|
1 <?php |
|
2 |
|
3 /* |
|
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
5 * Version 1.0.1 (Loch Ness) |
|
6 * Copyright (C) 2006-2007 Dan Fuhry |
|
7 * |
|
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 * |
|
11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 */ |
|
14 |
|
15 function page_Admin_PageGroups() |
|
16 { |
|
17 global $db, $session, $paths, $template, $plugins; // Common objects |
|
18 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
19 { |
|
20 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
21 return; |
|
22 } |
|
23 |
|
24 if ( isset($_POST['action']) ) |
|
25 { |
|
26 if ( isset($_POST['action']['create']) || isset($_POST['action']['create_stage2']) ) |
|
27 { |
|
28 switch ( isset($_POST['action']['create_stage2']) ) |
|
29 { |
|
30 case true: |
|
31 if ( empty($_POST['pg_name']) || empty($_POST['group_type']) ) |
|
32 { |
|
33 echo '<div class="error-box">Please enter a name for the page group.</div>'; |
|
34 return; |
|
35 } |
|
36 if ( $_POST['group_type'] == PAGE_GRP_TAGGED && empty($_POST['member_tag']) ) |
|
37 { |
|
38 echo '<div class="error-box">Please enter a page tag.</div>'; |
|
39 return; |
|
40 } |
|
41 if ( $_POST['group_type'] == PAGE_GRP_CATLINK && empty($_POST['member_cat']) ) |
|
42 { |
|
43 echo '<div class="error-box">Please create a category page before linking a page group to a category.</div>'; |
|
44 return; |
|
45 } |
|
46 if ( $_POST['group_type'] == PAGE_GRP_NORMAL && empty($_POST['member_page_0']) ) |
|
47 { |
|
48 echo '<div class="error-box">Please specify at least one page to place in this group.</div>'; |
|
49 return; |
|
50 } |
|
51 if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL ) |
|
52 { |
|
53 echo '<div class="error-box">Umm, you sent an invalid group type. I\'d put a real error message here but this will only be shown if you try to hack the system.</div>'; |
|
54 return; |
|
55 } |
|
56 // All checks passed, create the group |
|
57 switch($_POST['group_type']) |
|
58 { |
|
59 case PAGE_GRP_TAGGED: |
|
60 $name = $db->escape($_POST['pg_name']); |
|
61 $tag = $db->escape($_POST['member_tag']); |
|
62 $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_TAGGED . ', \'' . $name . '\', \'' . $tag . '\');'; |
|
63 $q = $db->sql_query($sql); |
|
64 if ( !$q ) |
|
65 $db->_die(); |
|
66 break; |
|
67 case PAGE_GRP_CATLINK: |
|
68 $name = $db->escape($_POST['pg_name']); |
|
69 $cat = $db->escape($_POST['member_cat']); |
|
70 $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_CATLINK . ', \'' . $name . '\', \'' . $cat . '\');'; |
|
71 $q = $db->sql_query($sql); |
|
72 if ( !$q ) |
|
73 $db->_die(); |
|
74 break; |
|
75 case PAGE_GRP_NORMAL: |
|
76 $name = $db->escape($_POST['pg_name']); |
|
77 $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name) VALUES(' . PAGE_GRP_NORMAL . ', \'' . $name . '\');'; |
|
78 $q = $db->sql_query($sql); |
|
79 if ( !$q ) |
|
80 $db->_die(); |
|
81 |
|
82 $ins_id = $db->insert_id(); |
|
83 |
|
84 // Page list |
|
85 $keys = array_keys($_POST); |
|
86 $arr_pages = array(); |
|
87 foreach ( $keys as $val ) |
|
88 { |
|
89 if ( preg_match('/^member_page_([0-9]+?)$/', $val) && !empty($_POST[$val]) && isPage($_POST[$val]) ) |
|
90 { |
|
91 $arr_pages[] = $_POST[$val]; |
|
92 } |
|
93 } |
|
94 $arr_sql = array(); |
|
95 foreach ( $arr_pages as $page ) |
|
96 { |
|
97 list($id, $ns) = RenderMan::strToPageID($page); |
|
98 $id = sanitize_page_id($id); |
|
99 $arr_sql[] = '(' . $ins_id . ',\'' . $db->escape($id) . '\', \'' . $ns . '\')'; |
|
100 } |
|
101 $sql = 'INSERT INTO '.table_prefix.'page_group_members(pg_id,page_id,namespace) VALUES' . implode(',', $arr_sql) . ';'; |
|
102 $q = $db->sql_query($sql); |
|
103 if ( !$q ) |
|
104 $db->_die(); |
|
105 break; |
|
106 } |
|
107 echo '<div class="info-box">The page group "' . htmlspecialchars($_POST['pg_name']) . '" has been created.</div>'; |
|
108 break; |
|
109 } |
|
110 // A little Javascript magic |
|
111 ?> |
|
112 <script language="javascript" type="text/javascript"> |
|
113 function pg_create_typeset(selector) |
|
114 { |
|
115 var pg_normal = <?php echo PAGE_GRP_NORMAL; ?>; |
|
116 var pg_tagged = <?php echo PAGE_GRP_TAGGED; ?>; |
|
117 var pg_catlink = <?php echo PAGE_GRP_CATLINK; ?>; |
|
118 var selection = false; |
|
119 // Get selection |
|
120 for ( var i = 0; i < selector.childNodes.length; i++ ) |
|
121 { |
|
122 var child = selector.childNodes[i]; |
|
123 if ( !child || child.tagName != 'OPTION' ) |
|
124 { |
|
125 continue; |
|
126 } |
|
127 if ( child.selected ) |
|
128 { |
|
129 selection = child.value; |
|
130 } |
|
131 } |
|
132 if ( !selection ) |
|
133 { |
|
134 alert('Cannot get field value'); |
|
135 return true; |
|
136 } |
|
137 selection = parseInt(selection); |
|
138 if ( selection != pg_normal && selection != pg_tagged && selection != pg_catlink ) |
|
139 { |
|
140 alert('Invalid field value'); |
|
141 return true; |
|
142 } |
|
143 |
|
144 // We have the selection and it's validated; show the appropriate field group |
|
145 |
|
146 if ( selection == pg_normal ) |
|
147 { |
|
148 document.getElementById('pg_create_title_catlink').style.display = 'none'; |
|
149 document.getElementById('pg_create_catlink_1').style.display = 'none'; |
|
150 document.getElementById('pg_create_catlink_2').style.display = 'none'; |
|
151 |
|
152 document.getElementById('pg_create_title_tagged').style.display = 'none'; |
|
153 document.getElementById('pg_create_tagged_1').style.display = 'none'; |
|
154 document.getElementById('pg_create_tagged_2').style.display = 'none'; |
|
155 |
|
156 document.getElementById('pg_create_title_normal').style.display = 'inline'; |
|
157 document.getElementById('pg_create_normal_1').style.display = 'block'; |
|
158 document.getElementById('pg_create_normal_2').style.display = 'block'; |
|
159 } |
|
160 else if ( selection == pg_catlink ) |
|
161 { |
|
162 document.getElementById('pg_create_title_catlink').style.display = 'inline'; |
|
163 document.getElementById('pg_create_catlink_1').style.display = 'block'; |
|
164 document.getElementById('pg_create_catlink_2').style.display = 'block'; |
|
165 |
|
166 document.getElementById('pg_create_title_tagged').style.display = 'none'; |
|
167 document.getElementById('pg_create_tagged_1').style.display = 'none'; |
|
168 document.getElementById('pg_create_tagged_2').style.display = 'none'; |
|
169 |
|
170 document.getElementById('pg_create_title_normal').style.display = 'none'; |
|
171 document.getElementById('pg_create_normal_1').style.display = 'none'; |
|
172 document.getElementById('pg_create_normal_2').style.display = 'none'; |
|
173 } |
|
174 else if ( selection == pg_tagged ) |
|
175 { |
|
176 document.getElementById('pg_create_title_catlink').style.display = 'none'; |
|
177 document.getElementById('pg_create_catlink_1').style.display = 'none'; |
|
178 document.getElementById('pg_create_catlink_2').style.display = 'none'; |
|
179 |
|
180 document.getElementById('pg_create_title_tagged').style.display = 'inline'; |
|
181 document.getElementById('pg_create_tagged_1').style.display = 'block'; |
|
182 document.getElementById('pg_create_tagged_2').style.display = 'block'; |
|
183 |
|
184 document.getElementById('pg_create_title_normal').style.display = 'none'; |
|
185 document.getElementById('pg_create_normal_1').style.display = 'none'; |
|
186 document.getElementById('pg_create_normal_2').style.display = 'none'; |
|
187 } |
|
188 |
|
189 } |
|
190 |
|
191 // Set to pg_normal on page load |
|
192 var pg_createform_init = function() |
|
193 { |
|
194 document.getElementById('pg_create_title_catlink').style.display = 'none'; |
|
195 document.getElementById('pg_create_catlink_1').style.display = 'none'; |
|
196 document.getElementById('pg_create_catlink_2').style.display = 'none'; |
|
197 |
|
198 document.getElementById('pg_create_title_tagged').style.display = 'none'; |
|
199 document.getElementById('pg_create_tagged_1').style.display = 'none'; |
|
200 document.getElementById('pg_create_tagged_2').style.display = 'none'; |
|
201 |
|
202 document.getElementById('pg_create_title_normal').style.display = 'inline'; |
|
203 document.getElementById('pg_create_normal_1').style.display = 'block'; |
|
204 document.getElementById('pg_create_normal_2').style.display = 'block'; |
|
205 } |
|
206 |
|
207 addOnloadHook(pg_createform_init); |
|
208 |
|
209 function pg_create_more_fields() |
|
210 { |
|
211 var targettd = document.getElementById('pg_create_normal_2'); |
|
212 var id = 0; |
|
213 for ( var i = 0; i < targettd.childNodes.length; i++ ) |
|
214 { |
|
215 var child = targettd.childNodes[i]; |
|
216 if ( child.tagName == 'INPUT' ) |
|
217 { |
|
218 if ( child.type == 'button' ) |
|
219 { |
|
220 var newInp = document.createElement('input'); |
|
221 // <input type="text" name="member_page_1" id="pg_create_member_1" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br /> |
|
222 newInp.type = 'text'; |
|
223 newInp.name = 'member_page_' + id; |
|
224 newInp.id = 'pg_create_member_' + id; |
|
225 newInp.onkeyup = function(e) { return ajaxPageNameComplete(this); }; |
|
226 newInp.size = '30'; |
|
227 newInp.style.marginTop = '3px'; |
|
228 targettd.insertBefore(newInp, child); |
|
229 targettd.insertBefore(document.createElement('br'), child); |
|
230 break; |
|
231 } |
|
232 else // if ( child.type == 'text' ) |
|
233 { |
|
234 id++; |
|
235 } |
|
236 } |
|
237 } |
|
238 } |
|
239 |
|
240 </script> |
|
241 <?php |
|
242 |
|
243 // Build category list |
|
244 $q = $db->sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';'); |
|
245 if ( !$q ) |
|
246 $db->_die(); |
|
247 |
|
248 if ( $db->numrows() < 1 ) |
|
249 { |
|
250 $catlist = 'There aren\'t any categories on this site.'; |
|
251 } |
|
252 else |
|
253 { |
|
254 $catlist = '<select name="member_cat">'; |
|
255 while ( $row = $db->fetchrow() ) |
|
256 { |
|
257 $catlist .= '<option value="' . htmlspecialchars($row['urlname']) . '">' . htmlspecialchars($row['name']) . '</option>'; |
|
258 } |
|
259 $catlist .= '</select>'; |
|
260 } |
|
261 |
|
262 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized || !__pg_edit_submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
263 |
|
264 echo '<div class="tblholder"> |
|
265 <table border="0" cellspacing="1" cellpadding="4"> |
|
266 <tr> |
|
267 <th colspan="2">Create page group</th> |
|
268 </tr>'; |
|
269 |
|
270 // Name |
|
271 echo '<tr> |
|
272 <td class="row2"> |
|
273 Group name:<br /> |
|
274 <small>This should be short, descriptive, and human-readable.</small> |
|
275 </td> |
|
276 <td class="row1"> |
|
277 <input type="text" name="pg_name" size="30" /> |
|
278 </td> |
|
279 </tr>'; |
|
280 |
|
281 // Group type |
|
282 echo '<tr> |
|
283 <td class="row2"> |
|
284 Group type: |
|
285 </td> |
|
286 <td class="row1"> |
|
287 <select name="group_type" onchange="pg_create_typeset(this);"> |
|
288 <option value="' . PAGE_GRP_NORMAL . '" selected="selected">Static group of pages</option> |
|
289 <option value="' . PAGE_GRP_TAGGED . '">Group of pages with one tag</option> |
|
290 <option value="' . PAGE_GRP_CATLINK . '">Link to category</option> |
|
291 </select> |
|
292 </td> |
|
293 </tr>'; |
|
294 |
|
295 // Titles |
|
296 echo '<tr> |
|
297 <th colspan="2"> |
|
298 <span id="pg_create_title_normal"> |
|
299 Static group of pages |
|
300 </span> |
|
301 <span id="pg_create_title_tagged"> |
|
302 Group of commonly tagged pages |
|
303 </span> |
|
304 <span id="pg_create_title_catlink"> |
|
305 Mirror a category |
|
306 </span> |
|
307 </th> |
|
308 </tr>'; |
|
309 |
|
310 echo '<tr> |
|
311 <td class="row2"> |
|
312 <div id="pg_create_normal_1"> |
|
313 Member pages:<br /> |
|
314 <small>Click the "plus" button to add more fields.</small> |
|
315 </div> |
|
316 <div id="pg_create_catlink_1"> |
|
317 Include pages in this category:<br /> |
|
318 <small>Pages in subcategories are <u>not</u> included, however subcategory pages themselves are.</small> |
|
319 </div> |
|
320 <div id="pg_create_tagged_1"> |
|
321 Include pages with this tag: |
|
322 </div> |
|
323 </td>'; |
|
324 |
|
325 echo ' <td class="row1"> |
|
326 <div id="pg_create_normal_2" /> |
|
327 <input type="text" style="margin-top: 3px;" name="member_page_0" id="pg_create_member_0" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br /> |
|
328 <input type="text" style="margin-top: 3px;" name="member_page_1" id="pg_create_member_1" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br /> |
|
329 <input type="text" style="margin-top: 3px;" name="member_page_2" id="pg_create_member_2" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br /> |
|
330 <input type="text" style="margin-top: 3px;" name="member_page_3" id="pg_create_member_3" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br /> |
|
331 <input type="text" style="margin-top: 3px;" name="member_page_4" id="pg_create_member_4" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br /> |
|
332 <input type="button" onclick="pg_create_more_fields(); return false;" style="margin-top: 5px;" value=" + " /> |
|
333 </div> |
|
334 <div id="pg_create_tagged_2"> |
|
335 <input type="text" name="member_tag" size="30" /> |
|
336 </div> |
|
337 <div id="pg_create_catlink_2"> |
|
338 ' . $catlist . ' |
|
339 </div> |
|
340 </td> |
|
341 </tr>'; |
|
342 |
|
343 // Submit button |
|
344 echo '<tr> |
|
345 <th class="subhead" colspan="2"><input type="submit" name="action[create_stage2]" value="Create page group" style="font-weight: bold;" /> <input type="submit" name="action[noop]" value="Cancel" style="font-weight: normal;" /></th> |
|
346 </tr>'; |
|
347 |
|
348 echo '</table> |
|
349 </div>'; |
|
350 |
|
351 echo '</form>'; |
|
352 return; |
|
353 } |
|
354 else if ( isset($_POST['action']['del']) ) |
|
355 { |
|
356 // Confirmation to delete a group (this is really only a stub) |
|
357 |
|
358 $delete_id = array_keys($_POST['action']['del']); |
|
359 $delete_id = intval($delete_id[0]); |
|
360 |
|
361 if ( !empty($delete_id) ) |
|
362 { |
|
363 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
364 echo '<input type="hidden" name="delete_id" value="' . $delete_id . '" />'; |
|
365 echo '<div class="tblholder">'; |
|
366 echo ' <table border="0" cellspacing="1" cellpadding="4">'; |
|
367 echo ' <tr><th>Confirm deletion</th></tr>'; |
|
368 echo ' <tr><td class="row2" style="text-align: center; padding: 20px 0;">Are you sure you want to delete this page group?</td></tr>'; |
|
369 echo ' <tr><td class="row1" style="text-align: center;">'; |
|
370 echo ' <input type="submit" name="action[del_confirm]" value="Yes, delete group" style="font-weight: bold;" />'; |
|
371 echo ' <input type="submit" name="action[noop]" value="Cancel" style="font-weight: normal;" />'; |
|
372 echo ' </td></tr>'; |
|
373 echo ' </table>'; |
|
374 echo '</form>'; |
|
375 |
|
376 return; |
|
377 } |
|
378 } |
|
379 else if ( isset($_POST['action']['del_confirm']) ) |
|
380 { |
|
381 $delete_id = intval($_POST['delete_id']); |
|
382 if ( empty($delete_id) ) |
|
383 { |
|
384 echo 'Hack attempt'; |
|
385 return; |
|
386 } |
|
387 // Obtain group name |
|
388 $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';'); |
|
389 if ( !$q ) |
|
390 $db->_die(); |
|
391 if ( $db->numrows() < 1 ) |
|
392 { |
|
393 echo 'Page group dun exist.'; |
|
394 return; |
|
395 } |
|
396 $row = $db->fetchrow(); |
|
397 $db->free_result(); |
|
398 $pg_name = $row['pg_name']; |
|
399 unset($row); |
|
400 // Delete the group |
|
401 $q = $db->sql_query('DELETE FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';'); |
|
402 if ( !$q ) |
|
403 $db->_die(); |
|
404 $q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';'); |
|
405 if ( !$q ) |
|
406 $db->_die(); |
|
407 echo "<div class='info-box'>The group ".'"'."$pg_name".'"'." has been deleted.</div>"; |
|
408 } |
|
409 else if ( isset($_POST['action']['edit']) && !isset($_POST['action']['noop']) ) |
|
410 { |
|
411 if ( isset($_POST['action']['edit_save']) ) |
|
412 { |
|
413 } |
|
414 |
|
415 if ( isset($_POST['action']['edit']['add_page']) && isset($_GET['src']) && $_GET['src'] == 'ajax' ) |
|
416 { |
|
417 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
|
418 $return = array('successful' => false); |
|
419 |
|
420 // |
|
421 // Add the specified page to the group |
|
422 // |
|
423 |
|
424 // Get ID of the group |
|
425 $edit_id = intval($_POST['pg_id']); |
|
426 if ( !$edit_id ) |
|
427 { |
|
428 $return = array('mode' => 'error', 'text' => 'Hack attempt'); |
|
429 echo $json->encode($return); |
|
430 return; |
|
431 } |
|
432 |
|
433 // Run some validation - check that page exists and that it's not already in the group |
|
434 $page = $_POST['new_page']; |
|
435 if ( empty($page) ) |
|
436 { |
|
437 $return = array('mode' => 'error', 'text' => 'Please enter a page title.'); |
|
438 echo $json->encode($return); |
|
439 return; |
|
440 } |
|
441 |
|
442 if ( !isPage($page) ) |
|
443 { |
|
444 $return = array('mode' => 'error', 'text' => 'The page you are trying to add (' . htmlspecialchars($page) . ') does not exist.'); |
|
445 echo $json->encode($return); |
|
446 return; |
|
447 } |
|
448 |
|
449 list($page_id, $namespace) = RenderMan::strToPageID($page); |
|
450 $page_id = sanitize_page_id($page_id); |
|
451 |
|
452 $q = $db->sql_query('SELECT "x" FROM '.table_prefix.'page_group_members WHERE pg_id=' . $edit_id . ' AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $namespace . '\';'); |
|
453 if ( !$q ) |
|
454 { |
|
455 $return = array('mode' => 'error', 'text' => $db->get_error()); |
|
456 echo $json->encode($return); |
|
457 return; |
|
458 } |
|
459 if ( $db->numrows() > 0 ) |
|
460 { |
|
461 $return = array('mode' => 'error', 'text' => 'The page you are trying to add is already in this group.'); |
|
462 echo $json->encode($return); |
|
463 return; |
|
464 } |
|
465 |
|
466 $q = $db->sql_query('INSERT INTO '.table_prefix.'page_group_members(pg_id, page_id, namespace) VALUES(' . $edit_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); |
|
467 if ( !$q ) |
|
468 { |
|
469 $return = array('mode' => 'error', 'text' => $db->get_error()); |
|
470 echo $json->encode($return); |
|
471 return; |
|
472 } |
|
473 |
|
474 $title = "($namespace) " . get_page_title($paths->nslist[$namespace] . $page_id); |
|
475 |
|
476 $return = array('mode' => 'info', 'text' => 'The page has been added to the specified group.', 'successful' => true, 'title' => $title, 'member_id' => $db->insert_id()); |
|
477 |
|
478 echo $json->encode($return); |
|
479 return; |
|
480 } |
|
481 |
|
482 if ( isset($_POST['action']['edit_save']) ) |
|
483 { |
|
484 $edit_id = $_POST['action']['edit']; |
|
485 } |
|
486 else |
|
487 { |
|
488 $edit_id = array_keys($_POST['action']['edit']); |
|
489 $edit_id = intval($edit_id[0]); |
|
490 } |
|
491 |
|
492 if ( empty($edit_id) ) |
|
493 { |
|
494 echo 'Hack attempt'; |
|
495 return; |
|
496 } |
|
497 |
|
498 if ( isset($_POST['action']['edit_save']['do_rm']) ) |
|
499 { |
|
500 $vals = array_keys($_POST['action']['edit_save']['rm']); |
|
501 $good = array(); |
|
502 foreach ( $vals as $id ) |
|
503 { |
|
504 if ( strval(intval($id)) == $id ) |
|
505 $good[] = $id; |
|
506 } |
|
507 $subquery = 'pg_member_id=' . implode(' OR pg_member_id=', $good); |
|
508 $sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;"; |
|
509 if ( !$db->sql_query($sql) ) |
|
510 { |
|
511 $db->_die(); |
|
512 } |
|
513 echo '<div class="info-box">The requested page group members have been deleted.</div>'; |
|
514 } |
|
515 |
|
516 // Fetch information about page group |
|
517 $q = $db->sql_query('SELECT pg_name, pg_type, pg_target FROM '.table_prefix.'page_groups WHERE pg_id=' . $edit_id . ';'); |
|
518 if ( !$q ) |
|
519 $db->_die(); |
|
520 |
|
521 if ( $db->numrows() < 1 ) |
|
522 { |
|
523 echo 'Bad request - can\'t load page group from database.'; |
|
524 return; |
|
525 } |
|
526 |
|
527 $row = $db->fetchrow(); |
|
528 $db->free_result(); |
|
529 |
|
530 echo '<form name="pg_edit_frm" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
531 echo '<input type="hidden" name="action[edit]" value="' . $edit_id . '" />'; |
|
532 echo '<div class="tblholder"> |
|
533 <table border="0" cellspacing="1" cellpadding="4"> |
|
534 <tr> |
|
535 <th colspan="3">Editing page group: ' . htmlspecialchars($row['pg_name']) . '</th> |
|
536 </tr>'; |
|
537 // Group name |
|
538 |
|
539 echo ' <tr> |
|
540 <td class="row2">Group name:</td> |
|
541 <td class="row1" colspan="2"><input type="text" name="pg_name" value="' . htmlspecialchars($row['pg_name']) . '" size="30" /></td> |
|
542 </tr>'; |
|
543 |
|
544 $ajax_page_add = false; |
|
545 |
|
546 // This is where the going gets tricky. |
|
547 // For static groups, we need to have each page listed out with a removal button, and a form to add new pages. |
|
548 // For category links, we need a select box with each category in it, and |
|
549 // For tag sets, just a text box to enter a new tag. |
|
550 |
|
551 // You can guess which one I dreaded. |
|
552 |
|
553 switch ( $row['pg_type'] ) |
|
554 { |
|
555 case PAGE_GRP_NORMAL: |
|
556 // You have guessed correct. |
|
557 // *Sits in chair for 10 minutes listening to the radio in an effort to put off writing the code you see below* |
|
558 |
|
559 echo '<tr><th colspan="3" class="subhead"><input type="submit" name="action[edit_save]" value="Save group name" /></th></tr>'; |
|
560 |
|
561 $q = $db->sql_query('SELECT m.pg_member_id,m.page_id,m.namespace FROM '.table_prefix.'page_group_members AS m |
|
562 LEFT JOIN '.table_prefix.'pages AS p |
|
563 ON ( p.urlname = m.page_id AND p.namespace = m.namespace ) |
|
564 WHERE m.pg_id=' . $edit_id . ';'); |
|
565 |
|
566 if ( !$q ) |
|
567 $db->_die(); |
|
568 |
|
569 $delim = ceil( $db->numrows() / 2 ); |
|
570 if ( $delim < 5 ) |
|
571 { |
|
572 $delim = 0xFFFFFFFE; |
|
573 // stupid hack |
|
574 $colspan = '2" id="pg_edit_tackon2me'; |
|
575 } |
|
576 else |
|
577 { |
|
578 $colspan = "1"; |
|
579 } |
|
580 |
|
581 echo '<tr><td class="row2" rowspan="2"><b>Remove</b> pages:</td><td class="row1" colspan="' . $colspan . '">'; |
|
582 $i = 0; |
|
583 |
|
584 while ( $row = $db->fetchrow() ) |
|
585 { |
|
586 $i++; |
|
587 if ( $i == $delim ) |
|
588 { |
|
589 echo '</td><td class="row1" id="pg_edit_tackon2me">'; |
|
590 } |
|
591 $page_name = '(' . $row['namespace'] . ') ' . get_page_title($paths->nslist[$row['namespace']] . $row['page_id']); |
|
592 echo '<label><input type="checkbox" name="action[edit_save][rm][' . $row['pg_member_id'] . ']" /> ' . htmlspecialchars($page_name) . '</label><br />'; |
|
593 } |
|
594 |
|
595 echo '</td></tr>'; |
|
596 echo '<tr><th colspan="2" class="subhead" style="width: 70%;"><input type="submit" name="action[edit_save][do_rm]" value="Remove selected" /></th></tr>'; |
|
597 |
|
598 // More javascript magic! |
|
599 ?> |
|
600 <script type="text/javascript"> |
|
601 var __pg_edit_submitAuthorized = true;; |
|
602 var __ol_pg_edit_setup = function() |
|
603 { |
|
604 var input = document.getElementById('inptext_pg_add_member'); |
|
605 input.onkeyup = function(e) { ajaxPageNameComplete(this); }; |
|
606 input.onkeypress = function(e) { if ( e.keyCode == 13 ) { setTimeout('__pg_edit_ajaxadd(document.getElementById(\'' + this.id + '\'));', 500); } }; |
|
607 } |
|
608 addOnloadHook(__ol_pg_edit_setup); |
|
609 var __pg_edit_objcache = false; |
|
610 function __pg_edit_ajaxadd(obj) |
|
611 { |
|
612 if ( __pg_edit_objcache ) |
|
613 return false; |
|
614 __pg_edit_objcache = obj; |
|
615 |
|
616 if ( obj.nextSibling ) |
|
617 { |
|
618 if ( obj.nextSibling.tagName == 'DIV' ) |
|
619 { |
|
620 obj.parentNode.removeChild(obj.nextSibling); |
|
621 } |
|
622 } |
|
623 |
|
624 // set width on parent, to prevent wrapping of ajax loading image |
|
625 var w = $(obj).Width(); |
|
626 w = w + 24; |
|
627 obj.parentNode.style.width = w + 'px'; |
|
628 |
|
629 // append the ajaxy loading image |
|
630 var img = document.createElement('img'); |
|
631 img.src = scriptPath + '/images/loading.gif'; |
|
632 img.style.marginLeft = '4px'; |
|
633 insertAfter(obj.parentNode, img, obj); |
|
634 |
|
635 var url = makeUrlNS('Admin', 'PageGroups', 'src=ajax'); |
|
636 var page_add = escape(obj.value); |
|
637 var pg_id = document.forms.pg_edit_frm['action[edit]'].value; |
|
638 ajaxPost(url, 'action[edit][add_page]=&pg_id=' + pg_id + '&new_page=' + page_add, function() |
|
639 { |
|
640 if ( ajax.readyState == 4 ) |
|
641 { |
|
642 var obj = __pg_edit_objcache; |
|
643 __pg_edit_objcache = false; |
|
644 |
|
645 // kill the loading graphic |
|
646 obj.parentNode.removeChild(obj.nextSibling); |
|
647 |
|
648 var resptext = String(ajax.responseText + ''); |
|
649 if ( resptext.substr(0, 1) != '{' ) |
|
650 { |
|
651 // This ain't JSON baby. |
|
652 alert('Invalid JSON response:\n' + resptext); |
|
653 return false; |
|
654 } |
|
655 var json = parseJSON(resptext); |
|
656 |
|
657 var div = document.createElement('div'); |
|
658 if ( json.mode == 'info' ) |
|
659 { |
|
660 div.className = 'info-box-mini'; |
|
661 } |
|
662 else if ( json.mode == 'error' ) |
|
663 { |
|
664 div.className = 'error-box-mini'; |
|
665 } |
|
666 div.appendChild(document.createTextNode(json.text)); |
|
667 insertAfter(obj.parentNode, div, obj); |
|
668 |
|
669 if ( json.successful ) |
|
670 { |
|
671 var td = document.getElementById('pg_edit_tackon2me'); |
|
672 var lbl = document.createElement('label'); |
|
673 var check = document.createElement('input'); |
|
674 check.type = 'checkbox'; |
|
675 check.name = 'action[edit_save][rm][' + json.member_id + ']'; |
|
676 lbl.appendChild(check); |
|
677 lbl.appendChild(document.createTextNode(' ' + json.title)); |
|
678 td.appendChild(lbl); |
|
679 td.appendChild(document.createElement('br')); |
|
680 } |
|
681 |
|
682 } |
|
683 }); |
|
684 } |
|
685 </script> |
|
686 <?php |
|
687 |
|
688 $ajax_page_add = true; |
|
689 |
|
690 break; |
|
691 } |
|
692 |
|
693 if ( $ajax_page_add ) |
|
694 { |
|
695 echo '<tr><th colspan="3"><input type="submit" name="action[noop]" value="Cancel all changes" /></th></tr>'; |
|
696 } |
|
697 else |
|
698 { |
|
699 |
|
700 } |
|
701 |
|
702 echo ' </table> |
|
703 </div>'; |
|
704 echo '</form>'; |
|
705 |
|
706 // This needs to be outside of the form. |
|
707 echo '<div class="tblholder"><table border="0" cellspacing="1" cellpadding="4"><tr>'; |
|
708 echo '<th colspan="2">On-the-fly tools</th></tr>'; |
|
709 echo '<tr>'; |
|
710 // Add pages AJAX form |
|
711 echo '<td class="row2">Add page:<br /><small>You can add multiple pages by entering part of a page title, and it will be auto-completed. Press Enter to quickly add the page. This only works if you a really up-to-date browser.</small></td>'; |
|
712 echo '<td class="row1"><input type="text" size="30" name="pg_add_member" id="inptext_pg_add_member" /></td>'; |
|
713 echo '</tr></table></div>'; |
|
714 |
|
715 return; |
|
716 } |
|
717 else if ( isset($_POST['action']['noop']) ) |
|
718 { |
|
719 // Do nothing - skip to main form (noop is usually invoked by a cancel button in a form above) |
|
720 } |
|
721 else |
|
722 { |
|
723 echo '<div class="error-box">Invalid format of $_POST[action].</div>'; |
|
724 } |
|
725 } |
|
726 // No action defined - show default menu |
|
727 |
|
728 echo '<h2>Manage page groups</h2>'; |
|
729 echo '<p>Enano\'s page grouping system allows you to build sets of pages that can be controlled by a single ACL rule. This makes managing features such as a members-only section of your site a lot easier. If you don\'t use the ACL system, you probably don\'t need to use page groups.</p>'; |
|
730 |
|
731 $q = $db->sql_query('SELECT pg_id, pg_type, pg_name, pg_target FROM '.table_prefix.'page_groups;'); |
|
732 if ( !$q ) |
|
733 $db->_die(); |
|
734 |
|
735 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
736 |
|
737 echo '<div class="tblholder"> |
|
738 <table border="0" cellspacing="1" cellpadding="4"> |
|
739 <tr> |
|
740 <th>Group name</th> |
|
741 <th>Type</th> |
|
742 <th>Target</th> |
|
743 <th colspan="2">Actions</th> |
|
744 </tr>'; |
|
745 |
|
746 if ( $row = $db->fetchrow() ) |
|
747 { |
|
748 do |
|
749 { |
|
750 $name = htmlspecialchars($row['pg_name']); |
|
751 $type = 'Invalid'; |
|
752 switch ( $row['pg_type'] ) |
|
753 { |
|
754 case PAGE_GRP_CATLINK: |
|
755 $type = 'Link to category'; |
|
756 break; |
|
757 case PAGE_GRP_TAGGED: |
|
758 $type = 'Set of tagged pages'; |
|
759 break; |
|
760 case PAGE_GRP_NORMAL: |
|
761 $type = 'Static set of pages'; |
|
762 break; |
|
763 } |
|
764 $target = ''; |
|
765 if ( $row['pg_type'] == PAGE_GRP_TAGGED ) |
|
766 { |
|
767 $target = 'Tag: ' . htmlspecialchars($row['pg_target']); |
|
768 } |
|
769 else if ( $row['pg_type'] == PAGE_GRP_CATLINK ) |
|
770 { |
|
771 $target = 'Category: ' . htmlspecialchars(get_page_title($paths->nslist['Category'] . sanitize_page_id($row['pg_target']))); |
|
772 } |
|
773 $btn_edit = '<input type="submit" name="action[edit][' . $row['pg_id'] . ']" value="Edit" />'; |
|
774 $btn_del = '<input type="submit" name="action[del][' . $row['pg_id'] . ']" value="Delete" />'; |
|
775 // stupid jEdit bug/hack |
|
776 $quot = '"'; |
|
777 echo "<tr> |
|
778 <td class={$quot}row1{$quot}>$name</td> |
|
779 <td class={$quot}row2{$quot}>$type</td> |
|
780 <td class={$quot}row1{$quot}>$target</td> |
|
781 <td class={$quot}row3{$quot} style={$quot}text-align: center;{$quot}>$btn_edit</td> |
|
782 <td class={$quot}row3{$quot} style={$quot}text-align: center;{$quot}>$btn_del</td> |
|
783 </tr>"; |
|
784 } |
|
785 while ( $row = $db->fetchrow() ); |
|
786 } |
|
787 else |
|
788 { |
|
789 echo ' <tr><td class="row3" colspan="5" style="text-align: center;">No page groups defined.</td></tr>'; |
|
790 } |
|
791 |
|
792 echo ' <tr> |
|
793 <th class="subhead" colspan="5"> |
|
794 <input type="submit" name="action[create]" value="Create new group" /> |
|
795 </th> |
|
796 </tr>'; |
|
797 |
|
798 echo ' </table> |
|
799 </div>'; |
|
800 |
|
801 echo '</form>'; |
|
802 |
|
803 } |
|
804 |
|
805 ?> |