diff -r 000000000000 -r a09fb41e48d5 plugins/nuggie/usercp.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/nuggie/usercp.php Tue Dec 11 02:03:54 2007 -0500 @@ -0,0 +1,462 @@ +Nuggie not installed'; + echo '
It looks like Nuggie isn\'t installed yet. You\'ll need to install Nuggie before you can do anything more.
'; + return true; + } + + $subsection = $paths->getParam(1); + $initted = true; + + $q = $db->sql_query('SELECT blog_id, blog_name, blog_subtitle, blog_type, allowed_users FROM ' . table_prefix . "blogs WHERE user_id = {$session->user_id};"); + if ( !$q ) + $db->_die('Nuggie User CP selecting blog info'); + + if ( $db->numrows() < 1 ) + { + $subsection = 'Settings'; + $initted = false; + } + + list(, $blog_name, $blog_desc, $blog_type, $allowed_users) = $db->fetchrow_num($q); + + switch($subsection) + { + case false: + case 'Home': + echo 'module Home'; + break; + case 'Settings': + + switch ( isset($_POST['do_save']) ) + { + // We're doing this so we can break out if we need to (if form validation fails) + case true: + + $errors = array(); + + $blog_name = trim($_POST['blog_name']); + $blog_desc = trim($_POST['blog_desc']); + $blog_access = trim($_POST['blog_access']); + $allowed_users = $_POST['allowed_users']; + + if ( empty($blog_name) ) + $errors[] = 'Please enter a name for your blog.'; + + if ( !in_array($blog_access, array('public', 'private')) ) + $errors[] = 'Hacking attempt on blog_access: must be one of public, private.'; + + if ( count($allowed_users) > 500 ) + $errors[] = 'You\'re asking that an unreasonable number of users have access to this blog. If you really have that many readers, you may want to ask the administrator of this site to make a usergroup with read access to your blog.'; + + if ( count($allowed_users) < 1 && $blog_access == 'private' ) + $errors[] = 'Please enter at least one username that will have access to your blog. Note that your account always has access to your blog.'; + + if ( $blog_access == 'public' ) + { + $allowed_users = 'NULL'; + } + else + { + if ( is_array($allowed_users) && count($errors) < 1 ) + { + $allowed_users = array_values(array_unique($allowed_users)); + foreach ( $allowed_users as $i => $_ ) + { + if ( empty( $allowed_users[$i] ) ) + { + unset($allowed_users[$i]); + } + else + { + $allowed_users[$i] = $db->escape($allowed_users[$i]); + } + } + $fragment = "username='" . implode("' OR username='", $allowed_users) . "'"; + $e = $db->sql_query('SELECT COUNT(username) AS num_valid FROM ' . table_prefix . "users WHERE $fragment;"); + if ( !$e ) + $db->_die('Nuggie user CP validating usernames'); + + $row = $db->fetchrow(); + if ( intval($row['num_valid']) != count($allowed_users) ) + $errors[] = 'One or more of the usernames you entered does not exist.'; + } + else + { + $errors[] = 'Invalid datatype on allowed_users.'; + } + } + + if ( count($errors) > 0 ) + { + $initted = true; + echo '