75
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 5
* Version 1.0.1 (Loch Ness)
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
function page_Admin_PageGroups()
+ − 16
{
+ − 17
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 18
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 19
{
+ − 20
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 21
return;
+ − 22
}
+ − 23
+ − 24
if ( isset($_POST['action']) )
+ − 25
{
+ − 26
if ( isset($_POST['action']['create']) || isset($_POST['action']['create_stage2']) )
+ − 27
{
+ − 28
switch ( isset($_POST['action']['create_stage2']) )
+ − 29
{
+ − 30
case true:
+ − 31
if ( empty($_POST['pg_name']) || empty($_POST['group_type']) )
+ − 32
{
+ − 33
echo '<div class="error-box">Please enter a name for the page group.</div>';
+ − 34
return;
+ − 35
}
+ − 36
if ( $_POST['group_type'] == PAGE_GRP_TAGGED && empty($_POST['member_tag']) )
+ − 37
{
+ − 38
echo '<div class="error-box">Please enter a page tag.</div>';
+ − 39
return;
+ − 40
}
+ − 41
if ( $_POST['group_type'] == PAGE_GRP_CATLINK && empty($_POST['member_cat']) )
+ − 42
{
+ − 43
echo '<div class="error-box">Please create a category page before linking a page group to a category.</div>';
+ − 44
return;
+ − 45
}
+ − 46
if ( $_POST['group_type'] == PAGE_GRP_NORMAL && empty($_POST['member_page_0']) )
+ − 47
{
+ − 48
echo '<div class="error-box">Please specify at least one page to place in this group.</div>';
+ − 49
return;
+ − 50
}
+ − 51
if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL )
+ − 52
{
+ − 53
echo '<div class="error-box">Umm, you sent an invalid group type. I\'d put a real error message here but this will only be shown if you try to hack the system.</div>';
+ − 54
return;
+ − 55
}
+ − 56
// All checks passed, create the group
+ − 57
switch($_POST['group_type'])
+ − 58
{
+ − 59
case PAGE_GRP_TAGGED:
+ − 60
$name = $db->escape($_POST['pg_name']);
+ − 61
$tag = $db->escape($_POST['member_tag']);
+ − 62
$sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_TAGGED . ', \'' . $name . '\', \'' . $tag . '\');';
+ − 63
$q = $db->sql_query($sql);
+ − 64
if ( !$q )
+ − 65
$db->_die();
+ − 66
break;
+ − 67
case PAGE_GRP_CATLINK:
+ − 68
$name = $db->escape($_POST['pg_name']);
+ − 69
$cat = $db->escape($_POST['member_cat']);
+ − 70
$sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_CATLINK . ', \'' . $name . '\', \'' . $cat . '\');';
+ − 71
$q = $db->sql_query($sql);
+ − 72
if ( !$q )
+ − 73
$db->_die();
+ − 74
break;
+ − 75
case PAGE_GRP_NORMAL:
+ − 76
$name = $db->escape($_POST['pg_name']);
+ − 77
$sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name) VALUES(' . PAGE_GRP_NORMAL . ', \'' . $name . '\');';
+ − 78
$q = $db->sql_query($sql);
+ − 79
if ( !$q )
+ − 80
$db->_die();
+ − 81
+ − 82
$ins_id = $db->insert_id();
+ − 83
+ − 84
// Page list
+ − 85
$keys = array_keys($_POST);
+ − 86
$arr_pages = array();
+ − 87
foreach ( $keys as $val )
+ − 88
{
+ − 89
if ( preg_match('/^member_page_([0-9]+?)$/', $val) && !empty($_POST[$val]) && isPage($_POST[$val]) )
+ − 90
{
+ − 91
$arr_pages[] = $_POST[$val];
+ − 92
}
+ − 93
}
+ − 94
$arr_sql = array();
+ − 95
foreach ( $arr_pages as $page )
+ − 96
{
+ − 97
list($id, $ns) = RenderMan::strToPageID($page);
+ − 98
$id = sanitize_page_id($id);
+ − 99
$arr_sql[] = '(' . $ins_id . ',\'' . $db->escape($id) . '\', \'' . $ns . '\')';
+ − 100
}
+ − 101
$sql = 'INSERT INTO '.table_prefix.'page_group_members(pg_id,page_id,namespace) VALUES' . implode(',', $arr_sql) . ';';
+ − 102
$q = $db->sql_query($sql);
+ − 103
if ( !$q )
+ − 104
$db->_die();
+ − 105
break;
+ − 106
}
+ − 107
echo '<div class="info-box">The page group "' . htmlspecialchars($_POST['pg_name']) . '" has been created.</div>';
+ − 108
break;
+ − 109
}
+ − 110
// A little Javascript magic
+ − 111
?>
+ − 112
<script language="javascript" type="text/javascript">
+ − 113
function pg_create_typeset(selector)
+ − 114
{
+ − 115
var pg_normal = <?php echo PAGE_GRP_NORMAL; ?>;
+ − 116
var pg_tagged = <?php echo PAGE_GRP_TAGGED; ?>;
+ − 117
var pg_catlink = <?php echo PAGE_GRP_CATLINK; ?>;
+ − 118
var selection = false;
+ − 119
// Get selection
+ − 120
for ( var i = 0; i < selector.childNodes.length; i++ )
+ − 121
{
+ − 122
var child = selector.childNodes[i];
+ − 123
if ( !child || child.tagName != 'OPTION' )
+ − 124
{
+ − 125
continue;
+ − 126
}
+ − 127
if ( child.selected )
+ − 128
{
+ − 129
selection = child.value;
+ − 130
}
+ − 131
}
+ − 132
if ( !selection )
+ − 133
{
+ − 134
alert('Cannot get field value');
+ − 135
return true;
+ − 136
}
+ − 137
selection = parseInt(selection);
+ − 138
if ( selection != pg_normal && selection != pg_tagged && selection != pg_catlink )
+ − 139
{
+ − 140
alert('Invalid field value');
+ − 141
return true;
+ − 142
}
+ − 143
+ − 144
// We have the selection and it's validated; show the appropriate field group
+ − 145
+ − 146
if ( selection == pg_normal )
+ − 147
{
+ − 148
document.getElementById('pg_create_title_catlink').style.display = 'none';
+ − 149
document.getElementById('pg_create_catlink_1').style.display = 'none';
+ − 150
document.getElementById('pg_create_catlink_2').style.display = 'none';
+ − 151
+ − 152
document.getElementById('pg_create_title_tagged').style.display = 'none';
+ − 153
document.getElementById('pg_create_tagged_1').style.display = 'none';
+ − 154
document.getElementById('pg_create_tagged_2').style.display = 'none';
+ − 155
+ − 156
document.getElementById('pg_create_title_normal').style.display = 'inline';
+ − 157
document.getElementById('pg_create_normal_1').style.display = 'block';
+ − 158
document.getElementById('pg_create_normal_2').style.display = 'block';
+ − 159
}
+ − 160
else if ( selection == pg_catlink )
+ − 161
{
+ − 162
document.getElementById('pg_create_title_catlink').style.display = 'inline';
+ − 163
document.getElementById('pg_create_catlink_1').style.display = 'block';
+ − 164
document.getElementById('pg_create_catlink_2').style.display = 'block';
+ − 165
+ − 166
document.getElementById('pg_create_title_tagged').style.display = 'none';
+ − 167
document.getElementById('pg_create_tagged_1').style.display = 'none';
+ − 168
document.getElementById('pg_create_tagged_2').style.display = 'none';
+ − 169
+ − 170
document.getElementById('pg_create_title_normal').style.display = 'none';
+ − 171
document.getElementById('pg_create_normal_1').style.display = 'none';
+ − 172
document.getElementById('pg_create_normal_2').style.display = 'none';
+ − 173
}
+ − 174
else if ( selection == pg_tagged )
+ − 175
{
+ − 176
document.getElementById('pg_create_title_catlink').style.display = 'none';
+ − 177
document.getElementById('pg_create_catlink_1').style.display = 'none';
+ − 178
document.getElementById('pg_create_catlink_2').style.display = 'none';
+ − 179
+ − 180
document.getElementById('pg_create_title_tagged').style.display = 'inline';
+ − 181
document.getElementById('pg_create_tagged_1').style.display = 'block';
+ − 182
document.getElementById('pg_create_tagged_2').style.display = 'block';
+ − 183
+ − 184
document.getElementById('pg_create_title_normal').style.display = 'none';
+ − 185
document.getElementById('pg_create_normal_1').style.display = 'none';
+ − 186
document.getElementById('pg_create_normal_2').style.display = 'none';
+ − 187
}
+ − 188
+ − 189
}
+ − 190
+ − 191
// Set to pg_normal on page load
+ − 192
var pg_createform_init = function()
+ − 193
{
+ − 194
document.getElementById('pg_create_title_catlink').style.display = 'none';
+ − 195
document.getElementById('pg_create_catlink_1').style.display = 'none';
+ − 196
document.getElementById('pg_create_catlink_2').style.display = 'none';
+ − 197
+ − 198
document.getElementById('pg_create_title_tagged').style.display = 'none';
+ − 199
document.getElementById('pg_create_tagged_1').style.display = 'none';
+ − 200
document.getElementById('pg_create_tagged_2').style.display = 'none';
+ − 201
+ − 202
document.getElementById('pg_create_title_normal').style.display = 'inline';
+ − 203
document.getElementById('pg_create_normal_1').style.display = 'block';
+ − 204
document.getElementById('pg_create_normal_2').style.display = 'block';
+ − 205
}
+ − 206
+ − 207
addOnloadHook(pg_createform_init);
+ − 208
+ − 209
function pg_create_more_fields()
+ − 210
{
+ − 211
var targettd = document.getElementById('pg_create_normal_2');
+ − 212
var id = 0;
+ − 213
for ( var i = 0; i < targettd.childNodes.length; i++ )
+ − 214
{
+ − 215
var child = targettd.childNodes[i];
+ − 216
if ( child.tagName == 'INPUT' )
+ − 217
{
+ − 218
if ( child.type == 'button' )
+ − 219
{
+ − 220
var newInp = document.createElement('input');
+ − 221
// <input type="text" name="member_page_1" id="pg_create_member_1" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
+ − 222
newInp.type = 'text';
+ − 223
newInp.name = 'member_page_' + id;
+ − 224
newInp.id = 'pg_create_member_' + id;
+ − 225
newInp.onkeyup = function(e) { return ajaxPageNameComplete(this); };
+ − 226
newInp.size = '30';
+ − 227
newInp.style.marginTop = '3px';
+ − 228
targettd.insertBefore(newInp, child);
+ − 229
targettd.insertBefore(document.createElement('br'), child);
+ − 230
break;
+ − 231
}
+ − 232
else // if ( child.type == 'text' )
+ − 233
{
+ − 234
id++;
+ − 235
}
+ − 236
}
+ − 237
}
+ − 238
}
+ − 239
+ − 240
</script>
+ − 241
<?php
+ − 242
+ − 243
// Build category list
+ − 244
$q = $db->sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';');
+ − 245
if ( !$q )
+ − 246
$db->_die();
+ − 247
+ − 248
if ( $db->numrows() < 1 )
+ − 249
{
+ − 250
$catlist = 'There aren\'t any categories on this site.';
+ − 251
}
+ − 252
else
+ − 253
{
+ − 254
$catlist = '<select name="member_cat">';
+ − 255
while ( $row = $db->fetchrow() )
+ − 256
{
+ − 257
$catlist .= '<option value="' . htmlspecialchars($row['urlname']) . '">' . htmlspecialchars($row['name']) . '</option>';
+ − 258
}
+ − 259
$catlist .= '</select>';
+ − 260
}
+ − 261
+ − 262
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized || !__pg_edit_submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 263
+ − 264
echo '<div class="tblholder">
+ − 265
<table border="0" cellspacing="1" cellpadding="4">
+ − 266
<tr>
+ − 267
<th colspan="2">Create page group</th>
+ − 268
</tr>';
+ − 269
+ − 270
// Name
+ − 271
echo '<tr>
+ − 272
<td class="row2">
+ − 273
Group name:<br />
+ − 274
<small>This should be short, descriptive, and human-readable.</small>
+ − 275
</td>
+ − 276
<td class="row1">
+ − 277
<input type="text" name="pg_name" size="30" />
+ − 278
</td>
+ − 279
</tr>';
+ − 280
+ − 281
// Group type
+ − 282
echo '<tr>
+ − 283
<td class="row2">
+ − 284
Group type:
+ − 285
</td>
+ − 286
<td class="row1">
+ − 287
<select name="group_type" onchange="pg_create_typeset(this);">
+ − 288
<option value="' . PAGE_GRP_NORMAL . '" selected="selected">Static group of pages</option>
+ − 289
<option value="' . PAGE_GRP_TAGGED . '">Group of pages with one tag</option>
+ − 290
<option value="' . PAGE_GRP_CATLINK . '">Link to category</option>
+ − 291
</select>
+ − 292
</td>
+ − 293
</tr>';
+ − 294
+ − 295
// Titles
+ − 296
echo '<tr>
+ − 297
<th colspan="2">
+ − 298
<span id="pg_create_title_normal">
+ − 299
Static group of pages
+ − 300
</span>
+ − 301
<span id="pg_create_title_tagged">
+ − 302
Group of commonly tagged pages
+ − 303
</span>
+ − 304
<span id="pg_create_title_catlink">
+ − 305
Mirror a category
+ − 306
</span>
+ − 307
</th>
+ − 308
</tr>';
+ − 309
+ − 310
echo '<tr>
+ − 311
<td class="row2">
+ − 312
<div id="pg_create_normal_1">
+ − 313
Member pages:<br />
+ − 314
<small>Click the "plus" button to add more fields.</small>
+ − 315
</div>
+ − 316
<div id="pg_create_catlink_1">
+ − 317
Include pages in this category:<br />
+ − 318
<small>Pages in subcategories are <u>not</u> included, however subcategory pages themselves are.</small>
+ − 319
</div>
+ − 320
<div id="pg_create_tagged_1">
+ − 321
Include pages with this tag:
+ − 322
</div>
+ − 323
</td>';
+ − 324
+ − 325
echo ' <td class="row1">
+ − 326
<div id="pg_create_normal_2" />
+ − 327
<input type="text" style="margin-top: 3px;" name="member_page_0" id="pg_create_member_0" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
+ − 328
<input type="text" style="margin-top: 3px;" name="member_page_1" id="pg_create_member_1" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
+ − 329
<input type="text" style="margin-top: 3px;" name="member_page_2" id="pg_create_member_2" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
+ − 330
<input type="text" style="margin-top: 3px;" name="member_page_3" id="pg_create_member_3" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
+ − 331
<input type="text" style="margin-top: 3px;" name="member_page_4" id="pg_create_member_4" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
+ − 332
<input type="button" onclick="pg_create_more_fields(); return false;" style="margin-top: 5px;" value=" + " />
+ − 333
</div>
+ − 334
<div id="pg_create_tagged_2">
+ − 335
<input type="text" name="member_tag" size="30" />
+ − 336
</div>
+ − 337
<div id="pg_create_catlink_2">
+ − 338
' . $catlist . '
+ − 339
</div>
+ − 340
</td>
+ − 341
</tr>';
+ − 342
+ − 343
// Submit button
+ − 344
echo '<tr>
+ − 345
<th class="subhead" colspan="2"><input type="submit" name="action[create_stage2]" value="Create page group" style="font-weight: bold;" /> <input type="submit" name="action[noop]" value="Cancel" style="font-weight: normal;" /></th>
+ − 346
</tr>';
+ − 347
+ − 348
echo '</table>
+ − 349
</div>';
+ − 350
+ − 351
echo '</form>';
+ − 352
return;
+ − 353
}
+ − 354
else if ( isset($_POST['action']['del']) )
+ − 355
{
+ − 356
// Confirmation to delete a group (this is really only a stub)
+ − 357
+ − 358
$delete_id = array_keys($_POST['action']['del']);
+ − 359
$delete_id = intval($delete_id[0]);
+ − 360
+ − 361
if ( !empty($delete_id) )
+ − 362
{
+ − 363
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 364
echo '<input type="hidden" name="delete_id" value="' . $delete_id . '" />';
+ − 365
echo '<div class="tblholder">';
+ − 366
echo ' <table border="0" cellspacing="1" cellpadding="4">';
+ − 367
echo ' <tr><th>Confirm deletion</th></tr>';
+ − 368
echo ' <tr><td class="row2" style="text-align: center; padding: 20px 0;">Are you sure you want to delete this page group?</td></tr>';
+ − 369
echo ' <tr><td class="row1" style="text-align: center;">';
+ − 370
echo ' <input type="submit" name="action[del_confirm]" value="Yes, delete group" style="font-weight: bold;" />';
+ − 371
echo ' <input type="submit" name="action[noop]" value="Cancel" style="font-weight: normal;" />';
+ − 372
echo ' </td></tr>';
+ − 373
echo ' </table>';
+ − 374
echo '</form>';
+ − 375
+ − 376
return;
+ − 377
}
+ − 378
}
+ − 379
else if ( isset($_POST['action']['del_confirm']) )
+ − 380
{
+ − 381
$delete_id = intval($_POST['delete_id']);
+ − 382
if ( empty($delete_id) )
+ − 383
{
+ − 384
echo 'Hack attempt';
+ − 385
return;
+ − 386
}
+ − 387
// Obtain group name
+ − 388
$q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';');
+ − 389
if ( !$q )
+ − 390
$db->_die();
+ − 391
if ( $db->numrows() < 1 )
+ − 392
{
+ − 393
echo 'Page group dun exist.';
+ − 394
return;
+ − 395
}
+ − 396
$row = $db->fetchrow();
+ − 397
$db->free_result();
+ − 398
$pg_name = $row['pg_name'];
+ − 399
unset($row);
+ − 400
// Delete the group
+ − 401
$q = $db->sql_query('DELETE FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';');
+ − 402
if ( !$q )
+ − 403
$db->_die();
+ − 404
$q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';');
+ − 405
if ( !$q )
+ − 406
$db->_die();
+ − 407
echo "<div class='info-box'>The group ".'"'."$pg_name".'"'." has been deleted.</div>";
+ − 408
}
+ − 409
else if ( isset($_POST['action']['edit']) && !isset($_POST['action']['noop']) )
+ − 410
{
+ − 411
if ( isset($_POST['action']['edit_save']) )
+ − 412
{
+ − 413
}
+ − 414
+ − 415
if ( isset($_POST['action']['edit']['add_page']) && isset($_GET['src']) && $_GET['src'] == 'ajax' )
+ − 416
{
+ − 417
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 418
$return = array('successful' => false);
+ − 419
+ − 420
//
+ − 421
// Add the specified page to the group
+ − 422
//
+ − 423
+ − 424
// Get ID of the group
+ − 425
$edit_id = intval($_POST['pg_id']);
+ − 426
if ( !$edit_id )
+ − 427
{
+ − 428
$return = array('mode' => 'error', 'text' => 'Hack attempt');
+ − 429
echo $json->encode($return);
+ − 430
return;
+ − 431
}
+ − 432
+ − 433
// Run some validation - check that page exists and that it's not already in the group
+ − 434
$page = $_POST['new_page'];
+ − 435
if ( empty($page) )
+ − 436
{
+ − 437
$return = array('mode' => 'error', 'text' => 'Please enter a page title.');
+ − 438
echo $json->encode($return);
+ − 439
return;
+ − 440
}
+ − 441
+ − 442
if ( !isPage($page) )
+ − 443
{
+ − 444
$return = array('mode' => 'error', 'text' => 'The page you are trying to add (' . htmlspecialchars($page) . ') does not exist.');
+ − 445
echo $json->encode($return);
+ − 446
return;
+ − 447
}
+ − 448
+ − 449
list($page_id, $namespace) = RenderMan::strToPageID($page);
+ − 450
$page_id = sanitize_page_id($page_id);
+ − 451
+ − 452
$q = $db->sql_query('SELECT "x" FROM '.table_prefix.'page_group_members WHERE pg_id=' . $edit_id . ' AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $namespace . '\';');
+ − 453
if ( !$q )
+ − 454
{
+ − 455
$return = array('mode' => 'error', 'text' => $db->get_error());
+ − 456
echo $json->encode($return);
+ − 457
return;
+ − 458
}
+ − 459
if ( $db->numrows() > 0 )
+ − 460
{
+ − 461
$return = array('mode' => 'error', 'text' => 'The page you are trying to add is already in this group.');
+ − 462
echo $json->encode($return);
+ − 463
return;
+ − 464
}
+ − 465
+ − 466
$q = $db->sql_query('INSERT INTO '.table_prefix.'page_group_members(pg_id, page_id, namespace) VALUES(' . $edit_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
+ − 467
if ( !$q )
+ − 468
{
+ − 469
$return = array('mode' => 'error', 'text' => $db->get_error());
+ − 470
echo $json->encode($return);
+ − 471
return;
+ − 472
}
+ − 473
+ − 474
$title = "($namespace) " . get_page_title($paths->nslist[$namespace] . $page_id);
+ − 475
+ − 476
$return = array('mode' => 'info', 'text' => 'The page has been added to the specified group.', 'successful' => true, 'title' => $title, 'member_id' => $db->insert_id());
+ − 477
+ − 478
echo $json->encode($return);
+ − 479
return;
+ − 480
}
+ − 481
+ − 482
if ( isset($_POST['action']['edit_save']) )
+ − 483
{
+ − 484
$edit_id = $_POST['action']['edit'];
+ − 485
}
+ − 486
else
+ − 487
{
+ − 488
$edit_id = array_keys($_POST['action']['edit']);
+ − 489
$edit_id = intval($edit_id[0]);
+ − 490
}
+ − 491
+ − 492
if ( empty($edit_id) )
+ − 493
{
+ − 494
echo 'Hack attempt';
+ − 495
return;
+ − 496
}
+ − 497
+ − 498
if ( isset($_POST['action']['edit_save']['do_rm']) )
+ − 499
{
+ − 500
$vals = array_keys($_POST['action']['edit_save']['rm']);
+ − 501
$good = array();
+ − 502
foreach ( $vals as $id )
+ − 503
{
+ − 504
if ( strval(intval($id)) == $id )
+ − 505
$good[] = $id;
+ − 506
}
+ − 507
$subquery = 'pg_member_id=' . implode(' OR pg_member_id=', $good);
+ − 508
$sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;";
+ − 509
if ( !$db->sql_query($sql) )
+ − 510
{
+ − 511
$db->_die();
+ − 512
}
+ − 513
echo '<div class="info-box">The requested page group members have been deleted.</div>';
+ − 514
}
+ − 515
+ − 516
// Fetch information about page group
+ − 517
$q = $db->sql_query('SELECT pg_name, pg_type, pg_target FROM '.table_prefix.'page_groups WHERE pg_id=' . $edit_id . ';');
+ − 518
if ( !$q )
+ − 519
$db->_die();
+ − 520
+ − 521
if ( $db->numrows() < 1 )
+ − 522
{
+ − 523
echo 'Bad request - can\'t load page group from database.';
+ − 524
return;
+ − 525
}
+ − 526
+ − 527
$row = $db->fetchrow();
+ − 528
$db->free_result();
+ − 529
+ − 530
echo '<form name="pg_edit_frm" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 531
echo '<input type="hidden" name="action[edit]" value="' . $edit_id . '" />';
+ − 532
echo '<div class="tblholder">
+ − 533
<table border="0" cellspacing="1" cellpadding="4">
+ − 534
<tr>
+ − 535
<th colspan="3">Editing page group: ' . htmlspecialchars($row['pg_name']) . '</th>
+ − 536
</tr>';
+ − 537
// Group name
+ − 538
+ − 539
echo ' <tr>
+ − 540
<td class="row2">Group name:</td>
+ − 541
<td class="row1" colspan="2"><input type="text" name="pg_name" value="' . htmlspecialchars($row['pg_name']) . '" size="30" /></td>
+ − 542
</tr>';
+ − 543
+ − 544
$ajax_page_add = false;
+ − 545
+ − 546
// This is where the going gets tricky.
+ − 547
// For static groups, we need to have each page listed out with a removal button, and a form to add new pages.
+ − 548
// For category links, we need a select box with each category in it, and
+ − 549
// For tag sets, just a text box to enter a new tag.
+ − 550
+ − 551
// You can guess which one I dreaded.
+ − 552
+ − 553
switch ( $row['pg_type'] )
+ − 554
{
+ − 555
case PAGE_GRP_NORMAL:
+ − 556
// You have guessed correct.
+ − 557
// *Sits in chair for 10 minutes listening to the radio in an effort to put off writing the code you see below*
+ − 558
+ − 559
echo '<tr><th colspan="3" class="subhead"><input type="submit" name="action[edit_save]" value="Save group name" /></th></tr>';
+ − 560
+ − 561
$q = $db->sql_query('SELECT m.pg_member_id,m.page_id,m.namespace FROM '.table_prefix.'page_group_members AS m
+ − 562
LEFT JOIN '.table_prefix.'pages AS p
+ − 563
ON ( p.urlname = m.page_id AND p.namespace = m.namespace )
+ − 564
WHERE m.pg_id=' . $edit_id . ';');
+ − 565
+ − 566
if ( !$q )
+ − 567
$db->_die();
+ − 568
+ − 569
$delim = ceil( $db->numrows() / 2 );
+ − 570
if ( $delim < 5 )
+ − 571
{
+ − 572
$delim = 0xFFFFFFFE;
+ − 573
// stupid hack
+ − 574
$colspan = '2" id="pg_edit_tackon2me';
+ − 575
}
+ − 576
else
+ − 577
{
+ − 578
$colspan = "1";
+ − 579
}
+ − 580
+ − 581
echo '<tr><td class="row2" rowspan="2"><b>Remove</b> pages:</td><td class="row1" colspan="' . $colspan . '">';
+ − 582
$i = 0;
+ − 583
+ − 584
while ( $row = $db->fetchrow() )
+ − 585
{
+ − 586
$i++;
+ − 587
if ( $i == $delim )
+ − 588
{
+ − 589
echo '</td><td class="row1" id="pg_edit_tackon2me">';
+ − 590
}
+ − 591
$page_name = '(' . $row['namespace'] . ') ' . get_page_title($paths->nslist[$row['namespace']] . $row['page_id']);
+ − 592
echo '<label><input type="checkbox" name="action[edit_save][rm][' . $row['pg_member_id'] . ']" /> ' . htmlspecialchars($page_name) . '</label><br />';
+ − 593
}
+ − 594
+ − 595
echo '</td></tr>';
+ − 596
echo '<tr><th colspan="2" class="subhead" style="width: 70%;"><input type="submit" name="action[edit_save][do_rm]" value="Remove selected" /></th></tr>';
+ − 597
+ − 598
// More javascript magic!
+ − 599
?>
+ − 600
<script type="text/javascript">
+ − 601
var __pg_edit_submitAuthorized = true;;
+ − 602
var __ol_pg_edit_setup = function()
+ − 603
{
+ − 604
var input = document.getElementById('inptext_pg_add_member');
+ − 605
input.onkeyup = function(e) { ajaxPageNameComplete(this); };
+ − 606
input.onkeypress = function(e) { if ( e.keyCode == 13 ) { setTimeout('__pg_edit_ajaxadd(document.getElementById(\'' + this.id + '\'));', 500); } };
+ − 607
}
+ − 608
addOnloadHook(__ol_pg_edit_setup);
+ − 609
var __pg_edit_objcache = false;
+ − 610
function __pg_edit_ajaxadd(obj)
+ − 611
{
+ − 612
if ( __pg_edit_objcache )
+ − 613
return false;
+ − 614
__pg_edit_objcache = obj;
+ − 615
+ − 616
if ( obj.nextSibling )
+ − 617
{
+ − 618
if ( obj.nextSibling.tagName == 'DIV' )
+ − 619
{
+ − 620
obj.parentNode.removeChild(obj.nextSibling);
+ − 621
}
+ − 622
}
+ − 623
+ − 624
// set width on parent, to prevent wrapping of ajax loading image
+ − 625
var w = $(obj).Width();
+ − 626
w = w + 24;
+ − 627
obj.parentNode.style.width = w + 'px';
+ − 628
+ − 629
// append the ajaxy loading image
+ − 630
var img = document.createElement('img');
+ − 631
img.src = scriptPath + '/images/loading.gif';
+ − 632
img.style.marginLeft = '4px';
+ − 633
insertAfter(obj.parentNode, img, obj);
+ − 634
+ − 635
var url = makeUrlNS('Admin', 'PageGroups', 'src=ajax');
+ − 636
var page_add = escape(obj.value);
+ − 637
var pg_id = document.forms.pg_edit_frm['action[edit]'].value;
+ − 638
ajaxPost(url, 'action[edit][add_page]=&pg_id=' + pg_id + '&new_page=' + page_add, function()
+ − 639
{
+ − 640
if ( ajax.readyState == 4 )
+ − 641
{
+ − 642
var obj = __pg_edit_objcache;
+ − 643
__pg_edit_objcache = false;
+ − 644
+ − 645
// kill the loading graphic
+ − 646
obj.parentNode.removeChild(obj.nextSibling);
+ − 647
+ − 648
var resptext = String(ajax.responseText + '');
+ − 649
if ( resptext.substr(0, 1) != '{' )
+ − 650
{
+ − 651
// This ain't JSON baby.
+ − 652
alert('Invalid JSON response:\n' + resptext);
+ − 653
return false;
+ − 654
}
+ − 655
var json = parseJSON(resptext);
+ − 656
+ − 657
var div = document.createElement('div');
+ − 658
if ( json.mode == 'info' )
+ − 659
{
+ − 660
div.className = 'info-box-mini';
+ − 661
}
+ − 662
else if ( json.mode == 'error' )
+ − 663
{
+ − 664
div.className = 'error-box-mini';
+ − 665
}
+ − 666
div.appendChild(document.createTextNode(json.text));
+ − 667
insertAfter(obj.parentNode, div, obj);
+ − 668
+ − 669
if ( json.successful )
+ − 670
{
+ − 671
var td = document.getElementById('pg_edit_tackon2me');
+ − 672
var lbl = document.createElement('label');
+ − 673
var check = document.createElement('input');
+ − 674
check.type = 'checkbox';
+ − 675
check.name = 'action[edit_save][rm][' + json.member_id + ']';
+ − 676
lbl.appendChild(check);
+ − 677
lbl.appendChild(document.createTextNode(' ' + json.title));
+ − 678
td.appendChild(lbl);
+ − 679
td.appendChild(document.createElement('br'));
+ − 680
}
+ − 681
+ − 682
}
+ − 683
});
+ − 684
}
+ − 685
</script>
+ − 686
<?php
+ − 687
+ − 688
$ajax_page_add = true;
+ − 689
+ − 690
break;
+ − 691
}
+ − 692
+ − 693
if ( $ajax_page_add )
+ − 694
{
+ − 695
echo '<tr><th colspan="3"><input type="submit" name="action[noop]" value="Cancel all changes" /></th></tr>';
+ − 696
}
+ − 697
else
+ − 698
{
+ − 699
+ − 700
}
+ − 701
+ − 702
echo ' </table>
+ − 703
</div>';
+ − 704
echo '</form>';
+ − 705
+ − 706
// This needs to be outside of the form.
+ − 707
echo '<div class="tblholder"><table border="0" cellspacing="1" cellpadding="4"><tr>';
+ − 708
echo '<th colspan="2">On-the-fly tools</th></tr>';
+ − 709
echo '<tr>';
+ − 710
// Add pages AJAX form
+ − 711
echo '<td class="row2">Add page:<br /><small>You can add multiple pages by entering part of a page title, and it will be auto-completed. Press Enter to quickly add the page. This only works if you a really up-to-date browser.</small></td>';
+ − 712
echo '<td class="row1"><input type="text" size="30" name="pg_add_member" id="inptext_pg_add_member" /></td>';
+ − 713
echo '</tr></table></div>';
+ − 714
+ − 715
return;
+ − 716
}
+ − 717
else if ( isset($_POST['action']['noop']) )
+ − 718
{
+ − 719
// Do nothing - skip to main form (noop is usually invoked by a cancel button in a form above)
+ − 720
}
+ − 721
else
+ − 722
{
+ − 723
echo '<div class="error-box">Invalid format of $_POST[action].</div>';
+ − 724
}
+ − 725
}
+ − 726
// No action defined - show default menu
+ − 727
+ − 728
echo '<h2>Manage page groups</h2>';
+ − 729
echo '<p>Enano\'s page grouping system allows you to build sets of pages that can be controlled by a single ACL rule. This makes managing features such as a members-only section of your site a lot easier. If you don\'t use the ACL system, you probably don\'t need to use page groups.</p>';
+ − 730
+ − 731
$q = $db->sql_query('SELECT pg_id, pg_type, pg_name, pg_target FROM '.table_prefix.'page_groups;');
+ − 732
if ( !$q )
+ − 733
$db->_die();
+ − 734
+ − 735
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 736
+ − 737
echo '<div class="tblholder">
+ − 738
<table border="0" cellspacing="1" cellpadding="4">
+ − 739
<tr>
+ − 740
<th>Group name</th>
+ − 741
<th>Type</th>
+ − 742
<th>Target</th>
+ − 743
<th colspan="2">Actions</th>
+ − 744
</tr>';
+ − 745
+ − 746
if ( $row = $db->fetchrow() )
+ − 747
{
+ − 748
do
+ − 749
{
+ − 750
$name = htmlspecialchars($row['pg_name']);
+ − 751
$type = 'Invalid';
+ − 752
switch ( $row['pg_type'] )
+ − 753
{
+ − 754
case PAGE_GRP_CATLINK:
+ − 755
$type = 'Link to category';
+ − 756
break;
+ − 757
case PAGE_GRP_TAGGED:
+ − 758
$type = 'Set of tagged pages';
+ − 759
break;
+ − 760
case PAGE_GRP_NORMAL:
+ − 761
$type = 'Static set of pages';
+ − 762
break;
+ − 763
}
+ − 764
$target = '';
+ − 765
if ( $row['pg_type'] == PAGE_GRP_TAGGED )
+ − 766
{
+ − 767
$target = 'Tag: ' . htmlspecialchars($row['pg_target']);
+ − 768
}
+ − 769
else if ( $row['pg_type'] == PAGE_GRP_CATLINK )
+ − 770
{
+ − 771
$target = 'Category: ' . htmlspecialchars(get_page_title($paths->nslist['Category'] . sanitize_page_id($row['pg_target'])));
+ − 772
}
+ − 773
$btn_edit = '<input type="submit" name="action[edit][' . $row['pg_id'] . ']" value="Edit" />';
+ − 774
$btn_del = '<input type="submit" name="action[del][' . $row['pg_id'] . ']" value="Delete" />';
+ − 775
// stupid jEdit bug/hack
+ − 776
$quot = '"';
+ − 777
echo "<tr>
+ − 778
<td class={$quot}row1{$quot}>$name</td>
+ − 779
<td class={$quot}row2{$quot}>$type</td>
+ − 780
<td class={$quot}row1{$quot}>$target</td>
+ − 781
<td class={$quot}row3{$quot} style={$quot}text-align: center;{$quot}>$btn_edit</td>
+ − 782
<td class={$quot}row3{$quot} style={$quot}text-align: center;{$quot}>$btn_del</td>
+ − 783
</tr>";
+ − 784
}
+ − 785
while ( $row = $db->fetchrow() );
+ − 786
}
+ − 787
else
+ − 788
{
+ − 789
echo ' <tr><td class="row3" colspan="5" style="text-align: center;">No page groups defined.</td></tr>';
+ − 790
}
+ − 791
+ − 792
echo ' <tr>
+ − 793
<th class="subhead" colspan="5">
+ − 794
<input type="submit" name="action[create]" value="Create new group" />
+ − 795
</th>
+ − 796
</tr>';
+ − 797
+ − 798
echo ' </table>
+ − 799
</div>';
+ − 800
+ − 801
echo '</form>';
+ − 802
+ − 803
}
+ − 804
+ − 805
?>