0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Group control panel
36
+ − 4
Plugin URI: http://enanocms.org/
0
+ − 5
Description: Provides group moderators and site administrators with the ability to control who is part of their groups.
+ − 6
Author: Dan Fuhry
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
diff
changeset
+ − 7
Version: 1.0.2
36
+ − 8
Author URI: http://enanocms.org/
0
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
diff
changeset
+ − 13
* Version 1.0.2
0
+ − 14
* Copyright (C) 2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
$plugins->attachHook('base_classes_initted', '
+ − 24
global $paths;
+ − 25
$paths->add_page(Array(
+ − 26
\'name\'=>\'Group Membership\',
+ − 27
\'urlname\'=>\'Usergroups\',
+ − 28
\'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 29
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 30
));
+ − 31
');
+ − 32
+ − 33
function page_Special_Usergroups()
+ − 34
{
+ − 35
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 36
global $email; // Import e-mail encryption functions
+ − 37
+ − 38
if ( !$session->user_logged_in )
+ − 39
{
+ − 40
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page));
+ − 41
$db->close();
+ − 42
exit;
+ − 43
}
+ − 44
+ − 45
$template->header();
+ − 46
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) )
+ − 47
{
+ − 48
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
+ − 49
if ( empty($gid) || $gid < 1 )
+ − 50
{
+ − 51
die_friendly('Error', '<p>Hacking attempt</p>');
+ − 52
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 53
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
0
+ − 54
if ( !$q )
+ − 55
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 56
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 57
}
+ − 58
$row = $db->fetchrow();
+ − 59
$db->free_result();
+ − 60
$members = array();
+ − 61
$pending = array();
+ − 62
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id)
+ − 63
FROM '.table_prefix.'users AS u
+ − 64
LEFT JOIN '.table_prefix.'group_members AS m
+ − 65
ON ( m.user_id = u.user_id )
+ − 66
LEFT JOIN '.table_prefix.'comments AS c
+ − 67
ON ( c.name = u.username )
+ − 68
WHERE m.group_id=' . $gid . '
+ − 69
GROUP BY u.user_id
+ − 70
ORDER BY m.is_mod DESC,u.username ASC;');
+ − 71
if ( !$q )
+ − 72
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 73
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 74
}
+ − 75
+ − 76
$is_member = false;
+ − 77
$is_mod = false;
+ − 78
$is_pending = false;
+ − 79
+ − 80
while ( $mr = $db->fetchrow() )
+ − 81
{
+ − 82
if ( $mr['pending'] == 1 )
+ − 83
{
+ − 84
$pending[] = $mr;
+ − 85
if ( $mr['user_id'] == $session->user_id )
+ − 86
{
+ − 87
$is_pending = true;
+ − 88
}
+ − 89
}
+ − 90
else
+ − 91
{
+ − 92
$members[] = $mr;
+ − 93
if ( $mr['user_id'] == $session->user_id )
+ − 94
{
+ − 95
$is_member = true;
+ − 96
if ( $mr['is_mod'] == 1 )
+ − 97
{
+ − 98
$is_mod = true;
+ − 99
}
+ − 100
}
+ − 101
}
+ − 102
}
+ − 103
+ − 104
$status = ( $is_member && $is_mod )
+ − 105
? 'You are a moderator of this group.'
+ − 106
: ( ( $is_member && !$is_mod )
+ − 107
? 'You are a member of this group.'
+ − 108
: 'You are not a member of this group.'
+ − 109
);
+ − 110
+ − 111
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN );
+ − 112
+ − 113
switch ( $row['group_type'] )
+ − 114
{
+ − 115
case GROUP_HIDDEN: $g_state = 'Hidden group'; break;
+ − 116
case GROUP_CLOSED: $g_state = 'Closed group'; break;
+ − 117
case GROUP_REQUEST: $g_state = 'Members can request to join'; break;
+ − 118
case GROUP_OPEN: $g_state = 'Anyone can join'; break;
+ − 119
}
+ − 120
+ − 121
if ( isset($_GET['act']) && $can_do_admin_stuff )
+ − 122
{
+ − 123
switch($_GET['act'])
+ − 124
{
+ − 125
case 'update':
+ − 126
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 127
{
+ − 128
die_friendly('ERROR', '<p>Hacking attempt</p>');
+ − 129
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 130
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 131
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 132
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 133
$error = false;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 134
if ( $db->numrows() < 1 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 135
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 137
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 138
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 139
$r = $db->fetchrow();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 140
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 141
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 142
echo '<div class="error-box" style="margin-left: 0;">Because this is a system group, you can\'t make it open or allow membership requests.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 143
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 144
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 145
if ( !$error )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 146
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 147
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 148
if (!$q)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 149
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 150
$row['group_type'] = $_POST['group_state'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 151
echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 152
}
0
+ − 153
break;
+ − 154
case 'adduser':
+ − 155
$username = $_POST['add_username'];
+ − 156
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
+ − 157
+ − 158
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
+ − 159
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 160
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 161
if ($db->numrows() < 1)
+ − 162
{
+ − 163
echo '<div class="error-box">The username you entered could not be found.</div>';
+ − 164
break;
+ − 165
}
+ − 166
$r = $db->fetchrow();
+ − 167
$db->free_result();
+ − 168
$uid = intval($r['user_id']);
+ − 169
+ − 170
// Check if the user is already in the group, and if so, only update modship
+ − 171
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
+ − 172
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 173
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 174
if ( $db->numrows() > 0 )
+ − 175
{
+ − 176
$r = $db->fetchrow();
+ − 177
if ( (string) $r['is_mod'] != $mod )
+ − 178
{
+ − 179
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
+ − 180
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 181
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 182
foreach ( $members as $i => $member )
+ − 183
{
+ − 184
if ( $member['member_id'] == $r['member_id'] )
+ − 185
$members[$i]['is_mod'] = (int)$mod;
+ − 186
}
+ − 187
echo '<div class="info-box">The user "' . $username . '" is already in this group, so their moderator status was updated.</div>';
+ − 188
}
+ − 189
else
+ − 190
{
+ − 191
echo '<div class="info-box">The user "' . $username . '" is already in this group.</div>';
+ − 192
}
+ − 193
break;
+ − 194
}
+ − 195
+ − 196
$db->free_result();
+ − 197
+ − 198
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
+ − 199
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 200
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 201
echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>';
+ − 202
+ − 203
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
+ − 204
FROM '.table_prefix.'users AS u
+ − 205
LEFT JOIN '.table_prefix.'group_members AS m
+ − 206
ON ( m.user_id = u.user_id )
+ − 207
LEFT JOIN '.table_prefix.'comments AS c
+ − 208
ON ( c.name = u.username )
+ − 209
WHERE m.group_id=' . $gid . '
+ − 210
AND m.pending!=1
+ − 211
AND u.user_id=' . $uid . '
+ − 212
GROUP BY u.user_id
+ − 213
ORDER BY m.is_mod DESC,u.username ASC
+ − 214
LIMIT 1;');
+ − 215
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 216
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 217
+ − 218
$r = $db->fetchrow();
+ − 219
$members[] = $r;
+ − 220
$db->free_result();
+ − 221
+ − 222
break;
+ − 223
case 'del_users':
+ − 224
foreach ( $members as $i => $member )
+ − 225
{
+ − 226
if ( isset($_POST['del_user'][$member['member_id']]) )
+ − 227
{
+ − 228
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 229
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 230
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 231
unset($members[$i]);
+ − 232
}
+ − 233
}
+ − 234
break;
+ − 235
case 'pending':
+ − 236
foreach ( $pending as $i => $member )
+ − 237
{
+ − 238
if ( isset( $_POST['with_user'][$member['member_id']]) )
+ − 239
{
+ − 240
if ( isset ( $_POST['do_appr_pending'] ) )
+ − 241
{
+ − 242
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
+ − 243
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 244
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 245
$members[] = $member;
+ − 246
unset($pending[$i]);
+ − 247
continue;
+ − 248
}
+ − 249
elseif ( isset ( $_POST['do_reject_pending'] ) )
+ − 250
{
+ − 251
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 252
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 253
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 254
unset($pending[$i]);
+ − 255
}
+ − 256
}
+ − 257
}
+ − 258
echo '<div class="info-box">Pending members status updated successfully.</div>';
+ − 259
break;
+ − 260
}
+ − 261
}
+ − 262
+ − 263
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN )
+ − 264
{
+ − 265
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
+ − 266
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 267
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 268
echo '<div class="info-box">You have been added to this group.</div>';
+ − 269
+ − 270
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
+ − 271
FROM '.table_prefix.'users AS u
+ − 272
LEFT JOIN '.table_prefix.'group_members AS m
+ − 273
ON ( m.user_id = u.user_id )
+ − 274
LEFT JOIN '.table_prefix.'comments AS c
+ − 275
ON ( c.name = u.username )
+ − 276
WHERE m.group_id=' . $gid . '
+ − 277
AND m.pending!=1
+ − 278
AND u.user_id=' . $session->user_id . '
+ − 279
GROUP BY u.user_id
+ − 280
ORDER BY m.is_mod DESC,u.username ASC
+ − 281
LIMIT 1;');
+ − 282
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 283
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 284
+ − 285
$r = $db->fetchrow();
+ − 286
$members[] = $r;
+ − 287
$db->free_result();
+ − 288
+ − 289
}
+ − 290
+ − 291
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending )
+ − 292
{
+ − 293
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
+ − 294
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 295
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 296
echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>';
+ − 297
}
+ − 298
+ − 299
$state_btns = ( $can_do_admin_stuff ) ?
+ − 300
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label>
+ − 301
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> Closed group</label>
+ − 302
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> Members can request to join</label>
+ − 303
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> Anybody can join</label>'
+ − 304
: $g_state;
+ − 305
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member )
+ − 306
{
+ − 307
if ( $is_pending )
+ − 308
$state_btns .= ' (Your request to join is awaiting approval)';
+ − 309
else
+ − 310
$state_btns .= ' <input type="submit" value="Request membership" />';
+ − 311
}
+ − 312
+ − 313
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member )
+ − 314
{
+ − 315
$state_btns .= ' <input type="submit" value="Join this group" />';
+ − 316
}
+ − 317
+ − 318
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data">
+ − 319
<div class="tblholder">
+ − 320
<table border="0" cellspacing="1" cellpadding="4">
+ − 321
<tr>
+ − 322
<th colspan="2">Group information</th>
+ − 323
</tr>
+ − 324
<tr>
+ − 325
<td class="row2">Group name:</td>
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 326
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' (system group)' : '' ) . '</td>
0
+ − 327
</tr>
+ − 328
<tr>
+ − 329
<td class="row2">Membership status:</td>
+ − 330
<td class="row1">' . $status . '</td>
+ − 331
</tr>
+ − 332
<tr>
+ − 333
<td class="row2">Group state:</td>
+ − 334
<td class="row1">' . $state_btns . '</td>
+ − 335
</tr>
+ − 336
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? '
+ − 337
<tr>
+ − 338
<th class="subhead" colspan="2">
+ − 339
<input type="submit" value="Save changes" />
+ − 340
</th>
+ − 341
</tr>
+ − 342
' : '' ) . '
+ − 343
</table>
+ − 344
</div>
+ − 345
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 346
</form>';
+ − 347
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff )
+ − 348
{
+ − 349
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data">
+ − 350
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 351
<h2>Pending memberships</h2>
+ − 352
<div class="tblholder">
+ − 353
<table border="0" cellspacing="1" cellpadding="4">
+ − 354
<tr>
+ − 355
<th>Username</th>
+ − 356
<th>E-mail</th>
+ − 357
<th>Registered</th>
+ − 358
<th>Total comments</th>
+ − 359
<th>Select</th>
+ − 360
</tr>';
+ − 361
$cls = 'row2';
+ − 362
foreach ( $pending as $member )
+ − 363
{
+ − 364
+ − 365
$date = date('F d, Y', $member['reg_time']);
+ − 366
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 367
$addy = $email->encryptEmail($member['email']);
+ − 368
+ − 369
echo "<tr>
+ − 370
<td class='{$cls}'>{$member['username']}</td>
+ − 371
<td class='{$cls}'>{$addy}</td>
+ − 372
<td class='{$cls}'>{$date}</td>
+ − 373
<td class='{$cls}'>{$member['COUNT(c.comment_id)']}</td>
+ − 374
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td>
+ − 375
</tr>";
+ − 376
}
+ − 377
echo '</table>
+ − 378
</div>
+ − 379
<div style="margin: 10px 0 0 auto;">
+ − 380
With selected:
+ − 381
<input type="submit" name="do_appr_pending" value="Approve membership" />
+ − 382
<input type="submit" name="do_reject_pending" value="Reject membership" />
+ − 383
</div>
+ − 384
</form>';
+ − 385
}
+ − 386
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data">
+ − 387
<h2>Group members</h2>
+ − 388
<div class="tblholder">
+ − 389
<table border="0" cellspacing="1" cellpadding="4">
+ − 390
<tr>
+ − 391
<th>Username</th>
+ − 392
<th>E-mail</th>
+ − 393
<th>Registered</th>
+ − 394
<th>Total comments</th>
+ − 395
' . ( ( $can_do_admin_stuff ) ? "
+ − 396
<th>Remove?</th>
+ − 397
" : '' ) . '
+ − 398
</tr>
+ − 399
<tr>
+ − 400
<th colspan="5" class="subhead">Group moderators</th>
+ − 401
</tr>';
+ − 402
$mod_printed = false;
+ − 403
$mem_printed = false;
+ − 404
$cls = 'row2';
+ − 405
+ − 406
foreach ( $members as $member )
+ − 407
{
+ − 408
if ( $member['is_mod'] != 1 )
+ − 409
break;
+ − 410
+ − 411
$date = date('F d, Y', $member['reg_time']);
+ − 412
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 413
$addy = $email->encryptEmail($member['email']);
+ − 414
+ − 415
$mod_printed = true;
+ − 416
+ − 417
echo "<tr>
+ − 418
<td class='{$cls}'>{$member['username']}</td>
+ − 419
<td class='{$cls}'>{$addy}</td>
+ − 420
<td class='{$cls}'>{$date}</td>
+ − 421
<td class='{$cls}'>{$member['COUNT(c.comment_id)']}</td>
+ − 422
" . ( ( $can_do_admin_stuff ) ? "
+ − 423
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 424
" : '' ) . "
+ − 425
</tr>";
+ − 426
}
+ − 427
if (!$mod_printed)
+ − 428
echo '<tr><td class="' . $cls . '" colspan="5">This group has no moderators.</td></th>';
+ − 429
echo '<tr><th class="subhead" colspan="5">Group members</th></tr>';
+ − 430
foreach ( $members as $member )
+ − 431
{
+ − 432
if ( $member['is_mod'] == 1 )
+ − 433
continue;
+ − 434
+ − 435
$date = date('F d, Y', $member['reg_time']);
+ − 436
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 437
$addy = $email->encryptEmail($member['email']);
+ − 438
+ − 439
$mem_printed = true;
+ − 440
+ − 441
echo "<tr>
+ − 442
<td class='{$cls}'>{$member['username']}</td>
+ − 443
<td class='{$cls}'>{$addy}</td>
+ − 444
<td class='{$cls}'>{$date}</td>
+ − 445
<td class='{$cls}'>{$member['COUNT(c.comment_id)']}</td>
+ − 446
" . ( ( $can_do_admin_stuff ) ? "
+ − 447
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 448
" : '' ) . "
+ − 449
</tr>";
+ − 450
}
+ − 451
if (!$mem_printed)
+ − 452
echo '<tr><td class="' . $cls . '" colspan="5">This group has no members.</td></th>';
+ − 453
echo ' </table>
+ − 454
</div>';
+ − 455
if ( $can_do_admin_stuff )
+ − 456
{
+ − 457
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value='Remove selected users' /></div>";
+ − 458
}
+ − 459
echo '<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 460
</form>';
+ − 461
if ( $can_do_admin_stuff )
+ − 462
{
+ − 463
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;">
+ − 464
<div class="tblholder">
+ − 465
<table border="0" cellspacing="1" cellpadding="4">
+ − 466
<tr>
+ − 467
<th colspan="2">Add a new member to this group</th>
+ − 468
</tr>
+ − 469
<tr>
+ − 470
<td class="row2">Username:</td><td class="row1">' . $template->username_field('add_username') . '</td>
+ − 471
</tr>
+ − 472
<tr>
+ − 473
<td class="row2">Group moderator:</td><td class="row1"><label><input type="checkbox" name="add_mod" /> User is a group moderator</label></td>
+ − 474
</tr>
+ − 475
<tr>
+ − 476
<th class="subhead" colspan="2">
+ − 477
<input type="submit" value="Add member" />
+ − 478
</th>
+ − 479
</tr>
+ − 480
</table>
+ − 481
</div>
+ − 482
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 483
</form>';
+ − 484
}
+ − 485
}
+ − 486
else
+ − 487
{
+ − 488
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 489
echo '<div class="tblholder">
+ − 490
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 491
<tr>
+ − 492
<th colspan="2">Group membership details</th>
+ − 493
</tr>
+ − 494
<tr>
30
+ − 495
<td class="row2" style="text-align: right; width: 50%;">
0
+ − 496
Current group memberships:
+ − 497
</td>
30
+ − 498
<td class="row1" style="width: 50%;">';
0
+ − 499
$taboo = Array('Everyone');
30
+ − 500
if ( sizeof ( $session->groups ) > count($taboo) )
0
+ − 501
{
+ − 502
echo '<select name="group_id">';
+ − 503
foreach ( $session->groups as $id => $group )
+ − 504
{
+ − 505
$taboo[] = $group;
+ − 506
if ( $group != 'Everyone' )
+ − 507
{
+ − 508
echo '<option value="' . $id . '">' . $group . '</option>';
+ − 509
}
+ − 510
}
+ − 511
echo '</select>
+ − 512
<input type="submit" name="do_view" value="View information" />';
+ − 513
}
+ − 514
else
+ − 515
{
+ − 516
echo 'None';
+ − 517
}
+ − 518
+ − 519
echo '</td>
+ − 520
</tr>';
+ − 521
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\'';
+ − 522
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;');
+ − 523
if(!$q)
+ − 524
{
+ − 525
echo $db->get_error();
+ − 526
$template->footer();
+ − 527
return;
+ − 528
}
+ − 529
if($db->numrows() > 0)
+ − 530
{
+ − 531
echo '<tr>
+ − 532
<td class="row2" style="text-align: right;">
+ − 533
Non-memberships:
+ − 534
</td>
+ − 535
<td class="row1">
+ − 536
<select name="group_id_n">';
+ − 537
while ( $row = $db->fetchrow() )
+ − 538
{
+ − 539
if ( $row['group_name'] != 'Everyone' )
+ − 540
{
+ − 541
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+ − 542
}
+ − 543
}
+ − 544
echo '</select>
+ − 545
<input type="submit" name="do_view_n" value="View information" />
+ − 546
</td>
+ − 547
</tr>
+ − 548
';
+ − 549
}
+ − 550
$db->free_result();
+ − 551
echo '</table>
+ − 552
</div>
+ − 553
</form>';
+ − 554
}
+ − 555
$template->footer();
+ − 556
}
+ − 557
+ − 558
?>