plugins/admin/PageGroups.php
changeset 81 d7fc25acd3f3
parent 80 cb7dde69c301
child 117 7cfdbb2fd17a
--- a/plugins/admin/PageGroups.php	Wed Aug 01 13:39:27 2007 -0400
+++ b/plugins/admin/PageGroups.php	Sun Aug 05 15:58:50 2007 -0400
@@ -404,7 +404,7 @@
       $q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';');
       if ( !$q )
         $db->_die();
-      echo "<div class='info-box'>The group ".'"'."$pg_name".'"'." has been deleted.</div>";
+      echo "<div class='info-box'>The group ".'"'.htmlspecialchars("$pg_name").'"'." has been deleted.</div>";
     }
     else if ( isset($_POST['action']['edit']) && !isset($_POST['action']['noop']) )
     {
@@ -439,16 +439,26 @@
           return;
         }
         
+        /*
+        // We're gonna allow adding nonexistent pages for now
         if ( !isPage($page) )
         {
           $return = array('mode' => 'error', 'text' => 'The page you are trying to add (' . htmlspecialchars($page) . ') does not exist.');
           echo $json->encode($return);
           return;
         }
+        */
         
         list($page_id, $namespace) = RenderMan::strToPageID($page);
         $page_id = sanitize_page_id($page_id);
         
+        if ( !isset($paths->namespace[$namespace]) )
+        {
+          $return = array('mode' => 'error', 'text' => 'Invalid namespace return from RenderMan::strToPageID()');
+          echo $json->encode($return);
+          return;
+        }
+        
         $q = $db->sql_query('SELECT "x" FROM '.table_prefix.'page_group_members WHERE pg_id=' . $edit_id . ' AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $namespace . '\';');
         if ( !$q )
         {
@@ -479,9 +489,76 @@
         return;
       }
       
-      if ( isset($_POST['action']['edit_save']) )
+      if ( isset($_POST['action']['edit_save']) && isset($_POST['pg_name']) )
       {
         $edit_id = $_POST['action']['edit'];
+        $edit_id = intval($edit_id);
+        if ( !empty($edit_id) )
+        {
+          // Update group name
+          $new_name = $_POST['pg_name'];
+          if ( empty($new_name) )
+          {
+            echo '<div class="error-box">Please enter a valid name for this group.</div>';
+          }
+          else
+          {
+            $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $edit_id . ';');
+            if ( !$q )
+              $db->_die();
+            $row = $db->fetchrow();
+            $db->free_result();
+            if ( $new_name != $row['pg_name'] )
+            {
+              $new_name = $db->escape(trim($new_name));
+              $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_name=\'' . $new_name . '\' WHERE pg_id=' . $edit_id . ';');
+              if ( !$q )
+                $db->_die();
+              else
+                echo '<div class="info-box">The group name was updated successfully.</div>';
+            }
+            if ( $_POST['pg_type'] == PAGE_GRP_TAGGED )
+            {
+              $target = $_POST['pg_target'];
+              $target = sanitize_tag($target);
+              if ( empty($target) )
+              {
+                echo '<div class="error-box">Please enter a valid tag.</div>';
+              }
+              else
+              {
+                $target = $db->escape($target);
+                $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';');
+                if ( !$q )
+                  $db->_die();
+                else
+                  echo '<div class="info-box">The affecting tag was updated.</div>';
+              }
+            }
+            else if ( $_POST['pg_type'] == PAGE_GRP_CATLINK )
+            {
+              $target = $_POST['pg_target'];
+              if ( empty($target) )
+              {
+                echo '<div class="error-box">No category ID specified on POST URI.</div>';
+              }
+              else
+              {
+                $target = $db->escape($target);
+                $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';');
+                if ( !$q )
+                  $db->_die();
+                else
+                  echo '<div class="info-box">The affecting category was updated.</div>';
+              }
+            }
+          }
+        }
+      }
+      else if ( isset($_POST['action']['edit_save']) )
+      {
+        $edit_id = $_POST['action']['edit'];
+        $edit_id = intval($edit_id);
       }
       else
       {
@@ -495,7 +572,7 @@
         return;
       }
       
-      if ( isset($_POST['action']['edit_save']['do_rm']) )
+      if ( isset($_POST['action']['edit_save']['do_rm']) && !isset($_POST['pg_name']) )
       {
         $vals = array_keys($_POST['action']['edit_save']['rm']);
         $good = array();
@@ -504,13 +581,20 @@
           if ( strval(intval($id)) == $id )
             $good[] = $id;
         }
-        $subquery = ( count($good) > 0 ) ? 'pg_member_id=' . implode(' OR pg_member_id=', $good) : "'foo'='foo'";
-        $sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;";
-        if ( !$db->sql_query($sql) )
+        $subquery = ( count($good) > 0 ) ? 'pg_member_id=' . implode(' OR pg_member_id=', $good) : "'foo'='bar'";
+        if ( $subquery == "'foo'='bar'" )
+        {
+          echo '<div class="warning-box">No pages were selected for deletion, and thus none were deleted.</div>';
+        }
+        else
         {
-          $db->_die();
+          $sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;";
+          if ( !$db->sql_query($sql) )
+          {
+            $db->_die();
+          }
+          echo '<div class="info-box">The requested page group members have been deleted.</div>';
         }
-        echo '<div class="info-box">The requested page group members have been deleted.</div>';
       }
       
       // Fetch information about page group
@@ -529,6 +613,7 @@
       
       echo '<form name="pg_edit_frm" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       echo '<input type="hidden" name="action[edit]" value="' . $edit_id . '" />';
+      echo '<input type="hidden" name="pg_type" value="' . $row['pg_type'] . '" />';
       echo '<div class="tblholder">
               <table border="0" cellspacing="1" cellpadding="4">
                 <tr>
@@ -553,10 +638,20 @@
       switch ( $row['pg_type'] )
       {
         case PAGE_GRP_NORMAL:
+          
           // You have guessed correct.
           // *Sits in chair for 10 minutes listening to the radio in an effort to put off writing the code you see below*
           
           echo '<tr><th colspan="3" class="subhead"><input type="submit" name="action[edit_save]" value="Save group name" /></th></tr>';
+          echo '</table></div>';
+          echo '</form>';
+          echo '<form name="pg_static_rm_frm" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" enctype="multipart/form-data">';
+          echo '<input type="hidden" name="action[edit]" value="' . $edit_id . '" />';
+          echo '<div class="tblholder">
+                  <table border="0" cellspacing="1" cellpadding="4">
+                    <tr>
+                      <th colspan="3">Remove pages from this group</th>
+                    </tr>';
           
           $q = $db->sql_query('SELECT m.pg_member_id,m.page_id,m.namespace FROM '.table_prefix.'page_group_members AS m
                                  LEFT JOIN '.table_prefix.'pages AS p
@@ -689,6 +784,50 @@
           
           break;
         case PAGE_GRP_TAGGED:
+          echo '<tr>
+                  <td class="row2">
+                    Include pages with this tag:
+                  </td>
+                  <td class="row1">
+                    <input type="text" name="pg_target" value="' . htmlspecialchars($row['pg_target']) . '" size="30" />
+                  </td>
+                </tr>';
+          break;
+        case PAGE_GRP_CATLINK:
+          
+          // Build category list
+          $q = $db->sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';');
+          if ( !$q )
+            $db->_die();
+          
+          if ( $db->numrows() < 1 )
+          {
+            $catlist = 'There aren\'t any categories on this site.';
+          }
+          else
+          {
+            $catlist = '<select name="pg_target">';
+            while ( $catrow = $db->fetchrow() )
+            {
+              $selected = ( $catrow['urlname'] == $row['pg_target'] ) ? ' selected="selected"' : '';
+              $catlist .= '<option value="' . htmlspecialchars($catrow['urlname']) . '"' . $selected . '>' . htmlspecialchars($catrow['name']) . '</option>';
+            }
+            $catlist .= '</select>';
+          }
+          
+          echo '<tr>
+                  <td class="row2">
+                    Include pages that are in this category:<br />
+                    <small><b>Reminder:</b> Enano does not automatically place any access controls on the category. If you
+                           don\'t want users to be able to freely add and remove pages from the category (assuming Wiki Mode is enabled
+                           for the category) then you need to enable protection on the category using the button on the more options menu.
+                           </small>
+                  </td>
+                  <td class="row1">
+                    ' . $catlist . '
+                  </td>
+                </tr>';
+          
           break;
       }