/**
* returns true if this member can move/update an item to a given category,
* false if not (see comments fot the tests that are executed)
*
* @param itemid
* @param newcat (can also be of form 'newcat-x' with x=blogid)
*/
function canUpdateItem($itemid, $newcat)
{
global $manager;
// item does not exists -> NOK
if (!$manager->existsItem($itemid, 1, 1)) {
return 0;
}
// cannot alter item -> NOK
if (!$this->canAlterItem($itemid)) {
return 0;
}
// if this is a 'newcat' style newcat
// no blog admin of destination blog -> NOK
// blog admin of destination blog -> OK
if (strstr($newcat, 'newcat')) {
// get blogid
list($blogid) = sscanf($newcat, 'newcat-%d');
return $this->blogAdminRights($blogid);
}
// category does not exist -> NOK
if (!$manager->existsCategory($newcat)) {
return 0;
}
// get item
$item =& $manager->getItem($itemid, 1, 1);
// old catid = new catid -> OK
if ($item['catid'] == $newcat) {
return 1;
}
// not a valid category -> NOK
$validCat = quickQuery('SELECT COUNT(*) AS result FROM ' . sql_table('category') . ' WHERE catid=' . intval($newcat));
if (!$validCat) {
return 0;
}
// get destination blog
$source_blogid = getBlogIDFromItemID($itemid);
$dest_blogid = getBlogIDFromCatID($newcat);
// not a team member of destination blog -> NOK
if (!$this->teamRights($dest_blogid)) {
return 0;
}
// if member is author of item -> OK
if ($item['authorid'] == $this->getID()) {
return 1;
}
// if member has admin rights on both blogs: OK
if ($this->blogAdminRights($dest_blogid) && $this->blogAdminRights($source_blogid)) {
return 1;
}
// all other cases: NOK
return 0;
}
/**
* @todo document this
*/
function moveOneCategory($catid, $destblogid)
{
global $manager, $member;
$catid = intval($catid);
$destblogid = intval($destblogid);
$blogid = getBlogIDFromCatID($catid);
// mover should have admin rights on both blogs
if (!$member->blogAdminRights($blogid)) {
return _ERROR_DISALLOWED;
}
if (!$member->blogAdminRights($destblogid)) {
return _ERROR_DISALLOWED;
}
// cannot move to self
if ($blogid == $destblogid) {
return _ERROR_MOVETOSELF;
}
// get blogs
$blog =& $manager->getBlog($blogid);
$destblog =& $manager->getBlog($destblogid);
// check if the category is valid
if (!$blog || !$blog->isValidCategory($catid)) {
return _ERROR_NOSUCHCATEGORY;
}
// don't allow default category to be moved
if ($blog->getDefaultCategory() == $catid) {
return _ERROR_MOVEDEFCATEGORY;
}
$manager->notify('PreMoveCategory', array('catid' => &$catid, 'sourceblog' => &$blog, 'destblog' => &$destblog));
// update comments table (cblog)
$query = 'SELECT inumber FROM ' . sql_table('item') . ' WHERE icat=' . $catid;
$items = sql_query($query);
while ($oItem = sql_fetch_object($items)) {
sql_query('UPDATE ' . sql_table('comment') . ' SET cblog=' . $destblogid . ' WHERE citem=' . $oItem->inumber);
}
// update items (iblog)
$query = 'UPDATE ' . sql_table('item') . ' SET iblog=' . $destblogid . ' WHERE icat=' . $catid;
sql_query($query);
// move category
$query = 'UPDATE ' . sql_table('category') . ' SET cblog=' . $destblogid . ' WHERE catid=' . $catid;
sql_query($query);
$manager->notify('PostMoveCategory', array('catid' => &$catid, 'sourceblog' => &$blog, 'destblog' => $destblog));
}
function action_pathupdate()
{
global $oPluginAdmin;
$o_oid = intRequestVar('oid');
$o_bid = intRequestVar('obd');
$o_param = requestVar('opr');
$o_name = requestVar('name');
$newPath = requestVar('path');
$action = requestVar('ret');
$msg = $this->plugin->RegistPath($o_oid, $newPath, $o_bid, $o_param, $o_name);
if ($msg) {
$this->error($msg);
if ($msg[0] != 0) {
return;
exit;
}
}
$mesage = _UPDATE_SUCCESS;
switch ($action) {
case 'catoverview':
if ($o_param == 'subcategory') {
$bid = getBlogIDFromCatID($o_bid);
} else {
$bid = $o_bid;
}
$this->action_categoryview($bid, _UPDATE_SUCCESS);
break;
case 'memberview':
$this->action_memberview(_UPDATE_SUCCESS);
break;
case 'blogview':
$this->action_blogview(_UPDATE_SUCCESS);
break;
case 'itemview':
$this->action_itemview($o_bid, _UPDATE_SUCCESS);
break;
default:
echo _UPDATE_SUCCESS;
break;
}
return;
}
function event_PrePluginOptionsUpdate($data)
{
$blog_option = $data['optionname'] == 'customurl_bname';
$cate_option = $data['optionname'] == 'customurl_cname';
$memb_option = $data['optionname'] == 'customurl_mname';
$arch_option = $data['optionname'] == 'customurl_archive';
$arvs_option = $data['optionname'] == 'customurl_archives';
$memd_option = $data['optionname'] == 'customurl_member';
$contextid = intval($data['contextid']);
$context = $data['context'];
if ($blog_option || $cate_option || $memb_option) {
if ($context == 'member') {
$blogid = 0;
$query = 'SELECT mname as result FROM %s WHERE mnumber = %d';
$table = sql_table('member');
$name = quickQuery(sprintf($query, $table, $contextid));
} elseif (context == 'category') {
$blogid = getBlogIDFromCatID($contextid);
$query = 'SELECT cname as result FROM %s WHERE catid = %d';
$table = sql_table('category');
$name = quickQuery(sprintf($query, $table, $contextid));
} else {
$blogid = 0;
$query = 'SELECT bname as result FROM %s WHERE bnumber = %d';
$table = sql_table('blog');
$name = quickQuery(sprintf($query, $table, $contextid));
}
$blogid = intval($blogid);
$msg = $this->RegistPath($contextid, $data['value'], $blogid, $context, $name);
if ($msg) {
$this->error($msg);
exit;
}
} elseif ($arch_option || $arvs_option || $memd_option) {
if (!preg_match('/^[-_a-zA-Z0-9]+$/', $data['value'])) {
$name = substr($data['optionname'], 8);
$msg = array(1, _INVALID_ERROR, $name, _INVALID_MSG);
$this->error($msg);
exit;
} else {
return;
}
}
return;
}
/**
* Tries to create an draft from the data in the current request (comes from
* bookmarklet or admin area
*
* Returns an array with status info:
* status = 'added', 'error', 'newcategory'
*
* @static
*
* Used by xmlHTTPRequest AutoDraft
*/
function createDraftFromRequest()
{
global $member, $manager;
$i_author = $member->getID();
$i_body = postVar('body');
$i_title = postVar('title');
$i_more = postVar('more');
if (strtoupper(_CHARSET) != 'UTF-8') {
$i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8");
$i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8");
$i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8");
}
//$i_actiontype = postVar('actiontype');
$i_closed = intPostVar('closed');
//$i_hour = intPostVar('hour');
//$i_minutes = intPostVar('minutes');
//$i_month = intPostVar('month');
//$i_day = intPostVar('day');
//$i_year = intPostVar('year');
$i_catid = postVar('catid');
$i_draft = 1;
$type = postVar('type');
if ($type == 'edit') {
$i_blogid = getBlogIDFromItemID(intPostVar('itemid'));
} else {
$i_blogid = intPostVar('blogid');
}
$i_draftid = intPostVar('draftid');
if (!$member->canAddItem($i_catid)) {
return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
}
if (!trim($i_body)) {
return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
}
// create new category if needed
if (strstr($i_catid, 'newcat')) {
// Set in default category
$blog =& $manager->getBlog($i_blogid);
$i_catid = $blog->getDefaultCategory();
} else {
// force blogid (must be same as category id)
$i_blogid = getBlogIDFromCatID($i_catid);
$blog =& $manager->getBlog($i_blogid);
}
$posttime = 0;
if ($i_draftid > 0) {
ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0);
$itemid = $i_draftid;
} else {
$itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft);
}
// No plugin support in AutoSaveDraft yet
//Setting the itemOptions
//$aOptions = requestArray('plugoption');
//NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
//$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
// success
return array('status' => 'added', 'draftid' => $itemid);
}
function selector()
{
global $itemid, $blogid, $memberid, $query, $amount, $archivelist, $maxresults;
global $archive, $skinid, $blog, $memberinfo, $CONF, $member;
global $imagepopup, $catid, $special;
global $manager;
$actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin');
$action = requestVar('action');
if (in_array($action, $actionNames)) {
global $DIR_LIBS, $errormessage;
include_once $DIR_LIBS . 'ACTION.php';
$a = new ACTION();
$errorInfo = $a->doAction($action);
if ($errorInfo) {
$errormessage = $errorInfo['message'];
}
}
// show error when headers already sent out
if (headers_sent() && $CONF['alertOnHeadersSent']) {
// try to get line number/filename (extra headers_sent params only exists in PHP 4.3+)
if (function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=')) {
headers_sent($hsFile, $hsLine);
$extraInfo = sprintf(_GFUNCTIONS_HEADERSALREADYSENT_FILE, $hsFile, $hsLine);
} else {
$extraInfo = '';
}
startUpError(sprintf(_GFUNCTIONS_HEADERSALREADYSENT_TXT, $extraInfo), _GFUNCTIONS_HEADERSALREADYSENT_TITLE);
exit;
}
// make is so ?archivelist without blogname or blogid shows the archivelist
// for the default weblog
if (serverVar('QUERY_STRING') == 'archivelist') {
$archivelist = $CONF['DefaultBlog'];
}
// now decide which type of skin we need
if ($itemid) {
// itemid given -> only show that item
$type = 'item';
if (!$manager->existsItem($itemid, intval($CONF['allowFuture']), intval($CONF['allowDrafts']))) {
doError(_ERROR_NOSUCHITEM);
}
global $itemidprev, $itemidnext, $catid, $itemtitlenext, $itemtitleprev;
// 1. get timestamp, blogid and catid for item
$query = 'SELECT itime, iblog, icat FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid);
$res = sql_query($query);
$obj = sql_fetch_object($res);
// if a different blog id has been set through the request or selectBlog(),
// deny access
if ($blogid && intval($blogid) != $obj->iblog) {
if (!headers_sent()) {
$b =& $manager->getBlog($obj->iblog);
$CONF['ItemURL'] = $b->getURL();
if ($CONF['URLMode'] == 'pathinfo' and substr($CONF['ItemURL'], -1) == '/') {
$CONF['ItemURL'] = substr($CONF['ItemURL'], 0, -1);
}
$correctURL = createItemLink($itemid, '');
redirect($correctURL);
exit;
} else {
doError(_ERROR_NOSUCHITEM);
}
}
// if a category has been selected which doesn't match the item, ignore the
// category. #85
if ($catid != 0 && $catid != $obj->icat) {
$catid = 0;
}
$blogid = $obj->iblog;
$timestamp = strtotime($obj->itime);
$b =& $manager->getBlog($blogid);
if ($b->isValidCategory($catid)) {
$catextra = ' and icat=' . $catid;
} else {
$catextra = '';
}
// get previous itemid and title
$query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime<' . mysqldate($timestamp) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime DESC LIMIT 1';
$res = sql_query($query);
$obj = sql_fetch_object($res);
if ($obj) {
$itemidprev = $obj->inumber;
$itemtitleprev = $obj->ititle;
}
// get next itemid and title
$query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime>' . mysqldate($timestamp) . ' and itime <= ' . mysqldate($b->getCorrectTime()) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime ASC LIMIT 1';
$res = sql_query($query);
$obj = sql_fetch_object($res);
if ($obj) {
$itemidnext = $obj->inumber;
$itemtitlenext = $obj->ititle;
}
} elseif ($archive) {
// show archive
$type = 'archive';
// get next and prev month links ...
global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists;
// sql queries for the timestamp of the first and the last published item
$query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime ASC";
$first_timestamp = quickQuery($query);
$query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime DESC";
$last_timestamp = quickQuery($query);
sscanf($archive, '%d-%d-%d', $y, $m, $d);
if ($d != 0) {
$archivetype = _ARCHIVETYPE_DAY;
$t = mktime(0, 0, 0, $m, $d, $y);
// one day has 24 * 60 * 60 = 86400 seconds
$archiveprev = strftime('%Y-%m-%d', $t - 86400);
// check for published items
if ($t > $first_timestamp) {
$archiveprevexists = true;
} else {
$archiveprevexists = false;
}
// one day later
$t += 86400;
$archivenext = strftime('%Y-%m-%d', $t);
if ($t < $last_timestamp) {
$archivenextexists = true;
} else {
$archivenextexists = false;
}
} elseif ($m == 0) {
$archivetype = _ARCHIVETYPE_YEAR;
$t = mktime(0, 0, 0, 12, 31, $y - 1);
// one day before is in the previous year
$archiveprev = strftime('%Y', $t);
if ($t > $first_timestamp) {
$archiveprevexists = true;
} else {
$archiveprevexists = false;
}
// timestamp for the next year
$t = mktime(0, 0, 0, 1, 1, $y + 1);
$archivenext = strftime('%Y', $t);
if ($t < $last_timestamp) {
$archivenextexists = true;
} else {
$archivenextexists = false;
}
} else {
$archivetype = _ARCHIVETYPE_MONTH;
$t = mktime(0, 0, 0, $m, 1, $y);
// one day before is in the previous month
$archiveprev = strftime('%Y-%m', $t - 86400);
if ($t > $first_timestamp) {
$archiveprevexists = true;
} else {
$archiveprevexists = false;
}
// timestamp for the next month
$t = mktime(0, 0, 0, $m + 1, 1, $y);
$archivenext = strftime('%Y-%m', $t);
if ($t < $last_timestamp) {
$archivenextexists = true;
} else {
$archivenextexists = false;
}
}
} elseif ($archivelist) {
$type = 'archivelist';
if (is_numeric($archivelist)) {
$blogid = intVal($archivelist);
} else {
$blogid = getBlogIDFromName($archivelist);
}
if (!$blogid) {
doError(_ERROR_NOSUCHBLOG);
}
} elseif ($query) {
global $startpos;
$type = 'search';
$query = stripslashes($query);
if (preg_match("/^(¡{2}|ã€{2}| )+\$/", $query)) {
$type = 'index';
}
// $order = (_CHARSET == 'EUC-JP') ? 'EUC-JP, UTF-8,' : 'UTF-8, EUC-JP,';
// $query = mb_convert_encoding($query, _CHARSET, $order . ' JIS, SJIS, ASCII');
switch (strtolower(_CHARSET)) {
case 'utf-8':
$order = 'ASCII, UTF-8, EUC-JP, JIS, SJIS, EUC-CN, ISO-8859-1';
break;
case 'gb2312':
$order = 'ASCII, EUC-CN, EUC-JP, UTF-8, JIS, SJIS, ISO-8859-1';
break;
case 'shift_jis':
// Note that shift_jis is only supported for output.
// Using shift_jis in DB is prohibited.
$order = 'ASCII, SJIS, EUC-JP, UTF-8, JIS, EUC-CN, ISO-8859-1';
break;
default:
// euc-jp,iso-8859-x,windows-125x
$order = 'ASCII, EUC-JP, UTF-8, JIS, SJIS, EUC-CN, ISO-8859-1';
break;
}
$query = mb_convert_encoding($query, _CHARSET, $order);
if (is_numeric($blogid)) {
$blogid = intVal($blogid);
} else {
$blogid = getBlogIDFromName($blogid);
}
if (!$blogid) {
doError(_ERROR_NOSUCHBLOG);
}
} elseif ($memberid) {
$type = 'member';
if (!MEMBER::existsID($memberid)) {
doError(_ERROR_NOSUCHMEMBER);
}
$memberinfo = $manager->getMember($memberid);
} elseif ($imagepopup) {
// media object (images etc.)
$type = 'imagepopup';
// TODO: check if media-object exists
// TODO: set some vars?
} else {
// show regular index page
global $startpos;
$type = 'index';
}
// any type of skin with catid
if ($catid && !$blogid) {
$blogid = getBlogIDFromCatID($catid);
}
// decide which blog should be displayed
if (!$blogid) {
$blogid = $CONF['DefaultBlog'];
}
$b =& $manager->getBlog($blogid);
$blog = $b;
// references can't be placed in global variables?
if (!$blog->isValid) {
doError(_ERROR_NOSUCHBLOG);
}
// set catid if necessary
if ($catid) {
// check if the category is valid
if (!$blog->isValidCategory($catid)) {
doError(_ERROR_NOSUCHCATEGORY);
} else {
$blog->setSelectedCategory($catid);
}
}
// decide which skin should be used
if ($skinid != '' && $skinid == 0) {
selectSkin($skinid);
}
if (!$skinid) {
$skinid = $blog->getDefaultSkin();
}
//$special = requestVar('special'); //get at top of file as global
if (!empty($special) && isValidShortName($special)) {
$type = strtolower($special);
}
$skin = new SKIN($skinid);
if (!$skin->isValid) {
doError(_ERROR_NOSUCHSKIN);
}
// set global skinpart variable so can determine quickly what is being parsed from any plugin or phpinclude
global $skinpart;
$skinpart = $type;
// parse the skin
$skin->parse($type);
// check to see we should throw JustPosted event
$blog->checkJustPosted();
}
