Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
<?php
/**!info**
{
"Plugin Name" : "plugin_specialgroups_title",
"Plugin URI" : "http://enanocms.org/",
"Description" : "plugin_specialgroups_desc",
"Author" : "Dan Fuhry",
"Version" : "1.1.3",
"Author URI" : "http://enanocms.org/"
}
**!*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
* Version 1.1.4 (Caoineag alpha 4)
* Copyright (C) 2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
$plugins->attachHook('session_started', '
global $paths;
$paths->add_page(Array(
\'name\'=>\'specialpage_groupcp\',
\'urlname\'=>\'Usergroups\',
\'namespace\'=>\'Special\',
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
));
');
function page_Special_Usergroups()
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $email; // Import e-mail encryption functions
global $lang;
if ( !$session->user_logged_in )
{
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page));
$db->close();
exit;
}
$template->header();
userprefs_show_menu();
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) )
{
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
if ( empty($gid) || $gid < 1 )
{
die_friendly('Error', '<p>Hacking attempt</p>');
}
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
if ( !$q )
{
$db->_die('SpecialGroups.php, line ' . __LINE__);
}
$row = $db->fetchrow();
$db->free_result();
$members = array();
$pending = array();
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments
FROM '.table_prefix.'users AS u
LEFT JOIN '.table_prefix.'group_members AS m
ON ( m.user_id = u.user_id )
LEFT JOIN '.table_prefix.'comments AS c
ON ( c.name = u.username )
WHERE m.group_id=' . $gid . '
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending
ORDER BY m.is_mod DESC,u.username ASC;');
if ( !$q )
{
$db->_die('SpecialGroups.php, line ' . __LINE__);
}
$is_member = false;
$is_mod = false;
$is_pending = false;
while ( $mr = $db->fetchrow() )
{
if ( $mr['pending'] == 1 )
{
$pending[] = $mr;
if ( $mr['user_id'] == $session->user_id )
{
$is_pending = true;
}
}
else
{
$members[] = $mr;
if ( $mr['user_id'] == $session->user_id )
{
$is_member = true;
if ( $mr['is_mod'] == 1 )
{
$is_mod = true;
}
}
}
}
$status = ( $is_member && $is_mod )
? $lang->get('groupcp_status_mod')
: ( ( $is_member && !$is_mod )
? $lang->get('groupcp_status_member')
: $lang->get('groupcp_status_not_member')
);
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN );
switch ( $row['group_type'] )
{
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break;
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break;
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break;
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break;
}
if ( isset($_GET['act']) && $can_do_admin_stuff )
{
switch($_GET['act'])
{
case 'update':
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
{
die_friendly('ERROR', '<p>Hacking attempt</p>');
}
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
if ( !$q )
$db->_die('SpecialGroups.php, line ' . __LINE__);
$error = false;
if ( $db->numrows() < 1 )
{
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
$error = true;
}
$r = $db->fetchrow();
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
{
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>';
$error = true;
}
if ( !$error )
{
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
$row['group_type'] = $_POST['group_state'];
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>';
}
break;
case 'adduser':
$username = $_POST['add_username'];
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
if ($db->numrows() < 1)
{
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>';
break;
}
$r = $db->fetchrow();
$db->free_result();
$uid = intval($r['user_id']);
// Check if the user is already in the group, and if so, only update modship
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
if ( !$q )
$db->_die('SpecialGroups.php, line ' . __LINE__);
if ( $db->numrows() > 0 )
{
$r = $db->fetchrow();
if ( (string) $r['is_mod'] != $mod )
{
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
if ( !$q )
$db->_die('SpecialGroups.php, line ' . __LINE__);
foreach ( $members as $i => $member )
{
if ( $member['member_id'] == $r['member_id'] )
$members[$i]['is_mod'] = (int)$mod;
}
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>';
}
else
{
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>';
}
break;
}
$db->free_result();
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>';
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
FROM '.table_prefix.'users AS u
LEFT JOIN '.table_prefix.'group_members AS m
ON ( m.user_id = u.user_id )
LEFT JOIN '.table_prefix.'comments AS c
ON ( c.name = u.username )
WHERE m.group_id=' . $gid . '
AND m.pending!=1
AND u.user_id=' . $uid . '
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
ORDER BY m.is_mod DESC,u.username ASC
LIMIT 1;');
if ( !$q )
$db->_die('SpecialGroups.php, line ' . __LINE__);
$r = $db->fetchrow();
$members[] = $r;
$db->free_result();
// just added a user to the group, so regenerate the ranks cache
generate_ranks_cache();
break;
case 'del_users':
foreach ( $members as $i => $member )
{
if ( isset($_POST['del_user'][$member['member_id']]) )
{
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
unset($members[$i]);
}
}
// regenerate the ranks cache
generate_ranks_cache();
break;
case 'pending':
foreach ( $pending as $i => $member )
{
if ( isset( $_POST['with_user'][$member['member_id']]) )
{
if ( isset ( $_POST['do_appr_pending'] ) )
{
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
$members[] = $member;
unset($pending[$i]);
continue;
}
elseif ( isset ( $_POST['do_reject_pending'] ) )
{
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
unset($pending[$i]);
}
}
}
// memberships updated/changed, regenerate ranks cache
generate_ranks_cache();
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>';
break;
}
}
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff )
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>';
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
FROM '.table_prefix.'users AS u
LEFT JOIN '.table_prefix.'group_members AS m
ON ( m.user_id = u.user_id )
LEFT JOIN '.table_prefix.'comments AS c
ON ( c.name = u.username )
WHERE m.group_id=' . $gid . '
AND m.pending!=1
AND u.user_id=' . $session->user_id . '
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
ORDER BY m.is_mod DESC,u.username ASC
LIMIT 1;');
if ( !$q )
$db->_die('SpecialGroups.php, line ' . __LINE__);
$r = $db->fetchrow();
$members[] = $r;
$db->free_result();
}
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff )
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
if (!$q)
$db->_die('SpecialGroups.php, line ' . __LINE__);
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>';
}
$state_btns = ( $can_do_admin_stuff ) ?
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label>
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label>
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label>
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>'
: $g_state;
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member )
{
if ( $is_pending )
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending');
else
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />';
}
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member )
{
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />';
}
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']);
$str = $lang->get($g_name_local);
if ( $str != $g_name_local )
$row['group_name'] = $str;
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data">
<div class="tblholder">
<table border="0" cellspacing="1" cellpadding="4">
<tr>
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th>
</tr>
<tr>
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td>
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td>
</tr>
<tr>
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td>
<td class="row1">' . $status . '</td>
</tr>
<tr>
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td>
<td class="row1">' . $state_btns . '</td>
</tr>
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? '
<tr>
<th class="subhead" colspan="2">
<input type="submit" value="' . $lang->get('etc_save_changes') . '" />
</th>
</tr>
' : '' ) . '
</table>
</div>
<input name="group_id" value="' . $gid . '" type="hidden" />
</form>';
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff )
{
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data">
<input name="group_id" value="' . $gid . '" type="hidden" />
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2>
<div class="tblholder">
<table border="0" cellspacing="1" cellpadding="4">
<tr>
<th>' . $lang->get('groupcp_th_username') . '</th>
<th>' . $lang->get('groupcp_th_email') . '</th>
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
<th>' . $lang->get('groupcp_th_comments') . '</th>
<th>' . $lang->get('groupcp_th_select') . '</th>
</tr>';
$cls = 'row2';
foreach ( $pending as $member )
{
$date = enano_date('F d, Y', $member['reg_time']);
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
$addy = $email->encryptEmail($member['email']);
echo "<tr>
<td class='{$cls}'>{$member['username']}</td>
<td class='{$cls}'>{$addy}</td>
<td class='{$cls}'>{$date}</td>
<td class='{$cls}'>{$member['num_comments']}</td>
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td>
</tr>";
}
echo '</table>
</div>
<div style="margin: 10px 0 0 auto;">
With selected:
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" />
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" />
</div>
</form>';
}
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data">
<h2>' . $lang->get('groupcp_th_group_members') . '</h2>
<div class="tblholder">
<table border="0" cellspacing="1" cellpadding="4">
<tr>
<th>' . $lang->get('groupcp_th_username') . '</th>
<th>' . $lang->get('groupcp_th_email') . '</th>
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
<th>' . $lang->get('groupcp_th_comments') . '</th>
' . ( ( $can_do_admin_stuff ) ? '
<th>' . $lang->get('groupcp_th_remove') . '</th>
' : '' ) . '
</tr>
<tr>
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th>
</tr>';
$mod_printed = false;
$mem_printed = false;
$cls = 'row2';
foreach ( $members as $member )
{
if ( $member['is_mod'] != 1 )
break;
$date = enano_date('F d, Y', $member['reg_time']);
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
$addy = $email->encryptEmail($member['email']);
$mod_printed = true;
echo "<tr>
<td class='{$cls}'>{$member['username']}</td>
<td class='{$cls}'>{$addy}</td>
<td class='{$cls}'>{$date}</td>
<td class='{$cls}'>{$member['num_comments']}</td>
" . ( ( $can_do_admin_stuff ) ? "
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
" : '' ) . "
</tr>";
}
if (!$mod_printed)
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>';
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>';
foreach ( $members as $member )
{
if ( $member['is_mod'] == 1 )
continue;
$date = enano_date('F d, Y', $member['reg_time']);
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
$addy = $email->encryptEmail($member['email']);
$mem_printed = true;
echo "<tr>
<td class='{$cls}'>{$member['username']}</td>
<td class='{$cls}'>{$addy}</td>
<td class='{$cls}'>{$date}</td>
<td class='{$cls}'>{$member['num_comments']}</td>
" . ( ( $can_do_admin_stuff ) ? "
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
" : '' ) . "
</tr>";
}
if (!$mem_printed)
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>';
echo ' </table>
</div>';
if ( $can_do_admin_stuff )
{
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>";
}
echo '<input name="group_id" value="' . $gid . '" type="hidden" />
</form>';
if ( $can_do_admin_stuff )
{
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;">
<div class="tblholder">
<table border="0" cellspacing="1" cellpadding="4">
<tr>
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th>
</tr>
<tr>
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td>
</tr>
<tr>
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td>
</tr>
<tr>
<th class="subhead" colspan="2">
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" />
</th>
</tr>
</table>
</div>
<input name="group_id" value="' . $gid . '" type="hidden" />
</form>';
}
}
else
{
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
echo '<div class="tblholder">
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
<tr>
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th>
</tr>
<tr>
<td class="row2" style="text-align: right; width: 50%;">
' . $lang->get('groupcp_lbl_current_memberships') . '
</td>
<td class="row1" style="width: 50%;">';
$taboo = Array('Everyone');
if ( sizeof ( $session->groups ) > count($taboo) )
{
echo '<select name="group_id">';
foreach ( $session->groups as $id => $group )
{
$taboo[] = $db->escape($group);
$group = htmlspecialchars($group);
if ( $group != 'Everyone' )
{
$g_name_local = 'groupcp_grp_' . strtolower($group);
$str = $lang->get($g_name_local);
if ( $str != $g_name_local )
$group = $str;
echo '<option value="' . $id . '">' . $group . '</option>';
}
}
echo '</select>
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />';
}
else
{
echo 'None';
}
echo '</td>
</tr>';
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\'';
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;');
if(!$q)
{
echo $db->get_error();
$template->footer();
return;
}
if($db->numrows() > 0)
{
echo '<tr>
<td class="row2" style="text-align: right;">
' . $lang->get('groupcp_lbl_non_memberships') . '
</td>
<td class="row1">
<select name="group_id_n">';
while ( $row = $db->fetchrow() )
{
if ( $row['group_name'] != 'Everyone' )
{
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>';
}
}
echo '</select>
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" />
</td>
</tr>
';
}
$db->free_result();
echo '</table>
</div>
</form>';
}
$template->footer();
}
?>