plugins/admin/GroupManager.php
changeset 631 f4f4146d8b6c
parent 573 43e7254afdb4
child 685 17ebe24cdf85
--- a/plugins/admin/GroupManager.php	Sat Jul 12 04:10:04 2008 -0400
+++ b/plugins/admin/GroupManager.php	Sat Jul 12 04:49:30 2008 -0400
@@ -130,7 +130,7 @@
   if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
   {
     // Fetch the group name
-    $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+    $q = $db->sql_query('SELECT group_name,system_group,group_rank FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
     if(!$q)
     {
       echo $db->get_error();
@@ -176,7 +176,19 @@
           echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
           return;
         }
-        $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+        // determine rank
+        $group_rank =& $_POST['group_rank'];
+        if ( $_POST['group_rank'] !== 'NULL' )
+        {
+          $group_rank = intval($group_rank);
+          if ( empty($group_rank) )
+          {
+            echo '<p>Hacked rank ID</p>';
+            return;
+          }
+        }
+        $row['group_rank'] = $group_rank;
+        $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\',group_rank = ' . $group_rank . '
             WHERE group_id='.intval($_POST['group_edit_id']).';');
         if(!$q)
         {
@@ -201,11 +213,11 @@
       }
       if($db->numrows() > 0)
       {
-        while($row = $db->fetchrow($q))
+        while($delrow = $db->fetchrow($q))
         {
-          if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+          if(isset($_POST['edit_do']['del_' . $delrow['member_id']]))
           {
-            $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+            $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$delrow['member_id']);
             if(!$e)
             {
               echo $db->get_error();
@@ -250,6 +262,17 @@
     $sg_disabled = ( $row['system_group'] == 1 ) ?
              ' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' :
              ' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" ';
+    
+    // build rank list
+    $q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks');
+    if ( !$q )
+      $db->_die();
+    $rank_list = '<option value="NULL"' . ( $row['group_rank'] === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n";
+    while ( $rank_row = $db->fetchrow() )
+    {
+      $rank_list .= '<option value="' . $rank_row['rank_id'] . '"' . ( $rank_row['rank_id'] == $row['group_rank'] ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($rank_row['rank_title'])) . '</option>' . "\n";
+    }
+             
     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
     echo '<div class="tblholder">
           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
@@ -260,6 +283,11 @@
             </td>
           </tr>
           <tr>
+            <td class="row1">
+              ' . $lang->get('acpug_field_group_rank') . ' <select name="group_rank" />' . $rank_list . '</select>
+            </td>
+          </tr>
+          <tr>
             <th class="subhead">
               <input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" />
               <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />