author | Dan |
Sat, 01 Mar 2008 18:54:33 -0500 | |
changeset 464 | 8063eace5b67 |
parent 458 | c433348f3628 |
child 504 | bc8e0e9ee01d |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/* |
|
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
parents:
334
diff
changeset
|
3 |
Plugin Name: plugin_specialgroups_title |
36
425261984266
Added "page hint" on search page; deprecated "www." on EnanoCMS.org links
Dan
parents:
30
diff
changeset
|
4 |
Plugin URI: http://enanocms.org/ |
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
parents:
334
diff
changeset
|
5 |
Description: plugin_specialgroups_desc |
0 | 6 |
Author: Dan Fuhry |
387
92664d2efab8
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
parents:
357
diff
changeset
|
7 |
Version: 1.1.1 |
36
425261984266
Added "page hint" on search page; deprecated "www." on EnanoCMS.org links
Dan
parents:
30
diff
changeset
|
8 |
Author URI: http://enanocms.org/ |
0 | 9 |
*/ |
10 |
||
11 |
/* |
|
12 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
430
ec90736b9cb9
Started (but disabled) work on the new theme manager, 1.1.2 is being released with this thing halfway done.
Dan
parents:
411
diff
changeset
|
13 |
* Version 1.1.2 (Caoineag alpha 2) |
0 | 14 |
* Copyright (C) 2007 Dan Fuhry |
15 |
* |
|
16 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
17 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
18 |
* |
|
19 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
20 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
21 |
*/ |
|
22 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
23 |
$plugins->attachHook('session_started', ' |
0 | 24 |
global $paths; |
25 |
$paths->add_page(Array( |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
26 |
\'name\'=>\'specialpage_groupcp\', |
0 | 27 |
\'urlname\'=>\'Usergroups\', |
28 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
85
diff
changeset
|
29 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 30 |
)); |
31 |
'); |
|
32 |
||
33 |
function page_Special_Usergroups() |
|
34 |
{ |
|
35 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
36 |
global $email; // Import e-mail encryption functions |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
37 |
global $lang; |
0 | 38 |
|
39 |
if ( !$session->user_logged_in ) |
|
40 |
{ |
|
41 |
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page)); |
|
42 |
$db->close(); |
|
43 |
exit; |
|
44 |
} |
|
45 |
||
46 |
$template->header(); |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
47 |
userprefs_show_menu(); |
0 | 48 |
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) ) |
49 |
{ |
|
50 |
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); |
|
51 |
if ( empty($gid) || $gid < 1 ) |
|
52 |
{ |
|
53 |
die_friendly('Error', '<p>Hacking attempt</p>'); |
|
54 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
55 |
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); |
0 | 56 |
if ( !$q ) |
57 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
58 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 59 |
} |
60 |
$row = $db->fetchrow(); |
|
61 |
$db->free_result(); |
|
62 |
$members = array(); |
|
63 |
$pending = array(); |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
64 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments |
0 | 65 |
FROM '.table_prefix.'users AS u |
66 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
67 |
ON ( m.user_id = u.user_id ) |
|
68 |
LEFT JOIN '.table_prefix.'comments AS c |
|
69 |
ON ( c.name = u.username ) |
|
70 |
WHERE m.group_id=' . $gid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
71 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending |
0 | 72 |
ORDER BY m.is_mod DESC,u.username ASC;'); |
73 |
if ( !$q ) |
|
74 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
75 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 76 |
} |
77 |
||
78 |
$is_member = false; |
|
79 |
$is_mod = false; |
|
80 |
$is_pending = false; |
|
81 |
||
82 |
while ( $mr = $db->fetchrow() ) |
|
83 |
{ |
|
84 |
if ( $mr['pending'] == 1 ) |
|
85 |
{ |
|
86 |
$pending[] = $mr; |
|
87 |
if ( $mr['user_id'] == $session->user_id ) |
|
88 |
{ |
|
89 |
$is_pending = true; |
|
90 |
} |
|
91 |
} |
|
92 |
else |
|
93 |
{ |
|
94 |
$members[] = $mr; |
|
95 |
if ( $mr['user_id'] == $session->user_id ) |
|
96 |
{ |
|
97 |
$is_member = true; |
|
98 |
if ( $mr['is_mod'] == 1 ) |
|
99 |
{ |
|
100 |
$is_mod = true; |
|
101 |
} |
|
102 |
} |
|
103 |
} |
|
104 |
} |
|
105 |
||
106 |
$status = ( $is_member && $is_mod ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
107 |
? $lang->get('groupcp_status_mod') |
0 | 108 |
: ( ( $is_member && !$is_mod ) |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
109 |
? $lang->get('groupcp_status_member') |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
110 |
: $lang->get('groupcp_status_not_member') |
0 | 111 |
); |
112 |
||
113 |
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ); |
|
114 |
||
115 |
switch ( $row['group_type'] ) |
|
116 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
117 |
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
118 |
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
119 |
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
120 |
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break; |
0 | 121 |
} |
122 |
||
123 |
if ( isset($_GET['act']) && $can_do_admin_stuff ) |
|
124 |
{ |
|
125 |
switch($_GET['act']) |
|
126 |
{ |
|
127 |
case 'update': |
|
128 |
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
129 |
{ |
|
130 |
die_friendly('ERROR', '<p>Hacking attempt</p>'); |
|
131 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
132 |
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
133 |
if ( !$q ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
134 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
135 |
$error = false; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
136 |
if ( $db->numrows() < 1 ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
137 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
138 |
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>'; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
139 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
140 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
141 |
$r = $db->fetchrow(); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
142 |
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
143 |
{ |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
144 |
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
145 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
146 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
147 |
if ( !$error ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
148 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
149 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
150 |
if (!$q) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
151 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
152 |
$row['group_type'] = $_POST['group_state']; |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
153 |
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
154 |
} |
0 | 155 |
break; |
156 |
case 'adduser': |
|
157 |
$username = $_POST['add_username']; |
|
158 |
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; |
|
159 |
||
160 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); |
|
161 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
162 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 163 |
if ($db->numrows() < 1) |
164 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
165 |
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>'; |
0 | 166 |
break; |
167 |
} |
|
168 |
$r = $db->fetchrow(); |
|
169 |
$db->free_result(); |
|
170 |
$uid = intval($r['user_id']); |
|
171 |
||
172 |
// Check if the user is already in the group, and if so, only update modship |
|
173 |
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); |
|
174 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
175 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 176 |
if ( $db->numrows() > 0 ) |
177 |
{ |
|
178 |
$r = $db->fetchrow(); |
|
179 |
if ( (string) $r['is_mod'] != $mod ) |
|
180 |
{ |
|
181 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); |
|
182 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
183 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 184 |
foreach ( $members as $i => $member ) |
185 |
{ |
|
186 |
if ( $member['member_id'] == $r['member_id'] ) |
|
187 |
$members[$i]['is_mod'] = (int)$mod; |
|
188 |
} |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
189 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>'; |
0 | 190 |
} |
191 |
else |
|
192 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
193 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>'; |
0 | 194 |
} |
195 |
break; |
|
196 |
} |
|
197 |
||
198 |
$db->free_result(); |
|
199 |
||
200 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); |
|
201 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
202 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
203 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>'; |
0 | 204 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
205 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 206 |
FROM '.table_prefix.'users AS u |
207 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
208 |
ON ( m.user_id = u.user_id ) |
|
209 |
LEFT JOIN '.table_prefix.'comments AS c |
|
210 |
ON ( c.name = u.username ) |
|
211 |
WHERE m.group_id=' . $gid . ' |
|
212 |
AND m.pending!=1 |
|
213 |
AND u.user_id=' . $uid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
214 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 215 |
ORDER BY m.is_mod DESC,u.username ASC |
216 |
LIMIT 1;'); |
|
217 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
218 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 219 |
|
220 |
$r = $db->fetchrow(); |
|
221 |
$members[] = $r; |
|
222 |
$db->free_result(); |
|
223 |
||
224 |
break; |
|
225 |
case 'del_users': |
|
226 |
foreach ( $members as $i => $member ) |
|
227 |
{ |
|
228 |
if ( isset($_POST['del_user'][$member['member_id']]) ) |
|
229 |
{ |
|
230 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
231 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
232 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 233 |
unset($members[$i]); |
234 |
} |
|
235 |
} |
|
236 |
break; |
|
237 |
case 'pending': |
|
238 |
foreach ( $pending as $i => $member ) |
|
239 |
{ |
|
240 |
if ( isset( $_POST['with_user'][$member['member_id']]) ) |
|
241 |
{ |
|
242 |
if ( isset ( $_POST['do_appr_pending'] ) ) |
|
243 |
{ |
|
244 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); |
|
245 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
246 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 247 |
$members[] = $member; |
248 |
unset($pending[$i]); |
|
249 |
continue; |
|
250 |
} |
|
251 |
elseif ( isset ( $_POST['do_reject_pending'] ) ) |
|
252 |
{ |
|
253 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
254 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
255 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 256 |
unset($pending[$i]); |
257 |
} |
|
258 |
} |
|
259 |
} |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
260 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>'; |
0 | 261 |
break; |
262 |
} |
|
263 |
} |
|
264 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
265 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff ) |
0 | 266 |
{ |
267 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); |
|
268 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
269 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
270 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>'; |
0 | 271 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
272 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 273 |
FROM '.table_prefix.'users AS u |
274 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
275 |
ON ( m.user_id = u.user_id ) |
|
276 |
LEFT JOIN '.table_prefix.'comments AS c |
|
277 |
ON ( c.name = u.username ) |
|
278 |
WHERE m.group_id=' . $gid . ' |
|
279 |
AND m.pending!=1 |
|
280 |
AND u.user_id=' . $session->user_id . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
281 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 282 |
ORDER BY m.is_mod DESC,u.username ASC |
283 |
LIMIT 1;'); |
|
284 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
285 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 286 |
|
287 |
$r = $db->fetchrow(); |
|
288 |
$members[] = $r; |
|
289 |
$db->free_result(); |
|
290 |
||
291 |
} |
|
292 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
293 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff ) |
0 | 294 |
{ |
295 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); |
|
296 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
297 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
298 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>'; |
0 | 299 |
} |
300 |
||
301 |
$state_btns = ( $can_do_admin_stuff ) ? |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
302 |
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
303 |
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
304 |
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
305 |
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>' |
0 | 306 |
: $g_state; |
307 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member ) |
|
308 |
{ |
|
309 |
if ( $is_pending ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
310 |
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending'); |
0 | 311 |
else |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
312 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />'; |
0 | 313 |
} |
314 |
||
315 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member ) |
|
316 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
317 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />'; |
0 | 318 |
} |
319 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
320 |
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
321 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
322 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
323 |
$row['group_name'] = $str; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
324 |
|
0 | 325 |
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data"> |
326 |
<div class="tblholder"> |
|
327 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
328 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
329 |
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th> |
0 | 330 |
</tr> |
331 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
332 |
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
333 |
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td> |
0 | 334 |
</tr> |
335 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
336 |
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td> |
0 | 337 |
<td class="row1">' . $status . '</td> |
338 |
</tr> |
|
339 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
340 |
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td> |
0 | 341 |
<td class="row1">' . $state_btns . '</td> |
342 |
</tr> |
|
343 |
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? ' |
|
344 |
<tr> |
|
345 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
346 |
<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> |
0 | 347 |
</th> |
348 |
</tr> |
|
349 |
' : '' ) . ' |
|
350 |
</table> |
|
351 |
</div> |
|
352 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
353 |
</form>'; |
|
354 |
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff ) |
|
355 |
{ |
|
356 |
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data"> |
|
357 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
358 |
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2> |
0 | 359 |
<div class="tblholder"> |
360 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
361 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
362 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
363 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
364 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
365 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
366 |
<th>' . $lang->get('groupcp_th_select') . '</th> |
0 | 367 |
</tr>'; |
368 |
$cls = 'row2'; |
|
369 |
foreach ( $pending as $member ) |
|
370 |
{ |
|
371 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
372 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 373 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
374 |
$addy = $email->encryptEmail($member['email']); |
|
375 |
||
376 |
echo "<tr> |
|
377 |
<td class='{$cls}'>{$member['username']}</td> |
|
378 |
<td class='{$cls}'>{$addy}</td> |
|
379 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
380 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 381 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td> |
382 |
</tr>"; |
|
383 |
} |
|
384 |
echo '</table> |
|
385 |
</div> |
|
386 |
<div style="margin: 10px 0 0 auto;"> |
|
387 |
With selected: |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
388 |
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" /> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
389 |
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" /> |
0 | 390 |
</div> |
391 |
</form>'; |
|
392 |
} |
|
393 |
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
394 |
<h2>' . $lang->get('groupcp_th_group_members') . '</h2> |
0 | 395 |
<div class="tblholder"> |
396 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
397 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
398 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
399 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
400 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
401 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
402 |
' . ( ( $can_do_admin_stuff ) ? ' |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
403 |
<th>' . $lang->get('groupcp_th_remove') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
404 |
' : '' ) . ' |
0 | 405 |
</tr> |
406 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
407 |
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th> |
0 | 408 |
</tr>'; |
409 |
$mod_printed = false; |
|
410 |
$mem_printed = false; |
|
411 |
$cls = 'row2'; |
|
412 |
||
413 |
foreach ( $members as $member ) |
|
414 |
{ |
|
415 |
if ( $member['is_mod'] != 1 ) |
|
416 |
break; |
|
417 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
418 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 419 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
420 |
$addy = $email->encryptEmail($member['email']); |
|
421 |
||
422 |
$mod_printed = true; |
|
423 |
||
424 |
echo "<tr> |
|
425 |
<td class='{$cls}'>{$member['username']}</td> |
|
426 |
<td class='{$cls}'>{$addy}</td> |
|
427 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
428 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 429 |
" . ( ( $can_do_admin_stuff ) ? " |
430 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
431 |
" : '' ) . " |
|
432 |
</tr>"; |
|
433 |
} |
|
434 |
if (!$mod_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
435 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>'; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
436 |
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>'; |
0 | 437 |
foreach ( $members as $member ) |
438 |
{ |
|
439 |
if ( $member['is_mod'] == 1 ) |
|
440 |
continue; |
|
441 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
442 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 443 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
444 |
$addy = $email->encryptEmail($member['email']); |
|
445 |
||
446 |
$mem_printed = true; |
|
447 |
||
448 |
echo "<tr> |
|
449 |
<td class='{$cls}'>{$member['username']}</td> |
|
450 |
<td class='{$cls}'>{$addy}</td> |
|
451 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
452 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 453 |
" . ( ( $can_do_admin_stuff ) ? " |
454 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
455 |
" : '' ) . " |
|
456 |
</tr>"; |
|
457 |
} |
|
458 |
if (!$mem_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
459 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>'; |
0 | 460 |
echo ' </table> |
461 |
</div>'; |
|
462 |
if ( $can_do_admin_stuff ) |
|
463 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
464 |
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>"; |
0 | 465 |
} |
466 |
echo '<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
467 |
</form>'; |
|
468 |
if ( $can_do_admin_stuff ) |
|
469 |
{ |
|
470 |
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;"> |
|
471 |
<div class="tblholder"> |
|
472 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
473 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
474 |
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th> |
0 | 475 |
</tr> |
476 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
477 |
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td> |
0 | 478 |
</tr> |
479 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
480 |
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td> |
0 | 481 |
</tr> |
482 |
<tr> |
|
483 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
484 |
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" /> |
0 | 485 |
</th> |
486 |
</tr> |
|
487 |
</table> |
|
488 |
</div> |
|
489 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
490 |
</form>'; |
|
491 |
} |
|
492 |
} |
|
493 |
else |
|
494 |
{ |
|
495 |
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
496 |
echo '<div class="tblholder"> |
|
497 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
498 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
499 |
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th> |
0 | 500 |
</tr> |
501 |
<tr> |
|
30 | 502 |
<td class="row2" style="text-align: right; width: 50%;"> |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
503 |
' . $lang->get('groupcp_lbl_current_memberships') . ' |
0 | 504 |
</td> |
30 | 505 |
<td class="row1" style="width: 50%;">'; |
0 | 506 |
$taboo = Array('Everyone'); |
30 | 507 |
if ( sizeof ( $session->groups ) > count($taboo) ) |
0 | 508 |
{ |
509 |
echo '<select name="group_id">'; |
|
510 |
foreach ( $session->groups as $id => $group ) |
|
511 |
{ |
|
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
512 |
$taboo[] = $db->escape($group); |
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
513 |
$group = htmlspecialchars($group); |
0 | 514 |
if ( $group != 'Everyone' ) |
515 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
516 |
$g_name_local = 'groupcp_grp_' . strtolower($group); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
517 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
518 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
519 |
$group = $str; |
0 | 520 |
echo '<option value="' . $id . '">' . $group . '</option>'; |
521 |
} |
|
522 |
} |
|
523 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
524 |
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />'; |
0 | 525 |
} |
526 |
else |
|
527 |
{ |
|
528 |
echo 'None'; |
|
529 |
} |
|
530 |
||
531 |
echo '</td> |
|
532 |
</tr>'; |
|
533 |
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\''; |
|
534 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;'); |
|
535 |
if(!$q) |
|
536 |
{ |
|
537 |
echo $db->get_error(); |
|
538 |
$template->footer(); |
|
539 |
return; |
|
540 |
} |
|
541 |
if($db->numrows() > 0) |
|
542 |
{ |
|
543 |
echo '<tr> |
|
544 |
<td class="row2" style="text-align: right;"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
545 |
' . $lang->get('groupcp_lbl_non_memberships') . ' |
0 | 546 |
</td> |
547 |
<td class="row1"> |
|
548 |
<select name="group_id_n">'; |
|
549 |
while ( $row = $db->fetchrow() ) |
|
550 |
{ |
|
551 |
if ( $row['group_name'] != 'Everyone' ) |
|
552 |
{ |
|
357 | 553 |
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>'; |
0 | 554 |
} |
555 |
} |
|
556 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
557 |
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" /> |
0 | 558 |
</td> |
559 |
</tr> |
|
560 |
'; |
|
561 |
} |
|
562 |
$db->free_result(); |
|
563 |
echo '</table> |
|
564 |
</div> |
|
565 |
</form>'; |
|
566 |
} |
|
567 |
$template->footer(); |
|
568 |
} |
|
569 |
||
570 |
?> |