| author | Dan |
| Thu, 12 Jul 2007 01:04:01 -0400 | |
| changeset 2 | a8a21e1c7afa |
| parent 0 | f9ffdbd96607 |
| child 3 | c0c445d4a13e |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
2 |
/*********************************************************************** |
|
3 |
||
4 |
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
||
6 |
This file is part of PunBB. |
|
7 |
||
8 |
PunBB is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License as published |
|
10 |
by the Free Software Foundation; either version 2 of the License, |
|
11 |
or (at your option) any later version. |
|
12 |
||
13 |
PunBB is distributed in the hope that it will be useful, but |
|
14 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
GNU General Public License for more details. |
|
17 |
||
18 |
You should have received a copy of the GNU General Public License |
|
19 |
along with this program; if not, write to the Free Software |
|
20 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 |
MA 02111-1307 USA |
|
22 |
||
23 |
************************************************************************/ |
|
24 |
||
25 |
||
26 |
// Tell header.php to use the admin template |
|
27 |
define('PUN_ADMIN_CONSOLE', 1);
|
|
28 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
29 |
//define('PUN_ROOT', './');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
30 |
//require PUN_ROOT.'include/common.php'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
31 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
32 |
global $pun_db, $pun_user, $pun_config, $lang_common; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
33 |
|
| 0 | 34 |
require PUN_ROOT.'include/common_admin.php'; |
35 |
||
36 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
37 |
if ($pun_user['g_id'] < PUN_ADMIN) |
| 0 | 38 |
message($lang_common['No permission']); |
39 |
||
40 |
||
41 |
// Add/edit a group (stage 1) |
|
42 |
if (isset($_POST['add_group']) || isset($_GET['edit_group'])) |
|
43 |
{
|
|
44 |
if (isset($_POST['add_group'])) |
|
45 |
{
|
|
46 |
$base_group = intval($_POST['base_group']); |
|
47 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
48 |
$result = $pun_db->query('SELECT * FROM '.$pun_db->prefix.'groups WHERE g_id='.$base_group) or error('Unable to fetch user group info', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
49 |
$group = $pun_db->fetch_assoc($result); |
| 0 | 50 |
|
51 |
$mode = 'add'; |
|
52 |
} |
|
53 |
else // We are editing a group |
|
54 |
{
|
|
55 |
$group_id = intval($_GET['edit_group']); |
|
56 |
if ($group_id < 1) |
|
57 |
message($lang_common['Bad request']); |
|
58 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
59 |
$result = $pun_db->query('SELECT * FROM '.$pun_db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch user group info', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
60 |
if (!$pun_db->num_rows($result)) |
| 0 | 61 |
message($lang_common['Bad request']); |
62 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
63 |
$group = $pun_db->fetch_assoc($result); |
| 0 | 64 |
|
65 |
$mode = 'edit'; |
|
66 |
} |
|
67 |
||
68 |
||
69 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / User groups'; |
|
70 |
$required_fields = array('req_title' => 'Group title');
|
|
71 |
$focus_element = array('groups2', 'req_title');
|
|
72 |
require PUN_ROOT.'header.php'; |
|
73 |
||
74 |
generate_admin_menu('groups');
|
|
75 |
||
76 |
?> |
|
77 |
<div class="blockform"> |
|
78 |
<h2><span>Group settings</span></h2> |
|
79 |
<div class="box"> |
|
80 |
<form id="groups2" method="post" action="admin_groups.php" onsubmit="return process_form(this)"> |
|
81 |
<p class="submittop"><input type="submit" name="add_edit_group" value=" Save " /></p> |
|
82 |
<div class="inform"> |
|
83 |
<input type="hidden" name="mode" value="<?php echo $mode ?>" /> |
|
84 |
<?php if ($mode == 'edit'): ?> <input type="hidden" name="group_id" value="<?php echo $group_id ?>" /> |
|
85 |
<?php endif; ?><?php if ($mode == 'add'): ?> <input type="hidden" name="base_group" value="<?php echo $base_group ?>" /> |
|
86 |
<?php endif; ?> <fieldset> |
|
87 |
<legend>Setup group options and permissions</legend> |
|
88 |
<div class="infldset"> |
|
89 |
<p>Below options and permissions are the default permissions for the user group. These options apply if no forum specific permissions are in effect.</p> |
|
90 |
<table class="aligntop" cellspacing="0"> |
|
91 |
<tr> |
|
92 |
<th scope="row">Group title</th> |
|
93 |
<td> |
|
94 |
<input type="text" name="req_title" size="25" maxlength="50" value="<?php if ($mode == 'edit') echo pun_htmlspecialchars($group['g_title']); ?>" tabindex="1" /> |
|
95 |
</td> |
|
96 |
</tr> |
|
97 |
<tr> |
|
98 |
<th scope="row">User title</th> |
|
99 |
<td> |
|
100 |
<input type="text" name="user_title" size="25" maxlength="50" value="<?php echo pun_htmlspecialchars($group['g_user_title']) ?>" tabindex="2" /> |
|
101 |
<span>This title will override any rank users in this group have attained. Leave blank to use default title or rank.</span> |
|
102 |
</td> |
|
103 |
</tr> |
|
104 |
<?php if ($group['g_id'] != PUN_ADMIN): ?> <tr> |
|
105 |
<th scope="row">Read board</th> |
|
106 |
<td> |
|
107 |
<input type="radio" name="read_board" value="1"<?php if ($group['g_read_board'] == '1') echo ' checked="checked"' ?> tabindex="3" /> <strong>Yes</strong> <input type="radio" name="read_board" value="0"<?php if ($group['g_read_board'] == '0') echo ' checked="checked"' ?> tabindex="4" /> <strong>No</strong> |
|
108 |
<span>Allow users in this group to view the board. This setting applies to every aspect of the board and can therefore not be overridden by forum specific settings. If this is set to "No", users in this group will only be able to login/logout and register.</span> |
|
109 |
</td> |
|
110 |
</tr> |
|
111 |
<tr> |
|
112 |
<th scope="row">Post replies</th> |
|
113 |
<td> |
|
114 |
<input type="radio" name="post_replies" value="1"<?php if ($group['g_post_replies'] == '1') echo ' checked="checked"' ?> tabindex="5" /> <strong>Yes</strong> <input type="radio" name="post_replies" value="0"<?php if ($group['g_post_replies'] == '0') echo ' checked="checked"' ?> tabindex="6" /> <strong>No</strong> |
|
115 |
<span>Allow users in this group to post replies in topics.</span> |
|
116 |
</td> |
|
117 |
</tr> |
|
118 |
<tr> |
|
119 |
<th scope="row">Post topics</th> |
|
120 |
<td> |
|
121 |
<input type="radio" name="post_topics" value="1"<?php if ($group['g_post_topics'] == '1') echo ' checked="checked"' ?> tabindex="7" /> <strong>Yes</strong> <input type="radio" name="post_topics" value="0"<?php if ($group['g_post_topics'] == '0') echo ' checked="checked"' ?> tabindex="8" /> <strong>No</strong> |
|
122 |
<span>Allow users in this group to post new topics.</span> |
|
123 |
</td> |
|
124 |
</tr> |
|
125 |
<?php if ($group['g_id'] != PUN_GUEST): ?> <tr> |
|
126 |
<th scope="row">Edit posts</th> |
|
127 |
<td> |
|
128 |
<input type="radio" name="edit_posts" value="1"<?php if ($group['g_edit_posts'] == '1') echo ' checked="checked"' ?> tabindex="11" /> <strong>Yes</strong> <input type="radio" name="edit_posts" value="0"<?php if ($group['g_edit_posts'] == '0') echo ' checked="checked"' ?> tabindex="12" /> <strong>No</strong> |
|
129 |
<span>Allow users in this group to edit their own posts.</span> |
|
130 |
</td> |
|
131 |
</tr> |
|
132 |
<tr> |
|
133 |
<th scope="row">Delete posts</th> |
|
134 |
<td> |
|
135 |
<input type="radio" name="delete_posts" value="1"<?php if ($group['g_delete_posts'] == '1') echo ' checked="checked"' ?> tabindex="13" /> <strong>Yes</strong> <input type="radio" name="delete_posts" value="0"<?php if ($group['g_delete_posts'] == '0') echo ' checked="checked"' ?> tabindex="14" /> <strong>No</strong> |
|
136 |
<span>Allow users in this group to delete their own posts.</span> |
|
137 |
</td> |
|
138 |
</tr> |
|
139 |
<tr> |
|
140 |
<th scope="row">Delete topics</th> |
|
141 |
<td> |
|
142 |
<input type="radio" name="delete_topics" value="1"<?php if ($group['g_delete_topics'] == '1') echo ' checked="checked"' ?> tabindex="15" /> <strong>Yes</strong> <input type="radio" name="delete_topics" value="0"<?php if ($group['g_delete_topics'] == '0') echo ' checked="checked"' ?> tabindex="16" /> <strong>No</strong> |
|
143 |
<span>Allow users in this group to delete their own topics (including any replies).</span> |
|
144 |
</td> |
|
145 |
</tr> |
|
146 |
<tr> |
|
147 |
<th scope="row">Set user title</th> |
|
148 |
<td> |
|
149 |
<input type="radio" name="set_title" value="1"<?php if ($group['g_set_title'] == '1') echo ' checked="checked"' ?> tabindex="17" /> <strong>Yes</strong> <input type="radio" name="set_title" value="0"<?php if ($group['g_set_title'] == '0') echo ' checked="checked"' ?> tabindex="18" /> <strong>No</strong> |
|
150 |
<span>Allow users in this group to set their own user title.</span> |
|
151 |
</td> |
|
152 |
</tr> |
|
153 |
<?php endif; ?> <tr> |
|
154 |
<th scope="row">Use search</th> |
|
155 |
<td> |
|
156 |
<input type="radio" name="search" value="1"<?php if ($group['g_search'] == '1') echo ' checked="checked"' ?> tabindex="19" /> <strong>Yes</strong> <input type="radio" name="search" value="0"<?php if ($group['g_search'] == '0') echo ' checked="checked"' ?> tabindex="20" /> <strong>No</strong> |
|
157 |
<span>Allow users in this group to use the search feature.</span> |
|
158 |
</td> |
|
159 |
</tr> |
|
160 |
<tr> |
|
161 |
<th scope="row">Search user list</th> |
|
162 |
<td> |
|
163 |
<input type="radio" name="search_users" value="1"<?php if ($group['g_search_users'] == '1') echo ' checked="checked"' ?> tabindex="21" /> <strong>Yes</strong> <input type="radio" name="search_users" value="0"<?php if ($group['g_search_users'] == '0') echo ' checked="checked"' ?> tabindex="22" /> <strong>No</strong> |
|
164 |
<span>Allow users in this group to freetext search for users in the user list.</span> |
|
165 |
</td> |
|
166 |
</tr> |
|
167 |
<?php if ($group['g_id'] != PUN_GUEST): ?> <tr> |
|
168 |
<th scope="row">Edit subjects interval</th> |
|
169 |
<td> |
|
170 |
<input type="text" name="edit_subjects_interval" size="5" maxlength="5" value="<?php echo $group['g_edit_subjects_interval'] ?>" tabindex="23" /> |
|
171 |
<span>Number of seconds after post time that users in this group may edit the subject of topics they've posted. Set to 0 to allow edits indefinitely.</span> |
|
172 |
</td> |
|
173 |
</tr> |
|
174 |
<tr> |
|
175 |
<th scope="row">Post flood interval</th> |
|
176 |
<td> |
|
177 |
<input type="text" name="post_flood" size="5" maxlength="4" value="<?php echo $group['g_post_flood'] ?>" tabindex="24" /> |
|
178 |
<span>Number of seconds that users in this group have to wait between posts. Set to 0 to disable.</span> |
|
179 |
</td> |
|
180 |
</tr> |
|
181 |
<tr> |
|
182 |
<th scope="row">Search flood interval</th> |
|
183 |
<td> |
|
184 |
<input type="text" name="search_flood" size="5" maxlength="4" value="<?php echo $group['g_search_flood'] ?>" tabindex="25" /> |
|
185 |
<span>Number of seconds that users in this group have to wait between searches. Set to 0 to disable.</span> |
|
186 |
</td> |
|
187 |
</tr> |
|
188 |
<?php endif; ?><?php endif; ?> </table> |
|
189 |
<?php if ($group['g_id'] == PUN_MOD ): ?> <p class="warntext">Please note that in order for a user in this group to have moderator abilities, he/she must be assigned to moderate one or more forums. This is done via the user administration page of the user's profile.</p> |
|
190 |
<?php endif; ?> </div> |
|
191 |
</fieldset> |
|
192 |
</div> |
|
193 |
<p class="submitend"><input type="submit" name="add_edit_group" value=" Save " tabindex="26" /></p> |
|
194 |
</form> |
|
195 |
</div> |
|
196 |
</div> |
|
197 |
<div class="clearer"></div> |
|
198 |
</div> |
|
199 |
<?php |
|
200 |
||
201 |
require PUN_ROOT.'footer.php'; |
|
202 |
} |
|
203 |
||
204 |
||
205 |
// Add/edit a group (stage 2) |
|
206 |
else if (isset($_POST['add_edit_group'])) |
|
207 |
{
|
|
208 |
confirm_referrer('admin_groups.php');
|
|
209 |
||
210 |
// Is this the admin group? (special rules apply) |
|
211 |
$is_admin_group = (isset($_POST['group_id']) && $_POST['group_id'] == PUN_ADMIN) ? true : false; |
|
212 |
||
213 |
$title = trim($_POST['req_title']); |
|
214 |
$user_title = trim($_POST['user_title']); |
|
215 |
$read_board = isset($_POST['read_board']) ? intval($_POST['read_board']) : '1'; |
|
216 |
$post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1'; |
|
217 |
$post_topics = isset($_POST['post_topics']) ? intval($_POST['post_topics']) : '1'; |
|
218 |
$edit_posts = isset($_POST['edit_posts']) ? intval($_POST['edit_posts']) : ($is_admin_group) ? '1' : '0'; |
|
219 |
$delete_posts = isset($_POST['delete_posts']) ? intval($_POST['delete_posts']) : ($is_admin_group) ? '1' : '0'; |
|
220 |
$delete_topics = isset($_POST['delete_topics']) ? intval($_POST['delete_topics']) : ($is_admin_group) ? '1' : '0'; |
|
221 |
$set_title = isset($_POST['set_title']) ? intval($_POST['set_title']) : ($is_admin_group) ? '1' : '0'; |
|
222 |
$search = isset($_POST['search']) ? intval($_POST['search']) : '1'; |
|
223 |
$search_users = isset($_POST['search_users']) ? intval($_POST['search_users']) : '1'; |
|
224 |
$edit_subjects_interval = isset($_POST['edit_subjects_interval']) ? intval($_POST['edit_subjects_interval']) : '0'; |
|
225 |
$post_flood = isset($_POST['post_flood']) ? intval($_POST['post_flood']) : '0'; |
|
226 |
$search_flood = isset($_POST['search_flood']) ? intval($_POST['search_flood']) : '0'; |
|
227 |
||
228 |
if ($title == '') |
|
229 |
message('You must enter a group title.');
|
|
230 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
231 |
$user_title = ($user_title != '') ? '\''.$pun_db->escape($user_title).'\'' : 'NULL'; |
| 0 | 232 |
|
233 |
if ($_POST['mode'] == 'add') |
|
234 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
235 |
$result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'groups WHERE g_title=\''.$pun_db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
236 |
if ($pun_db->num_rows($result)) |
| 0 | 237 |
message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
|
238 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
239 |
$pun_db->query('INSERT INTO '.$pun_db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$pun_db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
240 |
$new_group_id = $pun_db->insert_id(); |
| 0 | 241 |
|
242 |
// Now lets copy the forum specific permissions from the group which this group is based on |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
243 |
$result = $pun_db->query('SELECT forum_id, read_forum, post_replies, post_topics FROM '.$pun_db->prefix.'forum_perms WHERE group_id='.intval($_POST['base_group'])) or error('Unable to fetch group forum permission list', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
244 |
while ($cur_forum_perm = $pun_db->fetch_assoc($result)) |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
245 |
$pun_db->query('INSERT INTO '.$pun_db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 246 |
} |
247 |
else |
|
248 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
249 |
$result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'groups WHERE g_title=\''.$pun_db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
250 |
if ($pun_db->num_rows($result)) |
| 0 | 251 |
message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
|
252 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
253 |
$pun_db->query('UPDATE '.$pun_db->prefix.'groups SET g_title=\''.$pun_db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 254 |
} |
255 |
||
256 |
// Regenerate the quickjump cache |
|
257 |
require_once PUN_ROOT.'include/cache.php'; |
|
258 |
generate_quickjump_cache(); |
|
259 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
260 |
pun_redirect('admin_groups.php', 'Group '.(($_POST['mode'] == 'edit') ? 'edited' : 'added').'. Redirecting …');
|
| 0 | 261 |
} |
262 |
||
263 |
||
264 |
// Set default group |
|
265 |
else if (isset($_POST['set_default_group'])) |
|
266 |
{
|
|
267 |
confirm_referrer('admin_groups.php');
|
|
268 |
||
269 |
$group_id = intval($_POST['default_group']); |
|
270 |
if ($group_id < 4) |
|
271 |
message($lang_common['Bad request']); |
|
272 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
273 |
$pun_db->query('UPDATE '.$pun_db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 274 |
|
275 |
// Regenerate the config cache |
|
276 |
require_once PUN_ROOT.'include/cache.php'; |
|
277 |
generate_config_cache(); |
|
278 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
279 |
pun_redirect('admin_groups.php', 'Default group set. Redirecting …');
|
| 0 | 280 |
} |
281 |
||
282 |
||
283 |
// Remove a group |
|
284 |
else if (isset($_GET['del_group'])) |
|
285 |
{
|
|
286 |
confirm_referrer('admin_groups.php');
|
|
287 |
||
288 |
$group_id = intval($_GET['del_group']); |
|
289 |
if ($group_id < 5) |
|
290 |
message($lang_common['Bad request']); |
|
291 |
||
292 |
// Make sure we don't remove the default group |
|
293 |
if ($group_id == $pun_config['o_default_user_group']) |
|
294 |
message('The default group cannot be removed. In order to delete this group, you must first setup a different group as the default.');
|
|
295 |
||
296 |
||
297 |
// Check if this group has any members |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
298 |
$result = $pun_db->query('SELECT g.g_title, COUNT(u.id) FROM '.$pun_db->prefix.'groups AS g INNER JOIN '.$pun_db->prefix.'users AS u ON g.g_id=u.group_id WHERE g.g_id='.$group_id.' GROUP BY g.g_id, g_title') or error('Unable to fetch group info', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 299 |
|
300 |
// If the group doesn't have any members or if we've already selected a group to move the members to |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
301 |
if (!$pun_db->num_rows($result) || isset($_POST['del_group'])) |
| 0 | 302 |
{
|
303 |
if (isset($_POST['del_group'])) |
|
304 |
{
|
|
305 |
$move_to_group = intval($_POST['move_to_group']); |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
306 |
$pun_db->query('UPDATE '.$pun_db->prefix.'users SET group_id='.$move_to_group.' WHERE group_id='.$group_id) or error('Unable to move users into group', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 307 |
} |
308 |
||
309 |
// Delete the group and any forum specific permissions |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
310 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to delete group', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
311 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'forum_perms WHERE group_id='.$group_id) or error('Unable to delete group forum permissions', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 312 |
|
313 |
// Regenerate the quickjump cache |
|
314 |
require_once PUN_ROOT.'include/cache.php'; |
|
315 |
generate_quickjump_cache(); |
|
316 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
317 |
pun_redirect('admin_groups.php', 'Group removed. Redirecting …');
|
| 0 | 318 |
} |
319 |
||
320 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
321 |
list($group_title, $group_members) = $pun_db->fetch_row($result); |
| 0 | 322 |
|
323 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / User groups'; |
|
324 |
require PUN_ROOT.'header.php'; |
|
325 |
||
326 |
generate_admin_menu('groups');
|
|
327 |
||
328 |
?> |
|
329 |
<div class="blockform"> |
|
330 |
<h2><span>Remove group</span></h2> |
|
331 |
<div class="box"> |
|
332 |
<form id="groups" method="post" action="admin_groups.php?del_group=<?php echo $group_id ?>"> |
|
333 |
<div class="inform"> |
|
334 |
<fieldset> |
|
335 |
<legend>Move users currently in group</legend> |
|
336 |
<div class="infldset"> |
|
337 |
<p>The group "<?php echo pun_htmlspecialchars($group_title) ?>" currently has <?php echo $group_members ?> members. Please select a group to which these members will be assigned upon removal.</p> |
|
338 |
<label>Move users to |
|
339 |
<select name="move_to_group"> |
|
340 |
<?php |
|
341 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
342 |
$result = $pun_db->query('SELECT g_id, g_title FROM '.$pun_db->prefix.'groups WHERE g_id!='.PUN_GUEST.' AND g_id!='.$group_id.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 343 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
344 |
while ($cur_group = $pun_db->fetch_assoc($result)) |
| 0 | 345 |
{
|
346 |
if ($cur_group['g_id'] == PUN_MEMBER) // Pre-select the pre-defined Members group |
|
347 |
echo "\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
|
348 |
else |
|
349 |
echo "\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
|
350 |
} |
|
351 |
||
352 |
?> |
|
353 |
</select> |
|
354 |
</br></label> |
|
355 |
</div> |
|
356 |
</fieldset> |
|
357 |
</div> |
|
358 |
<p><input type="submit" name="del_group" value="Delete group" /></p> |
|
359 |
</form> |
|
360 |
</div> |
|
361 |
</div> |
|
362 |
<div class="clearer"></div> |
|
363 |
</div> |
|
364 |
<?php |
|
365 |
||
366 |
require PUN_ROOT.'footer.php'; |
|
367 |
} |
|
368 |
||
369 |
||
370 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / User groups'; |
|
371 |
require PUN_ROOT.'header.php'; |
|
372 |
||
373 |
generate_admin_menu('groups');
|
|
374 |
||
375 |
?> |
|
376 |
<div class="blockform"> |
|
377 |
<h2><span>Add/setup groups</span></h2> |
|
378 |
<div class="box"> |
|
379 |
<form id="groups" method="post" action="admin_groups.php?action=foo"> |
|
380 |
<div class="inform"> |
|
381 |
<fieldset> |
|
382 |
<legend>Add new group</legend> |
|
383 |
<div class="infldset"> |
|
384 |
<table class="aligntop" cellspacing="0"> |
|
385 |
<tr> |
|
386 |
<th scope="row">Base new group on<div><input type="submit" name="add_group" value=" Add " tabindex="2" /></div></th> |
|
387 |
<td> |
|
388 |
<select id="base_group" name="base_group" tabindex="1"> |
|
389 |
<?php |
|
390 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
391 |
$result = $pun_db->query('SELECT g_id, g_title FROM '.$pun_db->prefix.'groups WHERE g_id>'.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 392 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
393 |
while ($cur_group = $pun_db->fetch_assoc($result)) |
| 0 | 394 |
{
|
395 |
if ($cur_group['g_id'] == $pun_config['o_default_user_group']) |
|
396 |
echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
|
397 |
else |
|
398 |
echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
|
399 |
} |
|
400 |
||
401 |
?> |
|
402 |
</select> |
|
403 |
<span>Select a user group from which the new group will inherit it's permission settings. The next page will let you fine-tune said settings.</span> |
|
404 |
</td> |
|
405 |
</tr> |
|
406 |
</table> |
|
407 |
</div> |
|
408 |
</fieldset> |
|
409 |
</div> |
|
410 |
<div class="inform"> |
|
411 |
<fieldset> |
|
412 |
<legend>Set default group</legend> |
|
413 |
<div class="infldset"> |
|
414 |
<table class="aligntop" cellspacing="0"> |
|
415 |
<tr> |
|
416 |
<th scope="row">Default group<div><input type="submit" name="set_default_group" value=" Save " tabindex="4" /></div></th> |
|
417 |
<td> |
|
418 |
<select id="default_group" name="default_group" tabindex="3"> |
|
419 |
<?php |
|
420 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
421 |
$result = $pun_db->query('SELECT g_id, g_title FROM '.$pun_db->prefix.'groups WHERE g_id>'.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 422 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
423 |
while ($cur_group = $pun_db->fetch_assoc($result)) |
| 0 | 424 |
{
|
425 |
if ($cur_group['g_id'] == $pun_config['o_default_user_group']) |
|
426 |
echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
|
427 |
else |
|
428 |
echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
|
429 |
} |
|
430 |
||
431 |
?> |
|
432 |
</select> |
|
433 |
<span>This is the default user group, e.g. the group users are placed in when they register. For security reasons, users can't be placed in either the moderator or administrator user groups by default.</span> |
|
434 |
</td> |
|
435 |
</tr> |
|
436 |
</table> |
|
437 |
</div> |
|
438 |
</fieldset> |
|
439 |
</div> |
|
440 |
</form> |
|
441 |
</div> |
|
442 |
||
443 |
<h2 class="block2"><span>Existing groups</span></h2> |
|
444 |
<div class="box"> |
|
445 |
<div class="fakeform"> |
|
446 |
<div class="inform"> |
|
447 |
<fieldset> |
|
448 |
<legend>Edit/remove groups</legend> |
|
449 |
<div class="infldset"> |
|
450 |
<p>The pre-defined groups Guests, Administrators, Moderators and Members cannot be removed. They can however be edited. Please note though, that in some groups, some options are unavailable (e.g. the <em>edit posts</em> permission for guests). Administrators always have full permissions.</p> |
|
451 |
<table cellspacing="0"> |
|
452 |
<?php |
|
453 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
454 |
$result = $pun_db->query('SELECT g_id, g_title FROM '.$pun_db->prefix.'groups ORDER BY g_id') or error('Unable to fetch user group list', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 455 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
456 |
while ($cur_group = $pun_db->fetch_assoc($result)) |
| 0 | 457 |
echo "\t\t\t\t\t\t\t\t".'<tr><th scope="row"><a href="admin_groups.php?edit_group='.$cur_group['g_id'].'">Edit</a>'.(($cur_group['g_id'] > PUN_MEMBER) ? ' - <a href="admin_groups.php?del_group='.$cur_group['g_id'].'">Remove</a>' : '').'</th><td>'.pun_htmlspecialchars($cur_group['g_title']).'</td></tr>'."\n"; |
458 |
||
459 |
?> |
|
460 |
</table> |
|
461 |
</div> |
|
462 |
</fieldset> |
|
463 |
</div> |
|
464 |
</div> |
|
465 |
</div> |
|
466 |
</div> |
|
467 |
<div class="clearer"></div> |
|
468 |
</div> |
|
469 |
<?php |
|
470 |
||
471 |
require PUN_ROOT.'footer.php'; |