author | Dan |
Sat, 07 Jun 2008 12:39:24 -0400 | |
changeset 557 | 26479224936a |
parent 541 | acb7e23b6ffa |
child 564 | a1c450a911a6 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
2 |
/**!info** |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
3 |
{ |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialgroups_title", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
6 |
"Description" : "plugin_specialgroups_desc", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
8 |
"Version" : "1.1.3", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
10 |
} |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
11 |
**!*/ |
0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
536 | 15 |
* Version 1.1.4 (Caoineag alpha 4) |
0 | 16 |
* Copyright (C) 2007 Dan Fuhry |
17 |
* |
|
18 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
19 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
20 |
* |
|
21 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
22 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
23 |
*/ |
|
24 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
25 |
$plugins->attachHook('session_started', ' |
0 | 26 |
global $paths; |
27 |
$paths->add_page(Array( |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
28 |
\'name\'=>\'specialpage_groupcp\', |
0 | 29 |
\'urlname\'=>\'Usergroups\', |
30 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
85
diff
changeset
|
31 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 32 |
)); |
33 |
'); |
|
34 |
||
35 |
function page_Special_Usergroups() |
|
36 |
{ |
|
37 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
38 |
global $email; // Import e-mail encryption functions |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
39 |
global $lang; |
0 | 40 |
|
41 |
if ( !$session->user_logged_in ) |
|
42 |
{ |
|
43 |
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page)); |
|
44 |
$db->close(); |
|
45 |
exit; |
|
46 |
} |
|
47 |
||
48 |
$template->header(); |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
49 |
userprefs_show_menu(); |
0 | 50 |
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) ) |
51 |
{ |
|
52 |
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); |
|
53 |
if ( empty($gid) || $gid < 1 ) |
|
54 |
{ |
|
55 |
die_friendly('Error', '<p>Hacking attempt</p>'); |
|
56 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
57 |
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); |
0 | 58 |
if ( !$q ) |
59 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
60 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 61 |
} |
62 |
$row = $db->fetchrow(); |
|
63 |
$db->free_result(); |
|
64 |
$members = array(); |
|
65 |
$pending = array(); |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
66 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments |
0 | 67 |
FROM '.table_prefix.'users AS u |
68 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
69 |
ON ( m.user_id = u.user_id ) |
|
70 |
LEFT JOIN '.table_prefix.'comments AS c |
|
71 |
ON ( c.name = u.username ) |
|
72 |
WHERE m.group_id=' . $gid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
73 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending |
0 | 74 |
ORDER BY m.is_mod DESC,u.username ASC;'); |
75 |
if ( !$q ) |
|
76 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
77 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 78 |
} |
79 |
||
80 |
$is_member = false; |
|
81 |
$is_mod = false; |
|
82 |
$is_pending = false; |
|
83 |
||
84 |
while ( $mr = $db->fetchrow() ) |
|
85 |
{ |
|
86 |
if ( $mr['pending'] == 1 ) |
|
87 |
{ |
|
88 |
$pending[] = $mr; |
|
89 |
if ( $mr['user_id'] == $session->user_id ) |
|
90 |
{ |
|
91 |
$is_pending = true; |
|
92 |
} |
|
93 |
} |
|
94 |
else |
|
95 |
{ |
|
96 |
$members[] = $mr; |
|
97 |
if ( $mr['user_id'] == $session->user_id ) |
|
98 |
{ |
|
99 |
$is_member = true; |
|
100 |
if ( $mr['is_mod'] == 1 ) |
|
101 |
{ |
|
102 |
$is_mod = true; |
|
103 |
} |
|
104 |
} |
|
105 |
} |
|
106 |
} |
|
107 |
||
108 |
$status = ( $is_member && $is_mod ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
109 |
? $lang->get('groupcp_status_mod') |
0 | 110 |
: ( ( $is_member && !$is_mod ) |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
111 |
? $lang->get('groupcp_status_member') |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
112 |
: $lang->get('groupcp_status_not_member') |
0 | 113 |
); |
114 |
||
115 |
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ); |
|
116 |
||
117 |
switch ( $row['group_type'] ) |
|
118 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
119 |
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
120 |
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
121 |
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
122 |
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break; |
0 | 123 |
} |
124 |
||
125 |
if ( isset($_GET['act']) && $can_do_admin_stuff ) |
|
126 |
{ |
|
127 |
switch($_GET['act']) |
|
128 |
{ |
|
129 |
case 'update': |
|
130 |
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
131 |
{ |
|
132 |
die_friendly('ERROR', '<p>Hacking attempt</p>'); |
|
133 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
134 |
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
135 |
if ( !$q ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
136 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
137 |
$error = false; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
138 |
if ( $db->numrows() < 1 ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
139 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
140 |
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>'; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
141 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
142 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
143 |
$r = $db->fetchrow(); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
144 |
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
145 |
{ |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
146 |
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
147 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
148 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
149 |
if ( !$error ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
150 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
151 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
152 |
if (!$q) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
153 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
154 |
$row['group_type'] = $_POST['group_state']; |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
155 |
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
156 |
} |
0 | 157 |
break; |
158 |
case 'adduser': |
|
159 |
$username = $_POST['add_username']; |
|
160 |
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; |
|
161 |
||
162 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); |
|
163 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
164 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 165 |
if ($db->numrows() < 1) |
166 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
167 |
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>'; |
0 | 168 |
break; |
169 |
} |
|
170 |
$r = $db->fetchrow(); |
|
171 |
$db->free_result(); |
|
172 |
$uid = intval($r['user_id']); |
|
173 |
||
174 |
// Check if the user is already in the group, and if so, only update modship |
|
175 |
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); |
|
176 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
177 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 178 |
if ( $db->numrows() > 0 ) |
179 |
{ |
|
180 |
$r = $db->fetchrow(); |
|
181 |
if ( (string) $r['is_mod'] != $mod ) |
|
182 |
{ |
|
183 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); |
|
184 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
185 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 186 |
foreach ( $members as $i => $member ) |
187 |
{ |
|
188 |
if ( $member['member_id'] == $r['member_id'] ) |
|
189 |
$members[$i]['is_mod'] = (int)$mod; |
|
190 |
} |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
191 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>'; |
0 | 192 |
} |
193 |
else |
|
194 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
195 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>'; |
0 | 196 |
} |
197 |
break; |
|
198 |
} |
|
199 |
||
200 |
$db->free_result(); |
|
201 |
||
202 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); |
|
203 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
204 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
205 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>'; |
0 | 206 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
207 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 208 |
FROM '.table_prefix.'users AS u |
209 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
210 |
ON ( m.user_id = u.user_id ) |
|
211 |
LEFT JOIN '.table_prefix.'comments AS c |
|
212 |
ON ( c.name = u.username ) |
|
213 |
WHERE m.group_id=' . $gid . ' |
|
214 |
AND m.pending!=1 |
|
215 |
AND u.user_id=' . $uid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
216 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 217 |
ORDER BY m.is_mod DESC,u.username ASC |
218 |
LIMIT 1;'); |
|
219 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
220 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 221 |
|
222 |
$r = $db->fetchrow(); |
|
223 |
$members[] = $r; |
|
224 |
$db->free_result(); |
|
225 |
||
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
226 |
// just added a user to the group, so regenerate the ranks cache |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
227 |
generate_ranks_cache(); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
228 |
|
0 | 229 |
break; |
230 |
case 'del_users': |
|
231 |
foreach ( $members as $i => $member ) |
|
232 |
{ |
|
233 |
if ( isset($_POST['del_user'][$member['member_id']]) ) |
|
234 |
{ |
|
235 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
236 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
237 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 238 |
unset($members[$i]); |
239 |
} |
|
240 |
} |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
241 |
// regenerate the ranks cache |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
242 |
generate_ranks_cache(); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
243 |
|
0 | 244 |
break; |
245 |
case 'pending': |
|
246 |
foreach ( $pending as $i => $member ) |
|
247 |
{ |
|
248 |
if ( isset( $_POST['with_user'][$member['member_id']]) ) |
|
249 |
{ |
|
250 |
if ( isset ( $_POST['do_appr_pending'] ) ) |
|
251 |
{ |
|
252 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); |
|
253 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
254 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 255 |
$members[] = $member; |
256 |
unset($pending[$i]); |
|
257 |
continue; |
|
258 |
} |
|
259 |
elseif ( isset ( $_POST['do_reject_pending'] ) ) |
|
260 |
{ |
|
261 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
262 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
263 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 264 |
unset($pending[$i]); |
265 |
} |
|
266 |
} |
|
267 |
} |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
268 |
// memberships updated/changed, regenerate ranks cache |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
269 |
generate_ranks_cache(); |
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
270 |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
271 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>'; |
0 | 272 |
break; |
273 |
} |
|
274 |
} |
|
275 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
276 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff ) |
0 | 277 |
{ |
278 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); |
|
279 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
280 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
281 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>'; |
0 | 282 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
283 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 284 |
FROM '.table_prefix.'users AS u |
285 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
286 |
ON ( m.user_id = u.user_id ) |
|
287 |
LEFT JOIN '.table_prefix.'comments AS c |
|
288 |
ON ( c.name = u.username ) |
|
289 |
WHERE m.group_id=' . $gid . ' |
|
290 |
AND m.pending!=1 |
|
291 |
AND u.user_id=' . $session->user_id . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
292 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 293 |
ORDER BY m.is_mod DESC,u.username ASC |
294 |
LIMIT 1;'); |
|
295 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
296 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 297 |
|
298 |
$r = $db->fetchrow(); |
|
299 |
$members[] = $r; |
|
300 |
$db->free_result(); |
|
301 |
||
302 |
} |
|
303 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
304 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff ) |
0 | 305 |
{ |
306 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); |
|
307 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
308 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
309 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>'; |
0 | 310 |
} |
311 |
||
312 |
$state_btns = ( $can_do_admin_stuff ) ? |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
313 |
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
314 |
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
315 |
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
316 |
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>' |
0 | 317 |
: $g_state; |
318 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member ) |
|
319 |
{ |
|
320 |
if ( $is_pending ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
321 |
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending'); |
0 | 322 |
else |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
323 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />'; |
0 | 324 |
} |
325 |
||
326 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member ) |
|
327 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
328 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />'; |
0 | 329 |
} |
330 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
331 |
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
332 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
333 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
334 |
$row['group_name'] = $str; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
335 |
|
0 | 336 |
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data"> |
337 |
<div class="tblholder"> |
|
338 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
339 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
340 |
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th> |
0 | 341 |
</tr> |
342 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
343 |
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
344 |
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td> |
0 | 345 |
</tr> |
346 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
347 |
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td> |
0 | 348 |
<td class="row1">' . $status . '</td> |
349 |
</tr> |
|
350 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
351 |
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td> |
0 | 352 |
<td class="row1">' . $state_btns . '</td> |
353 |
</tr> |
|
354 |
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? ' |
|
355 |
<tr> |
|
356 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
357 |
<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> |
0 | 358 |
</th> |
359 |
</tr> |
|
360 |
' : '' ) . ' |
|
361 |
</table> |
|
362 |
</div> |
|
363 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
364 |
</form>'; |
|
365 |
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff ) |
|
366 |
{ |
|
367 |
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data"> |
|
368 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
369 |
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2> |
0 | 370 |
<div class="tblholder"> |
371 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
372 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
373 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
374 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
375 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
376 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
377 |
<th>' . $lang->get('groupcp_th_select') . '</th> |
0 | 378 |
</tr>'; |
379 |
$cls = 'row2'; |
|
380 |
foreach ( $pending as $member ) |
|
381 |
{ |
|
382 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
383 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 384 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
385 |
$addy = $email->encryptEmail($member['email']); |
|
386 |
||
387 |
echo "<tr> |
|
388 |
<td class='{$cls}'>{$member['username']}</td> |
|
389 |
<td class='{$cls}'>{$addy}</td> |
|
390 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
391 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 392 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td> |
393 |
</tr>"; |
|
394 |
} |
|
395 |
echo '</table> |
|
396 |
</div> |
|
397 |
<div style="margin: 10px 0 0 auto;"> |
|
398 |
With selected: |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
399 |
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" /> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
400 |
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" /> |
0 | 401 |
</div> |
402 |
</form>'; |
|
403 |
} |
|
404 |
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
405 |
<h2>' . $lang->get('groupcp_th_group_members') . '</h2> |
0 | 406 |
<div class="tblholder"> |
407 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
408 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
409 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
410 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
411 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
412 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
413 |
' . ( ( $can_do_admin_stuff ) ? ' |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
414 |
<th>' . $lang->get('groupcp_th_remove') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
415 |
' : '' ) . ' |
0 | 416 |
</tr> |
417 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
418 |
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th> |
0 | 419 |
</tr>'; |
420 |
$mod_printed = false; |
|
421 |
$mem_printed = false; |
|
422 |
$cls = 'row2'; |
|
423 |
||
424 |
foreach ( $members as $member ) |
|
425 |
{ |
|
426 |
if ( $member['is_mod'] != 1 ) |
|
427 |
break; |
|
428 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
429 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 430 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
431 |
$addy = $email->encryptEmail($member['email']); |
|
432 |
||
433 |
$mod_printed = true; |
|
434 |
||
435 |
echo "<tr> |
|
436 |
<td class='{$cls}'>{$member['username']}</td> |
|
437 |
<td class='{$cls}'>{$addy}</td> |
|
438 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
439 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 440 |
" . ( ( $can_do_admin_stuff ) ? " |
441 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
442 |
" : '' ) . " |
|
443 |
</tr>"; |
|
444 |
} |
|
445 |
if (!$mod_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
446 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>'; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
447 |
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>'; |
0 | 448 |
foreach ( $members as $member ) |
449 |
{ |
|
450 |
if ( $member['is_mod'] == 1 ) |
|
451 |
continue; |
|
452 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
453 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 454 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
455 |
$addy = $email->encryptEmail($member['email']); |
|
456 |
||
457 |
$mem_printed = true; |
|
458 |
||
459 |
echo "<tr> |
|
460 |
<td class='{$cls}'>{$member['username']}</td> |
|
461 |
<td class='{$cls}'>{$addy}</td> |
|
462 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
463 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 464 |
" . ( ( $can_do_admin_stuff ) ? " |
465 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
466 |
" : '' ) . " |
|
467 |
</tr>"; |
|
468 |
} |
|
469 |
if (!$mem_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
470 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>'; |
0 | 471 |
echo ' </table> |
472 |
</div>'; |
|
473 |
if ( $can_do_admin_stuff ) |
|
474 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
475 |
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>"; |
0 | 476 |
} |
477 |
echo '<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
478 |
</form>'; |
|
479 |
if ( $can_do_admin_stuff ) |
|
480 |
{ |
|
481 |
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;"> |
|
482 |
<div class="tblholder"> |
|
483 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
484 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
485 |
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th> |
0 | 486 |
</tr> |
487 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
488 |
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td> |
0 | 489 |
</tr> |
490 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
491 |
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td> |
0 | 492 |
</tr> |
493 |
<tr> |
|
494 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
495 |
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" /> |
0 | 496 |
</th> |
497 |
</tr> |
|
498 |
</table> |
|
499 |
</div> |
|
500 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
501 |
</form>'; |
|
502 |
} |
|
503 |
} |
|
504 |
else |
|
505 |
{ |
|
506 |
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
507 |
echo '<div class="tblholder"> |
|
508 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
509 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
510 |
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th> |
0 | 511 |
</tr> |
512 |
<tr> |
|
30 | 513 |
<td class="row2" style="text-align: right; width: 50%;"> |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
514 |
' . $lang->get('groupcp_lbl_current_memberships') . ' |
0 | 515 |
</td> |
30 | 516 |
<td class="row1" style="width: 50%;">'; |
0 | 517 |
$taboo = Array('Everyone'); |
30 | 518 |
if ( sizeof ( $session->groups ) > count($taboo) ) |
0 | 519 |
{ |
520 |
echo '<select name="group_id">'; |
|
521 |
foreach ( $session->groups as $id => $group ) |
|
522 |
{ |
|
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
523 |
$taboo[] = $db->escape($group); |
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
524 |
$group = htmlspecialchars($group); |
0 | 525 |
if ( $group != 'Everyone' ) |
526 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
527 |
$g_name_local = 'groupcp_grp_' . strtolower($group); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
528 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
529 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
530 |
$group = $str; |
0 | 531 |
echo '<option value="' . $id . '">' . $group . '</option>'; |
532 |
} |
|
533 |
} |
|
534 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
535 |
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />'; |
0 | 536 |
} |
537 |
else |
|
538 |
{ |
|
539 |
echo 'None'; |
|
540 |
} |
|
541 |
||
542 |
echo '</td> |
|
543 |
</tr>'; |
|
544 |
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\''; |
|
545 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;'); |
|
546 |
if(!$q) |
|
547 |
{ |
|
548 |
echo $db->get_error(); |
|
549 |
$template->footer(); |
|
550 |
return; |
|
551 |
} |
|
552 |
if($db->numrows() > 0) |
|
553 |
{ |
|
554 |
echo '<tr> |
|
555 |
<td class="row2" style="text-align: right;"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
556 |
' . $lang->get('groupcp_lbl_non_memberships') . ' |
0 | 557 |
</td> |
558 |
<td class="row1"> |
|
559 |
<select name="group_id_n">'; |
|
560 |
while ( $row = $db->fetchrow() ) |
|
561 |
{ |
|
562 |
if ( $row['group_name'] != 'Everyone' ) |
|
563 |
{ |
|
357 | 564 |
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>'; |
0 | 565 |
} |
566 |
} |
|
567 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
568 |
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" /> |
0 | 569 |
</td> |
570 |
</tr> |
|
571 |
'; |
|
572 |
} |
|
573 |
$db->free_result(); |
|
574 |
echo '</table> |
|
575 |
</div> |
|
576 |
</form>'; |
|
577 |
} |
|
578 |
$template->footer(); |
|
579 |
} |
|
580 |
||
581 |
?> |