<?php
/**
* BLOG:CMS: PHP/MySQL Personal Content Management System (CMS)
* http://blogcms.com/
* ----------------------------------------------------------------
*
* Copyright (C) 2003-2005 Radek HULÁN
* http://hulan.cz/contact/
*
* Based on:
* ----------------------------------------------------------------
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
* Copyright (C) 2002-2003 The Nucleus Group
*
* ----------------------------------------------------------------
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
**/
$CONF = array();
include('./cfg.php');
$action = requestVar('action');
switch($action) {
case 'addcomment':
addComment('comment');
break;
case 'addpreview':
addComment('preview');
break;
case 'sendmessage':
sendMessage();
break;
case 'createaccount':
createAccount();
break;
case 'forgotpassword':
forgotPassword();
break;
case 'votepositive':
doKarma('pos');
break;
case 'votenegative':
doKarma('neg');
break;
case 'plugin':
callPlugin();
break;
default:
doError(_ERROR_BADACTION);
}
function addComment($type) {
global $CONF, $errormessage, $manager;
$CONF['ItemURL']=$CONF['IndexURL'];
$post['itemid'] = intPostVar('itemid');
$post['user'] = sql_escape(postVar('user'));
$post['userid'] = postVar('userid');
$post['body'] = postVar('body');
// set cookies when required
$remember = intPostVar('remember');
if ($remember == 1) {
$lifetime = time()+2592000;
setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
}
$comments = & new COMMENTS(intval($post['itemid']));
$blogid = getBlogIDFromItemID(intval($post['itemid']));
checkban($blogid);
$blog =& $manager->getBlog($blogid);
// note: preAddComment gets called somewhere inside addComment
$errormessage = $comments->addComment($blog->getCorrectTime(),$post,$type);
$manager->notify('PostAddComment',array('comment' => &$post, 'errormessage' => $errormessage));
if (empty($errormessage) || !isset($errormessage)) {
// redirect when adding comments succeeded
$url = fancyLink(intval($post['itemid']));
$query=sql_query('select max(cnumber) as anchor from '.sql_table('comment').' where citem='.strval($post['itemid']));
if ($row=sql_fetch_object($query))
if (strstr($url,'?'))
$url.='&comment='.$row->anchor.'#comment'.strval($row->anchor);
else
$url.='?comment='.$row->anchor.'#comment'.strval($row->anchor);
header('Expires: 0');
header('Pragma: no-cache');
Header('Location: ' . $url);
exit;
// }
} else {
// else, show error message using default skin for blog
doError($errormessage, new SKIN($blog->getDefaultSkin()));
}
}
// Sends a message from the current member to the member given as argument
function sendMessage() {
global $CONF, $member;
$CONF['ItemURL']=$CONF['IndexURL'];
$error = validateMessage();
if ($error != '') doError($error);
if (!$member->isLoggedIn()) {
$fromMail = postVar('frommail');
if (!isValidMailAddress($fromMail))
doError(_ERROR_BADMAILADDRESS);
$fromName = _MMAIL_FROMANON;
} else {
$fromMail = $member->getEmail();
$fromName = $member->getDisplayName();
}
$tomem = & new MEMBER();
$tomem->readFromId(postVar('memberid'));
$message = _MMAIL_MSG . ' ' . $fromName . "\n"
. '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
. _MMAIL_MAIL . " \n\n"
. postVar('message');
$message .= getMailFooter();
$title = _MMAIL_TITLE . ' ' . $fromName;
@mail($tomem->getEmail(), $title, $message, "From: $fromMail \nContent-Type: text/plain; charset="._CHARSET);
if (postVar('url')) {
header('Expires: 0');
header('Pragma: no-cache');
Header('Location: ' . postVar('url'));
} else {
$CONF['MemberURL'] = $CONF['IndexURL'];
$url = createMemberLink($tomem->getID());
header('Expires: 0');
header('Pragma: no-cache');
Header('Location: ' . $url);
}
}
function validateMessage() {
global $CONF, $member, $manager;
$CONF['ItemURL']=$CONF['IndexURL'];
if (!$CONF['AllowMemberMail'])
return _ERROR_MEMBERMAILDISABLED;
if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
return _ERROR_DISALLOWED;
if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
return _ERROR_BADMAILADDRESS;
// let plugins do verification (any plugin which thinks the comment is invalid
// can change 'error' to something other than '')
$result = '';
$manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
return $result;
}
// creates a new user account
function createAccount() {
global $CONF, $manager;
if (!$CONF['AllowMemberCreate'])
doError(_ERROR_MEMBERCREATEDISABLED);
// create random password
$pw = genPassword(10);
// create member (non admin/can login/no notes)
$r = MEMBER::create(postVar('name'), postVar('realname'), $pw, postVar('email'), postVar('url'), 0, $CONF['NewMemberCanLogon'], '');
if ($r != 1)
doError($r);
// send message containing password.
$newmem = & new MEMBER();
$newmem->readFromName(postVar('name'));
$newmem->sendPassword($pw);
$manager->notify('PostRegister',array('member' => &$newmem));
if (postVar('desturl')) {
header('Expires: 0');
header('Pragma: no-cache');
Header('Location: ' . postVar('desturl'));
} else {
printNiceMessage("Account was created!");
}
}
// sends a new password
function forgotPassword() {
$membername = trim(postVar('name'));
if (!MEMBER::exists($membername))
doError(_ERROR_NOSUCHMEMBER);
$mem = MEMBER::createFromName($membername);
// check if e-mail address is correct
if (!($mem->getEmail() == postVar('email')))
doError(_ERROR_INCORRECTEMAIL);
$pw = genPassword(10);
$mem->setPassword($pw); // change password
$mem->write(); // save
$mem->sendPassword($pw);// send
if (postVar('url')) {
header('Expires: 0');
header('Pragma: no-cache');
Header('Location: ' . postVar('url'));
} else {
printNiceMessage(_MSG_PASSWORDSENT);
}
}
// handle karma votes
function doKarma($type) {
global $itemid, $member, $CONF, $manager;
$CONF['ItemURL']=$CONF['IndexURL'];
if (!$manager->existsItem($itemid,0,0)) doError(_ERROR_NOSUCHITEM);
$blogid = getBlogIDFromItemID($itemid);
checkban($blogid);
$karma =& $manager->getKarma($itemid);
// check if not already voted
if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
doError(_ERROR_VOTEDBEFORE);
// check if item does allow voting
$item =& $manager->getItem($itemid,0,0);
if ($item['closed'])
doError(_ERROR_ITEMCLOSED);
switch($type) {
case 'pos':
$karma->votePositive();
break;
case 'neg':
$karma->voteNegative();
break;
}
$blogid = getBlogIDFromItemID($itemid);
$blog =& $manager->getBlog($blogid);
// send email to notification address, if any
if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {
$mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
$mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
if ($member->isLoggedIn()) {
$mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
}
$mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
$mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n";
$mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
$mailto_msg .= getMailFooter();
$mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';
$frommail = $member->getNotifyFromMailAddress();
$notify = & new NOTIFICATION($blog->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg , $frommail);
}
$refererUrl = serverVar('HTTP_REFERER');
if ($refererUrl)
$url = $refererUrl;
else
$url = fancyLink($itemid);
header('Expires: 0');
header('Pragma: no-cache');
Header('Location: ' . $url);
}
/**
* Calls a plugin action
*/
function callPlugin() {
global $manager;
$pluginName = 'NP_' . requestVar('name');
$actionType = requestVar('type');
// 1: check if plugin is installed
if (!$manager->pluginInstalled($pluginName))
doError(_ERROR_NOSUCHPLUGIN);
// 2: call plugin
$pluginObject =& $manager->getPlugin($pluginName);
if ($pluginObject)
$error = $pluginObject->doAction($actionType);
else
$error = 'Could not load plugin (see actionlog)';
// doAction returns error when:
// - an error occurred (duh)
// - no actions are allowed (doAction is not implemented)
if ($error)
doError($error);
}
function checkban($blogid) {
// check if banned
$ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
if ($ban != 0) {
doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
}
}
?>