347
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 5
* Copyright (C) 2006-2009 Dan Fuhry
347
+ − 6
*
+ − 7
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 8
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 9
*
+ − 10
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 11
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 12
*/
+ − 13
+ − 14
// Usergroup editor
+ − 15
+ − 16
function page_Admin_GroupManager()
+ − 17
{
+ − 18
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 19
global $lang;
+ − 20
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 21
{
+ − 22
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ − 23
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ − 24
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
+ − 25
return;
+ − 26
}
+ − 27
+ − 28
if(isset($_POST['do_create_stage1']))
+ − 29
{
+ − 30
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 31
{
+ − 32
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 33
return;
+ − 34
}
+ − 35
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 36
echo '<div class="tblholder">
+ − 37
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 38
<tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr>
+ − 39
<tr>
+ − 40
<td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 41
</tr>
+ − 42
<tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2">
+ − 43
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br />
+ − 44
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br />
+ − 45
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br />
+ − 46
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label>
+ − 47
</td></tr>
+ − 48
<tr>
+ − 49
<th class="subhead" colspan="2">
+ − 50
<input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" />
+ − 51
<input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" />
+ − 52
</th>
+ − 53
</tr>
+ − 54
</table>
+ − 55
</div>';
+ − 56
echo '</form>';
+ − 57
return;
+ − 58
}
+ − 59
elseif(isset($_POST['do_create_stage2']))
+ − 60
{
+ − 61
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 62
{
+ − 63
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 64
return;
+ − 65
}
+ − 66
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 67
{
+ − 68
echo '<p>Hacking attempt</p>';
+ − 69
return;
+ − 70
}
+ − 71
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 72
if(!$e)
+ − 73
{
+ − 74
echo $db->get_error();
+ − 75
return;
+ − 76
}
+ − 77
if($db->numrows() > 0)
+ − 78
{
+ − 79
echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>';
+ − 80
return;
+ − 81
}
+ − 82
$db->free_result();
+ − 83
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 84
if(!$q)
+ − 85
{
+ − 86
echo $db->get_error();
+ − 87
return;
+ − 88
}
+ − 89
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 90
if(!$e)
+ − 91
{
+ − 92
echo $db->get_error();
+ − 93
return;
+ − 94
}
+ − 95
if($db->numrows() < 1)
+ − 96
{
+ − 97
echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>';
+ − 98
return;
+ − 99
}
+ − 100
$row = $db->fetchrow();
+ − 101
$id = $row['user_id'];
+ − 102
$db->free_result();
+ − 103
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 104
if(!$e)
+ − 105
{
+ − 106
echo $db->get_error();
+ − 107
return;
+ − 108
}
+ − 109
if($db->numrows() < 1)
+ − 110
{
+ − 111
echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>';
+ − 112
return;
+ − 113
}
+ − 114
$row = $db->fetchrow();
+ − 115
$gid = $row['group_id'];
+ − 116
$db->free_result();
+ − 117
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 118
if(!$e)
+ − 119
{
+ − 120
echo $db->get_error();
+ − 121
return;
+ − 122
}
+ − 123
$g_name = htmlspecialchars($_POST['create_group_name']);
+ − 124
echo "<div class='info-box'>
+ − 125
<b>" . $lang->get('acpug_heading_info') . "</b><br />
+ − 126
" . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . "
+ − 127
</div>";
+ − 128
}
+ − 129
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 130
{
+ − 131
// Fetch the group name
631
+ − 132
$q = $db->sql_query('SELECT group_name,system_group,group_rank FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
347
+ − 133
if(!$q)
+ − 134
{
+ − 135
echo $db->get_error();
+ − 136
return;
+ − 137
}
+ − 138
if($db->numrows() < 1)
+ − 139
{
+ − 140
echo '<p>Error: couldn\'t look up group name</p>';
+ − 141
}
+ − 142
$row = $db->fetchrow();
+ − 143
$name = htmlspecialchars($row['group_name']);
+ − 144
$db->free_result();
+ − 145
if(isset($_POST['edit_do']))
+ − 146
{
+ − 147
if(isset($_POST['edit_do']['del_group']))
+ − 148
{
+ − 149
if ( $row['system_group'] == 1 )
+ − 150
{
+ − 151
echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>';
+ − 152
}
+ − 153
else
+ − 154
{
+ − 155
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 156
if(!$q)
+ − 157
{
+ − 158
echo $db->get_error();
+ − 159
return;
+ − 160
}
+ − 161
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 162
if(!$q)
+ − 163
{
+ − 164
echo $db->get_error();
+ − 165
return;
+ − 166
}
+ − 167
echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>';
+ − 168
return;
+ − 169
}
+ − 170
}
+ − 171
if(isset($_POST['edit_do']['save_name']))
+ − 172
{
+ − 173
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 174
{
+ − 175
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 176
return;
+ − 177
}
631
+ − 178
// determine rank
+ − 179
$group_rank =& $_POST['group_rank'];
+ − 180
if ( $_POST['group_rank'] !== 'NULL' )
+ − 181
{
+ − 182
$group_rank = intval($group_rank);
+ − 183
if ( empty($group_rank) )
+ − 184
{
+ − 185
echo '<p>Hacked rank ID</p>';
+ − 186
return;
+ − 187
}
+ − 188
}
+ − 189
$row['group_rank'] = $group_rank;
+ − 190
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\',group_rank = ' . $group_rank . '
347
+ − 191
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 192
if(!$q)
+ − 193
{
+ − 194
echo $db->get_error();
+ − 195
return;
+ − 196
}
+ − 197
else
+ − 198
{
+ − 199
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 200
' . $lang->get('acpug_msg_name_update_success') . '
+ − 201
</div>';
+ − 202
}
+ − 203
$name = htmlspecialchars($_POST['group_name']);
+ − 204
+ − 205
}
+ − 206
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 207
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 208
if(!$q)
+ − 209
{
+ − 210
echo $db->get_error();
+ − 211
return;
+ − 212
}
+ − 213
if($db->numrows() > 0)
+ − 214
{
631
+ − 215
while($delrow = $db->fetchrow($q))
347
+ − 216
{
631
+ − 217
if(isset($_POST['edit_do']['del_' . $delrow['member_id']]))
347
+ − 218
{
631
+ − 219
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$delrow['member_id']);
347
+ − 220
if(!$e)
+ − 221
{
+ − 222
echo $db->get_error();
+ − 223
return;
+ − 224
}
+ − 225
}
+ − 226
}
+ − 227
}
+ − 228
$db->free_result();
+ − 229
if(isset($_POST['edit_do']['add_member']))
+ − 230
{
+ − 231
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 232
if(!$q)
+ − 233
{
+ − 234
echo $db->get_error();
+ − 235
return;
+ − 236
}
+ − 237
if($db->numrows() > 0)
+ − 238
{
+ − 239
$row = $db->fetchrow();
+ − 240
$user_id = $row['user_id'];
+ − 241
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 242
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 243
if(!$q)
+ − 244
{
+ − 245
echo $db->get_error();
+ − 246
return;
+ − 247
}
+ − 248
else
+ − 249
{
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 250
347
+ − 251
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 252
' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '
+ − 253
</div>';
+ − 254
}
+ − 255
}
+ − 256
else
+ − 257
echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>';
+ − 258
}
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 259
generate_cache_userranks();
347
+ − 260
}
+ − 261
$sg_disabled = ( $row['system_group'] == 1 ) ?
+ − 262
' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' :
+ − 263
' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" ';
631
+ − 264
+ − 265
// build rank list
+ − 266
$q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks');
+ − 267
if ( !$q )
+ − 268
$db->_die();
+ − 269
$rank_list = '<option value="NULL"' . ( $row['group_rank'] === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n";
+ − 270
while ( $rank_row = $db->fetchrow() )
+ − 271
{
+ − 272
$rank_list .= '<option value="' . $rank_row['rank_id'] . '"' . ( $rank_row['rank_id'] == $row['group_rank'] ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($rank_row['rank_title'])) . '</option>' . "\n";
+ − 273
}
+ − 274
347
+ − 275
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 276
echo '<div class="tblholder">
+ − 277
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 278
<tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr>
+ − 279
<tr>
+ − 280
<td class="row1">
+ − 281
' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" />
+ − 282
</td>
+ − 283
</tr>
+ − 284
<tr>
631
+ − 285
<td class="row1">
+ − 286
' . $lang->get('acpug_field_group_rank') . ' <select name="group_rank" />' . $rank_list . '</select>
+ − 287
</td>
+ − 288
</tr>
+ − 289
<tr>
347
+ − 290
<th class="subhead">
+ − 291
<input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" />
+ − 292
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 293
</th>
+ − 294
</tr>
+ − 295
</table>
+ − 296
</div>
+ − 297
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 298
echo '</form>';
+ − 299
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 300
echo '<div class="tblholder">
+ − 301
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 302
<tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>';
+ − 303
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 304
LEFT JOIN '.table_prefix.'users AS u
+ − 305
ON u.user_id=m.user_id
+ − 306
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 307
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 308
if(!$q)
+ − 309
{
+ − 310
echo $db->get_error();
+ − 311
return;
+ − 312
}
+ − 313
if($db->numrows() < 1)
+ − 314
{
+ − 315
echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>';
+ − 316
}
+ − 317
else
+ − 318
{
+ − 319
$cls = 'row2';
+ − 320
while($row = $db->fetchrow())
+ − 321
{
+ − 322
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 323
$mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : '';
+ − 324
echo '<tr>
+ − 325
<td class="'.$cls.'" style="width: 100%;">
+ − 326
' . $row['username'] . '
+ − 327
</td>
+ − 328
<td class="'.$cls.'">
+ − 329
'.$mod.'
+ − 330
</td>
+ − 331
<td class="'.$cls.'">
+ − 332
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" />
+ − 333
</td>
+ − 334
</tr>';
+ − 335
}
+ − 336
}
+ − 337
$db->free_result();
+ − 338
echo '</table>
+ − 339
</div>
+ − 340
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 341
echo '</form>';
+ − 342
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 343
echo '<div class="tblholder">
+ − 344
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 345
<tr>
+ − 346
<th>' . $lang->get('acpug_heading_add_member') . '</th>
+ − 347
</tr>
+ − 348
<tr>
+ − 349
<td class="row1">
+ − 350
' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . '
+ − 351
</td>
+ − 352
</tr>
+ − 353
<tr>
+ − 354
<td class="row2">
+ − 355
<label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label>
+ − 356
' . $lang->get('acpug_field_make_mod_hint') . '
+ − 357
</td>
+ − 358
</tr>
+ − 359
<tr>
+ − 360
<th class="subhead">
+ − 361
<input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" />
+ − 362
</th>
+ − 363
</tr>
+ − 364
</table>
+ − 365
</div>
+ − 366
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 367
echo '</form>';
+ − 368
return;
+ − 369
}
+ − 370
echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>';
+ − 371
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 372
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 373
if(!$q)
+ − 374
{
+ − 375
echo $db->get_error();
+ − 376
}
+ − 377
else
+ − 378
{
+ − 379
echo '<div class="tblholder">
+ − 380
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 381
<tr>
+ − 382
<th>' . $lang->get('acpug_heading_edit_existing') . '</th>
+ − 383
</tr>';
+ − 384
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 385
while ( $row = $db->fetchrow() )
+ − 386
{
+ − 387
if ( $row['group_name'] != 'Everyone' )
+ − 388
{
+ − 389
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 390
}
+ − 391
}
+ − 392
$db->free_result();
+ − 393
echo '</select></td></tr>';
+ − 394
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr>
+ − 395
</table>
+ − 396
</div>
+ − 397
</form><br />';
+ − 398
}
+ − 399
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 400
echo '<div class="tblholder">
+ − 401
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 402
<tr>
+ − 403
<th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th>
+ − 404
</tr>';
+ − 405
echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 406
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' »" /></td></tr>
+ − 407
</table>
+ − 408
</div>';
+ − 409
echo '</form>';
+ − 410
}
+ − 411
+ − 412
?>