if ($edited_Group->ID == 1) {
$Messages->add(T_('You can\'t delete Group #1!'), 'error');
$action = 'view_group';
break;
}
if ($edited_Group->ID == $Settings->get('newusers_grp_ID')) {
$Messages->add(T_('You can\'t delete the default group for new users!'), 'error');
$action = 'view_group';
break;
}
if (param('confirm', 'integer', 0)) {
// confirmed, Delete from DB:
$msg = sprintf(T_('Group «%s» deleted.'), $edited_Group->dget('name'));
$edited_Group->dbdelete($Messages);
unset($edited_Group);
forget_param('grp_ID');
$Messages->add($msg, 'success');
$action = 'list';
} else {
// not confirmed, Check for restrictions:
memorize_param('grp_ID', 'integer', true);
if (!$edited_Group->check_delete(sprintf(T_('Cannot delete Group «%s»'), $edited_Group->dget('name')))) {
// There are restrictions:
$action = 'view_group';
}
}
break;
}
}
// We might delegate to this action from above:
if ($action == 'edit_user') {
// Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
$AdminUI->disp_body_top();
$AdminUI->disp_payload_begin();
/**
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Thread->confirm_delete(sprintf(T_('Delete thread «%s»?'), $edited_Thread->dget('title')), 'messaging_threads', $action, get_memorized('action'));
$AdminUI->disp_view('messaging/views/_thread_list.view.php');
break;
case 'new':
case 'create':
$AdminUI->disp_view('messaging/views/_thread.form.php');
break;
default:
// No specific request, list all threads:
// Cleanup context:
forget_param('thrd_ID');
forget_param('msg_ID');
// Display threads list:
$AdminUI->disp_view('messaging/views/_thread_list.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
} else {
$msg = sprintf(T_('User «%s» deleted.'), $edited_User->dget('login'));
}
$send_reportpm = param('send_reportpm', 'integer', 0);
$increase_spam_score = param('increase_spam_score', 'integer', 0);
if ($send_reportpm || $increase_spam_score) {
// Get all user IDs who reported for the deleted user:
$report_user_IDs = get_user_reported_user_IDs($edited_User->ID);
}
$deleted_user_ID = $edited_User->ID;
$deleted_user_email = $edited_User->get('email');
$deleted_user_login = $edited_User->get('login');
if ($edited_User->dbdelete($Messages) !== false) {
// User has been deleted successfully
unset($edited_User);
forget_param('user_ID');
$Messages->add($msg, 'success');
// Find other users with the same email address:
$message_same_email_users = find_users_with_same_email($deleted_user_ID, $deleted_user_email, T_('Note: the same email address (%s) is still in use by: %s'));
if ($message_same_email_users !== false) {
$Messages->add($message_same_email_users, 'note');
}
if ($send_reportpm) {
// Send an info message to users who reported this deleted user:
user_send_report_message($report_user_IDs, $deleted_user_login);
}
if ($increase_spam_score) {
// Increase spam fighter score for the users who reported the deleted account:
user_increase_spam_score($report_user_IDs);
}
}
$AdminUI->set_path('options', 'cron');
param('action', 'string', 'list');
// We want to remember these params from page to page:
param('ctst_pending', 'integer', 0, true);
param('ctst_started', 'integer', 0, true);
param('ctst_timeout', 'integer', 0, true);
param('ctst_error', 'integer', 0, true);
param('ctst_finished', 'integer', 0, true);
param('results_crontab_order', 'string', '-D', true);
param('results_crontab_page', 'integer', 1, true);
if (param('ctsk_ID', 'integer', '', true)) {
// Load cronjob from cache:
$CronjobCache =& get_CronjobCache();
if (($edited_Cronjob =& $CronjobCache->get_by_ID($ctsk_ID, false)) === false) {
unset($edited_Cronjob);
forget_param('ctsk_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Scheduled job')), 'error');
$action = 'list';
}
}
// fp> The if below was the point where THE LINE WAS CROSSED!
// This is bloated here. This has to go into the action handling block (and maybe a function)
// THIS IS NO LONGER CONTROLLER INITIALIZATION. THIS IS ACTION EXECUTION!
// dh> ok. Moved the other param inits above. Ok? I don't think it should be an extra function..
// Init names and params for "static" available jobs and ask Plugins about their jobs:
if (in_array($action, array('new', 'create', 'edit', 'update', 'copy'))) {
// NOTE: keys starting with "plugin_" are reserved for jobs provided by Plugins
$cron_job_names = array('test' => T_('Basic test job'), 'error' => T_('Error test job'), 'anstispam_poll' => T_('Poll the antispam blacklist'), 'prune_hits_sessions' => T_('Prune old hits & sessions (includes OPTIMIZE)'), 'prune_page_cache' => T_('Prune old files from page cache'), 'post_by_email' => T_('Create posts by email'), 'process_hitlog' => T_('Extract info from hit log'), 'unread_message_reminder' => T_('Send reminders about unread messages'), 'activate_account_reminder' => T_('Send reminders about non-activated accounts'), 'comment_moderation_reminder' => T_('Send reminders about comments awaiting moderation'), 'return_path' => T_('Process the return path inbox'), 'light_db_maintenance' => T_('Light DB maintenance (ANALYZE)'), 'heavy_db_maintenance' => T_('Heavy DB maintenance (CHECK & OPTIMIZE)'));
$cron_job_params = array('test' => array('ctrl' => 'cron/jobs/_test.job.php', 'params' => NULL), 'error' => array('ctrl' => 'cron/jobs/_error_test.job.php', 'params' => NULL), 'anstispam_poll' => array('ctrl' => 'cron/jobs/_antispam_poll.job.php', 'params' => NULL), 'prune_hits_sessions' => array('ctrl' => 'cron/jobs/_prune_hits_sessions.job.php', 'params' => NULL), 'prune_page_cache' => array('ctrl' => 'cron/jobs/_prune_page_cache.job.php', 'params' => NULL), 'post_by_email' => array('ctrl' => 'cron/jobs/_post_by_email.job.php', 'params' => NULL), 'process_hitlog' => array('ctrl' => 'cron/jobs/_process_hitlog.job.php', 'params' => NULL), 'unread_message_reminder' => array('ctrl' => 'cron/jobs/_unread_message_reminder.job.php', 'params' => NULL), 'activate_account_reminder' => array('ctrl' => 'cron/jobs/_activate_account_reminder.job.php', 'params' => NULL), 'comment_moderation_reminder' => array('ctrl' => 'cron/jobs/_comment_moderation_reminder.job.php', 'params' => NULL), 'return_path' => array('ctrl' => 'cron/jobs/_decode_returned_emails.job.php', 'params' => NULL), 'light_db_maintenance' => array('ctrl' => 'cron/jobs/_light_db_maintenance.job.php', 'params' => NULL), 'heavy_db_maintenance' => array('ctrl' => 'cron/jobs/_heavy_db_maintenance.job.php', 'params' => NULL));
// Get additional jobs from Plugins:
foreach ($Plugins->trigger_collect('GetCronJobs') as $plug_ID => $jobs) {
}
// ------------------ COMMENT FORM INCLUDED HERE ------------------
skin_include('_item_comment_form.inc.php', $params);
// ---------------------- END OF COMMENT FORM ---------------------
echo '</div></div>';
if ($params['disp_trackbacks']) {
// We want to display trackbacks:
echo '<div class="section clearfix" id="section-trackbacks">
<div id="trackbacks-wrap"><div class="clearfix">';
if ($params['disp_trackback_url']) {
echo $params['before_section_title'];
echo $Skin->T_('Trackback address for this post');
echo $params['after_section_title'];
/*
* Trigger plugin event, which could display a captcha form, before generating a whitelisted URL:
*/
if (!$Plugins->trigger_event_first_true('DisplayTrackbackAddr', array('Item' => &$Item, 'template' => '<code>%url%</code>'))) {
// No plugin displayed a payload, so we just display the default:
echo '<p class="trackback_url"><code>' . $Item->get_trackback_url() . '</code></p>';
}
}
$params['comment_list_start'] = '<ul id="trackbacks" class="comments">';
$Skin->disp_feedback_list('trackback', $params);
echo '</div></div></div>';
}
// Restore "redir" param
forget_param('redir');
}
// Related posts
echo $Skin->get_related_posts($Skin->get_setting('display_related'));
echo '</div><!-- /tab sections --></div><!-- /tabbed content -->';
}
// Memorize this as the last "tab" used in the Blog Settings:
$UserSettings->set('pref_coll_settings_tab', 'manage_skins');
$UserSettings->dbupdate();
load_funcs('skins/_skin.funcs.php');
// Check permission to display:
$current_User->check_perm('options', 'view', true);
param('action', 'string', 'list');
param('redirect_to', 'url', '?ctrl=skins');
if (param('skin_ID', 'integer', '', true)) {
// Load file type:
$SkinCache =& get_SkinCache();
if (($edited_Skin =& $SkinCache->get_by_ID($skin_ID, false)) === false) {
// We could not find the skin to edit:
unset($edited_Skin);
forget_param('skin_ID');
$Messages->head = T_('Cannot edit skin!');
$Messages->add(T_('Requested skin is not installed any longer.'), 'error');
$action = 'nil';
}
}
/**
* Perform action:
*/
switch ($action) {
case 'create':
param('skin_folder', 'string', true);
// Check validity of requested skin name:
if (preg_match('~([^-A-Za-z0-9._]|\\.\\.)~', $skin_folder)) {
debug_die('The requested skin name is invalid.');
}
$AdminUI->disp_body_top();
$AdminUI->disp_payload_begin();
/**
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Currency->confirm_delete(sprintf(T_('Delete currency «%s»?'), $edited_Currency->dget('name')), 'currency', $action, get_memorized('action'));
case 'new':
case 'create':
case 'create_new':
case 'create_copy':
case 'edit':
case 'update':
$AdminUI->disp_view('regional/views/_currency.form.php');
break;
default:
// No specific request, list all currencies:
// Cleanup context:
forget_param('curr_ID');
// Display currency list:
$AdminUI->disp_view('regional/views/_currency_list.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
// Load thread from cache:
$ThreadCache =& get_ThreadCache();
if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) {
// Thread doesn't exists with this ID
unset($edited_Thread);
forget_param('thrd_ID');
if (!$error_messages_exist) {
// Display this error only when no error above
$Messages->add(T_('The requested thread does not exist any longer.'), 'error');
}
$thread_is_missed = true;
} else {
if (!$edited_Thread->check_thread_recipient($current_User->ID)) {
// Current user is not recipient of this thread
unset($edited_Thread);
forget_param('thrd_ID');
if (!$error_messages_exist) {
// Display this error only when no error above
$Messages->add(T_('You are not allowed to view this thread.'), 'error');
}
}
}
}
if (!$error_messages_exist && !$Messages->has_errors() && (empty($thrd_ID) || empty($edited_Thread))) {
// Display this error only when no error above
$Messages->add(T_('Can\'t show messages without thread!'), 'error');
$thread_is_missed = true;
} else {
// Preload users to show theirs avatars
load_messaging_thread_recipients($thrd_ID);
}
case 'delete':
// ---------- Delete a blog from DB ----------
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('collection');
// Check permissions:
$current_User->check_perm('blog_properties', 'edit', true, $blog);
if (param('confirm', 'integer', 0)) {
// confirmed
// Delete from DB:
$msg = sprintf(T_('Blog «%s» deleted.'), $edited_Blog->dget('name'));
$edited_Blog->dbdelete();
$Messages->add($msg, 'success');
$BlogCache->remove_by_ID($blog);
unset($edited_Blog);
unset($Blog);
forget_param('blog');
set_working_blog(0);
$UserSettings->delete('selected_blog');
// Needed or subsequent pages may try to access the delete blog
$UserSettings->dbupdate();
$action = 'list';
// Redirect so that a reload doesn't write to the DB twice:
$redirect_to = param('redirect_to', 'url', '?ctrl=collections');
header_redirect($redirect_to, 303);
// Will EXIT
// We have EXITed already at this point!!
}
break;
case 'update_settings':
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('collectionsettings');
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Itemtype->confirm_delete(sprintf(T_('Delete Post Type «%s»?'), $edited_Itemtype->dget('name')), 'itemtype', $action, get_memorized('action'));
/* no break */
/* no break */
case 'new':
case 'create':
case 'create_new':
case 'create_copy':
case 'edit':
case 'update':
// we return in this state after a validation error
$AdminUI->disp_view('items/views/_itemtype.form.php');
break;
default:
// No specific request, list all post types:
// Cleanup context:
forget_param('ityp_ID');
// Display post types list:
$AdminUI->disp_view('items/views/_itemtypes.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Userfield->confirm_delete(sprintf(T_('Delete user field «%s»?'), $edited_Userfield->dget('name')), 'userfield', $action, get_memorized('action'));
/* no break */
/* no break */
case 'new':
case 'create':
case 'create_new':
case 'create_copy':
case 'edit':
case 'update':
// we return in this state after a validation error
$AdminUI->disp_view('users/views/_userfield.form.php');
break;
default:
// No specific request, list all user fields:
// Cleanup context:
forget_param('ufdf_ID');
// Display user fields list:
$AdminUI->disp_view('users/views/_userfields.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
break;
case 'delete':
// Delete entry:
param($GenericElementCache->dbIDname, 'integer', true);
if (isset($perm_name)) {
// We need to Check permission:
$current_User->check_perm($perm_name, $perm_level, true);
}
// Set restrictions for element
$edited_GenericElement->delete_restrictions = $delete_restrictions;
if (param('confirm', 'integer', 0)) {
// confirmed, Delete from DB:
$msg = sprintf(T_('Element «%s» deleted.'), $edited_GenericElement->dget('name'));
$GenericElementCache->dbdelete_by_ID($edited_GenericElement->ID);
unset($edited_GenericElement);
forget_param($GenericElementCache->dbIDname);
$Messages->add($msg, 'success');
$action = 'list';
} else {
// not confirmed, Check for restrictions:
// Get the page number we come from:
$previous_page = param('results_' . $GenericElementCache->dbprefix . 'page', 'integer', 1, true);
if (!$edited_GenericElement->check_delete(sprintf(T_('Cannot delete element «%s»'), $edited_GenericElement->dget('name')))) {
// There are restrictions:
$action = 'edit';
}
}
break;
case 'sort_by_order':
// The list is sorted by the order column now.
$Results->order = '--A';
// we return in this state after a validation error
// we return in this state after a validation error
case 'create_copy':
// we return in this state after a validation error
// we return in this state after a validation error
case 'edit':
case 'update':
// we return in this state after a validation error
$AdminUI->disp_view('sessions/views/_internal_search.form.php');
break;
default:
// No specific request, list all file types:
switch ($tab3) {
case 'intsearches':
// Cleanup context:
forget_param('isrch_ID');
// Display goals list:
$AdminUI->disp_view('sessions/views/_stats_internal_searches.view.php');
break;
}
}
} else {
switch ($AdminUI->get_path(1)) {
case 'summary':
// Display VIEW:
switch ($tab3) {
case 'browser':
$AdminUI->disp_view('sessions/views/_stats_browserhits.view.php');
break;
case 'robot':
$AdminUI->disp_view('sessions/views/_stats_robots.view.php');
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Organization->confirm_delete(sprintf(T_('Delete organization «%s»?'), $edited_Organization->dget('name')), 'organization', $action, get_memorized('action'));
/* no break */
/* no break */
case 'new':
case 'create':
case 'create_new':
case 'create_copy':
case 'edit':
case 'update':
// we return in this state after a validation error
$AdminUI->disp_view('users/views/_organization.form.php');
break;
default:
// No specific request, list all organizations:
// Cleanup context:
forget_param('org_ID');
// Display organizations list:
$AdminUI->disp_view('users/views/_organization.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
$action = 'edit';
break;
case 'delete':
// Delete slug:
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('slug');
// Check that current user has permission to edit slugs:
$current_User->check_perm('slugs', 'edit', true);
// Make sure we got an slug_ID:
param('slug_ID', 'integer', true);
if (param('confirm', 'integer', 0)) {
// confirmed, Delete from DB:
$msg = sprintf(T_('Slug «%s» deleted.'), $edited_Slug->dget('title'));
$edited_Slug->dbdelete(true);
unset($edited_Slug);
forget_param('slug_ID');
$Messages->add($msg, 'success');
// Redirect so that a reload doesn't write to the DB twice:
header_redirect(regenerate_url('action', '', '', '&'), 303);
// Will EXIT
// We have EXITed already at this point!!
} else {
// not confirmed, Check for restrictions:
if (!$edited_Slug->check_delete(sprintf(T_('Cannot delete slug «%s»'), $edited_Slug->dget('title')), array(), true)) {
// There are restrictions:
$action = 'list';
}
}
break;
}
$AdminUI->breadcrumbpath_init(false);
// Check permission:
$current_User->check_perm('emails', 'view', true);
load_funcs('tools/model/_email.funcs.php');
param_action();
$tab = param('tab', 'string', 'blocked', true);
param('action', 'string');
if ($tab == 'blocked') {
// Email addresses
load_class('tools/model/_emailblocked.class.php', 'EmailBlocked');
if (param('emblk_ID', 'integer', '', true)) {
// Load Email Blocked object
$EmailBlockedCache =& get_EmailBlockedCache();
if (($edited_EmailBlocked =& $EmailBlockedCache->get_by_ID($emblk_ID, false)) === false) {
// We could not find the goal to edit:
unset($edited_EmailBlocked);
forget_param('emblk_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Email Blocked')), 'error');
}
}
}
switch ($action) {
case 'settings':
// Update the email settings
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('emailsettings');
// Check permission:
$current_User->check_perm('emails', 'edit', true);
/** Email notifications **/
// Sender email address
$sender_email = param('notification_sender_email', 'string', '');
param_check_email('notification_sender_email', true);
$tool = param('tool', 'string', '', true);
if (isset($filter['off'])) {
unset($filteron);
forget_param('filteron');
}
// Check permission:
$current_User->check_perm('options', 'view', true);
$current_User->check_perm('spamblacklist', 'view', true);
if (param('iprange_ID', 'integer', '', true)) {
// Load IP Range object
load_class('antispam/model/_iprange.class.php', 'IPRange');
$IPRangeCache =& get_IPRangeCache();
if (($edited_IPRange =& $IPRangeCache->get_by_ID($iprange_ID, false)) === false) {
// We could not find the goal to edit:
unset($edited_IPRange);
forget_param('iprange_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('IP Range')), 'error');
}
}
switch ($action) {
case 'ban':
// only an action if further "actions" given
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('antispam');
// Check permission:
$current_User->check_perm('spamblacklist', 'edit', true);
// TODO: This should become different for 'edit'/'add' perm level - check for 'add' here.
$keyword = utf8_substr($keyword, 0, 80);
param('delhits', 'integer', 0);
$all_statuses = get_visibility_statuses('keys', array('trash', 'redirected'));
$delstatuses = array();
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Filetype->confirm_delete(sprintf(T_('Delete file type «%s»?'), $edited_Filetype->dget('name')), 'filetype', $action, get_memorized('action'));
/* no break */
/* no break */
case 'new':
case 'copy':
case 'create':
// we return in this state after a validation error
// we return in this state after a validation error
case 'edit':
case 'update':
// we return in this state after a validation error
$AdminUI->disp_payload_begin();
$AdminUI->disp_view('files/views/_filetype.form.php');
$AdminUI->disp_payload_end();
break;
default:
// No specific request, list all file types:
// Cleanup context:
forget_param('ftype_ID');
// Display file types list:
$AdminUI->disp_payload_begin();
$AdminUI->disp_view('files/views/_filetype_list.view.php');
$AdminUI->disp_payload_end();
}
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
/**
* Handle messaging module htsrv actions
*/
function handle_htsrv_action()
{
global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url;
// Init objects we want to work on.
$action = param_action(true, true);
$disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads');
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_' . $disp);
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
if (!is_logged_in()) {
// user must be logged in
debug_die('User must be logged in to proceed with messaging updates!');
}
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
// set where to redirect
$redirect_to = param('redirect_to', 'url', NULL);
if (empty($redirect_to)) {
if (isset($Blog)) {
$redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp);
} else {
$redirect_to = url_add_param($baseurl, 'disp=' . $disp);
}
}
if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) {
// Load thread from cache:
$ThreadCache =& get_ThreadCache();
if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) {
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error');
$action = 'nil';
}
}
switch ($disp) {
// threads action
case 'threads':
if ($action != 'create') {
// Make sure we got a thrd_ID:
param('thrd_ID', 'integer', true);
}
switch ($action) {
case 'create':
// create thread
// check if create new thread is allowed
if (check_create_thread_limit()) {
// max new threads limit reached, don't allow to create new thread
debug_die('Invalid request, new conversation limit already reached!');
}
if (!create_new_thread()) {
// unsuccessful new thread creation
global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array;
$redirect_to .= '&action=new';
// save new message and thread params into the Session to not lose the content
$unsaved_message_params = array();
$unsaved_message_params['subject'] = $edited_Thread->title;
$unsaved_message_params['message'] = $edited_Message->text;
$unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual');
// alternative: discussion
$unsaved_message_params['thrd_recipients'] = $thrd_recipients;
$unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array;
save_message_params_to_session($unsaved_message_params);
}
break;
case 'delete':
// delete thread
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
$msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title'));
$edited_Thread->dbdelete(true);
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add($msg, 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = sprintf(T_('You are about to delete all messages in the conversation «%s».'), $edited_Thread->dget('title'));
$msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button;
$Messages->add($msg, 'error');
}
break;
case 'leave':
// user wants to leave the thread
leave_thread($edited_Thread->ID, $current_User->ID, false);
$Messages->add(sprintf(T_('You have successfuly left the «%s» conversation!'), $edited_Thread->get('title')), 'success');
break;
case 'close':
// close the thread
// close the thread
case 'close_and_block':
// close the thread and block contact
leave_thread($edited_Thread->ID, $current_User->ID, true);
// user has closed this conversation because there was only one other user involved
$Messages->add(sprintf(T_('You have successfuly closed the «%s» conversation!'), $edited_Thread->get('title')), 'success');
if ($action == 'close_and_block') {
// user also wants to block contact with the other user involved in this thread
$block_user_ID = param('block_ID', 'integer', true);
$UserCache =& get_UserCache();
$blocked_User = $UserCache->get_by_ID($block_user_ID);
set_contact_blocked($block_user_ID, true);
$Messages->add(sprintf(T_('«%s» was blocked.'), $blocked_User->get('login')), 'success');
}
break;
}
break;
// break from threads action switch
// contacts action
// break from threads action switch
// contacts action
case 'contacts':
$user_ID = param('user_ID', 'string', true);
if ($action != 'block' && $action != 'unblock') {
// only block or unblock is valid
debug_die("Invalid action param");
}
set_contact_blocked($user_ID, $action == 'block' ? 1 : 0);
$redirect_to = str_replace('&', '&', $redirect_to);
break;
// messages action
// messages action
case 'messages':
if ($action == 'create') {
// create new message
create_new_message($thrd_ID);
} elseif ($action == 'delete') {
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$msg_ID = param('msg_ID', 'integer', true);
$MessageCache =& get_MessageCache();
if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) {
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Message')), 'error');
break;
}
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
// delete message
$edited_Message->dbdelete();
unset($edited_Message);
$Messages->add(T_('Message deleted.'), 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1';
$delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button;
$Messages->add($msg, 'error');
}
}
break;
}
header_redirect($redirect_to);
// Will save $Messages into Session
}
function disp_feedback_list($type = 'comment', $params = array())
{
global $Blog, $Item, $app_version;
$type_list = array($type);
if (version_compare($app_version, '4.0') < 0) {
// b2evo 3
//array_walk($type_list, function(&$v){ $v = "'$v'"; });
foreach ($type_list as $v) {
$type_list_fixed[] = "'{$v}'";
}
$CommentList = new CommentList(NULL, implode(',', $type_list_fixed), array('published'), $Item->ID, '', 'ASC');
} else {
// b2evo 4
$type = substr($type, 0, 1);
$CommentList = new CommentList2($Blog, $Blog->get_setting('comments_per_page'), 'CommentCache', $type . '_');
// Filter list:
$CommentList->set_default_filters(array('types' => $type_list, 'statuses' => array('published'), 'post_ID' => $Item->ID, 'order' => $Blog->get_setting('comments_orderdir')));
$CommentList->load_from_Request();
// Get ready for display (runs the query):
$CommentList->display_init();
}
if ($CommentList->result_num_rows < 1) {
return;
}
forget_param('c');
forget_param('tb');
forget_param('pb');
forget_param('disp');
forget_param('more');
forget_param('title');
if (method_exists($CommentList, 'page_links') && $Blog->get_setting('paged_comments')) {
// Navigation
$CommentList->page_links(array('page_url' => url_add_tail($Item->get_permanent_url(), '#post-tabs'), 'block_start' => '<div class="comment-navigation clearfix">', 'block_end' => '</div>', 'prev_text' => '«', 'next_text' => '»'));
$nav_displayed = 1;
}
echo $params['comment_list_start'];
while ($Comment =& $CommentList->get_next()) {
// Loop through comments:
// ------------------ COMMENT INCLUDED HERE ------------------
skin_include($params['comment_template'], array('Comment' => &$Comment, 'comment_start' => $params['comment_start'], 'comment_end' => $params['comment_end'], 'link_to' => $params['link_to']));
// ---------------------- END OF COMMENT ---------------------
}
// End of comment list loop.
echo $params['comment_list_end'];
if (!empty($nav_displayed)) {
// Navigation
$CommentList->page_links(array('page_url' => url_add_tail($Item->get_permanent_url(), '#post-tabs'), 'block_start' => '<div class="comment-navigation clearfix">', 'block_end' => '</div>', 'prev_text' => '«', 'next_text' => '»'));
}
}
if (empty($error_message) && !@rename($oldFile->get_full_path(), $dir . $new_filename)) {
// rename original file to the new file name failed
$error_message = sprintf(T_("The original file could not be renamed to %s. The new file is now named %s."), $new_filename, $temp_filename);
}
if (empty($error_message) && !@rename($dir . $temp_filename, $dir . $old_filename)) {
// rename new file to the original file name failed
$error_message = sprintf(T_("The new file could not be renamed to %s. It is now named %s."), $old_filename, $temp_filename);
}
if (empty($error_message)) {
$Messages->add(sprintf(T_('%s has been replaced with the new version!'), $old_filename), 'success');
} else {
$Messages->add($error_message, 'error');
}
}
}
forget_param('renamedFiles');
unset($renamedFiles);
if ($upload_quickmode) {
header_redirect(regenerate_url('ctrl', 'ctrl=files', '', '&'));
}
}
// Process uploaded files:
if ($action != 'switchtab' && isset($_FILES) && count($_FILES)) {
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('file');
$upload_result = process_upload($fm_FileRoot->ID, $path, false, false, $upload_quickmode);
if (isset($upload_result)) {
$failedFiles = $upload_result['failedFiles'];
$uploadedFiles = $upload_result['uploadedFiles'];
$renamedFiles = $upload_result['renamedFiles'];
$renamedMessages = $upload_result['renamedMessages'];
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Invitation->confirm_delete(sprintf(T_('Delete invitation code «%s»?'), $edited_Invitation->dget('code')), 'invitation', $action, get_memorized('action'));
/* no break */
/* no break */
case 'new':
case 'create':
case 'create_new':
case 'create_copy':
case 'edit':
case 'update':
// we return in this state after a validation error
$AdminUI->disp_view('users/views/_invitation.form.php');
break;
default:
// No specific request, list all invitation codes:
// Cleanup context:
forget_param('ivc_ID');
// Display invitation codes list:
$AdminUI->disp_view('users/views/_invitation.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
$action = 'edit';
break;
case 'delete':
// Delete tag:
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('tag');
// Check that current user has permission to edit tags:
$current_User->check_perm('options', 'edit', true);
// Make sure we got an tag_ID:
param('tag_ID', 'integer', true);
if (param('confirm', 'integer', 0)) {
// confirmed, Delete from DB:
$msg = sprintf(T_('Tag "%s" has been deleted.'), '<b>' . $edited_ItemTag->dget('name') . '</b>');
$edited_ItemTag->dbdelete();
unset($edited_ItemTag);
forget_param('tag_ID');
$Messages->add($msg, 'success');
// Redirect so that a reload doesn't write to the DB twice:
header_redirect(regenerate_url('action', '', '', '&'), 303);
// Will EXIT
// We have EXITed already at this point!!
} else {
// not confirmed, Check for restrictions:
if (!$edited_ItemTag->check_delete(sprintf(T_('Cannot delete tag "%s"'), '<b>' . $edited_ItemTag->dget('name') . '</b>'), array(), true)) {
// There are restrictions:
$action = 'list';
}
}
break;
case 'unlink':
// Unlink tag from the post:
/* EXIT */
// In case we changed the redirect someday:
unset($edited_Chapter);
$cat_ID = NULL;
$action = 'list';
break;
case 'delete':
// Delete entry:
param($ChapterCache->dbIDname, 'integer', true);
if (param('confirm', 'integer', 0)) {
// confirmed, Delete from DB:
$parent_ID = $edited_Chapter->parent_ID;
$msg = sprintf(T_('Chapter «%s» deleted.'), $edited_Chapter->dget('name'));
$ChapterCache->dbdelete_by_ID($edited_Chapter->ID);
unset($edited_Chapter);
forget_param($ChapterCache->dbIDname);
$Messages->add($msg, 'success');
// Redirect so that a reload doesn't write to the DB twice:
$redirect_to = get_chapter_redirect_url(param('redirect_page', 'string', ''), $parent_ID);
header_redirect($redirect_to, 303);
// Will EXIT
// We have EXITed already at this point!!
} else {
// not confirmed, Check for restrictions:
// TODO: dh> allow to delete a category which has links (and unbreak those after confirmation).
// Get the page number we come from:
$previous_page = param('results_' . $ChapterCache->dbprefix . 'page', 'integer', 1, true);
if (!$edited_Chapter->check_delete(sprintf(T_('Cannot delete element «%s»'), $edited_Chapter->dget('name')))) {
// There are restrictions:
$action = 'edit';
}
$edited_ComponentWidget->set('order', 0);
// Temporary
$edited_ComponentWidget->dbupdate();
$next_ComponentWidget->set('order', $order);
$next_ComponentWidget->dbupdate();
$edited_ComponentWidget->set('order', $next_order);
$edited_ComponentWidget->dbupdate();
}
$DB->commit();
break;
case 'delete':
// Remove a widget from container:
$msg = sprintf(T_('Widget «%s» removed.'), $edited_ComponentWidget->get_name());
$edited_ComponentWidget->dbdelete(true);
unset($edited_ComponentWidget);
forget_param('wi_ID');
$Messages->add($msg, 'success');
// PREVENT RELOAD & Switch to list mode:
header_redirect('?ctrl=widgets&blog=' . $blog);
break;
case 'list':
break;
default:
debug_die('Action: unhandled action');
}
/**
* Display page header, menus & messages:
*/
$AdminUI->set_coll_list_params('blog_properties', 'edit', array('ctrl' => 'widgets'), T_('List'), '?ctrl=collections&blog=0');
$AdminUI->set_path('blogs', 'widgets');
// Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
// Check permission:
$current_User->check_perm('emails', 'view', true);
load_class('email_campaigns/model/_emailcampaign.class.php', 'EmailCampaign');
load_funcs('email_campaigns/model/_emailcampaign.funcs.php');
param_action();
param('tab', 'string', 'info');
if (param('ecmp_ID', 'integer', '', true)) {
// Load Email Campaign object
$EmailCampaignCache =& get_EmailCampaignCache();
if (($edited_EmailCampaign =& $EmailCampaignCache->get_by_ID($ecmp_ID, false)) === false) {
// We could not find the goal to edit:
unset($edited_EmailCampaign);
forget_param('ecmp_ID');
$action = '';
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Email Campaign')), 'error');
}
}
switch ($action) {
case 'add':
// Add Email Campaign...
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('campaign');
// Check permission:
$current_User->check_perm('emails', 'edit', true);
$new_EmailCampaign = new EmailCampaign();
if (!$new_EmailCampaign->load_from_Request()) {
// We could not load data from form with errors:
$action = 'new';
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_UserfieldGroup->confirm_delete(sprintf(T_('Delete user field «%s»?'), $edited_UserfieldGroup->dget('name')), 'userfieldgroup', $action, get_memorized('action'));
/* no break */
/* no break */
case 'new':
case 'create':
case 'create_new':
case 'create_copy':
case 'edit':
case 'update':
// we return in this state after a validation error
$AdminUI->disp_view('users/views/_userfieldsgroup.form.php');
break;
default:
// No specific request, list all user fields:
// Cleanup context:
forget_param('ufgp_ID');
// Display user fields list:
$AdminUI->disp_view('users/views/_userfields.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
case 'delete':
// Delete entry:
param($GenericCategoryCache->dbIDname, 'integer', true);
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('element');
if (!$permission_to_edit) {
debug_die('No permission to edit');
}
// Set restrictions for element
$edited_GenericCategory->delete_restrictions = $delete_restrictions;
if (param('confirm', 'integer', 0)) {
// confirmed, Delete from DB:
$msg = sprintf(T_('Element «%s» deleted.'), $edited_GenericCategory->dget('name'));
$GenericCategoryCache->dbdelete_by_ID($edited_GenericCategory->ID);
unset($edited_GenericCategory);
forget_param($GenericCategoryCache->dbIDname);
$Messages->add($msg, 'success');
$action = 'list';
} else {
// not confirmed, Check for restrictions:
// Get the page number we come from:
$previous_page = param('results_' . $GenericCategoryCache->dbprefix . 'page', 'integer', 1, true);
if (!$edited_GenericCategory->check_delete(sprintf(T_('Cannot delete element «%s»'), $edited_GenericCategory->dget('name')))) {
// There are restrictions:
$action = 'edit';
}
}
break;
}
// Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
$AdminUI->disp_html_head();
$AdminUI->disp_body_top();
$AdminUI->disp_payload_begin();
/**
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
// We need to ask for confirmation:
$edited_Country->confirm_delete(sprintf(T_('Delete country «%s»?'), $edited_Country->dget('name')), 'country', $action, get_memorized('action'));
case 'new':
case 'create':
case 'create_new':
case 'create_copy':
case 'edit':
case 'update':
$AdminUI->disp_view('regional/views/_country.form.php');
break;
default:
// No specific request, list all countries:
// Cleanup context:
forget_param('ctry_ID');
// Display country list:
$AdminUI->disp_view('regional/views/_country_list.view.php');
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
$current_User->check_perm('emails', 'view', true);
load_class('tools/model/_emailaddress.class.php', 'EmailAddress');
load_funcs('tools/model/_email.funcs.php');
param_action();
$tab = param('tab', 'string', 'blocked', true);
$tab3 = param('tab3', 'string', '', true);
param('action', 'string');
if ($tab == 'blocked') {
// Email addresses
if (param('emadr_ID', 'integer', '', true)) {
// Load Email Address object
$EmailAddressCache =& get_EmailAddressCache();
if (($edited_EmailAddress =& $EmailAddressCache->get_by_ID($emadr_ID, false)) === false) {
// We could not find the goal to edit:
unset($edited_EmailAddress);
forget_param('emadr_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Email Address')), 'error');
}
}
}
switch ($action) {
case 'settings':
// Update the email settings
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('emailsettings');
// Check permission:
$current_User->check_perm('emails', 'edit', true);
switch ($tab3) {
case 'notifications':
/* Email service preferences: */
if ($Settings->get('smtp_enabled')) {
