00001 <?php 00002 /* 00003 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 00004 * Copyright (C) 2002-2007 The Nucleus Group 00005 * 00006 * This program is free software; you can redistribute it and/or 00007 * modify it under the terms of the GNU General Public License 00008 * as published by the Free Software Foundation; either version 2 00009 * of the License, or (at your option) any later version. 00010 * (see nucleus/documentation/index.html#license for more info) 00011 */ 00021 if ( !function_exists('requestVar') ) exit; 00022 require_once dirname(__FILE__) . '/showlist.php'; 00023 00027 class ADMIN { 00028 00032 var $action; 00033 00037 function ADMIN() { 00038 00039 } 00040 00046 function action($action) { 00047 global $CONF, $manager; 00048 00049 // list of action aliases 00050 $alias = array( 00051 'login' => 'overview', 00052 '' => 'overview' 00053 ); 00054 00055 if (isset($alias[$action])) 00056 $action = $alias[$action]; 00057 00058 $methodName = 'action_' . $action; 00059 00060 $this->action = strtolower($action); 00061 00062 // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action 00063 // is an action that requires user interaction before something is actually done) 00064 // all safe actions are in this array: 00065 $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate'); 00066 /* 00067 // the rest of the actions needs to be checked 00068 $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd'); 00069 */ 00070 if (!in_array($this->action, $aActionsNotToCheck)) 00071 { 00072 if (!$manager->checkTicket()) 00073 $this->error(_ERROR_BADTICKET); 00074 } 00075 00076 if (method_exists($this, $methodName)) 00077 call_user_func(array(&$this, $methodName)); 00078 else 00079 $this->error(_BADACTION . htmlspecialchars(" ($action)")); 00080 00081 } 00082 00086 function action_showlogin() { 00087 global $error; 00088 $this->action_login($error); 00089 } 00090 00094 function action_login($msg = '', $passvars = 1) { 00095 global $member; 00096 00097 // skip to overview when allowed 00098 if ($member->isLoggedIn() && $member->canLogin()) { 00099 $this->action_overview(); 00100 exit; 00101 } 00102 00103 $this->pagehead(); 00104 00105 echo '<h2>', _LOGIN ,'</h2>'; 00106 if ($msg) echo _MESSAGE , ': ', htmlspecialchars($msg); 00107 ?> 00108 00109 <form action="index.php" method="post"><p> 00110 <?php echo _LOGIN_NAME?>: <br /><input name="login" tabindex="10" /> 00111 <br /> 00112 <?php echo _LOGIN_PASSWORD?>: <br /><input name="password" tabindex="20" type="password" /> 00113 <br /> 00114 <input name="action" value="login" type="hidden" /> 00115 <br /> 00116 <input type="submit" value="<?php echo _LOGIN?>" tabindex="30" /> 00117 <br /> 00118 <small> 00119 <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label> 00120 <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a> 00121 </small> 00122 <?php // pass through vars 00123 00124 $oldaction = postVar('oldaction'); 00125 if ( ($oldaction != 'logout') && ($oldaction != 'login') && $passvars ) { 00126 passRequestVars(); 00127 } 00128 00129 00130 ?> 00131 </p></form> 00132 <?php $this->pagefoot(); 00133 } 00134 00135 00140 function action_overview($msg = '') { 00141 global $member; 00142 00143 $this->pagehead(); 00144 00145 if ($msg) 00146 echo _MESSAGE , ': ', $msg; 00147 00148 /* ---- add items ---- */ 00149 echo '<h2>' . _OVERVIEW_YRBLOGS . '</h2>'; 00150 00151 $showAll = requestVar('showall'); 00152 00153 if (($member->isAdmin()) && ($showAll == 'yes')) { 00154 // Super-Admins have access to all blogs! (no add item support though) 00155 $query = 'SELECT bnumber, bname, 1 as tadmin, burl, bshortname' 00156 . ' FROM ' . sql_table('blog') 00157 . ' ORDER BY bname'; 00158 } else { 00159 $query = 'SELECT bnumber, bname, tadmin, burl, bshortname' 00160 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') 00161 . ' WHERE tblog=bnumber and tmember=' . $member->getID() 00162 . ' ORDER BY bname'; 00163 } 00164 $template['content'] = 'bloglist'; 00165 $template['superadmin'] = $member->isAdmin(); 00166 $amount = showlist($query,'table',$template); 00167 00168 if (($showAll != 'yes') && ($member->isAdmin())) { 00169 $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog')); 00170 if ($total > $amount) 00171 echo '<p><a href="index.php?action=overview&showall=yes">Show all blogs</a></p>'; 00172 } 00173 00174 if ($amount == 0) 00175 echo _OVERVIEW_NOBLOGS; 00176 00177 if ($amount != 0) { 00178 echo '<h2>' . _OVERVIEW_YRDRAFTS . '</h2>'; 00179 $query = 'SELECT ititle, inumber, bshortname' 00180 . ' FROM ' . sql_table('item'). ', ' . sql_table('blog') 00181 . ' WHERE iauthor='.$member->getID().' and iblog=bnumber and idraft=1'; 00182 $template['content'] = 'draftlist'; 00183 $amountdrafts = showlist($query, 'table', $template); 00184 if ($amountdrafts == 0) 00185 echo _OVERVIEW_NODRAFTS; 00186 } 00187 00188 /* ---- user settings ---- */ 00189 echo '<h2>' . _OVERVIEW_YRSETTINGS . '</h2>'; 00190 echo '<ul>'; 00191 echo '<li><a href="index.php?action=editmembersettings">' . _OVERVIEW_EDITSETTINGS. '</a></li>'; 00192 echo '<li><a href="index.php?action=browseownitems">' . _OVERVIEW_BROWSEITEMS.'</a></li>'; 00193 echo '<li><a href="index.php?action=browseowncomments">'._OVERVIEW_BROWSECOMM.'</a></li>'; 00194 echo '</ul>'; 00195 00196 /* ---- general settings ---- */ 00197 if ($member->isAdmin()) { 00198 echo '<h2>' . _OVERVIEW_MANAGEMENT. '</h2>'; 00199 echo '<ul>'; 00200 echo '<li><a href="index.php?action=manage">',_OVERVIEW_MANAGE,'</a></li>'; 00201 echo '</ul>'; 00202 } 00203 00204 00205 $this->pagefoot(); 00206 } 00207 00212 function bloglink(&$blog) { 00213 return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>'; 00214 } 00215 00219 function action_manage($msg = '') { 00220 global $member; 00221 00222 $member->isAdmin() or $this->disallow(); 00223 00224 $this->pagehead(); 00225 00226 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 00227 00228 if ($msg) 00229 echo '<p>' , _MESSAGE , ': ', $msg , '</p>'; 00230 00231 00232 echo '<h2>' . _MANAGE_GENERAL. '</h2>'; 00233 00234 echo '<ul>'; 00235 echo '<li><a href="index.php?action=createnewlog">'._OVERVIEW_NEWLOG.'</a></li>'; 00236 echo '<li><a href="index.php?action=settingsedit">'._OVERVIEW_SETTINGS.'</a></li>'; 00237 echo '<li><a href="index.php?action=usermanagement">'._OVERVIEW_MEMBERS.'</a></li>'; 00238 echo '<li><a href="index.php?action=actionlog">'._OVERVIEW_VIEWLOG.'</a></li>'; 00239 echo '</ul>'; 00240 00241 echo '<h2>' . _MANAGE_SKINS . '</h2>'; 00242 echo '<ul>'; 00243 echo '<li><a href="index.php?action=skinoverview">'._OVERVIEW_SKINS.'</a></li>'; 00244 echo '<li><a href="index.php?action=templateoverview">'._OVERVIEW_TEMPLATES.'</a></li>'; 00245 echo '<li><a href="index.php?action=skinieoverview">'._OVERVIEW_SKINIMPORT.'</a></li>'; 00246 echo '</ul>'; 00247 00248 echo '<h2>' . _MANAGE_EXTRA . '</h2>'; 00249 echo '<ul>'; 00250 echo '<li><a href="index.php?action=backupoverview">'._OVERVIEW_BACKUP.'</a></li>'; 00251 echo '<li><a href="index.php?action=pluginlist">'._OVERVIEW_PLUGINS.'</a></li>'; 00252 echo '</ul>'; 00253 00254 $this->pagefoot(); 00255 } 00256 00260 function action_itemlist($blogid = '') { 00261 global $member, $manager; 00262 00263 if ($blogid == '') 00264 $blogid = intRequestVar('blogid'); 00265 00266 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 00267 00268 $this->pagehead(); 00269 $blog =& $manager->getBlog($blogid); 00270 00271 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 00272 echo '<h2>' . _ITEMLIST_BLOG . ' ' . $this->bloglink($blog) . '</h2>'; 00273 00274 // start index 00275 if (postVar('start')) 00276 $start = intPostVar('start'); 00277 else 00278 $start = 0; 00279 00280 if ($start == 0) 00281 echo '<p><a href="index.php?action=createitem&blogid='.$blogid.'">',_ITEMLIST_ADDNEW,'</a></p>'; 00282 00283 // amount of items to show 00284 if (postVar('amount')) 00285 $amount = intPostVar('amount'); 00286 else 00287 $amount = 10; 00288 00289 $search = postVar('search'); // search through items 00290 00291 $query = 'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime' 00292 . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category') 00293 . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid; 00294 00295 if ($search) 00296 $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; 00297 00298 // non-blog-admins can only edit/delete their own items 00299 if (!$member->blogAdminRights($blogid)) 00300 $query .= ' and iauthor=' . $member->getID(); 00301 00302 00303 $query .= ' ORDER BY itime DESC' 00304 . " LIMIT $start,$amount"; 00305 00306 $template['content'] = 'itemlist'; 00307 $template['now'] = $blog->getCorrectTime(time()); 00308 00309 $manager->loadClass("ENCAPSULATE"); 00310 $navList =& new NAVLIST('itemlist', $start, $amount, 0, 1000, $blogid, $search, 0); 00311 $navList->showBatchList('item',$query,'table',$template); 00312 00313 00314 $this->pagefoot(); 00315 } 00316 00320 function action_batchitem() { 00321 global $member, $manager; 00322 00323 // check if logged in 00324 $member->isLoggedIn() or $this->disallow(); 00325 00326 // more precise check will be done for each performed operation 00327 00328 // get array of itemids from request 00329 $selected = requestIntArray('batch'); 00330 $action = requestVar('batchaction'); 00331 00332 // Show error when no items were selected 00333 if (!is_array($selected) || sizeof($selected) == 0) 00334 $this->error(_BATCH_NOSELECTION); 00335 00336 // On move: when no destination blog/category chosen, show choice now 00337 $destCatid = intRequestVar('destcatid'); 00338 if (($action == 'move') && (!$manager->existsCategory($destCatid))) 00339 $this->batchMoveSelectDestination('item',$selected); 00340 00341 // On delete: check if confirmation has been given 00342 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 00343 $this->batchAskDeleteConfirmation('item',$selected); 00344 00345 $this->pagehead(); 00346 00347 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 00348 echo '<h2>',_BATCH_ITEMS,'</h2>'; 00349 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 00350 echo '<ul>'; 00351 00352 00353 // walk over all itemids and perform action 00354 foreach ($selected as $itemid) { 00355 $itemid = intval($itemid); 00356 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONITEM,' <b>', $itemid, '</b>...'; 00357 00358 // perform action, display errors if needed 00359 switch($action) { 00360 case 'delete': 00361 $error = $this->deleteOneItem($itemid); 00362 break; 00363 case 'move': 00364 $error = $this->moveOneItem($itemid, $destCatid); 00365 break; 00366 default: 00367 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 00368 } 00369 00370 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 00371 echo '</li>'; 00372 } 00373 00374 echo '</ul>'; 00375 echo '<b>',_BATCH_DONE,'</b>'; 00376 00377 $this->pagefoot(); 00378 00379 00380 } 00381 00385 function action_batchcomment() { 00386 global $member; 00387 00388 // check if logged in 00389 $member->isLoggedIn() or $this->disallow(); 00390 00391 // more precise check will be done for each performed operation 00392 00393 // get array of itemids from request 00394 $selected = requestIntArray('batch'); 00395 $action = requestVar('batchaction'); 00396 00397 // Show error when no items were selected 00398 if (!is_array($selected) || sizeof($selected) == 0) 00399 $this->error(_BATCH_NOSELECTION); 00400 00401 // On delete: check if confirmation has been given 00402 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 00403 $this->batchAskDeleteConfirmation('comment',$selected); 00404 00405 $this->pagehead(); 00406 00407 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 00408 echo '<h2>',_BATCH_COMMENTS,'</h2>'; 00409 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 00410 echo '<ul>'; 00411 00412 // walk over all itemids and perform action 00413 foreach ($selected as $commentid) { 00414 $commentid = intval($commentid); 00415 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCOMMENT,' <b>', $commentid, '</b>...'; 00416 00417 // perform action, display errors if needed 00418 switch($action) { 00419 case 'delete': 00420 $error = $this->deleteOneComment($commentid); 00421 break; 00422 default: 00423 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 00424 } 00425 00426 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 00427 echo '</li>'; 00428 } 00429 00430 echo '</ul>'; 00431 echo '<b>',_BATCH_DONE,'</b>'; 00432 00433 $this->pagefoot(); 00434 00435 00436 } 00437 00441 function action_batchmember() { 00442 global $member; 00443 00444 // check if logged in and admin 00445 ($member->isLoggedIn() && $member->isAdmin()) or $this->disallow(); 00446 00447 // get array of itemids from request 00448 $selected = requestIntArray('batch'); 00449 $action = requestVar('batchaction'); 00450 00451 // Show error when no members selected 00452 if (!is_array($selected) || sizeof($selected) == 0) 00453 $this->error(_BATCH_NOSELECTION); 00454 00455 // On delete: check if confirmation has been given 00456 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 00457 $this->batchAskDeleteConfirmation('member',$selected); 00458 00459 $this->pagehead(); 00460 00461 echo '<a href="index.php?action=usermanagement">(',_MEMBERS_BACKTOOVERVIEW,')</a>'; 00462 echo '<h2>',_BATCH_MEMBERS,'</h2>'; 00463 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 00464 echo '<ul>'; 00465 00466 // walk over all itemids and perform action 00467 foreach ($selected as $memberid) { 00468 $memberid = intval($memberid); 00469 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONMEMBER,' <b>', $memberid, '</b>...'; 00470 00471 // perform action, display errors if needed 00472 switch($action) { 00473 case 'delete': 00474 $error = $this->deleteOneMember($memberid); 00475 break; 00476 case 'setadmin': 00477 // always succeeds 00478 sql_query('UPDATE ' . sql_table('member') . ' SET madmin=1 WHERE mnumber='.$memberid); 00479 $error = ''; 00480 break; 00481 case 'unsetadmin': 00482 // there should always remain at least one super-admin 00483 $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1'); 00484 if (mysql_num_rows($r) < 2) 00485 $error = _ERROR_ATLEASTONEADMIN; 00486 else 00487 sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid); 00488 break; 00489 default: 00490 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 00491 } 00492 00493 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 00494 echo '</li>'; 00495 } 00496 00497 echo '</ul>'; 00498 echo '<b>',_BATCH_DONE,'</b>'; 00499 00500 $this->pagefoot(); 00501 00502 00503 } 00504 00508 function action_batchteam() { 00509 global $member; 00510 00511 $blogid = intRequestVar('blogid'); 00512 00513 // check if logged in and admin 00514 ($member->isLoggedIn() && $member->blogAdminRights($blogid)) or $this->disallow(); 00515 00516 // get array of itemids from request 00517 $selected = requestIntArray('batch'); 00518 $action = requestVar('batchaction'); 00519 00520 // Show error when no members selected 00521 if (!is_array($selected) || sizeof($selected) == 0) 00522 $this->error(_BATCH_NOSELECTION); 00523 00524 // On delete: check if confirmation has been given 00525 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 00526 $this->batchAskDeleteConfirmation('team',$selected); 00527 00528 $this->pagehead(); 00529 00530 echo '<p><a href="index.php?action=manageteam&blogid=',$blogid,'">(',_BACK,')</a></p>'; 00531 00532 echo '<h2>',_BATCH_TEAM,'</h2>'; 00533 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 00534 echo '<ul>'; 00535 00536 // walk over all itemids and perform action 00537 foreach ($selected as $memberid) { 00538 $memberid = intval($memberid); 00539 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONTEAM,' <b>', $memberid, '</b>...'; 00540 00541 // perform action, display errors if needed 00542 switch($action) { 00543 case 'delete': 00544 $error = $this->deleteOneTeamMember($blogid, $memberid); 00545 break; 00546 case 'setadmin': 00547 // always succeeds 00548 sql_query('UPDATE '.sql_table('team').' SET tadmin=1 WHERE tblog='.$blogid.' and tmember='.$memberid); 00549 $error = ''; 00550 break; 00551 case 'unsetadmin': 00552 // there should always remain at least one admin 00553 $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid); 00554 if (mysql_num_rows($r) < 2) 00555 $error = _ERROR_ATLEASTONEBLOGADMIN; 00556 else 00557 sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid); 00558 break; 00559 default: 00560 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 00561 } 00562 00563 echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>'; 00564 echo '</li>'; 00565 } 00566 00567 echo '</ul>'; 00568 echo '<b>',_BATCH_DONE,'</b>'; 00569 00570 $this->pagefoot(); 00571 00572 00573 } 00574 00578 function action_batchcategory() { 00579 global $member, $manager; 00580 00581 // check if logged in 00582 $member->isLoggedIn() or $this->disallow(); 00583 00584 // more precise check will be done for each performed operation 00585 00586 // get array of itemids from request 00587 $selected = requestIntArray('batch'); 00588 $action = requestVar('batchaction'); 00589 00590 // Show error when no items were selected 00591 if (!is_array($selected) || sizeof($selected) == 0) 00592 $this->error(_BATCH_NOSELECTION); 00593 00594 // On move: when no destination blog chosen, show choice now 00595 $destBlogId = intRequestVar('destblogid'); 00596 if (($action == 'move') && (!$manager->existsBlogID($destBlogId))) 00597 $this->batchMoveCategorySelectDestination('category',$selected); 00598 00599 // On delete: check if confirmation has been given 00600 if (($action == 'delete') && (requestVar('confirmation') != 'yes')) 00601 $this->batchAskDeleteConfirmation('category',$selected); 00602 00603 $this->pagehead(); 00604 00605 echo '<a href="index.php?action=overview">(',_BACKHOME,')</a>'; 00606 echo '<h2>',BATCH_CATEGORIES,'</h2>'; 00607 echo '<p>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b></p>'; 00608 echo '<ul>'; 00609 00610 // walk over all itemids and perform action 00611 foreach ($selected as $catid) { 00612 $catid = intval($catid); 00613 echo '<li>',_BATCH_EXECUTING,' <b>',htmlspecialchars($action),'</b> ',_BATCH_ONCATEGORY,' <b>', $catid, '</b>...'; 00614 00615 // perform action, display errors if needed 00616 switch($action) { 00617 case 'delete': 00618 $error = $this->deleteOneCategory($catid); 00619 break; 00620 case 'move': 00621 $error = $this->moveOneCategory($catid, $destBlogId); 00622 break; 00623 default: 00624 $error = _BATCH_UNKNOWN . htmlspecialchars($action); 00625 } 00626 00627 echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>'; 00628 echo '</li>'; 00629 } 00630 00631 echo '</ul>'; 00632 echo '<b>',_BATCH_DONE,'</b>'; 00633 00634 $this->pagefoot(); 00635 00636 } 00637 00641 function batchMoveSelectDestination($type, $ids) { 00642 global $manager; 00643 $this->pagehead(); 00644 ?> 00645 <h2><?php echo _MOVE_TITLE?></h2> 00646 <form method="post" action="index.php"><div> 00647 00648 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 00649 <input type="hidden" name="batchaction" value="move" /> 00650 <?php 00651 $manager->addTicketHidden(); 00652 00653 // insert selected item numbers 00654 $idx = 0; 00655 foreach ($ids as $id) 00656 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 00657 00658 // show blog/category selection list 00659 $this->selectBlogCategory('destcatid'); 00660 00661 ?> 00662 00663 00664 <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" /> 00665 00666 </div></form> 00667 <?php $this->pagefoot(); 00668 exit; 00669 } 00670 00674 function batchMoveCategorySelectDestination($type, $ids) { 00675 global $manager; 00676 $this->pagehead(); 00677 ?> 00678 <h2><?php echo _MOVECAT_TITLE?></h2> 00679 <form method="post" action="index.php"><div> 00680 00681 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 00682 <input type="hidden" name="batchaction" value="move" /> 00683 <?php 00684 $manager->addTicketHidden(); 00685 00686 // insert selected item numbers 00687 $idx = 0; 00688 foreach ($ids as $id) 00689 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 00690 00691 // show blog/category selection list 00692 $this->selectBlog('destblogid'); 00693 00694 ?> 00695 00696 00697 <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" /> 00698 00699 </div></form> 00700 <?php $this->pagefoot(); 00701 exit; 00702 } 00703 00707 function batchAskDeleteConfirmation($type, $ids) { 00708 global $manager; 00709 00710 $this->pagehead(); 00711 ?> 00712 <h2><?php echo _BATCH_DELETE_CONFIRM?></h2> 00713 <form method="post" action="index.php"><div> 00714 00715 <input type="hidden" name="action" value="batch<?php echo $type?>" /> 00716 <?php $manager->addTicketHidden() ?> 00717 <input type="hidden" name="batchaction" value="delete" /> 00718 <input type="hidden" name="confirmation" value="yes" /> 00719 <?php // insert selected item numbers 00720 $idx = 0; 00721 foreach ($ids as $id) 00722 echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />'; 00723 00724 // add hidden vars for team & comment 00725 if ($type == 'team') 00726 { 00727 echo '<input type="hidden" name="blogid" value="',intRequestVar('blogid'),'" />'; 00728 } 00729 if ($type == 'comment') 00730 { 00731 echo '<input type="hidden" name="itemid" value="',intRequestVar('itemid'),'" />'; 00732 } 00733 00734 ?> 00735 00736 <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" /> 00737 00738 </div></form> 00739 <?php $this->pagefoot(); 00740 exit; 00741 } 00742 00743 00749 function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 00750 ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); 00751 } 00752 00763 function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { 00764 global $member, $CONF; 00765 00766 // 0. get IDs of blogs to which member can post items (+ forced blog) 00767 $aBlogIds = array(); 00768 if ($iForcedBlogInclude != -1) 00769 $aBlogIds[] = intval($iForcedBlogInclude); 00770 00771 if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) 00772 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; 00773 else 00774 $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); 00775 $rblogids = sql_query($queryBlogs); 00776 while ($o = mysql_fetch_object($rblogids)) 00777 if ($o->bnumber != $iForcedBlogInclude) 00778 $aBlogIds[] = intval($o->bnumber); 00779 00780 if (count($aBlogIds) == 0) 00781 return; 00782 00783 echo '<select name="',$name,'" tabindex="',$tabindex,'">'; 00784 00785 // 1. select blogs (we'll create optiongroups) 00786 // (only select those blogs that have the user on the team) 00787 $queryBlogs = 'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname'; 00788 $blogs = sql_query($queryBlogs); 00789 if ($mode == 'category') { 00790 if (mysql_num_rows($blogs) > 1) 00791 $multipleBlogs = 1; 00792 00793 while ($oBlog = mysql_fetch_object($blogs)) { 00794 if ($multipleBlogs) 00795 echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">'; 00796 00797 // show selection to create new category when allowed/wanted 00798 if ($showNewCat) { 00799 // check if allowed to do so 00800 if ($member->blogAdminRights($oBlog->bnumber)) 00801 echo '<option value="newcat-',$oBlog->bnumber,'">',_ADD_NEWCAT,'</option>'; 00802 } 00803 00804 // 2. for each category in that blog 00805 $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC'); 00806 while ($oCat = mysql_fetch_object($categories)) { 00807 if ($oCat->catid == $selected) 00808 $selectText = ' selected="selected" '; 00809 else 00810 $selectText = ''; 00811 echo '<option value="',$oCat->catid,'" ', $selectText,'>',htmlspecialchars($oCat->cname),'</option>'; 00812 } 00813 00814 if ($multipleBlogs) 00815 echo '</optgroup>'; 00816 } 00817 } else { 00818 // blog mode 00819 while ($oBlog = mysql_fetch_object($blogs)) { 00820 echo '<option value="',$oBlog->bnumber,'"'; 00821 if ($oBlog->bnumber == $selected) 00822 echo ' selected="selected"'; 00823 echo'>',htmlspecialchars($oBlog->bname),'</option>'; 00824 } 00825 } 00826 echo '</select>'; 00827 00828 } 00829 00833 function action_browseownitems() { 00834 global $member, $manager; 00835 00836 $this->pagehead(); 00837 00838 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 00839 echo '<h2>' . _ITEMLIST_YOUR. '</h2>'; 00840 00841 // start index 00842 if (postVar('start')) 00843 $start = intPostVar('start'); 00844 else 00845 $start = 0; 00846 00847 // amount of items to show 00848 if (postVar('amount')) 00849 $amount = intPostVar('amount'); 00850 else 00851 $amount = 10; 00852 00853 $search = postVar('search'); // search through items 00854 00855 $query = 'SELECT bshortname, cname, mname, ititle, ibody, idraft, inumber, itime' 00856 . ' FROM '.sql_table('item').', '.sql_table('blog') . ', '.sql_table('member') . ', '.sql_table('category') 00857 . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid'; 00858 00859 if ($search) 00860 $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))'; 00861 00862 $query .= ' ORDER BY itime DESC' 00863 . " LIMIT $start,$amount"; 00864 00865 $template['content'] = 'itemlist'; 00866 $template['now'] = time(); 00867 00868 $manager->loadClass("ENCAPSULATE"); 00869 $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0); 00870 $navList->showBatchList('item',$query,'table',$template); 00871 00872 $this->pagefoot(); 00873 00874 } 00875 00880 function action_itemcommentlist($itemid = '') { 00881 global $member, $manager; 00882 00883 if ($itemid == '') 00884 $itemid = intRequestVar('itemid'); 00885 00886 // only allow if user is allowed to alter item 00887 $member->canAlterItem($itemid) or $this->disallow(); 00888 00889 $blogid = getBlogIdFromItemId($itemid); 00890 00891 $this->pagehead(); 00892 00893 // start index 00894 if (postVar('start')) 00895 $start = intPostVar('start'); 00896 else 00897 $start = 0; 00898 00899 // amount of items to show 00900 if (postVar('amount')) 00901 $amount = intPostVar('amount'); 00902 else 00903 $amount = 10; 00904 00905 $search = postVar('search'); 00906 00907 echo '<p>(<a href="index.php?action=itemlist&blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>'; 00908 echo '<h2>',_COMMENTS,'</h2>'; 00909 00910 $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid; 00911 00912 if ($search) 00913 $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; 00914 00915 $query .= ' ORDER BY ctime ASC' 00916 . " LIMIT $start,$amount"; 00917 00918 $template['content'] = 'commentlist'; 00919 $template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid)); 00920 00921 $manager->loadClass("ENCAPSULATE"); 00922 $navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid); 00923 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS); 00924 00925 $this->pagefoot(); 00926 } 00927 00931 function action_browseowncomments() { 00932 global $member, $manager; 00933 00934 // start index 00935 if (postVar('start')) 00936 $start = intPostVar('start'); 00937 else 00938 $start = 0; 00939 00940 // amount of items to show 00941 if (postVar('amount')) 00942 $amount = intPostVar('amount'); 00943 else 00944 $amount = 10; 00945 00946 $search = postVar('search'); 00947 00948 00949 $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID(); 00950 00951 if ($search) 00952 $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; 00953 00954 $query .= ' ORDER BY ctime DESC' 00955 . " LIMIT $start,$amount"; 00956 00957 $this->pagehead(); 00958 00959 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 00960 echo '<h2>', _COMMENTS_YOUR ,'</h2>'; 00961 00962 $template['content'] = 'commentlist'; 00963 $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself 00964 00965 $manager->loadClass("ENCAPSULATE"); 00966 $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0); 00967 $navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR); 00968 00969 $this->pagefoot(); 00970 } 00971 00976 function action_blogcommentlist($blogid = '') 00977 { 00978 global $member, $manager; 00979 00980 if ($blogid == '') 00981 $blogid = intRequestVar('blogid'); 00982 else 00983 $blogid = intval($blogid); 00984 00985 $member->teamRights($blogid) or $member->isAdmin() or $this->disallow(); 00986 00987 // start index 00988 if (postVar('start')) 00989 $start = intPostVar('start'); 00990 else 00991 $start = 0; 00992 00993 // amount of items to show 00994 if (postVar('amount')) 00995 $amount = intPostVar('amount'); 00996 else 00997 $amount = 10; 00998 00999 $search = postVar('search'); // search through comments 01000 01001 01002 $query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid); 01003 01004 if ($search != '') 01005 $query .= ' and cbody LIKE "%' . addslashes($search) . '%"'; 01006 01007 01008 $query .= ' ORDER BY ctime DESC' 01009 . " LIMIT $start,$amount"; 01010 01011 01012 $blog =& $manager->getBlog($blogid); 01013 01014 $this->pagehead(); 01015 01016 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 01017 echo '<h2>', _COMMENTS_BLOG , ' ' , $this->bloglink($blog), '</h2>'; 01018 01019 $template['content'] = 'commentlist'; 01020 $template['canAddBan'] = $member->blogAdminRights($blogid); 01021 01022 $manager->loadClass("ENCAPSULATE"); 01023 $navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0); 01024 $navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG); 01025 01026 $this->pagefoot(); 01027 } 01028 01032 function action_createitem() { 01033 global $member, $manager; 01034 01035 $blogid = intRequestVar('blogid'); 01036 01037 // check if allowed 01038 $member->teamRights($blogid) or $this->disallow(); 01039 01040 $memberid = $member->getID(); 01041 01042 $blog =& $manager->getBlog($blogid); 01043 01044 $this->pagehead(); 01045 01046 // generate the add-item form 01047 $formfactory =& new PAGEFACTORY($blogid); 01048 $formfactory->createAddForm('admin'); 01049 01050 $this->pagefoot(); 01051 } 01052 01056 function action_itemedit() { 01057 global $member, $manager; 01058 01059 $itemid = intRequestVar('itemid'); 01060 01061 // only allow if user is allowed to alter item 01062 $member->canAlterItem($itemid) or $this->disallow(); 01063 01064 $item =& $manager->getItem($itemid,1,1); 01065 $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); 01066 01067 $manager->notify('PrepareItemForEdit', array('item' => &$item)); 01068 01069 if ($blog->convertBreaks()) { 01070 $item['body'] = removeBreaks($item['body']); 01071 $item['more'] = removeBreaks($item['more']); 01072 } 01073 01074 // form to edit blog items 01075 $this->pagehead(); 01076 $formfactory =& new PAGEFACTORY($blog->getID()); 01077 $formfactory->createEditForm('admin',$item); 01078 $this->pagefoot(); 01079 } 01080 01084 function action_itemupdate() { 01085 global $member, $manager, $CONF; 01086 01087 $itemid = intRequestVar('itemid'); 01088 $catid = postVar('catid'); 01089 01090 // only allow if user is allowed to alter item 01091 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 01092 01093 $actiontype = postVar('actiontype'); 01094 01095 // delete actions are handled by itemdelete (which has confirmation) 01096 if ($actiontype == 'delete') { 01097 $this->action_itemdelete(); 01098 return; 01099 } 01100 01101 $body = postVar('body'); 01102 $title = postVar('title'); 01103 $more = postVar('more'); 01104 $closed = intPostVar('closed'); 01105 $draftid = intPostVar('draftid'); 01106 01107 // default action = add now 01108 if (!$actiontype) 01109 $actiontype='addnow'; 01110 01111 // create new category if needed 01112 if (strstr($catid,'newcat')) { 01113 // get blogid 01114 list($blogid) = sscanf($catid,"newcat-%d"); 01115 01116 // create 01117 $blog =& $manager->getBlog($blogid); 01118 $catid = $blog->createNewCategory(); 01119 01120 // show error when sth goes wrong 01121 if (!$catid) 01122 $this->doError(_ERROR_CATCREATEFAIL); 01123 } 01124 01125 /* 01126 set some variables based on actiontype 01127 01128 actiontypes: 01129 draft items -> addnow, addfuture, adddraft, delete 01130 non-draft items -> edit, changedate, delete 01131 01132 variables set: 01133 $timestamp: set to a nonzero value for future dates or date changes 01134 $wasdraft: set to 1 when the item used to be a draft item 01135 $publish: set to 1 when the edited item is not a draft 01136 */ 01137 switch ($actiontype) { 01138 case 'adddraft': 01139 $publish = 0; 01140 $wasdraft = 1; 01141 $timestamp = 0; 01142 break; 01143 case 'addfuture': 01144 $wasdraft = 1; 01145 $publish = 1; 01146 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year')); 01147 break; 01148 case 'addnow': 01149 $wasdraft = 1; 01150 $publish = 1; 01151 $timestamp = 0; 01152 break; 01153 case 'changedate': 01154 $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year')); 01155 $publish = 1; 01156 $wasdraft = 0; 01157 break; 01158 case 'edit': 01159 default: 01160 $publish = 1; 01161 $wasdraft = 0; 01162 $timestamp = 0; 01163 } 01164 01165 // edit the item for real 01166 ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); 01167 01168 $blogid = getBlogIDFromItemID($itemid); 01169 $blog =& $manager->getBlog($blogid); 01170 01171 $isFuture = 0; 01172 if ($timestamp > $blog->getCorrectTime(time())) { 01173 $isFuture = 1; 01174 } 01175 01176 $this->updateFuturePosted($blogid); 01177 01178 if ($draftid > 0 && $member->canAlterItem($draftid)) { 01179 ITEM::delete($draftid); 01180 } 01181 01182 if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) { 01183 $this->action_sendping($blogid); 01184 return; 01185 } 01186 01187 // show category edit window when we created a new category 01188 // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x') 01189 if ($catid != intPostVar('catid')) { 01190 $this->action_categoryedit( 01191 $catid, 01192 $blog->getID(), 01193 $CONF['AdminURL'] . 'index.php?action=itemlist&blogid=' . getBlogIDFromItemID($itemid) 01194 ); 01195 } else { 01196 // TODO: set start item correctly for itemlist 01197 $this->action_itemlist(getBlogIDFromItemID($itemid)); 01198 } 01199 } 01200 01204 function action_itemdelete() { 01205 global $member, $manager; 01206 01207 $itemid = intRequestVar('itemid'); 01208 01209 // only allow if user is allowed to alter item 01210 $member->canAlterItem($itemid) or $this->disallow(); 01211 01212 if (!$manager->existsItem($itemid,1,1)) 01213 $this->error(_ERROR_NOSUCHITEM); 01214 01215 $item =& $manager->getItem($itemid,1,1); 01216 $title = htmlspecialchars(strip_tags($item['title'])); 01217 $body = strip_tags($item['body']); 01218 $body = htmlspecialchars(shorten($body,300,'...')); 01219 01220 $this->pagehead(); 01221 ?> 01222 <h2><?php echo _DELETE_CONFIRM?></h2> 01223 01224 <p><?php echo _CONFIRMTXT_ITEM?></p> 01225 01226 <div class="note"> 01227 <b>"<?php echo $title ?>"</b> 01228 <br /> 01229 <?php echo $body?> 01230 </div> 01231 01232 <form method="post" action="index.php"><div> 01233 <input type="hidden" name="action" value="itemdeleteconfirm" /> 01234 <?php $manager->addTicketHidden() ?> 01235 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 01236 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" tabindex="10" /> 01237 </div></form> 01238 <?php 01239 $this->pagefoot(); 01240 } 01241 01245 function action_itemdeleteconfirm() { 01246 global $member; 01247 01248 $itemid = intRequestVar('itemid'); 01249 01250 // only allow if user is allowed to alter item 01251 $member->canAlterItem($itemid) or $this->disallow(); 01252 01253 // get blogid first 01254 $blogid = getBlogIdFromItemId($itemid); 01255 01256 // delete item (note: some checks will be performed twice) 01257 $this->deleteOneItem($itemid); 01258 01259 $this->action_itemlist($blogid); 01260 } 01261 01266 function deleteOneItem($itemid) { 01267 global $member, $manager; 01268 01269 // only allow if user is allowed to alter item (also checks if itemid exists) 01270 if (!$member->canAlterItem($itemid)) 01271 return _ERROR_DISALLOWED; 01272 01273 // need to get blogid before the item is deleted 01274 $blogid = getBlogIDFromItemId($itemid); 01275 01276 $manager->loadClass('ITEM'); 01277 ITEM::delete($itemid); 01278 01279 // update blog's futureposted 01280 $this->updateFuturePosted($blogid); 01281 } 01282 01287 function updateFuturePosted($blogid) { 01288 global $manager; 01289 01290 $blog =& $manager->getBlog($blogid); 01291 $currenttime = $blog->getCorrectTime(time()); 01292 $result = sql_query("SELECT * FROM ".sql_table('item'). 01293 " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime)); 01294 if (mysql_num_rows($result) > 0) { 01295 $blog->setFuturePost(); 01296 } 01297 else { 01298 $blog->clearFuturePost(); 01299 } 01300 } 01301 01305 function action_itemmove() { 01306 global $member, $manager; 01307 01308 $itemid = intRequestVar('itemid'); 01309 01310 // only allow if user is allowed to alter item 01311 $member->canAlterItem($itemid) or $this->disallow(); 01312 01313 $item =& $manager->getItem($itemid,1,1); 01314 01315 $this->pagehead(); 01316 ?> 01317 <h2><?php echo _MOVE_TITLE?></h2> 01318 <form method="post" action="index.php"><div> 01319 <input type="hidden" name="action" value="itemmoveto" /> 01320 <input type="hidden" name="itemid" value="<?php echo $itemid; ?>" /> 01321 01322 <?php 01323 01324 $manager->addTicketHidden(); 01325 $this->selectBlogCategory('catid',$item['catid'],10,1); 01326 ?> 01327 01328 <input type="submit" value="<?php echo _MOVE_BTN?>" tabindex="10000" onclick="return checkSubmit();" /> 01329 </div></form> 01330 <?php 01331 $this->pagefoot(); 01332 } 01333 01337 function action_itemmoveto() { 01338 global $member, $manager; 01339 01340 $itemid = intRequestVar('itemid'); 01341 $catid = requestVar('catid'); 01342 01343 // create new category if needed 01344 if (strstr($catid,'newcat')) { 01345 // get blogid 01346 list($blogid) = sscanf($catid,'newcat-%d'); 01347 01348 // create 01349 $blog =& $manager->getBlog($blogid); 01350 $catid = $blog->createNewCategory(); 01351 01352 // show error when sth goes wrong 01353 if (!$catid) 01354 $this->doError(_ERROR_CATCREATEFAIL); 01355 } 01356 01357 // only allow if user is allowed to alter item 01358 $member->canUpdateItem($itemid, $catid) or $this->disallow(); 01359 01360 $old_blogid = getBlogIDFromItemId($itemid); 01361 01362 ITEM::move($itemid, $catid); 01363 01364 // set the futurePosted flag on the blog 01365 $this->updateFuturePosted(getBlogIDFromItemId($itemid)); 01366 01367 // reset the futurePosted in case the item is moved from one blog to another 01368 $this->updateFuturePosted($old_blogid); 01369 01370 if ($catid != intRequestVar('catid')) 01371 $this->action_categoryedit($catid, $blog->getID()); 01372 else 01373 $this->action_itemlist(getBlogIDFromCatID($catid)); 01374 } 01375 01382 function moveOneItem($itemid, $destCatid) { 01383 global $member; 01384 01385 // only allow if user is allowed to move item 01386 if (!$member->canUpdateItem($itemid, $destCatid)) 01387 return _ERROR_DISALLOWED; 01388 01389 ITEM::move($itemid, $destCatid); 01390 } 01391 01395 function action_additem() { 01396 global $member, $manager, $CONF; 01397 01398 $manager->loadClass('ITEM'); 01399 01400 $result = ITEM::createFromRequest(); 01401 01402 if ($result['status'] == 'error') 01403 $this->error($result['message']); 01404 01405 $blogid = getBlogIDFromItemID($result['itemid']); 01406 $blog =& $manager->getBlog($blogid); 01407 01408 $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid)); 01409 01410 if ($result['status'] == 'newcategory') 01411 $this->action_categoryedit( 01412 $result['catid'], 01413 $blogid, 01414 $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : '' 01415 ); 01416 elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0) 01417 $this->action_sendping($blogid); 01418 else 01419 $this->action_itemlist($blogid); 01420 } 01421 01429 function action_sendping($blogid = -1) { 01430 global $member, $manager; 01431 01432 if ($blogid == -1) 01433 $blogid = intRequestVar('blogid'); 01434 01435 $member->isLoggedIn() or $this->disallow(); 01436 01437 $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid)); 01438 01439 $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />'); 01440 ?> 01441 <h2>Site Updated, Now pinging various weblog listing services...</h2> 01442 01443 <p> 01444 This can take a while... 01445 </p> 01446 01447 <p> 01448 If you aren't automatically passed through, <a href="index.php?action=rawping&blogid=<?php echo $blogid?>">try again</a> 01449 </p> 01450 <?php $this->pagefoot(); 01451 } 01452 01456 function action_rawping() { 01457 global $manager; 01458 // TODO: checks? 01459 01460 $blogid = intRequestVar('blogid'); 01461 $blog =& $manager->getBlog($blogid); 01462 01463 $this->pagehead(); 01464 01465 ?> 01466 01467 <h2>Pinging services, please wait...</h2> 01468 <div class='note'> 01469 <?php 01470 01471 // send sendPing event 01472 $manager->notify('SendPing', array('blogid' => $blogid)); 01473 01474 ?> 01475 </div> 01476 01477 <ul> 01478 <li><a href="index.php?action=itemlist&blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li> 01479 <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li> 01480 </ul> 01481 01482 <?php $this->pagefoot(); 01483 } 01484 01488 function action_commentedit() { 01489 global $member, $manager; 01490 01491 $commentid = intRequestVar('commentid'); 01492 01493 $member->canAlterComment($commentid) or $this->disallow(); 01494 01495 $comment = COMMENT::getComment($commentid); 01496 01497 $manager->notify('PrepareCommentForEdit',array('comment' => &$comment)); 01498 01499 // change <br /> to \n 01500 $comment['body'] = str_replace('<br />','',$comment['body']); 01501 01502 $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']); 01503 01504 $this->pagehead(); 01505 01506 ?> 01507 <h2><?php echo _EDITC_TITLE?></h2> 01508 01509 <form action="index.php" method="post"><div> 01510 01511 <input type="hidden" name="action" value="commentupdate" /> 01512 <?php $manager->addTicketHidden(); ?> 01513 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 01514 <table><tr> 01515 <th colspan="2"><?php echo _EDITC_TITLE?></th> 01516 </tr><tr> 01517 <td><?php echo _EDITC_WHO?></td> 01518 <td> 01519 <?php if ($comment['member']) 01520 echo $comment['member'] . " (" . _EDITC_MEMBER . ")"; 01521 else 01522 echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")"; 01523 ?> 01524 </td> 01525 </tr><tr> 01526 <td><?php echo _EDITC_WHEN?></td> 01527 <td><?php echo date("Y-m-d @ H:i",$comment['timestamp']); ?></td> 01528 </tr><tr> 01529 <td><?php echo _EDITC_HOST?></td> 01530 <td><?php echo $comment['host']; ?></td> 01531 </tr><tr> 01532 <td><?php echo _EDITC_TEXT?></td> 01533 <td> 01534 <textarea name="body" tabindex="10" rows="10" cols="50"><?php // htmlspecialchars not needed (things should be escaped already) 01535 echo $comment['body']; 01536 ?></textarea> 01537 </td> 01538 </tr><tr> 01539 <td><?php echo _EDITC_EDIT?></td> 01540 <td><input type="submit" tabindex="20" value="<?php echo _EDITC_EDIT?>" onclick="return checkSubmit();" /></td> 01541 </tr></table> 01542 01543 </div></form> 01544 <?php 01545 $this->pagefoot(); 01546 } 01547 01551 function action_commentupdate() { 01552 global $member, $manager; 01553 01554 $commentid = intRequestVar('commentid'); 01555 01556 $member->canAlterComment($commentid) or $this->disallow(); 01557 01558 $body = postVar('body'); 01559 01560 // intercept words that are too long 01561 if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false) 01562 $this->error(_ERROR_COMMENT_LONGWORD); 01563 01564 // check length 01565 if (strlen($body)<3) 01566 $this->error(_ERROR_COMMENT_NOCOMMENT); 01567 if (strlen($body)>5000) 01568 $this->error(_ERROR_COMMENT_TOOLONG); 01569 01570 01571 // prepare body 01572 $body = COMMENT::prepareBody($body); 01573 01574 // call plugins 01575 $manager->notify('PreUpdateComment',array('body' => &$body)); 01576 01577 $query = 'UPDATE '.sql_table('comment') 01578 . " SET cbody='" .addslashes($body). "'" 01579 . " WHERE cnumber=" . $commentid; 01580 sql_query($query); 01581 01582 // get itemid 01583 $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid); 01584 $o = mysql_fetch_object($res); 01585 $itemid = $o->citem; 01586 01587 if ($member->canAlterItem($itemid)) 01588 $this->action_itemcommentlist($itemid); 01589 else 01590 $this->action_browseowncomments(); 01591 01592 } 01593 01597 function action_commentdelete() { 01598 global $member, $manager; 01599 01600 $commentid = intRequestVar('commentid'); 01601 01602 $member->canAlterComment($commentid) or $this->disallow(); 01603 01604 $comment = COMMENT::getComment($commentid); 01605 01606 $body = strip_tags($comment['body']); 01607 $body = htmlspecialchars(shorten($body, 300, '...')); 01608 01609 if ($comment['member']) 01610 $author = $comment['member']; 01611 else 01612 $author = $comment['user']; 01613 01614 $this->pagehead(); 01615 ?> 01616 01617 <h2><?php echo _DELETE_CONFIRM?></h2> 01618 01619 <p><?php echo _CONFIRMTXT_COMMENT?></p> 01620 01621 <div class="note"> 01622 <b><?php echo _EDITC_WHO?>:</b> <?php echo $author ?> 01623 <br /> 01624 <b><?php echo _EDITC_TEXT?>:</b> <?php echo $body ?> 01625 </div> 01626 01627 <form method="post" action="index.php"><div> 01628 <input type="hidden" name="action" value="commentdeleteconfirm" /> 01629 <?php $manager->addTicketHidden() ?> 01630 <input type="hidden" name="commentid" value="<?php echo $commentid; ?>" /> 01631 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 01632 </div></form> 01633 <?php 01634 $this->pagefoot(); 01635 } 01636 01640 function action_commentdeleteconfirm() { 01641 global $member; 01642 01643 $commentid = intRequestVar('commentid'); 01644 01645 // get item id first 01646 $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid); 01647 $o = mysql_fetch_object($res); 01648 $itemid = $o->citem; 01649 01650 $error = $this->deleteOneComment($commentid); 01651 if ($error) 01652 $this->doError($error); 01653 01654 if ($member->canAlterItem($itemid)) 01655 $this->action_itemcommentlist($itemid); 01656 else 01657 $this->action_browseowncomments(); 01658 } 01659 01663 function deleteOneComment($commentid) { 01664 global $member, $manager; 01665 01666 $commentid = intval($commentid); 01667 01668 if (!$member->canAlterComment($commentid)) 01669 return _ERROR_DISALLOWED; 01670 01671 $manager->notify('PreDeleteComment', array('commentid' => $commentid)); 01672 01673 // delete the comments associated with the item 01674 $query = 'DELETE FROM '.sql_table('comment').' WHERE cnumber=' . $commentid; 01675 sql_query($query); 01676 01677 $manager->notify('PostDeleteComment', array('commentid' => $commentid)); 01678 01679 return ''; 01680 } 01681 01685 function action_usermanagement() { 01686 global $member, $manager; 01687 01688 // check if allowed 01689 $member->isAdmin() or $this->disallow(); 01690 01691 $this->pagehead(); 01692 01693 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 01694 01695 echo '<h2>' . _MEMBERS_TITLE .'</h2>'; 01696 01697 echo '<h3>' . _MEMBERS_CURRENT .'</h3>'; 01698 01699 // show list of members with actions 01700 $query = 'SELECT *' 01701 . ' FROM '.sql_table('member'); 01702 $template['content'] = 'memberlist'; 01703 $template['tabindex'] = 10; 01704 01705 $manager->loadClass("ENCAPSULATE"); 01706 $batch =& new BATCH('member'); 01707 $batch->showlist($query,'table',$template); 01708 01709 echo '<h3>' . _MEMBERS_NEW .'</h3>'; 01710 ?> 01711 <form method="post" action="index.php" name="memberedit"><div> 01712 01713 <input type="hidden" name="action" value="memberadd" /> 01714 <?php $manager->addTicketHidden() ?> 01715 01716 <table> 01717 <tr> 01718 <th colspan="2"><?php echo _MEMBERS_NEW?></th> 01719 </tr><tr> 01720 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 01721 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 01722 </td> 01723 <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td> 01724 </tr><tr> 01725 <td><?php echo _MEMBERS_REALNAME?></td> 01726 <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td> 01727 </tr><tr> 01728 <td><?php echo _MEMBERS_PWD?></td> 01729 <td><input name="password" tabindex="10030" size="16" maxlength="40" type="password" /></td> 01730 </tr><tr> 01731 <td><?php echo _MEMBERS_REPPWD?></td> 01732 <td><input name="repeatpassword" tabindex="10035" size="16" maxlength="40" type="password" /></td> 01733 </tr><tr> 01734 <td><?php echo _MEMBERS_EMAIL?></td> 01735 <td><input name="email" tabindex="10040" size="40" maxlength="60" /></td> 01736 </tr><tr> 01737 <td><?php echo _MEMBERS_URL?></td> 01738 <td><input name="url" tabindex="10050" size="40" maxlength="100" /></td> 01739 </tr><tr> 01740 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 01741 <td><?php $this->input_yesno('admin',0,10060); ?> </td> 01742 </tr><tr> 01743 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 01744 <td><?php $this->input_yesno('canlogin',1,10070); ?></td> 01745 </tr><tr> 01746 <td><?php echo _MEMBERS_NOTES?></td> 01747 <td><input name="notes" maxlength="100" size="40" tabindex="10080" /></td> 01748 </tr><tr> 01749 <td><?php echo _MEMBERS_NEW?></td> 01750 <td><input type="submit" value="<?php echo _MEMBERS_NEW_BTN?>" tabindex="10090" onclick="return checkSubmit();" /></td> 01751 </tr></table> 01752 01753 </div></form> 01754 <?php 01755 $this->pagefoot(); 01756 } 01757 01761 function action_memberedit() { 01762 $this->action_editmembersettings(intRequestVar('memberid')); 01763 } 01764 01768 function action_editmembersettings($memberid = '') { 01769 global $member, $manager, $CONF; 01770 01771 if ($memberid == '') 01772 $memberid = $member->getID(); 01773 01774 // check if allowed 01775 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 01776 01777 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 01778 $this->pagehead($extrahead); 01779 01780 // show message to go back to member overview (only for admins) 01781 if ($member->isAdmin()) 01782 echo '<a href="index.php?action=usermanagement">(' ._MEMBERS_BACKTOOVERVIEW. ')</a>'; 01783 else 01784 echo '<a href="index.php?action=overview">(' ._BACKHOME. ')</a>'; 01785 01786 echo '<h2>' . _MEMBERS_EDIT . '</h2>'; 01787 01788 $mem = MEMBER::createFromID($memberid); 01789 01790 ?> 01791 <form method="post" action="index.php" name="memberedit"><div> 01792 01793 <input type="hidden" name="action" value="changemembersettings" /> 01794 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 01795 <?php $manager->addTicketHidden() ?> 01796 01797 <table><tr> 01798 <th colspan="2"><?php echo _MEMBERS_EDIT?></th> 01799 </tr><tr> 01800 <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?> 01801 <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small> 01802 </td> 01803 <td> 01804 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 01805 <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo htmlspecialchars($mem->getDisplayName()); ?>" /> 01806 <?php } else { 01807 echo htmlspecialchars($member->getDisplayName()); 01808 } 01809 ?> 01810 </td> 01811 </tr><tr> 01812 <td><?php echo _MEMBERS_REALNAME?></td> 01813 <td><input name="realname" tabindex="20" maxlength="60" size="40" value="<?php echo htmlspecialchars($mem->getRealName()); ?>" /></td> 01814 </tr><tr> 01815 <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?> 01816 <td><?php echo _MEMBERS_PWD?></td> 01817 <td><input type="password" tabindex="30" maxlength="40" size="16" name="password" /></td> 01818 </tr><tr> 01819 <td><?php echo _MEMBERS_REPPWD?></td> 01820 <td><input type="password" tabindex="35" maxlength="40" size="16" name="repeatpassword" /></td> 01821 <?php } ?> 01822 </tr><tr> 01823 <td><?php echo _MEMBERS_EMAIL?> 01824 <br /><small><?php echo _MEMBERS_EMAIL_EDIT?></small> 01825 </td> 01826 <td><input name="email" tabindex="40" size="40" maxlength="60" value="<?php echo htmlspecialchars($mem->getEmail()); ?>" /></td> 01827 </tr><tr> 01828 <td><?php echo _MEMBERS_URL?></td> 01829 <td><input name="url" tabindex="50" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getURL()); ?>" /></td> 01830 <?php // only allow to change this by super-admins 01831 // we don't want normal users to 'upgrade' themselves to super-admins, do we? ;-) 01832 if ($member->isAdmin()) { 01833 ?> 01834 </tr><tr> 01835 <td><?php echo _MEMBERS_SUPERADMIN?> <?php help('superadmin'); ?></td> 01836 <td><?php $this->input_yesno('admin',$mem->isAdmin(),60); ?></td> 01837 </tr><tr> 01838 <td><?php echo _MEMBERS_CANLOGIN?> <?php help('canlogin'); ?></td> 01839 <td><?php $this->input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?></td> 01840 <?php } ?> 01841 </tr><tr> 01842 <td><?php echo _MEMBERS_NOTES?></td> 01843 <td><input name="notes" tabindex="80" size="40" maxlength="100" value="<?php echo htmlspecialchars($mem->getNotes()); ?>" /></td> 01844 </tr><tr> 01845 <td><?php echo _MEMBERS_DEFLANG?> <?php help('language'); ?> 01846 </td> 01847 <td> 01848 01849 <select name="deflang" tabindex="85"> 01850 <option value=""><?php echo _MEMBERS_USESITELANG?></option> 01851 <?php // show a dropdown list of all available languages 01852 global $DIR_LANG; 01853 $dirhandle = opendir($DIR_LANG); 01854 while ($filename = readdir($dirhandle)) { 01855 if (ereg("^(.*)\.php$",$filename,$matches)) { 01856 $name = $matches[1]; 01857 echo "<option value='$name'"; 01858 if ($name == $mem->getLanguage()) 01859 echo " selected='selected'"; 01860 echo ">$name</option>"; 01861 } 01862 } 01863 closedir($dirhandle); 01864 01865 ?> 01866 </select> 01867 01868 </td> 01869 </tr> 01870 <?php 01871 // plugin options 01872 $this->_insertPluginOptions('member',$memberid); 01873 ?> 01874 <tr> 01875 <th colspan="2"><?php echo _MEMBERS_EDIT ?></th> 01876 </tr><tr> 01877 <td><?php echo _MEMBERS_EDIT?></td> 01878 <td><input type="submit" tabindex="90" value="<?php echo _MEMBERS_EDIT_BTN?>" onclick="return checkSubmit();" /></td> 01879 </tr></table> 01880 01881 </div></form> 01882 01883 <?php 01884 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 01885 01886 $manager->notify( 01887 'MemberSettingsFormExtras', 01888 array( 01889 'member' => &$mem 01890 ) 01891 ); 01892 01893 $this->pagefoot(); 01894 } 01895 01899 function action_changemembersettings() { 01900 global $member, $CONF, $manager; 01901 01902 $memberid = intRequestVar('memberid'); 01903 01904 // check if allowed 01905 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 01906 01907 $name = trim(strip_tags(postVar('name'))); 01908 $realname = trim(strip_tags(postVar('realname'))); 01909 $password = postVar('password'); 01910 $repeatpassword = postVar('repeatpassword'); 01911 $email = strip_tags(postVar('email')); 01912 $url = strip_tags(postVar('url')); 01913 01914 // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it. 01915 if (!eregi("^https?://", $url)) 01916 $url = "http://".$url; 01917 01918 $admin = postVar('admin'); 01919 $canlogin = postVar('canlogin'); 01920 $notes = strip_tags(postVar('notes')); 01921 $deflang = postVar('deflang'); 01922 01923 $mem = MEMBER::createFromID($memberid); 01924 01925 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 01926 01927 if (!isValidDisplayName($name)) 01928 $this->error(_ERROR_BADNAME); 01929 01930 if (($name != $mem->getDisplayName()) && MEMBER::exists($name)) 01931 $this->error(_ERROR_NICKNAMEINUSE); 01932 01933 if ($password != $repeatpassword) 01934 $this->error(_ERROR_PASSWORDMISMATCH); 01935 01936 if ($password && (strlen($password) < 6)) 01937 $this->error(_ERROR_PASSWORDTOOSHORT); 01938 } 01939 01940 if (!isValidMailAddress($email)) 01941 $this->error(_ERROR_BADMAILADDRESS); 01942 01943 01944 if (!$realname) 01945 $this->error(_ERROR_REALNAMEMISSING); 01946 01947 if (($deflang != '') && (!checkLanguage($deflang))) 01948 $this->error(_ERROR_NOSUCHLANGUAGE); 01949 01950 // check if there will remain at least one site member with both the logon and admin rights 01951 // (check occurs when taking away one of these rights from such a member) 01952 if ( (!$admin && $mem->isAdmin() && $mem->canLogin()) 01953 || (!$canlogin && $mem->isAdmin() && $mem->canLogin()) 01954 ) 01955 { 01956 $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1'); 01957 if (mysql_num_rows($r) < 2) 01958 $this->error(_ERROR_ATLEASTONEADMIN); 01959 } 01960 01961 if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { 01962 $mem->setDisplayName($name); 01963 if ($password) 01964 $mem->setPassword($password); 01965 } 01966 01967 $oldEmail = $mem->getEmail(); 01968 01969 $mem->setRealName($realname); 01970 $mem->setEmail($email); 01971 $mem->setURL($url); 01972 $mem->setNotes($notes); 01973 $mem->setLanguage($deflang); 01974 01975 01976 // only allow super-admins to make changes to the admin status 01977 if ($member->isAdmin()) { 01978 $mem->setAdmin($admin); 01979 $mem->setCanLogin($canlogin); 01980 } 01981 01982 01983 $mem->write(); 01984 01985 // store plugin options 01986 $aOptions = requestArray('plugoption'); 01987 NucleusPlugin::_applyPluginOptions($aOptions); 01988 $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); 01989 01990 // if email changed, generate new password 01991 if ($oldEmail != $mem->getEmail()) 01992 { 01993 $mem->sendActivationLink('addresschange', $oldEmail); 01994 // logout member 01995 $mem->newCookieKey(); 01996 01997 // only log out if the member being edited is the current member. 01998 if ($member->getID() == $memberid) 01999 $member->logout(); 02000 $this->action_login(_MSG_ACTIVATION_SENT, 0); 02001 return; 02002 } 02003 02004 02005 if ( ( $mem->getID() == $member->getID() ) 02006 && ( $mem->getDisplayName() != $member->getDisplayName() ) 02007 ) { 02008 $mem->newCookieKey(); 02009 $member->logout(); 02010 $this->action_login(_MSG_LOGINAGAIN, 0); 02011 } else { 02012 $this->action_overview(_MSG_SETTINGSCHANGED); 02013 } 02014 } 02015 02019 function action_memberadd() { 02020 global $member, $manager; 02021 02022 // check if allowed 02023 $member->isAdmin() or $this->disallow(); 02024 02025 if (postVar('password') != postVar('repeatpassword')) 02026 $this->error(_ERROR_PASSWORDMISMATCH); 02027 if (strlen(postVar('password')) < 6) 02028 $this->error(_ERROR_PASSWORDTOOSHORT); 02029 02030 $res = MEMBER::create(postVar('name'), postVar('realname'), postVar('password'), postVar('email'), postVar('url'), postVar('admin'), postVar('canlogin'), postVar('notes')); 02031 if ($res != 1) 02032 $this->error($res); 02033 02034 // fire PostRegister event 02035 $newmem = new MEMBER(); 02036 $newmem->readFromName(postVar('name')); 02037 $manager->notify('PostRegister',array('member' => &$newmem)); 02038 02039 $this->action_usermanagement(); 02040 } 02041 02047 function action_activate() { 02048 02049 $key = getVar('key'); 02050 $this->_showActivationPage($key); 02051 } 02052 02056 function _showActivationPage($key, $message = '') 02057 { 02058 global $manager; 02059 02060 // clean up old activation keys 02061 MEMBER::cleanupActivationTable(); 02062 02063 // get activation info 02064 $info = MEMBER::getActivationInfo($key); 02065 02066 if (!$info) 02067 $this->error(_ERROR_ACTIVATE); 02068 02069 $mem = MEMBER::createFromId($info->vmember); 02070 02071 if (!$mem) 02072 $this->error(_ERROR_ACTIVATE); 02073 02074 $text = ''; 02075 $title = ''; 02076 $bNeedsPasswordChange = true; 02077 02078 switch ($info->vtype) 02079 { 02080 case 'forgot': 02081 $title = _ACTIVATE_FORGOT_TITLE; 02082 $text = _ACTIVATE_FORGOT_TEXT; 02083 break; 02084 case 'register': 02085 $title = _ACTIVATE_REGISTER_TITLE; 02086 $text = _ACTIVATE_REGISTER_TEXT; 02087 break; 02088 case 'addresschange': 02089 $title = _ACTIVATE_CHANGE_TITLE; 02090 $text = _ACTIVATE_CHANGE_TEXT; 02091 $bNeedsPasswordChange = false; 02092 MEMBER::activate($key); 02093 break; 02094 } 02095 02096 $aVars = array( 02097 'memberName' => htmlspecialchars($mem->getDisplayName()) 02098 ); 02099 $title = TEMPLATE::fill($title, $aVars); 02100 $text = TEMPLATE::fill($text, $aVars); 02101 02102 $this->pagehead(); 02103 02104 echo '<h2>' , $title, '</h2>'; 02105 echo '<p>' , $text, '</p>'; 02106 02107 if ($message != '') 02108 { 02109 echo '<p class="error">',$message,'</p>'; 02110 } 02111 02112 if ($bNeedsPasswordChange) 02113 { 02114 ?> 02115 <div><form action="index.php" method="post"> 02116 02117 <input type="hidden" name="action" value="activatesetpwd" /> 02118 <?php $manager->addTicketHidden() ?> 02119 <input type="hidden" name="key" value="<?php echo htmlspecialchars($key) ?>" /> 02120 02121 <table><tr> 02122 <td><?php echo _MEMBERS_PWD?></td> 02123 <td><input type="password" maxlength="40" size="16" name="password" /></td> 02124 </tr><tr> 02125 <td><?php echo _MEMBERS_REPPWD?></td> 02126 <td><input type="password" maxlength="40" size="16" name="repeatpassword" /></td> 02127 <?php 02128 02129 global $manager; 02130 $manager->notify('FormExtra', array('type' => 'activation', 'member' => $mem)); 02131 02132 ?> 02133 </tr><tr> 02134 <td><?php echo _MEMBERS_SETPWD ?></td> 02135 <td><input type='submit' value='<?php echo _MEMBERS_SETPWD_BTN ?>' /></td> 02136 </tr></table> 02137 02138 02139 </form></div> 02140 02141 <?php 02142 02143 } 02144 02145 $this->pagefoot(); 02146 02147 } 02148 02154 function action_activatesetpwd() { 02155 02156 $key = postVar('key'); 02157 02158 // clean up old activation keys 02159 MEMBER::cleanupActivationTable(); 02160 02161 // get activation info 02162 $info = MEMBER::getActivationInfo($key); 02163 02164 if (!$info || ($info->type == 'addresschange')) 02165 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 02166 02167 $mem = MEMBER::createFromId($info->vmember); 02168 02169 if (!$mem) 02170 return $this->_showActivationPage($key, _ERROR_ACTIVATE); 02171 02172 $password = postVar('password'); 02173 $repeatpassword = postVar('repeatpassword'); 02174 02175 if ($password != $repeatpassword) 02176 return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH); 02177 02178 if ($password && (strlen($password) < 6)) 02179 return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT); 02180 02181 $error = ''; 02182 global $manager; 02183 $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error)); 02184 if ($error != '') 02185 return $this->_showActivationPage($key, $error); 02186 02187 02188 // set password 02189 $mem->setPassword($password); 02190 $mem->write(); 02191 02192 // do the activation 02193 MEMBER::activate($key); 02194 02195 $this->pagehead(); 02196 echo '<h2>',_ACTIVATE_SUCCESS_TITLE,'</h2>'; 02197 echo '<p>',_ACTIVATE_SUCCESS_TEXT,'</p>'; 02198 $this->pagefoot(); 02199 } 02200 02204 function action_manageteam() { 02205 global $member, $manager; 02206 02207 $blogid = intRequestVar('blogid'); 02208 02209 // check if allowed 02210 $member->blogAdminRights($blogid) or $this->disallow(); 02211 02212 $this->pagehead(); 02213 02214 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 02215 02216 echo '<h2>' . _TEAM_TITLE . getBlogNameFromID($blogid) . '</h2>'; 02217 02218 echo '<h3>' . _TEAM_CURRENT . '</h3>'; 02219 02220 02221 02222 $query = 'SELECT tblog, tmember, mname, mrealname, memail, tadmin' 02223 . ' FROM '.sql_table('member').', '.sql_table('team') 02224 . ' WHERE tmember=mnumber and tblog=' . $blogid; 02225 02226 $template['content'] = 'teamlist'; 02227 $template['tabindex'] = 10; 02228 02229 $manager->loadClass("ENCAPSULATE"); 02230 $batch =& new BATCH('team'); 02231 $batch->showlist($query, 'table', $template); 02232 02233 ?> 02234 <h3><?php echo _TEAM_ADDNEW?></h3> 02235 02236 <form method='post' action='index.php'><div> 02237 02238 <input type='hidden' name='action' value='teamaddmember' /> 02239 <input type='hidden' name='blogid' value='<?php echo $blogid; ?>' /> 02240 <?php $manager->addTicketHidden() ?> 02241 02242 <table><tr> 02243 <td><?php echo _TEAM_CHOOSEMEMBER?></td> 02244 <td><?php // TODO: try to make it so only non-team-members are listed 02245 $query = 'SELECT mname as text, mnumber as value' 02246 . ' FROM '.sql_table('member'); 02247 02248 $template['name'] = 'memberid'; 02249 $template['tabindex'] = 10000; 02250 showlist($query,'select',$template); 02251 ?></td> 02252 </tr><tr> 02253 <td><?php echo _TEAM_ADMIN?><?php help('teamadmin'); ?></td> 02254 <td><?php $this->input_yesno('admin',0,10020); ?></td> 02255 </tr><tr> 02256 <td><?php echo _TEAM_ADD?></td> 02257 <td><input type='submit' value='<?php echo _TEAM_ADD_BTN?>' tabindex="10030" /></td> 02258 </tr></table> 02259 02260 </div></form> 02261 <?php 02262 $this->pagefoot(); 02263 } 02264 02268 function action_teamaddmember() { 02269 global $member, $manager; 02270 02271 $memberid = intPostVar('memberid'); 02272 $blogid = intPostVar('blogid'); 02273 $admin = intPostVar('admin'); 02274 02275 // check if allowed 02276 $member->blogAdminRights($blogid) or $this->disallow(); 02277 02278 $blog =& $manager->getBlog($blogid); 02279 if (!$blog->addTeamMember($memberid, $admin)) 02280 $this->error(_ERROR_ALREADYONTEAM); 02281 02282 $this->action_manageteam(); 02283 02284 } 02285 02289 function action_teamdelete() { 02290 global $member, $manager; 02291 02292 $memberid = intRequestVar('memberid'); 02293 $blogid = intRequestVar('blogid'); 02294 02295 // check if allowed 02296 $member->blogAdminRights($blogid) or $this->disallow(); 02297 02298 $teammem = MEMBER::createFromID($memberid); 02299 $blog =& $manager->getBlog($blogid); 02300 02301 $this->pagehead(); 02302 ?> 02303 <h2><?php echo _DELETE_CONFIRM?></h2> 02304 02305 <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b> 02306 </p> 02307 02308 02309 <form method="post" action="index.php"><div> 02310 <input type="hidden" name="action" value="teamdeleteconfirm" /> 02311 <?php $manager->addTicketHidden() ?> 02312 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 02313 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 02314 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 02315 </div></form> 02316 <?php 02317 $this->pagefoot(); 02318 } 02319 02323 function action_teamdeleteconfirm() { 02324 global $member; 02325 02326 $memberid = intRequestVar('memberid'); 02327 $blogid = intRequestVar('blogid'); 02328 02329 $error = $this->deleteOneTeamMember($blogid, $memberid); 02330 if ($error) 02331 $this->error($error); 02332 02333 02334 $this->action_manageteam(); 02335 } 02336 02340 function deleteOneTeamMember($blogid, $memberid) { 02341 global $member, $manager; 02342 02343 $blogid = intval($blogid); 02344 $memberid = intval($memberid); 02345 02346 // check if allowed 02347 if (!$member->blogAdminRights($blogid)) 02348 return _ERROR_DISALLOWED; 02349 02350 // check if: - there remains at least one blog admin 02351 // - (there remains at least one team member) 02352 $mem = MEMBER::createFromID($memberid); 02353 02354 $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); 02355 02356 if ($mem->isBlogAdmin($blogid)) { 02357 // check if there are more blog members left and at least one admin 02358 // (check for at least two admins before deletion) 02359 $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1'; 02360 $r = sql_query($query); 02361 if (mysql_num_rows($r) < 2) 02362 return _ERROR_ATLEASTONEBLOGADMIN; 02363 } 02364 02365 $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid"; 02366 sql_query($query); 02367 02368 $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid)); 02369 02370 return ''; 02371 } 02372 02376 function action_teamchangeadmin() { 02377 global $member; 02378 02379 $blogid = intRequestVar('blogid'); 02380 $memberid = intRequestVar('memberid'); 02381 02382 // check if allowed 02383 $member->blogAdminRights($blogid) or $this->disallow(); 02384 02385 $mem = MEMBER::createFromID($memberid); 02386 02387 // don't allow when there is only one admin at this moment 02388 if ($mem->isBlogAdmin($blogid)) { 02389 $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1"); 02390 if (mysql_num_rows($r) == 1) 02391 $this->error(_ERROR_ATLEASTONEBLOGADMIN); 02392 } 02393 02394 if ($mem->isBlogAdmin($blogid)) 02395 $newval = 0; 02396 else 02397 $newval = 1; 02398 02399 $query = 'UPDATE '.sql_table('team') ." SET tadmin=$newval WHERE tblog=$blogid and tmember=$memberid"; 02400 sql_query($query); 02401 02402 // only show manageteam if member did not change its own admin privileges 02403 if ($member->isBlogAdmin($blogid)) 02404 $this->action_manageteam(); 02405 else 02406 $this->action_overview(_MSG_ADMINCHANGED); 02407 } 02408 02412 function action_blogsettings() { 02413 global $member, $manager; 02414 02415 $blogid = intRequestVar('blogid'); 02416 02417 // check if allowed 02418 $member->blogAdminRights($blogid) or $this->disallow(); 02419 02420 $blog =& $manager->getBlog($blogid); 02421 02422 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 02423 $this->pagehead($extrahead); 02424 02425 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 02426 ?> 02427 <h2><?php echo _EBLOG_TITLE?>: '<?php echo $this->bloglink($blog)?>'</h2> 02428 02429 <h3><?php echo _EBLOG_TEAM_TITLE?></h3> 02430 02431 <p>Members currently on your team: 02432 <?php 02433 $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid)); 02434 $aMemberNames = array(); 02435 while ($o = mysql_fetch_object($res)) 02436 array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')'); 02437 echo implode(',', $aMemberNames); 02438 ?> 02439 </p> 02440 02441 02442 02443 <p> 02444 <a href="index.php?action=manageteam&blogid=<?php echo $blogid?>"><?php echo _EBLOG_TEAM_TEXT?></a> 02445 </p> 02446 02447 <h3><?php echo _EBLOG_SETTINGS_TITLE?></h3> 02448 02449 <form method="post" action="index.php"><div> 02450 02451 <input type="hidden" name="action" value="blogsettingsupdate" /> 02452 <?php $manager->addTicketHidden() ?> 02453 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 02454 <table><tr> 02455 <td><?php echo _EBLOG_NAME?></td> 02456 <td><input name="name" tabindex="10" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getName()) ?>" /></td> 02457 </tr><tr> 02458 <td><?php echo _EBLOG_SHORTNAME?> <?php help('shortblogname'); ?> 02459 <?php echo _EBLOG_SHORTNAME_EXTRA?> 02460 </td> 02461 <td><input name="shortname" tabindex="20" maxlength="15" size="15" value="<?php echo htmlspecialchars($blog->getShortName()) ?>" /></td> 02462 </tr><tr> 02463 <td><?php echo _EBLOG_DESC?></td> 02464 <td><input name="desc" tabindex="30" maxlength="200" size="40" value="<?php echo htmlspecialchars($blog->getDescription()) ?>" /></td> 02465 </tr><tr> 02466 <td><?php echo _EBLOG_URL?></td> 02467 <td><input name="url" tabindex="40" size="40" maxlength="100" value="<?php echo htmlspecialchars($blog->getURL()) ?>" /></td> 02468 </tr><tr> 02469 <td><?php echo _EBLOG_DEFSKIN?> 02470 <?php help('blogdefaultskin'); ?> 02471 </td> 02472 <td> 02473 <?php 02474 $query = 'SELECT sdname as text, sdnumber as value' 02475 . ' FROM '.sql_table('skin_desc'); 02476 $template['name'] = 'defskin'; 02477 $template['selected'] = $blog->getDefaultSkin(); 02478 $template['tabindex'] = 50; 02479 showlist($query,'select',$template); 02480 ?> 02481 02482 </td> 02483 </tr><tr> 02484 <td><?php echo _EBLOG_LINEBREAKS?> <?php help('convertbreaks'); ?> 02485 </td> 02486 <td><?php $this->input_yesno('convertbreaks',$blog->convertBreaks(),55); ?></td> 02487 </tr><tr> 02488 <td><?php echo _EBLOG_ALLOWPASTPOSTING?> <?php help('allowpastposting'); ?> 02489 </td> 02490 <td><?php $this->input_yesno('allowpastposting',$blog->allowPastPosting(),57); ?></td> 02491 </tr><tr> 02492 <td><?php echo _EBLOG_DISABLECOMMENTS?> 02493 </td> 02494 <td><?php $this->input_yesno('comments',$blog->commentsEnabled(),60); ?></td> 02495 </tr><tr> 02496 <td><?php echo _EBLOG_ANONYMOUS?> 02497 </td> 02498 <td><?php $this->input_yesno('public',$blog->isPublic(),70); ?></td> 02499 </tr><tr> 02500 <td><?php echo _EBLOG_REQUIREDEMAIL?> 02501 </td> 02502 <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td> 02503 </tr><tr> 02504 <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td> 02505 <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo htmlspecialchars($blog->getNotifyAddress()); ?>" /></td> 02506 </tr><tr> 02507 <td><?php echo _EBLOG_NOTIFY_ON?></td> 02508 <td> 02509 <input name="notifyComment" value="3" type="checkbox" tabindex="81" id="notifyComment" 02510 <?php if ($blog->notifyOnComment()) echo "checked='checked'" ?> 02511 /><label for="notifyComment"><?php echo _EBLOG_NOTIFY_COMMENT?></label> 02512 <br /> 02513 <input name="notifyVote" value="5" type="checkbox" tabindex="82" id="notifyVote" 02514 <?php if ($blog->notifyOnVote()) echo "checked='checked'" ?> 02515 /><label for="notifyVote"><?php echo _EBLOG_NOTIFY_KARMA?></label> 02516 <br /> 02517 <input name="notifyNewItem" value="7" type="checkbox" tabindex="83" id="notifyNewItem" 02518 <?php if ($blog->notifyOnNewItem()) echo "checked='checked'" ?> 02519 /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label> 02520 </td> 02521 </tr><tr> 02522 <?php 02523 if (numberOfEventSubscriber('SendPing') > 0) { 02524 ?> 02525 <td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td> 02526 <td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td> 02527 </tr><tr> 02528 <?php 02529 } 02530 ?> 02531 <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td> 02532 <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo htmlspecialchars($blog->getMaxComments()); ?>" /></td> 02533 </tr><tr> 02534 <td><?php echo _EBLOG_UPDATE?> <?php help('blogupdatefile'); ?></td> 02535 <td><input name="update" tabindex="100" size="40" maxlength="60" value="<?php echo htmlspecialchars($blog->getUpdateFile()) ?>" /></td> 02536 </tr><tr> 02537 <td><?php echo _EBLOG_DEFCAT?></td> 02538 <td> 02539 <?php 02540 $query = 'SELECT cname as text, catid as value' 02541 . ' FROM '.sql_table('category') 02542 . ' WHERE cblog=' . $blog->getID(); 02543 $template['name'] = 'defcat'; 02544 $template['selected'] = $blog->getDefaultCategory(); 02545 $template['tabindex'] = 110; 02546 showlist($query,'select',$template); 02547 ?> 02548 </td> 02549 </tr><tr> 02550 <td><?php echo _EBLOG_OFFSET?> <?php help('blogtimeoffset'); ?> 02551 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 02552 <br /><?php echo _EBLOG_BTIME?> <b><?php echo strftime("%H:%M",$blog->getCorrectTime()); ?></b> 02553 </td> 02554 <td><input name="timeoffset" tabindex="120" size="3" value="<?php echo htmlspecialchars($blog->getTimeOffset()); ?>" /></td> 02555 </tr><tr> 02556 <td><?php echo _EBLOG_SEARCH?> <?php help('blogsearchable'); ?></td> 02557 <td><?php $this->input_yesno('searchable',$blog->getSearchable(),122); ?></td> 02558 </tr> 02559 <?php 02560 // plugin options 02561 $this->_insertPluginOptions('blog',$blogid); 02562 ?> 02563 <tr> 02564 <th colspan="2"><?php echo _EBLOG_CHANGE?></th> 02565 </tr><tr> 02566 <td><?php echo _EBLOG_CHANGE?></td> 02567 <td><input type="submit" tabindex="130" value="<?php echo _EBLOG_CHANGE_BTN?>" onclick="return checkSubmit();" /></td> 02568 </tr></table> 02569 02570 </div></form> 02571 02572 <h3><?php echo _EBLOG_CAT_TITLE?></h3> 02573 02574 02575 <?php 02576 $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog='.$blog->getID().' ORDER BY cname'; 02577 $template['content'] = 'categorylist'; 02578 $template['tabindex'] = 200; 02579 02580 $manager->loadClass("ENCAPSULATE"); 02581 $batch =& new BATCH('category'); 02582 $batch->showlist($query,'table',$template); 02583 02584 ?> 02585 02586 02587 <form action="index.php" method="post"><div> 02588 <input name="action" value="categorynew" type="hidden" /> 02589 <?php $manager->addTicketHidden() ?> 02590 <input name="blogid" value="<?php echo $blog->getID()?>" type="hidden" /> 02591 02592 <table><tr> 02593 <th colspan="2"><?php echo _EBLOG_CAT_CREATE?></th> 02594 </tr><tr> 02595 <td><?php echo _EBLOG_CAT_NAME?></td> 02596 <td><input name="cname" size="40" maxlength="40" tabindex="300" /></td> 02597 </tr><tr> 02598 <td><?php echo _EBLOG_CAT_DESC?></td> 02599 <td><input name="cdesc" size="40" maxlength="200" tabindex="310" /></td> 02600 </tr><tr> 02601 <td><?php echo _EBLOG_CAT_CREATE?></td> 02602 <td><input type="submit" value="<?php echo _EBLOG_CAT_CREATE?>" tabindex="320" /></td> 02603 </tr></table> 02604 02605 </div></form> 02606 02607 <?php 02608 02609 echo '<h3>',_PLUGINS_EXTRA,'</h3>'; 02610 02611 $manager->notify( 02612 'BlogSettingsFormExtras', 02613 array( 02614 'blog' => &$blog 02615 ) 02616 ); 02617 02618 $this->pagefoot(); 02619 } 02620 02624 function action_categorynew() { 02625 global $member, $manager; 02626 02627 $blogid = intRequestVar('blogid'); 02628 02629 $member->blogAdminRights($blogid) or $this->disallow(); 02630 02631 $cname = postVar('cname'); 02632 $cdesc = postVar('cdesc'); 02633 02634 if (!isValidCategoryName($cname)) 02635 $this->error(_ERROR_BADCATEGORYNAME); 02636 02637 $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid); 02638 $res = sql_query($query); 02639 if (mysql_num_rows($res) > 0) 02640 $this->error(_ERROR_DUPCATEGORYNAME); 02641 02642 $blog =& $manager->getBlog($blogid); 02643 $newCatID = $blog->createNewCategory($cname, $cdesc); 02644 02645 $this->action_blogsettings(); 02646 } 02647 02651 function action_categoryedit($catid = '', $blogid = '', $desturl = '') { 02652 global $member, $manager; 02653 02654 if ($blogid == '') 02655 $blogid = intGetVar('blogid'); 02656 else 02657 $blogid = intval($blogid); 02658 if ($catid == '') 02659 $catid = intGetVar('catid'); 02660 else 02661 $catid = intval($catid); 02662 02663 $member->blogAdminRights($blogid) or $this->disallow(); 02664 02665 $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid"); 02666 $obj = mysql_fetch_object($res); 02667 02668 $cname = $obj->cname; 02669 $cdesc = $obj->cdesc; 02670 02671 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 02672 $this->pagehead($extrahead); 02673 02674 echo "<p><a href='index.php?action=blogsettings&blogid=$blogid'>(",_BACK_TO_BLOGSETTINGS,")</a></p>"; 02675 02676 ?> 02677 <h2><?php echo _EBLOG_CAT_UPDATE?> '<?php echo htmlspecialchars($cname)?>'</h2> 02678 <form method='post' action='index.php'><div> 02679 <input name="blogid" type="hidden" value="<?php echo $blogid?>" /> 02680 <input name="catid" type="hidden" value="<?php echo $catid?>" /> 02681 <input name="desturl" type="hidden" value="<?php echo htmlspecialchars($desturl) ?>" /> 02682 <input name="action" type="hidden" value="categoryupdate" /> 02683 <?php $manager->addTicketHidden(); ?> 02684 02685 <table><tr> 02686 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 02687 </tr><tr> 02688 <td><?php echo _EBLOG_CAT_NAME?></td> 02689 <td><input type="text" name="cname" value="<?php echo htmlspecialchars($cname)?>" size="40" maxlength="40" /></td> 02690 </tr><tr> 02691 <td><?php echo _EBLOG_CAT_DESC?></td> 02692 <td><input type="text" name="cdesc" value="<?php echo htmlspecialchars($cdesc)?>" size="40" maxlength="200" /></td> 02693 </tr> 02694 <?php 02695 // insert plugin options 02696 $this->_insertPluginOptions('category',$catid); 02697 ?> 02698 <tr> 02699 <th colspan="2"><?php echo _EBLOG_CAT_UPDATE ?></th> 02700 </tr><tr> 02701 <td><?php echo _EBLOG_CAT_UPDATE?></td> 02702 <td><input type="submit" value="<?php echo _EBLOG_CAT_UPDATE_BTN?>" /></td> 02703 </tr></table> 02704 02705 </div></form> 02706 <?php 02707 $this->pagefoot(); 02708 } 02709 02713 function action_categoryupdate() { 02714 global $member, $manager; 02715 02716 $blogid = intPostVar('blogid'); 02717 $catid = intPostVar('catid'); 02718 $cname = postVar('cname'); 02719 $cdesc = postVar('cdesc'); 02720 $desturl = postVar('desturl'); 02721 02722 $member->blogAdminRights($blogid) or $this->disallow(); 02723 02724 if (!isValidCategoryName($cname)) 02725 $this->error(_ERROR_BADCATEGORYNAME); 02726 02727 $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)"; 02728 $res = sql_query($query); 02729 if (mysql_num_rows($res) > 0) 02730 $this->error(_ERROR_DUPCATEGORYNAME); 02731 02732 $query = 'UPDATE '.sql_table('category').' SET' 02733 . " cname='" . addslashes($cname) . "'," 02734 . " cdesc='" . addslashes($cdesc) . "'" 02735 . " WHERE catid=" . $catid; 02736 02737 sql_query($query); 02738 02739 // store plugin options 02740 $aOptions = requestArray('plugoption'); 02741 NucleusPlugin::_applyPluginOptions($aOptions); 02742 $manager->notify('PostPluginOptionsUpdate',array('context' => 'category', 'catid' => $catid)); 02743 02744 02745 if ($desturl) { 02746 redirect($desturl); 02747 exit; 02748 } else { 02749 $this->action_blogsettings(); 02750 } 02751 } 02752 02756 function action_categorydelete() { 02757 global $member, $manager; 02758 02759 $blogid = intRequestVar('blogid'); 02760 $catid = intRequestVar('catid'); 02761 02762 $member->blogAdminRights($blogid) or $this->disallow(); 02763 02764 $blog =& $manager->getBlog($blogid); 02765 02766 // check if the category is valid 02767 if (!$blog->isValidCategory($catid)) 02768 $this->error(_ERROR_NOSUCHCATEGORY); 02769 02770 // don't allow deletion of default category 02771 if ($blog->getDefaultCategory() == $catid) 02772 $this->error(_ERROR_DELETEDEFCATEGORY); 02773 02774 // check if catid is the only category left for blogid 02775 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 02776 $res = sql_query($query); 02777 if (mysql_num_rows($res) == 1) 02778 $this->error(_ERROR_DELETELASTCATEGORY); 02779 02780 02781 $this->pagehead(); 02782 ?> 02783 <h2><?php echo _DELETE_CONFIRM?></h2> 02784 02785 <div> 02786 <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo htmlspecialchars($blog->getCategoryName($catid))?></b> 02787 </div> 02788 02789 <form method="post" action="index.php"><div> 02790 <input type="hidden" name="action" value="categorydeleteconfirm" /> 02791 <?php $manager->addTicketHidden() ?> 02792 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 02793 <input type="hidden" name="catid" value="<?php echo $catid?>" /> 02794 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 02795 </div></form> 02796 <?php 02797 $this->pagefoot(); 02798 } 02799 02803 function action_categorydeleteconfirm() { 02804 global $member, $manager; 02805 02806 $blogid = intRequestVar('blogid'); 02807 $catid = intRequestVar('catid'); 02808 02809 $member->blogAdminRights($blogid) or $this->disallow(); 02810 02811 $error = $this->deleteOneCategory($catid); 02812 if ($error) 02813 $this->error($error); 02814 02815 $this->action_blogsettings(); 02816 } 02817 02821 function deleteOneCategory($catid) { 02822 global $manager, $member; 02823 02824 $catid = intval($catid); 02825 02826 $manager->notify('PreDeleteCategory', array('catid' => $catid)); 02827 02828 $blogid = getBlogIDFromCatID($catid); 02829 02830 if (!$member->blogAdminRights($blogid)) 02831 return ERROR_DISALLOWED; 02832 02833 // get blog 02834 $blog =& $manager->getBlog($blogid); 02835 02836 // check if the category is valid 02837 if (!$blog || !$blog->isValidCategory($catid)) 02838 return _ERROR_NOSUCHCATEGORY; 02839 02840 $destcatid = $blog->getDefaultCategory(); 02841 02842 // don't allow deletion of default category 02843 if ($blog->getDefaultCategory() == $catid) 02844 return _ERROR_DELETEDEFCATEGORY; 02845 02846 // check if catid is the only category left for blogid 02847 $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid; 02848 $res = sql_query($query); 02849 if (mysql_num_rows($res) == 1) 02850 return _ERROR_DELETELASTCATEGORY; 02851 02852 // change category for all items to the default category 02853 $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid"; 02854 sql_query($query); 02855 02856 // delete all associated plugin options 02857 NucleusPlugin::_deleteOptionValues('category', $catid); 02858 02859 // delete category 02860 $query = 'DELETE FROM '.sql_table('category').' WHERE catid=' .$catid; 02861 sql_query($query); 02862 02863 $manager->notify('PostDeleteCategory', array('catid' => $catid)); 02864 02865 } 02866 02870 function moveOneCategory($catid, $destblogid) { 02871 global $manager, $member; 02872 02873 $catid = intval($catid); 02874 $destblogid = intval($destblogid); 02875 02876 $blogid = getBlogIDFromCatID($catid); 02877 02878 // mover should have admin rights on both blogs 02879 if (!$member->blogAdminRights($blogid)) 02880 return _ERROR_DISALLOWED; 02881 if (!$member->blogAdminRights($destblogid)) 02882 return _ERROR_DISALLOWED; 02883 02884 // cannot move to self 02885 if ($blogid == $destblogid) 02886 return _ERROR_MOVETOSELF; 02887 02888 // get blogs 02889 $blog =& $manager->getBlog($blogid); 02890 $destblog =& $manager->getBlog($destblogid); 02891 02892 // check if the category is valid 02893 if (!$blog || !$blog->isValidCategory($catid)) 02894 return _ERROR_NOSUCHCATEGORY; 02895 02896 // don't allow default category to be moved 02897 if ($blog->getDefaultCategory() == $catid) 02898 return _ERROR_MOVEDEFCATEGORY; 02899 02900 $manager->notify( 02901 'PreMoveCategory', 02902 array( 02903 'catid' => &$catid, 02904 'sourceblog' => &$blog, 02905 'destblog' => &$destblog 02906 ) 02907 ); 02908 02909 // update comments table (cblog) 02910 $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid; 02911 $items = sql_query($query); 02912 while ($oItem = mysql_fetch_object($items)) { 02913 sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber); 02914 } 02915 02916 // update items (iblog) 02917 $query = 'UPDATE '.sql_table('item').' SET iblog='.$destblogid.' WHERE icat='.$catid; 02918 sql_query($query); 02919 02920 // move category 02921 $query = 'UPDATE '.sql_table('category').' SET cblog='.$destblogid.' WHERE catid='.$catid; 02922 sql_query($query); 02923 02924 $manager->notify( 02925 'PostMoveCategory', 02926 array( 02927 'catid' => &$catid, 02928 'sourceblog' => &$blog, 02929 'destblog' => $destblog 02930 ) 02931 ); 02932 02933 } 02934 02938 function action_blogsettingsupdate() { 02939 global $member, $manager; 02940 02941 $blogid = intRequestVar('blogid'); 02942 02943 $member->blogAdminRights($blogid) or $this->disallow(); 02944 02945 $blog =& $manager->getBlog($blogid); 02946 02947 $notify = trim(postVar('notify')); 02948 $shortname = trim(postVar('shortname')); 02949 $updatefile = trim(postVar('update')); 02950 02951 $notifyComment = intPostVar('notifyComment'); 02952 $notifyVote = intPostVar('notifyVote'); 02953 $notifyNewItem = intPostVar('notifyNewItem'); 02954 02955 if ($notifyComment == 0) $notifyComment = 1; 02956 if ($notifyVote == 0) $notifyVote = 1; 02957 if ($notifyNewItem == 0) $notifyNewItem = 1; 02958 02959 $notifyType = $notifyComment * $notifyVote * $notifyNewItem; 02960 02961 02962 if ($notify) { 02963 $not =& new NOTIFICATION($notify); 02964 if (!$not->validAddresses()) 02965 $this->error(_ERROR_BADNOTIFY); 02966 02967 } 02968 02969 if (!isValidShortName($shortname)) 02970 $this->error(_ERROR_BADSHORTBLOGNAME); 02971 02972 if (($blog->getShortName() != $shortname) && $manager->existsBlog($shortname)) 02973 $this->error(_ERROR_DUPSHORTBLOGNAME); 02974 02975 // check if update file is writable 02976 if ($updatefile && !is_writeable($updatefile)) 02977 $this->error(_ERROR_UPDATEFILE); 02978 02979 $blog->setName(trim(postVar('name'))); 02980 $blog->setShortName($shortname); 02981 $blog->setNotifyAddress($notify); 02982 $blog->setNotifyType($notifyType); 02983 $blog->setMaxComments(postVar('maxcomments')); 02984 $blog->setCommentsEnabled(postVar('comments')); 02985 $blog->setTimeOffset(postVar('timeoffset')); 02986 $blog->setUpdateFile($updatefile); 02987 $blog->setURL(trim(postVar('url'))); 02988 $blog->setDefaultSkin(intPostVar('defskin')); 02989 $blog->setDescription(trim(postVar('desc'))); 02990 $blog->setPublic(postVar('public')); 02991 $blog->setPingUserland(postVar('sendping')); 02992 $blog->setConvertBreaks(intPostVar('convertbreaks')); 02993 $blog->setAllowPastPosting(intPostVar('allowpastposting')); 02994 $blog->setDefaultCategory(intPostVar('defcat')); 02995 $blog->setSearchable(intPostVar('searchable')); 02996 $blog->setEmailRequired(intPostVar('reqemail')); 02997 02998 $blog->writeSettings(); 02999 03000 // store plugin options 03001 $aOptions = requestArray('plugoption'); 03002 NucleusPlugin::_applyPluginOptions($aOptions); 03003 $manager->notify('PostPluginOptionsUpdate',array('context' => 'blog', 'blogid' => $blogid, 'blog' => &$blog)); 03004 03005 03006 $this->action_overview(_MSG_SETTINGSCHANGED); 03007 } 03008 03012 function action_deleteblog() { 03013 global $member, $CONF, $manager; 03014 03015 $blogid = intRequestVar('blogid'); 03016 03017 $member->blogAdminRights($blogid) or $this->disallow(); 03018 03019 // check if blog is default blog 03020 if ($CONF['DefaultBlog'] == $blogid) 03021 $this->error(_ERROR_DELDEFBLOG); 03022 03023 $blog =& $manager->getBlog($blogid); 03024 03025 $this->pagehead(); 03026 ?> 03027 <h2><?php echo _DELETE_CONFIRM?></h2> 03028 03029 <p><?php echo _WARNINGTXT_BLOGDEL?> 03030 </p> 03031 03032 <div> 03033 <?php echo _CONFIRMTXT_BLOG?><b><?php echo htmlspecialchars($blog->getName())?></b> 03034 </div> 03035 03036 <form method="post" action="index.php"><div> 03037 <input type="hidden" name="action" value="deleteblogconfirm" /> 03038 <?php $manager->addTicketHidden() ?> 03039 <input type="hidden" name="blogid" value="<?php echo $blogid; ?>" /> 03040 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 03041 </div></form> 03042 <?php 03043 $this->pagefoot(); 03044 } 03045 03049 function action_deleteblogconfirm() { 03050 global $member, $CONF, $manager; 03051 03052 $blogid = intRequestVar('blogid'); 03053 03054 $manager->notify('PreDeleteBlog', array('blogid' => $blogid)); 03055 03056 $member->blogAdminRights($blogid) or $this->disallow(); 03057 03058 // check if blog is default blog 03059 if ($CONF['DefaultBlog'] == $blogid) 03060 $this->error(_ERROR_DELDEFBLOG); 03061 03062 // delete all comments 03063 $query = 'DELETE FROM '.sql_table('comment').' WHERE cblog='.$blogid; 03064 sql_query($query); 03065 03066 // delete all items 03067 $query = 'DELETE FROM '.sql_table('item').' WHERE iblog='.$blogid; 03068 sql_query($query); 03069 03070 // delete all team members 03071 $query = 'DELETE FROM '.sql_table('team').' WHERE tblog='.$blogid; 03072 sql_query($query); 03073 03074 // delete all bans 03075 $query = 'DELETE FROM '.sql_table('ban').' WHERE blogid='.$blogid; 03076 sql_query($query); 03077 03078 // delete all categories 03079 $query = 'DELETE FROM '.sql_table('category').' WHERE cblog='.$blogid; 03080 sql_query($query); 03081 03082 // delete all associated plugin options 03083 NucleusPlugin::_deleteOptionValues('blog', $blogid); 03084 03085 // delete the blog itself 03086 $query = 'DELETE FROM '.sql_table('blog').' WHERE bnumber='.$blogid; 03087 sql_query($query); 03088 03089 $manager->notify('PostDeleteBlog', array('blogid' => $blogid)); 03090 03091 $this->action_overview(_DELETED_BLOG); 03092 } 03093 03097 function action_memberdelete() { 03098 global $member, $manager; 03099 03100 $memberid = intRequestVar('memberid'); 03101 03102 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 03103 03104 $mem = MEMBER::createFromID($memberid); 03105 03106 $this->pagehead(); 03107 ?> 03108 <h2><?php echo _DELETE_CONFIRM?></h2> 03109 03110 <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b> 03111 </p> 03112 03113 <p> 03114 Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version) 03115 </p> 03116 03117 <form method="post" action="index.php"><div> 03118 <input type="hidden" name="action" value="memberdeleteconfirm" /> 03119 <?php $manager->addTicketHidden() ?> 03120 <input type="hidden" name="memberid" value="<?php echo $memberid; ?>" /> 03121 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 03122 </div></form> 03123 <?php 03124 $this->pagefoot(); 03125 } 03126 03130 function action_memberdeleteconfirm() { 03131 global $member; 03132 03133 $memberid = intRequestVar('memberid'); 03134 03135 ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow(); 03136 03137 $error = $this->deleteOneMember($memberid); 03138 if ($error) 03139 $this->error($error); 03140 03141 if ($member->isAdmin()) 03142 $this->action_usermanagement(); 03143 else 03144 $this->action_overview(_DELETED_MEMBER); 03145 } 03146 03151 function deleteOneMember($memberid) { 03152 global $manager; 03153 03154 $memberid = intval($memberid); 03155 $mem = MEMBER::createFromID($memberid); 03156 03157 if (!$mem->canBeDeleted()) 03158 return _ERROR_DELETEMEMBER; 03159 03160 $manager->notify('PreDeleteMember', array('member' => &$mem)); 03161 03162 /* unlink comments from memberid */ 03163 $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. addslashes($mem->getDisplayName()) 03164 .'" WHERE cmember='.$memberid; 03165 sql_query($query); 03166 03167 $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid; 03168 sql_query($query); 03169 03170 $query = 'DELETE FROM '.sql_table('team').' WHERE tmember='.$memberid; 03171 sql_query($query); 03172 03173 $query = 'DELETE FROM '.sql_table('activation').' WHERE vmember='.$memberid; 03174 sql_query($query); 03175 03176 // delete all associated plugin options 03177 NucleusPlugin::_deleteOptionValues('member', $memberid); 03178 03179 $manager->notify('PostDeleteMember', array('member' => &$mem)); 03180 03181 return ''; 03182 } 03183 03187 function action_createnewlog() { 03188 global $member, $CONF, $manager; 03189 03190 // Only Super-Admins can do this 03191 $member->isAdmin() or $this->disallow(); 03192 03193 $this->pagehead(); 03194 03195 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 03196 ?> 03197 <h2><?php echo _EBLOG_CREATE_TITLE?></h2> 03198 03199 <h3>注æ„äº‹é …</h3> 03200 03201 <p>作æˆã«ã‚ãŸã£ã¦ã€ä¸‹è¨˜ã®<strong>注æ„äº‹é …</strong> ã‚’ã¾ãšãŠèªã¿ä¸‹ã•ã„</p> 03202 03203 <p>æ–°ã—ã„weblogを作æˆã—ãŸå¾Œã«ã€ã“ã®blogã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã®æ–¹æ³•ã‚’紹介ã—ã¦ãŠãã¾ã™ã€‚方法ã¯2ã¤ã‚ã‚Šã¾ã™:</p> 03204 03205 <ol> 03206 <li><strong>ç°¡å˜ãªæ–¹æ³•:</strong> <code>index.php</code>ã®è¤‡è£½ã‚’作りã€æ–°ã—ã„blogを表示ã™ã‚‹ã‚ˆã†ã«å¤‰æ›´ã‚’åŠ ãˆã¾ã™ã€‚ ã“ã®å¤‰æ›´ã®è©³ç´°ã¯ã€ä½œæˆå¾Œã«è¡¨ç¤ºã•ã‚Œã¾ã™ã€‚</li> 03207 <li><strong>高度ãªæ–¹æ³•:</strong> ç¾åœ¨ã®blogã§ä½¿ç”¨ã—ã¦ã„るスã‚ンã«<code>otherblog</code>ã¨ã„ã†ã‚³ãƒ¼ãƒ‰ã‚’使ã£ãŸè¨˜è¿°ã‚’åŠ ãˆã¾ã™ã€‚ã“ã®æ–¹æ³•ã§ã¯ã€åŒã˜ãƒšãƒ¼ã‚¸å†…ã§è¤‡æ•°ã®blogを展開ã™ã‚‹ã“ã¨ãŒå¯èƒ½ã¨ãªã‚Šã¾ã™ã€‚</li> 03208 </ol> 03209 03210 <h3>Weblogã®ä½œæˆ</h3> 03211 03212 <p> 03213 <?php echo _EBLOG_CREATE_TEXT?> 03214 </p> 03215 03216 <form method="post" action="index.php"><div> 03217 03218 <input type="hidden" name="action" value="addnewlog" /> 03219 <?php $manager->addTicketHidden() ?> 03220 03221 03222 <table><tr> 03223 <td><?php echo _EBLOG_NAME?></td> 03224 <td><input name="name" tabindex="10" size="40" maxlength="60" /></td> 03225 </tr><tr> 03226 <td><?php echo _EBLOG_SHORTNAME?> 03227 <?php help('shortblogname'); ?> 03228 </td> 03229 <td><input name="shortname" tabindex="20" maxlength="15" size="15" /></td> 03230 </tr><tr> 03231 <td><?php echo _EBLOG_DESC?></td> 03232 <td><input name="desc" tabindex="30" maxlength="200" size="40" /></td> 03233 </tr><tr> 03234 <td><?php echo _EBLOG_DEFSKIN?> 03235 <?php help('blogdefaultskin'); ?> 03236 </td> 03237 <td> 03238 <?php 03239 $query = 'SELECT sdname as text, sdnumber as value' 03240 . ' FROM '.sql_table('skin_desc'); 03241 $template['name'] = 'defskin'; 03242 $template['tabindex'] = 50; 03243 $template['selected'] = $CONF['BaseSkin']; // set default selected skin to be globally defined base skin 03244 showlist($query,'select',$template); 03245 ?> 03246 </td> 03247 </tr><tr> 03248 <td><?php echo _EBLOG_OFFSET?> 03249 <?php help('blogtimeoffset'); ?> 03250 <br /><?php echo _EBLOG_STIME?> <b><?php echo strftime("%H:%M",time()); ?></b> 03251 </td> 03252 <td><input name="timeoffset" tabindex="110" size="3" value="0" /></td> 03253 </tr><tr> 03254 <td><?php echo _EBLOG_ADMIN?> 03255 <?php help('teamadmin'); ?> 03256 </td> 03257 <td><?php echo _EBLOG_ADMIN_MSG?></td> 03258 </tr><tr> 03259 <td><?php echo _EBLOG_CREATE?></td> 03260 <td><input type="submit" tabindex="120" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 03261 </tr></table> 03262 03263 </div></form> 03264 <?php 03265 $this->pagefoot(); 03266 } 03267 03271 function action_addnewlog() { 03272 global $member, $manager, $CONF; 03273 03274 // Only Super-Admins can do this 03275 $member->isAdmin() or $this->disallow(); 03276 03277 $bname = trim(postVar('name')); 03278 $bshortname = trim(postVar('shortname')); 03279 $btimeoffset = postVar('timeoffset'); 03280 $bdesc = trim(postVar('desc')); 03281 $bdefskin = postVar('defskin'); 03282 03283 if (!isValidShortName($bshortname)) 03284 $this->error(_ERROR_BADSHORTBLOGNAME); 03285 03286 if ($manager->existsBlog($bshortname)) 03287 $this->error(_ERROR_DUPSHORTBLOGNAME); 03288 03289 $manager->notify( 03290 'PreAddBlog', 03291 array( 03292 'name' => &$bname, 03293 'shortname' => &$bshortname, 03294 'timeoffset' => &$btimeoffset, 03295 'description' => &$bdesc, 03296 'defaultskin' => &$bdefskin 03297 ) 03298 ); 03299 03300 03301 // add slashes for sql queries 03302 $bname = addslashes($bname); 03303 $bshortname = addslashes($bshortname); 03304 $btimeoffset = addslashes($btimeoffset); 03305 $bdesc = addslashes($bdesc); 03306 $bdefskin = addslashes($bdefskin); 03307 03308 // create blog 03309 $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')"; 03310 sql_query($query); 03311 $blogid = mysql_insert_id(); 03312 $blog =& $manager->getBlog($blogid); 03313 03314 // create new category 03315 sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, 'General','Items that do not fit in other categories')"); 03316 $catid = mysql_insert_id(); 03317 03318 // set as default category 03319 $blog->setDefaultCategory($catid); 03320 $blog->writeSettings(); 03321 03322 // create team member 03323 $memberid = $member->getID(); 03324 $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)"; 03325 sql_query($query); 03326 03327 03328 $blog->additem($blog->getDefaultCategory(),'First Item','ã“ã‚Œã¯ã‚ãªãŸã®weblogã«ãŠã‘る最åˆã®ã‚¢ã‚¤ãƒ†ãƒ ã§ã™ã€‚自由ã«å‰Šé™¤ã—ã¦ã„ãŸã ã„ã¦ã‹ã¾ã„ã¾ã›ã‚“。','',$blogid, $memberid,$blog->getCorrectTime(),0,0,0); 03329 03330 $manager->notify( 03331 'PostAddBlog', 03332 array( 03333 'blog' => &$blog 03334 ) 03335 ); 03336 03337 $manager->notify( 03338 'PostAddCategory', 03339 array( 03340 'blog' => &$blog, 03341 'name' => 'General', 03342 'description' => 'Items that do not fit in other categories', 03343 'catid' => $catid 03344 ) 03345 ); 03346 03347 $this->pagehead(); 03348 ?> 03349 <h2>æ–°ã—ã„weblogãŒä½œæˆã•ã‚Œã¾ã—ãŸ</h2> 03350 03351 <p>æ–°ã—ã„weblog 「<?php echo htmlspecialchars($bname)?>ã€ãŒä½œæˆã•ã‚Œã¾ã—ãŸã€‚続ã‘ã¦ã€ã“ã‚Œã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã«ä»¥ä¸‹ã®ã©ã¡ã‚‰ã‹ã®æ‰‹é †ã«é€²ã‚“ã§ãã ã•ã„。</p> 03352 03353 <ol> 03354 <li><a href="#index_php">ç°¡å˜ãªæ–¹æ³•: 下ã®ã‚³ãƒ¼ãƒ‰ã‚’貼付ã‘㟠<code><?php echo htmlspecialchars($bshortname)?>.php</code> ã¨ã„ã†ãƒ•ã‚¡ã‚¤ãƒ«ã‚’作æˆã™ã‚‹</a></li> 03355 <li><a href="#skins">高度ãªæ–¹æ³•: ç¾åœ¨ä½¿ç”¨ã—ã¦ã„るスã‚ンã«æ–°ã—ã„weblogを展開ã•ã›ã‚‹ãŸã‚ã®è¨˜è¿°ã‚’åŠ ãˆã‚‹</a></li> 03356 </ol> 03357 03358 <h3><a id="index_php">方法 1: <code><?php echo htmlspecialchars($bshortname)?>.php</code> ã¨ã„ã†ãƒ•ã‚¡ã‚¤ãƒ«ã‚’作æˆ</a></h3> 03359 03360 <p><code><?php echo htmlspecialchars($bshortname)?>.php</code> ã¨ã„ã†ãƒ•ã‚¡ã‚¤ãƒ«ã‚’作æˆã—ã¦ã€ä¸èº«ã«ä»¥ä¸‹ã®ã‚³ãƒ¼ãƒ‰ã‚’貼り付ã‘ã‚‹:</p> 03361 <pre><code><?php 03362 03363 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>'; 03364 03365 include('<i>./config.php</i>'); 03366 03367 selectBlog('<b><?php echo htmlspecialchars($bshortname)?></b>'); 03368 selector(); 03369 03370 ?></code></pre> 03371 03372 <p>ã™ã§ã«ã‚ã‚‹<code>index.php</code>ã¨åŒã˜ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ã¾ã™ã€‚</p> 03373 03374 <p>æ–°ã—ã„weblogã®ä½œæˆã‚’完了ã™ã‚‹ãŸã‚ã«ã¯ã€ä¸‹ã«ã“ã®ãƒ•ã‚¡ã‚¤ãƒ«ã®URLを入力ã—ã¦ãã ã•ã„。 (ã™ã§ã«ç”¨æ„ã—ãŸå€¤ã§åˆã£ã¦ã„ã‚‹ã¨ã¯æ€ã„ã¾ã™ãŒä¿è¨¼ã¯ã—ã¾ã›ã‚“):</p> 03375 03376 <form action="index.php" method="post"><div> 03377 <input type="hidden" name="action" value="addnewlog2" /> 03378 <?php $manager->addTicketHidden() ?> 03379 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 03380 <table><tr> 03381 <td><?php echo _EBLOG_URL?></td> 03382 <td><input name="url" maxlength="100" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL'].$bshortname.'.php')?>" /></td> 03383 </tr><tr> 03384 <td><?php echo _EBLOG_CREATE?></td> 03385 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 03386 </tr></table> 03387 </div></form> 03388 03389 <h3><a id="skins">方法 2: ç¾åœ¨ä½¿ç”¨ã—ã¦ã„るスã‚ンã«æ–°ã—ã„weblogを展開ã™ã‚‹è¨˜è¿°ã‚’åŠ ãˆã‚‹</a></h3> 03390 03391 <p>æ–°ã—ã„weblogã®ä½œæˆã‚’完了ã™ã‚‹ãŸã‚ã«ã¯ã€ä¸‹ã«URLを入力ã—ã¦ãã ã•ã„。 (大抵ã¯æ—¢å˜blogã¨åŒã˜URL)</p> 03392 03393 <form action="index.php" method="post"><div> 03394 <input type="hidden" name="action" value="addnewlog2" /> 03395 <?php $manager->addTicketHidden() ?> 03396 <input type="hidden" name="blogid" value="<?php echo intval($blogid)?>" /> 03397 <table><tr> 03398 <td><?php echo _EBLOG_URL?></td> 03399 <td><input name="url" maxlength="100" size="40" /></td> 03400 </tr><tr> 03401 <td><?php echo _EBLOG_CREATE?></td> 03402 <td><input type="submit" value="<?php echo _EBLOG_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 03403 </tr></table> 03404 </div></form> 03405 03406 <?php $this->pagefoot(); 03407 03408 } 03409 03413 function action_addnewlog2() { 03414 global $member, $manager; 03415 03416 $member->blogAdminRights($blogid) or $this->disallow(); 03417 03418 $burl = requestVar('url'); 03419 $blogid = intRequestVar('blogid'); 03420 03421 $blog =& $manager->getBlog($blogid); 03422 $blog->setURL(trim($burl)); 03423 $blog->writeSettings(); 03424 03425 $this->action_overview(_MSG_NEWBLOG); 03426 } 03427 03431 function action_skinieoverview() { 03432 global $member, $DIR_LIBS, $manager; 03433 03434 $member->isAdmin() or $this->disallow(); 03435 03436 // load skinie class 03437 include_once($DIR_LIBS . 'skinie.php'); 03438 03439 $this->pagehead(); 03440 03441 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 03442 03443 ?> 03444 <h2><?php echo _SKINIE_TITLE_IMPORT?></h2> 03445 03446 <p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label> 03447 <?php global $DIR_SKINS; 03448 03449 $candidates = SKINIMPORT::searchForCandidates($DIR_SKINS); 03450 03451 if (sizeof($candidates) > 0) { 03452 ?> 03453 <form method="post" action="index.php"><div> 03454 <input type="hidden" name="action" value="skinieimport" /> 03455 <?php $manager->addTicketHidden() ?> 03456 <input type="hidden" name="mode" value="file" /> 03457 <select name="skinfile" id="skinie_import_local"> 03458 <?php foreach ($candidates as $skinname => $skinfile) { 03459 $html = htmlspecialchars($skinfile); 03460 echo '<option value="',$html,'">',$skinname,'</option>'; 03461 } 03462 ?> 03463 </select> 03464 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 03465 </div></form> 03466 <?php } else { 03467 echo _SKINIE_NOCANDIDATES; 03468 } 03469 ?> 03470 </p> 03471 03472 <p><em><?php echo _OR?></em></p> 03473 03474 <form method="post" action="index.php"><p> 03475 <?php $manager->addTicketHidden() ?> 03476 <input type="hidden" name="action" value="skinieimport" /> 03477 <input type="hidden" name="mode" value="url" /> 03478 <label for="skinie_import_url"><?php echo _SKINIE_FROMURL?></label> 03479 <input type="text" name="skinfile" id="skinie_import_url" size="60" value="http://" /> 03480 <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" /> 03481 </p></form> 03482 03483 03484 <h2><?php echo _SKINIE_TITLE_EXPORT?></h2> 03485 <form method="post" action="index.php"><div> 03486 <input type="hidden" name="action" value="skinieexport" /> 03487 <?php $manager->addTicketHidden() ?> 03488 03489 <p><?php echo _SKINIE_EXPORT_INTRO?></p> 03490 03491 <table><tr> 03492 <th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th> 03493 </tr><tr> 03494 <?php // show list of skins 03495 $res = sql_query('SELECT * FROM '.sql_table('skin_desc')); 03496 while ($skinObj = mysql_fetch_object($res)) { 03497 $id = 'skinexp' . $skinObj->sdnumber; 03498 echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']" id="',$id,'" />'; 03499 echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>'; 03500 echo '<td>',htmlspecialchars($skinObj->sddesc),'</td>'; 03501 echo '</tr><tr>'; 03502 } 03503 03504 echo '<th colspan="2">',_SKINIE_EXPORT_TEMPLATES,'</th></tr><tr>'; 03505 03506 // show list of templates 03507 $res = sql_query('SELECT * FROM '.sql_table('template_desc')); 03508 while ($templateObj = mysql_fetch_object($res)) { 03509 $id = 'templateexp' . $templateObj->tdnumber; 03510 echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />'; 03511 echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>'; 03512 echo '<td>',htmlspecialchars($templateObj->tddesc),'</td>'; 03513 echo '</tr><tr>'; 03514 } 03515 03516 ?> 03517 <th colspan="2"><?php echo _SKINIE_EXPORT_EXTRA?></th> 03518 </tr><tr> 03519 <td colspan="2"><textarea cols="40" rows="5" name="info"></textarea></td> 03520 </tr><tr> 03521 <th colspan="2"><?php echo _SKINIE_TITLE_EXPORT?></th> 03522 </tr><tr> 03523 <td colspan="2"><input type="submit" value="<?php echo _SKINIE_BTN_EXPORT?>" /></td> 03524 </tr></table> 03525 </div></form> 03526 03527 <?php 03528 $this->pagefoot(); 03529 03530 } 03531 03535 function action_skinieimport() { 03536 global $member, $DIR_LIBS, $DIR_SKINS, $manager; 03537 03538 $member->isAdmin() or $this->disallow(); 03539 03540 // load skinie class 03541 include_once($DIR_LIBS . 'skinie.php'); 03542 03543 $skinFileRaw= postVar('skinfile'); 03544 $mode = postVar('mode'); 03545 03546 $importer =& new SKINIMPORT(); 03547 03548 // get full filename 03549 if ($mode == 'file') 03550 { 03551 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 03552 03553 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 03554 if (!file_exists($skinFile)) 03555 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 03556 } else { 03557 $skinFile = $skinFileRaw; 03558 } 03559 03560 // read only metadata 03561 $error = $importer->readFile($skinFile, 1); 03562 03563 // clashes 03564 $skinNameClashes = $importer->checkSkinNameClashes(); 03565 $templateNameClashes = $importer->checkTemplateNameClashes(); 03566 $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0); 03567 03568 if ($error) $this->error($error); 03569 03570 $this->pagehead(); 03571 03572 echo '<p><a href="index.php?action=skinieoverview">(',_BACK,')</a></p>'; 03573 ?> 03574 <h2><?php echo _SKINIE_CONFIRM_TITLE?></h2> 03575 03576 <ul> 03577 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 03578 <li><p><strong><?php echo _SKINIE_INFO_SKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 03579 <li><p><strong><?php echo _SKINIE_INFO_TEMPLATES?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 03580 <?php 03581 if ($hasNameClashes) 03582 { 03583 ?> 03584 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_SKINCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$skinNameClashes)?></p></li> 03585 <li><p><strong style="color: red;"><?php echo _SKINIE_INFO_TEMPLCLASH?></strong> <?php echo implode(' <em>'._AND.'</em> ',$templateNameClashes)?></p></li> 03586 <?php 03587 } // if (hasNameClashes) 03588 ?> 03589 </ul> 03590 03591 <form method="post" action="index.php"><div> 03592 <input type="hidden" name="action" value="skiniedoimport" /> 03593 <?php $manager->addTicketHidden() ?> 03594 <input type="hidden" name="skinfile" value="<?php echo htmlspecialchars(postVar('skinfile'))?>" /> 03595 <input type="hidden" name="mode" value="<?php echo htmlspecialchars($mode)?>" /> 03596 <input type="submit" value="<?php echo _SKINIE_CONFIRM_IMPORT?>" /> 03597 <?php 03598 if ($hasNameClashes) 03599 { 03600 ?> 03601 <br /> 03602 <input type="checkbox" name="overwrite" value="1" id="cb_overwrite" /><label for="cb_overwrite"><?php echo _SKINIE_CONFIRM_OVERWRITE?></label> 03603 <?php 03604 } // if (hasNameClashes) 03605 ?> 03606 </div></form> 03607 03608 03609 <?php 03610 $this->pagefoot(); 03611 } 03612 03616 function action_skiniedoimport() { 03617 global $member, $DIR_LIBS, $DIR_SKINS; 03618 03619 $member->isAdmin() or $this->disallow(); 03620 03621 // load skinie class 03622 include_once($DIR_LIBS . 'skinie.php'); 03623 03624 $skinFileRaw= postVar('skinfile'); 03625 $mode = postVar('mode'); 03626 03627 $allowOverwrite = intPostVar('overwrite'); 03628 03629 // get full filename 03630 if ($mode == 'file') 03631 { 03632 $skinFile = $DIR_SKINS . $skinFileRaw . '/skinbackup.xml'; 03633 03634 // backwards compatibilty (in v2.0, exports were saved as skindata.xml) 03635 if (!file_exists($skinFile)) 03636 $skinFile = $DIR_SKINS . $skinFileRaw . '/skindata.xml'; 03637 03638 } else { 03639 $skinFile = $skinFileRaw; 03640 } 03641 03642 $importer =& new SKINIMPORT(); 03643 03644 $error = $importer->readFile($skinFile); 03645 03646 if ($error) 03647 $this->error($error); 03648 03649 $error = $importer->writeToDatabase($allowOverwrite); 03650 03651 if ($error) 03652 $this->error($error); 03653 03654 $this->pagehead(); 03655 03656 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 03657 ?> 03658 <h2><?php echo _SKINIE_DONE?></h2> 03659 03660 <ul> 03661 <li><p><strong><?php echo _SKINIE_INFO_GENERAL?></strong> <?php echo htmlspecialchars($importer->getInfo())?></p></li> 03662 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDSKINS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getSkinNames())?></p></li> 03663 <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li> 03664 </ul> 03665 03666 <?php $this->pagefoot(); 03667 03668 } 03669 03673 function action_skinieexport() { 03674 global $member, $DIR_LIBS; 03675 03676 $member->isAdmin() or $this->disallow(); 03677 03678 // load skinie class 03679 include_once($DIR_LIBS . 'skinie.php'); 03680 03681 $aSkins = requestIntArray('skin'); 03682 $aTemplates = requestIntArray('template'); 03683 03684 if (!is_array($aTemplates)) $aTemplates = array(); 03685 if (!is_array($aSkins)) $aSkins = array(); 03686 03687 $skinList = array_keys($aSkins); 03688 $templateList = array_keys($aTemplates); 03689 03690 $info = postVar('info'); 03691 03692 $exporter =& new SKINEXPORT(); 03693 foreach ($skinList as $skinId) { 03694 $exporter->addSkin($skinId); 03695 } 03696 foreach ($templateList as $templateId) { 03697 $exporter->addTemplate($templateId); 03698 } 03699 $exporter->setInfo($info); 03700 03701 $exporter->export(); 03702 } 03703 03707 function action_templateoverview() { 03708 global $member, $manager; 03709 03710 $member->isAdmin() or $this->disallow(); 03711 03712 $this->pagehead(); 03713 03714 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 03715 03716 echo '<h2>' . _TEMPLATE_TITLE . '</h2>'; 03717 echo '<h3>' . _TEMPLATE_AVAILABLE_TITLE . '</h3>'; 03718 03719 $query = 'SELECT * FROM '.sql_table('template_desc').' ORDER BY tdname'; 03720 $template['content'] = 'templatelist'; 03721 $template['tabindex'] = 10; 03722 showlist($query,'table',$template); 03723 03724 echo '<h3>' . _TEMPLATE_NEW_TITLE . '</h3>'; 03725 03726 ?> 03727 <form method="post" action="index.php"><div> 03728 03729 <input name="action" value="templatenew" type="hidden" /> 03730 <?php $manager->addTicketHidden() ?> 03731 <table><tr> 03732 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 03733 <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td> 03734 </tr><tr> 03735 <td><?php echo _TEMPLATE_DESC?></td> 03736 <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td> 03737 </tr><tr> 03738 <td><?php echo _TEMPLATE_CREATE?></td> 03739 <td><input type="submit" tabindex="10030" value="<?php echo _TEMPLATE_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 03740 </tr></table> 03741 03742 </div></form> 03743 03744 <?php 03745 $this->pagefoot(); 03746 } 03747 03751 function action_templateedit($msg = '') { 03752 global $member, $manager; 03753 03754 $templateid = intRequestVar('templateid'); 03755 03756 $member->isAdmin() or $this->disallow(); 03757 03758 $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>'; 03759 $extrahead .= '<script type="text/javascript">setTemplateEditText("'.addslashes(_EDITTEMPLATE_EMPTY).'");</script>'; 03760 03761 $this->pagehead($extrahead); 03762 03763 $templatename = TEMPLATE::getNameFromId($templateid); 03764 $templatedescription = TEMPLATE::getDesc($templateid); 03765 $template =& $manager->getTemplate($templatename); 03766 03767 ?> 03768 <p> 03769 <a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a> 03770 </p> 03771 03772 <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo htmlspecialchars($templatename); ?>'</h2> 03773 03774 <?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>"; 03775 ?> 03776 03777 <p><?php echo _TEMPLATE_EDIT_MSG?></p> 03778 03779 <form method="post" action="index.php"> 03780 <div> 03781 03782 <input type="hidden" name="action" value="templateupdate" /> 03783 <?php $manager->addTicketHidden() ?> 03784 <input type="hidden" name="templateid" value="<?php echo $templateid; ?>" /> 03785 03786 <table><tr> 03787 <th colspan="2"><?php echo _TEMPLATE_SETTINGS?></th> 03788 </tr><tr> 03789 <td><?php echo _TEMPLATE_NAME?> <?php help('shortnames');?></td> 03790 <td><input name="tname" tabindex="4" size="20" maxlength="20" value="<?php echo htmlspecialchars($templatename) ?>" /></td> 03791 </tr><tr> 03792 <td><?php echo _TEMPLATE_DESC?></td> 03793 <td><input name="tdesc" tabindex="5" size="50" maxlength="200" value="<?php echo htmlspecialchars($templatedescription) ?>" /></td> 03794 </tr><tr> 03795 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 03796 </tr><tr> 03797 <td><?php echo _TEMPLATE_UPDATE?></td> 03798 <td> 03799 <input type="submit" tabindex="6" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 03800 <input type="reset" tabindex="7" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 03801 </td> 03802 </tr><tr> 03803 <th colspan="2"><?php echo _TEMPLATE_ITEMS?> <?php help('templateitems'); ?></th> 03804 <?php $this->_templateEditRow($template, _TEMPLATE_ITEMHEADER, 'ITEM_HEADER', '', 8); 03805 $this->_templateEditRow($template, _TEMPLATE_ITEMBODY, 'ITEM', '', 9, 1); 03806 $this->_templateEditRow($template, _TEMPLATE_ITEMFOOTER, 'ITEM_FOOTER', '', 10); 03807 $this->_templateEditRow($template, _TEMPLATE_MORELINK, 'MORELINK', 'morelink', 20); 03808 $this->_templateEditRow($template, _TEMPLATE_EDITLINK, 'EDITLINK', 'editlink', 25); 03809 $this->_templateEditRow($template, _TEMPLATE_NEW, 'NEW', 'new', 30); 03810 ?> 03811 </tr><tr> 03812 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_ANY?> <?php help('templatecomments'); ?></th> 03813 <?php $this->_templateEditRow($template, _TEMPLATE_CHEADER, 'COMMENTS_HEADER', 'commentheaders', 40); 03814 $this->_templateEditRow($template, _TEMPLATE_CBODY, 'COMMENTS_BODY', 'commentbody', 50, 1); 03815 $this->_templateEditRow($template, _TEMPLATE_CFOOTER, 'COMMENTS_FOOTER', 'commentheaders', 60); 03816 $this->_templateEditRow($template, _TEMPLATE_CONE, 'COMMENTS_ONE', 'commentwords', 70); 03817 $this->_templateEditRow($template, _TEMPLATE_CMANY, 'COMMENTS_MANY', 'commentwords', 80); 03818 $this->_templateEditRow($template, _TEMPLATE_CMORE, 'COMMENTS_CONTINUED', 'commentcontinued', 90); 03819 $this->_templateEditRow($template, _TEMPLATE_CMEXTRA, 'COMMENTS_AUTH', 'memberextra', 100); 03820 ?> 03821 </tr><tr> 03822 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_NONE?> <?php help('templatecomments'); ?></th> 03823 <?php 03824 $this->_templateEditRow($template, _TEMPLATE_CNONE, 'COMMENTS_NONE', '', 110); 03825 ?> 03826 </tr><tr> 03827 <th colspan="2"><?php echo _TEMPLATE_COMMENTS_TOOMUCH?> <?php help('templatecomments'); ?></th> 03828 <?php $this->_templateEditRow($template, _TEMPLATE_CTOOMUCH, 'COMMENTS_TOOMUCH', '', 120); 03829 ?> 03830 </tr><tr> 03831 <th colspan="2"><?php echo _TEMPLATE_ARCHIVELIST?> <?php help('templatearchivelists'); ?></th> 03832 <?php $this->_templateEditRow($template, _TEMPLATE_AHEADER, 'ARCHIVELIST_HEADER', '', 130); 03833 $this->_templateEditRow($template, _TEMPLATE_AITEM, 'ARCHIVELIST_LISTITEM', '', 140); 03834 $this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150); 03835 ?> 03836 </tr><tr> 03837 <th colspan="2"><?php echo _TEMPLATE_BLOGLIST?> <?php help('templatebloglists'); ?></th> 03838 <?php $this->_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160); 03839 $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170); 03840 $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180); 03841 ?> 03842 </tr><tr> 03843 <th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th> 03844 <?php $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 160); 03845 $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 170); 03846 $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 180); 03847 ?> 03848 </tr><tr> 03849 <th colspan="2"><?php echo _TEMPLATE_DATETIME?></th> 03850 <?php $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 190); 03851 $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 200); 03852 $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 210); 03853 $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 220); 03854 $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 230); 03855 ?> 03856 </tr><tr> 03857 <th colspan="2"><?php echo _TEMPLATE_IMAGE?> <?php help('templatepopups'); ?></th> 03858 <?php $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 240); 03859 $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 250); 03860 $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 260); 03861 ?> 03862 </tr><tr> 03863 <th colspan="2"><?php echo _TEMPLATE_SEARCH?></th> 03864 <?php $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',270); 03865 $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',280); 03866 ?> 03867 </tr><tr> 03868 <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th> 03869 </tr><tr> 03870 <td><?php echo _TEMPLATE_UPDATE?></td> 03871 <td> 03872 <input type="submit" tabindex="290" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" /> 03873 <input type="reset" tabindex="300" value="<?php echo _TEMPLATE_RESET_BTN?>" /> 03874 </td> 03875 </tr></table> 03876 03877 </div> 03878 </form> 03879 <?php 03880 $this->pagefoot(); 03881 } 03882 03886 function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) { 03887 static $count = 1; 03888 ?> 03889 </tr><tr> 03890 <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td> 03891 <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo htmlspecialchars($template[$name]); ?></textarea></td> 03892 <?php $count++; 03893 } 03894 03898 function action_templateupdate() { 03899 global $member; 03900 03901 $templateid = intRequestVar('templateid'); 03902 03903 $member->isAdmin() or $this->disallow(); 03904 03905 $name = postVar('tname'); 03906 $desc = postVar('tdesc'); 03907 03908 if (!isValidTemplateName($name)) 03909 $this->error(_ERROR_BADTEMPLATENAME); 03910 03911 if ((TEMPLATE::getNameFromId($templateid) != $name) && TEMPLATE::exists($name)) 03912 $this->error(_ERROR_DUPTEMPLATENAME); 03913 03914 03915 $name = addslashes($name); 03916 $desc = addslashes($desc); 03917 03918 // 1. Remove all template parts 03919 $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid; 03920 sql_query($query); 03921 03922 // 2. Update description 03923 $query = 'UPDATE '.sql_table('template_desc').' SET' 03924 . " tdname='" . $name . "'," 03925 . " tddesc='" . $desc . "'" 03926 . " WHERE tdnumber=" . $templateid; 03927 sql_query($query); 03928 03929 // 3. Add non-empty template parts 03930 $this->addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); 03931 $this->addToTemplate($templateid, 'ITEM', postVar('ITEM')); 03932 $this->addToTemplate($templateid, 'ITEM_FOOTER', postVar('ITEM_FOOTER')); 03933 $this->addToTemplate($templateid, 'MORELINK', postVar('MORELINK')); 03934 $this->addToTemplate($templateid, 'EDITLINK', postVar('EDITLINK')); 03935 $this->addToTemplate($templateid, 'NEW', postVar('NEW')); 03936 $this->addToTemplate($templateid, 'COMMENTS_HEADER', postVar('COMMENTS_HEADER')); 03937 $this->addToTemplate($templateid, 'COMMENTS_BODY', postVar('COMMENTS_BODY')); 03938 $this->addToTemplate($templateid, 'COMMENTS_FOOTER', postVar('COMMENTS_FOOTER')); 03939 $this->addToTemplate($templateid, 'COMMENTS_CONTINUED', postVar('COMMENTS_CONTINUED')); 03940 $this->addToTemplate($templateid, 'COMMENTS_TOOMUCH', postVar('COMMENTS_TOOMUCH')); 03941 $this->addToTemplate($templateid, 'COMMENTS_AUTH', postVar('COMMENTS_AUTH')); 03942 $this->addToTemplate($templateid, 'COMMENTS_ONE', postVar('COMMENTS_ONE')); 03943 $this->addToTemplate($templateid, 'COMMENTS_MANY', postVar('COMMENTS_MANY')); 03944 $this->addToTemplate($templateid, 'COMMENTS_NONE', postVar('COMMENTS_NONE')); 03945 $this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER')); 03946 $this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM')); 03947 $this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER')); 03948 $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER')); 03949 $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM')); 03950 $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER')); 03951 $this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER')); 03952 $this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM')); 03953 $this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER')); 03954 $this->addToTemplate($templateid, 'DATE_HEADER', postVar('DATE_HEADER')); 03955 $this->addToTemplate($templateid, 'DATE_FOOTER', postVar('DATE_FOOTER')); 03956 $this->addToTemplate($templateid, 'FORMAT_DATE', postVar('FORMAT_DATE')); 03957 $this->addToTemplate($templateid, 'FORMAT_TIME', postVar('FORMAT_TIME')); 03958 $this->addToTemplate($templateid, 'LOCALE', postVar('LOCALE')); 03959 $this->addToTemplate($templateid, 'SEARCH_HIGHLIGHT', postVar('SEARCH_HIGHLIGHT')); 03960 $this->addToTemplate($templateid, 'SEARCH_NOTHINGFOUND', postVar('SEARCH_NOTHINGFOUND')); 03961 $this->addToTemplate($templateid, 'POPUP_CODE', postVar('POPUP_CODE')); 03962 $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE')); 03963 $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE')); 03964 03965 03966 // jump back to template edit 03967 $this->action_templateedit(_TEMPLATE_UPDATED); 03968 03969 } 03970 03974 function addToTemplate($id, $partname, $content) { 03975 $partname = addslashes($partname); 03976 $content = addslashes($content); 03977 03978 $id = intval($id); 03979 03980 // don't add empty parts: 03981 if (!trim($content)) return -1; 03982 03983 $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) " 03984 . "VALUES ($id, '$partname', '$content')"; 03985 sql_query($query) or die("Query error: " . mysql_error()); 03986 return mysql_insert_id(); 03987 } 03988 03992 function action_templatedelete() { 03993 global $member, $manager; 03994 03995 $member->isAdmin() or $this->disallow(); 03996 03997 $templateid = intRequestVar('templateid'); 03998 // TODO: check if template can be deleted 03999 04000 $this->pagehead(); 04001 04002 $name = TEMPLATE::getNameFromId($templateid); 04003 $desc = TEMPLATE::getDesc($templateid); 04004 04005 ?> 04006 <h2><?php echo _DELETE_CONFIRM?></h2> 04007 04008 <p> 04009 <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo htmlspecialchars($name)?></b> (<?php echo htmlspecialchars($desc) ?>) 04010 </p> 04011 04012 <form method="post" action="index.php"><div> 04013 <input type="hidden" name="action" value="templatedeleteconfirm" /> 04014 <?php $manager->addTicketHidden() ?> 04015 <input type="hidden" name="templateid" value="<?php echo $templateid ?>" /> 04016 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 04017 </div></form> 04018 <?php 04019 $this->pagefoot(); 04020 } 04021 04025 function action_templatedeleteconfirm() { 04026 global $member, $manager; 04027 04028 $templateid = intRequestVar('templateid'); 04029 04030 $member->isAdmin() or $this->disallow(); 04031 04032 $manager->notify('PreDeleteTemplate', array('templateid' => $templateid)); 04033 04034 // 1. delete description 04035 sql_query('DELETE FROM '.sql_table('template_desc').' WHERE tdnumber=' . $templateid); 04036 04037 // 2. delete parts 04038 sql_query('DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid); 04039 04040 $manager->notify('PostDeleteTemplate', array('templateid' => $templateid)); 04041 04042 $this->action_templateoverview(); 04043 } 04044 04048 function action_templatenew() { 04049 global $member; 04050 04051 $member->isAdmin() or $this->disallow(); 04052 04053 $name = postVar('name'); 04054 $desc = postVar('desc'); 04055 04056 if (!isValidTemplateName($name)) 04057 $this->error(_ERROR_BADTEMPLATENAME); 04058 04059 if (TEMPLATE::exists($name)) 04060 $this->error(_ERROR_DUPTEMPLATENAME); 04061 04062 $newTemplateId = TEMPLATE::createNew($name, $desc); 04063 04064 $this->action_templateoverview(); 04065 } 04066 04070 function action_templateclone() { 04071 global $member; 04072 04073 $templateid = intRequestVar('templateid'); 04074 04075 $member->isAdmin() or $this->disallow(); 04076 04077 // 1. read old template 04078 $name = TEMPLATE::getNameFromId($templateid); 04079 $desc = TEMPLATE::getDesc($templateid); 04080 04081 // 2. create desc thing 04082 $name = "cloned" . $name; 04083 04084 // if a template with that name already exists: 04085 if (TEMPLATE::exists($name)) { 04086 $i = 1; 04087 while (TEMPLATE::exists($name . $i)) 04088 $i++; 04089 $name .= $i; 04090 } 04091 04092 $newid = TEMPLATE::createNew($name, $desc); 04093 04094 // 3. create clone 04095 // go through parts of old template and add them to the new one 04096 $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid); 04097 while ($o = mysql_fetch_object($res)) { 04098 $this->addToTemplate($newid, $o->tpartname, $o->tcontent); 04099 } 04100 04101 $this->action_templateoverview(); 04102 } 04103 04107 function action_skinoverview() { 04108 global $member, $manager; 04109 04110 $member->isAdmin() or $this->disallow(); 04111 04112 $this->pagehead(); 04113 04114 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 04115 04116 echo '<h2>' . _SKIN_EDIT_TITLE . '</h2>'; 04117 04118 echo '<h3>' . _SKIN_AVAILABLE_TITLE . '</h3>'; 04119 04120 $query = 'SELECT * FROM '.sql_table('skin_desc').' ORDER BY sdname'; 04121 $template['content'] = 'skinlist'; 04122 $template['tabindex'] = 10; 04123 showlist($query,'table',$template); 04124 04125 echo '<h3>' . _SKIN_NEW_TITLE . '</h3>'; 04126 04127 ?> 04128 <form method="post" action="index.php"> 04129 <div> 04130 04131 <input name="action" value="skinnew" type="hidden" /> 04132 <?php $manager->addTicketHidden() ?> 04133 <table><tr> 04134 <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td> 04135 <td><input name="name" tabindex="10010" maxlength="20" size="20" /></td> 04136 </tr><tr> 04137 <td><?php echo _SKIN_DESC?></td> 04138 <td><input name="desc" tabindex="10020" maxlength="200" size="50" /></td> 04139 </tr><tr> 04140 <td><?php echo _SKIN_CREATE?></td> 04141 <td><input type="submit" tabindex="10030" value="<?php echo _SKIN_CREATE_BTN?>" onclick="return checkSubmit();" /></td> 04142 </tr></table> 04143 04144 </div> 04145 </form> 04146 04147 <?php 04148 $this->pagefoot(); 04149 } 04150 04154 function action_skinnew() { 04155 global $member; 04156 04157 $member->isAdmin() or $this->disallow(); 04158 04159 $name = trim(postVar('name')); 04160 $desc = trim(postVar('desc')); 04161 04162 if (!isValidSkinName($name)) 04163 $this->error(_ERROR_BADSKINNAME); 04164 04165 if (SKIN::exists($name)) 04166 $this->error(_ERROR_DUPSKINNAME); 04167 04168 $newId = SKIN::createNew($name, $desc); 04169 04170 $this->action_skinoverview(); 04171 } 04172 04176 function action_skinedit() { 04177 global $member, $manager; 04178 04179 $skinid = intRequestVar('skinid'); 04180 04181 $member->isAdmin() or $this->disallow(); 04182 04183 $skin =& new SKIN($skinid); 04184 04185 $this->pagehead(); 04186 ?> 04187 <p> 04188 <a href="index.php?action=skinoverview">(<?php echo _SKIN_BACK?>)</a> 04189 </p> 04190 <h2><?php echo _SKIN_EDITONE_TITLE?> '<?php echo $skin->getName() ?>'</h2> 04191 04192 <h3><?php echo _SKIN_PARTS_TITLE?></h3> 04193 <?php echo _SKIN_PARTS_MSG?> 04194 <ul> 04195 <li><a tabindex="10" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=index"><?php echo _SKIN_PART_MAIN?></a> <?php help('skinpartindex')?></li> 04196 <li><a tabindex="20" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=item"><?php echo _SKIN_PART_ITEM?></a> <?php help('skinpartitem')?></li> 04197 <li><a tabindex="30" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=archivelist"><?php echo _SKIN_PART_ALIST?></a> <?php help('skinpartarchivelist')?></li> 04198 <li><a tabindex="40" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=archive"><?php echo _SKIN_PART_ARCHIVE?></a> <?php help('skinpartarchive')?></li> 04199 <li><a tabindex="50" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=search"><?php echo _SKIN_PART_SEARCH?></a> <?php help('skinpartsearch')?></li> 04200 <li><a tabindex="60" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=error"><?php echo _SKIN_PART_ERROR?></a> <?php help('skinparterror')?></li> 04201 <li><a tabindex="70" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=member"><?php echo _SKIN_PART_MEMBER?></a> <?php help('skinpartmember')?></li> 04202 <li><a tabindex="75" href="index.php?action=skinedittype&skinid=<?php echo $skinid ?>&type=imagepopup"><?php echo _SKIN_PART_POPUP?></a> <?php help('skinpartimagepopup')?></li> 04203 </ul> 04204 04205 <?php 04206 04207 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE stype NOT IN ('index', 'item', 'error', 'search', 'archive', 'archivelist', 'imagepopup', 'member') and sdesc = " . $skinid; 04208 $res = sql_query($query); 04209 04210 echo '<h3>' . _SKIN_PARTS_SPECIAL . '</h3>'; 04211 echo '<form method="get" action="index.php">' . "\r\n"; 04212 echo '<input type="hidden" name="action" value="skinedittype" />' . "\r\n"; 04213 echo '<input type="hidden" name="skinid" value="' . $skinid . '" />' . "\r\n"; 04214 echo '<input name="type" tabindex="89" size="20" maxlength="20" />' . "\r\n"; 04215 echo '<input type="submit" tabindex="140" value="' . _SKIN_CREATE . '" onclick="return checkSubmit();" />' . "\r\n"; 04216 echo '</form>' . "\r\n"; 04217 04218 if ($res && mysql_num_rows($res) > 0) { 04219 echo '<ul>'; 04220 $tabstart = 75; 04221 04222 while ($row = mysql_fetch_assoc($res)) { 04223 echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">remove</a>)</li>'; 04224 } 04225 04226 echo '</ul>'; 04227 } 04228 04229 ?> 04230 04231 <h3><?php echo _SKIN_GENSETTINGS_TITLE; ?></h3> 04232 <form method="post" action="index.php"> 04233 <div> 04234 04235 <input type="hidden" name="action" value="skineditgeneral" /> 04236 <?php $manager->addTicketHidden() ?> 04237 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 04238 <table><tr> 04239 <td><?php echo _SKIN_NAME?> <?php help('shortnames');?></td> 04240 <td><input name="name" tabindex="90" value="<?php echo htmlspecialchars($skin->getName()) ?>" maxlength="20" size="20" /></td> 04241 </tr><tr> 04242 <td><?php echo _SKIN_DESC?></td> 04243 <td><input name="desc" tabindex="100" value="<?php echo htmlspecialchars($skin->getDescription()) ?>" maxlength="200" size="50" /></td> 04244 </tr><tr> 04245 <td><?php echo _SKIN_TYPE?></td> 04246 <td><input name="type" tabindex="110" value="<?php echo htmlspecialchars($skin->getContentType()) ?>" maxlength="40" size="20" /></td> 04247 </tr><tr> 04248 <td><?php echo _SKIN_INCLUDE_MODE?> <?php help('includemode')?></td> 04249 <td><?php $this->input_yesno('inc_mode',$skin->getIncludeMode(),120,'skindir','normal',_PARSER_INCMODE_SKINDIR,_PARSER_INCMODE_NORMAL);?></td> 04250 </tr><tr> 04251 <td><?php echo _SKIN_INCLUDE_PREFIX?> <?php help('includeprefix')?></td> 04252 <td><input name="inc_prefix" tabindex="130" value="<?php echo htmlspecialchars($skin->getIncludePrefix()) ?>" maxlength="40" size="20" /></td> 04253 </tr><tr> 04254 <td><?php echo _SKIN_CHANGE?></td> 04255 <td><input type="submit" tabindex="140" value="<?php echo _SKIN_CHANGE_BTN?>" onclick="return checkSubmit();" /></td> 04256 </tr></table> 04257 04258 </div> 04259 </form> 04260 04261 04262 <?php $this->pagefoot(); 04263 } 04264 04268 function action_skineditgeneral() { 04269 global $member; 04270 04271 $skinid = intRequestVar('skinid'); 04272 04273 $member->isAdmin() or $this->disallow(); 04274 04275 $name = postVar('name'); 04276 $desc = postVar('desc'); 04277 $type = postVar('type'); 04278 $inc_mode = postVar('inc_mode'); 04279 $inc_prefix = postVar('inc_prefix'); 04280 04281 $skin =& new SKIN($skinid); 04282 04283 // 1. Some checks 04284 if (!isValidSkinName($name)) 04285 $this->error(_ERROR_BADSKINNAME); 04286 04287 if (($skin->getName() != $name) && SKIN::exists($name)) 04288 $this->error(_ERROR_DUPSKINNAME); 04289 04290 if (!$type) $type = 'text/html'; 04291 if (!$inc_mode) $inc_mode = 'normal'; 04292 04293 // 2. Update description 04294 $skin->updateGeneralInfo($name, $desc, $type, $inc_mode, $inc_prefix); 04295 04296 $this->action_skinedit(); 04297 04298 } 04299 04303 function action_skinedittype($msg = '') { 04304 global $member, $manager; 04305 04306 $skinid = intRequestVar('skinid'); 04307 $type = requestVar('type'); 04308 04309 $member->isAdmin() or $this->disallow(); 04310 04311 $type = trim($type); 04312 $type = strtolower($type); 04313 04314 if (!isValidShortName($type)) { 04315 $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT); 04316 } 04317 04318 $skin =& new SKIN($skinid); 04319 04320 $friendlyNames = SKIN::getFriendlyNames(); 04321 04322 $this->pagehead(); 04323 ?> 04324 <p>(<a href="index.php?action=skinoverview"><?php echo _SKIN_GOBACK?></a>)</p> 04325 04326 <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2> 04327 04328 <?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>"; 04329 ?> 04330 04331 04332 <form method="post" action="index.php"> 04333 <div> 04334 04335 <input type="hidden" name="action" value="skinupdate" /> 04336 <?php $manager->addTicketHidden() ?> 04337 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 04338 <input type="hidden" name="type" value="<?php echo $type ?>" /> 04339 04340 <input type="submit" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" /> 04341 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" /> 04342 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>) 04343 <?php if (in_array($type, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 04344 help('skinpart' . $type); 04345 } else { 04346 help('skinpartspecial'); 04347 }?> 04348 <br /> 04349 04350 <textarea class="skinedit" tabindex="10" rows="20" cols="80" name="content"><?php echo htmlspecialchars($skin->getContent($type)) ?></textarea> 04351 04352 <br /> 04353 <input type="submit" tabindex="20" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" /> 04354 <input type="reset" value="<?php echo _SKIN_RESET_BTN?>" /> 04355 (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>) 04356 04357 <br /><br /> 04358 <?php echo _SKIN_ALLOWEDVARS?> 04359 <?php $actions = SKIN::getAllowedActionsForType($type); 04360 04361 sort($actions); 04362 04363 while ($current = array_shift($actions)) { 04364 // skip deprecated vars 04365 if ($current == 'ifcat') continue; 04366 if ($current == 'imagetext') continue; 04367 if ($current == 'vars') continue; 04368 04369 echo helplink('skinvar-' . $current) . "$current</a>"; 04370 if (count($actions) != 0) echo ", "; 04371 } 04372 ?> 04373 <br /><br /> 04374 Short blog names: 04375 <?php $query = 'SELECT bshortname, bname FROM '.sql_table('blog'); 04376 showlist($query,'table',array('content'=>'shortblognames')); 04377 ?> 04378 04379 <br /> 04380 Template names: 04381 <?php $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc'); 04382 showlist($query,'table',array('content'=>'shortnames')); 04383 ?> 04384 04385 04386 </div> 04387 </form> 04388 04389 04390 <?php $this->pagefoot(); 04391 } 04392 04396 function action_skinupdate() { 04397 global $member; 04398 04399 $skinid = intRequestVar('skinid'); 04400 $content = trim(postVar('content')); 04401 $type = postVar('type'); 04402 04403 $member->isAdmin() or $this->disallow(); 04404 04405 $skin =& new SKIN($skinid); 04406 $skin->update($type, $content); 04407 04408 $this->action_skinedittype(_SKIN_UPDATED); 04409 } 04410 04414 function action_skindelete() { 04415 global $member, $manager, $CONF; 04416 04417 $skinid = intRequestVar('skinid'); 04418 04419 $member->isAdmin() or $this->disallow(); 04420 04421 // don't allow default skin to be deleted 04422 if ($skinid == $CONF['BaseSkin']) 04423 $this->error(_ERROR_DEFAULTSKIN); 04424 04425 // don't allow deletion of default skins for blogs 04426 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; 04427 $r = sql_query($query); 04428 if ($o = mysql_fetch_object($r)) 04429 $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname)); 04430 04431 $this->pagehead(); 04432 04433 $skin =& new SKIN($skinid); 04434 $name = $skin->getName(); 04435 $desc = $skin->getDescription(); 04436 04437 ?> 04438 <h2><?php echo _DELETE_CONFIRM?></h2> 04439 04440 <p> 04441 <?php echo _CONFIRMTXT_SKIN?><b><?php echo htmlspecialchars($name) ?></b> (<?php echo htmlspecialchars($desc)?>) 04442 </p> 04443 04444 <form method="post" action="index.php"><div> 04445 <input type="hidden" name="action" value="skindeleteconfirm" /> 04446 <?php $manager->addTicketHidden() ?> 04447 <input type="hidden" name="skinid" value="<?php echo $skinid ?>" /> 04448 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 04449 </div></form> 04450 <?php 04451 $this->pagefoot(); 04452 } 04453 04457 function action_skindeleteconfirm() { 04458 global $member, $CONF, $manager; 04459 04460 $skinid = intRequestVar('skinid'); 04461 04462 $member->isAdmin() or $this->disallow(); 04463 04464 // don't allow default skin to be deleted 04465 if ($skinid == $CONF['BaseSkin']) 04466 $this->error(_ERROR_DEFAULTSKIN); 04467 04468 // don't allow deletion of default skins for blogs 04469 $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid; 04470 $r = sql_query($query); 04471 if ($o = mysql_fetch_object($r)) 04472 $this->error(_ERROR_SKINDEFDELETE .$o->bname); 04473 04474 $manager->notify('PreDeleteSkin', array('skinid' => $skinid)); 04475 04476 // 1. delete description 04477 sql_query('DELETE FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $skinid); 04478 04479 // 2. delete parts 04480 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid); 04481 04482 $manager->notify('PostDeleteSkin', array('skinid' => $skinid)); 04483 04484 $this->action_skinoverview(); 04485 } 04486 04490 function action_skinremovetype() { 04491 global $member, $manager, $CONF; 04492 04493 $skinid = intRequestVar('skinid'); 04494 $skintype = requestVar('type'); 04495 04496 if (!isValidShortName($skintype)) { 04497 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 04498 } 04499 04500 $member->isAdmin() or $this->disallow(); 04501 04502 // don't allow default skinparts to be deleted 04503 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 04504 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 04505 } 04506 04507 $this->pagehead(); 04508 04509 $skin =& new SKIN($skinid); 04510 $name = $skin->getName(); 04511 $desc = $skin->getDescription(); 04512 04513 ?> 04514 <h2><?php echo _DELETE_CONFIRM?></h2> 04515 04516 <p> 04517 <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo htmlspecialchars($skintype); ?> (<?php echo htmlspecialchars($name); ?>)</b> (<?php echo htmlspecialchars($desc)?>) 04518 </p> 04519 04520 <form method="post" action="index.php"><div> 04521 <input type="hidden" name="action" value="skinremovetypeconfirm" /> 04522 <?php $manager->addTicketHidden() ?> 04523 <input type="hidden" name="skinid" value="<?php echo $skinid; ?>" /> 04524 <input type="hidden" name="type" value="<?php echo htmlspecialchars($skintype); ?>" /> 04525 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 04526 </div></form> 04527 <?php 04528 $this->pagefoot(); 04529 } 04530 04534 function action_skinremovetypeconfirm() { 04535 global $member, $CONF, $manager; 04536 04537 $skinid = intRequestVar('skinid'); 04538 $skintype = requestVar('type'); 04539 04540 if (!isValidShortName($skintype)) { 04541 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 04542 } 04543 04544 $member->isAdmin() or $this->disallow(); 04545 04546 // don't allow default skinparts to be deleted 04547 if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) { 04548 $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE); 04549 } 04550 04551 $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); 04552 04553 // delete part 04554 sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\''); 04555 04556 $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype)); 04557 04558 $this->action_skinedit(); 04559 } 04560 04564 function action_skinclone() { 04565 global $member; 04566 04567 $skinid = intRequestVar('skinid'); 04568 04569 $member->isAdmin() or $this->disallow(); 04570 04571 // 1. read skin to clone 04572 $skin =& new SKIN($skinid); 04573 04574 $name = "clone_" . $skin->getName(); 04575 04576 // if a skin with that name already exists: 04577 if (SKIN::exists($name)) { 04578 $i = 1; 04579 while (SKIN::exists($name . $i)) 04580 $i++; 04581 $name .= $i; 04582 } 04583 04584 // 2. create skin desc 04585 $newid = SKIN::createNew( 04586 $name, 04587 $skin->getDescription(), 04588 $skin->getContentType(), 04589 $skin->getIncludeMode(), 04590 $skin->getIncludePrefix() 04591 ); 04592 04593 04594 // 3. clone 04595 /* 04596 $this->skinclonetype($skin, $newid, 'index'); 04597 $this->skinclonetype($skin, $newid, 'item'); 04598 $this->skinclonetype($skin, $newid, 'archivelist'); 04599 $this->skinclonetype($skin, $newid, 'archive'); 04600 $this->skinclonetype($skin, $newid, 'search'); 04601 $this->skinclonetype($skin, $newid, 'error'); 04602 $this->skinclonetype($skin, $newid, 'member'); 04603 $this->skinclonetype($skin, $newid, 'imagepopup'); 04604 */ 04605 04606 $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid; 04607 $res = sql_query($query); 04608 while ($row = mysql_fetch_assoc($res)) { 04609 $this->skinclonetype($skin, $newid, $row['stype']); 04610 } 04611 04612 $this->action_skinoverview(); 04613 04614 } 04615 04619 function skinclonetype($skin, $newid, $type) { 04620 $newid = intval($newid); 04621 $content = $skin->getContent($type); 04622 if ($content) { 04623 $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". addslashes($content)."', '". addslashes($type)."')"; 04624 sql_query($query); 04625 } 04626 } 04627 04631 function action_settingsedit() { 04632 global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA; 04633 04634 $member->isAdmin() or $this->disallow(); 04635 04636 $this->pagehead(); 04637 04638 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 04639 ?> 04640 04641 <h2><?php echo _SETTINGS_TITLE?></h2> 04642 04643 <form action="index.php" method="post"> 04644 <div> 04645 04646 <input type="hidden" name="action" value="settingsupdate" /> 04647 <?php $manager->addTicketHidden() ?> 04648 04649 <table><tr> 04650 <th colspan="2"><?php echo _SETTINGS_SUB_GENERAL?></th> 04651 </tr><tr> 04652 <td><?php echo _SETTINGS_DEFBLOG?> <?php help('defaultblog'); ?></td> 04653 <td> 04654 <?php 04655 $query = 'SELECT bname as text, bnumber as value' 04656 . ' FROM '.sql_table('blog'); 04657 $template['name'] = 'DefaultBlog'; 04658 $template['selected'] = $CONF['DefaultBlog']; 04659 $template['tabindex'] = 10; 04660 showlist($query,'select',$template); 04661 ?> 04662 </td> 04663 </tr><tr> 04664 <td><?php echo _SETTINGS_BASESKIN?> <?php help('baseskin'); ?></td> 04665 <td> 04666 <?php 04667 $query = 'SELECT sdname as text, sdnumber as value' 04668 . ' FROM '.sql_table('skin_desc'); 04669 $template['name'] = 'BaseSkin'; 04670 $template['selected'] = $CONF['BaseSkin']; 04671 $template['tabindex'] = 1; 04672 showlist($query,'select',$template); 04673 ?> 04674 </td> 04675 </tr><tr> 04676 <td><?php echo _SETTINGS_ADMINMAIL?></td> 04677 <td><input name="AdminEmail" tabindex="10010" size="40" value="<?php echo htmlspecialchars($CONF['AdminEmail']) ?>" /></td> 04678 </tr><tr> 04679 <td><?php echo _SETTINGS_SITENAME?></td> 04680 <td><input name="SiteName" tabindex="10020" size="40" value="<?php echo htmlspecialchars($CONF['SiteName']) ?>" /></td> 04681 </tr><tr> 04682 <td><?php echo _SETTINGS_SITEURL?></td> 04683 <td><input name="IndexURL" tabindex="10030" size="40" value="<?php echo htmlspecialchars($CONF['IndexURL']) ?>" /></td> 04684 </tr><tr> 04685 <td><?php echo _SETTINGS_ADMINURL?></td> 04686 <td><input name="AdminURL" tabindex="10040" size="40" value="<?php echo htmlspecialchars($CONF['AdminURL']) ?>" /></td> 04687 </tr><tr> 04688 <td><?php echo _SETTINGS_PLUGINURL?> <?php help('pluginurl');?></td> 04689 <td><input name="PluginURL" tabindex="10045" size="40" value="<?php echo htmlspecialchars($CONF['PluginURL']) ?>" /></td> 04690 </tr><tr> 04691 <td><?php echo _SETTINGS_SKINSURL?> <?php help('skinsurl');?></td> 04692 <td><input name="SkinsURL" tabindex="10046" size="40" value="<?php echo htmlspecialchars($CONF['SkinsURL']) ?>" /></td> 04693 </tr><tr> 04694 <td><?php echo _SETTINGS_ACTIONSURL?> <?php help('actionurl');?></td> 04695 <td><input name="ActionURL" tabindex="10047" size="40" value="<?php echo htmlspecialchars($CONF['ActionURL']) ?>" /></td> 04696 </tr><tr> 04697 <td><?php echo _SETTINGS_LANGUAGE?> <?php help('language'); ?> 04698 </td> 04699 <td> 04700 04701 <select name="Language" tabindex="10050"> 04702 <?php // show a dropdown list of all available languages 04703 global $DIR_LANG; 04704 $dirhandle = opendir($DIR_LANG); 04705 while ($filename = readdir($dirhandle)) { 04706 if (ereg("^(.*)\.php$",$filename,$matches)) { 04707 $name = $matches[1]; 04708 echo "<option value='$name'"; 04709 if ($name == $CONF['Language']) 04710 echo " selected='selected'"; 04711 echo ">$name</option>"; 04712 } 04713 } 04714 closedir($dirhandle); 04715 04716 ?> 04717 </select> 04718 04719 </td> 04720 </tr><tr> 04721 <td><?php echo _SETTINGS_DISABLESITE?> <?php help('disablesite'); ?> 04722 </td> 04723 <td><?php $this->input_yesno('DisableSite',$CONF['DisableSite'],10060); ?> 04724 <br /> 04725 URL: <input name="DisableSiteURL" tabindex="10070" size="40" value="<?php echo htmlspecialchars($CONF['DisableSiteURL'])?>" /> 04726 </td> 04727 </tr><tr> 04728 <td><?php echo _SETTINGS_DIRS?></td> 04729 <td><?php echo htmlspecialchars($DIR_NUCLEUS) ?> 04730 <i><?php echo _SETTINGS_SEECONFIGPHP?></i></td> 04731 </tr><tr> 04732 <td><?php echo _SETTINGS_DBLOGIN?></td> 04733 <td><i><?php echo _SETTINGS_SEECONFIGPHP?></i></td> 04734 </tr><tr> 04735 <td> 04736 <?php 04737 echo _SETTINGS_JSTOOLBAR 04738 /* =_SETTINGS_DISABLEJS 04739 04740 I temporary changed the meaning of DisableJsTools, until I can find a good 04741 way to select the javascript version to use 04742 04743 now, its: 04744 0 : IE 04745 1 : all javascript disabled 04746 2 : 'simpler' javascript (for mozilla/opera/mac) 04747 */ 04748 ?> 04749 </td> 04750 <td><?php /* $this->input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?> 04751 <select name="DisableJsTools" tabindex="10075"> 04752 <?php $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : ''; 04753 echo "<option $extra value='1'>",_SETTINGS_JSTOOLBAR_NONE,"</option>"; 04754 $extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : ''; 04755 echo "<option $extra value='2'>",_SETTINGS_JSTOOLBAR_SIMPLE,"</option>"; 04756 $extra = ($CONF['DisableJsTools'] == 0) ? 'selected="selected"' : ''; 04757 echo "<option $extra value='0'>",_SETTINGS_JSTOOLBAR_FULL,"</option>"; 04758 ?> 04759 </select> 04760 </td> 04761 </tr><tr> 04762 <td><?php echo _SETTINGS_URLMODE?> <?php help('urlmode');?></td> 04763 <td><?php 04764 04765 $this->input_yesno('URLMode',$CONF['URLMode'],10077, 04766 'normal','pathinfo',_SETTINGS_URLMODE_NORMAL,_SETTINGS_URLMODE_PATHINFO); 04767 04768 echo ' ', _SETTINGS_URLMODE_HELP; 04769 04770 ?> 04771 04772 </td> 04773 </tr><tr> 04774 <th colspan="2"><?php echo _SETTINGS_MEDIA?> <?php help('media'); ?></th> 04775 </tr><tr> 04776 <td><?php echo _SETTINGS_MEDIADIR?></td> 04777 <td><?php echo htmlspecialchars($DIR_MEDIA) ?> 04778 <i><?php echo _SETTINGS_SEECONFIGPHP?></i> 04779 <?php if (!is_dir($DIR_MEDIA)) 04780 echo "<br /><b>" . _WARNING_NOTADIR . "</b>"; 04781 if (!is_readable($DIR_MEDIA)) 04782 echo "<br /><b>" . _WARNING_NOTREADABLE . "</b>"; 04783 if (!is_writeable($DIR_MEDIA)) 04784 echo "<br /><b>" . _WARNING_NOTWRITABLE . "</b>"; 04785 ?> 04786 </td> 04787 </tr><tr> 04788 <td><?php echo _SETTINGS_MEDIAURL?></td> 04789 <td> 04790 <input name="MediaURL" tabindex="10080" size="40" value="<?php echo htmlspecialchars($CONF['MediaURL']) ?>" /> 04791 </td> 04792 </tr><tr> 04793 <td><?php echo _SETTINGS_ALLOWUPLOAD?></td> 04794 <td><?php $this->input_yesno('AllowUpload',$CONF['AllowUpload'],10090); ?></td> 04795 </tr><tr> 04796 <td><?php echo _SETTINGS_ALLOWUPLOADTYPES?></td> 04797 <td> 04798 <input name="AllowedTypes" tabindex="10100" size="40" value="<?php echo htmlspecialchars($CONF['AllowedTypes']) ?>" /> 04799 </td> 04800 </tr><tr> 04801 <td><?php echo _SETTINGS_MAXUPLOADSIZE?></td> 04802 <td> 04803 <input name="MaxUploadSize" tabindex="10105" size="40" value="<?php echo htmlspecialchars($CONF['MaxUploadSize']) ?>" /> 04804 </td> 04805 </tr><tr> 04806 <td><?php echo _SETTINGS_MEDIAPREFIX?></td> 04807 <td><?php $this->input_yesno('MediaPrefix',$CONF['MediaPrefix'],10110); ?></td> 04808 04809 </tr><tr> 04810 <th colspan="2"><?php echo _SETTINGS_MEMBERS?></th> 04811 </tr><tr> 04812 <td><?php echo _SETTINGS_CHANGELOGIN?></td> 04813 <td><?php $this->input_yesno('AllowLoginEdit',$CONF['AllowLoginEdit'],10120); ?></td> 04814 </tr><tr> 04815 <td><?php echo _SETTINGS_ALLOWCREATE?> 04816 <?php help('allowaccountcreation'); ?> 04817 </td> 04818 <td><?php $this->input_yesno('AllowMemberCreate',$CONF['AllowMemberCreate'],10130); ?> 04819 </td> 04820 </tr><tr> 04821 <td><?php echo _SETTINGS_NEWLOGIN?> <?php help('allownewmemberlogin'); ?> 04822 <br /><?php echo _SETTINGS_NEWLOGIN2?> 04823 </td> 04824 <td><?php $this->input_yesno('NewMemberCanLogon',$CONF['NewMemberCanLogon'],10140); ?> 04825 </td> 04826 </tr><tr> 04827 <td><?php echo _SETTINGS_MEMBERMSGS?> 04828 <?php help('messageservice'); ?> 04829 </td> 04830 <td><?php $this->input_yesno('AllowMemberMail',$CONF['AllowMemberMail'],10150); ?> 04831 </td> 04832 </tr><tr> 04833 <td><?php echo _SETTINGS_NONMEMBERMSGS?> 04834 <?php help('messageservice'); ?> 04835 </td> 04836 <td><?php $this->input_yesno('NonmemberMail',$CONF['NonmemberMail'],10155); ?> 04837 </td> 04838 </tr><tr> 04839 <td><?php echo _SETTINGS_PROTECTMEMNAMES?> 04840 <?php help('protectmemnames'); ?> 04841 </td> 04842 <td><?php $this->input_yesno('ProtectMemNames',$CONF['ProtectMemNames'],10156); ?> 04843 </td> 04844 04845 04846 04847 </tr><tr> 04848 <th colspan="2"><?php echo _SETTINGS_COOKIES_TITLE?> <?php help('cookies'); ?></th> 04849 </tr><tr> 04850 <td><?php echo _SETTINGS_COOKIEPREFIX?></td> 04851 <td><input name="CookiePrefix" tabindex="10159" size="40" value="<?php echo htmlspecialchars($CONF['CookiePrefix'])?>" /></td> 04852 </tr><tr> 04853 <td><?php echo _SETTINGS_COOKIEDOMAIN?></td> 04854 <td><input name="CookieDomain" tabindex="10160" size="40" value="<?php echo htmlspecialchars($CONF['CookieDomain'])?>" /></td> 04855 </tr><tr> 04856 <td><?php echo _SETTINGS_COOKIEPATH?></td> 04857 <td><input name="CookiePath" tabindex="10170" size="40" value="<?php echo htmlspecialchars($CONF['CookiePath'])?>" /></td> 04858 </tr><tr> 04859 <td><?php echo _SETTINGS_COOKIESECURE?></td> 04860 <td><?php $this->input_yesno('CookieSecure',$CONF['CookieSecure'],10180); ?></td> 04861 </tr><tr> 04862 <td><?php echo _SETTINGS_COOKIELIFE?></td> 04863 <td><?php $this->input_yesno('SessionCookie',$CONF['SessionCookie'],10190, 04864 1,0,_SETTINGS_COOKIESESSION,_SETTINGS_COOKIEMONTH); ?> 04865 </td> 04866 </tr><tr> 04867 <td><?php echo _SETTINGS_LASTVISIT?></td> 04868 <td><?php $this->input_yesno('LastVisit',$CONF['LastVisit'],10200); ?></td> 04869 04870 04871 04872 </tr><tr> 04873 <th colspan="2"><?php echo _SETTINGS_UPDATE?></th> 04874 </tr><tr> 04875 <td><?php echo _SETTINGS_UPDATE?></td> 04876 <td><input type="submit" tabindex="10210" value="<?php echo _SETTINGS_UPDATE_BTN?>" onclick="return checkSubmit();" /></td> 04877 </tr></table> 04878 04879 </div> 04880 </form> 04881 04882 <?php 04883 echo '<h2>',_PLUGINS_EXTRA,'</h2>'; 04884 04885 $manager->notify( 04886 'GeneralSettingsFormExtras', 04887 array() 04888 ); 04889 04890 $this->pagefoot(); 04891 } 04892 04896 function action_settingsupdate() { 04897 global $member, $CONF; 04898 04899 $member->isAdmin() or $this->disallow(); 04900 04901 // check if email address for admin is valid 04902 if (!isValidMailAddress(postVar('AdminEmail'))) 04903 $this->error(_ERROR_BADMAILADDRESS); 04904 04905 04906 // save settings 04907 $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); 04908 $this->updateConfig('BaseSkin', postVar('BaseSkin')); 04909 $this->updateConfig('IndexURL', postVar('IndexURL')); 04910 $this->updateConfig('AdminURL', postVar('AdminURL')); 04911 $this->updateConfig('PluginURL', postVar('PluginURL')); 04912 $this->updateConfig('SkinsURL', postVar('SkinsURL')); 04913 $this->updateConfig('ActionURL', postVar('ActionURL')); 04914 $this->updateConfig('Language', postVar('Language')); 04915 $this->updateConfig('AdminEmail', postVar('AdminEmail')); 04916 $this->updateConfig('SessionCookie', postVar('SessionCookie')); 04917 $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate')); 04918 $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); 04919 $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); 04920 $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); 04921 $this->updateConfig('SiteName', postVar('SiteName')); 04922 $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon')); 04923 $this->updateConfig('DisableSite', postVar('DisableSite')); 04924 $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); 04925 $this->updateConfig('LastVisit', postVar('LastVisit')); 04926 $this->updateConfig('MediaURL', postVar('MediaURL')); 04927 $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); 04928 $this->updateConfig('AllowUpload', postVar('AllowUpload')); 04929 $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); 04930 $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); 04931 $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); 04932 $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); 04933 $this->updateConfig('CookieDomain', postVar('CookieDomain')); 04934 $this->updateConfig('CookiePath', postVar('CookiePath')); 04935 $this->updateConfig('CookieSecure', postVar('CookieSecure')); 04936 $this->updateConfig('URLMode', postVar('URLMode')); 04937 $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); 04938 04939 // load new config and redirect (this way, the new language will be used is necessary) 04940 // note that when changing cookie settings, this redirect might cause the user 04941 // to have to log in again. 04942 getConfig(); 04943 redirect($CONF['AdminURL'] . '?action=manage'); 04944 exit; 04945 04946 } 04947 04951 function updateConfig($name, $val) { 04952 $name = addslashes($name); 04953 $val = trim(addslashes($val)); 04954 04955 $query = 'UPDATE '.sql_table('config') 04956 . " SET value='$val'" 04957 . " WHERE name='$name'"; 04958 04959 sql_query($query) or die("Query error: " . mysql_error()); 04960 return mysql_insert_id(); 04961 } 04962 04967 function error($msg) { 04968 $this->pagehead(); 04969 ?> 04970 <h2>Error!</h2> 04971 <?php echo $msg; 04972 echo "<br />"; 04973 echo "<a href='index.php' onclick='history.back()'>"._BACK."</a>"; 04974 $this->pagefoot(); 04975 exit; 04976 } 04977 04981 function disallow() { 04982 ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI')); 04983 04984 $this->error(_ERROR_DISALLOWED); 04985 } 04986 04990 function pagehead($extrahead = '') { 04991 global $member, $nucleus, $CONF, $manager; 04992 04993 $manager->notify( 04994 'AdminPrePageHead', 04995 array( 04996 'extrahead' => &$extrahead, 04997 'action' => $this->action 04998 ) 04999 ); 05000 05001 $baseUrl = htmlspecialchars($CONF['AdminURL']); 05002 05003 ?> 05004 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 05005 <html xmlns="http://www.w3.org/1999/xhtml"> 05006 <head> 05007 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" /> 05008 <title><?php echo htmlspecialchars($CONF['SiteName'])?> - Admin</title> 05009 <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" href="<?php echo $baseUrl?>styles/admin.css" /> 05010 <link rel="stylesheet" title="Nucleus Admin Default" type="text/css" 05011 href="<?php echo $baseUrl?>styles/addedit.css" /> 05012 05013 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/edit.js"></script> 05014 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/admin.js"></script> 05015 <script type="text/javascript" src="<?php echo $baseUrl?>javascript/compatibility.js"></script> 05016 05017 <meta http-equiv='Pragma' content='no-cache' /> 05018 <meta http-equiv='Cache-Control' content='no-cache, must-revalidate' /> 05019 <meta http-equiv='Expires' content='-1' /> 05020 05021 <?php echo $extrahead?> 05022 </head> 05023 <body> 05024 <div class="header"> 05025 <h1><?php echo htmlspecialchars($CONF['SiteName'])?></h1> 05026 </div> 05027 <div id="container"> 05028 <div id="content"> 05029 <div class="loginname"> 05030 <?php if ($member->isLoggedIn()) 05031 echo _LOGGEDINAS . ' ' . $member->getDisplayName() 05032 ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a>" 05033 . "<br /><a href='index.php?action=overview'>" . _ADMINHOME . "</a> - "; 05034 else 05035 echo '<a href="index.php?action=showlogin" title="Log in">' , _NOTLOGGEDIN , '</a> <br />'; 05036 05037 echo "<a href='".$CONF['IndexURL']."'>"._YOURSITE."</a>"; 05038 05039 echo '<br />('; 05040 05041 // Note(JP): disabled code name description 05042 /* 05043 if ($member->isLoggedIn() && $member->isAdmin()) 05044 echo '<a href="http://nucleuscms.org/version.php?v=',getNucleusVersion(),'&pl=',getNucleusPatchLevel(),'" title="Check for upgrade">Nucleus CMS ', $nucleus['version'], ' "', $nucleus['codename'], '"</a>'; 05045 else 05046 echo 'Nucleus CMS ', $nucleus['version'], ' "', $nucleus['codename'], '"'; 05047 */ 05048 if ($member->isLoggedIn() && $member->isAdmin()) 05049 echo '<a href="http://nucleuscms.org/version.php?v=',getNucleusVersion(),'&pl=',getNucleusPatchLevel(),'" title="Check for upgrade">Nucleus CMS ', $nucleus['version'], ' </a>'; 05050 else 05051 echo 'Nucleus CMS ', $nucleus['version']; 05052 echo ')'; 05053 echo '</div>'; 05054 } 05055 05059 function pagefoot() { 05060 global $action, $member, $manager; 05061 05062 $manager->notify( 05063 'AdminPrePageFoot', 05064 array( 05065 'action' => $this->action 05066 ) 05067 ); 05068 05069 if ($member->isLoggedIn() && ($action != 'showlogin')) { 05070 ?> 05071 <h2><?php echo _LOGOUT ?></h2> 05072 <ul> 05073 <li><a href="index.php?action=overview"><?php echo _BACKHOME?></a></li> 05074 <li><a href='index.php?action=logout'><?php echo _LOGOUT?></a></li> 05075 </ul> 05076 <?php } 05077 ?> 05078 <div class="foot"> 05079 <a href="http://nucleuscms.org/">Nucleus CMS</a> © 2002-<?php echo date('Y'); ?> The Nucleus Group 05080 - 05081 <a href="http://nucleuscms.org/donate.php">Donate!</a> 05082 </div> 05083 05084 </div><!-- content --> 05085 05086 <div id="quickmenu"> 05087 05088 <?php // ---- user settings ---- 05089 if (($action != 'showlogin') && ($member->isLoggedIn())) { 05090 echo '<ul>'; 05091 echo '<li><a href="index.php?action=overview">',_QMENU_HOME,'</a></li>'; 05092 echo '</ul>'; 05093 05094 echo '<h2>',_QMENU_ADD,'</h2>'; 05095 echo '<form method="get" action="index.php"><div>'; 05096 echo '<input type="hidden" name="action" value="createitem" />'; 05097 05098 $showAll = requestVar('showall'); 05099 if (($member->isAdmin()) && ($showAll == 'yes')) { 05100 // Super-Admins have access to all blogs! (no add item support though) 05101 $query = 'SELECT bnumber as value, bname as text' 05102 . ' FROM ' . sql_table('blog') 05103 . ' ORDER BY bname'; 05104 } else { 05105 $query = 'SELECT bnumber as value, bname as text' 05106 . ' FROM ' . sql_table('blog') . ', ' . sql_table('team') 05107 . ' WHERE tblog=bnumber and tmember=' . $member->getID() 05108 . ' ORDER BY bname'; 05109 } 05110 $template['name'] = 'blogid'; 05111 $template['tabindex'] = 15000; 05112 $template['extra'] = _QMENU_ADD_SELECT; 05113 $template['selected'] = -1; 05114 $template['shorten'] = 10; 05115 $template['shortenel'] = ''; 05116 $template['javascript'] = 'onchange="return form.submit()"'; 05117 showlist($query,'select',$template); 05118 05119 echo '</div></form>'; 05120 05121 echo '<h2>' . $member->getDisplayName(). '</h2>'; 05122 echo '<ul>'; 05123 echo '<li><a href="index.php?action=editmembersettings">',_QMENU_USER_SETTINGS,'</a></li>'; 05124 echo '<li><a href="index.php?action=browseownitems">',_QMENU_USER_ITEMS,'</a></li>'; 05125 echo '<li><a href="index.php?action=browseowncomments">',_QMENU_USER_COMMENTS,'</a></li>'; 05126 echo '</ul>'; 05127 05128 05129 05130 05131 // ---- general settings ---- 05132 if ($member->isAdmin()) { 05133 05134 echo '<h2>',_QMENU_MANAGE,'</h2>'; 05135 05136 echo '<ul>'; 05137 echo '<li><a href="index.php?action=actionlog">',_QMENU_MANAGE_LOG,'</a></li>'; 05138 echo '<li><a href="index.php?action=settingsedit">',_QMENU_MANAGE_SETTINGS,'</a></li>'; 05139 echo '<li><a href="index.php?action=usermanagement">',_QMENU_MANAGE_MEMBERS,'</a></li>'; 05140 echo '<li><a href="index.php?action=createnewlog">',_QMENU_MANAGE_NEWBLOG,'</a></li>'; 05141 echo '<li><a href="index.php?action=backupoverview">',_QMENU_MANAGE_BACKUPS,'</a></li>'; 05142 echo '<li><a href="index.php?action=pluginlist">',_QMENU_MANAGE_PLUGINS,'</a></li>'; 05143 echo '</ul>'; 05144 05145 echo '<h2>',_QMENU_LAYOUT,'</h2>'; 05146 echo '<ul>'; 05147 echo '<li><a href="index.php?action=skinoverview">',_QMENU_LAYOUT_SKINS,'</a></li>'; 05148 echo '<li><a href="index.php?action=templateoverview">',_QMENU_LAYOUT_TEMPL,'</a></li>'; 05149 echo '<li><a href="index.php?action=skinieoverview">',_QMENU_LAYOUT_IEXPORT,'</a></li>'; 05150 echo '</ul>'; 05151 05152 } 05153 05154 $aPluginExtras = array(); 05155 $manager->notify( 05156 'QuickMenu', 05157 array( 05158 'options' => &$aPluginExtras 05159 ) 05160 ); 05161 if (count($aPluginExtras) > 0) 05162 { 05163 echo '<h2>', _QMENU_PLUGINS, '</h2>'; 05164 echo '<ul>'; 05165 foreach ($aPluginExtras as $aInfo) 05166 { 05167 echo '<li><a href="'.htmlspecialchars($aInfo['url']).'" title="'.htmlspecialchars($aInfo['tooltip']).'">'.htmlspecialchars($aInfo['title']).'</a></li>'; 05168 } 05169 echo '</ul>'; 05170 } 05171 05172 } else if (($action == 'activate') || ($action == 'activatesetpwd')) { 05173 05174 echo '<h2>', _QMENU_ACTIVATE, '</h2>', _QMENU_ACTIVATE_TEXT; 05175 } else { 05176 // introduction text on login screen 05177 echo '<h2>', _QMENU_INTRO, '</h2>', _QMENU_INTRO_TEXT; 05178 } 05179 ?> 05180 </div> 05181 05182 <!-- content / quickmenu container --> 05183 </div> 05184 05185 05186 </body> 05187 </html> 05188 <?php } 05189 05193 function action_regfile() { 05194 global $member, $CONF; 05195 05196 $blogid = intRequestVar('blogid'); 05197 05198 $member->teamRights($blogid) or $this->disallow(); 05199 05200 // header-code stolen from phpMyAdmin 05201 // REGEDIT and bookmarklet code stolen from GreyMatter 05202 05203 $sjisBlogName = getBlogNameFromID($blogid); 05204 $sjisBlogName = mb_convert_encoding($sjisBlogName, "SJIS", "auto"); 05205 05206 header('Content-Type: application/octetstream'); 05207 header('Content-Disposition: filename="nucleus.reg"'); 05208 header('Pragma: no-cache'); 05209 header('Expires: 0'); 05210 05211 echo "REGEDIT4\n"; 05212 echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\Post To &Nucleus (".$sjisBlogName.")]\n"; 05213 echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n"; 05214 echo '"contexts"=hex:31'; 05215 } 05216 05220 function action_bookmarklet() { 05221 global $member, $manager; 05222 05223 $blogid = intRequestVar('blogid'); 05224 05225 $member->teamRights($blogid) or $this->disallow(); 05226 05227 $blog =& $manager->getBlog($blogid); 05228 $bm = getBookmarklet($blogid); 05229 05230 $this->pagehead(); 05231 05232 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 05233 05234 ?> 05235 05236 <h2>Bookmarklet<!-- and Right Click Menu --></h2> 05237 05238 <p> 05239 Bookmarklet ã¨ã¯ã€ã‚¯ãƒªãƒƒã‚¯1回ã§è¨˜äº‹ã®æŠ•ç¨¿ãŒã§ãるシステムã§ã™ã€‚ ã“ã® Bookmarklet をインストールã™ã‚‹ã¨ã€ãƒ–ラウザã®ãƒ„ールãƒãƒ¼ã®'add to weblog'ボタンãŒåˆ©ç”¨å¯èƒ½ã¨ãªã‚Šã€Nucleusã®æ–°è¦ã‚¢ã‚¤ãƒ†ãƒ ã®è¿½åŠ ウィンドウãŒãƒãƒƒãƒ—アップã—ã¾ã™ã€‚ä»»æ„ã®Webページを開ã„ãŸçŠ¶æ…‹ã§ã“ã®ãƒœã‚¿ãƒ³ã‚’押ã›ã°ã€ãã®Webページã®ã‚¿ã‚¤ãƒˆãƒ«ã¨ã€ãã®ãƒšãƒ¼ã‚¸ã¸ã®ãƒªãƒ³ã‚¯ã‚¿ã‚°ãŒã™ã§ã«åŸ‹ã‚è¾¼ã¾ã‚ŒãŸçŠ¶æ…‹ã§ã‚¢ã‚¤ãƒ†ãƒ è¿½åŠ ã‚¦ã‚£ãƒ³ãƒ‰ã‚¦ãŒé–‹ãã€ã•ã‚‰ã«ã€ãã®ãƒšãƒ¼ã‚¸å†…ã«å¼•ç”¨ã—ãŸã„文をé¸æŠžã—ãŸçŠ¶æ…‹ã§ã‚ã‚Œã°ãã®å¼•ç”¨æ–‡ã‚‚自動的ã«å¼•ç”¨ã—ã¾ã™ã€‚ 05240 </p> 05241 05242 <h3>Bookmarklet</h3> 05243 <p> 05244 下ã®ãƒªãƒ³ã‚¯éƒ¨åˆ†ã‚’「ãŠæ°—ã«å…¥ã‚Šã€ã‚‚ã—ãã¯ãƒ„ールãƒãƒ¼ã«ãƒ‰ãƒ©ãƒƒã‚°ã§ãã¾ã™ã€‚<small>(ãã®å‰ã«ãƒ†ã‚¹ãƒˆã—ã¦ã¿ãŸã„å ´åˆã¯å˜ç´”ã«ä¸‹ã®ãƒªãƒ³ã‚¯ã‚’クリックã—ã¦ã¿ã¦ãã ã•ã„)</small> 05245 <br /> 05246 <br /> 05247 <a href="<?php echo htmlspecialchars($bm)?>">Add to <?php echo $blog->getShortName()?></a> (ã»ã¨ã‚“ã©ã®ãƒ–ラウザã§å‹•ä½œã—ã¾ã™) 05248 </p> 05249 05250 <h3>å³ã‚¯ãƒªãƒƒã‚¯ãƒ¡ãƒ‹ãƒ¥ãƒ¼ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ« (Windowsã§IE使用時)</h3> 05251 <p> 05252 <?php 05253 $url = 'index.php?action=regfile&blogid=' . intval($blogid); 05254 $url = $manager->addTicketToUrl($url); 05255 ?> 05256 ã‚ã‚‹ã„ã¯<a href="<?php echo htmlspecialchars($url) ?>">å³ã‚¯ãƒªãƒƒã‚¯ãƒ¡ãƒ‹ãƒ¥ãƒ¼</a>ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ (「開ãã€ã‚’é¸æŠžã™ã‚Œã°ç›´æŽ¥ãƒ¬ã‚¸ã‚¹ãƒˆãƒªã«ç™»éŒ²ã—ã¾ã™) 05257 </p> 05258 05259 <p> 05260 ã“ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãŸå³ã‚¯ãƒªãƒƒã‚¯ãƒ¡ãƒ‹ãƒ¥ãƒ¼ã‚’表示ã™ã‚‹ãŸã‚ã«ã¯IEã®å†èµ·å‹•ãŒå¿…è¦ã§ã™ã€‚ 05261 </p> 05262 05263 <h3>アンインストール</h3> 05264 <p> 05265 「ãŠæ°—ã«å…¥ã‚Šã€ã‚‚ã—ãã¯ãƒ„ールãƒãƒ¼ã‹ã‚‰æ¶ˆã™ã«ã¯ã€å˜ã«å‰Šé™¤ã™ã‚‹ã ã‘ã§ã™ã€‚ 05266 </p> 05267 05268 <p> 05269 å³ã‚¯ãƒªãƒƒã‚¯ãƒ¡ãƒ‹ãƒ¥ãƒ¼ã‹ã‚‰æ¶ˆã—ãŸã„時ã¯ã€ä»¥ä¸‹ã®æ‰‹é †ã‚’è¸ã‚“ã§ãã ã•ã„: 05270 </p> 05271 05272 <ol> 05273 <li>スタートメニューã‹ã‚‰ã€Œãƒ•ã‚¡ã‚¤ãƒ«ã‚’指定ã—ã¦å®Ÿè¡Œ...ã€ã‚’é¸æŠž</li> 05274 <li>"regedit" ã¨å…¥åŠ›</li> 05275 <li>"OK" ボタンを押ã™</li> 05276 <li>"\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt" をツリーã®ä¸ã‹ã‚‰æ¤œç´¢</li> 05277 <li>"add to weblog" エントリを削除</li> 05278 </ol> 05279 05280 <?php 05281 $this->pagefoot(); 05282 05283 } 05284 05288 function action_actionlog() { 05289 global $member, $manager; 05290 05291 $member->isAdmin() or $this->disallow(); 05292 05293 $this->pagehead(); 05294 05295 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 05296 05297 $url = $manager->addTicketToUrl('index.php?action=clearactionlog'); 05298 05299 ?> 05300 <h2><?php echo _ACTIONLOG_CLEAR_TITLE?></h2> 05301 <p><a href="<?php echo htmlspecialchars($url)?>"><?php echo _ACTIONLOG_CLEAR_TEXT?></a></p> 05302 <?php 05303 echo '<h2>' . _ACTIONLOG_TITLE . '</h2>'; 05304 05305 $query = 'SELECT * FROM '.sql_table('actionlog').' ORDER BY timestamp DESC'; 05306 $template['content'] = 'actionlist'; 05307 $amount = showlist($query,'table',$template); 05308 05309 $this->pagefoot(); 05310 05311 } 05312 05316 function action_banlist() { 05317 global $member, $manager; 05318 05319 $blogid = intRequestVar('blogid'); 05320 05321 $member->blogAdminRights($blogid) or $this->disallow(); 05322 05323 $blog =& $manager->getBlog($blogid); 05324 05325 $this->pagehead(); 05326 05327 echo '<p><a href="index.php?action=overview">(',_BACKHOME,')</a></p>'; 05328 05329 echo '<h2>' . _BAN_TITLE . " '". $this->bloglink($blog) ."'</h2>"; 05330 05331 $query = 'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid.' ORDER BY iprange'; 05332 $template['content'] = 'banlist'; 05333 $amount = showlist($query,'table',$template); 05334 05335 if ($amount == 0) 05336 echo _BAN_NONE; 05337 05338 echo '<h2>'._BAN_NEW_TITLE.'</h2>'; 05339 echo "<p><a href='index.php?action=banlistnew&blogid=$blogid'>"._BAN_NEW_TEXT."</a></p>"; 05340 05341 05342 $this->pagefoot(); 05343 05344 } 05345 05349 function action_banlistdelete() { 05350 global $member, $manager; 05351 05352 $blogid = intRequestVar('blogid'); 05353 $iprange = requestVar('iprange'); 05354 05355 $member->blogAdminRights($blogid) or $this->disallow(); 05356 05357 $blog =& $manager->getBlog($blogid); 05358 05359 $this->pagehead(); 05360 ?> 05361 <h2><?php echo _BAN_REMOVE_TITLE?></h2> 05362 05363 <form method="post" action="index.php"> 05364 05365 <h3><?php echo _BAN_IPRANGE?></h3> 05366 05367 <p> 05368 <?php echo _CONFIRMTXT_BAN?> <?php echo htmlspecialchars($iprange) ?> 05369 <input name="iprange" type="hidden" value="<?php echo htmlspecialchars($iprange)?>" /> 05370 </p> 05371 05372 <h3><?php echo _BAN_BLOGS?></h3> 05373 05374 <div> 05375 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 05376 <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">Only blog '<?php echo htmlspecialchars($blog->getName())?>'</label> 05377 <br /> 05378 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label> 05379 </div> 05380 05381 <h3><?php echo _BAN_DELETE_TITLE?></h3> 05382 05383 <div> 05384 <?php $manager->addTicketHidden() ?> 05385 <input type="hidden" name="action" value="banlistdeleteconfirm" /> 05386 <input type="submit" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 05387 </div> 05388 05389 </form> 05390 <?php 05391 $this->pagefoot(); 05392 } 05393 05397 function action_banlistdeleteconfirm() { 05398 global $member, $manager; 05399 05400 $blogid = intPostVar('blogid'); 05401 $allblogs = postVar('allblogs'); 05402 $iprange = postVar('iprange'); 05403 05404 $member->blogAdminRights($blogid) or $this->disallow(); 05405 05406 $deleted = array(); 05407 05408 if (!$allblogs) { 05409 if (BAN::removeBan($blogid, $iprange)) 05410 array_push($deleted, $blogid); 05411 } else { 05412 // get blogs fot which member has admin rights 05413 $adminblogs = $member->getAdminBlogs(); 05414 foreach ($adminblogs as $blogje) { 05415 if (BAN::removeBan($blogje, $iprange)) 05416 array_push($deleted, $blogje); 05417 } 05418 } 05419 05420 if (sizeof($deleted) == 0) 05421 $this->error(_ERROR_DELETEBAN); 05422 05423 $this->pagehead(); 05424 05425 echo '<a href="index.php?action=banlist&blogid=',$blogid,'">(',_BACK,')</a>'; 05426 echo '<h2>'._BAN_REMOVED_TITLE.'</h2>'; 05427 echo "<p>"._BAN_REMOVED_TEXT."</p>"; 05428 05429 echo "<ul>"; 05430 foreach ($deleted as $delblog) { 05431 $b =& $manager->getBlog($delblog); 05432 echo "<li>" . htmlspecialchars($b->getName()). "</li>"; 05433 } 05434 echo "</ul>"; 05435 05436 $this->pagefoot(); 05437 05438 } 05439 05443 function action_banlistnewfromitem() { 05444 $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid'))); 05445 } 05446 05450 function action_banlistnew($blogid = '') { 05451 global $member, $manager; 05452 05453 if ($blogid == '') 05454 $blogid = intRequestVar('blogid'); 05455 05456 $ip = requestVar('ip'); 05457 05458 $member->blogAdminRights($blogid) or $this->disallow(); 05459 05460 $blog =& $manager->getBlog($blogid); 05461 05462 $this->pagehead(); 05463 ?> 05464 <h2><?php echo _BAN_ADD_TITLE?></h2> 05465 05466 05467 <form method="post" action="index.php"> 05468 05469 <h3><?php echo _BAN_IPRANGE?></h3> 05470 05471 <p><?php echo _BAN_IPRANGE_TEXT?></p> 05472 05473 <div class="note"> 05474 <b>An example</b>: "134.58.253.193" will only block one computer, while "134.58.253" will block 256 IP addresses, including the one from the first example. 05475 </div> 05476 05477 <div> 05478 <?php if ($ip) { 05479 ?> 05480 <input name="iprange" type="radio" value="<?php echo htmlspecialchars($ip)?>" checked="checked" id="ip_fixed" /><label for="ip_fixed"><?php echo htmlspecialchars($ip)?></label> 05481 <br /> 05482 <input name="iprange" type="radio" value="custom" id="ip_custom" /><label for="ip_custom">Custom: </label><input name='customiprange' value='<?php echo htmlspecialchars($ip)?>' maxlength='15' size='15' /> 05483 <?php } else { 05484 echo "<input name='iprange' value='custom' type='hidden' />"; 05485 echo "<input name='customiprange' value='' maxlength='15' size='15' />"; 05486 } 05487 ?> 05488 </div> 05489 05490 <h3><?php echo _BAN_BLOGS?></h3> 05491 05492 <p><?php echo _BAN_BLOGS_TEXT?></p> 05493 05494 <div> 05495 <input type="hidden" name="blogid" value="<?php echo $blogid?>" /> 05496 <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">'<?php echo htmlspecialchars($blog->getName())?>'</label> 05497 <br /> 05498 <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label> 05499 </div> 05500 05501 <h3><?php echo _BAN_REASON_TITLE?></h3> 05502 05503 <p><?php echo _BAN_REASON_TEXT?></p> 05504 05505 <div><textarea name="reason" cols="40" rows="5"></textarea></div> 05506 05507 <h3><?php echo _BAN_ADD_TITLE?></h3> 05508 05509 <div> 05510 <input name="action" type="hidden" value="banlistadd" /> 05511 <?php $manager->addTicketHidden() ?> 05512 <input type="submit" value="<?php echo _BAN_ADD_BTN?>" /> 05513 </div> 05514 05515 </form> 05516 05517 <?php $this->pagefoot(); 05518 } 05519 05523 function action_banlistadd() { 05524 global $member; 05525 05526 $blogid = intPostVar('blogid'); 05527 $allblogs = postVar('allblogs'); 05528 $iprange = postVar('iprange'); 05529 if ($iprange == "custom") 05530 $iprange = postVar('customiprange'); 05531 $reason = postVar('reason'); 05532 05533 $member->blogAdminRights($blogid) or $this->disallow(); 05534 05535 // TODO: check IP range validity 05536 05537 if (!$allblogs) { 05538 if (!BAN::addBan($blogid, $iprange, $reason)) 05539 $this->error(_ERROR_ADDBAN); 05540 } else { 05541 // get blogs fot which member has admin rights 05542 $adminblogs = $member->getAdminBlogs(); 05543 $failed = 0; 05544 foreach ($adminblogs as $blogje) { 05545 if (!BAN::addBan($blogje, $iprange, $reason)) 05546 $failed = 1; 05547 } 05548 if ($failed) 05549 $this->error(_ERROR_ADDBAN); 05550 } 05551 05552 $this->action_banlist(); 05553 05554 } 05555 05559 function action_clearactionlog() { 05560 global $member; 05561 05562 $member->isAdmin() or $this->disallow(); 05563 05564 ACTIONLOG::clear(); 05565 05566 $this->action_manage(_MSG_ACTIONLOGCLEARED); 05567 } 05568 05572 function action_backupoverview() { 05573 global $member, $manager; 05574 05575 $member->isAdmin() or $this->disallow(); 05576 05577 $this->pagehead(); 05578 05579 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 05580 ?> 05581 <h2><?php echo _BACKUPS_TITLE?></h2> 05582 05583 <h3><?php echo _BACKUP_TITLE?></h3> 05584 05585 <p><?php echo _BACKUP_INTRO?></p> 05586 05587 <form method="post" action="index.php"><p> 05588 <input type="hidden" name="action" value="backupcreate" /> 05589 <?php $manager->addTicketHidden() ?> 05590 05591 <input type="radio" name="gzip" value="1" checked="checked" id="gzip_yes" tabindex="10" /><label for="gzip_yes"><?php echo _BACKUP_ZIP_YES?></label> 05592 <br /> 05593 <input type="radio" name="gzip" value="0" id="gzip_no" tabindex="10" /><label for="gzip_no" ><?php echo _BACKUP_ZIP_NO?></label> 05594 <br /><br /> 05595 <input type="submit" value="<?php echo _BACKUP_BTN?>" tabindex="20" /> 05596 05597 </p></form> 05598 05599 <div class="note"><?php echo _BACKUP_NOTE?></div> 05600 05601 05602 <h3><?php echo _RESTORE_TITLE?></h3> 05603 05604 <div class="note"><?php echo _RESTORE_NOTE?></div> 05605 05606 <p><?php echo _RESTORE_INTRO?></p> 05607 05608 <form method="post" action="index.php" enctype="multipart/form-data"><p> 05609 <input type="hidden" name="action" value="backuprestore" /> 05610 <?php $manager->addTicketHidden() ?> 05611 <input name="backup_file" type="file" tabindex="30" /> 05612 <br /><br /> 05613 <input type="submit" value="<?php echo _RESTORE_BTN?>" tabindex="40" /> 05614 <br /><input type="checkbox" name="letsgo" value="1" id="letsgo" tabindex="50" /><label for="letsgo"><?php echo _RESTORE_IMSURE?></label> 05615 <br /><?php echo _RESTORE_WARNING?> 05616 </p></form> 05617 05618 <?php $this->pagefoot(); 05619 } 05620 05624 function action_backupcreate() { 05625 global $member, $DIR_LIBS; 05626 05627 $member->isAdmin() or $this->disallow(); 05628 05629 // use compression ? 05630 $useGzip = intval(postVar('gzip')); 05631 05632 include($DIR_LIBS . 'backup.php'); 05633 05634 // try to extend time limit 05635 // (creating/restoring dumps might take a while) 05636 @set_time_limit(1200); 05637 05638 do_backup($useGzip); 05639 exit; 05640 } 05641 05645 function action_backuprestore() { 05646 global $member, $DIR_LIBS; 05647 05648 $member->isAdmin() or $this->disallow(); 05649 05650 if (intPostVar('letsgo') != 1) 05651 $this->error(_ERROR_BACKUP_NOTSURE); 05652 05653 include($DIR_LIBS . 'backup.php'); 05654 05655 // try to extend time limit 05656 // (creating/restoring dumps might take a while) 05657 @set_time_limit(1200); 05658 05659 $message = do_restore(); 05660 if ($message != '') 05661 $this->error($message); 05662 05663 $this->pagehead(); 05664 ?> 05665 <h2><?php echo _RESTORE_COMPLETE?></h2> 05666 <?php $this->pagefoot(); 05667 05668 } 05669 05673 function action_pluginlist() { 05674 global $member, $manager; 05675 05676 // check if allowed 05677 $member->isAdmin() or $this->disallow(); 05678 05679 $this->pagehead(); 05680 05681 echo '<p><a href="index.php?action=manage">(',_BACKTOMANAGE,')</a></p>'; 05682 05683 echo '<h2>' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '</h2>'; 05684 05685 echo '<h3>' , _PLUGS_TITLE_INSTALLED , '</h3>'; 05686 05687 05688 $query = 'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC'; 05689 05690 $template['content'] = 'pluginlist'; 05691 $template['tabindex'] = 10; 05692 showlist($query, 'table', $template); 05693 05694 ?> 05695 <h3><?php echo _PLUGS_TITLE_UPDATE?></h3> 05696 05697 <p><?php echo _PLUGS_TEXT_UPDATE?></p> 05698 05699 <form method="post" action="index.php"><div> 05700 <input type="hidden" name="action" value="pluginupdate" /> 05701 <?php $manager->addTicketHidden() ?> 05702 <input type="submit" value="<?php echo _PLUGS_BTN_UPDATE ?>" tabindex="20" /> 05703 </div></form> 05704 05705 <h3><?php echo _PLUGS_TITLE_NEW?></h3> 05706 05707 <?php // find a list of possibly non-installed plugins 05708 $candidates = array(); 05709 global $DIR_PLUGINS; 05710 $dirhandle = opendir($DIR_PLUGINS); 05711 while ($filename = readdir($dirhandle)) { 05712 if (ereg('^NP_(.*)\.php$',$filename,$matches)) { 05713 $name = $matches[1]; 05714 // only show in list when not yet installed 05715 $res = sql_query('SELECT * FROM '.sql_table('plugin').' WHERE pfile="NP_'.addslashes($name).'"'); 05716 if (mysql_num_rows($res) == 0) 05717 array_push($candidates,$name); 05718 } 05719 } 05720 closedir($dirhandle); 05721 05722 if (sizeof($candidates) > 0) { 05723 ?> 05724 05725 <p><?php echo _PLUGS_ADD_TEXT?></p> 05726 05727 05728 <form method='post' action='index.php'><div> 05729 <input type='hidden' name='action' value='pluginadd' /> 05730 <?php $manager->addTicketHidden() ?> 05731 <select name="filename" tabindex="30"> 05732 <?php foreach($candidates as $name) 05733 echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>'; 05734 ?> 05735 </select> 05736 <input type='submit' tabindex="40" value='<?php echo _PLUGS_BTN_INSTALL?>' /> 05737 </div></form> 05738 05739 <?php } else { // sizeof(candidates) == 0 05740 echo '<p>',_PLUGS_NOCANDIDATES,'</p>'; 05741 } 05742 05743 $this->pagefoot(); 05744 } 05745 05749 function action_pluginhelp() { 05750 global $member, $manager, $DIR_PLUGINS, $CONF; 05751 05752 // check if allowed 05753 $member->isAdmin() or $this->disallow(); 05754 05755 $plugid = intGetVar('plugid'); 05756 05757 if (!$manager->pidInstalled($plugid)) 05758 $this->error(_ERROR_NOSUCHPLUGIN); 05759 05760 $plugName = getPluginNameFromPid($plugid); 05761 05762 $this->pagehead(); 05763 05764 echo '<p><a href="index.php?action=pluginlist">(',_PLUGS_BACK,')</a></p>'; 05765 05766 echo '<h2>',_PLUGS_HELP_TITLE,': ',htmlspecialchars($plugName),'</h2>'; 05767 05768 $plug =& $manager->getPlugin($plugName); 05769 $helpFile = $DIR_PLUGINS.$plug->getShortName().'/help.html'; 05770 05771 if (($plug->supportsFeature('HelpPage') > 0) && (@file_exists($helpFile))) { 05772 @readfile($helpFile); 05773 } else { 05774 echo '<p>Error: ', _ERROR_PLUGNOHELPFILE,'</p>'; 05775 echo '<p><a href="index.php?action=pluginlist">(',_BACK,')</a></p>'; 05776 } 05777 05778 05779 $this->pagefoot(); 05780 } 05781 05785 function action_pluginadd() { 05786 global $member, $manager, $DIR_PLUGINS; 05787 05788 // check if allowed 05789 $member->isAdmin() or $this->disallow(); 05790 05791 $name = postVar('filename'); 05792 05793 if ($manager->pluginInstalled($name)) 05794 $this->error(_ERROR_DUPPLUGIN); 05795 if (!checkPlugin($name)) 05796 $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')'); 05797 05798 // get number of currently installed plugins 05799 $res = sql_query('SELECT * FROM '.sql_table('plugin')); 05800 $numCurrent = mysql_num_rows($res); 05801 05802 // plugin will be added as last one in the list 05803 $newOrder = $numCurrent + 1; 05804 05805 $manager->notify( 05806 'PreAddPlugin', 05807 array( 05808 'file' => &$name 05809 ) 05810 ); 05811 05812 // do this before calling getPlugin (in case the plugin id is used there) 05813 $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.addslashes($name).'")'; 05814 sql_query($query); 05815 $iPid = mysql_insert_id(); 05816 05817 $manager->clearCachedInfo('installedPlugins'); 05818 05819 // Load the plugin for condition checking and instalation 05820 $plugin =& $manager->getPlugin($name); 05821 05822 // check if it got loaded (could have failed) 05823 if (!$plugin) 05824 { 05825 sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid)); 05826 $manager->clearCachedInfo('installedPlugins'); 05827 $this->error(_ERROR_PLUGIN_LOAD); 05828 } 05829 05830 // check if plugin needs a newer Nucleus version 05831 if (getNucleusVersion() < $plugin->getMinNucleusVersion()) 05832 { 05833 // uninstall plugin again... 05834 $this->deleteOnePlugin($plugin->getID()); 05835 05836 // ...and show error 05837 $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion())); 05838 } 05839 05840 // check if plugin needs a newer Nucleus version 05841 if ((getNucleusVersion() == $plugin->getMinNucleusVersion()) && (getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel())) 05842 { 05843 // uninstall plugin again... 05844 $this->deleteOnePlugin($plugin->getID()); 05845 05846 // ...and show error 05847 $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) ); 05848 } 05849 05850 $pluginList = $plugin->getPluginDep(); 05851 foreach ($pluginList as $pluginName) 05852 { 05853 05854 $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"'); 05855 if (mysql_num_rows($res) == 0) 05856 { 05857 // uninstall plugin again... 05858 $this->deleteOnePlugin($plugin->getID()); 05859 05860 $this->error(_ERROR_INSREQPLUGIN . htmlspecialchars($pluginName)); 05861 } 05862 } 05863 05864 // call the install method of the plugin 05865 $plugin->install(); 05866 05867 $manager->notify( 05868 'PostAddPlugin', 05869 array( 05870 'plugin' => &$plugin 05871 ) 05872 ); 05873 05874 // update all events 05875 $this->action_pluginupdate(); 05876 } 05877 05881 function action_pluginupdate() { 05882 global $member, $manager; 05883 05884 // check if allowed 05885 $member->isAdmin() or $this->disallow(); 05886 05887 // delete everything from plugin_events 05888 sql_query('DELETE FROM '.sql_table('plugin_event')); 05889 05890 // loop over all installed plugins 05891 $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin')); 05892 while($o = mysql_fetch_object($res)) { 05893 $pid = $o->pid; 05894 $plug =& $manager->getPlugin($o->pfile); 05895 if ($plug) 05896 { 05897 $eventList = $plug->getEventList(); 05898 foreach ($eventList as $eventName) 05899 sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.addslashes($eventName).'\')'); 05900 } 05901 } 05902 05903 $this->action_pluginlist(); 05904 } 05905 05909 function action_plugindelete() { 05910 global $member, $manager; 05911 05912 // check if allowed 05913 $member->isAdmin() or $this->disallow(); 05914 05915 $pid = intGetVar('plugid'); 05916 05917 if (!$manager->pidInstalled($pid)) 05918 $this->error(_ERROR_NOSUCHPLUGIN); 05919 05920 $this->pagehead(); 05921 ?> 05922 <h2><?php echo _DELETE_CONFIRM?></h2> 05923 05924 <p><?php echo _CONFIRMTXT_PLUGIN?> <strong><?php echo getPluginNameFromPid($pid)?></strong>?</p> 05925 05926 <form method="post" action="index.php"><div> 05927 <?php $manager->addTicketHidden() ?> 05928 <input type="hidden" name="action" value="plugindeleteconfirm" /> 05929 <input type="hidden" name="plugid" value="<?php echo $pid; ?>" /> 05930 <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" /> 05931 </div></form> 05932 <?php $this->pagefoot(); 05933 } 05934 05938 function action_plugindeleteconfirm() { 05939 global $member, $manager; 05940 05941 // check if allowed 05942 $member->isAdmin() or $this->disallow(); 05943 05944 $pid = intPostVar('plugid'); 05945 05946 $error = $this->deleteOnePlugin($pid, 1); 05947 if ($error) { 05948 $this->error($error); 05949 } 05950 05951 $this->action_pluginlist(); 05952 } 05953 05957 function deleteOnePlugin($pid, $callUninstall = 0) { 05958 global $manager; 05959 05960 $pid = intval($pid); 05961 05962 if (!$manager->pidInstalled($pid)) 05963 return _ERROR_NOSUCHPLUGIN; 05964 05965 $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid); 05966 05967 // call the unInstall method of the plugin 05968 if ($callUninstall) { 05969 $plugin =& $manager->getPlugin($name); 05970 if ($plugin) $plugin->unInstall(); 05971 } 05972 05973 // check dependency before delete 05974 $res = sql_query('SELECT pfile FROM '.sql_table('plugin')); 05975 while($o = mysql_fetch_object($res)) { 05976 $plug =& $manager->getPlugin($o->pfile); 05977 if ($plug) 05978 { 05979 $depList = $plug->getPluginDep(); 05980 foreach ($depList as $depName) 05981 { 05982 if ($name == $depName) 05983 { 05984 return _ERROR_DELREQPLUGIN . $o->pfile; 05985 } 05986 } 05987 } 05988 } 05989 05990 $manager->notify('PreDeletePlugin', array('plugid' => $pid)); 05991 05992 // delete all subscriptions 05993 sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid); 05994 05995 // delete all options 05996 // get OIDs from plugin_option_desc 05997 $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); 05998 $aOIDs = array(); 05999 while ($o = mysql_fetch_object($res)) { 06000 array_push($aOIDs, $o->oid); 06001 } 06002 06003 // delete from plugin_option and plugin_option_desc 06004 sql_query('DELETE FROM '.sql_table('plugin_option_desc').' WHERE opid=' . $pid); 06005 if (count($aOIDs) > 0) 06006 sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')'); 06007 06008 // update order numbers 06009 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid); 06010 $o = mysql_fetch_object($res); 06011 sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder); 06012 06013 // delete row 06014 sql_query('DELETE FROM '.sql_table('plugin').' WHERE pid='.$pid); 06015 06016 $manager->clearCachedInfo('installedPlugins'); 06017 $manager->notify('PostDeletePlugin', array('plugid' => $pid)); 06018 06019 return ''; 06020 } 06021 06025 function action_pluginup() { 06026 global $member, $manager; 06027 06028 // check if allowed 06029 $member->isAdmin() or $this->disallow(); 06030 06031 $plugid = intGetVar('plugid'); 06032 06033 if (!$manager->pidInstalled($plugid)) 06034 $this->error(_ERROR_NOSUCHPLUGIN); 06035 06036 // 1. get old order number 06037 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); 06038 $o = mysql_fetch_object($res); 06039 $oldOrder = $o->porder; 06040 06041 // 2. calculate new order number 06042 $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; 06043 06044 // 3. update plug numbers 06045 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); 06046 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); 06047 06048 //$this->action_pluginlist(); 06049 // To avoid showing ticket in the URL, redirect to pluginlist, instead. 06050 redirect('?action=pluginlist'); 06051 } 06052 06056 function action_plugindown() { 06057 global $member, $manager; 06058 06059 // check if allowed 06060 $member->isAdmin() or $this->disallow(); 06061 06062 $plugid = intGetVar('plugid'); 06063 if (!$manager->pidInstalled($plugid)) 06064 $this->error(_ERROR_NOSUCHPLUGIN); 06065 06066 // 1. get old order number 06067 $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid); 06068 $o = mysql_fetch_object($res); 06069 $oldOrder = $o->porder; 06070 06071 $res = sql_query('SELECT * FROM '.sql_table('plugin')); 06072 $maxOrder = mysql_num_rows($res); 06073 06074 // 2. calculate new order number 06075 $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; 06076 06077 // 3. update plug numbers 06078 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder); 06079 sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid); 06080 06081 //$this->action_pluginlist(); 06082 // To avoid showing ticket in the URL, redirect to pluginlist, instead. 06083 redirect('?action=pluginlist'); 06084 } 06085 06089 function action_pluginoptions($message = '') { 06090 global $member, $manager; 06091 06092 // check if allowed 06093 $member->isAdmin() or $this->disallow(); 06094 06095 $pid = intRequestVar('plugid'); 06096 if (!$manager->pidInstalled($pid)) 06097 $this->error(_ERROR_NOSUCHPLUGIN); 06098 06099 $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>'; 06100 $this->pagehead($extrahead); 06101 06102 ?> 06103 <p><a href="index.php?action=pluginlist">(<?php echo _PLUGS_BACK?>)</a></p> 06104 06105 <h2>Options for <?php echo htmlspecialchars(getPluginNameFromPid($pid))?></h2> 06106 06107 <?php if ($message) echo $message?> 06108 06109 <form action="index.php" method="post"> 06110 <div> 06111 <input type="hidden" name="action" value="pluginoptionsupdate" /> 06112 <input type="hidden" name="plugid" value="<?php echo $pid?>" /> 06113 06114 <?php 06115 06116 $manager->addTicketHidden(); 06117 06118 $aOptions = array(); 06119 $aOIDs = array(); 06120 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC'; 06121 $r = sql_query($query); 06122 while ($o = mysql_fetch_object($r)) { 06123 array_push($aOIDs, $o->oid); 06124 $aOptions[$o->oid] = array( 06125 'oid' => $o->oid, 06126 'value' => $o->odef, 06127 'name' => $o->oname, 06128 'description' => $o->odesc, 06129 'type' => $o->otype, 06130 'typeinfo' => $o->oextra, 06131 'contextid' => 0 06132 ); 06133 } 06134 // fill out actual values 06135 if (count($aOIDs) > 0) { 06136 $r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')'); 06137 while ($o = mysql_fetch_object($r)) 06138 $aOptions[$o->oid]['value'] = $o->ovalue; 06139 } 06140 06141 // call plugins 06142 $manager->notify('PrePluginOptionsEdit',array('context' => 'global', 'plugid' => $pid, 'options'=>&$aOptions)); 06143 06144 $template['content'] = 'plugoptionlist'; 06145 $amount = showlist($aOptions,'table',$template); 06146 if ($amount == 0) 06147 echo '<p>',_ERROR_NOPLUGOPTIONS,'</p>'; 06148 06149 ?> 06150 </div> 06151 </form> 06152 <?php $this->pagefoot(); 06153 06154 06155 06156 } 06157 06161 function action_pluginoptionsupdate() { 06162 global $member, $manager; 06163 06164 // check if allowed 06165 $member->isAdmin() or $this->disallow(); 06166 06167 $pid = intRequestVar('plugid'); 06168 if (!$manager->pidInstalled($pid)) 06169 $this->error(_ERROR_NOSUCHPLUGIN); 06170 06171 $aOptions = requestArray('plugoption'); 06172 NucleusPlugin::_applyPluginOptions($aOptions); 06173 06174 $manager->notify('PostPluginOptionsUpdate',array('context' => 'global', 'plugid' => $pid)); 06175 06176 $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED); 06177 } 06178 06183 function _insertPluginOptions($context, $contextid = 0) { 06184 // get all current values for this contextid 06185 // (note: this might contain doubles for overlapping contextids) 06186 $aIdToValue = array(); 06187 $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid)); 06188 while ($o = mysql_fetch_object($res)) { 06189 $aIdToValue[$o->oid] = $o->ovalue; 06190 } 06191 06192 // get list of oids per pid 06193 $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin') 06194 . ' WHERE opid=pid and ocontext=\''.addslashes($context).'\' ORDER BY porder, oid ASC'; 06195 $res = sql_query($query); 06196 $aOptions = array(); 06197 while ($o = mysql_fetch_object($res)) { 06198 if (in_array($o->oid, array_keys($aIdToValue))) 06199 $value = $aIdToValue[$o->oid]; 06200 else 06201 $value = $o->odef; 06202 06203 array_push($aOptions, array( 06204 'pid' => $o->pid, 06205 'pfile' => $o->pfile, 06206 'oid' => $o->oid, 06207 'value' => $value, 06208 'name' => $o->oname, 06209 'description' => $o->odesc, 06210 'type' => $o->otype, 06211 'typeinfo' => $o->oextra, 06212 'contextid' => $contextid, 06213 'extra' => '' 06214 )); 06215 } 06216 06217 global $manager; 06218 $manager->notify('PrePluginOptionsEdit',array('context' => $context, 'contextid' => $contextid, 'options'=>&$aOptions)); 06219 06220 06221 $iPrevPid = -1; 06222 foreach ($aOptions as $aOption) { 06223 06224 // new plugin? 06225 if ($iPrevPid != $aOption['pid']) { 06226 $iPrevPid = $aOption['pid']; 06227 06228 echo '<tr><th colspan="2">Options for ', htmlspecialchars($aOption['pfile']),'</th></tr>'; 06229 } 06230 06231 echo '<tr>'; 06232 listplug_plugOptionRow($aOption); 06233 echo '</tr>'; 06234 06235 } 06236 06237 06238 } 06239 06244 function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO, $isAdmin = 0) { 06245 $id = htmlspecialchars($name); 06246 $id = str_replace('[','-',$id); 06247 $id = str_replace(']','-',$id); 06248 $id1 = $id . htmlspecialchars($value1); 06249 $id2 = $id . htmlspecialchars($value2); 06250 06251 if ($name=="admin") { 06252 echo '<input onclick="selectCanLogin(true);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" '; 06253 } else { 06254 echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" '; 06255 } 06256 06257 if ($checkedval == $value1) 06258 echo "tabindex='$tabindex' checked='checked'"; 06259 echo ' id="'.$id1.'" /><label for="'.$id1.'">' . $yesval . '</label>'; 06260 echo ' '; 06261 if ($name=="admin") { 06262 echo '<input onclick="selectCanLogin(false);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" '; 06263 } else { 06264 echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value2),'" '; 06265 } 06266 if ($checkedval != $value1) 06267 echo "tabindex='$tabindex' checked='checked'"; 06268 if ($isAdmin && $name=="canlogin") 06269 echo " disabled='true'"; 06270 echo ' id="'.$id2.'" /><label for="'.$id2.'">' . $noval . '</label>'; 06271 } 06272 06273 } // class ADMIN 06274 06275 ?>
1.5.5