b2evolution PHP Cross Reference Blogging Systems

Source: /inc/collections/collections.ctrl.php - 427 lines - 14161 bytes - Text - Print

Description: This file implements the UI controller for blog params management, including permissions. This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This file implements the UI controller for blog params management, including permissions.
   4   *
   5   * This file is part of the evoCore framework - {@link http://evocore.net/}
   6   * See also {@link http://sourceforge.net/projects/evocms/}.
   7   *
   8   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
   9   * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}.
  10   *
  11   * {@internal License choice
  12   * - If you have received this file as part of a package, please find the license.txt file in
  13   *   the same folder or the closest folder above for complete license terms.
  14   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  15   *   then you must choose one of the following licenses before using the file:
  16   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  17   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  18   * }}
  19   *
  20   * {@internal Open Source relicensing agreement:
  21   * Daniel HAHLER grants Francois PLANQUE the right to license
  22   * Daniel HAHLER's contributions to this file and the b2evolution project
  23   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  24   * }}
  25   *
  26   * @package admin
  27   *
  28   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  29   * @author fplanque: Francois PLANQUE.
  30   *
  31   * @todo (sessions) When creating a blog, provide "edit options" (3 tabs) instead of a single long "New" form (storing the new Blog object with the session data).
  32   * @todo Currently if you change the name of a blog it gets not reflected in the blog list buttons!
  33   *
  34   * @version $Id: collections.ctrl.php 6136 2014-03-08 07:59:48Z manuel $
  35   */
  36  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
  37  
  38  $AdminUI->set_path( 'blogs' );
  39  
  40  param( 'tab', 'string', 'list' );
  41  
  42  param_action( 'list' );
  43  
  44  if( $action != 'new'
  45      && $action != 'new-selskin'
  46      && $action != 'new-name'
  47      && $action != 'list'
  48      && $action != 'create'
  49      && $action != 'update_settings' )
  50  {
  51      if( valid_blog_requested() )
  52      {
  53          // echo 'valid blog requested';
  54          $edited_Blog = & $Blog;
  55      }
  56      else
  57      {
  58          // echo 'NO valid blog requested';
  59          $action = 'list';
  60      }
  61  }
  62  else
  63  {    // We are not working on a specific blog (yet) -- prevent highlighting one in the list
  64      set_working_blog( 0 );
  65  }
  66  
  67  
  68  /**
  69   * Perform action:
  70   */
  71  switch( $action )
  72  {
  73      case 'new':
  74          // New collection:
  75          // Check permissions:
  76          $current_User->check_perm( 'blogs', 'create', true );
  77  
  78          $AdminUI->append_path_level( 'new', array( 'text' => T_('New') ) );
  79          break;
  80  
  81      case 'new-selskin':
  82          // New collection:
  83          // Check permissions:
  84          $current_User->check_perm( 'blogs', 'create', true );
  85  
  86          param( 'kind', 'string', true );
  87  
  88          // dh> TODO: "New %s" is probably too generic. What can %s become? (please comment it in "TRANS")
  89          // Tblue> Look at get_collection_kinds(). I wrote a TRANS comment (30.01.09 22:03, HEAD).
  90          $AdminUI->append_path_level( 'new', array( 'text' => sprintf( /* TRANS: %s can become "Standard blog", "Photoblog", "Group blog" or "Forum" */ T_('New %s'), get_collection_kinds($kind) ) ) );
  91          break;
  92  
  93      case 'new-name':
  94          // New collection:
  95          // Check permissions:
  96          $current_User->check_perm( 'blogs', 'create', true );
  97  
  98          $edited_Blog = new Blog( NULL );
  99  
 100          $edited_Blog->set( 'owner_user_ID', $current_User->ID );
 101  
 102          param( 'kind', 'string', true );
 103          $edited_Blog->init_by_kind( $kind );
 104  
 105          param( 'skin_ID', 'integer', true );
 106  
 107          $AdminUI->append_path_level( 'new', array( 'text' => sprintf( T_('New %s'), get_collection_kinds($kind) ) ) );
 108          break;
 109  
 110      case 'create':
 111          // Insert into DB:
 112  
 113          // Check that this action request is not a CSRF hacked request:
 114          $Session->assert_received_crumb( 'collection' );
 115  
 116          // Check permissions:
 117          $current_User->check_perm( 'blogs', 'create', true );
 118  
 119          $edited_Blog = new Blog( NULL );
 120  
 121          $edited_Blog->set( 'owner_user_ID', $current_User->ID );
 122  
 123          param( 'kind', 'string', true );
 124          $edited_Blog->init_by_kind( $kind );
 125          if( ! $current_User->check_perm( 'blog_admin', 'edit', false, $edited_Blog->ID ) )
 126          { // validate the urlname, which was already set by init_by_kind() function
 127               // It needs to validated, because the user can not set the blog urlname, and every new blog would have the same urlname without validation.
 128               // When user has edit permission to blog admin part, the urlname will be validated in load_from_request() function.
 129              $edited_Blog->set( 'urlname', urltitle_validate( $edited_Blog->get( 'urlname' ) , '', 0, false, 'blog_urlname', 'blog_ID', 'T_blogs' ) );
 130          }
 131  
 132          param( 'skin_ID', 'integer', true );
 133          $edited_Blog->set_setting( 'normal_skin_ID', $skin_ID );
 134  
 135          if( $edited_Blog->load_from_Request( array() ) )
 136          {
 137              // create the new blog
 138              $edited_Blog->create( $kind );
 139  
 140              // We want to highlight the edited object on next list display:
 141              // $Session->set( 'fadeout_array', array( 'blog_ID' => array($edited_Blog->ID) ) );
 142  
 143              header_redirect( $dispatcher.'?ctrl=coll_settings&tab=features&blog='.$edited_Blog->ID ); // will save $Messages into Session
 144          }
 145          break;
 146  
 147  
 148      case 'delete':
 149          // ----------  Delete a blog from DB ----------
 150          // Check that this action request is not a CSRF hacked request:
 151          $Session->assert_received_crumb( 'collection' );
 152  
 153          // Check permissions:
 154          $current_User->check_perm( 'blog_properties', 'edit', true, $blog );
 155  
 156          if( param( 'confirm', 'integer', 0 ) )
 157          { // confirmed
 158              // Delete from DB:
 159              $msg = sprintf( T_('Blog &laquo;%s&raquo; deleted.'), $edited_Blog->dget('name') );
 160  
 161              if( $edited_Blog->dbdelete() )
 162              { // Blog was deleted
 163                  $Messages->add( $msg, 'success' );
 164  
 165                  $BlogCache->remove_by_ID( $blog );
 166                  unset( $edited_Blog );
 167                  unset( $Blog );
 168                  forget_param( 'blog' );
 169                  set_working_blog( 0 );
 170                  $UserSettings->delete( 'selected_blog' );    // Needed or subsequent pages may try to access the delete blog
 171                  $UserSettings->dbupdate();
 172              }
 173  
 174              $action = 'list';
 175              // Redirect so that a reload doesn't write to the DB twice:
 176              $redirect_to = param( 'redirect_to', 'url', '?ctrl=collections' );
 177              header_redirect( $redirect_to, 303 ); // Will EXIT
 178              // We have EXITed already at this point!!
 179          }
 180          else
 181          { // Check if blog has delete restrictions
 182              if( ! $edited_Blog->check_delete( sprintf( T_('Cannot delete Blog &laquo;%s&raquo;'), $edited_Blog->get_name() ), array( 'file_root_ID', 'cat_blog_ID' ) ) )
 183              { // There are restrictions:
 184                  $action = 'view';
 185              }
 186          }
 187          break;
 188  
 189  
 190      case 'update_settings':
 191          // Check that this action request is not a CSRF hacked request:
 192          $Session->assert_received_crumb( 'collectionsettings' );
 193  
 194          // Check permission:
 195          $current_User->check_perm( 'options', 'edit', true );
 196  
 197          if( param( 'default_blog_ID', 'integer', NULL ) !== NULL )
 198          {
 199              $Settings->set( 'default_blog_ID', $default_blog_ID );
 200          }
 201  
 202          $Settings->set( 'blogs_order_by', param( 'blogs_order_by', 'string', true ) );
 203          $Settings->set( 'blogs_order_dir', param( 'blogs_order_dir', 'string', true ) );
 204  
 205          // Reload page timeout
 206          $reloadpage_timeout = param_duration( 'reloadpage_timeout' );
 207  
 208          if( $reloadpage_timeout > 99999 )
 209          {
 210              param_error( 'reloadpage_timeout', sprintf( T_( 'Reload-page timeout must be between %d and %d seconds.' ), 0, 99999 ) );
 211          }
 212          $Settings->set( 'reloadpage_timeout', $reloadpage_timeout );
 213  
 214          // Smart hit count
 215          $Settings->set( 'smart_view_count', param( 'smart_view_count', 'integer', 0 ) );
 216  
 217          $new_cache_status = param( 'general_cache_enabled', 'integer', 0 );
 218          if( ! $Messages->has_errors() )
 219          {
 220              load_funcs( 'collections/model/_blog.funcs.php' );
 221              $result = set_cache_enabled( 'general_cache_enabled', $new_cache_status, NULL, false );
 222              if( $result != NULL )
 223              { // general cache setting was changed
 224                  list( $status, $message ) = $result;
 225                  $Messages->add( $message, $status );
 226              }
 227          }
 228  
 229          $Settings->set( 'newblog_cache_enabled', param( 'newblog_cache_enabled', 'integer', 0 ) );
 230          $Settings->set( 'newblog_cache_enabled_widget', param( 'newblog_cache_enabled_widget', 'integer', 0 ) );
 231  
 232          // Outbound pinging:
 233          param( 'outbound_notifications_mode', 'string', true );
 234          $Settings->set( 'outbound_notifications_mode',  get_param('outbound_notifications_mode') );
 235  
 236          // Categories:
 237          $Settings->set( 'allow_moving_chapters', param( 'allow_moving_chapters', 'integer', 0 ) );
 238          $Settings->set( 'chapter_ordering', param( 'chapter_ordering', 'string', 'alpha' ) );
 239  
 240          // Cross posting:
 241          $Settings->set( 'cross_posting', param( 'cross_posting', 'integer', 0 ) );
 242          $Settings->set( 'cross_posting_blogs', param( 'cross_posting_blogs', 'integer', 0 ) );
 243  
 244          // Subscribing to new blogs:
 245          $Settings->set( 'subscribe_new_blogs', param( 'subscribe_new_blogs', 'string', 'public' ) );
 246  
 247          // Default skins:
 248          if( param( 'def_normal_skin_ID', 'integer', NULL ) !== NULL )
 249          { // this can't be NULL
 250              $Settings->set( 'def_normal_skin_ID', get_param( 'def_normal_skin_ID' ) );
 251          }
 252          $Settings->set( 'def_mobile_skin_ID', param( 'def_mobile_skin_ID', 'integer', 0 ) );
 253          $Settings->set( 'def_tablet_skin_ID', param( 'def_tablet_skin_ID', 'integer', 0 ) );
 254  
 255          if( ! $Messages->has_errors() )
 256          {
 257              $Settings->dbupdate();
 258              $Messages->add( T_('Settings updated.'), 'success' );
 259              // Redirect so that a reload doesn't write to the DB twice:
 260              header_redirect( '?ctrl=collections&tab=settings', 303 ); // Will EXIT
 261              // We have EXITed already at this point!!
 262          }
 263          break;
 264  }
 265  
 266  $AdminUI->set_path( 'blogs', $tab );
 267  
 268  $AdminUI->breadcrumbpath_init( false );
 269  $AdminUI->breadcrumbpath_add( T_('Blogs'), '?ctrl=collections' );
 270  
 271  /**
 272   * Display page header, menus & messages:
 273   */
 274  if( strpos( $action, 'new' ) === false )
 275  { // Not creating a new blog:
 276      // fp> TODO: fall back to ctrl=chapters when no perm for blog_properties
 277      $AdminUI->set_coll_list_params( 'blog_properties', 'edit',
 278                                                  array( 'ctrl' => 'coll_settings', 'tab' => 'general' ),
 279                                                  T_('All'), '?ctrl=collections&amp;blog=0' );
 280  
 281      switch( $tab )
 282      {
 283          case 'settings':
 284              // Check minimum permission:
 285              $current_User->check_perm( 'options', 'view', true );
 286  
 287              $AdminUI->breadcrumbpath_add( T_('Settings'), '?ctrl=collections&amp;tab=settings' );
 288              break;
 289  
 290          case 'list':
 291          default:
 292              $AdminUI->breadcrumbpath_add( T_('List'), '?ctrl=collections' );
 293              break;
 294      }
 295  }
 296  else
 297  {    // Creating a new blog
 298      $AdminUI->breadcrumbpath_add( T_('New blog'), '?ctrl=collections&amp;action=new' );
 299  }
 300  
 301  // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
 302  $AdminUI->disp_html_head();
 303  
 304  // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
 305  $AdminUI->disp_body_top();
 306  
 307  
 308  switch($action)
 309  {
 310      case 'new':
 311          $AdminUI->displayed_sub_begin = 1;    // DIRTY HACK :/ replacing an even worse hack...
 312          $AdminUI->disp_payload_begin();
 313  
 314          $AdminUI->disp_view( 'collections/views/_coll_sel_type.view.php' );
 315  
 316          $AdminUI->disp_payload_end();
 317          break;
 318  
 319  
 320      case 'new-selskin':
 321          $AdminUI->displayed_sub_begin = 1;    // DIRTY HACK :/ replacing an even worse hack...
 322          $AdminUI->disp_payload_begin();
 323  
 324          $AdminUI->disp_view( 'skins/views/_coll_sel_skin.view.php' );
 325  
 326          $AdminUI->disp_payload_end();
 327          break;
 328  
 329  
 330      case 'new-name':
 331      case 'create': // in case of validation error
 332          $AdminUI->displayed_sub_begin = 1;    // DIRTY HACK :/ replacing an even worse hack...
 333          $AdminUI->disp_payload_begin();
 334  
 335          // ---------- "New blog" form ----------
 336          echo '<h2>'.sprintf( T_('New %s'), get_collection_kinds($kind) ).':</h2>';
 337  
 338          $next_action = 'create';
 339  
 340          $AdminUI->disp_view( 'collections/views/_coll_general.form.php' );
 341  
 342          $AdminUI->disp_payload_end();
 343          break;
 344  
 345  
 346      case 'delete':
 347          // ----------  Delete a blog from DB ----------
 348          // Not confirmed
 349          if( $current_User->check_perm( 'files', 'view', false ) )
 350          { // User has permission to view files in this blog's fileroot, diplay link
 351              $delete_warning = sprintf( T_('Deleting this blog will also delete ALL its categories, posts, comments and ALL its attached files in the blog\'s <a %s>fileroot</a> !'),
 352                  'href="'.$edited_Blog->get_filemanager_link().'"' );
 353          }
 354          else
 355          { // User has no permission to view files in this blog's fielroot
 356              $delete_warning = T_('Deleting this blog will also delete ALL its categories, posts, comments and ALL its attached files in the blog\'s <a %s>fileroot</a> !');
 357          }
 358          ?>
 359          <div class="panelinfo">
 360              <h3><?php printf( T_('Delete blog [%s]?'), $edited_Blog->dget( 'name' ) )?></h3>
 361  
 362              <p class="warning"><?php echo $delete_warning; ?></p>
 363  
 364              <p><?php echo T_('Note: Some files in this blog\'s fileroot may be linked to users or to other blogs posts and comments. Those links will be inadvertently deleted!') ?></p>
 365  
 366              <p class="warning"><?php echo T_('THIS CANNOT BE UNDONE!') ?></p>
 367  
 368              <p>
 369  
 370              <?php
 371                  $redirect_to = param( 'redirect_to', 'url', '' );
 372  
 373                  $Form = new Form( NULL, '', 'get', 'none' );
 374  
 375                  $Form->begin_form( 'inline' );
 376                      $Form->add_crumb( 'collection' );
 377                      $Form->hidden_ctrl();
 378                      $Form->hidden( 'action', 'delete' );
 379                      $Form->hidden( 'blog', $edited_Blog->ID );
 380                      $Form->hidden( 'confirm', 1 );
 381                      $Form->hidden( 'redirect_to', $redirect_to );
 382                      $Form->submit( array( '', T_('I am sure!'), 'DeleteButton' ) );
 383                  $Form->end_form();
 384  
 385                  $Form = new Form( !empty( $redirect_to ) ? $redirect_to: NULL, '', 'get', 'none' );
 386  
 387                  $Form->begin_form( 'inline' );
 388                      if( empty( $redirect_to ) )
 389                      { // If redirect url is not defined we should go to blogs list after cancel action
 390                          $Form->hidden_ctrl();
 391                          $Form->hidden( 'blog', 0 );
 392                      }
 393                      $Form->submit( array( '', T_('CANCEL'), 'CancelButton' ) );
 394                  $Form->end_form();
 395              ?>
 396  
 397              </p>
 398  
 399              </div>
 400          <?php
 401          break;
 402  
 403  
 404      default:
 405          // List the blogs:
 406          $AdminUI->disp_payload_begin();
 407          // Display VIEW:
 408          switch( $tab )
 409          {
 410              case 'settings':
 411                  $AdminUI->disp_view( 'collections/views/_coll_settings.form.php' );
 412                  break;
 413  
 414              case 'list':
 415              default:
 416                  $AdminUI->disp_view( 'collections/views/_coll_list.view.php' );
 417                  break;
 418          }
 419          $AdminUI->disp_payload_end();
 420  
 421  }
 422  
 423  
 424  // Display body bottom, debug info and close </html>:
 425  $AdminUI->disp_global_footer();
 426  
 427  ?>

title

Description

title

Description

title

Description

title

title

Body