--- a/plugins/SpecialAdmin.php Thu Jan 03 00:55:10 2008 -0500
+++ b/plugins/SpecialAdmin.php Thu Jan 03 18:39:19 2008 -0500
@@ -43,6 +43,7 @@
require(ENANO_ROOT . '/plugins/admin/PageManager.php');
require(ENANO_ROOT . '/plugins/admin/PageEditor.php');
require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
+require(ENANO_ROOT . '/plugins/admin/GroupManager.php');
require(ENANO_ROOT . '/plugins/admin/SecurityLog.php');
require(ENANO_ROOT . '/plugins/admin/UserManager.php');
@@ -1628,368 +1629,9 @@
} else echo('<p>All themes are currently installed.</p>');
}
-function page_Admin_GroupManager()
-{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
- {
- $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
- echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
- echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
- return;
- }
-
- if(isset($_POST['do_create_stage1']))
- {
- if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
- {
- echo '<p>The group name you chose is invalid.</p>';
- return;
- }
- echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
- echo '<div class="tblholder">
- <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
- <tr><th colspan="2">Creating group: '.htmlspecialchars($_POST['create_group_name']).'</th></tr>
- <tr>
- <td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
- </tr>
- <tr><td class="row2">Group status</td><td class="row2">
- <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
- <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
- <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
- <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
- </td></tr>
- <tr>
- <th class="subhead" colspan="2">
- <input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" />
- <input type="submit" name="do_create_stage2" value="Create group" />
- </th>
- </tr>
- </table>
- </div>';
- echo '</form>';
- return;
- }
- elseif(isset($_POST['do_create_stage2']))
- {
- if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
- {
- echo '<p>The group name you chose is invalid.</p>';
- return;
- }
- if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
- {
- echo '<p>Hacking attempt</p>';
- return;
- }
- $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
- if(!$e)
- {
- echo $db->get_error();
- return;
- }
- if($db->numrows() > 0)
- {
- echo '<p>The group name you entered already exists.</p>';
- return;
- }
- $db->free_result();
- $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
- if(!$e)
- {
- echo $db->get_error();
- return;
- }
- if($db->numrows() < 1)
- {
- echo '<p>The username you entered could not be found.</p>';
- return;
- }
- $row = $db->fetchrow();
- $id = $row['user_id'];
- $db->free_result();
- $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
- if(!$e)
- {
- echo $db->get_error();
- return;
- }
- if($db->numrows() < 1)
- {
- echo '<p>The group ID could not be looked up.</p>';
- return;
- }
- $row = $db->fetchrow();
- $gid = $row['group_id'];
- $db->free_result();
- $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
- if(!$e)
- {
- echo $db->get_error();
- return;
- }
- $g_name = htmlspecialchars($_POST['create_group_name']);
- echo "<div class='info-box'>
- <b>Information</b><br />
- The group {$g_name} has been created successfully.
- </div>";
- }
- if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
- {
- // Fetch the group name
- $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- if($db->numrows() < 1)
- {
- echo '<p>Error: couldn\'t look up group name</p>';
- }
- $row = $db->fetchrow();
- $name = htmlspecialchars($row['group_name']);
- $db->free_result();
- if(isset($_POST['edit_do']))
- {
- if(isset($_POST['edit_do']['del_group']))
- {
- if ( $row['system_group'] == 1 )
- {
- echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
- }
- else
- {
- $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
- return;
- }
- }
- if(isset($_POST['edit_do']['save_name']))
- {
- if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
- {
- echo '<p>The group name you chose is invalid.</p>';
- return;
- }
- $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
- WHERE group_id='.intval($_POST['group_edit_id']).';');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- else
- {
- echo '<div class="info-box" style="margin: 0 0 10px 0;"">
- The group name has been updated.
- </div>';
- }
- $name = htmlspecialchars($_POST['group_name']);
-
- }
- $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
- WHERE group_id='.intval($_POST['group_edit_id']).';');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- if($db->numrows() > 0)
- {
- while($row = $db->fetchrow($q))
- {
- if(isset($_POST['edit_do']['del_' . $row['member_id']]))
- {
- $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
- if(!$e)
- {
- echo $db->get_error();
- return;
- }
- }
- }
- }
- $db->free_result();
- if(isset($_POST['edit_do']['add_member']))
- {
- $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- if($db->numrows() > 0)
- {
- $row = $db->fetchrow();
- $user_id = $row['user_id'];
- $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
- $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- else
- {
- echo '<div class="info-box" style="margin: 0 0 10px 0;"">
- The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
- </div>';
- }
- }
- else
- echo '<div class="warning-box"><b>The user "'.htmlspecialchars($_POST['edit_add_username']).'" could not be added.</b><br />This username does not exist.</div>';
- }
- }
- $sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
- echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
- echo '<div class="tblholder">
- <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
- <tr><th>Edit group name</th></tr>
- <tr>
- <td class="row1">
- Group name: <input type="text" name="group_name" value="'.$name.'" />
- </td>
- </tr>
- <tr>
- <th class="subhead">
- <input type="submit" name="edit_do[save_name]" value="Save name" />
- <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
- </th>
- </tr>
- </table>
- </div>
- <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
- echo '</form>';
- echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
- echo '<div class="tblholder">
- <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
- <tr><th colspan="3">Edit group members</th></tr>';
- $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
- LEFT JOIN '.table_prefix.'users AS u
- ON u.user_id=m.user_id
- WHERE m.group_id='.intval($_POST['group_edit_id']).'
- ORDER BY m.is_mod DESC, u.username ASC;');
- if(!$q)
- {
- echo $db->get_error();
- return;
- }
- if($db->numrows() < 1)
- {
- echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
- }
- else
- {
- $cls = 'row2';
- while($row = $db->fetchrow())
- {
- $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
- $mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
- echo '<tr>
- <td class="'.$cls.'" style="width: 100%;">
- ' . $row['username'] . '
- </td>
- <td class="'.$cls.'">
- '.$mod.'
- </td>
- <td class="'.$cls.'">
- <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
- </td>
- </tr>';
- }
- }
- $db->free_result();
- echo '</table>
- </div>
- <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
- echo '</form>';
- echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
- echo '<div class="tblholder">
- <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
- <tr>
- <th>Add a new member</th>
- </tr>
- <tr>
- <td class="row1">
- Username: ' . $template->username_field('edit_add_username') . '
- </td>
- </tr>
- <tr>
- <td class="row2">
- <label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
- </td>
- </tr>
- <tr>
- <th class="subhead">
- <input type="submit" name="edit_do[add_member]" value="Add user to group" />
- </th>
- </tr>
- </table>
- </div>
- <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
- echo '</form>';
- return;
- }
- echo '<h3>Manage Usergroups</h3>';
- echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
- $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
- if(!$q)
- {
- echo $db->get_error();
- }
- else
- {
- echo '<div class="tblholder">
- <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
- <tr>
- <th>Edit an existing group</th>
- </tr>';
- echo '<tr><td class="row2"><select name="group_edit_id">';
- while ( $row = $db->fetchrow() )
- {
- if ( $row['group_name'] != 'Everyone' )
- {
- echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
- }
- }
- $db->free_result();
- echo '</select></td></tr>';
- echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
- </table>
- </div>
- </form><br />';
- }
- echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
- echo '<div class="tblholder">
- <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
- <tr>
- <th colspan="2">Create a new group</th>
- </tr>';
- echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
- echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
- </table>
- </div>';
- echo '</form>';
-}
+/*
+ * Admin:GroupManager sources are in /plugins/admin/GroupManager.php.
+ */
function page_Admin_COPPA()
{