author | Dan |
Thu, 12 Jul 2007 01:04:01 -0400 | |
changeset 2 | a8a21e1c7afa |
parent 0 | f9ffdbd96607 |
child 3 | c0c445d4a13e |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/*********************************************************************** |
|
3 |
||
4 |
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
||
6 |
This file is part of PunBB. |
|
7 |
||
8 |
PunBB is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License as published |
|
10 |
by the Free Software Foundation; either version 2 of the License, |
|
11 |
or (at your option) any later version. |
|
12 |
||
13 |
PunBB is distributed in the hope that it will be useful, but |
|
14 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
GNU General Public License for more details. |
|
17 |
||
18 |
You should have received a copy of the GNU General Public License |
|
19 |
along with this program; if not, write to the Free Software |
|
20 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 |
MA 02111-1307 USA |
|
22 |
||
23 |
************************************************************************/ |
|
24 |
||
25 |
||
26 |
// Tell header.php to use the admin template |
|
27 |
define('PUN_ADMIN_CONSOLE', 1); |
|
28 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
29 |
//define('PUN_ROOT', './'); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
30 |
//require PUN_ROOT.'include/common.php'; |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
31 |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
32 |
global $pun_db, $pun_user, $pun_config, $lang_common; |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
33 |
|
0 | 34 |
require PUN_ROOT.'include/common_admin.php'; |
35 |
||
36 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
37 |
if ($pun_user['g_id'] < PUN_ADMIN) |
0 | 38 |
message($lang_common['No permission']); |
39 |
||
40 |
||
41 |
// Add a rank |
|
42 |
if (isset($_POST['add_rank'])) |
|
43 |
{ |
|
44 |
confirm_referrer('admin_ranks.php'); |
|
45 |
||
46 |
$rank = trim($_POST['new_rank']); |
|
47 |
$min_posts = $_POST['new_min_posts']; |
|
48 |
||
49 |
if ($rank == '') |
|
50 |
message('You must enter a rank title.'); |
|
51 |
||
52 |
if (!@preg_match('#^\d+$#', $min_posts)) |
|
53 |
message('Minimum posts must be a positive integer value.'); |
|
54 |
||
55 |
// Make sure there isn't already a rank with the same min_posts value |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
56 |
$result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'ranks WHERE min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
57 |
if ($pun_db->num_rows($result)) |
0 | 58 |
message('There is already a rank with a minimun posts value of '.$min_posts.'.'); |
59 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
60 |
$pun_db->query('INSERT INTO '.$pun_db->prefix.'ranks (rank, min_posts) VALUES(\''.$pun_db->escape($rank).'\', '.$min_posts.')') or error('Unable to add rank', __FILE__, __LINE__, $pun_db->error()); |
0 | 61 |
|
62 |
// Regenerate the ranks cache |
|
63 |
require_once PUN_ROOT.'include/cache.php'; |
|
64 |
generate_ranks_cache(); |
|
65 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
66 |
pun_redirect('admin_ranks.php', 'Rank added. Redirecting …'); |
0 | 67 |
} |
68 |
||
69 |
||
70 |
// Update a rank |
|
71 |
else if (isset($_POST['update'])) |
|
72 |
{ |
|
73 |
confirm_referrer('admin_ranks.php'); |
|
74 |
||
75 |
$id = intval(key($_POST['update'])); |
|
76 |
||
77 |
$rank = trim($_POST['rank'][$id]); |
|
78 |
$min_posts = trim($_POST['min_posts'][$id]); |
|
79 |
||
80 |
if ($rank == '') |
|
81 |
message('You must enter a rank title.'); |
|
82 |
||
83 |
if (!@preg_match('#^\d+$#', $min_posts)) |
|
84 |
message('Minimum posts must be a positive integer value.'); |
|
85 |
||
86 |
// Make sure there isn't already a rank with the same min_posts value |
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
87 |
$result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'ranks WHERE id!='.$id.' AND min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
88 |
if ($pun_db->num_rows($result)) |
0 | 89 |
message('There is already a rank with a minimun posts value of '.$min_posts.'.'); |
90 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
91 |
$pun_db->query('UPDATE '.$pun_db->prefix.'ranks SET rank=\''.$pun_db->escape($rank).'\', min_posts='.$min_posts.' WHERE id='.$id) or error('Unable to update rank', __FILE__, __LINE__, $pun_db->error()); |
0 | 92 |
|
93 |
// Regenerate the ranks cache |
|
94 |
require_once PUN_ROOT.'include/cache.php'; |
|
95 |
generate_ranks_cache(); |
|
96 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
97 |
pun_redirect('admin_ranks.php', 'Rank updated. Redirecting …'); |
0 | 98 |
} |
99 |
||
100 |
||
101 |
// Remove a rank |
|
102 |
else if (isset($_POST['remove'])) |
|
103 |
{ |
|
104 |
confirm_referrer('admin_ranks.php'); |
|
105 |
||
106 |
$id = intval(key($_POST['remove'])); |
|
107 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
108 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $pun_db->error()); |
0 | 109 |
|
110 |
// Regenerate the ranks cache |
|
111 |
require_once PUN_ROOT.'include/cache.php'; |
|
112 |
generate_ranks_cache(); |
|
113 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
114 |
pun_redirect('admin_ranks.php', 'Rank removed. Redirecting …'); |
0 | 115 |
} |
116 |
||
117 |
||
118 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Ranks'; |
|
119 |
$focus_element = array('ranks', 'new_rank'); |
|
120 |
require PUN_ROOT.'header.php'; |
|
121 |
||
122 |
generate_admin_menu('ranks'); |
|
123 |
||
124 |
?> |
|
125 |
<div class="blockform"> |
|
126 |
<h2><span>Ranks</span></h2> |
|
127 |
<div class="box"> |
|
128 |
<form id="ranks" method="post" action="admin_ranks.php?action=foo"> |
|
129 |
<div class="inform"> |
|
130 |
<fieldset> |
|
131 |
<legend>Add rank</legend> |
|
132 |
<div class="infldset"> |
|
133 |
<p>Enter a rank and the minimum number of posts that a user has to have to aquire the rank. Different ranks cannot have the same value for minimum posts. If a title is set for a user, the title will be displayed instead of any rank. <strong>User ranks must be enabled in <a href="admin_options.php#ranks">Options</a> for this to have any effect.</strong></p> |
|
134 |
<table cellspacing="0"> |
|
135 |
<thead> |
|
136 |
<tr> |
|
137 |
<th class="tcl" scope="col">Rank title</th> |
|
138 |
<th class="tc2" scope="col">Minimum posts</th> |
|
139 |
<th class="hidehead" scope="col">Action</th> |
|
140 |
</tr> |
|
141 |
</thead> |
|
142 |
<tbody> |
|
143 |
<tr> |
|
144 |
<td><input type="text" name="new_rank" size="24" maxlength="50" tabindex="1" /></td> |
|
145 |
<td><input type="text" name="new_min_posts" size="7" maxlength="7" tabindex="2" /></td> |
|
146 |
<td><input type="submit" name="add_rank" value=" Add " tabindex="3" /></td> |
|
147 |
</tr> |
|
148 |
</tbody> |
|
149 |
</table> |
|
150 |
</div> |
|
151 |
</fieldset> |
|
152 |
</div> |
|
153 |
<div class="inform"> |
|
154 |
<fieldset> |
|
155 |
<legend>Edit/remove ranks</legend> |
|
156 |
<div class="infldset"> |
|
157 |
<?php |
|
158 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
159 |
$result = $pun_db->query('SELECT id, rank, min_posts FROM '.$pun_db->prefix.'ranks ORDER BY min_posts') or error('Unable to fetch rank list', __FILE__, __LINE__, $pun_db->error()); |
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
160 |
if ($pun_db->num_rows($result)) |
0 | 161 |
{ |
162 |
||
163 |
?> |
|
164 |
<table cellspacing="0"> |
|
165 |
<thead> |
|
166 |
<tr> |
|
167 |
<th class="tcl" scope="col"><strong>Rank title</strong></th> |
|
168 |
<th class="tc2" scope="col"><strong>Minimum Posts</strong></th> |
|
169 |
<th class="hidehead" scope="col">Actions</th> |
|
170 |
</tr> |
|
171 |
</thead> |
|
172 |
<tbody> |
|
173 |
<?php |
|
174 |
||
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
175 |
while ($cur_rank = $pun_db->fetch_assoc($result)) |
0 | 176 |
echo "\t\t\t\t\t\t\t\t".'<tr><td><input type="text" name="rank['.$cur_rank['id'].']" value="'.pun_htmlspecialchars($cur_rank['rank']).'" size="24" maxlength="50" /></td><td><input type="text" name="min_posts['.$cur_rank['id'].']" value="'.$cur_rank['min_posts'].'" size="7" maxlength="7" /></td><td><input type="submit" name="update['.$cur_rank['id'].']" value="Update" /> <input type="submit" name="remove['.$cur_rank['id'].']" value="Remove" /></td></tr>'."\n"; |
177 |
||
178 |
?> |
|
179 |
</tbody> |
|
180 |
</table> |
|
181 |
<?php |
|
182 |
||
183 |
} |
|
184 |
else |
|
185 |
echo "\t\t\t\t\t\t\t".'<p>No ranks in list.</p>'."\n"; |
|
186 |
||
187 |
?> |
|
188 |
</div> |
|
189 |
</fieldset> |
|
190 |
</div> |
|
191 |
</form> |
|
192 |
</div> |
|
193 |
</div> |
|
194 |
<div class="clearer"></div> |
|
195 |
</div> |
|
196 |
<?php |
|
197 |
||
198 |
require PUN_ROOT.'footer.php'; |