author | Dan |
Sat, 07 Jun 2008 12:43:19 -0400 | |
changeset 560 | 8981dcf7d485 |
parent 541 | acb7e23b6ffa |
child 573 | 43e7254afdb4 |
permissions | -rw-r--r-- |
347 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
536 | 5 |
* Version 1.1.4 (Caoineag alpha 4) |
6 |
* Copyright (C) 2006-2008 Dan Fuhry |
|
347 | 7 |
* |
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
// Usergroup editor |
|
16 |
||
17 |
function page_Admin_GroupManager() |
|
18 |
{ |
|
19 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
20 |
global $lang; |
|
21 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
22 |
{ |
|
23 |
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
|
24 |
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
|
25 |
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
|
26 |
return; |
|
27 |
} |
|
28 |
||
29 |
if(isset($_POST['do_create_stage1'])) |
|
30 |
{ |
|
31 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
32 |
{ |
|
33 |
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; |
|
34 |
return; |
|
35 |
} |
|
36 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
37 |
echo '<div class="tblholder"> |
|
38 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
39 |
<tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr> |
|
40 |
<tr> |
|
41 |
<td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td> |
|
42 |
</tr> |
|
43 |
<tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2"> |
|
44 |
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br /> |
|
45 |
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br /> |
|
46 |
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br /> |
|
47 |
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label> |
|
48 |
</td></tr> |
|
49 |
<tr> |
|
50 |
<th class="subhead" colspan="2"> |
|
51 |
<input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" /> |
|
52 |
<input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" /> |
|
53 |
</th> |
|
54 |
</tr> |
|
55 |
</table> |
|
56 |
</div>'; |
|
57 |
echo '</form>'; |
|
58 |
return; |
|
59 |
} |
|
60 |
elseif(isset($_POST['do_create_stage2'])) |
|
61 |
{ |
|
62 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
63 |
{ |
|
64 |
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; |
|
65 |
return; |
|
66 |
} |
|
67 |
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
68 |
{ |
|
69 |
echo '<p>Hacking attempt</p>'; |
|
70 |
return; |
|
71 |
} |
|
72 |
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
73 |
if(!$e) |
|
74 |
{ |
|
75 |
echo $db->get_error(); |
|
76 |
return; |
|
77 |
} |
|
78 |
if($db->numrows() > 0) |
|
79 |
{ |
|
80 |
echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>'; |
|
81 |
return; |
|
82 |
} |
|
83 |
$db->free_result(); |
|
84 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); |
|
85 |
if(!$q) |
|
86 |
{ |
|
87 |
echo $db->get_error(); |
|
88 |
return; |
|
89 |
} |
|
90 |
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); |
|
91 |
if(!$e) |
|
92 |
{ |
|
93 |
echo $db->get_error(); |
|
94 |
return; |
|
95 |
} |
|
96 |
if($db->numrows() < 1) |
|
97 |
{ |
|
98 |
echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>'; |
|
99 |
return; |
|
100 |
} |
|
101 |
$row = $db->fetchrow(); |
|
102 |
$id = $row['user_id']; |
|
103 |
$db->free_result(); |
|
104 |
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
105 |
if(!$e) |
|
106 |
{ |
|
107 |
echo $db->get_error(); |
|
108 |
return; |
|
109 |
} |
|
110 |
if($db->numrows() < 1) |
|
111 |
{ |
|
112 |
echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>'; |
|
113 |
return; |
|
114 |
} |
|
115 |
$row = $db->fetchrow(); |
|
116 |
$gid = $row['group_id']; |
|
117 |
$db->free_result(); |
|
118 |
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); |
|
119 |
if(!$e) |
|
120 |
{ |
|
121 |
echo $db->get_error(); |
|
122 |
return; |
|
123 |
} |
|
124 |
$g_name = htmlspecialchars($_POST['create_group_name']); |
|
125 |
echo "<div class='info-box'> |
|
126 |
<b>" . $lang->get('acpug_heading_info') . "</b><br /> |
|
127 |
" . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . " |
|
128 |
</div>"; |
|
129 |
} |
|
130 |
if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) |
|
131 |
{ |
|
132 |
// Fetch the group name |
|
133 |
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
134 |
if(!$q) |
|
135 |
{ |
|
136 |
echo $db->get_error(); |
|
137 |
return; |
|
138 |
} |
|
139 |
if($db->numrows() < 1) |
|
140 |
{ |
|
141 |
echo '<p>Error: couldn\'t look up group name</p>'; |
|
142 |
} |
|
143 |
$row = $db->fetchrow(); |
|
144 |
$name = htmlspecialchars($row['group_name']); |
|
145 |
$db->free_result(); |
|
146 |
if(isset($_POST['edit_do'])) |
|
147 |
{ |
|
148 |
if(isset($_POST['edit_do']['del_group'])) |
|
149 |
{ |
|
150 |
if ( $row['system_group'] == 1 ) |
|
151 |
{ |
|
152 |
echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>'; |
|
153 |
} |
|
154 |
else |
|
155 |
{ |
|
156 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
157 |
if(!$q) |
|
158 |
{ |
|
159 |
echo $db->get_error(); |
|
160 |
return; |
|
161 |
} |
|
162 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
163 |
if(!$q) |
|
164 |
{ |
|
165 |
echo $db->get_error(); |
|
166 |
return; |
|
167 |
} |
|
168 |
echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>'; |
|
169 |
return; |
|
170 |
} |
|
171 |
} |
|
172 |
if(isset($_POST['edit_do']['save_name'])) |
|
173 |
{ |
|
174 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) |
|
175 |
{ |
|
176 |
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; |
|
177 |
return; |
|
178 |
} |
|
179 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\' |
|
180 |
WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
181 |
if(!$q) |
|
182 |
{ |
|
183 |
echo $db->get_error(); |
|
184 |
return; |
|
185 |
} |
|
186 |
else |
|
187 |
{ |
|
188 |
echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
189 |
' . $lang->get('acpug_msg_name_update_success') . ' |
|
190 |
</div>'; |
|
191 |
} |
|
192 |
$name = htmlspecialchars($_POST['group_name']); |
|
193 |
||
194 |
} |
|
195 |
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members |
|
196 |
WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
197 |
if(!$q) |
|
198 |
{ |
|
199 |
echo $db->get_error(); |
|
200 |
return; |
|
201 |
} |
|
202 |
if($db->numrows() > 0) |
|
203 |
{ |
|
204 |
while($row = $db->fetchrow($q)) |
|
205 |
{ |
|
206 |
if(isset($_POST['edit_do']['del_' . $row['member_id']])) |
|
207 |
{ |
|
208 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']); |
|
209 |
if(!$e) |
|
210 |
{ |
|
211 |
echo $db->get_error(); |
|
212 |
return; |
|
213 |
} |
|
214 |
} |
|
215 |
} |
|
216 |
} |
|
217 |
$db->free_result(); |
|
218 |
if(isset($_POST['edit_do']['add_member'])) |
|
219 |
{ |
|
220 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); |
|
221 |
if(!$q) |
|
222 |
{ |
|
223 |
echo $db->get_error(); |
|
224 |
return; |
|
225 |
} |
|
226 |
if($db->numrows() > 0) |
|
227 |
{ |
|
228 |
$row = $db->fetchrow(); |
|
229 |
$user_id = $row['user_id']; |
|
230 |
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; |
|
231 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); |
|
232 |
if(!$q) |
|
233 |
{ |
|
234 |
echo $db->get_error(); |
|
235 |
return; |
|
236 |
} |
|
237 |
else |
|
238 |
{ |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
239 |
|
347 | 240 |
echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
241 |
' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . ' |
|
242 |
</div>'; |
|
243 |
} |
|
244 |
} |
|
245 |
else |
|
246 |
echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>'; |
|
247 |
} |
|
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
parents:
536
diff
changeset
|
248 |
generate_ranks_cache(); |
347 | 249 |
} |
250 |
$sg_disabled = ( $row['system_group'] == 1 ) ? |
|
251 |
' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' : |
|
252 |
' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" '; |
|
253 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
254 |
echo '<div class="tblholder"> |
|
255 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
256 |
<tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr> |
|
257 |
<tr> |
|
258 |
<td class="row1"> |
|
259 |
' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" /> |
|
260 |
</td> |
|
261 |
</tr> |
|
262 |
<tr> |
|
263 |
<th class="subhead"> |
|
264 |
<input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" /> |
|
265 |
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' /> |
|
266 |
</th> |
|
267 |
</tr> |
|
268 |
</table> |
|
269 |
</div> |
|
270 |
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
271 |
echo '</form>'; |
|
272 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
273 |
echo '<div class="tblholder"> |
|
274 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
275 |
<tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>'; |
|
276 |
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m |
|
277 |
LEFT JOIN '.table_prefix.'users AS u |
|
278 |
ON u.user_id=m.user_id |
|
279 |
WHERE m.group_id='.intval($_POST['group_edit_id']).' |
|
280 |
ORDER BY m.is_mod DESC, u.username ASC;'); |
|
281 |
if(!$q) |
|
282 |
{ |
|
283 |
echo $db->get_error(); |
|
284 |
return; |
|
285 |
} |
|
286 |
if($db->numrows() < 1) |
|
287 |
{ |
|
288 |
echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>'; |
|
289 |
} |
|
290 |
else |
|
291 |
{ |
|
292 |
$cls = 'row2'; |
|
293 |
while($row = $db->fetchrow()) |
|
294 |
{ |
|
295 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
296 |
$mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : ''; |
|
297 |
echo '<tr> |
|
298 |
<td class="'.$cls.'" style="width: 100%;"> |
|
299 |
' . $row['username'] . ' |
|
300 |
</td> |
|
301 |
<td class="'.$cls.'"> |
|
302 |
'.$mod.' |
|
303 |
</td> |
|
304 |
<td class="'.$cls.'"> |
|
305 |
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" /> |
|
306 |
</td> |
|
307 |
</tr>'; |
|
308 |
} |
|
309 |
} |
|
310 |
$db->free_result(); |
|
311 |
echo '</table> |
|
312 |
</div> |
|
313 |
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
314 |
echo '</form>'; |
|
315 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
316 |
echo '<div class="tblholder"> |
|
317 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
318 |
<tr> |
|
319 |
<th>' . $lang->get('acpug_heading_add_member') . '</th> |
|
320 |
</tr> |
|
321 |
<tr> |
|
322 |
<td class="row1"> |
|
323 |
' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . ' |
|
324 |
</td> |
|
325 |
</tr> |
|
326 |
<tr> |
|
327 |
<td class="row2"> |
|
328 |
<label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label> |
|
329 |
' . $lang->get('acpug_field_make_mod_hint') . ' |
|
330 |
</td> |
|
331 |
</tr> |
|
332 |
<tr> |
|
333 |
<th class="subhead"> |
|
334 |
<input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" /> |
|
335 |
</th> |
|
336 |
</tr> |
|
337 |
</table> |
|
338 |
</div> |
|
339 |
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
340 |
echo '</form>'; |
|
341 |
return; |
|
342 |
} |
|
343 |
echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>'; |
|
344 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
345 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); |
|
346 |
if(!$q) |
|
347 |
{ |
|
348 |
echo $db->get_error(); |
|
349 |
} |
|
350 |
else |
|
351 |
{ |
|
352 |
echo '<div class="tblholder"> |
|
353 |
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
354 |
<tr> |
|
355 |
<th>' . $lang->get('acpug_heading_edit_existing') . '</th> |
|
356 |
</tr>'; |
|
357 |
echo '<tr><td class="row2"><select name="group_edit_id">'; |
|
358 |
while ( $row = $db->fetchrow() ) |
|
359 |
{ |
|
360 |
if ( $row['group_name'] != 'Everyone' ) |
|
361 |
{ |
|
362 |
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>'; |
|
363 |
} |
|
364 |
} |
|
365 |
$db->free_result(); |
|
366 |
echo '</select></td></tr>'; |
|
367 |
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr> |
|
368 |
</table> |
|
369 |
</div> |
|
370 |
</form><br />'; |
|
371 |
} |
|
372 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
373 |
echo '<div class="tblholder"> |
|
374 |
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
375 |
<tr> |
|
376 |
<th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th> |
|
377 |
</tr>'; |
|
378 |
echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>'; |
|
379 |
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' »" /></td></tr> |
|
380 |
</table> |
|
381 |
</div>'; |
|
382 |
echo '</form>'; |
|
383 |
} |
|
384 |
||
385 |
?> |