Location: PHPKode > projects > BLOG:CMS > action.php
<?php
/**
  * BLOG:CMS: PHP/MySQL Personal Content Management System (CMS)
  * http://blogcms.com/
  * ----------------------------------------------------------------
  *
  * Copyright (C) 2003-2005 Radek HULÁN
  * http://hulan.cz/contact/
  *
  * Based on: 
  * ----------------------------------------------------------------
  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) 
  * Copyright (C) 2002-2003 The Nucleus Group
  *
  * ----------------------------------------------------------------
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2
  * of the License, or (at your option) any later version.
**/

$CONF = array();
include('./cfg.php');

$action = requestVar('action');
switch($action) {
	case 'addcomment':
		addComment('comment');
		break;
	case 'addpreview':
		addComment('preview');
		break;
	case 'sendmessage':
		sendMessage();
		break;
	case 'createaccount':
		createAccount();
		break;
	case 'forgotpassword':
		forgotPassword();
		break;
	case 'votepositive':
		doKarma('pos');
		break;
	case 'votenegative':
		doKarma('neg');
		break;
	case 'plugin':
		callPlugin();
		break;
	default:
		doError(_ERROR_BADACTION);
}

function addComment($type) {
	global $CONF, $errormessage, $manager;
	$CONF['ItemURL']=$CONF['IndexURL'];

	$post['itemid'] = intPostVar('itemid');
	$post['user'] = 	sql_escape(postVar('user'));
	$post['userid'] = postVar('userid');
	$post['body'] = 	postVar('body');

	// set cookies when required
	$remember = intPostVar('remember');
	if ($remember == 1) {
		$lifetime = time()+2592000;
		setcookie($CONF['CookiePrefix'] . 'comment_user',$post['user'],$lifetime,'/','',0);
		setcookie($CONF['CookiePrefix'] . 'comment_userid', $post['userid'],$lifetime,'/','',0);
	}

	$comments = & new COMMENTS(intval($post['itemid']));
	$blogid = getBlogIDFromItemID(intval($post['itemid']));
	checkban($blogid);
	$blog =& $manager->getBlog($blogid);

	// note: preAddComment gets called somewhere inside addComment
	$errormessage = $comments->addComment($blog->getCorrectTime(),$post,$type);
	$manager->notify('PostAddComment',array('comment' => &$post, 'errormessage' => $errormessage));

	if (empty($errormessage) || !isset($errormessage)) {
	  // redirect when adding comments succeeded
		$url = fancyLink(intval($post['itemid']));
	  $query=sql_query('select max(cnumber) as anchor from '.sql_table('comment').' where citem='.strval($post['itemid']));
	  if ($row=sql_fetch_object($query)) 
       if (strstr($url,'?'))
          $url.='&comment='.$row->anchor.'#comment'.strval($row->anchor);
       else
          $url.='?comment='.$row->anchor.'#comment'.strval($row->anchor);
		header('Expires: 0');
		header('Pragma: no-cache');
		Header('Location: ' . $url);
		exit;
		// }
	} else {
		// else, show error message using default skin for blog
		doError($errormessage, new SKIN($blog->getDefaultSkin()));
	}
}

// Sends a message from the current member to the member given as argument
function sendMessage() {
	global $CONF, $member;
	$CONF['ItemURL']=$CONF['IndexURL'];
	

  $error = validateMessage();
	if ($error != '') doError($error);
		
	if (!$member->isLoggedIn()) {
		$fromMail = postVar('frommail');
		if (!isValidMailAddress($fromMail))
			doError(_ERROR_BADMAILADDRESS);
		$fromName = _MMAIL_FROMANON;
	} else {
		$fromMail = $member->getEmail();
		$fromName = $member->getDisplayName();
	}

	$tomem = & new MEMBER();
	$tomem->readFromId(postVar('memberid'));

	$message  = _MMAIL_MSG . ' ' . $fromName . "\n"
		  . '(' . _MMAIL_FROMNUC. ' ' . $CONF['IndexURL'] .") \n\n"
		  . _MMAIL_MAIL . " \n\n"
		  . postVar('message');
	$message .= getMailFooter();

	$title = _MMAIL_TITLE . ' ' . $fromName;
	@mail($tomem->getEmail(), $title, $message, "From: $fromMail \nContent-Type: text/plain; charset="._CHARSET);

	if (postVar('url')) {
		header('Expires: 0');
		header('Pragma: no-cache');
		Header('Location: ' . postVar('url'));
	} else {
		$CONF['MemberURL'] = $CONF['IndexURL'];
		$url = createMemberLink($tomem->getID());
		header('Expires: 0');
		header('Pragma: no-cache');
		Header('Location: ' . $url);
	}

}

function validateMessage() {
	global $CONF, $member, $manager;
	$CONF['ItemURL']=$CONF['IndexURL'];

	if (!$CONF['AllowMemberMail']) 
		return _ERROR_MEMBERMAILDISABLED;

	if (!$member->isLoggedIn() && !$CONF['NonmemberMail'])
		return _ERROR_DISALLOWED;

	if (!$member->isLoggedIn() && (!isValidMailAddress(postVar('frommail'))))
		return _ERROR_BADMAILADDRESS;
		
	// let plugins do verification (any plugin which thinks the comment is invalid
	// can change 'error' to something other than '')
	$result = '';
	$manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
	
	return $result;
	
}
	
// creates a new user account
function createAccount() {
	global $CONF, $manager;

	if (!$CONF['AllowMemberCreate'])
		doError(_ERROR_MEMBERCREATEDISABLED);

	// create random password
	$pw = genPassword(10);
	// create member (non admin/can login/no notes)
	$r = MEMBER::create(postVar('name'), postVar('realname'), $pw, postVar('email'), postVar('url'), 0, $CONF['NewMemberCanLogon'], '');
	if ($r != 1)
		doError($r);
	// send message containing password.
	$newmem = & new MEMBER();
	$newmem->readFromName(postVar('name'));
	$newmem->sendPassword($pw);

	$manager->notify('PostRegister',array('member' => &$newmem));

	if (postVar('desturl')) {
		header('Expires: 0');
		header('Pragma: no-cache');
		Header('Location: ' . postVar('desturl'));
	} else {
		printNiceMessage("Account was created!");
	}
}

// sends a new password
function forgotPassword() {
	$membername = trim(postVar('name'));

	if (!MEMBER::exists($membername))
		doError(_ERROR_NOSUCHMEMBER);
	$mem = MEMBER::createFromName($membername);

	// check if e-mail address is correct
	if (!($mem->getEmail() == postVar('email')))
		doError(_ERROR_INCORRECTEMAIL);

	$pw = genPassword(10);
	$mem->setPassword($pw);	// change password
	$mem->write();			// save
	$mem->sendPassword($pw);// send

	if (postVar('url')) {
		header('Expires: 0');
		header('Pragma: no-cache');
		Header('Location: ' . postVar('url'));
	} else {
		printNiceMessage(_MSG_PASSWORDSENT);
	}
}



// handle karma votes
function doKarma($type) {
  global $itemid, $member, $CONF, $manager;
  $CONF['ItemURL']=$CONF['IndexURL'];

	if (!$manager->existsItem($itemid,0,0)) doError(_ERROR_NOSUCHITEM);

	$blogid = getBlogIDFromItemID($itemid);
	checkban($blogid);

	$karma =& $manager->getKarma($itemid);

	// check if not already voted
	if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR')))
		doError(_ERROR_VOTEDBEFORE);

	// check if item does allow voting
	$item =& $manager->getItem($itemid,0,0);
	if ($item['closed'])
		doError(_ERROR_ITEMCLOSED);

	switch($type) {
		case 'pos':
			$karma->votePositive();
			break;
		case 'neg':
			$karma->voteNegative();
			break;
	}

	$blogid = getBlogIDFromItemID($itemid);
	$blog =& $manager->getBlog($blogid);

	// send email to notification address, if any
	if ($blog->getNotifyAddress() && $blog->notifyOnVote()) {

		$mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n";
		$mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $itemid . "\n\n";
		if ($member->isLoggedIn()) {
			$mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
		}
		$mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n";
		$mailto_msg .= _NOTIFY_HOST . ' ' .  gethostbyaddr(serverVar('REMOTE_ADDR'))  . "\n";
		$mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n";
		$mailto_msg .= getMailFooter();

		$mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')';

		$frommail = $member->getNotifyFromMailAddress();

		$notify = & new NOTIFICATION($blog->getNotifyAddress());
		$notify->notify($mailto_title, $mailto_msg , $frommail);
	}


	$refererUrl = serverVar('HTTP_REFERER');
	if ($refererUrl)
	  $url = $refererUrl;
	else
		$url = fancyLink($itemid);

	header('Expires: 0');
	header('Pragma: no-cache');
	Header('Location: ' . $url);
}

/**
  * Calls a plugin action
  */
function callPlugin() {
	global $manager;

	$pluginName = 'NP_' . requestVar('name');
	$actionType = requestVar('type');

	// 1: check if plugin is installed
	if (!$manager->pluginInstalled($pluginName))
		doError(_ERROR_NOSUCHPLUGIN);

	// 2: call plugin
	$pluginObject =& $manager->getPlugin($pluginName);
	if ($pluginObject)
		$error = $pluginObject->doAction($actionType);
	else
		$error = 'Could not load plugin (see actionlog)';

	// doAction returns error when:
	// - an error occurred (duh)
	// - no actions are allowed (doAction is not implemented)
	if ($error)
		doError($error);

}

function checkban($blogid) {
	// check if banned
	$ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
	if ($ban != 0) {
		doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
	}

}
?>
Return current item: BLOG:CMS