author | Dan |
Sun, 18 Jan 2009 18:13:48 -0500 | |
changeset 326 | 2563685556bc |
parent 318 | eec2dfd2f0a3 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/* |
|
3 |
Plugin Name: Group control panel |
|
36
425261984266
Added "page hint" on search page; deprecated "www." on EnanoCMS.org links
Dan
parents:
30
diff
changeset
|
4 |
Plugin URI: http://enanocms.org/ |
0 | 5 |
Description: Provides group moderators and site administrators with the ability to control who is part of their groups. |
6 |
Author: Dan Fuhry |
|
318 | 7 |
Version: 1.0.6 |
36
425261984266
Added "page hint" on search page; deprecated "www." on EnanoCMS.org links
Dan
parents:
30
diff
changeset
|
8 |
Author URI: http://enanocms.org/ |
0 | 9 |
*/ |
10 |
||
11 |
/* |
|
12 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
285 | 13 |
* Version 1.0.4 |
0 | 14 |
* Copyright (C) 2007 Dan Fuhry |
15 |
* |
|
16 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
17 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
18 |
* |
|
19 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
20 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
21 |
*/ |
|
22 |
||
23 |
$plugins->attachHook('base_classes_initted', ' |
|
24 |
global $paths; |
|
25 |
$paths->add_page(Array( |
|
26 |
\'name\'=>\'Group Membership\', |
|
27 |
\'urlname\'=>\'Usergroups\', |
|
28 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
85
diff
changeset
|
29 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 30 |
)); |
31 |
'); |
|
32 |
||
33 |
function page_Special_Usergroups() |
|
34 |
{ |
|
35 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
36 |
global $email; // Import e-mail encryption functions |
|
37 |
||
38 |
if ( !$session->user_logged_in ) |
|
39 |
{ |
|
40 |
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page)); |
|
41 |
$db->close(); |
|
42 |
exit; |
|
43 |
} |
|
44 |
||
45 |
$template->header(); |
|
46 |
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) ) |
|
47 |
{ |
|
48 |
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); |
|
49 |
if ( empty($gid) || $gid < 1 ) |
|
50 |
{ |
|
51 |
die_friendly('Error', '<p>Hacking attempt</p>'); |
|
52 |
} |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
53 |
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); |
0 | 54 |
if ( !$q ) |
55 |
{ |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
56 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 57 |
} |
58 |
$row = $db->fetchrow(); |
|
59 |
$db->free_result(); |
|
60 |
$members = array(); |
|
61 |
$pending = array(); |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
62 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments |
0 | 63 |
FROM '.table_prefix.'users AS u |
64 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
65 |
ON ( m.user_id = u.user_id ) |
|
66 |
LEFT JOIN '.table_prefix.'comments AS c |
|
67 |
ON ( c.name = u.username ) |
|
68 |
WHERE m.group_id=' . $gid . ' |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
69 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending |
0 | 70 |
ORDER BY m.is_mod DESC,u.username ASC;'); |
71 |
if ( !$q ) |
|
72 |
{ |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
73 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 74 |
} |
75 |
||
76 |
$is_member = false; |
|
77 |
$is_mod = false; |
|
78 |
$is_pending = false; |
|
79 |
||
80 |
while ( $mr = $db->fetchrow() ) |
|
81 |
{ |
|
82 |
if ( $mr['pending'] == 1 ) |
|
83 |
{ |
|
84 |
$pending[] = $mr; |
|
85 |
if ( $mr['user_id'] == $session->user_id ) |
|
86 |
{ |
|
87 |
$is_pending = true; |
|
88 |
} |
|
89 |
} |
|
90 |
else |
|
91 |
{ |
|
92 |
$members[] = $mr; |
|
93 |
if ( $mr['user_id'] == $session->user_id ) |
|
94 |
{ |
|
95 |
$is_member = true; |
|
96 |
if ( $mr['is_mod'] == 1 ) |
|
97 |
{ |
|
98 |
$is_mod = true; |
|
99 |
} |
|
100 |
} |
|
101 |
} |
|
102 |
} |
|
103 |
||
104 |
$status = ( $is_member && $is_mod ) |
|
105 |
? 'You are a moderator of this group.' |
|
106 |
: ( ( $is_member && !$is_mod ) |
|
107 |
? 'You are a member of this group.' |
|
108 |
: 'You are not a member of this group.' |
|
109 |
); |
|
110 |
||
111 |
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ); |
|
112 |
||
113 |
switch ( $row['group_type'] ) |
|
114 |
{ |
|
115 |
case GROUP_HIDDEN: $g_state = 'Hidden group'; break; |
|
116 |
case GROUP_CLOSED: $g_state = 'Closed group'; break; |
|
117 |
case GROUP_REQUEST: $g_state = 'Members can request to join'; break; |
|
118 |
case GROUP_OPEN: $g_state = 'Anyone can join'; break; |
|
119 |
} |
|
120 |
||
121 |
if ( isset($_GET['act']) && $can_do_admin_stuff ) |
|
122 |
{ |
|
123 |
switch($_GET['act']) |
|
124 |
{ |
|
125 |
case 'update': |
|
126 |
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
127 |
{ |
|
128 |
die_friendly('ERROR', '<p>Hacking attempt</p>'); |
|
129 |
} |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
130 |
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
131 |
if ( !$q ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
132 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
133 |
$error = false; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
134 |
if ( $db->numrows() < 1 ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
135 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
136 |
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>'; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
137 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
138 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
139 |
$r = $db->fetchrow(); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
140 |
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
141 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
142 |
echo '<div class="error-box" style="margin-left: 0;">Because this is a system group, you can\'t make it open or allow membership requests.</div>'; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
143 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
144 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
145 |
if ( !$error ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
146 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
147 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
148 |
if (!$q) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
149 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
150 |
$row['group_type'] = $_POST['group_state']; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
151 |
echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>'; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
152 |
} |
0 | 153 |
break; |
154 |
case 'adduser': |
|
155 |
$username = $_POST['add_username']; |
|
156 |
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; |
|
157 |
||
158 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); |
|
159 |
if (!$q) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
160 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 161 |
if ($db->numrows() < 1) |
162 |
{ |
|
163 |
echo '<div class="error-box">The username you entered could not be found.</div>'; |
|
164 |
break; |
|
165 |
} |
|
166 |
$r = $db->fetchrow(); |
|
167 |
$db->free_result(); |
|
168 |
$uid = intval($r['user_id']); |
|
169 |
||
170 |
// Check if the user is already in the group, and if so, only update modship |
|
171 |
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); |
|
172 |
if ( !$q ) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
173 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 174 |
if ( $db->numrows() > 0 ) |
175 |
{ |
|
176 |
$r = $db->fetchrow(); |
|
177 |
if ( (string) $r['is_mod'] != $mod ) |
|
178 |
{ |
|
179 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); |
|
180 |
if ( !$q ) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
181 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 182 |
foreach ( $members as $i => $member ) |
183 |
{ |
|
184 |
if ( $member['member_id'] == $r['member_id'] ) |
|
185 |
$members[$i]['is_mod'] = (int)$mod; |
|
186 |
} |
|
187 |
echo '<div class="info-box">The user "' . $username . '" is already in this group, so their moderator status was updated.</div>'; |
|
188 |
} |
|
189 |
else |
|
190 |
{ |
|
191 |
echo '<div class="info-box">The user "' . $username . '" is already in this group.</div>'; |
|
192 |
} |
|
193 |
break; |
|
194 |
} |
|
195 |
||
196 |
$db->free_result(); |
|
197 |
||
198 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); |
|
199 |
if (!$q) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
200 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 201 |
echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>'; |
202 |
||
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
203 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 204 |
FROM '.table_prefix.'users AS u |
205 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
206 |
ON ( m.user_id = u.user_id ) |
|
207 |
LEFT JOIN '.table_prefix.'comments AS c |
|
208 |
ON ( c.name = u.username ) |
|
209 |
WHERE m.group_id=' . $gid . ' |
|
210 |
AND m.pending!=1 |
|
211 |
AND u.user_id=' . $uid . ' |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
212 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 213 |
ORDER BY m.is_mod DESC,u.username ASC |
214 |
LIMIT 1;'); |
|
215 |
if ( !$q ) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
216 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 217 |
|
218 |
$r = $db->fetchrow(); |
|
219 |
$members[] = $r; |
|
220 |
$db->free_result(); |
|
221 |
||
222 |
break; |
|
223 |
case 'del_users': |
|
224 |
foreach ( $members as $i => $member ) |
|
225 |
{ |
|
226 |
if ( isset($_POST['del_user'][$member['member_id']]) ) |
|
227 |
{ |
|
228 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
229 |
if (!$q) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
230 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 231 |
unset($members[$i]); |
232 |
} |
|
233 |
} |
|
234 |
break; |
|
235 |
case 'pending': |
|
236 |
foreach ( $pending as $i => $member ) |
|
237 |
{ |
|
238 |
if ( isset( $_POST['with_user'][$member['member_id']]) ) |
|
239 |
{ |
|
240 |
if ( isset ( $_POST['do_appr_pending'] ) ) |
|
241 |
{ |
|
242 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); |
|
243 |
if (!$q) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
244 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 245 |
$members[] = $member; |
246 |
unset($pending[$i]); |
|
247 |
continue; |
|
248 |
} |
|
249 |
elseif ( isset ( $_POST['do_reject_pending'] ) ) |
|
250 |
{ |
|
251 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
252 |
if (!$q) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
253 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 254 |
unset($pending[$i]); |
255 |
} |
|
256 |
} |
|
257 |
} |
|
258 |
echo '<div class="info-box">Pending members status updated successfully.</div>'; |
|
259 |
break; |
|
260 |
} |
|
261 |
} |
|
262 |
||
263 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN ) |
|
264 |
{ |
|
265 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); |
|
266 |
if (!$q) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
267 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 268 |
echo '<div class="info-box">You have been added to this group.</div>'; |
269 |
||
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
270 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 271 |
FROM '.table_prefix.'users AS u |
272 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
273 |
ON ( m.user_id = u.user_id ) |
|
274 |
LEFT JOIN '.table_prefix.'comments AS c |
|
275 |
ON ( c.name = u.username ) |
|
276 |
WHERE m.group_id=' . $gid . ' |
|
277 |
AND m.pending!=1 |
|
278 |
AND u.user_id=' . $session->user_id . ' |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
279 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 280 |
ORDER BY m.is_mod DESC,u.username ASC |
281 |
LIMIT 1;'); |
|
282 |
if ( !$q ) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
283 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 284 |
|
285 |
$r = $db->fetchrow(); |
|
286 |
$members[] = $r; |
|
287 |
$db->free_result(); |
|
288 |
||
289 |
} |
|
290 |
||
291 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending ) |
|
292 |
{ |
|
293 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); |
|
294 |
if (!$q) |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
295 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 296 |
echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>'; |
297 |
} |
|
298 |
||
299 |
$state_btns = ( $can_do_admin_stuff ) ? |
|
300 |
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label> |
|
301 |
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> Closed group</label> |
|
302 |
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> Members can request to join</label> |
|
303 |
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> Anybody can join</label>' |
|
304 |
: $g_state; |
|
305 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member ) |
|
306 |
{ |
|
307 |
if ( $is_pending ) |
|
308 |
$state_btns .= ' (Your request to join is awaiting approval)'; |
|
309 |
else |
|
310 |
$state_btns .= ' <input type="submit" value="Request membership" />'; |
|
311 |
} |
|
312 |
||
313 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member ) |
|
314 |
{ |
|
315 |
$state_btns .= ' <input type="submit" value="Join this group" />'; |
|
316 |
} |
|
317 |
||
318 |
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data"> |
|
319 |
<div class="tblholder"> |
|
320 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
321 |
<tr> |
|
322 |
<th colspan="2">Group information</th> |
|
323 |
</tr> |
|
324 |
<tr> |
|
325 |
<td class="row2">Group name:</td> |
|
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
181
diff
changeset
|
326 |
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' (system group)' : '' ) . '</td> |
0 | 327 |
</tr> |
328 |
<tr> |
|
329 |
<td class="row2">Membership status:</td> |
|
330 |
<td class="row1">' . $status . '</td> |
|
331 |
</tr> |
|
332 |
<tr> |
|
333 |
<td class="row2">Group state:</td> |
|
334 |
<td class="row1">' . $state_btns . '</td> |
|
335 |
</tr> |
|
336 |
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? ' |
|
337 |
<tr> |
|
338 |
<th class="subhead" colspan="2"> |
|
339 |
<input type="submit" value="Save changes" /> |
|
340 |
</th> |
|
341 |
</tr> |
|
342 |
' : '' ) . ' |
|
343 |
</table> |
|
344 |
</div> |
|
345 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
346 |
</form>'; |
|
347 |
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff ) |
|
348 |
{ |
|
349 |
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data"> |
|
350 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
351 |
<h2>Pending memberships</h2> |
|
352 |
<div class="tblholder"> |
|
353 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
354 |
<tr> |
|
355 |
<th>Username</th> |
|
356 |
<th>E-mail</th> |
|
357 |
<th>Registered</th> |
|
358 |
<th>Total comments</th> |
|
359 |
<th>Select</th> |
|
360 |
</tr>'; |
|
361 |
$cls = 'row2'; |
|
362 |
foreach ( $pending as $member ) |
|
363 |
{ |
|
364 |
||
365 |
$date = date('F d, Y', $member['reg_time']); |
|
366 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
|
367 |
$addy = $email->encryptEmail($member['email']); |
|
368 |
||
369 |
echo "<tr> |
|
370 |
<td class='{$cls}'>{$member['username']}</td> |
|
371 |
<td class='{$cls}'>{$addy}</td> |
|
372 |
<td class='{$cls}'>{$date}</td> |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
373 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 374 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td> |
375 |
</tr>"; |
|
376 |
} |
|
377 |
echo '</table> |
|
378 |
</div> |
|
379 |
<div style="margin: 10px 0 0 auto;"> |
|
380 |
With selected: |
|
381 |
<input type="submit" name="do_appr_pending" value="Approve membership" /> |
|
382 |
<input type="submit" name="do_reject_pending" value="Reject membership" /> |
|
383 |
</div> |
|
384 |
</form>'; |
|
385 |
} |
|
386 |
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data"> |
|
387 |
<h2>Group members</h2> |
|
388 |
<div class="tblholder"> |
|
389 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
390 |
<tr> |
|
391 |
<th>Username</th> |
|
392 |
<th>E-mail</th> |
|
393 |
<th>Registered</th> |
|
394 |
<th>Total comments</th> |
|
395 |
' . ( ( $can_do_admin_stuff ) ? " |
|
396 |
<th>Remove?</th> |
|
397 |
" : '' ) . ' |
|
398 |
</tr> |
|
399 |
<tr> |
|
400 |
<th colspan="5" class="subhead">Group moderators</th> |
|
401 |
</tr>'; |
|
402 |
$mod_printed = false; |
|
403 |
$mem_printed = false; |
|
404 |
$cls = 'row2'; |
|
405 |
||
406 |
foreach ( $members as $member ) |
|
407 |
{ |
|
408 |
if ( $member['is_mod'] != 1 ) |
|
409 |
break; |
|
410 |
||
411 |
$date = date('F d, Y', $member['reg_time']); |
|
412 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
|
413 |
$addy = $email->encryptEmail($member['email']); |
|
414 |
||
415 |
$mod_printed = true; |
|
416 |
||
417 |
echo "<tr> |
|
418 |
<td class='{$cls}'>{$member['username']}</td> |
|
419 |
<td class='{$cls}'>{$addy}</td> |
|
420 |
<td class='{$cls}'>{$date}</td> |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
421 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 422 |
" . ( ( $can_do_admin_stuff ) ? " |
423 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
424 |
" : '' ) . " |
|
425 |
</tr>"; |
|
426 |
} |
|
427 |
if (!$mod_printed) |
|
428 |
echo '<tr><td class="' . $cls . '" colspan="5">This group has no moderators.</td></th>'; |
|
429 |
echo '<tr><th class="subhead" colspan="5">Group members</th></tr>'; |
|
430 |
foreach ( $members as $member ) |
|
431 |
{ |
|
432 |
if ( $member['is_mod'] == 1 ) |
|
433 |
continue; |
|
434 |
||
435 |
$date = date('F d, Y', $member['reg_time']); |
|
436 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
|
437 |
$addy = $email->encryptEmail($member['email']); |
|
438 |
||
439 |
$mem_printed = true; |
|
440 |
||
441 |
echo "<tr> |
|
442 |
<td class='{$cls}'>{$member['username']}</td> |
|
443 |
<td class='{$cls}'>{$addy}</td> |
|
444 |
<td class='{$cls}'>{$date}</td> |
|
261
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
256
diff
changeset
|
445 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 446 |
" . ( ( $can_do_admin_stuff ) ? " |
447 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
448 |
" : '' ) . " |
|
449 |
</tr>"; |
|
450 |
} |
|
451 |
if (!$mem_printed) |
|
452 |
echo '<tr><td class="' . $cls . '" colspan="5">This group has no members.</td></th>'; |
|
453 |
echo ' </table> |
|
454 |
</div>'; |
|
455 |
if ( $can_do_admin_stuff ) |
|
456 |
{ |
|
457 |
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value='Remove selected users' /></div>"; |
|
458 |
} |
|
459 |
echo '<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
460 |
</form>'; |
|
461 |
if ( $can_do_admin_stuff ) |
|
462 |
{ |
|
463 |
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;"> |
|
464 |
<div class="tblholder"> |
|
465 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
466 |
<tr> |
|
467 |
<th colspan="2">Add a new member to this group</th> |
|
468 |
</tr> |
|
469 |
<tr> |
|
470 |
<td class="row2">Username:</td><td class="row1">' . $template->username_field('add_username') . '</td> |
|
471 |
</tr> |
|
472 |
<tr> |
|
473 |
<td class="row2">Group moderator:</td><td class="row1"><label><input type="checkbox" name="add_mod" /> User is a group moderator</label></td> |
|
474 |
</tr> |
|
475 |
<tr> |
|
476 |
<th class="subhead" colspan="2"> |
|
477 |
<input type="submit" value="Add member" /> |
|
478 |
</th> |
|
479 |
</tr> |
|
480 |
</table> |
|
481 |
</div> |
|
482 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
483 |
</form>'; |
|
484 |
} |
|
485 |
} |
|
486 |
else |
|
487 |
{ |
|
488 |
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
489 |
echo '<div class="tblholder"> |
|
490 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
491 |
<tr> |
|
492 |
<th colspan="2">Group membership details</th> |
|
493 |
</tr> |
|
494 |
<tr> |
|
30 | 495 |
<td class="row2" style="text-align: right; width: 50%;"> |
0 | 496 |
Current group memberships: |
497 |
</td> |
|
30 | 498 |
<td class="row1" style="width: 50%;">'; |
0 | 499 |
$taboo = Array('Everyone'); |
30 | 500 |
if ( sizeof ( $session->groups ) > count($taboo) ) |
0 | 501 |
{ |
502 |
echo '<select name="group_id">'; |
|
503 |
foreach ( $session->groups as $id => $group ) |
|
504 |
{ |
|
273
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
261
diff
changeset
|
505 |
$taboo[] = $db->escape($group); |
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
261
diff
changeset
|
506 |
$group = htmlspecialchars($group); |
0 | 507 |
if ( $group != 'Everyone' ) |
508 |
{ |
|
509 |
echo '<option value="' . $id . '">' . $group . '</option>'; |
|
510 |
} |
|
511 |
} |
|
512 |
echo '</select> |
|
513 |
<input type="submit" name="do_view" value="View information" />'; |
|
514 |
} |
|
515 |
else |
|
516 |
{ |
|
517 |
echo 'None'; |
|
518 |
} |
|
519 |
||
520 |
echo '</td> |
|
521 |
</tr>'; |
|
522 |
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\''; |
|
523 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;'); |
|
524 |
if(!$q) |
|
525 |
{ |
|
526 |
echo $db->get_error(); |
|
527 |
$template->footer(); |
|
528 |
return; |
|
529 |
} |
|
530 |
if($db->numrows() > 0) |
|
531 |
{ |
|
532 |
echo '<tr> |
|
533 |
<td class="row2" style="text-align: right;"> |
|
534 |
Non-memberships: |
|
535 |
</td> |
|
536 |
<td class="row1"> |
|
537 |
<select name="group_id_n">'; |
|
538 |
while ( $row = $db->fetchrow() ) |
|
539 |
{ |
|
540 |
if ( $row['group_name'] != 'Everyone' ) |
|
541 |
{ |
|
542 |
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>'; |
|
543 |
} |
|
544 |
} |
|
545 |
echo '</select> |
|
546 |
<input type="submit" name="do_view_n" value="View information" /> |
|
547 |
</td> |
|
548 |
</tr> |
|
549 |
'; |
|
550 |
} |
|
551 |
$db->free_result(); |
|
552 |
echo '</table> |
|
553 |
</div> |
|
554 |
</form>'; |
|
555 |
} |
|
556 |
$template->footer(); |
|
557 |
} |
|
558 |
||
559 |
?> |