0
+ − 1
<?php
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 2
/**!info**
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 3
{
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 4
"Plugin Name" : "plugin_specialgroups_title",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 5
"Plugin URI" : "http://enanocms.org/",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 6
"Description" : "plugin_specialgroups_desc",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 7
"Author" : "Dan Fuhry",
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 8
"Version" : "1.1.6",
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 9
"Author URI" : "http://enanocms.org/"
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 10
}
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 11
**!*/
0
+ − 12
+ − 13
/*
+ − 14
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 15
* Copyright (C) 2007 Dan Fuhry
+ − 16
*
+ − 17
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 18
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 19
*
+ − 20
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 21
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 22
*/
+ − 23
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 24
// $plugins->attachHook('session_started', 'SpecialGroups_paths_init();');
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 25
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 26
function SpecialGroups_paths_init()
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 27
{
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 28
register_special_page('Usergroups', 'specialpage_groupcp');
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 29
}
0
+ − 30
+ − 31
function page_Special_Usergroups()
+ − 32
{
+ − 33
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 34
global $email; // Import e-mail encryption functions
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 35
global $lang;
0
+ − 36
+ − 37
if ( !$session->user_logged_in )
+ − 38
{
+ − 39
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page));
+ − 40
$db->close();
+ − 41
exit;
+ − 42
}
+ − 43
+ − 44
$template->header();
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 45
userprefs_show_menu();
0
+ − 46
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) )
+ − 47
{
+ − 48
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
+ − 49
if ( empty($gid) || $gid < 1 )
+ − 50
{
+ − 51
die_friendly('Error', '<p>Hacking attempt</p>');
+ − 52
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 53
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
0
+ − 54
if ( !$q )
+ − 55
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 56
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 57
}
+ − 58
$row = $db->fetchrow();
+ − 59
$db->free_result();
+ − 60
$members = array();
+ − 61
$pending = array();
322
+ − 62
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments
0
+ − 63
FROM '.table_prefix.'users AS u
+ − 64
LEFT JOIN '.table_prefix.'group_members AS m
+ − 65
ON ( m.user_id = u.user_id )
+ − 66
LEFT JOIN '.table_prefix.'comments AS c
+ − 67
ON ( c.name = u.username )
+ − 68
WHERE m.group_id=' . $gid . '
322
+ − 69
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending
0
+ − 70
ORDER BY m.is_mod DESC,u.username ASC;');
+ − 71
if ( !$q )
+ − 72
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 73
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 74
}
+ − 75
+ − 76
$is_member = false;
+ − 77
$is_mod = false;
+ − 78
$is_pending = false;
+ − 79
+ − 80
while ( $mr = $db->fetchrow() )
+ − 81
{
+ − 82
if ( $mr['pending'] == 1 )
+ − 83
{
+ − 84
$pending[] = $mr;
+ − 85
if ( $mr['user_id'] == $session->user_id )
+ − 86
{
+ − 87
$is_pending = true;
+ − 88
}
+ − 89
}
+ − 90
else
+ − 91
{
+ − 92
$members[] = $mr;
+ − 93
if ( $mr['user_id'] == $session->user_id )
+ − 94
{
+ − 95
$is_member = true;
+ − 96
if ( $mr['is_mod'] == 1 )
+ − 97
{
+ − 98
$is_mod = true;
+ − 99
}
+ − 100
}
+ − 101
}
+ − 102
}
+ − 103
+ − 104
$status = ( $is_member && $is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 105
? $lang->get('groupcp_status_mod')
0
+ − 106
: ( ( $is_member && !$is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 107
? $lang->get('groupcp_status_member')
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 108
: $lang->get('groupcp_status_not_member')
0
+ − 109
);
+ − 110
+ − 111
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN );
+ − 112
+ − 113
switch ( $row['group_type'] )
+ − 114
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 115
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 116
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 117
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 118
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break;
0
+ − 119
}
+ − 120
+ − 121
if ( isset($_GET['act']) && $can_do_admin_stuff )
+ − 122
{
+ − 123
switch($_GET['act'])
+ − 124
{
+ − 125
case 'update':
+ − 126
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 127
{
+ − 128
die_friendly('ERROR', '<p>Hacking attempt</p>');
+ − 129
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 130
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 131
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 132
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 133
$error = false;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 134
if ( $db->numrows() < 1 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 135
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 137
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 138
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 139
$r = $db->fetchrow();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 140
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 141
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 142
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 143
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 144
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 145
if ( !$error )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 146
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 147
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 148
if (!$q)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 149
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 150
$row['group_type'] = $_POST['group_state'];
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 151
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 152
}
0
+ − 153
break;
+ − 154
case 'adduser':
+ − 155
$username = $_POST['add_username'];
+ − 156
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
+ − 157
+ − 158
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
+ − 159
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 160
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 161
if ($db->numrows() < 1)
+ − 162
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 163
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>';
0
+ − 164
break;
+ − 165
}
+ − 166
$r = $db->fetchrow();
+ − 167
$db->free_result();
+ − 168
$uid = intval($r['user_id']);
+ − 169
+ − 170
// Check if the user is already in the group, and if so, only update modship
+ − 171
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
+ − 172
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 173
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 174
if ( $db->numrows() > 0 )
+ − 175
{
+ − 176
$r = $db->fetchrow();
+ − 177
if ( (string) $r['is_mod'] != $mod )
+ − 178
{
+ − 179
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
+ − 180
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 181
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 182
foreach ( $members as $i => $member )
+ − 183
{
+ − 184
if ( $member['member_id'] == $r['member_id'] )
+ − 185
$members[$i]['is_mod'] = (int)$mod;
+ − 186
}
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 187
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>';
0
+ − 188
}
+ − 189
else
+ − 190
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 191
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>';
0
+ − 192
}
+ − 193
break;
+ − 194
}
+ − 195
+ − 196
$db->free_result();
+ − 197
+ − 198
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
+ − 199
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 200
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 201
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>';
0
+ − 202
322
+ − 203
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 204
FROM '.table_prefix.'users AS u
+ − 205
LEFT JOIN '.table_prefix.'group_members AS m
+ − 206
ON ( m.user_id = u.user_id )
+ − 207
LEFT JOIN '.table_prefix.'comments AS c
+ − 208
ON ( c.name = u.username )
+ − 209
WHERE m.group_id=' . $gid . '
+ − 210
AND m.pending!=1
+ − 211
AND u.user_id=' . $uid . '
322
+ − 212
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 213
ORDER BY m.is_mod DESC,u.username ASC
+ − 214
LIMIT 1;');
+ − 215
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 216
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 217
+ − 218
$r = $db->fetchrow();
+ − 219
$members[] = $r;
+ − 220
$db->free_result();
+ − 221
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 222
// just added a user to the group, so regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 223
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 224
0
+ − 225
break;
+ − 226
case 'del_users':
+ − 227
foreach ( $members as $i => $member )
+ − 228
{
+ − 229
if ( isset($_POST['del_user'][$member['member_id']]) )
+ − 230
{
+ − 231
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 232
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 233
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 234
unset($members[$i]);
+ − 235
}
+ − 236
}
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 237
// regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 238
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 239
0
+ − 240
break;
+ − 241
case 'pending':
+ − 242
foreach ( $pending as $i => $member )
+ − 243
{
+ − 244
if ( isset( $_POST['with_user'][$member['member_id']]) )
+ − 245
{
+ − 246
if ( isset ( $_POST['do_appr_pending'] ) )
+ − 247
{
+ − 248
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
+ − 249
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 250
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 251
$members[] = $member;
+ − 252
unset($pending[$i]);
+ − 253
continue;
+ − 254
}
+ − 255
elseif ( isset ( $_POST['do_reject_pending'] ) )
+ − 256
{
+ − 257
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 258
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 259
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 260
unset($pending[$i]);
+ − 261
}
+ − 262
}
+ − 263
}
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 264
// memberships updated/changed, regenerate ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 265
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 266
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 267
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>';
0
+ − 268
break;
+ − 269
}
+ − 270
}
+ − 271
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 272
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff )
0
+ − 273
{
+ − 274
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
+ − 275
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 276
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 277
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>';
0
+ − 278
322
+ − 279
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 280
FROM '.table_prefix.'users AS u
+ − 281
LEFT JOIN '.table_prefix.'group_members AS m
+ − 282
ON ( m.user_id = u.user_id )
+ − 283
LEFT JOIN '.table_prefix.'comments AS c
+ − 284
ON ( c.name = u.username )
+ − 285
WHERE m.group_id=' . $gid . '
+ − 286
AND m.pending!=1
+ − 287
AND u.user_id=' . $session->user_id . '
322
+ − 288
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 289
ORDER BY m.is_mod DESC,u.username ASC
+ − 290
LIMIT 1;');
+ − 291
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 292
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 293
+ − 294
$r = $db->fetchrow();
+ − 295
$members[] = $r;
+ − 296
$db->free_result();
+ − 297
+ − 298
}
+ − 299
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 300
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff )
0
+ − 301
{
+ − 302
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
+ − 303
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 304
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 305
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>';
0
+ − 306
}
+ − 307
+ − 308
$state_btns = ( $can_do_admin_stuff ) ?
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 309
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 310
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 311
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 312
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>'
0
+ − 313
: $g_state;
+ − 314
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member )
+ − 315
{
+ − 316
if ( $is_pending )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 317
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending');
0
+ − 318
else
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 319
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />';
0
+ − 320
}
+ − 321
+ − 322
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member )
+ − 323
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 324
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />';
0
+ − 325
}
+ − 326
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 327
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 328
$str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 329
if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 330
$row['group_name'] = $str;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 331
0
+ − 332
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data">
+ − 333
<div class="tblholder">
+ − 334
<table border="0" cellspacing="1" cellpadding="4">
+ − 335
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 336
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th>
0
+ − 337
</tr>
+ − 338
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 339
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 340
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td>
0
+ − 341
</tr>
+ − 342
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 343
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td>
0
+ − 344
<td class="row1">' . $status . '</td>
+ − 345
</tr>
+ − 346
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 347
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td>
0
+ − 348
<td class="row1">' . $state_btns . '</td>
+ − 349
</tr>
+ − 350
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? '
+ − 351
<tr>
+ − 352
<th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 353
<input type="submit" value="' . $lang->get('etc_save_changes') . '" />
0
+ − 354
</th>
+ − 355
</tr>
+ − 356
' : '' ) . '
+ − 357
</table>
+ − 358
</div>
+ − 359
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 360
</form>';
+ − 361
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff )
+ − 362
{
+ − 363
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data">
+ − 364
<input name="group_id" value="' . $gid . '" type="hidden" />
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 365
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2>
0
+ − 366
<div class="tblholder">
+ − 367
<table border="0" cellspacing="1" cellpadding="4">
+ − 368
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 369
<th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 370
<th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 371
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 372
<th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 373
<th>' . $lang->get('groupcp_th_select') . '</th>
0
+ − 374
</tr>';
+ − 375
$cls = 'row2';
+ − 376
foreach ( $pending as $member )
+ − 377
{
+ − 378
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 379
$date = enano_date(ED_DATE, $member['reg_time']);
0
+ − 380
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 381
$addy = $email->encryptEmail($member['email']);
+ − 382
+ − 383
echo "<tr>
+ − 384
<td class='{$cls}'>{$member['username']}</td>
+ − 385
<td class='{$cls}'>{$addy}</td>
+ − 386
<td class='{$cls}'>{$date}</td>
322
+ − 387
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 388
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td>
+ − 389
</tr>";
+ − 390
}
+ − 391
echo '</table>
+ − 392
</div>
+ − 393
<div style="margin: 10px 0 0 auto;">
+ − 394
With selected:
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 395
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" />
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 396
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" />
0
+ − 397
</div>
+ − 398
</form>';
+ − 399
}
+ − 400
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 401
<h2>' . $lang->get('groupcp_th_group_members') . '</h2>
0
+ − 402
<div class="tblholder">
+ − 403
<table border="0" cellspacing="1" cellpadding="4">
+ − 404
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 405
<th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 406
<th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 407
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 408
<th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 409
' . ( ( $can_do_admin_stuff ) ? '
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 410
<th>' . $lang->get('groupcp_th_remove') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 411
' : '' ) . '
0
+ − 412
</tr>
+ − 413
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 414
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th>
0
+ − 415
</tr>';
+ − 416
$mod_printed = false;
+ − 417
$mem_printed = false;
+ − 418
$cls = 'row2';
+ − 419
+ − 420
foreach ( $members as $member )
+ − 421
{
+ − 422
if ( $member['is_mod'] != 1 )
+ − 423
break;
+ − 424
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 425
$date = enano_date(ED_DATE, $member['reg_time']);
0
+ − 426
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 427
$addy = $email->encryptEmail($member['email']);
+ − 428
+ − 429
$mod_printed = true;
+ − 430
+ − 431
echo "<tr>
+ − 432
<td class='{$cls}'>{$member['username']}</td>
+ − 433
<td class='{$cls}'>{$addy}</td>
+ − 434
<td class='{$cls}'>{$date}</td>
322
+ − 435
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 436
" . ( ( $can_do_admin_stuff ) ? "
+ − 437
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 438
" : '' ) . "
+ − 439
</tr>";
+ − 440
}
+ − 441
if (!$mod_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 442
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>';
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 443
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>';
0
+ − 444
foreach ( $members as $member )
+ − 445
{
+ − 446
if ( $member['is_mod'] == 1 )
+ − 447
continue;
+ − 448
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 449
$date = enano_date(ED_DATE, $member['reg_time']);
0
+ − 450
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 451
$addy = $email->encryptEmail($member['email']);
+ − 452
+ − 453
$mem_printed = true;
+ − 454
+ − 455
echo "<tr>
+ − 456
<td class='{$cls}'>{$member['username']}</td>
+ − 457
<td class='{$cls}'>{$addy}</td>
+ − 458
<td class='{$cls}'>{$date}</td>
322
+ − 459
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 460
" . ( ( $can_do_admin_stuff ) ? "
+ − 461
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 462
" : '' ) . "
+ − 463
</tr>";
+ − 464
}
+ − 465
if (!$mem_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 466
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>';
0
+ − 467
echo ' </table>
+ − 468
</div>';
+ − 469
if ( $can_do_admin_stuff )
+ − 470
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 471
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>";
0
+ − 472
}
+ − 473
echo '<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 474
</form>';
+ − 475
if ( $can_do_admin_stuff )
+ − 476
{
+ − 477
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;">
+ − 478
<div class="tblholder">
+ − 479
<table border="0" cellspacing="1" cellpadding="4">
+ − 480
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 481
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th>
0
+ − 482
</tr>
+ − 483
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 484
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td>
0
+ − 485
</tr>
+ − 486
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 487
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td>
0
+ − 488
</tr>
+ − 489
<tr>
+ − 490
<th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 491
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" />
0
+ − 492
</th>
+ − 493
</tr>
+ − 494
</table>
+ − 495
</div>
+ − 496
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 497
</form>';
+ − 498
}
+ − 499
}
+ − 500
else
+ − 501
{
+ − 502
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 503
echo '<div class="tblholder">
+ − 504
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 505
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 506
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th>
0
+ − 507
</tr>
+ − 508
<tr>
30
+ − 509
<td class="row2" style="text-align: right; width: 50%;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 510
' . $lang->get('groupcp_lbl_current_memberships') . '
0
+ − 511
</td>
30
+ − 512
<td class="row1" style="width: 50%;">';
0
+ − 513
$taboo = Array('Everyone');
30
+ − 514
if ( sizeof ( $session->groups ) > count($taboo) )
0
+ − 515
{
+ − 516
echo '<select name="group_id">';
+ − 517
foreach ( $session->groups as $id => $group )
+ − 518
{
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 519
$taboo[] = $db->escape($group);
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 520
$group = htmlspecialchars($group);
0
+ − 521
if ( $group != 'Everyone' )
+ − 522
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 523
$g_name_local = 'groupcp_grp_' . strtolower($group);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 524
$str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 525
if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 526
$group = $str;
0
+ − 527
echo '<option value="' . $id . '">' . $group . '</option>';
+ − 528
}
+ − 529
}
+ − 530
echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 531
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />';
0
+ − 532
}
+ − 533
else
+ − 534
{
+ − 535
echo 'None';
+ − 536
}
+ − 537
+ − 538
echo '</td>
+ − 539
</tr>';
+ − 540
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\'';
+ − 541
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;');
+ − 542
if(!$q)
+ − 543
{
+ − 544
echo $db->get_error();
+ − 545
$template->footer();
+ − 546
return;
+ − 547
}
+ − 548
if($db->numrows() > 0)
+ − 549
{
+ − 550
echo '<tr>
+ − 551
<td class="row2" style="text-align: right;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 552
' . $lang->get('groupcp_lbl_non_memberships') . '
0
+ − 553
</td>
+ − 554
<td class="row1">
+ − 555
<select name="group_id_n">';
+ − 556
while ( $row = $db->fetchrow() )
+ − 557
{
+ − 558
if ( $row['group_name'] != 'Everyone' )
+ − 559
{
357
+ − 560
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>';
0
+ − 561
}
+ − 562
}
+ − 563
echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 564
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" />
0
+ − 565
</td>
+ − 566
</tr>
+ − 567
';
+ − 568
}
+ − 569
$db->free_result();
+ − 570
echo '</table>
+ − 571
</div>
+ − 572
</form>';
+ − 573
}
+ − 574
$template->footer();
+ − 575
}
+ − 576
+ − 577
?>