diff -r de56132c008d -r bdac73ed481e plugins/admin/GroupManager.php --- a/plugins/admin/GroupManager.php Sun Mar 28 21:49:26 2010 -0400 +++ b/plugins/admin/GroupManager.php Sun Mar 28 23:10:46 2010 -0400 @@ -15,398 +15,398 @@ function page_Admin_GroupManager() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - if(isset($_POST['do_create_stage1'])) - { - if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) - { - echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; - return; - } - echo '

'; - echo '

- - - - - - - - - -

' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'
' . $lang->get('acpug_field_group_mod') . '	' . $template->username_field('group_mod') . '
' . $lang->get('acpug_field_group_type') . '	- ' . $lang->get('groupcp_type_hidden') . ' - ' . $lang->get('groupcp_type_closed') . ' - ' . $lang->get('groupcp_type_request') . ' - ' . $lang->get('groupcp_type_open') . ' -
- - -

'; - echo '

'; - return; - } - elseif(isset($_POST['do_create_stage2'])) - { - if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) - { - echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; - return; - } - if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) - { - echo '

Hacking attempt

'; - return; - } - $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); - if(!$e) - { - echo $db->get_error(); - return; - } - if($db->numrows() > 0) - { - echo '

' . $lang->get('acpug_err_already_exist') . '

'; - return; - } - $db->free_result(); - $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); - if(!$q) - { - echo $db->get_error(); - return; - } - $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); - if(!$e) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo '

' . $lang->get('acpug_err_bad_username') . '

'; - return; - } - $row = $db->fetchrow(); - $id = $row['user_id']; - $db->free_result(); - $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); - if(!$e) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo '

' . $lang->get('acpug_err_bad_insert_id') . '

'; - return; - } - $row = $db->fetchrow(); - $gid = $row['group_id']; - $db->free_result(); - $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); - if(!$e) - { - echo $db->get_error(); - return; - } - $g_name = htmlspecialchars($_POST['create_group_name']); - echo "

- " . $lang->get('acpug_heading_info') . "
- " . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . " -

"; - } - if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) - { - // Fetch the group name - $q = $db->sql_query('SELECT group_name,system_group,group_rank FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo '

Error: couldn\'t look up group name

'; - } - $row = $db->fetchrow(); - $name = htmlspecialchars($row['group_name']); - $db->free_result(); - if(isset($_POST['edit_do'])) - { - if(isset($_POST['edit_do']['del_group'])) - { - if ( $row['system_group'] == 1 ) - { - echo '

' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '

'; - } - else - { - $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - echo '

' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '

'; - return; - } - } - if(isset($_POST['edit_do']['save_name'])) - { - if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) - { - echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; - return; - } - // determine rank - $group_rank =& $_POST['group_rank']; - if ( $_POST['group_rank'] !== 'NULL' ) - { - $group_rank = intval($group_rank); - if ( empty($group_rank) ) - { - echo '

Hacked rank ID

'; - return; - } - } - $row['group_rank'] = $group_rank; - $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\',group_rank = ' . $group_rank . ' - WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - else - { - echo '

- ' . $lang->get('acpug_msg_name_update_success') . ' -

'; - } - $name = htmlspecialchars($_POST['group_name']); - - } - $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members - WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() > 0) - { - while($delrow = $db->fetchrow($q)) - { - if(isset($_POST['edit_do']['del_' . $delrow['member_id']])) - { - $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$delrow['member_id']); - if(!$e) - { - echo $db->get_error(); - return; - } - } - } - } - $db->free_result(); - if(isset($_POST['edit_do']['add_member'])) - { - $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() > 0) - { - $row = $db->fetchrow(); - $user_id = $row['user_id']; - $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; - $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); - if(!$q) - { - echo $db->get_error(); - return; - } - else - { - - echo '

- ' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . ' -

'; - } - } - else - echo '

' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '

'; - } - generate_cache_userranks(); - } - $sg_disabled = ( $row['system_group'] == 1 ) ? - ' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' : - ' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" '; - - // build rank list - $q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks'); - if ( !$q ) - $db->_die(); - $rank_list = '' . "\n"; - while ( $rank_row = $db->fetchrow() ) - { - $rank_list .= '' . "\n"; - } - - echo '

'; - echo '

- - - - - - - - - - - -

' . $lang->get('acpug_heading_edit_name') . '
- ' . $lang->get('acpug_field_group_name') . ' -
- ' . $lang->get('acpug_field_group_rank') . ' -
- - -

- '; - echo '

'; - echo '

- - '; - $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m - LEFT JOIN '.table_prefix.'users AS u - ON u.user_id=m.user_id - WHERE m.group_id='.intval($_POST['group_edit_id']).' - ORDER BY m.is_mod DESC, u.username ASC;'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo ''; - } - else - { - $cls = 'row2'; - while($row = $db->fetchrow()) - { - $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; - $mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : ''; - echo ' - - - - '; - } - } - $db->free_result(); - echo '

' . $lang->get('acpug_heading_edit_members') . '
' . $lang->get('acpug_msg_no_members') . '
- ' . $row['username'] . ' -	- '.$mod.' -	- -

- '; - echo '

'; - echo '

- - - - - - - - - - - - - -

' . $lang->get('acpug_heading_add_member') . '
- ' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . ' -
- ' . $lang->get('acpug_field_make_mod') . ' - ' . $lang->get('acpug_field_make_mod_hint') . ' -
- -

- '; - echo '

'; - return; - } - echo '

' . $lang->get('acpug_heading_main') . '

'; - echo '

'; - $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); - if(!$q) - { - echo $db->get_error(); - } - else - { - echo '

- - - - '; - echo ''; - echo ' -

' . $lang->get('acpug_heading_edit_existing') . '

' . $lang->get('acpug_heading_create_new') . '
' . $lang->get('acpug_field_group_name') . '

'; - } - echo ''; + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + if(isset($_POST['do_create_stage1'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) + { + echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; + return; + } + echo '

'; + echo '

+ + + + + + + + + +

' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'
' . $lang->get('acpug_field_group_mod') . '	' . $template->username_field('group_mod') . '
' . $lang->get('acpug_field_group_type') . '	+ ' . $lang->get('groupcp_type_hidden') . ' + ' . $lang->get('groupcp_type_closed') . ' + ' . $lang->get('groupcp_type_request') . ' + ' . $lang->get('groupcp_type_open') . ' +
+ + +

'; + echo '

'; + return; + } + elseif(isset($_POST['do_create_stage2'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) + { + echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; + return; + } + if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) + { + echo '

Hacking attempt

'; + return; + } + $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + echo '

' . $lang->get('acpug_err_already_exist') . '

'; + return; + } + $db->free_result(); + $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); + if(!$q) + { + echo $db->get_error(); + return; + } + $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '

' . $lang->get('acpug_err_bad_username') . '

'; + return; + } + $row = $db->fetchrow(); + $id = $row['user_id']; + $db->free_result(); + $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '

' . $lang->get('acpug_err_bad_insert_id') . '

'; + return; + } + $row = $db->fetchrow(); + $gid = $row['group_id']; + $db->free_result(); + $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); + if(!$e) + { + echo $db->get_error(); + return; + } + $g_name = htmlspecialchars($_POST['create_group_name']); + echo "

+ " . $lang->get('acpug_heading_info') . "
+ " . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . " +

"; + } + if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) + { + // Fetch the group name + $q = $db->sql_query('SELECT group_name,system_group,group_rank FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '

Error: couldn\'t look up group name

'; + } + $row = $db->fetchrow(); + $name = htmlspecialchars($row['group_name']); + $db->free_result(); + if(isset($_POST['edit_do'])) + { + if(isset($_POST['edit_do']['del_group'])) + { + if ( $row['system_group'] == 1 ) + { + echo '

' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '

'; + } + else + { + $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + echo '

' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '

'; + return; + } + } + if(isset($_POST['edit_do']['save_name'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) + { + echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; + return; + } + // determine rank + $group_rank =& $_POST['group_rank']; + if ( $_POST['group_rank'] !== 'NULL' ) + { + $group_rank = intval($group_rank); + if ( empty($group_rank) ) + { + echo '

Hacked rank ID

'; + return; + } + } + $row['group_rank'] = $group_rank; + $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\',group_rank = ' . $group_rank . ' + WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + else + { + echo '

+ ' . $lang->get('acpug_msg_name_update_success') . ' +

'; + } + $name = htmlspecialchars($_POST['group_name']); + + } + $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members + WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + while($delrow = $db->fetchrow($q)) + { + if(isset($_POST['edit_do']['del_' . $delrow['member_id']])) + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$delrow['member_id']); + if(!$e) + { + echo $db->get_error(); + return; + } + } + } + } + $db->free_result(); + if(isset($_POST['edit_do']['add_member'])) + { + $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + $row = $db->fetchrow(); + $user_id = $row['user_id']; + $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; + $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); + if(!$q) + { + echo $db->get_error(); + return; + } + else + { + + echo '

+ ' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . ' +

'; + } + } + else + echo '

' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '

'; + } + generate_cache_userranks(); + } + $sg_disabled = ( $row['system_group'] == 1 ) ? + ' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' : + ' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" '; + + // build rank list + $q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks'); + if ( !$q ) + $db->_die(); + $rank_list = '' . "\n"; + while ( $rank_row = $db->fetchrow() ) + { + $rank_list .= '' . "\n"; + } + + echo '

'; + echo '

+ + + + + + + + + + + +

' . $lang->get('acpug_heading_edit_name') . '
+ ' . $lang->get('acpug_field_group_name') . ' +
+ ' . $lang->get('acpug_field_group_rank') . ' +
+ + +

+ '; + echo '

'; + echo '

+ + '; + $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m + LEFT JOIN '.table_prefix.'users AS u + ON u.user_id=m.user_id + WHERE m.group_id='.intval($_POST['group_edit_id']).' + ORDER BY m.is_mod DESC, u.username ASC;'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo ''; + } + else + { + $cls = 'row2'; + while($row = $db->fetchrow()) + { + $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; + $mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : ''; + echo ' + + + + '; + } + } + $db->free_result(); + echo '

' . $lang->get('acpug_heading_edit_members') . '
' . $lang->get('acpug_msg_no_members') . '
+ ' . $row['username'] . ' +	+ '.$mod.' +	+ +

+ '; + echo '

'; + echo '

+ + + + + + + + + + + + + +

' . $lang->get('acpug_heading_add_member') . '
+ ' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . ' +
+ ' . $lang->get('acpug_field_make_mod') . ' + ' . $lang->get('acpug_field_make_mod_hint') . ' +
+ +

+ '; + echo '

'; + return; + } + echo '

' . $lang->get('acpug_heading_main') . '

'; + echo '

'; + $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); + if(!$q) + { + echo $db->get_error(); + } + else + { + echo '

+ + + + '; + echo ''; + echo ' +

' . $lang->get('acpug_heading_edit_existing') . '

'; + } + echo ''; } ?>