347
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
+ − 5
* Version 1.1.4 (Caoineag alpha 4)
+ − 6
* Copyright (C) 2006-2008 Dan Fuhry
347
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
// Usergroup editor
+ − 16
+ − 17
function page_Admin_GroupManager()
+ − 18
{
+ − 19
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 20
global $lang;
+ − 21
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 22
{
+ − 23
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ − 24
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ − 25
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
+ − 26
return;
+ − 27
}
+ − 28
+ − 29
if(isset($_POST['do_create_stage1']))
+ − 30
{
+ − 31
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 32
{
+ − 33
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 34
return;
+ − 35
}
+ − 36
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 37
echo '<div class="tblholder">
+ − 38
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 39
<tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr>
+ − 40
<tr>
+ − 41
<td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 42
</tr>
+ − 43
<tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2">
+ − 44
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br />
+ − 45
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br />
+ − 46
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br />
+ − 47
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label>
+ − 48
</td></tr>
+ − 49
<tr>
+ − 50
<th class="subhead" colspan="2">
+ − 51
<input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" />
+ − 52
<input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" />
+ − 53
</th>
+ − 54
</tr>
+ − 55
</table>
+ − 56
</div>';
+ − 57
echo '</form>';
+ − 58
return;
+ − 59
}
+ − 60
elseif(isset($_POST['do_create_stage2']))
+ − 61
{
+ − 62
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 63
{
+ − 64
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 65
return;
+ − 66
}
+ − 67
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 68
{
+ − 69
echo '<p>Hacking attempt</p>';
+ − 70
return;
+ − 71
}
+ − 72
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 73
if(!$e)
+ − 74
{
+ − 75
echo $db->get_error();
+ − 76
return;
+ − 77
}
+ − 78
if($db->numrows() > 0)
+ − 79
{
+ − 80
echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>';
+ − 81
return;
+ − 82
}
+ − 83
$db->free_result();
+ − 84
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 85
if(!$q)
+ − 86
{
+ − 87
echo $db->get_error();
+ − 88
return;
+ − 89
}
+ − 90
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 91
if(!$e)
+ − 92
{
+ − 93
echo $db->get_error();
+ − 94
return;
+ − 95
}
+ − 96
if($db->numrows() < 1)
+ − 97
{
+ − 98
echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>';
+ − 99
return;
+ − 100
}
+ − 101
$row = $db->fetchrow();
+ − 102
$id = $row['user_id'];
+ − 103
$db->free_result();
+ − 104
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 105
if(!$e)
+ − 106
{
+ − 107
echo $db->get_error();
+ − 108
return;
+ − 109
}
+ − 110
if($db->numrows() < 1)
+ − 111
{
+ − 112
echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>';
+ − 113
return;
+ − 114
}
+ − 115
$row = $db->fetchrow();
+ − 116
$gid = $row['group_id'];
+ − 117
$db->free_result();
+ − 118
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 119
if(!$e)
+ − 120
{
+ − 121
echo $db->get_error();
+ − 122
return;
+ − 123
}
+ − 124
$g_name = htmlspecialchars($_POST['create_group_name']);
+ − 125
echo "<div class='info-box'>
+ − 126
<b>" . $lang->get('acpug_heading_info') . "</b><br />
+ − 127
" . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . "
+ − 128
</div>";
+ − 129
}
+ − 130
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 131
{
+ − 132
// Fetch the group name
+ − 133
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 134
if(!$q)
+ − 135
{
+ − 136
echo $db->get_error();
+ − 137
return;
+ − 138
}
+ − 139
if($db->numrows() < 1)
+ − 140
{
+ − 141
echo '<p>Error: couldn\'t look up group name</p>';
+ − 142
}
+ − 143
$row = $db->fetchrow();
+ − 144
$name = htmlspecialchars($row['group_name']);
+ − 145
$db->free_result();
+ − 146
if(isset($_POST['edit_do']))
+ − 147
{
+ − 148
if(isset($_POST['edit_do']['del_group']))
+ − 149
{
+ − 150
if ( $row['system_group'] == 1 )
+ − 151
{
+ − 152
echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>';
+ − 153
}
+ − 154
else
+ − 155
{
+ − 156
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 157
if(!$q)
+ − 158
{
+ − 159
echo $db->get_error();
+ − 160
return;
+ − 161
}
+ − 162
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 163
if(!$q)
+ − 164
{
+ − 165
echo $db->get_error();
+ − 166
return;
+ − 167
}
+ − 168
echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>';
+ − 169
return;
+ − 170
}
+ − 171
}
+ − 172
if(isset($_POST['edit_do']['save_name']))
+ − 173
{
+ − 174
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 175
{
+ − 176
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 177
return;
+ − 178
}
+ − 179
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+ − 180
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 181
if(!$q)
+ − 182
{
+ − 183
echo $db->get_error();
+ − 184
return;
+ − 185
}
+ − 186
else
+ − 187
{
+ − 188
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 189
' . $lang->get('acpug_msg_name_update_success') . '
+ − 190
</div>';
+ − 191
}
+ − 192
$name = htmlspecialchars($_POST['group_name']);
+ − 193
+ − 194
}
+ − 195
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 196
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 197
if(!$q)
+ − 198
{
+ − 199
echo $db->get_error();
+ − 200
return;
+ − 201
}
+ − 202
if($db->numrows() > 0)
+ − 203
{
+ − 204
while($row = $db->fetchrow($q))
+ − 205
{
+ − 206
if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+ − 207
{
+ − 208
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+ − 209
if(!$e)
+ − 210
{
+ − 211
echo $db->get_error();
+ − 212
return;
+ − 213
}
+ − 214
}
+ − 215
}
+ − 216
}
+ − 217
$db->free_result();
+ − 218
if(isset($_POST['edit_do']['add_member']))
+ − 219
{
+ − 220
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 221
if(!$q)
+ − 222
{
+ − 223
echo $db->get_error();
+ − 224
return;
+ − 225
}
+ − 226
if($db->numrows() > 0)
+ − 227
{
+ − 228
$row = $db->fetchrow();
+ − 229
$user_id = $row['user_id'];
+ − 230
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 231
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 232
if(!$q)
+ − 233
{
+ − 234
echo $db->get_error();
+ − 235
return;
+ − 236
}
+ − 237
else
+ − 238
{
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 239
347
+ − 240
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 241
' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '
+ − 242
</div>';
+ − 243
}
+ − 244
}
+ − 245
else
+ − 246
echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>';
+ − 247
}
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 248
generate_cache_userranks();
347
+ − 249
}
+ − 250
$sg_disabled = ( $row['system_group'] == 1 ) ?
+ − 251
' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' :
+ − 252
' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" ';
+ − 253
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 254
echo '<div class="tblholder">
+ − 255
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 256
<tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr>
+ − 257
<tr>
+ − 258
<td class="row1">
+ − 259
' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" />
+ − 260
</td>
+ − 261
</tr>
+ − 262
<tr>
+ − 263
<th class="subhead">
+ − 264
<input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" />
+ − 265
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 266
</th>
+ − 267
</tr>
+ − 268
</table>
+ − 269
</div>
+ − 270
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 271
echo '</form>';
+ − 272
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 273
echo '<div class="tblholder">
+ − 274
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 275
<tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>';
+ − 276
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 277
LEFT JOIN '.table_prefix.'users AS u
+ − 278
ON u.user_id=m.user_id
+ − 279
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 280
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 281
if(!$q)
+ − 282
{
+ − 283
echo $db->get_error();
+ − 284
return;
+ − 285
}
+ − 286
if($db->numrows() < 1)
+ − 287
{
+ − 288
echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>';
+ − 289
}
+ − 290
else
+ − 291
{
+ − 292
$cls = 'row2';
+ − 293
while($row = $db->fetchrow())
+ − 294
{
+ − 295
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 296
$mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : '';
+ − 297
echo '<tr>
+ − 298
<td class="'.$cls.'" style="width: 100%;">
+ − 299
' . $row['username'] . '
+ − 300
</td>
+ − 301
<td class="'.$cls.'">
+ − 302
'.$mod.'
+ − 303
</td>
+ − 304
<td class="'.$cls.'">
+ − 305
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" />
+ − 306
</td>
+ − 307
</tr>';
+ − 308
}
+ − 309
}
+ − 310
$db->free_result();
+ − 311
echo '</table>
+ − 312
</div>
+ − 313
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 314
echo '</form>';
+ − 315
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 316
echo '<div class="tblholder">
+ − 317
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 318
<tr>
+ − 319
<th>' . $lang->get('acpug_heading_add_member') . '</th>
+ − 320
</tr>
+ − 321
<tr>
+ − 322
<td class="row1">
+ − 323
' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . '
+ − 324
</td>
+ − 325
</tr>
+ − 326
<tr>
+ − 327
<td class="row2">
+ − 328
<label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label>
+ − 329
' . $lang->get('acpug_field_make_mod_hint') . '
+ − 330
</td>
+ − 331
</tr>
+ − 332
<tr>
+ − 333
<th class="subhead">
+ − 334
<input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" />
+ − 335
</th>
+ − 336
</tr>
+ − 337
</table>
+ − 338
</div>
+ − 339
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 340
echo '</form>';
+ − 341
return;
+ − 342
}
+ − 343
echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>';
+ − 344
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 345
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 346
if(!$q)
+ − 347
{
+ − 348
echo $db->get_error();
+ − 349
}
+ − 350
else
+ − 351
{
+ − 352
echo '<div class="tblholder">
+ − 353
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 354
<tr>
+ − 355
<th>' . $lang->get('acpug_heading_edit_existing') . '</th>
+ − 356
</tr>';
+ − 357
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 358
while ( $row = $db->fetchrow() )
+ − 359
{
+ − 360
if ( $row['group_name'] != 'Everyone' )
+ − 361
{
+ − 362
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 363
}
+ − 364
}
+ − 365
$db->free_result();
+ − 366
echo '</select></td></tr>';
+ − 367
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr>
+ − 368
</table>
+ − 369
</div>
+ − 370
</form><br />';
+ − 371
}
+ − 372
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 373
echo '<div class="tblholder">
+ − 374
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 375
<tr>
+ − 376
<th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th>
+ − 377
</tr>';
+ − 378
echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 379
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' »" /></td></tr>
+ − 380
</table>
+ − 381
</div>';
+ − 382
echo '</form>';
+ − 383
}
+ − 384
+ − 385
?>