author | Dan |
Sat, 12 Apr 2008 17:57:58 -0400 | |
changeset 533 | 698a8f04957c |
parent 519 | 94214ec0871c |
child 536 | 218a627eb53e |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
2 |
/**!info** |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
3 |
{ |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialgroups_title", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
6 |
"Description" : "plugin_specialgroups_desc", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
8 |
"Version" : "1.1.3", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
10 |
} |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
11 |
**!*/ |
0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
504
bc8e0e9ee01d
Added support for embedding language data into plugins; updated all version numbers on plugin files
Dan
parents:
458
diff
changeset
|
15 |
* Version 1.1.3 (Caoineag alpha 3) |
0 | 16 |
* Copyright (C) 2007 Dan Fuhry |
17 |
* |
|
18 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
19 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
20 |
* |
|
21 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
22 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
23 |
*/ |
|
24 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
25 |
$plugins->attachHook('session_started', ' |
0 | 26 |
global $paths; |
27 |
$paths->add_page(Array( |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
28 |
\'name\'=>\'specialpage_groupcp\', |
0 | 29 |
\'urlname\'=>\'Usergroups\', |
30 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
85
diff
changeset
|
31 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 32 |
)); |
33 |
'); |
|
34 |
||
35 |
function page_Special_Usergroups() |
|
36 |
{ |
|
37 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
38 |
global $email; // Import e-mail encryption functions |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
39 |
global $lang; |
0 | 40 |
|
41 |
if ( !$session->user_logged_in ) |
|
42 |
{ |
|
43 |
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page)); |
|
44 |
$db->close(); |
|
45 |
exit; |
|
46 |
} |
|
47 |
||
48 |
$template->header(); |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
49 |
userprefs_show_menu(); |
0 | 50 |
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) ) |
51 |
{ |
|
52 |
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); |
|
53 |
if ( empty($gid) || $gid < 1 ) |
|
54 |
{ |
|
55 |
die_friendly('Error', '<p>Hacking attempt</p>'); |
|
56 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
57 |
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); |
0 | 58 |
if ( !$q ) |
59 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
60 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 61 |
} |
62 |
$row = $db->fetchrow(); |
|
63 |
$db->free_result(); |
|
64 |
$members = array(); |
|
65 |
$pending = array(); |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
66 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments |
0 | 67 |
FROM '.table_prefix.'users AS u |
68 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
69 |
ON ( m.user_id = u.user_id ) |
|
70 |
LEFT JOIN '.table_prefix.'comments AS c |
|
71 |
ON ( c.name = u.username ) |
|
72 |
WHERE m.group_id=' . $gid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
73 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending |
0 | 74 |
ORDER BY m.is_mod DESC,u.username ASC;'); |
75 |
if ( !$q ) |
|
76 |
{ |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
77 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 78 |
} |
79 |
||
80 |
$is_member = false; |
|
81 |
$is_mod = false; |
|
82 |
$is_pending = false; |
|
83 |
||
84 |
while ( $mr = $db->fetchrow() ) |
|
85 |
{ |
|
86 |
if ( $mr['pending'] == 1 ) |
|
87 |
{ |
|
88 |
$pending[] = $mr; |
|
89 |
if ( $mr['user_id'] == $session->user_id ) |
|
90 |
{ |
|
91 |
$is_pending = true; |
|
92 |
} |
|
93 |
} |
|
94 |
else |
|
95 |
{ |
|
96 |
$members[] = $mr; |
|
97 |
if ( $mr['user_id'] == $session->user_id ) |
|
98 |
{ |
|
99 |
$is_member = true; |
|
100 |
if ( $mr['is_mod'] == 1 ) |
|
101 |
{ |
|
102 |
$is_mod = true; |
|
103 |
} |
|
104 |
} |
|
105 |
} |
|
106 |
} |
|
107 |
||
108 |
$status = ( $is_member && $is_mod ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
109 |
? $lang->get('groupcp_status_mod') |
0 | 110 |
: ( ( $is_member && !$is_mod ) |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
111 |
? $lang->get('groupcp_status_member') |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
112 |
: $lang->get('groupcp_status_not_member') |
0 | 113 |
); |
114 |
||
115 |
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ); |
|
116 |
||
117 |
switch ( $row['group_type'] ) |
|
118 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
119 |
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
120 |
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
121 |
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
122 |
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break; |
0 | 123 |
} |
124 |
||
125 |
if ( isset($_GET['act']) && $can_do_admin_stuff ) |
|
126 |
{ |
|
127 |
switch($_GET['act']) |
|
128 |
{ |
|
129 |
case 'update': |
|
130 |
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
131 |
{ |
|
132 |
die_friendly('ERROR', '<p>Hacking attempt</p>'); |
|
133 |
} |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
134 |
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
135 |
if ( !$q ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
136 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
137 |
$error = false; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
138 |
if ( $db->numrows() < 1 ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
139 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
140 |
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>'; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
141 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
142 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
143 |
$r = $db->fetchrow(); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
144 |
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
145 |
{ |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
146 |
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
147 |
$error = true; |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
148 |
} |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
149 |
if ( !$error ) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
150 |
{ |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
151 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
152 |
if (!$q) |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
153 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
154 |
$row['group_type'] = $_POST['group_state']; |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
155 |
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>'; |
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
156 |
} |
0 | 157 |
break; |
158 |
case 'adduser': |
|
159 |
$username = $_POST['add_username']; |
|
160 |
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; |
|
161 |
||
162 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); |
|
163 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
164 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 165 |
if ($db->numrows() < 1) |
166 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
167 |
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>'; |
0 | 168 |
break; |
169 |
} |
|
170 |
$r = $db->fetchrow(); |
|
171 |
$db->free_result(); |
|
172 |
$uid = intval($r['user_id']); |
|
173 |
||
174 |
// Check if the user is already in the group, and if so, only update modship |
|
175 |
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); |
|
176 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
177 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 178 |
if ( $db->numrows() > 0 ) |
179 |
{ |
|
180 |
$r = $db->fetchrow(); |
|
181 |
if ( (string) $r['is_mod'] != $mod ) |
|
182 |
{ |
|
183 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); |
|
184 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
185 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 186 |
foreach ( $members as $i => $member ) |
187 |
{ |
|
188 |
if ( $member['member_id'] == $r['member_id'] ) |
|
189 |
$members[$i]['is_mod'] = (int)$mod; |
|
190 |
} |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
191 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>'; |
0 | 192 |
} |
193 |
else |
|
194 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
195 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>'; |
0 | 196 |
} |
197 |
break; |
|
198 |
} |
|
199 |
||
200 |
$db->free_result(); |
|
201 |
||
202 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); |
|
203 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
204 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
205 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>'; |
0 | 206 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
207 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 208 |
FROM '.table_prefix.'users AS u |
209 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
210 |
ON ( m.user_id = u.user_id ) |
|
211 |
LEFT JOIN '.table_prefix.'comments AS c |
|
212 |
ON ( c.name = u.username ) |
|
213 |
WHERE m.group_id=' . $gid . ' |
|
214 |
AND m.pending!=1 |
|
215 |
AND u.user_id=' . $uid . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
216 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 217 |
ORDER BY m.is_mod DESC,u.username ASC |
218 |
LIMIT 1;'); |
|
219 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
220 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 221 |
|
222 |
$r = $db->fetchrow(); |
|
223 |
$members[] = $r; |
|
224 |
$db->free_result(); |
|
225 |
||
226 |
break; |
|
227 |
case 'del_users': |
|
228 |
foreach ( $members as $i => $member ) |
|
229 |
{ |
|
230 |
if ( isset($_POST['del_user'][$member['member_id']]) ) |
|
231 |
{ |
|
232 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
233 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
234 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 235 |
unset($members[$i]); |
236 |
} |
|
237 |
} |
|
238 |
break; |
|
239 |
case 'pending': |
|
240 |
foreach ( $pending as $i => $member ) |
|
241 |
{ |
|
242 |
if ( isset( $_POST['with_user'][$member['member_id']]) ) |
|
243 |
{ |
|
244 |
if ( isset ( $_POST['do_appr_pending'] ) ) |
|
245 |
{ |
|
246 |
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); |
|
247 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
248 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 249 |
$members[] = $member; |
250 |
unset($pending[$i]); |
|
251 |
continue; |
|
252 |
} |
|
253 |
elseif ( isset ( $_POST['do_reject_pending'] ) ) |
|
254 |
{ |
|
255 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
|
256 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
257 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 258 |
unset($pending[$i]); |
259 |
} |
|
260 |
} |
|
261 |
} |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
262 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>'; |
0 | 263 |
break; |
264 |
} |
|
265 |
} |
|
266 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
267 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff ) |
0 | 268 |
{ |
269 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); |
|
270 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
271 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
272 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>'; |
0 | 273 |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
274 |
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments |
0 | 275 |
FROM '.table_prefix.'users AS u |
276 |
LEFT JOIN '.table_prefix.'group_members AS m |
|
277 |
ON ( m.user_id = u.user_id ) |
|
278 |
LEFT JOIN '.table_prefix.'comments AS c |
|
279 |
ON ( c.name = u.username ) |
|
280 |
WHERE m.group_id=' . $gid . ' |
|
281 |
AND m.pending!=1 |
|
282 |
AND u.user_id=' . $session->user_id . ' |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
283 |
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod |
0 | 284 |
ORDER BY m.is_mod DESC,u.username ASC |
285 |
LIMIT 1;'); |
|
286 |
if ( !$q ) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
287 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
0 | 288 |
|
289 |
$r = $db->fetchrow(); |
|
290 |
$members[] = $r; |
|
291 |
$db->free_result(); |
|
292 |
||
293 |
} |
|
294 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
295 |
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff ) |
0 | 296 |
{ |
297 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); |
|
298 |
if (!$q) |
|
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents:
192
diff
changeset
|
299 |
$db->_die('SpecialGroups.php, line ' . __LINE__); |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
300 |
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>'; |
0 | 301 |
} |
302 |
||
303 |
$state_btns = ( $can_do_admin_stuff ) ? |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
304 |
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
305 |
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
306 |
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
307 |
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>' |
0 | 308 |
: $g_state; |
309 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member ) |
|
310 |
{ |
|
311 |
if ( $is_pending ) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
312 |
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending'); |
0 | 313 |
else |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
314 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />'; |
0 | 315 |
} |
316 |
||
317 |
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member ) |
|
318 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
319 |
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />'; |
0 | 320 |
} |
321 |
||
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
322 |
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
323 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
324 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
325 |
$row['group_name'] = $str; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
326 |
|
0 | 327 |
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data"> |
328 |
<div class="tblholder"> |
|
329 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
330 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
331 |
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th> |
0 | 332 |
</tr> |
333 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
334 |
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
335 |
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td> |
0 | 336 |
</tr> |
337 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
338 |
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td> |
0 | 339 |
<td class="row1">' . $status . '</td> |
340 |
</tr> |
|
341 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
342 |
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td> |
0 | 343 |
<td class="row1">' . $state_btns . '</td> |
344 |
</tr> |
|
345 |
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? ' |
|
346 |
<tr> |
|
347 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
348 |
<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> |
0 | 349 |
</th> |
350 |
</tr> |
|
351 |
' : '' ) . ' |
|
352 |
</table> |
|
353 |
</div> |
|
354 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
355 |
</form>'; |
|
356 |
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff ) |
|
357 |
{ |
|
358 |
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data"> |
|
359 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
360 |
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2> |
0 | 361 |
<div class="tblholder"> |
362 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
363 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
364 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
365 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
366 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
367 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
368 |
<th>' . $lang->get('groupcp_th_select') . '</th> |
0 | 369 |
</tr>'; |
370 |
$cls = 'row2'; |
|
371 |
foreach ( $pending as $member ) |
|
372 |
{ |
|
373 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
374 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 375 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
376 |
$addy = $email->encryptEmail($member['email']); |
|
377 |
||
378 |
echo "<tr> |
|
379 |
<td class='{$cls}'>{$member['username']}</td> |
|
380 |
<td class='{$cls}'>{$addy}</td> |
|
381 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
382 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 383 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td> |
384 |
</tr>"; |
|
385 |
} |
|
386 |
echo '</table> |
|
387 |
</div> |
|
388 |
<div style="margin: 10px 0 0 auto;"> |
|
389 |
With selected: |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
390 |
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" /> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
391 |
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" /> |
0 | 392 |
</div> |
393 |
</form>'; |
|
394 |
} |
|
395 |
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
396 |
<h2>' . $lang->get('groupcp_th_group_members') . '</h2> |
0 | 397 |
<div class="tblholder"> |
398 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
399 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
400 |
<th>' . $lang->get('groupcp_th_username') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
401 |
<th>' . $lang->get('groupcp_th_email') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
402 |
<th>' . $lang->get('groupcp_th_reg_time') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
403 |
<th>' . $lang->get('groupcp_th_comments') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
404 |
' . ( ( $can_do_admin_stuff ) ? ' |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
405 |
<th>' . $lang->get('groupcp_th_remove') . '</th> |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
406 |
' : '' ) . ' |
0 | 407 |
</tr> |
408 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
409 |
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th> |
0 | 410 |
</tr>'; |
411 |
$mod_printed = false; |
|
412 |
$mem_printed = false; |
|
413 |
$cls = 'row2'; |
|
414 |
||
415 |
foreach ( $members as $member ) |
|
416 |
{ |
|
417 |
if ( $member['is_mod'] != 1 ) |
|
418 |
break; |
|
419 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
420 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 421 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
422 |
$addy = $email->encryptEmail($member['email']); |
|
423 |
||
424 |
$mod_printed = true; |
|
425 |
||
426 |
echo "<tr> |
|
427 |
<td class='{$cls}'>{$member['username']}</td> |
|
428 |
<td class='{$cls}'>{$addy}</td> |
|
429 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
430 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 431 |
" . ( ( $can_do_admin_stuff ) ? " |
432 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
433 |
" : '' ) . " |
|
434 |
</tr>"; |
|
435 |
} |
|
436 |
if (!$mod_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
437 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>'; |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
438 |
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>'; |
0 | 439 |
foreach ( $members as $member ) |
440 |
{ |
|
441 |
if ( $member['is_mod'] == 1 ) |
|
442 |
continue; |
|
443 |
||
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
444 |
$date = enano_date('F d, Y', $member['reg_time']); |
0 | 445 |
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; |
446 |
$addy = $email->encryptEmail($member['email']); |
|
447 |
||
448 |
$mem_printed = true; |
|
449 |
||
450 |
echo "<tr> |
|
451 |
<td class='{$cls}'>{$member['username']}</td> |
|
452 |
<td class='{$cls}'>{$addy}</td> |
|
453 |
<td class='{$cls}'>{$date}</td> |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
317
diff
changeset
|
454 |
<td class='{$cls}'>{$member['num_comments']}</td> |
0 | 455 |
" . ( ( $can_do_admin_stuff ) ? " |
456 |
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> |
|
457 |
" : '' ) . " |
|
458 |
</tr>"; |
|
459 |
} |
|
460 |
if (!$mem_printed) |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
461 |
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>'; |
0 | 462 |
echo ' </table> |
463 |
</div>'; |
|
464 |
if ( $can_do_admin_stuff ) |
|
465 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
466 |
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>"; |
0 | 467 |
} |
468 |
echo '<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
469 |
</form>'; |
|
470 |
if ( $can_do_admin_stuff ) |
|
471 |
{ |
|
472 |
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;"> |
|
473 |
<div class="tblholder"> |
|
474 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
475 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
476 |
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th> |
0 | 477 |
</tr> |
478 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
479 |
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td> |
0 | 480 |
</tr> |
481 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
482 |
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td> |
0 | 483 |
</tr> |
484 |
<tr> |
|
485 |
<th class="subhead" colspan="2"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
486 |
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" /> |
0 | 487 |
</th> |
488 |
</tr> |
|
489 |
</table> |
|
490 |
</div> |
|
491 |
<input name="group_id" value="' . $gid . '" type="hidden" /> |
|
492 |
</form>'; |
|
493 |
} |
|
494 |
} |
|
495 |
else |
|
496 |
{ |
|
497 |
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
498 |
echo '<div class="tblholder"> |
|
499 |
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> |
|
500 |
<tr> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
501 |
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th> |
0 | 502 |
</tr> |
503 |
<tr> |
|
30 | 504 |
<td class="row2" style="text-align: right; width: 50%;"> |
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
505 |
' . $lang->get('groupcp_lbl_current_memberships') . ' |
0 | 506 |
</td> |
30 | 507 |
<td class="row1" style="width: 50%;">'; |
0 | 508 |
$taboo = Array('Everyone'); |
30 | 509 |
if ( sizeof ( $session->groups ) > count($taboo) ) |
0 | 510 |
{ |
511 |
echo '<select name="group_id">'; |
|
512 |
foreach ( $session->groups as $id => $group ) |
|
513 |
{ |
|
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
514 |
$taboo[] = $db->escape($group); |
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
parents:
322
diff
changeset
|
515 |
$group = htmlspecialchars($group); |
0 | 516 |
if ( $group != 'Everyone' ) |
517 |
{ |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
518 |
$g_name_local = 'groupcp_grp_' . strtolower($group); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
519 |
$str = $lang->get($g_name_local); |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
520 |
if ( $str != $g_name_local ) |
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
521 |
$group = $str; |
0 | 522 |
echo '<option value="' . $id . '">' . $group . '</option>'; |
523 |
} |
|
524 |
} |
|
525 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
526 |
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />'; |
0 | 527 |
} |
528 |
else |
|
529 |
{ |
|
530 |
echo 'None'; |
|
531 |
} |
|
532 |
||
533 |
echo '</td> |
|
534 |
</tr>'; |
|
535 |
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\''; |
|
536 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;'); |
|
537 |
if(!$q) |
|
538 |
{ |
|
539 |
echo $db->get_error(); |
|
540 |
$template->footer(); |
|
541 |
return; |
|
542 |
} |
|
543 |
if($db->numrows() > 0) |
|
544 |
{ |
|
545 |
echo '<tr> |
|
546 |
<td class="row2" style="text-align: right;"> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
547 |
' . $lang->get('groupcp_lbl_non_memberships') . ' |
0 | 548 |
</td> |
549 |
<td class="row1"> |
|
550 |
<select name="group_id_n">'; |
|
551 |
while ( $row = $db->fetchrow() ) |
|
552 |
{ |
|
553 |
if ( $row['group_name'] != 'Everyone' ) |
|
554 |
{ |
|
357 | 555 |
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>'; |
0 | 556 |
} |
557 |
} |
|
558 |
echo '</select> |
|
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents:
322
diff
changeset
|
559 |
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" /> |
0 | 560 |
</td> |
561 |
</tr> |
|
562 |
'; |
|
563 |
} |
|
564 |
$db->free_result(); |
|
565 |
echo '</table> |
|
566 |
</div> |
|
567 |
</form>'; |
|
568 |
} |
|
569 |
$template->footer(); |
|
570 |
} |
|
571 |
||
572 |
?> |