/** * returns true if this member can move/update an item to a given category, * false if not (see comments fot the tests that are executed) * * @param itemid * @param newcat (can also be of form 'newcat-x' with x=blogid) */ function canUpdateItem($itemid, $newcat) { global $manager; // item does not exists -> NOK if (!$manager->existsItem($itemid, 1, 1)) { return 0; } // cannot alter item -> NOK if (!$this->canAlterItem($itemid)) { return 0; } // if this is a 'newcat' style newcat // no blog admin of destination blog -> NOK // blog admin of destination blog -> OK if (strstr($newcat, 'newcat')) { // get blogid list($blogid) = sscanf($newcat, 'newcat-%d'); return $this->blogAdminRights($blogid); } // category does not exist -> NOK if (!$manager->existsCategory($newcat)) { return 0; } // get item $item =& $manager->getItem($itemid, 1, 1); // old catid = new catid -> OK if ($item['catid'] == $newcat) { return 1; } // not a valid category -> NOK $validCat = quickQuery('SELECT COUNT(*) AS result FROM ' . sql_table('category') . ' WHERE catid=' . intval($newcat)); if (!$validCat) { return 0; } // get destination blog $source_blogid = getBlogIDFromItemID($itemid); $dest_blogid = getBlogIDFromCatID($newcat); // not a team member of destination blog -> NOK if (!$this->teamRights($dest_blogid)) { return 0; } // if member is author of item -> OK if ($item['authorid'] == $this->getID()) { return 1; } // if member has admin rights on both blogs: OK if ($this->blogAdminRights($dest_blogid) && $this->blogAdminRights($source_blogid)) { return 1; } // all other cases: NOK return 0; }
/** * @todo document this */ function moveOneCategory($catid, $destblogid) { global $manager, $member; $catid = intval($catid); $destblogid = intval($destblogid); $blogid = getBlogIDFromCatID($catid); // mover should have admin rights on both blogs if (!$member->blogAdminRights($blogid)) { return _ERROR_DISALLOWED; } if (!$member->blogAdminRights($destblogid)) { return _ERROR_DISALLOWED; } // cannot move to self if ($blogid == $destblogid) { return _ERROR_MOVETOSELF; } // get blogs $blog =& $manager->getBlog($blogid); $destblog =& $manager->getBlog($destblogid); // check if the category is valid if (!$blog || !$blog->isValidCategory($catid)) { return _ERROR_NOSUCHCATEGORY; } // don't allow default category to be moved if ($blog->getDefaultCategory() == $catid) { return _ERROR_MOVEDEFCATEGORY; } $manager->notify('PreMoveCategory', array('catid' => &$catid, 'sourceblog' => &$blog, 'destblog' => &$destblog)); // update comments table (cblog) $query = 'SELECT inumber FROM ' . sql_table('item') . ' WHERE icat=' . $catid; $items = sql_query($query); while ($oItem = sql_fetch_object($items)) { sql_query('UPDATE ' . sql_table('comment') . ' SET cblog=' . $destblogid . ' WHERE citem=' . $oItem->inumber); } // update items (iblog) $query = 'UPDATE ' . sql_table('item') . ' SET iblog=' . $destblogid . ' WHERE icat=' . $catid; sql_query($query); // move category $query = 'UPDATE ' . sql_table('category') . ' SET cblog=' . $destblogid . ' WHERE catid=' . $catid; sql_query($query); $manager->notify('PostMoveCategory', array('catid' => &$catid, 'sourceblog' => &$blog, 'destblog' => $destblog)); }
function action_pathupdate() { global $oPluginAdmin; $o_oid = intRequestVar('oid'); $o_bid = intRequestVar('obd'); $o_param = requestVar('opr'); $o_name = requestVar('name'); $newPath = requestVar('path'); $action = requestVar('ret'); $msg = $this->plugin->RegistPath($o_oid, $newPath, $o_bid, $o_param, $o_name); if ($msg) { $this->error($msg); if ($msg[0] != 0) { return; exit; } } $mesage = _UPDATE_SUCCESS; switch ($action) { case 'catoverview': if ($o_param == 'subcategory') { $bid = getBlogIDFromCatID($o_bid); } else { $bid = $o_bid; } $this->action_categoryview($bid, _UPDATE_SUCCESS); break; case 'memberview': $this->action_memberview(_UPDATE_SUCCESS); break; case 'blogview': $this->action_blogview(_UPDATE_SUCCESS); break; case 'itemview': $this->action_itemview($o_bid, _UPDATE_SUCCESS); break; default: echo _UPDATE_SUCCESS; break; } return; }
function event_PrePluginOptionsUpdate($data) { $blog_option = $data['optionname'] == 'customurl_bname'; $cate_option = $data['optionname'] == 'customurl_cname'; $memb_option = $data['optionname'] == 'customurl_mname'; $arch_option = $data['optionname'] == 'customurl_archive'; $arvs_option = $data['optionname'] == 'customurl_archives'; $memd_option = $data['optionname'] == 'customurl_member'; $contextid = intval($data['contextid']); $context = $data['context']; if ($blog_option || $cate_option || $memb_option) { if ($context == 'member') { $blogid = 0; $query = 'SELECT mname as result FROM %s WHERE mnumber = %d'; $table = sql_table('member'); $name = quickQuery(sprintf($query, $table, $contextid)); } elseif (context == 'category') { $blogid = getBlogIDFromCatID($contextid); $query = 'SELECT cname as result FROM %s WHERE catid = %d'; $table = sql_table('category'); $name = quickQuery(sprintf($query, $table, $contextid)); } else { $blogid = 0; $query = 'SELECT bname as result FROM %s WHERE bnumber = %d'; $table = sql_table('blog'); $name = quickQuery(sprintf($query, $table, $contextid)); } $blogid = intval($blogid); $msg = $this->RegistPath($contextid, $data['value'], $blogid, $context, $name); if ($msg) { $this->error($msg); exit; } } elseif ($arch_option || $arvs_option || $memd_option) { if (!preg_match('/^[-_a-zA-Z0-9]+$/', $data['value'])) { $name = substr($data['optionname'], 8); $msg = array(1, _INVALID_ERROR, $name, _INVALID_MSG); $this->error($msg); exit; } else { return; } } return; }
/** * Tries to create an draft from the data in the current request (comes from * bookmarklet or admin area * * Returns an array with status info: * status = 'added', 'error', 'newcategory' * * @static * * Used by xmlHTTPRequest AutoDraft */ function createDraftFromRequest() { global $member, $manager; $i_author = $member->getID(); $i_body = postVar('body'); $i_title = postVar('title'); $i_more = postVar('more'); if (strtoupper(_CHARSET) != 'UTF-8') { $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8"); $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8"); $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8"); } //$i_actiontype = postVar('actiontype'); $i_closed = intPostVar('closed'); //$i_hour = intPostVar('hour'); //$i_minutes = intPostVar('minutes'); //$i_month = intPostVar('month'); //$i_day = intPostVar('day'); //$i_year = intPostVar('year'); $i_catid = postVar('catid'); $i_draft = 1; $type = postVar('type'); if ($type == 'edit') { $i_blogid = getBlogIDFromItemID(intPostVar('itemid')); } else { $i_blogid = intPostVar('blogid'); } $i_draftid = intPostVar('draftid'); if (!$member->canAddItem($i_catid)) { return array('status' => 'error', 'message' => _ERROR_DISALLOWED); } if (!trim($i_body)) { return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS); } // create new category if needed if (strstr($i_catid, 'newcat')) { // Set in default category $blog =& $manager->getBlog($i_blogid); $i_catid = $blog->getDefaultCategory(); } else { // force blogid (must be same as category id) $i_blogid = getBlogIDFromCatID($i_catid); $blog =& $manager->getBlog($i_blogid); } $posttime = 0; if ($i_draftid > 0) { ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0); $itemid = $i_draftid; } else { $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft); } // No plugin support in AutoSaveDraft yet //Setting the itemOptions //$aOptions = requestArray('plugoption'); //NucleusPlugin::_applyPluginOptions($aOptions, $itemid); //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid))); // success return array('status' => 'added', 'draftid' => $itemid); }
function selector() { global $itemid, $blogid, $memberid, $query, $amount, $archivelist, $maxresults; global $archive, $skinid, $blog, $memberinfo, $CONF, $member; global $imagepopup, $catid, $special; global $manager; $actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin'); $action = requestVar('action'); if (in_array($action, $actionNames)) { global $DIR_LIBS, $errormessage; include_once $DIR_LIBS . 'ACTION.php'; $a = new ACTION(); $errorInfo = $a->doAction($action); if ($errorInfo) { $errormessage = $errorInfo['message']; } } // show error when headers already sent out if (headers_sent() && $CONF['alertOnHeadersSent']) { // try to get line number/filename (extra headers_sent params only exists in PHP 4.3+) if (function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=')) { headers_sent($hsFile, $hsLine); $extraInfo = sprintf(_GFUNCTIONS_HEADERSALREADYSENT_FILE, $hsFile, $hsLine); } else { $extraInfo = ''; } startUpError(sprintf(_GFUNCTIONS_HEADERSALREADYSENT_TXT, $extraInfo), _GFUNCTIONS_HEADERSALREADYSENT_TITLE); exit; } // make is so ?archivelist without blogname or blogid shows the archivelist // for the default weblog if (serverVar('QUERY_STRING') == 'archivelist') { $archivelist = $CONF['DefaultBlog']; } // now decide which type of skin we need if ($itemid) { // itemid given -> only show that item $type = 'item'; if (!$manager->existsItem($itemid, intval($CONF['allowFuture']), intval($CONF['allowDrafts']))) { doError(_ERROR_NOSUCHITEM); } global $itemidprev, $itemidnext, $catid, $itemtitlenext, $itemtitleprev; // 1. get timestamp, blogid and catid for item $query = 'SELECT itime, iblog, icat FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid); $res = sql_query($query); $obj = sql_fetch_object($res); // if a different blog id has been set through the request or selectBlog(), // deny access if ($blogid && intval($blogid) != $obj->iblog) { if (!headers_sent()) { $b =& $manager->getBlog($obj->iblog); $CONF['ItemURL'] = $b->getURL(); if ($CONF['URLMode'] == 'pathinfo' and substr($CONF['ItemURL'], -1) == '/') { $CONF['ItemURL'] = substr($CONF['ItemURL'], 0, -1); } $correctURL = createItemLink($itemid, ''); redirect($correctURL); exit; } else { doError(_ERROR_NOSUCHITEM); } } // if a category has been selected which doesn't match the item, ignore the // category. #85 if ($catid != 0 && $catid != $obj->icat) { $catid = 0; } $blogid = $obj->iblog; $timestamp = strtotime($obj->itime); $b =& $manager->getBlog($blogid); if ($b->isValidCategory($catid)) { $catextra = ' and icat=' . $catid; } else { $catextra = ''; } // get previous itemid and title $query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime<' . mysqldate($timestamp) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime DESC LIMIT 1'; $res = sql_query($query); $obj = sql_fetch_object($res); if ($obj) { $itemidprev = $obj->inumber; $itemtitleprev = $obj->ititle; } // get next itemid and title $query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime>' . mysqldate($timestamp) . ' and itime <= ' . mysqldate($b->getCorrectTime()) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime ASC LIMIT 1'; $res = sql_query($query); $obj = sql_fetch_object($res); if ($obj) { $itemidnext = $obj->inumber; $itemtitlenext = $obj->ititle; } } elseif ($archive) { // show archive $type = 'archive'; // get next and prev month links ... global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists; // sql queries for the timestamp of the first and the last published item $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime ASC"; $first_timestamp = quickQuery($query); $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime DESC"; $last_timestamp = quickQuery($query); sscanf($archive, '%d-%d-%d', $y, $m, $d); if ($d != 0) { $archivetype = _ARCHIVETYPE_DAY; $t = mktime(0, 0, 0, $m, $d, $y); // one day has 24 * 60 * 60 = 86400 seconds $archiveprev = strftime('%Y-%m-%d', $t - 86400); // check for published items if ($t > $first_timestamp) { $archiveprevexists = true; } else { $archiveprevexists = false; } // one day later $t += 86400; $archivenext = strftime('%Y-%m-%d', $t); if ($t < $last_timestamp) { $archivenextexists = true; } else { $archivenextexists = false; } } elseif ($m == 0) { $archivetype = _ARCHIVETYPE_YEAR; $t = mktime(0, 0, 0, 12, 31, $y - 1); // one day before is in the previous year $archiveprev = strftime('%Y', $t); if ($t > $first_timestamp) { $archiveprevexists = true; } else { $archiveprevexists = false; } // timestamp for the next year $t = mktime(0, 0, 0, 1, 1, $y + 1); $archivenext = strftime('%Y', $t); if ($t < $last_timestamp) { $archivenextexists = true; } else { $archivenextexists = false; } } else { $archivetype = _ARCHIVETYPE_MONTH; $t = mktime(0, 0, 0, $m, 1, $y); // one day before is in the previous month $archiveprev = strftime('%Y-%m', $t - 86400); if ($t > $first_timestamp) { $archiveprevexists = true; } else { $archiveprevexists = false; } // timestamp for the next month $t = mktime(0, 0, 0, $m + 1, 1, $y); $archivenext = strftime('%Y-%m', $t); if ($t < $last_timestamp) { $archivenextexists = true; } else { $archivenextexists = false; } } } elseif ($archivelist) { $type = 'archivelist'; if (is_numeric($archivelist)) { $blogid = intVal($archivelist); } else { $blogid = getBlogIDFromName($archivelist); } if (!$blogid) { doError(_ERROR_NOSUCHBLOG); } } elseif ($query) { global $startpos; $type = 'search'; $query = stripslashes($query); if (preg_match("/^(¡{2}|ã€{2}| )+\$/", $query)) { $type = 'index'; } // $order = (_CHARSET == 'EUC-JP') ? 'EUC-JP, UTF-8,' : 'UTF-8, EUC-JP,'; // $query = mb_convert_encoding($query, _CHARSET, $order . ' JIS, SJIS, ASCII'); switch (strtolower(_CHARSET)) { case 'utf-8': $order = 'ASCII, UTF-8, EUC-JP, JIS, SJIS, EUC-CN, ISO-8859-1'; break; case 'gb2312': $order = 'ASCII, EUC-CN, EUC-JP, UTF-8, JIS, SJIS, ISO-8859-1'; break; case 'shift_jis': // Note that shift_jis is only supported for output. // Using shift_jis in DB is prohibited. $order = 'ASCII, SJIS, EUC-JP, UTF-8, JIS, EUC-CN, ISO-8859-1'; break; default: // euc-jp,iso-8859-x,windows-125x $order = 'ASCII, EUC-JP, UTF-8, JIS, SJIS, EUC-CN, ISO-8859-1'; break; } $query = mb_convert_encoding($query, _CHARSET, $order); if (is_numeric($blogid)) { $blogid = intVal($blogid); } else { $blogid = getBlogIDFromName($blogid); } if (!$blogid) { doError(_ERROR_NOSUCHBLOG); } } elseif ($memberid) { $type = 'member'; if (!MEMBER::existsID($memberid)) { doError(_ERROR_NOSUCHMEMBER); } $memberinfo = $manager->getMember($memberid); } elseif ($imagepopup) { // media object (images etc.) $type = 'imagepopup'; // TODO: check if media-object exists // TODO: set some vars? } else { // show regular index page global $startpos; $type = 'index'; } // any type of skin with catid if ($catid && !$blogid) { $blogid = getBlogIDFromCatID($catid); } // decide which blog should be displayed if (!$blogid) { $blogid = $CONF['DefaultBlog']; } $b =& $manager->getBlog($blogid); $blog = $b; // references can't be placed in global variables? if (!$blog->isValid) { doError(_ERROR_NOSUCHBLOG); } // set catid if necessary if ($catid) { // check if the category is valid if (!$blog->isValidCategory($catid)) { doError(_ERROR_NOSUCHCATEGORY); } else { $blog->setSelectedCategory($catid); } } // decide which skin should be used if ($skinid != '' && $skinid == 0) { selectSkin($skinid); } if (!$skinid) { $skinid = $blog->getDefaultSkin(); } //$special = requestVar('special'); //get at top of file as global if (!empty($special) && isValidShortName($special)) { $type = strtolower($special); } $skin = new SKIN($skinid); if (!$skin->isValid) { doError(_ERROR_NOSUCHSKIN); } // set global skinpart variable so can determine quickly what is being parsed from any plugin or phpinclude global $skinpart; $skinpart = $type; // parse the skin $skin->parse($type); // check to see we should throw JustPosted event $blog->checkJustPosted(); }