plugins/admin/GroupManager.php
changeset 347 299a90e28abc
child 387 92664d2efab8
equal deleted inserted replaced
346:cdf24ba5f114 347:299a90e28abc
       
     1 <?php
       
     2 
       
     3 /*
       
     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
       
     5  * Version 1.0.3 (Dyrad)
       
     6  * Copyright (C) 2006-2007 Dan Fuhry
       
     7  *
       
     8  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
       
     9  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
       
    10  *
       
    11  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
       
    12  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
       
    13  */
       
    14 
       
    15 // Usergroup editor
       
    16 
       
    17 function page_Admin_GroupManager()
       
    18 {
       
    19   global $db, $session, $paths, $template, $plugins; // Common objects
       
    20   global $lang;
       
    21   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
    22   {
       
    23     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
    24     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
    25     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
    26     return;
       
    27   }
       
    28   
       
    29   if(isset($_POST['do_create_stage1']))
       
    30   {
       
    31     if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
       
    32     {
       
    33       echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
       
    34       return;
       
    35     }
       
    36     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
    37     echo '<div class="tblholder">
       
    38           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
    39           <tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr>
       
    40           <tr>
       
    41             <td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td>
       
    42           </tr>
       
    43           <tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2">
       
    44             <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br />
       
    45             <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br />
       
    46             <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br />
       
    47             <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label>
       
    48           </td></tr>
       
    49           <tr>
       
    50             <th class="subhead" colspan="2">
       
    51               <input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" />
       
    52               <input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" />
       
    53             </th>
       
    54           </tr>
       
    55           </table>
       
    56           </div>';
       
    57     echo '</form>';
       
    58     return;
       
    59   }
       
    60   elseif(isset($_POST['do_create_stage2']))
       
    61   {
       
    62     if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
       
    63     {
       
    64       echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
       
    65       return;
       
    66     }
       
    67     if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
       
    68     {
       
    69       echo '<p>Hacking attempt</p>';
       
    70       return;
       
    71     }
       
    72     $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
       
    73     if(!$e)
       
    74     {
       
    75       echo $db->get_error();
       
    76       return;
       
    77     }
       
    78     if($db->numrows() > 0)
       
    79     {
       
    80       echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>';
       
    81       return;
       
    82     }
       
    83     $db->free_result();
       
    84     $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
       
    85     if(!$q)
       
    86     {
       
    87       echo $db->get_error();
       
    88       return;
       
    89     }
       
    90     $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
       
    91     if(!$e)
       
    92     {
       
    93       echo $db->get_error();
       
    94       return;
       
    95     }
       
    96     if($db->numrows() < 1)
       
    97     {
       
    98       echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>';
       
    99       return;
       
   100     }
       
   101     $row = $db->fetchrow();
       
   102     $id = $row['user_id'];
       
   103     $db->free_result();
       
   104     $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
       
   105     if(!$e)
       
   106     {
       
   107       echo $db->get_error();
       
   108       return;
       
   109     }
       
   110     if($db->numrows() < 1)
       
   111     {
       
   112       echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>';
       
   113       return;
       
   114     }
       
   115     $row = $db->fetchrow();
       
   116     $gid = $row['group_id'];
       
   117     $db->free_result();
       
   118     $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
       
   119     if(!$e)
       
   120     {
       
   121       echo $db->get_error();
       
   122       return;
       
   123     }
       
   124     $g_name = htmlspecialchars($_POST['create_group_name']);
       
   125     echo "<div class='info-box'>
       
   126             <b>" . $lang->get('acpug_heading_info') . "</b><br />
       
   127             " . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . "
       
   128           </div>";
       
   129   }
       
   130   if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
       
   131   {
       
   132     // Fetch the group name
       
   133     $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
       
   134     if(!$q)
       
   135     {
       
   136       echo $db->get_error();
       
   137       return;
       
   138     }
       
   139     if($db->numrows() < 1)
       
   140     {
       
   141       echo '<p>Error: couldn\'t look up group name</p>';
       
   142     }
       
   143     $row = $db->fetchrow();
       
   144     $name = htmlspecialchars($row['group_name']);
       
   145     $db->free_result();
       
   146     if(isset($_POST['edit_do']))
       
   147     {
       
   148       if(isset($_POST['edit_do']['del_group']))
       
   149       {
       
   150         if ( $row['system_group'] == 1 )
       
   151         {
       
   152           echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>';
       
   153         }
       
   154         else
       
   155         {
       
   156           $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
       
   157           if(!$q)
       
   158           {
       
   159             echo $db->get_error();
       
   160             return;
       
   161           }
       
   162           $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
       
   163           if(!$q)
       
   164           {
       
   165             echo $db->get_error();
       
   166             return;
       
   167           }
       
   168           echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>';
       
   169           return;
       
   170         }
       
   171       }
       
   172       if(isset($_POST['edit_do']['save_name']))
       
   173       {
       
   174         if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
       
   175         {
       
   176           echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
       
   177           return;
       
   178         }
       
   179         $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
       
   180             WHERE group_id='.intval($_POST['group_edit_id']).';');
       
   181         if(!$q)
       
   182         {
       
   183           echo $db->get_error();
       
   184           return;
       
   185         }
       
   186         else
       
   187         {
       
   188           echo '<div class="info-box" style="margin: 0 0 10px 0;"">
       
   189                   ' . $lang->get('acpug_msg_name_update_success') . '
       
   190                 </div>';
       
   191         }
       
   192         $name = htmlspecialchars($_POST['group_name']);
       
   193         
       
   194       }
       
   195       $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
       
   196                              WHERE group_id='.intval($_POST['group_edit_id']).';');
       
   197       if(!$q)
       
   198       {
       
   199         echo $db->get_error();
       
   200         return;
       
   201       }
       
   202       if($db->numrows() > 0)
       
   203       {
       
   204         while($row = $db->fetchrow($q))
       
   205         {
       
   206           if(isset($_POST['edit_do']['del_' . $row['member_id']]))
       
   207           {
       
   208             $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
       
   209             if(!$e)
       
   210             {
       
   211               echo $db->get_error();
       
   212               return;
       
   213             }
       
   214           }
       
   215         }
       
   216       }
       
   217       $db->free_result();
       
   218       if(isset($_POST['edit_do']['add_member']))
       
   219       {
       
   220         $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
       
   221         if(!$q)
       
   222         {
       
   223           echo $db->get_error();
       
   224           return;
       
   225         }
       
   226         if($db->numrows() > 0)
       
   227         {
       
   228           $row = $db->fetchrow();
       
   229           $user_id = $row['user_id'];
       
   230           $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
       
   231           $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
       
   232           if(!$q)
       
   233           {
       
   234             echo $db->get_error();
       
   235             return;
       
   236           }
       
   237           else
       
   238           {
       
   239             echo '<div class="info-box" style="margin: 0 0 10px 0;"">
       
   240                     ' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '
       
   241                   </div>';
       
   242           }
       
   243         }
       
   244         else
       
   245           echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>';
       
   246       }
       
   247     }
       
   248     $sg_disabled = ( $row['system_group'] == 1 ) ?
       
   249              ' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' :
       
   250              ' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" ';
       
   251     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
   252     echo '<div class="tblholder">
       
   253           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
   254           <tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr>
       
   255           <tr>
       
   256             <td class="row1">
       
   257               ' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" />
       
   258             </td>
       
   259           </tr>
       
   260           <tr>
       
   261             <th class="subhead">
       
   262               <input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" />
       
   263               <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
       
   264             </th>
       
   265           </tr>
       
   266           </table>
       
   267           </div>
       
   268           <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
       
   269     echo '</form>';
       
   270     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
   271     echo '<div class="tblholder">
       
   272           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
   273           <tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>';
       
   274     $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
       
   275                            LEFT JOIN '.table_prefix.'users AS u
       
   276                              ON u.user_id=m.user_id
       
   277                              WHERE m.group_id='.intval($_POST['group_edit_id']).'
       
   278                            ORDER BY m.is_mod DESC, u.username ASC;');
       
   279     if(!$q)
       
   280     {
       
   281       echo $db->get_error();
       
   282       return;
       
   283     }
       
   284     if($db->numrows() < 1)
       
   285     {
       
   286       echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>';
       
   287     }
       
   288     else
       
   289     {
       
   290       $cls = 'row2';
       
   291       while($row = $db->fetchrow())
       
   292       {
       
   293         $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
       
   294         $mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : '';
       
   295         echo '<tr>
       
   296                 <td class="'.$cls.'" style="width: 100%;">
       
   297                   ' . $row['username'] . '
       
   298                 </td>
       
   299                 <td class="'.$cls.'">
       
   300                   '.$mod.'
       
   301                 </td>
       
   302                 <td class="'.$cls.'">
       
   303                   <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" />
       
   304                 </td>
       
   305               </tr>';
       
   306       }
       
   307     }
       
   308     $db->free_result();
       
   309     echo '</table>
       
   310           </div>
       
   311           <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
       
   312     echo '</form>';
       
   313     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
   314     echo '<div class="tblholder">
       
   315           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
   316             <tr>
       
   317               <th>' . $lang->get('acpug_heading_add_member') . '</th>
       
   318             </tr>
       
   319             <tr>
       
   320               <td class="row1">
       
   321                 ' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . '
       
   322               </td>
       
   323             </tr>
       
   324             <tr>
       
   325               <td class="row2">
       
   326                 <label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label>
       
   327                 ' . $lang->get('acpug_field_make_mod_hint') . '
       
   328               </td>
       
   329             </tr>
       
   330             <tr>
       
   331               <th class="subhead">
       
   332                 <input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" />
       
   333               </th>
       
   334             </tr>
       
   335           </table>
       
   336           </div>
       
   337           <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
       
   338     echo '</form>';
       
   339     return;
       
   340   }
       
   341   echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>';
       
   342   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
   343   $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
       
   344   if(!$q)
       
   345   {
       
   346     echo $db->get_error();
       
   347   }
       
   348   else
       
   349   {
       
   350     echo '<div class="tblholder">
       
   351           <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
       
   352           <tr>
       
   353           <th>' . $lang->get('acpug_heading_edit_existing') . '</th>
       
   354           </tr>';
       
   355     echo '<tr><td class="row2"><select name="group_edit_id">';
       
   356     while ( $row = $db->fetchrow() )
       
   357     {
       
   358       if ( $row['group_name'] != 'Everyone' )
       
   359       {
       
   360         echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
       
   361       }
       
   362     }
       
   363     $db->free_result();
       
   364     echo '</select></td></tr>';
       
   365     echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr>
       
   366           </table>
       
   367           </div>
       
   368           </form><br />';
       
   369   }
       
   370   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
   371   echo '<div class="tblholder">
       
   372         <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
       
   373         <tr>
       
   374         <th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th>
       
   375         </tr>';
       
   376   echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
       
   377   echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' &raquo;" /></td></tr>
       
   378         </table>
       
   379         </div>';
       
   380   echo '</form>';
       
   381 }
       
   382 
       
   383 ?>