/** * Adds a new comment to an item (if IP isn't banned) */ function addComment() { global $CONF, $errormessage, $manager; $post['itemid'] = intPostVar('itemid'); $post['user'] = postVar('user'); $post['userid'] = postVar('userid'); $post['email'] = postVar('email'); $post['body'] = postVar('body'); $post['remember'] = intPostVar('remember'); // set cookies when required #$remember = intPostVar('remember'); // begin if: "Remember Me" box checked if ($post['remember'] == 1) { $lifetime = time() + 2592000; setcookie($CONF['CookiePrefix'] . 'comment_user', $post['user'], $lifetime, '/', '', 0); setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'], $lifetime, '/', '', 0); setcookie($CONF['CookiePrefix'] . 'comment_email', $post['email'], $lifetime, '/', '', 0); } // end if $comments = new COMMENTS($post['itemid']); $blog_id = getBlogIDFromItemID($post['itemid']); $this->checkban($blog_id); $blog =& $manager->getBlog($blog_id); // note: PreAddComment and PostAddComment gets called somewhere inside addComment $errormessage = $comments->addComment($blog->getCorrectTime(), $post); // begin if: if ($errormessage == '1') { // redirect when adding comments succeeded if (postVar('url')) { redirect(postVar('url')); } else { $url = createItemLink($post['itemid']); redirect($url); } // end if } else { return array('message' => $errormessage, 'skinid' => $blog->getDefaultSkin()); } // end if exit; }
function _linklist_makeDetail($type) { $id = intPostVar('id'); switch ($type) { case 'group': _linklist_makeGroupForm($id); break; case 'link': _linklist_makeLinkForm($id); break; } }
/** * @todo document this */ function action_plugindeleteconfirm() { global $member, $manager, $CONF; // check if allowed $member->isAdmin() or $this->disallow(); $pid = intPostVar('plugid'); $error = $this->deleteOnePlugin($pid, 1); if ($error) { $this->error($error); } redirect($CONF['AdminURL'] . '?action=pluginlist'); // $this->action_pluginlist(); }
/** * Tries to create an draft from the data in the current request (comes from * bookmarklet or admin area * * Returns an array with status info: * status = 'added', 'error', 'newcategory' * * @static * * Used by xmlHTTPRequest AutoDraft */ function createDraftFromRequest() { global $member, $manager; $i_author = $member->getID(); $i_body = postVar('body'); $i_title = postVar('title'); $i_more = postVar('more'); if (strtoupper(_CHARSET) != 'UTF-8') { $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8"); $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8"); $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8"); } //$i_actiontype = postVar('actiontype'); $i_closed = intPostVar('closed'); //$i_hour = intPostVar('hour'); //$i_minutes = intPostVar('minutes'); //$i_month = intPostVar('month'); //$i_day = intPostVar('day'); //$i_year = intPostVar('year'); $i_catid = postVar('catid'); $i_draft = 1; $type = postVar('type'); if ($type == 'edit') { $i_blogid = getBlogIDFromItemID(intPostVar('itemid')); } else { $i_blogid = intPostVar('blogid'); } $i_draftid = intPostVar('draftid'); if (!$member->canAddItem($i_catid)) { return array('status' => 'error', 'message' => _ERROR_DISALLOWED); } if (!trim($i_body)) { return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS); } // create new category if needed if (strstr($i_catid, 'newcat')) { // Set in default category $blog =& $manager->getBlog($i_blogid); $i_catid = $blog->getDefaultCategory(); } else { // force blogid (must be same as category id) $i_blogid = getBlogIDFromCatID($i_catid); $blog =& $manager->getBlog($i_blogid); } $posttime = 0; if ($i_draftid > 0) { ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0); $itemid = $i_draftid; } else { $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft); } // No plugin support in AutoSaveDraft yet //Setting the itemOptions //$aOptions = requestArray('plugoption'); //NucleusPlugin::_applyPluginOptions($aOptions, $itemid); //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid))); // success return array('status' => 'added', 'draftid' => $itemid); }
break; case 24: $CONF['secureCookieKeyIP'] = preg_replace('/\\.[0-9]+$/', '', serverVar('REMOTE_ADDR')); break; case 32: $CONF['secureCookieKeyIP'] = serverVar('REMOTE_ADDR'); break; default: $CONF['secureCookieKeyIP'] = ''; } // login/logout when required or renew cookies if ($action == 'login') { // Form Authentication $login = postVar('login'); $pw = postVar('password'); $shared = intPostVar('shared'); // shared computer or not $pw = substr($pw, 0, 40); // avoid md5 collision by using a long key if ($member->login($login, $pw)) { $member->newCookieKey(); $member->setCookies($shared); if ($CONF['secureCookieKey'] !== 'none') { // secure cookie key $member->setCookieKey(md5($member->getCookieKey() . $CONF['secureCookieKeyIP'])); $member->write(); } // allows direct access to parts of the admin area after logging in if ($nextaction) { $action = $nextaction; }
function bm_doEditItem() { global $member, $manager, $CONF; $itemid = intRequestVar('itemid'); $catid = postVar('catid'); // only allow if user is allowed to alter item if (!$member->canUpdateItem($itemid, $catid)) { bm_doError(_ERROR_DISALLOWED); } $body = postVar('body'); $title = postVar('title'); $more = postVar('more'); $closed = intPostVar('closed'); $actiontype = postVar('actiontype'); $draftid = intPostVar('draftid'); // redirect to admin area on delete (has delete confirmation) if ($actiontype == 'delete') { redirect('index.php?action=itemdelete&itemid=' . $itemid); exit; } // create new category if needed (only on edit/changedate) if (strstr($catid, 'newcat')) { // get blogid list($blogid) = sscanf($catid, "newcat-%d"); // create $blog =& $manager->getBlog($blogid); $catid = $blog->createNewCategory(); // show error when sth goes wrong if (!$catid) { bm_doError(_BOOKMARKLET_ERROR_COULDNTNEWCAT); } } // only edit action is allowed for bookmarklet edit switch ($actiontype) { case 'changedate': $publish = 1; $wasdraft = 0; $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year')); break; case 'edit': $publish = 1; $wasdraft = 0; $timestamp = 0; break; case 'backtodrafts': $publish = 0; $wasdraft = 0; $timestamp = 0; break; default: bm_doError(_BOOKMARKLET_ERROR_SOMETHINGWRONG); } // update item for real ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp); if ($draftid > 0) { ITEM::delete($draftid); } // show success message if ($catid != intPostVar('catid')) { $href = 'index.php?action=categoryedit&blogid=' . $blog->getID() . '&catid=' . $catid; $onclick = 'if (event && event.preventDefault) event.preventDefault(); window.open(this.href); return false;'; $title = _BOOKMARKLET_NEW_WINDOW; $aTag = ' <a href="' . $href . '" onclick="' . $onclick . '" title="' . $title . '">'; $message = _BOOKMARKLET_NEW_CATEGORY . $aTag . _BOOKMARKLET_NEW_CATEGORY_EDIT . '</a>'; bm_message(_ITEM_UPDATED, _ITEM_UPDATED, _BOOKMARKLET_NEW_CATEGORY . $aTag . _BOOKMARKLET_NEW_CATEGORY_EDIT . '</a>', ''); } else { bm_message(_ITEM_UPDATED, _ITEM_UPDATED, _ITEM_UPDATED, ''); } }