Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/SpecialGroups.php
changeset 194 bf0fdec102e9
parent 192 9237767a23ae
child 317 f8356d9c3481
equal deleted inserted replaced
192:9237767a23ae 194:bf0fdec102e9 
    48     $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
 
    48     $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
 
    49     if ( empty($gid) || $gid < 1 )
 
    49     if ( empty($gid) || $gid < 1 )
 
    50     {
 
    50     {
 
    51       die_friendly('Error', '<p>Hacking attempt</p>');
 
    51       die_friendly('Error', '<p>Hacking attempt</p>');
 
    52     }
 
    52     }
 
    53     $q = $db->sql_query('SELECT group_name,group_type FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
 
    53     $q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
 
    54     if ( !$q )
 
    54     if ( !$q )
 
    55     {
 
    55     {
 
    56       $db->_die();
 
    56       $db->_die('SpecialGroups.php, line ' . __LINE__);
 
    57     }
 
    57     }
 
    58     $row = $db->fetchrow();
 
    58     $row = $db->fetchrow();
 
    59     $db->free_result();
 
    59     $db->free_result();
 
    60     $members = array();
 
    60     $members = array();
 
    61     $pending = array();
 
    61     $pending = array();
 
    68                            WHERE m.group_id=' . $gid . '
 
    68                            WHERE m.group_id=' . $gid . '
 
    69                            GROUP BY u.user_id
 
    69                            GROUP BY u.user_id
 
    70                            ORDER BY m.is_mod DESC,u.username ASC;');
 
    70                            ORDER BY m.is_mod DESC,u.username ASC;');
 
    71     if ( !$q )
 
    71     if ( !$q )
 
    72     {
 
    72     {
 
    73       $db->_die();
 
    73       $db->_die('SpecialGroups.php, line ' . __LINE__);
 
    74     }
 
    74     }
 
    75     
    75     
    76     $is_member = false;
 
    76     $is_member = false;
 
    77     $is_mod = false;
 
    77     $is_mod = false;
 
    78     $is_pending = false;
 
    78     $is_pending = false;
 
   125         case 'update':
 
   125         case 'update':
 
   126           if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
 
   126           if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
 
   127           {
 
   127           {
 
   128             die_friendly('ERROR', '<p>Hacking attempt</p>');
 
   128             die_friendly('ERROR', '<p>Hacking attempt</p>');
 
   129           }
 
   129           }
 
   130           $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
 
   130           $q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
 
   131           if (!$q)
 
   131           if ( !$q )
 
   132             $db->_die();
 
   132             $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   133           $row['group_type'] = $_POST['group_state'];
 
   133           $error = false;
 
   134           echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>';
 
   134           if ( $db->numrows() < 1 )
 
       
   135           {
 
       
   136             echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
 
       
   137             $error = true;
 
       
   138           }
 
       
   139           $r = $db->fetchrow();
 
       
   140           if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
 
       
   141           {
 
       
   142             echo '<div class="error-box" style="margin-left: 0;">Because this is a system group, you can\'t make it open or allow membership requests.</div>';
 
       
   143             $error = true;
 
       
   144           }
 
       
   145           if ( !$error )
 
       
   146           {
 
       
   147             $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
 
       
   148             if (!$q)
 
       
   149               $db->_die('SpecialGroups.php, line ' . __LINE__);
 
       
   150             $row['group_type'] = $_POST['group_state'];
 
       
   151             echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>';
 
       
   152           }
 
   135           break;
 
   153           break;
 
   136         case 'adduser':
 
   154         case 'adduser':
 
   137           $username = $_POST['add_username'];
 
   155           $username = $_POST['add_username'];
 
   138           $mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
 
   156           $mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
 
   139           
   157           
   140           $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
 
   158           $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
 
   141           if (!$q)
 
   159           if (!$q)
 
   142             $db->_die();
 
   160             $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   143           if ($db->numrows() < 1)
 
   161           if ($db->numrows() < 1)
 
   144           {
 
   162           {
 
   145             echo '<div class="error-box">The username you entered could not be found.</div>';
 
   163             echo '<div class="error-box">The username you entered could not be found.</div>';
 
   146             break;
 
   164             break;
 
   147           }
 
   165           }
 
   150           $uid = intval($r['user_id']);
 
   168           $uid = intval($r['user_id']);
 
   151 
   169 
   152           // Check if the user is already in the group, and if so, only update modship
 
   170           // Check if the user is already in the group, and if so, only update modship
 
   153           $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
 
   171           $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
 
   154           if ( !$q )
 
   172           if ( !$q )
 
   155             $db->_die();
 
   173             $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   156           if ( $db->numrows() > 0 )
 
   174           if ( $db->numrows() > 0 )
 
   157           {
 
   175           {
 
   158             $r = $db->fetchrow();
 
   176             $r = $db->fetchrow();
 
   159             if ( (string) $r['is_mod'] != $mod )
 
   177             if ( (string) $r['is_mod'] != $mod )
 
   160             {
 
   178             {
 
   161               $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
 
   179               $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
 
   162               if ( !$q )
 
   180               if ( !$q )
 
   163                 $db->_die();
 
   181                 $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   164               foreach ( $members as $i => $member )
 
   182               foreach ( $members as $i => $member )
 
   165               {
 
   183               {
 
   166                 if ( $member['member_id'] == $r['member_id'] )
 
   184                 if ( $member['member_id'] == $r['member_id'] )
 
   167                   $members[$i]['is_mod'] = (int)$mod;
 
   185                   $members[$i]['is_mod'] = (int)$mod;
 
   168               }
 
   186               }
 
   177           
   195           
   178           $db->free_result();
 
   196           $db->free_result();
 
   179           
   197           
   180           $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
 
   198           $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
 
   181           if (!$q)
 
   199           if (!$q)
 
   182             $db->_die();
 
   200             $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   183           echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>';
 
   201           echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>';
 
   184           
   202           
   185           $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
 
   203           $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
 
   186                                  FROM '.table_prefix.'users AS u
 
   204                                  FROM '.table_prefix.'users AS u
 
   187                                  LEFT JOIN '.table_prefix.'group_members AS m
 
   205                                  LEFT JOIN '.table_prefix.'group_members AS m
 
   193                                    AND u.user_id=' . $uid . '
 
   211                                    AND u.user_id=' . $uid . '
 
   194                                  GROUP BY u.user_id
 
   212                                  GROUP BY u.user_id
 
   195                                  ORDER BY m.is_mod DESC,u.username ASC
 
   213                                  ORDER BY m.is_mod DESC,u.username ASC
 
   196                                  LIMIT 1;');
 
   214                                  LIMIT 1;');
 
   197           if ( !$q )
 
   215           if ( !$q )
 
   198             $db->_die();
 
   216             $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   199           
   217           
   200           $r = $db->fetchrow();
 
   218           $r = $db->fetchrow();
 
   201           $members[] = $r;
 
   219           $members[] = $r;
 
   202           $db->free_result();
 
   220           $db->free_result();
 
   203           
   221           
   207           {
 
   225           {
 
   208             if ( isset($_POST['del_user'][$member['member_id']]) )
 
   226             if ( isset($_POST['del_user'][$member['member_id']]) )
 
   209             {
 
   227             {
 
   210               $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
 
   228               $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
 
   211               if (!$q)
 
   229               if (!$q)
 
   212                 $db->_die();
 
   230                 $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   213               unset($members[$i]);
 
   231               unset($members[$i]);
 
   214             }
 
   232             }
 
   215           }
 
   233           }
 
   216           break;
 
   234           break;
 
   217         case 'pending':
 
   235         case 'pending':
 
   221             {
 
   239             {
 
   222               if ( isset ( $_POST['do_appr_pending'] ) )
 
   240               if ( isset ( $_POST['do_appr_pending'] ) )
 
   223               {
 
   241               {
 
   224                 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
 
   242                 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
 
   225                 if (!$q)
 
   243                 if (!$q)
 
   226                   $db->_die();
 
   244                   $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   227                 $members[] = $member;
 
   245                 $members[] = $member;
 
   228                 unset($pending[$i]);
 
   246                 unset($pending[$i]);
 
   229                 continue;
 
   247                 continue;
 
   230               }
 
   248               }
 
   231               elseif ( isset ( $_POST['do_reject_pending'] ) )
 
   249               elseif ( isset ( $_POST['do_reject_pending'] ) )
 
   232               {
 
   250               {
 
   233                 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
 
   251                 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
 
   234                 if (!$q)
 
   252                 if (!$q)
 
   235                   $db->_die();
 
   253                   $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   236                 unset($pending[$i]);
 
   254                 unset($pending[$i]);
 
   237               }
 
   255               }
 
   238             }
 
   256             }
 
   239           }
 
   257           }
 
   240           echo '<div class="info-box">Pending members status updated successfully.</div>';
 
   258           echo '<div class="info-box">Pending members status updated successfully.</div>';
 
   244     
   262     
   245     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN )
 
   263     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN )
 
   246     {
 
   264     {
 
   247       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
 
   265       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
 
   248       if (!$q)
 
   266       if (!$q)
 
   249         $db->_die();
 
   267         $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   250       echo '<div class="info-box">You have been added to this group.</div>';
 
   268       echo '<div class="info-box">You have been added to this group.</div>';
 
   251       
   269       
   252       $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
 
   270       $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
 
   253                              FROM '.table_prefix.'users AS u
 
   271                              FROM '.table_prefix.'users AS u
 
   254                              LEFT JOIN '.table_prefix.'group_members AS m
 
   272                              LEFT JOIN '.table_prefix.'group_members AS m
 
   260                                AND u.user_id=' . $session->user_id . '
 
   278                                AND u.user_id=' . $session->user_id . '
 
   261                              GROUP BY u.user_id
 
   279                              GROUP BY u.user_id
 
   262                              ORDER BY m.is_mod DESC,u.username ASC
 
   280                              ORDER BY m.is_mod DESC,u.username ASC
 
   263                              LIMIT 1;');
 
   281                              LIMIT 1;');
 
   264       if ( !$q )
 
   282       if ( !$q )
 
   265         $db->_die();
 
   283         $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   266       
   284       
   267       $r = $db->fetchrow();
 
   285       $r = $db->fetchrow();
 
   268       $members[] = $r;
 
   286       $members[] = $r;
 
   269       $db->free_result();
 
   287       $db->free_result();
 
   270       
   288       
   272     
   290     
   273     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending )
 
   291     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending )
 
   274     {
 
   292     {
 
   275       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
 
   293       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
 
   276       if (!$q)
 
   294       if (!$q)
 
   277         $db->_die();
 
   295         $db->_die('SpecialGroups.php, line ' . __LINE__);
 
   278       echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>';
 
   296       echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>';
 
   279     }
 
   297     }
 
   280     
   298     
   281     $state_btns = ( $can_do_admin_stuff ) ?
 
   299     $state_btns = ( $can_do_admin_stuff ) ?
 
   282                   '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label>
 
   300                   '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label>
 
   303               <tr>
 
   321               <tr>
 
   304                 <th colspan="2">Group information</th>
 
   322                 <th colspan="2">Group information</th>
 
   305               </tr>
 
   323               </tr>
 
   306               <tr>
 
   324               <tr>
 
   307                 <td class="row2">Group name:</td>
 
   325                 <td class="row2">Group name:</td>
 
   308                 <td class="row1">' . $row['group_name'] . '</td>
 
   326                 <td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' (system group)' : '' ) . '</td>
 
   309               </tr>
 
   327               </tr>
 
   310               <tr>
 
   328               <tr>
 
   311                 <td class="row2">Membership status:</td>
 
   329                 <td class="row2">Membership status:</td>
 
   312                 <td class="row1">' . $status . '</td>
 
   330                 <td class="row1">' . $status . '</td>
 
   313               </tr>
 
   331               </tr>
Enano CMS (1.1.x)