1626 <input type="submit" name="install" value="Install this theme" /> |
1627 <input type="submit" name="install" value="Install this theme" /> |
1627 </p></form>'); |
1628 </p></form>'); |
1628 } else echo('<p>All themes are currently installed.</p>'); |
1629 } else echo('<p>All themes are currently installed.</p>'); |
1629 } |
1630 } |
1630 |
1631 |
1631 function page_Admin_GroupManager() |
1632 /* |
1632 { |
1633 * Admin:GroupManager sources are in /plugins/admin/GroupManager.php. |
1633 global $db, $session, $paths, $template, $plugins; // Common objects |
1634 */ |
1634 global $lang; |
|
1635 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1636 { |
|
1637 $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
|
1638 echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
|
1639 echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
|
1640 return; |
|
1641 } |
|
1642 |
|
1643 if(isset($_POST['do_create_stage1'])) |
|
1644 { |
|
1645 if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
1646 { |
|
1647 echo '<p>The group name you chose is invalid.</p>'; |
|
1648 return; |
|
1649 } |
|
1650 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1651 echo '<div class="tblholder"> |
|
1652 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1653 <tr><th colspan="2">Creating group: '.htmlspecialchars($_POST['create_group_name']).'</th></tr> |
|
1654 <tr> |
|
1655 <td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td> |
|
1656 </tr> |
|
1657 <tr><td class="row2">Group status</td><td class="row2"> |
|
1658 <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br /> |
|
1659 <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br /> |
|
1660 <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br /> |
|
1661 <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label> |
|
1662 </td></tr> |
|
1663 <tr> |
|
1664 <th class="subhead" colspan="2"> |
|
1665 <input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" /> |
|
1666 <input type="submit" name="do_create_stage2" value="Create group" /> |
|
1667 </th> |
|
1668 </tr> |
|
1669 </table> |
|
1670 </div>'; |
|
1671 echo '</form>'; |
|
1672 return; |
|
1673 } |
|
1674 elseif(isset($_POST['do_create_stage2'])) |
|
1675 { |
|
1676 if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
1677 { |
|
1678 echo '<p>The group name you chose is invalid.</p>'; |
|
1679 return; |
|
1680 } |
|
1681 if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
1682 { |
|
1683 echo '<p>Hacking attempt</p>'; |
|
1684 return; |
|
1685 } |
|
1686 $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
1687 if(!$e) |
|
1688 { |
|
1689 echo $db->get_error(); |
|
1690 return; |
|
1691 } |
|
1692 if($db->numrows() > 0) |
|
1693 { |
|
1694 echo '<p>The group name you entered already exists.</p>'; |
|
1695 return; |
|
1696 } |
|
1697 $db->free_result(); |
|
1698 $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); |
|
1699 if(!$q) |
|
1700 { |
|
1701 echo $db->get_error(); |
|
1702 return; |
|
1703 } |
|
1704 $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); |
|
1705 if(!$e) |
|
1706 { |
|
1707 echo $db->get_error(); |
|
1708 return; |
|
1709 } |
|
1710 if($db->numrows() < 1) |
|
1711 { |
|
1712 echo '<p>The username you entered could not be found.</p>'; |
|
1713 return; |
|
1714 } |
|
1715 $row = $db->fetchrow(); |
|
1716 $id = $row['user_id']; |
|
1717 $db->free_result(); |
|
1718 $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
1719 if(!$e) |
|
1720 { |
|
1721 echo $db->get_error(); |
|
1722 return; |
|
1723 } |
|
1724 if($db->numrows() < 1) |
|
1725 { |
|
1726 echo '<p>The group ID could not be looked up.</p>'; |
|
1727 return; |
|
1728 } |
|
1729 $row = $db->fetchrow(); |
|
1730 $gid = $row['group_id']; |
|
1731 $db->free_result(); |
|
1732 $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); |
|
1733 if(!$e) |
|
1734 { |
|
1735 echo $db->get_error(); |
|
1736 return; |
|
1737 } |
|
1738 $g_name = htmlspecialchars($_POST['create_group_name']); |
|
1739 echo "<div class='info-box'> |
|
1740 <b>Information</b><br /> |
|
1741 The group {$g_name} has been created successfully. |
|
1742 </div>"; |
|
1743 } |
|
1744 if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) |
|
1745 { |
|
1746 // Fetch the group name |
|
1747 $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1748 if(!$q) |
|
1749 { |
|
1750 echo $db->get_error(); |
|
1751 return; |
|
1752 } |
|
1753 if($db->numrows() < 1) |
|
1754 { |
|
1755 echo '<p>Error: couldn\'t look up group name</p>'; |
|
1756 } |
|
1757 $row = $db->fetchrow(); |
|
1758 $name = htmlspecialchars($row['group_name']); |
|
1759 $db->free_result(); |
|
1760 if(isset($_POST['edit_do'])) |
|
1761 { |
|
1762 if(isset($_POST['edit_do']['del_group'])) |
|
1763 { |
|
1764 if ( $row['system_group'] == 1 ) |
|
1765 { |
|
1766 echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>'; |
|
1767 } |
|
1768 else |
|
1769 { |
|
1770 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1771 if(!$q) |
|
1772 { |
|
1773 echo $db->get_error(); |
|
1774 return; |
|
1775 } |
|
1776 $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1777 if(!$q) |
|
1778 { |
|
1779 echo $db->get_error(); |
|
1780 return; |
|
1781 } |
|
1782 echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>'; |
|
1783 return; |
|
1784 } |
|
1785 } |
|
1786 if(isset($_POST['edit_do']['save_name'])) |
|
1787 { |
|
1788 if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) |
|
1789 { |
|
1790 echo '<p>The group name you chose is invalid.</p>'; |
|
1791 return; |
|
1792 } |
|
1793 $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\' |
|
1794 WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1795 if(!$q) |
|
1796 { |
|
1797 echo $db->get_error(); |
|
1798 return; |
|
1799 } |
|
1800 else |
|
1801 { |
|
1802 echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
1803 The group name has been updated. |
|
1804 </div>'; |
|
1805 } |
|
1806 $name = htmlspecialchars($_POST['group_name']); |
|
1807 |
|
1808 } |
|
1809 $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members |
|
1810 WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1811 if(!$q) |
|
1812 { |
|
1813 echo $db->get_error(); |
|
1814 return; |
|
1815 } |
|
1816 if($db->numrows() > 0) |
|
1817 { |
|
1818 while($row = $db->fetchrow($q)) |
|
1819 { |
|
1820 if(isset($_POST['edit_do']['del_' . $row['member_id']])) |
|
1821 { |
|
1822 $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']); |
|
1823 if(!$e) |
|
1824 { |
|
1825 echo $db->get_error(); |
|
1826 return; |
|
1827 } |
|
1828 } |
|
1829 } |
|
1830 } |
|
1831 $db->free_result(); |
|
1832 if(isset($_POST['edit_do']['add_member'])) |
|
1833 { |
|
1834 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); |
|
1835 if(!$q) |
|
1836 { |
|
1837 echo $db->get_error(); |
|
1838 return; |
|
1839 } |
|
1840 if($db->numrows() > 0) |
|
1841 { |
|
1842 $row = $db->fetchrow(); |
|
1843 $user_id = $row['user_id']; |
|
1844 $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; |
|
1845 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); |
|
1846 if(!$q) |
|
1847 { |
|
1848 echo $db->get_error(); |
|
1849 return; |
|
1850 } |
|
1851 else |
|
1852 { |
|
1853 echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
1854 The user "'.$_POST['edit_add_username'].'" has been added to this usergroup. |
|
1855 </div>'; |
|
1856 } |
|
1857 } |
|
1858 else |
|
1859 echo '<div class="warning-box"><b>The user "'.htmlspecialchars($_POST['edit_add_username']).'" could not be added.</b><br />This username does not exist.</div>'; |
|
1860 } |
|
1861 } |
|
1862 $sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" '; |
|
1863 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1864 echo '<div class="tblholder"> |
|
1865 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1866 <tr><th>Edit group name</th></tr> |
|
1867 <tr> |
|
1868 <td class="row1"> |
|
1869 Group name: <input type="text" name="group_name" value="'.$name.'" /> |
|
1870 </td> |
|
1871 </tr> |
|
1872 <tr> |
|
1873 <th class="subhead"> |
|
1874 <input type="submit" name="edit_do[save_name]" value="Save name" /> |
|
1875 <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' /> |
|
1876 </th> |
|
1877 </tr> |
|
1878 </table> |
|
1879 </div> |
|
1880 <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
1881 echo '</form>'; |
|
1882 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1883 echo '<div class="tblholder"> |
|
1884 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1885 <tr><th colspan="3">Edit group members</th></tr>'; |
|
1886 $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m |
|
1887 LEFT JOIN '.table_prefix.'users AS u |
|
1888 ON u.user_id=m.user_id |
|
1889 WHERE m.group_id='.intval($_POST['group_edit_id']).' |
|
1890 ORDER BY m.is_mod DESC, u.username ASC;'); |
|
1891 if(!$q) |
|
1892 { |
|
1893 echo $db->get_error(); |
|
1894 return; |
|
1895 } |
|
1896 if($db->numrows() < 1) |
|
1897 { |
|
1898 echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>'; |
|
1899 } |
|
1900 else |
|
1901 { |
|
1902 $cls = 'row2'; |
|
1903 while($row = $db->fetchrow()) |
|
1904 { |
|
1905 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1906 $mod = ( $row['is_mod'] == 1 ) ? 'Mod' : ''; |
|
1907 echo '<tr> |
|
1908 <td class="'.$cls.'" style="width: 100%;"> |
|
1909 ' . $row['username'] . ' |
|
1910 </td> |
|
1911 <td class="'.$cls.'"> |
|
1912 '.$mod.' |
|
1913 </td> |
|
1914 <td class="'.$cls.'"> |
|
1915 <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" /> |
|
1916 </td> |
|
1917 </tr>'; |
|
1918 } |
|
1919 } |
|
1920 $db->free_result(); |
|
1921 echo '</table> |
|
1922 </div> |
|
1923 <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
1924 echo '</form>'; |
|
1925 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1926 echo '<div class="tblholder"> |
|
1927 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1928 <tr> |
|
1929 <th>Add a new member</th> |
|
1930 </tr> |
|
1931 <tr> |
|
1932 <td class="row1"> |
|
1933 Username: ' . $template->username_field('edit_add_username') . ' |
|
1934 </td> |
|
1935 </tr> |
|
1936 <tr> |
|
1937 <td class="row2"> |
|
1938 <label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members) |
|
1939 </td> |
|
1940 </tr> |
|
1941 <tr> |
|
1942 <th class="subhead"> |
|
1943 <input type="submit" name="edit_do[add_member]" value="Add user to group" /> |
|
1944 </th> |
|
1945 </tr> |
|
1946 </table> |
|
1947 </div> |
|
1948 <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
1949 echo '</form>'; |
|
1950 return; |
|
1951 } |
|
1952 echo '<h3>Manage Usergroups</h3>'; |
|
1953 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1954 $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); |
|
1955 if(!$q) |
|
1956 { |
|
1957 echo $db->get_error(); |
|
1958 } |
|
1959 else |
|
1960 { |
|
1961 echo '<div class="tblholder"> |
|
1962 <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
1963 <tr> |
|
1964 <th>Edit an existing group</th> |
|
1965 </tr>'; |
|
1966 echo '<tr><td class="row2"><select name="group_edit_id">'; |
|
1967 while ( $row = $db->fetchrow() ) |
|
1968 { |
|
1969 if ( $row['group_name'] != 'Everyone' ) |
|
1970 { |
|
1971 echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>'; |
|
1972 } |
|
1973 } |
|
1974 $db->free_result(); |
|
1975 echo '</select></td></tr>'; |
|
1976 echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr> |
|
1977 </table> |
|
1978 </div> |
|
1979 </form><br />'; |
|
1980 } |
|
1981 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1982 echo '<div class="tblholder"> |
|
1983 <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
1984 <tr> |
|
1985 <th colspan="2">Create a new group</th> |
|
1986 </tr>'; |
|
1987 echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>'; |
|
1988 echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr> |
|
1989 </table> |
|
1990 </div>'; |
|
1991 echo '</form>'; |
|
1992 } |
|
1993 |
1635 |
1994 function page_Admin_COPPA() |
1636 function page_Admin_COPPA() |
1995 { |
1637 { |
1996 global $db, $session, $paths, $template, $plugins; // Common objects |
1638 global $db, $session, $paths, $template, $plugins; // Common objects |
1997 global $lang; |
1639 global $lang; |