diff -r cdf24ba5f114 -r 299a90e28abc plugins/admin/GroupManager.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/admin/GroupManager.php Thu Jan 03 18:39:19 2008 -0500 @@ -0,0 +1,383 @@ +auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + if(isset($_POST['do_create_stage1'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) + { + echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; + return; + } + echo '
'; + echo '
+ + + + + + + + + +
' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'
' . $lang->get('acpug_field_group_mod') . '' . $template->username_field('group_mod') . '
' . $lang->get('acpug_field_group_type') . ' +
+
+
+ +
+ + +
+
'; + echo '
'; + return; + } + elseif(isset($_POST['do_create_stage2'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) + { + echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; + return; + } + if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) + { + echo '

Hacking attempt

'; + return; + } + $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + echo '

' . $lang->get('acpug_err_already_exist') . '

'; + return; + } + $db->free_result(); + $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); + if(!$q) + { + echo $db->get_error(); + return; + } + $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '

' . $lang->get('acpug_err_bad_username') . '

'; + return; + } + $row = $db->fetchrow(); + $id = $row['user_id']; + $db->free_result(); + $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '

' . $lang->get('acpug_err_bad_insert_id') . '

'; + return; + } + $row = $db->fetchrow(); + $gid = $row['group_id']; + $db->free_result(); + $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); + if(!$e) + { + echo $db->get_error(); + return; + } + $g_name = htmlspecialchars($_POST['create_group_name']); + echo "
+ " . $lang->get('acpug_heading_info') . "
+ " . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . " +
"; + } + if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) + { + // Fetch the group name + $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '

Error: couldn\'t look up group name

'; + } + $row = $db->fetchrow(); + $name = htmlspecialchars($row['group_name']); + $db->free_result(); + if(isset($_POST['edit_do'])) + { + if(isset($_POST['edit_do']['del_group'])) + { + if ( $row['system_group'] == 1 ) + { + echo '
' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '
'; + } + else + { + $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + echo '
' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '
'; + return; + } + } + if(isset($_POST['edit_do']['save_name'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) + { + echo '

' . $lang->get('acpug_err_group_name_invalid') . '

'; + return; + } + $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\' + WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + else + { + echo '
+ ' . $lang->get('acpug_msg_name_update_success') . ' +
'; + } + $name = htmlspecialchars($_POST['group_name']); + + } + $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members + WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + while($row = $db->fetchrow($q)) + { + if(isset($_POST['edit_do']['del_' . $row['member_id']])) + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']); + if(!$e) + { + echo $db->get_error(); + return; + } + } + } + } + $db->free_result(); + if(isset($_POST['edit_do']['add_member'])) + { + $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + $row = $db->fetchrow(); + $user_id = $row['user_id']; + $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; + $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); + if(!$q) + { + echo $db->get_error(); + return; + } + else + { + echo '
+ ' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . ' +
'; + } + } + else + echo '
' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '
'; + } + } + $sg_disabled = ( $row['system_group'] == 1 ) ? + ' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' : + ' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" '; + echo '
'; + echo '
+ + + + + + + + +
' . $lang->get('acpug_heading_edit_name') . '
+ ' . $lang->get('acpug_field_group_name') . ' +
+ + +
+
+ '; + echo '
'; + echo '
'; + echo '
+ + '; + $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m + LEFT JOIN '.table_prefix.'users AS u + ON u.user_id=m.user_id + WHERE m.group_id='.intval($_POST['group_edit_id']).' + ORDER BY m.is_mod DESC, u.username ASC;'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo ''; + } + else + { + $cls = 'row2'; + while($row = $db->fetchrow()) + { + $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; + $mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : ''; + echo ' + + + + '; + } + } + $db->free_result(); + echo '
' . $lang->get('acpug_heading_edit_members') . '
' . $lang->get('acpug_msg_no_members') . '
+ ' . $row['username'] . ' + + '.$mod.' + + +
+
+ '; + echo '
'; + echo '
'; + echo '
+ + + + + + + + + + + + + +
' . $lang->get('acpug_heading_add_member') . '
+ ' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . ' +
+ + ' . $lang->get('acpug_field_make_mod_hint') . ' +
+ +
+
+ '; + echo '
'; + return; + } + echo '

' . $lang->get('acpug_heading_main') . '

'; + echo '
'; + $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); + if(!$q) + { + echo $db->get_error(); + } + else + { + echo '
+ + + + '; + echo ''; + echo ' +
' . $lang->get('acpug_heading_edit_existing') . '
+
+

'; + } + echo '
'; + echo '
+ + + + '; + echo ''; + echo ' +
' . $lang->get('acpug_heading_create_new') . '
' . $lang->get('acpug_field_group_name') . '
+
'; + echo '
'; +} + +?>