--- a/plugins/admin/UserRanks.php Sun Mar 28 21:49:26 2010 -0400
+++ b/plugins/admin/UserRanks.php Sun Mar 28 23:10:46 2010 -0400
@@ -13,239 +13,239 @@
function page_Admin_UserRanks()
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
- {
- $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
- echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
- echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
- return;
- }
-
- // This should be a constant somewhere
- $protected_ranks = array(
- RANK_ID_MEMBER,
- RANK_ID_MOD,
- RANK_ID_ADMIN,
- RANK_ID_GUEST
- );
-
- if ( $paths->getParam(0) == 'action.json' )
- {
- // ajax call, try to decode json request
- header('Content-type: application/json');
-
- if ( !isset($_POST['r']) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'Missing JSON request payload'
- ));
- return true;
- }
- try
- {
- $request = enano_json_decode($_POST['r']);
- }
- catch ( Exception $e )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'Invalid JSON request payload'
- ));
- return true;
- }
-
- if ( !isset($request['mode']) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'JSON request payload does not contain required parameter "mode"'
- ));
- return true;
- }
-
- // we've got it
- switch ( $request['mode'] )
- {
- case 'get_rank':
- // easy enough, get a rank from the DB
- $rank_id = intval(@$request['rank_id']);
- if ( empty($rank_id) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'Missing rank ID'
- ));
- return true;
- }
- // query and fetch
- $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
- if ( !$q || $db->numrows() < 1 )
- $db->die_json();
-
- $row = $db->fetchrow();
- $db->free_result();
-
- // why does mysql do this?
- $row['rank_id'] = intval($row['rank_id']);
- echo enano_json_encode($row);
- break;
- case 'save_rank':
- // easy enough, get a rank from the DB
- $rank_id = intval(@$request['rank_id']);
- // note - an empty rank_style field is permitted
- if ( empty($rank_id) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'Missing rank ID'
- ));
- return true;
- }
-
- if ( empty($request['rank_title']) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => $lang->get('acpur_err_missing_rank_title')
- ));
- return true;
- }
-
- // perform update
- $rank_title = $db->escape($request['rank_title']);
- $rank_style = $db->escape(@$request['rank_style']);
- $q = $db->sql_query('UPDATE ' . table_prefix . "ranks SET rank_title = '$rank_title', rank_style = '$rank_style' WHERE rank_id = $rank_id;");
-
- // regenerate the ranks cache
- generate_cache_userranks();
-
- echo enano_json_encode(array(
- 'mode' => 'success'
- ));
- break;
- case 'create_rank':
- if ( empty($request['rank_title']) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => $lang->get('acpur_err_missing_rank_title')
- ));
- return true;
- }
-
- $rank_title = $db->escape($request['rank_title']);
- $rank_style = $db->escape(@$request['rank_style']);
-
- // perform insert
- $q = $db->sql_query('INSERT INTO ' . table_prefix . "ranks ( rank_title, rank_style ) VALUES\n"
- . " ( '$rank_title', '$rank_style' );");
- if ( !$q )
- $db->die_json();
-
- $rank_id = $db->insert_id();
- if ( !$rank_id )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'Refetch of rank ID failed'
- ));
- return true;
- }
-
- // regenerate the ranks cache
- generate_cache_userranks();
-
- echo enano_json_encode(array(
- 'mode' => 'success',
- 'rank_id' => $rank_id
- ));
- break;
- case 'delete_rank':
- // nuke a rank
- $rank_id = intval(@$request['rank_id']);
- if ( empty($rank_id) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'Missing rank ID'
- ));
- return true;
- }
-
- // is this rank protected (e.g. a system rank)?
- if ( in_array($rank_id, $protected_ranks) )
- {
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => $lang->get('acpur_err_cant_delete_system_rank')
- ));
- return true;
- }
-
- // unset any user and groups that might be using it
- $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_rank = NULL WHERE user_rank = $rank_id;");
- if ( !$q )
- $db->die_json();
- $q = $db->sql_query('UPDATE ' . table_prefix . "groups SET group_rank = NULL WHERE group_rank = $rank_id;");
- if ( !$q )
- $db->die_json();
-
- // now remove the rank itself
- $q = $db->sql_query('DELETE FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
- if ( !$q )
- $db->_die();
-
- // regenerate the ranks cache
- generate_cache_userranks();
-
- echo enano_json_encode(array(
- 'mode' => 'success'
- ));
- break;
- default:
- echo enano_json_encode(array(
- 'mode' => 'error',
- 'error' => 'Unknown requested operation'
- ));
- return true;
- }
- return true;
- }
-
- // draw initial interface
- // yes, four paragraphs of introduction. Suck it up.
- echo '<h3>' . $lang->get('acpur_heading_main') . '</h3>';
- echo '<p>' . $lang->get('acpur_intro_para1') . '</p>';
- echo '<p>' . $lang->get('acpur_intro_para2') . '</p>';
- echo '<p>' . $lang->get('acpur_intro_para3') . '</p>';
- echo '<p>' . $lang->get('acpur_intro_para4') . '</p>';
-
- // fetch ranks
- $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks ORDER BY rank_title ASC;");
- if ( !$q )
- $db->_die();
-
- echo '<div class="rankadmin-left" id="admin_ranks_container_left">';
- while ( $row = $db->fetchrow() )
- {
- // format rank according to what its users look like
- // rank titles can be stored as language strings, so have the language manager fetch this
- // normally it refetches (which takes time) if a string isn't found, but it won't try to fetch
- // a string that isn't in the category_stringid format
- $rank_title = $lang->get($row['rank_title']);
- // FIXME: make sure htmlspecialchars() is escaping quotes and backslashes
- echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '" id="rankadmin_editlink_' . $row['rank_id'] . '">' . htmlspecialchars($rank_title) . '</a> ';
- }
- echo '<a href="#rank_create" onclick="ajaxInitRankCreate(); return false;" class="rankadmin-editlink rankadmin-createlink" id="rankadmin_createlink">' . $lang->get('acpur_btn_create_init') . '</a> ';
- echo '</div>';
-
- echo '<div class="rankadmin-right" id="admin_ranks_container_right">';
- echo $lang->get('acpur_msg_select_rank');
- echo '</div>';
- echo '<span class="menuclear"></span>';
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+ if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ {
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
+ return;
+ }
+
+ // This should be a constant somewhere
+ $protected_ranks = array(
+ RANK_ID_MEMBER,
+ RANK_ID_MOD,
+ RANK_ID_ADMIN,
+ RANK_ID_GUEST
+ );
+
+ if ( $paths->getParam(0) == 'action.json' )
+ {
+ // ajax call, try to decode json request
+ header('Content-type: application/json');
+
+ if ( !isset($_POST['r']) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'Missing JSON request payload'
+ ));
+ return true;
+ }
+ try
+ {
+ $request = enano_json_decode($_POST['r']);
+ }
+ catch ( Exception $e )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'Invalid JSON request payload'
+ ));
+ return true;
+ }
+
+ if ( !isset($request['mode']) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'JSON request payload does not contain required parameter "mode"'
+ ));
+ return true;
+ }
+
+ // we've got it
+ switch ( $request['mode'] )
+ {
+ case 'get_rank':
+ // easy enough, get a rank from the DB
+ $rank_id = intval(@$request['rank_id']);
+ if ( empty($rank_id) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'Missing rank ID'
+ ));
+ return true;
+ }
+ // query and fetch
+ $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
+ if ( !$q || $db->numrows() < 1 )
+ $db->die_json();
+
+ $row = $db->fetchrow();
+ $db->free_result();
+
+ // why does mysql do this?
+ $row['rank_id'] = intval($row['rank_id']);
+ echo enano_json_encode($row);
+ break;
+ case 'save_rank':
+ // easy enough, get a rank from the DB
+ $rank_id = intval(@$request['rank_id']);
+ // note - an empty rank_style field is permitted
+ if ( empty($rank_id) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'Missing rank ID'
+ ));
+ return true;
+ }
+
+ if ( empty($request['rank_title']) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => $lang->get('acpur_err_missing_rank_title')
+ ));
+ return true;
+ }
+
+ // perform update
+ $rank_title = $db->escape($request['rank_title']);
+ $rank_style = $db->escape(@$request['rank_style']);
+ $q = $db->sql_query('UPDATE ' . table_prefix . "ranks SET rank_title = '$rank_title', rank_style = '$rank_style' WHERE rank_id = $rank_id;");
+
+ // regenerate the ranks cache
+ generate_cache_userranks();
+
+ echo enano_json_encode(array(
+ 'mode' => 'success'
+ ));
+ break;
+ case 'create_rank':
+ if ( empty($request['rank_title']) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => $lang->get('acpur_err_missing_rank_title')
+ ));
+ return true;
+ }
+
+ $rank_title = $db->escape($request['rank_title']);
+ $rank_style = $db->escape(@$request['rank_style']);
+
+ // perform insert
+ $q = $db->sql_query('INSERT INTO ' . table_prefix . "ranks ( rank_title, rank_style ) VALUES\n"
+ . " ( '$rank_title', '$rank_style' );");
+ if ( !$q )
+ $db->die_json();
+
+ $rank_id = $db->insert_id();
+ if ( !$rank_id )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'Refetch of rank ID failed'
+ ));
+ return true;
+ }
+
+ // regenerate the ranks cache
+ generate_cache_userranks();
+
+ echo enano_json_encode(array(
+ 'mode' => 'success',
+ 'rank_id' => $rank_id
+ ));
+ break;
+ case 'delete_rank':
+ // nuke a rank
+ $rank_id = intval(@$request['rank_id']);
+ if ( empty($rank_id) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'Missing rank ID'
+ ));
+ return true;
+ }
+
+ // is this rank protected (e.g. a system rank)?
+ if ( in_array($rank_id, $protected_ranks) )
+ {
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => $lang->get('acpur_err_cant_delete_system_rank')
+ ));
+ return true;
+ }
+
+ // unset any user and groups that might be using it
+ $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_rank = NULL WHERE user_rank = $rank_id;");
+ if ( !$q )
+ $db->die_json();
+ $q = $db->sql_query('UPDATE ' . table_prefix . "groups SET group_rank = NULL WHERE group_rank = $rank_id;");
+ if ( !$q )
+ $db->die_json();
+
+ // now remove the rank itself
+ $q = $db->sql_query('DELETE FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
+ if ( !$q )
+ $db->_die();
+
+ // regenerate the ranks cache
+ generate_cache_userranks();
+
+ echo enano_json_encode(array(
+ 'mode' => 'success'
+ ));
+ break;
+ default:
+ echo enano_json_encode(array(
+ 'mode' => 'error',
+ 'error' => 'Unknown requested operation'
+ ));
+ return true;
+ }
+ return true;
+ }
+
+ // draw initial interface
+ // yes, four paragraphs of introduction. Suck it up.
+ echo '<h3>' . $lang->get('acpur_heading_main') . '</h3>';
+ echo '<p>' . $lang->get('acpur_intro_para1') . '</p>';
+ echo '<p>' . $lang->get('acpur_intro_para2') . '</p>';
+ echo '<p>' . $lang->get('acpur_intro_para3') . '</p>';
+ echo '<p>' . $lang->get('acpur_intro_para4') . '</p>';
+
+ // fetch ranks
+ $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks ORDER BY rank_title ASC;");
+ if ( !$q )
+ $db->_die();
+
+ echo '<div class="rankadmin-left" id="admin_ranks_container_left">';
+ while ( $row = $db->fetchrow() )
+ {
+ // format rank according to what its users look like
+ // rank titles can be stored as language strings, so have the language manager fetch this
+ // normally it refetches (which takes time) if a string isn't found, but it won't try to fetch
+ // a string that isn't in the category_stringid format
+ $rank_title = $lang->get($row['rank_title']);
+ // FIXME: make sure htmlspecialchars() is escaping quotes and backslashes
+ echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '" id="rankadmin_editlink_' . $row['rank_id'] . '">' . htmlspecialchars($rank_title) . '</a> ';
+ }
+ echo '<a href="#rank_create" onclick="ajaxInitRankCreate(); return false;" class="rankadmin-editlink rankadmin-createlink" id="rankadmin_createlink">' . $lang->get('acpur_btn_create_init') . '</a> ';
+ echo '</div>';
+
+ echo '<div class="rankadmin-right" id="admin_ranks_container_right">';
+ echo $lang->get('acpur_msg_select_rank');
+ echo '</div>';
+ echo '<span class="menuclear"></span>';
}
?>