/admin.css" /> 5189 <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" 5190 href="<?php echo $baseUrl?>styles/addedit.css" /> 5191 5192 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/edit.js"></script> 5193 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/admin.js"></script> 5194 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/compatibility.js"></script> 5195 5196 <meta http-equiv='Pragma' content='no-cache' /> 5197 <meta http-equiv='Cache-Control' content='no-cache, must-revalidate' /> 5198 <meta http-equiv='Expires' content='-1' /> 5199 5200 <?php echo $extrahead?> 5201 </head> 5202 <body> 5203 <div id="adminwrapper"> 5204 <div class="header"> 5205 <h1><?php echo htmlspecialchars($CONF['SiteName'])?></h1> 5206 </div> 5207 <div id="container"> 5208 <div id="content"> 5209 <div class="loginname"> 5210 <?php if ($member->isLoggedIn()) 5211 echo _LOGGEDINAS . ' ' . $member->getDisplayName() 5212 ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a>" 5213 . "<br /><a href='index.php?action=overview'>" . _ADMINHOME . "</a> - "; 5214 else 5215 echo '<a href="index.php?action=showlogin" title="Log in">' , _NOTLOGGEDIN , '</a> <br />'; 5216 5217 echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a>"; 5218 5219 echo '<br />('; 5220 5221 $codenamestring = ($nucleus['codename']!='')? ' "'.$nucleus['codename'].'"':''; 5222 5223 if ($member->isLoggedIn() && $member->isAdmin()) { 5224 $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel()); 5225 echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>'; 5226 $newestVersion = getLatestVersion(); 5227 $newestCompare = str_replace('/','.',$newestVersion); 5228 $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']); 5229 if ($newestVersion && version_compare($newestCompare,$currentVersion) > 0) { 5230 echo '<br /><a style="color:red" href="http://nucleuscms.org/upgrade.php" title="'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE.'">'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT.$newestVersion.'</a>'; 5231 } 5232 } else { 5233 echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring; 5234 } 5235 echo ')'; 5236 echo '</div>'; 5237 } 5238 5239 /** 5240 * @todo document this 5241 */ 5242 function pagefoot() { 5243 global $action, $member, $manager; 5244 5245 $manager->notify( 5246 'AdminPrePageFoot', 5247 array( 5248 'action' => $this->action 5249 ) 5250 ); 5251 5252 if ($member->isLoggedIn() && ($action != 'showlogin')) { 5253 ?> 5254 <h2><?php echo _LOGOUT ?></h2> 5255 <ul> 5256 <li><a href="index.php?action=overview"><?php echo _BACKHOME?></a></li> 5257 <li><a href='index.php?action=logout'><?php echo _LOGOUT?></a></li> 5258 </ul> 5259 <?php } 5260 ?> 5261 <div class="foot"> 5262 <a href="<?php echo _ADMINPAGEFOOT_OFFICIALURL ?>">Nucleus CMS</a> © 2002-<?php echo date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT; ?> 5263 - 5264 <a href="<?php echo _ADMINPAGEFOOT_DONATEURL ?>"><?php echo _ADMINPAGEFOOT_DONATE ?></a> 5265 </div> 5266 5267 </div><!-- content --> 5268 5269 <div id="quickmenu"> 5270 5271 <?php // ---- user settings ---- 5272 if (($action != 'showlogin') && ($member->isLoggedIn())) { 5273 echo '<ul>'; 5274 echo '<li><a href="index.php?action=overview">',_QMENU_HOME,'</a></li>'; 5275 echo '</ul>'; 5276 5277 echo '<h2>',_QMENU_ADD,'</h2>'; 5278 echo '<form method="get" action="index.php"><div>'; 5279 echo '<input type="hidden" name="action" value="createitem" />'; 5280 5281 $showAll = requestVar('showall'); 5282 if (($member->isAdmin()) && ($showAll == 'yes')) { 5283 // Super-Admins have access to all blogs! (no add item support though) 5284 $query = 'SELECT bnumber as value, bname as text' 5285 . ' FROM ' . sql_table('blog') 5286 . ' ORDER BY bname'; 5287 } else { 5288 $query = 'SELECT bnumber as value, bname as text' 5289 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') 5290 . ' WHERE tblog=bnumber and tmember=' . $member->getID() 5291 . ' ORDER BY bname'; 5292 } 5293 $template['name'] = 'blogid'; 5294 $template['tabindex'] = 15000; 5295 $template['extra'] = _QMENU_ADD_SELECT; 5296 $template['selected'] = -1; 5297 $template['shorten'] = 10; 5298 $template['shortenel'] = ''; 5299 $template['javascript'] = 'onchange="return form.submit()"'; 5300 showlist($query,'select',$template); 5301 5302 echo '</div></form>'; 5303 5304 echo '<h2>' . $member->getDisplayName(). '</h2>'; 5305 echo '<ul>'; 5306 echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . '</a></li>'; 5307 echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . '</a></li>'; 5308 echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . '</a></li>'; 5309 echo '</ul>'; 5310 5311 5312 5313 5314 // ---- general settings ---- 5315 if ($member->isAdmin()) { 5316 5317 echo '<h2>',_QMENU_MANAGE,'</h2>'; 5318 5319 echo '<ul>'; 5320 echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . '</a></li>'; 5321 echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . '</a></li>'; 5322 echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . '</a></li>'; 5323 echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . '</a></li>'; 5324 echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . '</a></li>'; 5325 echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . '</a></li>'; 5326 echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . '</a></li>'; 5327 echo '</ul>'; 5328 5329 echo '<h2>',_QMENU_LAYOUT,'</h2>'; 5330 echo '<ul>'; 5331 echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . '</a></li>'; 5332 echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . '</a></li>'; 5333 echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . '</a></li>'; 5334 echo '</ul>'; 5335 5336 } 5337 5338 $aPluginExtras = array(); 5339 $manager->notify( 5340 'QuickMenu', 5341 array( 5342 'options' => &$aPluginExtras 5343 ) 5344 ); 5345 if (count($aPluginExtras) > 0) 5346 { 5347 echo '<h2>', _QMENU_PLUGINS, '</h2>'; 5348 echo '<ul>'; 5349 foreach ($aPluginExtras as $aInfo) 5350 { 5351 echo '<li><a href="'.htmlspecialchars($aInfo['url']).'" title="'.htmlspecialchars($aInfo['tooltip']).'">'.htmlspecialchars($aInfo['title']).'</a></li>'; 5352 } 5353 echo '</ul>'; 5354 } 5355 5356 } else if (($action == 'activate') || ($action == 'activatesetpwd')) { 5357 5358 echo '<h2>', _QMENU_ACTIVATE, '</h2>', _QMENU_ACTIVATE_TEXT; 5359 } else { 5360 // introduction text on login screen 5361 echo '<h2>', _QMENU_INTRO, '</h2>', _QMENU_INTRO_TEXT; 5362 } 5363 ?> 5364 </div> 5365 5366 <!-- content / quickmenu container --> 5367 <div class="clear"></div> <!-- new --> 5368 </div> 5369 5370 <!-- adminwrapper --> <!-- new --> 5371 </div> <!-- new --> 5372 </body> 5373 </html> 5374 <?php } 5375 5376 /** 5377 * @todo document this 5378 */ 5379 function action_regfile() { 5380 global $member, $CONF; 5381 5382 $blogid = intRequestVar('blogid'); 5383 5384 $member->teamRights($blogid) or $this->disallow(); 5385 5386 // header-code stolen from phpMyAdmin 5387 // REGEDIT and bookmarklet code stolen from GreyMatter 5388 5389 $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid)); 5390 5391 5392 header('Content-Type: application/octetstream'); 5393 header('Content-Disposition: filename="nucleus.reg"'); 5394 header('Pragma: no-cache'); 5395 header('Expires: 0'); 5396 5397 echo "REGEDIT4\n"; 5398 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n"; 5399 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n"; 5400 echo '"contexts"=hex:31'; 5401 } 5402 5403 /** 5404 * @todo document this 5405 */ 5406 function action_bookmarklet() { 5407 global $member, $manager; 5408 5409 $blogid = intRequestVar('blogid'); 5410 5411 $member->teamRights($blogid) or $this->disallow(); 5412 5413 $blog =& $manager->getBlog($blogid); 5414 $bm = getBookmarklet($blogid); 5415 5416 $this->pagehead(); 5417 5418 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 5419 5420 ?> 5421 5422 <h2><?php echo _BOOKMARKLET_TITLE ?></h2> 5423 5424 <p> 5425 <?php echo _BOOKMARKLET_DESC1 . _BOOKMARKLET_DESC2 . _BOOKMARKLET_DESC3 . _BOOKMARKLET_DESC4 . _BOOKMARKLET_DESC5 ?> 5426 </p> 5427 5428 <h3><?php echo _BOOKMARKLET_BOOKARKLET ?></h3> 5429 <p> 5430 <?php echo _BOOKMARKLET_BMARKTEXT ?><small><?php echo _BOOKMARKLET_BMARKTEST ?></small> 5431 <br /> 5432 <br /> 5433 <?php echo '<a href="' . htmlspecialchars($bm, ENT_QUOTES) . '">' . sprintf(_BOOKMARKLET_ANCHOR, htmlspecialchars($blog->getName(), ENT_QUOTES)) . '</a>' . _BOOKMARKLET_BMARKFOLLOW; ?> 5434 </p> 5435 5436 <h3><?php echo _BOOKMARKLET_RIGHTCLICK ?></h3> 5437 <p> 5438 <?php 5439 $url = 'index.php?action=regfile&blogid=' . intval($blogid); 5440 $url = $manager->addTicketToUrl($url); 5441 ?> 5442 <?php echo _BOOKMARKLET_RIGHTTEXT1 . '<a href="' . htmlspecialchars($url, ENT_QUOTES, "SJIS") . '">' . _BOOKMARKLET_RIGHTLABEL . '</a>' . _BOOKMARKLET_RIGHTTEXT2; ?> 5443 </p> 5444 5445 <p> 5446 <?php echo _BOOKMARKLET_RIGHTTEXT3 ?> 5447 </p> 5448 5449 <h3><?php echo _BOOKMARKLET_UNINSTALLTT ?></h3> 5450 <p> 5451 <?php echo _BOOKMARKLET_DELETEBAR ?> 5452 </p> 5453 5454 <p> 5455 <?php echo _BOOKMARKLET_DELETERIGHTT ?> 5456 </p> 5457 5458 <ol> 5459 <li><?php echo _BOOKMARKLET_DELETERIGHT1 ?></li> 5460 <li><?php echo _BOOKMARKLET_DELETERIGHT2 ?></li> 5461 <li><?php echo _BOOKMARKLET_DELETERIGHT3 ?></li> 5462 <li><?php echo _BOOKMARKLET_DELETERIGHT4 ?></li> 5463 <li><?php echo _BOOKMARKLET_DELETERIGHT5 ?></li> 5464 </ol> 5465 5466 <?php 5467 $this->pagefoot(); 5468 5469 } 5470 5471 /** 5472 * @todo document this 5473 */ 5474 function action_actionlog() { 5475 global $member, $manager; 5476 5477 $member->isAdmin() or $this->disallow(); 5478 5479 $this->pagehead(); 5480 5481 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 5482 5483 $url = $manager->addTicketToUrl('index.php?action=clearactionlog'); 5484 5485 ?> 5486 <h2><?php echo _ACTIONLOG_CLEAR_TITLE?></h2> 5487 <p><a href="<?php echo htmlspecialchars($url)?>"><?php echo _ACTIONLOG_CLEAR_TEXT?></a></p> 5488 <?php 5489 echo '<h2>' . _ACTIONLOG_TITLE . '</h2>'; 5490 5491 $query = 'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC'; 5492 $template['content'] = 'actionlist'; 5493 $amount = showlist($query,'table',$template); 5494 5495 $this->pagefoot(); 5496 5497 } 5498 5499 /** 5500 * @todo document this 5501 */ 5502 function action_banlist() { 5503 global $member, $manager; 5504 5505 $blogid = intRequestVar('blogid'); 5506 5507 $member->blogAdminRights($blogid) or $this->disallow(); 5508 5509 $blog =& $manager->getBlog($blogid); 5510 5511 $this->pagehead(); 5512 5513 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 5514 5515 echo '<h2>' . _BAN_TITLE . " '". $this->bloglink($blog) ."'</h2>"; 5516 5517 $query = 'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid.' ORDER BY iprange'; 5518 $template['content'] = 'banlist'; 5519 $amount = showlist($query,'table',$template); 5520 5521 if ($amount == 0) 5522 echo _BAN_NONE; 5523 5524 echo '<h2>'._BAN_NEW_TITLE.'</h2>'; 5525 echo "<p><a href='index.php?action=banlistnew&blogid=$blogid'>"._BAN_NEW_TEXT."</a></p>"; 5526 5527 5528 $this->pagefoot(); 5529 5530 } 5531 5532 /** 5533 * @todo document this 5534 */ 5535 function action_banlistdelete() { 5536 global $member, $manager; 5537 5538 $blogid = intRequestVar('blogid'); 5539 $iprange = requestVar('iprange'); 5540 5541 $member->blogAdminRights($blogid) or $this->disallow(); 5542 5543 $blog =& $manager->getBlog($blogid); 5544 $banBlogName = htmlspecialchars($blog->getName(), ENT_QUOTES); 5545 5546 $this->pagehead(); 5547 ?> 5548 <h2><?php echo _BAN_REMOVE_TITLE?></h2> 5549 5550 <form method="post" action="index.php"> 5551 5552 <h3><?php echo _BAN_IPRANGE?></h3> 5553 5554 <p> 5555 <?php echo _CONFIRMTXT_BAN?> <?php echo htmlspecialchars($iprange) ?> 5556 <input name="iprange" type="hidden" value="<?php echo htmlspecialchars($iprange)?>" /> 5557 </p> 5558 5559 <h3><?php echo _BAN_BLOGS?></h3> 5560 5561 <div> 5562 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 5563 <input name="allblogs" type="radio" value="0" id="allblogs_one" /> 5564 <label for="allblogs_one"><?php echo sprintf(_BAN_BANBLOGNAME, $banBlogName) ?></label> 5565 <br /> 5566 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label> 5567 </div> 5568 5569 <h3><?php echo _BAN_DELETE_TITLE?></h3> 5570 5571 <div> 5572 <?php $manager->addTicketHidden() ?> 5573 <input type="hidden" name="action" value="banlistdeleteconfirm" /> 5574 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 5575 </div> 5576 5577 </form> 5578 <?php 5579 $this->pagefoot(); 5580 } 5581 5582 /** 5583 * @todo document this 5584 */ 5585 function action_banlistdeleteconfirm() { 5586 global $member, $manager; 5587 5588 $blogid = intPostVar('blogid'); 5589 $allblogs = postVar('allblogs'); 5590 $iprange = postVar('iprange'); 5591 5592 $member->blogAdminRights($blogid) or $this->disallow(); 5593 5594 $deleted = array(); 5595 5596 if (!$allblogs) { 5597 if (BAN::removeBan($blogid, $iprange)) 5598 array_push($deleted, $blogid); 5599 } else { 5600 // get blogs fot which member has admin rights 5601 $adminblogs = $member->getAdminBlogs(); 5602 foreach ($adminblogs as $blogje) { 5603 if (BAN::removeBan($blogje, $iprange)) 5604 array_push($deleted, $blogje); 5605 } 5606 } 5607 5608 if (sizeof($deleted) == 0) 5609 $this->error(_ERROR_DELETEBAN); 5610 5611 $this->pagehead(); 5612 5613 echo '<a href="index.php?action=banlist&blogid=',$blogid,'">(',_BACK,')</a>'; 5614 echo '<h2>'._BAN_REMOVED_TITLE.'</h2>'; 5615 echo "<p>"._BAN_REMOVED_TEXT."</p>"; 5616 5617 echo "<ul>"; 5618 foreach ($deleted as $delblog) { 5619 $b =& $manager->getBlog($delblog); 5620 echo "<li>" . htmlspecialchars($b->getName()). "</li>"; 5621 } 5622 echo "</ul>"; 5623 5624 $this->pagefoot(); 5625 5626 } 5627 5628 /** 5629 * @todo document this 5630 */ 5631 function action_banlistnewfromitem() { 5632 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid'))); 5633 } 5634 5635 /** 5636 * @todo document this 5637 */ 5638 function action_banlistnew($blogid = '') { 5639 global $member, $manager; 5640 5641 if ($blogid == '') 5642 $blogid = intRequestVar('blogid'); 5643 5644 $ip = requestVar('ip'); 5645 5646 $member->blogAdminRights($blogid) or $this->disallow(); 5647 5648 $blog =& $manager->getBlog($blogid); 5649 5650 $this->pagehead(); 5651 ?> 5652 <h2><?php echo _BAN_ADD_TITLE?></h2> 5653 5654 5655 <form method="post" action="index.php"> 5656 5657 <h3><?php echo _BAN_IPRANGE?></h3> 5658 5659 <p><?php echo _BAN_IPRANGE_TEXT?></p> 5660 5661 <div class="note"> 5662 <strong><?php echo _BAN_EXAMPLE_TITLE ?></strong> 5663 <?php echo _BAN_EXAMPLE_TEXT ?> 5664 </div> 5665 5666 <div> 5667 <?php 5668 if ($ip) { 5669 $iprangeVal = htmlspecialchars($ip, ENT_QUOTES); 5670 ?> 5671 <input name="iprange" type="radio" value="<?php echo $iprangeVal ?>" checked="checked" id="ip_fixed" /> 5672 <label for="ip_fixed"><?php echo $iprangeVal ?></label> 5673 <br /> 5674 <input name="iprange" type="radio" value="custom" id="ip_custom" /> 5675 <label for="ip_custom"><?php echo _BAN_IP_CUSTOM ?></label> 5676 <input name='customiprange' value='<?php echo $iprangeVal ?>' maxlength='15' size='15' /> 5677 <?php 5678 } else { 5679 echo "<input name='iprange' value='custom' type='hidden' />"; 5680 echo "<input name='customiprange' value='' maxlength='15' size='15' />"; 5681 } 5682 ?> 5683 </div> 5684 5685 <h3><?php echo _BAN_BLOGS?></h3> 5686 5687 <p><?php echo _BAN_BLOGS_TEXT?></p> 5688 5689 <div> 5690 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 5691 <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">'<?php echo htmlspecialchars($blog->getName())?>'</label> 5692 <br /> 5693 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label> 5694 </div> 5695 5696 <h3><?php echo _BAN_REASON_TITLE?></h3> 5697 5698 <p><?php echo _BAN_REASON_TEXT?></p> 5699 5700 <div><textarea name="reason" cols="40" rows="5"></textarea></div> 5701 5702 <h3><?php echo _BAN_ADD_TITLE?></h3> 5703 5704 <div> 5705 <input name="action" type="hidden" value="banlistadd" /> 5706 <?php $manager->addTicketHidden() ?> 5707 <input type="submit" value="<?php echo _BAN_ADD_BTN?>" /> 5708 </div> 5709 5710 </form> 5711 5712 <?php $this->pagefoot(); 5713 } 5714 5715 /** 5716 * @todo document this 5717 */ 5718 function action_banlistadd() { 5719 global $member; 5720 5721 $blogid = intPostVar('blogid'); 5722 $allblogs = postVar('allblogs'); 5723 $iprange = postVar('iprange'); 5724 if ($iprange == "custom") 5725 $iprange = postVar('customiprange'); 5726 $reason = postVar('reason'); 5727 5728 $member->blogAdminRights($blogid) or $this->disallow(); 5729 5730 // TODO: check IP range validity 5731 5732 if (!$allblogs) { 5733 if (!BAN::addBan($blogid, $iprange, $reason)) 5734 $this->error(_ERROR_ADDBAN); 5735 } else { 5736 // get blogs fot which member has admin rights 5737 $adminblogs = $member->getAdminBlogs(); 5738 $failed = 0; 5739 foreach ($adminblogs as $blogje) { 5740 if (!BAN::addBan($blogje, $iprange, $reason)) 5741 $failed = 1; 5742 } 5743 if ($failed) 5744 $this->error(_ERROR_ADDBAN); 5745 } 5746 5747 $this->action_banlist(); 5748 5749 } 5750 5751 /** 5752 * @todo document this 5753 */ 5754 function action_clearactionlog() { 5755 global $member; 5756 5757 $member->isAdmin() or $this->disallow(); 5758 5759 ACTIONLOG::clear(); 5760 5761 $this->action_manage(_MSG_ACTIONLOGCLEARED); 5762 } 5763 5764 /** 5765 * @todo document this 5766 */ 5767 function action_backupoverview() { 5768 global $member, $manager; 5769 5770 $member->isAdmin() or $this->disallow(); 5771 5772 $this->pagehead(); 5773 5774 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 5775 ?> 5776 <h2><?php echo _BACKUPS_TITLE?></h2> 5777 5778 <h3><?php echo _BACKUP_TITLE?></h3> 5779 5780 <p><?php echo _BACKUP_INTRO?></p> 5781 5782 <form method="post" action="index.php"><p> 5783 <input type="hidden" name="action" value="backupcreate" /> 5784 <?php $manager->addTicketHidden() ?> 5785 5786 <input type="radio" name="gzip" value="1" checked="checked" id="gzip_yes" tabindex="10" /><label for="gzip_yes"><?php echo _BACKUP_ZIP_YES?></label> 5787 <br /> 5788 <input type="radio" name="gzip" value="0" id="gzip_no" tabindex="10" /><label for="gzip_no" ><?php echo _BACKUP_ZIP_NO?></label> 5789 <br /><br /> 5790 <input type="submit" value="<?php echo _BACKUP_BTN?>" tabindex="20" /> 5791 5792 </p></form> 5793 5794 <div class="note"><?php echo _BACKUP_NOTE?></div> 5795 5796 5797 <h3><?php echo _RESTORE_TITLE?></h3> 5798 5799 <div class="note"><?php echo _RESTORE_NOTE?></div> 5800 5801 <p><?php echo _RESTORE_INTRO?></p> 5802 5803 <form method="post" action="index.php" enctype="multipart/form-data"><p> 5804 <input type="hidden" name="action" value="backuprestore" /> 5805 <?php $manager->addTicketHidden() ?> 5806 <input name="backup_file" type="file" tabindex="30" /> 5807 <br /><br /> 5808 <input type="submit" value="<?php echo _RESTORE_BTN?>" tabindex="40" /> 5809 <br /><input type="checkbox" name="letsgo" value="1" id="letsgo" tabindex="50" /><label for="letsgo"><?php echo _RESTORE_IMSURE?></label> 5810 <br /><?php echo _RESTORE_WARNING?> 5811 </p></form> 5812 5813 <?php $this->pagefoot(); 5814 } 5815 5816 /** 5817 * @todo document this 5818 */ 5819 function action_backupcreate() { 5820 global $member, $DIR_LIBS; 5821 5822 $member->isAdmin() or $this->disallow(); 5823 5824 // use compression ? 5825 $useGzip = intval(postVar('gzip')); 5826 5827 include ($DIR_LIBS . 'backup.php'); 5828 5829 // try to extend time limit 5830 // (creating/restoring dumps might take a while) 5831 @set_time_limit(1200); 5832 5833 $bu = new Backup(); 5834 $bu->do_backup($useGzip); 5835 exit; 5836 } 5837 5838 /** 5839 * @todo document this 5840 */ 5841 function action_backuprestore() { 5842 global $member, $DIR_LIBS; 5843 5844 $member->isAdmin() or $this->disallow(); 5845 5846 if (intPostVar('letsgo') != 1) 5847 $this->error(_ERROR_BACKUP_NOTSURE); 5848 5849 include ($DIR_LIBS . 'backup.php'); 5850 5851 // try to extend time limit 5852 // (creating/restoring dumps might take a while) 5853 @set_time_limit(1200); 5854 5855 $bu = new Backup(); 5856 $message = $bu->do_restore(); 5857 if ($message != '') 5858 $this->error($message); 5859 5860 $this->pagehead(); 5861 ?> 5862 <h2><?php echo _RESTORE_COMPLETE?></h2> 5863 <?php $this->pagefoot(); 5864 5865 } 5866 5867 /** 5868 * @todo document this 5869 */ 5870 function action_pluginlist() { 5871 global $member, $manager; 5872 5873 // check if allowed 5874 $member->isAdmin() or $this->disallow(); 5875 5876 $this->pagehead(); 5877 5878 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 5879 5880 echo '<h2>' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '</h2>'; 5881 5882 echo '<h3>' , _PLUGS_TITLE_INSTALLED , ' <span style="font-size:smaller">', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, '</a></span></h3>'; 5883 5884 5885 $query = 'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC'; 5886 5887 $template['content'] = 'pluginlist'; 5888 $template['tabindex'] = 10; 5889 showlist($query, 'table', $template); 5890 5891 ?> 5892 <h3><?php echo _PLUGS_TITLE_UPDATE?></h3> 5893 5894 <p><?php echo _PLUGS_TEXT_UPDATE?></p> 5895 5896 <form method="post" action="index.php"><div> 5897 <input type="hidden" name="action" value="pluginupdate" /> 5898 <?php $manager->addTicketHidden() ?> 5899 <input type="submit" value="<?php echo _PLUGS_BTN_UPDATE ?>" tabindex="20" /> 5900 </div></form> 5901 5902 <h3><?php echo _PLUGS_TITLE_NEW?></h3> 5903 5904 <?php // find a list of possibly non-installed plugins 5905 $candidates = array(); 5906 global $DIR_PLUGINS; 5907 $dirhandle = opendir($DIR_PLUGINS); 5908 while ($filename = readdir($dirhandle)) { 5909 if (ereg('^NP_(.*)\.php$',$filename,$matches)) { 5910 $name = $matches[1]; 5911 // only show in list when not yet installed 5912 $res = sql_query('SELECT * FROM '.sql_table('plugin').' WHERE pfile="NP_'.addslashes($name).'"'); 5913 if (sql_num_rows($res) == 0) 5914 array_push($candidates,$name); 5915 } 5916 } 5917 closedir($dirhandle); 5918 5919 if (sizeof($candidates) > 0) { 5920 ?> 5921 5922 <p><?php echo _PLUGS_ADD_TEXT?></p> 5923 5924 5925 <form method='post' action='index.php'><div> 5926 <input type='hidden' name='action' value='pluginadd' /> 5927 <?php $manager->addTicketHidden() ?> 5928 <select name="filename" tabindex="30"> 5929 <?php foreach($candidates as $name) 5930 echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>'; 5931 ?> 5932 </select> 5933 <input type='submit' tabindex="40" value='<?php echo _PLUGS_BTN_INSTALL?>' /> 5934 </div></form> 5935 5936 <?php } else { // sizeof(candidates) == 0 5937 echo '<p>',_PLUGS_NOCANDIDATES,'</p>'; 5938 } 5939 5940 $this->pagefoot(); 5941 } 5942 5943 /** 5944 * @todo document this 5945 */ 5946 function action_pluginhelp() { 5947 global $member, $manager, $DIR_PLUGINS, $CONF; 5948 5949 // check if allowed 5950 $member->isAdmin() or $this->disallow(); 5951 5952 $plugid = intGetVar('plugid'); 5953 5954 if (!$manager->pidInstalled($plugid)) 5955 $this->error(_ERROR_NOSUCHPLUGIN); 5956 5957 $plugName = getPluginNameFromPid($plugid); 5958 5959 $this->pagehead(); 5960 5961 echo '<p><a href="index.php?action=pluginlist">(',_PLUGS_BACK,')</a></p>'; 5962 5963 echo '<h2>',_PLUGS_HELP_TITLE,': ',htmlspecialchars($plugName),'</h2>'; 5964 5965 $plug =& $manager->getPlugin($plugName); 5966 $helpFile = $DIR_PLUGINS.$plug->getShortName().'/help.html'; 5967 5968 if (($plug->supportsFeature('HelpPage') > 0) && (@file_exists($helpFile))) { 5969 @readfile($helpFile); 5970 } else { 5971 echo '<p>Error: ', _ERROR_PLUGNOHELPFILE,'</p>'; 5972 echo '<p><a href="index.php?action=pluginlist">(',_BACK,')</a></p>'; 5973 } 5974 5975 5976 $this->pagefoot(); 5977 } 5978 5979 /** 5980 * @todo document this 5981 */ 5982 function action_pluginadd() { 5983 global $member, $manager, $DIR_PLUGINS; 5984 5985 // check if allowed 5986 $member->isAdmin() or $this->disallow(); 5987 5988 $name = postVar('filename'); 5989 5990 if ($manager->pluginInstalled($name)) 5991 $this->error(_ERROR_DUPPLUGIN); 5992 if (!checkPlugin($name)) 5993 $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')'); 5994 5995 // get number of currently installed plugins 5996 $res = sql_query('SELECT * FROM '.sql_table('plugin')); 5997 $numCurrent = sql_num_rows($res); 5998 5999 // plugin will be added as last one in the list 6000 $newOrder = $numCurrent + 1; 6001 6002 $manager->notify( 6003 'PreAddPlugin', 6004 array( 6005 'file' => &$name 6006 ) 6007 ); 6008 6009 // do this before calling getPlugin (in case the plugin id is used there) 6010 $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.addslashes($name).'")'; 6011 sql_query($query); 6012 $iPid = sql_insert_id(); 6013 6014 $manager->clearCachedInfo('installedPlugins'); 6015 6016 // Load the plugin for condition checking and instalation 6017 $plugin =& $manager->getPlugin($name); 6018 6019 // check if it got loaded (could have failed) 6020 if (!$plugin) 6021 { 6022 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid)); 6023 $manager->clearCachedInfo('installedPlugins'); 6024 $this->error(_ERROR_PLUGIN_LOAD); 6025 } 6026 6027 // check if plugin needs a newer Nucleus version 6028 if (getNucleusVersion() < $plugin->getMinNucleusVersion()) 6029 { 6030 // uninstall plugin again... 6031 $this->deleteOnePlugin($plugin->getID()); 6032 6033 // ...and show error 6034 $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion())); 6035 } 6036 6037 // check if plugin needs a newer Nucleus version 6038 if ((getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel())) 6039 { 6040 // uninstall plugin again... 6041 $this->deleteOnePlugin($plugin->getID()); 6042 6043 // ...and show error 6044 $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) ); 6045 } 6046 6047 $pluginList = $plugin->getPluginDep(); 6048 foreach ($pluginList as $pluginName) 6049 { 6050 6051 $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"'); 6052 if (sql_num_rows($res) == 0) 6053 { 6054 // uninstall plugin again... 6055 $this->deleteOnePlugin($plugin->getID()); 6056 6057 $this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES))); 6058 } 6059 } 6060 6061 // call the install method of the plugin 6062 $plugin->install(); 6063 6064 $manager->notify( 6065 'PostAddPlugin', 6066 array( 6067 'plugin' => &$plugin 6068 ) 6069 ); 6070 6071 // update all events 6072 $this->action_pluginupdate(); 6073 } 6074 6075 /** 6076 * @todo document this 6077 */ 6078 function action_pluginupdate() { 6079 global $member, $manager, $CONF; 6080 6081 // check if allowed 6082 $member->isAdmin() or $this->disallow(); 6083 6084 // delete everything from plugin_events 6085 sql_query('DELETE FROM '.sql_table('plugin_event')); 6086 6087 // loop over all installed plugins 6088 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin')); 6089 while($o = sql_fetch_object($res)) { 6090 $pid = $o->pid; 6091 $plug =& $manager->getPlugin($o->pfile); 6092 if ($plug) 6093 { 6094 $eventList = $plug->getEventList(); 6095 foreach ($eventList as $eventName) 6096 sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.addslashes($eventName).'\')'); 6097 } 6098 } 6099 6100 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6101 // $this->action_pluginlist(); 6102 } 6103 6104 /** 6105 * @todo document this 6106 */ 6107 function action_plugindelete() { 6108 global $member, $manager; 6109 6110 // check if allowed 6111 $member->isAdmin() or $this->disallow(); 6112 6113 $pid = intGetVar('plugid'); 6114 6115 if (!$manager->pidInstalled($pid)) 6116 $this->error(_ERROR_NOSUCHPLUGIN); 6117 6118 $this->pagehead(); 6119 ?> 6120 <h2><?php echo _DELETE_CONFIRM?></h2> 6121 6122 <p><?php echo _CONFIRMTXT_PLUGIN?> <strong><?php echo getPluginNameFromPid($pid)?></strong>?</p> 6123 6124 <form method="post" action="index.php"><div> 6125 <?php $manager->addTicketHidden() ?> 6126 <input type="hidden" name="action" value="plugindeleteconfirm" /> 6127 <input type="hidden" name="plugid" value="<?php echo $pid; ?>" /> 6128 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 6129 </div></form> 6130 <?php 6131 $this->pagefoot(); 6132 } 6133 6134 /** 6135 * @todo document this 6136 */ 6137 function action_plugindeleteconfirm() { 6138 global $member, $manager, $CONF; 6139 6140 // check if allowed 6141 $member->isAdmin() or $this->disallow(); 6142 6143 $pid = intPostVar('plugid'); 6144 6145 $error = $this->deleteOnePlugin($pid, 1); 6146 if ($error) { 6147 $this->error($error); 6148 } 6149 6150 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6151 // $this->action_pluginlist(); 6152 } 6153 6154 /** 6155 * @todo document this 6156 */ 6157 function deleteOnePlugin($pid, $callUninstall = 0) { 6158 global $manager; 6159 6160 $pid = intval($pid); 6161 6162 if (!$manager->pidInstalled($pid)) 6163 return _ERROR_NOSUCHPLUGIN; 6164 6165 $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid); 6166 6167 /* // call the unInstall method of the plugin 6168 if ($callUninstall) { 6169 $plugin =& $manager->getPlugin($name); 6170 if ($plugin) $plugin->unInstall(); 6171 }*/ 6172 6173 // check dependency before delete 6174 $res = sql_query('SELECT pfile FROM '.sql_table('plugin')); 6175 while($o = sql_fetch_object($res)) { 6176 $plug =& $manager->getPlugin($o->pfile); 6177 if ($plug) 6178 { 6179 $depList = $plug->getPluginDep(); 6180 foreach ($depList as $depName) 6181 { 6182 if ($name == $depName) 6183 { 6184 return sprintf(_ERROR_DELREQPLUGIN, $o->pfile); 6185 } 6186 } 6187 } 6188 } 6189 6190 $manager->notify('PreDeletePlugin', array('plugid' => $pid)); 6191 6192 // call the unInstall method of the plugin 6193 if ($callUninstall) { 6194 $plugin =& $manager->getPlugin($name); 6195 if ($plugin) $plugin->unInstall(); 6196 } 6197 6198 // delete all subscriptions 6199 sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid); 6200 6201 // delete all options 6202 // get OIDs from plugin_option_desc 6203 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); 6204 $aOIDs = array(); 6205 while ($o = sql_fetch_object($res)) { 6206 array_push($aOIDs, $o->oid); 6207 } 6208 6209 // delete from plugin_option and plugin_option_desc 6210 sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid); 6211 if (count($aOIDs) > 0) 6212 sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')'); 6213 6214 // update order numbers 6215 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid); 6216 $o = sql_fetch_object($res); 6217 sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder); 6218 6219 // delete row 6220 sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid); 6221 6222 $manager->clearCachedInfo('installedPlugins'); 6223 $manager->notify('PostDeletePlugin', array('plugid' => $pid)); 6224 6225 return ''; 6226 } 6227 6228 /** 6229 * @todo document this 6230 */ 6231 function action_pluginup() { 6232 global $member, $manager, $CONF; 6233 6234 // check if allowed 6235 $member->isAdmin() or $this->disallow(); 6236 6237 $plugid = intGetVar('plugid'); 6238 6239 if (!$manager->pidInstalled($plugid)) 6240 $this->error(_ERROR_NOSUCHPLUGIN); 6241 6242 // 1. get old order number 6243 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); 6244 $o = sql_fetch_object($res); 6245 $oldOrder = $o->porder; 6246 6247 // 2. calculate new order number 6248 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; 6249 6250 // 3. update plug numbers 6251 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); 6252 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); 6253 6254 //$this->action_pluginlist(); 6255 // To avoid showing ticket in the URL, redirect to pluginlist, instead. 6256 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6257 } 6258 6259 /** 6260 * @todo document this 6261 */ 6262 function action_plugindown() { 6263 global $member, $manager, $CONF; 6264 6265 // check if allowed 6266 $member->isAdmin() or $this->disallow(); 6267 6268 $plugid = intGetVar('plugid'); 6269 if (!$manager->pidInstalled($plugid)) 6270 $this->error(_ERROR_NOSUCHPLUGIN); 6271 6272 // 1. get old order number 6273 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); 6274 $o = sql_fetch_object($res); 6275 $oldOrder = $o->porder; 6276 6277 $res = sql_query('SELECT * FROM '.sql_table('plugin')); 6278 $maxOrder = sql_num_rows($res); 6279 6280 // 2. calculate new order number 6281 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; 6282 6283 // 3. update plug numbers 6284 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); 6285 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); 6286 6287 //$this->action_pluginlist(); 6288 // To avoid showing ticket in the URL, redirect to pluginlist, instead. 6289 redirect($CONF['AdminURL'] . '?action=pluginlist'); 6290 } 6291 6292 /** 6293 * @todo document this 6294 */ 6295 function action_pluginoptions($message = '') { 6296 global $member, $manager; 6297 6298 // check if allowed 6299 $member->isAdmin() or $this->disallow(); 6300 6301 $pid = intRequestVar('plugid'); 6302 if (!$manager->pidInstalled($pid)) 6303 $this->error(_ERROR_NOSUCHPLUGIN); 6304 6305 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 6306 $pluginName = htmlspecialchars(getPluginNameFromPid($pid), ENT_QUOTES); 6307 $this->pagehead($extrahead); 6308 6309 ?> 6310 <p><a href="index.php?action=pluginlist">(<?php echo _PLUGS_BACK?>)</a></p> 6311 6312 <h2><?php echo sprintf(_PLUGIN_OPTIONS_TITLE, $pluginName) ?></h2> 6313 6314 <?php if ($message) echo $message?> 6315 6316 <form action="index.php" method="post"> 6317 <div> 6318 <input type="hidden" name="action" value="pluginoptionsupdate" /> 6319 <input type="hidden" name="plugid" value="<?php echo $pid?>" /> 6320 6321 <?php 6322 6323 $manager->addTicketHidden(); 6324 6325 $aOptions = array(); 6326 $aOIDs = array(); 6327 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC'; 6328 $r = sql_query($query); 6329 while ($o = sql_fetch_object($r)) { 6330 array_push($aOIDs, $o->oid); 6331 $aOptions[$o->oid] = array( 6332 'oid' => $o->oid, 6333 'value' => $o->odef, 6334 'name' => $o->oname, 6335 'description' => $o->odesc, 6336 'type' => $o->otype, 6337 'typeinfo' => $o->oextra, 6338 'contextid' => 0 6339 ); 6340 } 6341 // fill out actual values 6342 if (count($aOIDs) > 0) { 6343 $r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')'); 6344 while ($o = sql_fetch_object($r)) 6345 $aOptions[$o->oid]['value'] = $o->ovalue; 6346 } 6347 6348 // call plugins 6349 $manager->notify('PrePluginOptionsEdit',array('context' => 'global', 'plugid' => $pid, 'options'=>&$aOptions)); 6350 6351 $template['content'] = 'plugoptionlist'; 6352 $amount = showlist($aOptions,'table',$template); 6353 if ($amount == 0) 6354 echo '<p>',_ERROR_NOPLUGOPTIONS,'</p>'; 6355 6356 ?> 6357 </div> 6358 </form> 6359 <?php $this->pagefoot(); 6360 6361 6362 6363 } 6364 6365 /** 6366 * @todo document this 6367 */ 6368 function action_pluginoptionsupdate() { 6369 global $member, $manager; 6370 6371 // check if allowed 6372 $member->isAdmin() or $this->disallow(); 6373 6374 $pid = intRequestVar('plugid'); 6375 if (!$manager->pidInstalled($pid)) 6376 $this->error(_ERROR_NOSUCHPLUGIN); 6377 6378 $aOptions = requestArray('plugoption'); 6379 NucleusPlugin::_applyPluginOptions($aOptions); 6380 6381 $manager->notify('PostPluginOptionsUpdate',array('context' => 'global', 'plugid' => $pid)); 6382 6383 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED); 6384 } 6385 6386 /** 6387 * @static 6388 * @todo document this 6389 */ 6390 function _insertPluginOptions($context, $contextid = 0) { 6391 // get all current values for this contextid 6392 // (note: this might contain doubles for overlapping contextids) 6393 $aIdToValue = array(); 6394 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid)); 6395 while ($o = sql_fetch_object($res)) { 6396 $aIdToValue[$o->oid] = $o->ovalue; 6397 } 6398 6399 // get list of oids per pid 6400 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin') 6401 . ' WHERE opid=pid and ocontext=\''.addslashes($context).'\' ORDER BY porder, oid ASC'; 6402 $res = sql_query($query); 6403 $aOptions = array(); 6404 while ($o = sql_fetch_object($res)) { 6405 if (in_array($o->oid, array_keys($aIdToValue))) 6406 $value = $aIdToValue[$o->oid]; 6407 else 6408 $value = $o->odef; 6409 6410 array_push($aOptions, array( 6411 'pid' => $o->pid, 6412 'pfile' => $o->pfile, 6413 'oid' => $o->oid, 6414 'value' => $value, 6415 'name' => $o->oname, 6416 'description' => $o->odesc, 6417 'type' => $o->otype, 6418 'typeinfo' => $o->oextra, 6419 'contextid' => $contextid, 6420 'extra' => '' 6421 )); 6422 } 6423 6424 global $manager; 6425 $manager->notify('PrePluginOptionsEdit',array('context' => $context, 'contextid' => $contextid, 'options'=>&$aOptions)); 6426 6427 6428 $iPrevPid = -1; 6429 foreach ($aOptions as $aOption) { 6430 6431 // new plugin? 6432 if ($iPrevPid != $aOption['pid']) { 6433 $iPrevPid = $aOption['pid']; 6434 if (!defined('_PLUGIN_OPTIONS_TITLE')) { 6435 define('_PLUGIN_OPTIONS_TITLE', 'Options for %s'); 6436 } 6437 echo '<tr><th colspan="2">'.sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)).'</th></tr>'; 6438 } 6439 6440 $meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']); 6441 if (@$meta['access'] != 'hidden') { 6442 echo '<tr>'; 6443 listplug_plugOptionRow($aOption); 6444 echo '</tr>'; 6445 } 6446 6447 } 6448 6449 6450 } 6451 6452 /** 6453 * Helper functions to create option forms etc. 6454 * @todo document parameters 6455 */ 6456 function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO, $isAdmin = 0) { 6457 $id = htmlspecialchars($name); 6458 $id = str_replace('[','-',$id); 6459 $id = str_replace(']','-',$id); 6460 $id1 = $id . htmlspecialchars($value1); 6461 $id2 = $id . htmlspecialchars($value2); 6462 6463 if ($name=="admin") { 6464 echo '<input onclick="selectCanLogin(true);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" '; 6465 } else { 6466 echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" '; 6467 } 6468 6469 if ($checkedval == $value1) 6470 echo "tabindex='$tabindex' checked='checked'"; 6471 echo ' id="'.$id1.'" /><label for="'.$id1.'">' . $yesval . '</label>'; 6472 echo ' '; 6473 if ($name=="admin") { 6474 echo '<input onclick="selectCanLogin(false);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" '; 6475 } else { 6476 echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" '; 6477 } 6478 if ($checkedval != $value1) 6479 echo "tabindex='$tabindex' checked='checked'"; 6480 if ($isAdmin && $name=="canlogin") 6481 echo ' disabled="disabled"'; 6482 echo ' id="'.$id2.'" /><label for="'.$id2.'">' . $noval . '</label>'; 6483 } 6484 6485 } // class ADMIN 6486 6487 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Aug 1 03:56:06 2010 |