0
+ − 1
<?php
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 2
/**!info**
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 3
{
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 4
"Plugin Name" : "plugin_specialgroups_title",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 5
"Plugin URI" : "http://enanocms.org/",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 6
"Description" : "plugin_specialgroups_desc",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 7
"Author" : "Dan Fuhry",
564
a1c450a911a6
Updated version number metadata in system plugin files; added some comments and removed unused code from index.php and includes/graphs.php
Dan
diff
changeset
+ − 8
"Version" : "1.1.4",
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 9
"Author URI" : "http://enanocms.org/"
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 10
}
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 11
**!*/
0
+ − 12
+ − 13
/*
+ − 14
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
+ − 15
* Version 1.1.4 (Caoineag alpha 4)
0
+ − 16
* Copyright (C) 2007 Dan Fuhry
+ − 17
*
+ − 18
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 19
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 20
*
+ − 21
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 22
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 23
*/
+ − 24
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 25
// $plugins->attachHook('session_started', 'SpecialGroups_paths_init();');
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 26
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 27
function SpecialGroups_paths_init()
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 28
{
0
+ − 29
global $paths;
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 30
$paths->add_page(Array(
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 31
'name'=>'specialpage_groupcp',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 32
'urlname'=>'Usergroups',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 33
'namespace'=>'Special',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 34
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'',
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 35
));
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 36
}
0
+ − 37
+ − 38
function page_Special_Usergroups()
+ − 39
{
+ − 40
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 41
global $email; // Import e-mail encryption functions
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 42
global $lang;
0
+ − 43
+ − 44
if ( !$session->user_logged_in )
+ − 45
{
+ − 46
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page));
+ − 47
$db->close();
+ − 48
exit;
+ − 49
}
+ − 50
+ − 51
$template->header();
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 52
userprefs_show_menu();
0
+ − 53
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) )
+ − 54
{
+ − 55
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
+ − 56
if ( empty($gid) || $gid < 1 )
+ − 57
{
+ − 58
die_friendly('Error', '<p>Hacking attempt</p>');
+ − 59
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 60
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
0
+ − 61
if ( !$q )
+ − 62
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 63
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 64
}
+ − 65
$row = $db->fetchrow();
+ − 66
$db->free_result();
+ − 67
$members = array();
+ − 68
$pending = array();
322
+ − 69
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments
0
+ − 70
FROM '.table_prefix.'users AS u
+ − 71
LEFT JOIN '.table_prefix.'group_members AS m
+ − 72
ON ( m.user_id = u.user_id )
+ − 73
LEFT JOIN '.table_prefix.'comments AS c
+ − 74
ON ( c.name = u.username )
+ − 75
WHERE m.group_id=' . $gid . '
322
+ − 76
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending
0
+ − 77
ORDER BY m.is_mod DESC,u.username ASC;');
+ − 78
if ( !$q )
+ − 79
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 80
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 81
}
+ − 82
+ − 83
$is_member = false;
+ − 84
$is_mod = false;
+ − 85
$is_pending = false;
+ − 86
+ − 87
while ( $mr = $db->fetchrow() )
+ − 88
{
+ − 89
if ( $mr['pending'] == 1 )
+ − 90
{
+ − 91
$pending[] = $mr;
+ − 92
if ( $mr['user_id'] == $session->user_id )
+ − 93
{
+ − 94
$is_pending = true;
+ − 95
}
+ − 96
}
+ − 97
else
+ − 98
{
+ − 99
$members[] = $mr;
+ − 100
if ( $mr['user_id'] == $session->user_id )
+ − 101
{
+ − 102
$is_member = true;
+ − 103
if ( $mr['is_mod'] == 1 )
+ − 104
{
+ − 105
$is_mod = true;
+ − 106
}
+ − 107
}
+ − 108
}
+ − 109
}
+ − 110
+ − 111
$status = ( $is_member && $is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 112
? $lang->get('groupcp_status_mod')
0
+ − 113
: ( ( $is_member && !$is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 114
? $lang->get('groupcp_status_member')
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 115
: $lang->get('groupcp_status_not_member')
0
+ − 116
);
+ − 117
+ − 118
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN );
+ − 119
+ − 120
switch ( $row['group_type'] )
+ − 121
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 122
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 123
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 124
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 125
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break;
0
+ − 126
}
+ − 127
+ − 128
if ( isset($_GET['act']) && $can_do_admin_stuff )
+ − 129
{
+ − 130
switch($_GET['act'])
+ − 131
{
+ − 132
case 'update':
+ − 133
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 134
{
+ − 135
die_friendly('ERROR', '<p>Hacking attempt</p>');
+ − 136
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 137
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 138
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 139
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 140
$error = false;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 141
if ( $db->numrows() < 1 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 142
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 143
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 144
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 145
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 146
$r = $db->fetchrow();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 147
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 148
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 149
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 150
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 151
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 152
if ( !$error )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 153
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 154
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 155
if (!$q)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 156
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 157
$row['group_type'] = $_POST['group_state'];
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 158
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 159
}
0
+ − 160
break;
+ − 161
case 'adduser':
+ − 162
$username = $_POST['add_username'];
+ − 163
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
+ − 164
+ − 165
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
+ − 166
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 167
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 168
if ($db->numrows() < 1)
+ − 169
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 170
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>';
0
+ − 171
break;
+ − 172
}
+ − 173
$r = $db->fetchrow();
+ − 174
$db->free_result();
+ − 175
$uid = intval($r['user_id']);
+ − 176
+ − 177
// Check if the user is already in the group, and if so, only update modship
+ − 178
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
+ − 179
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 180
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 181
if ( $db->numrows() > 0 )
+ − 182
{
+ − 183
$r = $db->fetchrow();
+ − 184
if ( (string) $r['is_mod'] != $mod )
+ − 185
{
+ − 186
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
+ − 187
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 188
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 189
foreach ( $members as $i => $member )
+ − 190
{
+ − 191
if ( $member['member_id'] == $r['member_id'] )
+ − 192
$members[$i]['is_mod'] = (int)$mod;
+ − 193
}
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 194
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>';
0
+ − 195
}
+ − 196
else
+ − 197
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 198
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>';
0
+ − 199
}
+ − 200
break;
+ − 201
}
+ − 202
+ − 203
$db->free_result();
+ − 204
+ − 205
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
+ − 206
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 207
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 208
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>';
0
+ − 209
322
+ − 210
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 211
FROM '.table_prefix.'users AS u
+ − 212
LEFT JOIN '.table_prefix.'group_members AS m
+ − 213
ON ( m.user_id = u.user_id )
+ − 214
LEFT JOIN '.table_prefix.'comments AS c
+ − 215
ON ( c.name = u.username )
+ − 216
WHERE m.group_id=' . $gid . '
+ − 217
AND m.pending!=1
+ − 218
AND u.user_id=' . $uid . '
322
+ − 219
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 220
ORDER BY m.is_mod DESC,u.username ASC
+ − 221
LIMIT 1;');
+ − 222
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 223
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 224
+ − 225
$r = $db->fetchrow();
+ − 226
$members[] = $r;
+ − 227
$db->free_result();
+ − 228
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 229
// just added a user to the group, so regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 230
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 231
0
+ − 232
break;
+ − 233
case 'del_users':
+ − 234
foreach ( $members as $i => $member )
+ − 235
{
+ − 236
if ( isset($_POST['del_user'][$member['member_id']]) )
+ − 237
{
+ − 238
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 239
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 240
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 241
unset($members[$i]);
+ − 242
}
+ − 243
}
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 244
// regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 245
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 246
0
+ − 247
break;
+ − 248
case 'pending':
+ − 249
foreach ( $pending as $i => $member )
+ − 250
{
+ − 251
if ( isset( $_POST['with_user'][$member['member_id']]) )
+ − 252
{
+ − 253
if ( isset ( $_POST['do_appr_pending'] ) )
+ − 254
{
+ − 255
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
+ − 256
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 257
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 258
$members[] = $member;
+ − 259
unset($pending[$i]);
+ − 260
continue;
+ − 261
}
+ − 262
elseif ( isset ( $_POST['do_reject_pending'] ) )
+ − 263
{
+ − 264
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 265
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 266
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 267
unset($pending[$i]);
+ − 268
}
+ − 269
}
+ − 270
}
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 271
// memberships updated/changed, regenerate ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 272
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 273
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 274
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>';
0
+ − 275
break;
+ − 276
}
+ − 277
}
+ − 278
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 279
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff )
0
+ − 280
{
+ − 281
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
+ − 282
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 283
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 284
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>';
0
+ − 285
322
+ − 286
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 287
FROM '.table_prefix.'users AS u
+ − 288
LEFT JOIN '.table_prefix.'group_members AS m
+ − 289
ON ( m.user_id = u.user_id )
+ − 290
LEFT JOIN '.table_prefix.'comments AS c
+ − 291
ON ( c.name = u.username )
+ − 292
WHERE m.group_id=' . $gid . '
+ − 293
AND m.pending!=1
+ − 294
AND u.user_id=' . $session->user_id . '
322
+ − 295
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 296
ORDER BY m.is_mod DESC,u.username ASC
+ − 297
LIMIT 1;');
+ − 298
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 299
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 300
+ − 301
$r = $db->fetchrow();
+ − 302
$members[] = $r;
+ − 303
$db->free_result();
+ − 304
+ − 305
}
+ − 306
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 307
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff )
0
+ − 308
{
+ − 309
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
+ − 310
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 311
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 312
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>';
0
+ − 313
}
+ − 314
+ − 315
$state_btns = ( $can_do_admin_stuff ) ?
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 316
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 317
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 318
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 319
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>'
0
+ − 320
: $g_state;
+ − 321
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member )
+ − 322
{
+ − 323
if ( $is_pending )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 324
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending');
0
+ − 325
else
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 326
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />';
0
+ − 327
}
+ − 328
+ − 329
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member )
+ − 330
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 331
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />';
0
+ − 332
}
+ − 333
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 334
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 335
$str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 336
if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 337
$row['group_name'] = $str;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 338
0
+ − 339
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data">
+ − 340
<div class="tblholder">
+ − 341
<table border="0" cellspacing="1" cellpadding="4">
+ − 342
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 343
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th>
0
+ − 344
</tr>
+ − 345
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 346
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 347
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td>
0
+ − 348
</tr>
+ − 349
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 350
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td>
0
+ − 351
<td class="row1">' . $status . '</td>
+ − 352
</tr>
+ − 353
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 354
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td>
0
+ − 355
<td class="row1">' . $state_btns . '</td>
+ − 356
</tr>
+ − 357
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? '
+ − 358
<tr>
+ − 359
<th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 360
<input type="submit" value="' . $lang->get('etc_save_changes') . '" />
0
+ − 361
</th>
+ − 362
</tr>
+ − 363
' : '' ) . '
+ − 364
</table>
+ − 365
</div>
+ − 366
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 367
</form>';
+ − 368
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff )
+ − 369
{
+ − 370
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data">
+ − 371
<input name="group_id" value="' . $gid . '" type="hidden" />
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 372
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2>
0
+ − 373
<div class="tblholder">
+ − 374
<table border="0" cellspacing="1" cellpadding="4">
+ − 375
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 376
<th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 377
<th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 378
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 379
<th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 380
<th>' . $lang->get('groupcp_th_select') . '</th>
0
+ − 381
</tr>';
+ − 382
$cls = 'row2';
+ − 383
foreach ( $pending as $member )
+ − 384
{
+ − 385
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 386
$date = enano_date('F d, Y', $member['reg_time']);
0
+ − 387
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 388
$addy = $email->encryptEmail($member['email']);
+ − 389
+ − 390
echo "<tr>
+ − 391
<td class='{$cls}'>{$member['username']}</td>
+ − 392
<td class='{$cls}'>{$addy}</td>
+ − 393
<td class='{$cls}'>{$date}</td>
322
+ − 394
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 395
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td>
+ − 396
</tr>";
+ − 397
}
+ − 398
echo '</table>
+ − 399
</div>
+ − 400
<div style="margin: 10px 0 0 auto;">
+ − 401
With selected:
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 402
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" />
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 403
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" />
0
+ − 404
</div>
+ − 405
</form>';
+ − 406
}
+ − 407
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 408
<h2>' . $lang->get('groupcp_th_group_members') . '</h2>
0
+ − 409
<div class="tblholder">
+ − 410
<table border="0" cellspacing="1" cellpadding="4">
+ − 411
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 412
<th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 413
<th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 414
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 415
<th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 416
' . ( ( $can_do_admin_stuff ) ? '
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 417
<th>' . $lang->get('groupcp_th_remove') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 418
' : '' ) . '
0
+ − 419
</tr>
+ − 420
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 421
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th>
0
+ − 422
</tr>';
+ − 423
$mod_printed = false;
+ − 424
$mem_printed = false;
+ − 425
$cls = 'row2';
+ − 426
+ − 427
foreach ( $members as $member )
+ − 428
{
+ − 429
if ( $member['is_mod'] != 1 )
+ − 430
break;
+ − 431
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 432
$date = enano_date('F d, Y', $member['reg_time']);
0
+ − 433
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 434
$addy = $email->encryptEmail($member['email']);
+ − 435
+ − 436
$mod_printed = true;
+ − 437
+ − 438
echo "<tr>
+ − 439
<td class='{$cls}'>{$member['username']}</td>
+ − 440
<td class='{$cls}'>{$addy}</td>
+ − 441
<td class='{$cls}'>{$date}</td>
322
+ − 442
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 443
" . ( ( $can_do_admin_stuff ) ? "
+ − 444
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 445
" : '' ) . "
+ − 446
</tr>";
+ − 447
}
+ − 448
if (!$mod_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 449
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>';
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 450
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>';
0
+ − 451
foreach ( $members as $member )
+ − 452
{
+ − 453
if ( $member['is_mod'] == 1 )
+ − 454
continue;
+ − 455
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 456
$date = enano_date('F d, Y', $member['reg_time']);
0
+ − 457
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 458
$addy = $email->encryptEmail($member['email']);
+ − 459
+ − 460
$mem_printed = true;
+ − 461
+ − 462
echo "<tr>
+ − 463
<td class='{$cls}'>{$member['username']}</td>
+ − 464
<td class='{$cls}'>{$addy}</td>
+ − 465
<td class='{$cls}'>{$date}</td>
322
+ − 466
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 467
" . ( ( $can_do_admin_stuff ) ? "
+ − 468
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 469
" : '' ) . "
+ − 470
</tr>";
+ − 471
}
+ − 472
if (!$mem_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 473
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>';
0
+ − 474
echo ' </table>
+ − 475
</div>';
+ − 476
if ( $can_do_admin_stuff )
+ − 477
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 478
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>";
0
+ − 479
}
+ − 480
echo '<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 481
</form>';
+ − 482
if ( $can_do_admin_stuff )
+ − 483
{
+ − 484
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;">
+ − 485
<div class="tblholder">
+ − 486
<table border="0" cellspacing="1" cellpadding="4">
+ − 487
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 488
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th>
0
+ − 489
</tr>
+ − 490
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 491
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td>
0
+ − 492
</tr>
+ − 493
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 494
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td>
0
+ − 495
</tr>
+ − 496
<tr>
+ − 497
<th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 498
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" />
0
+ − 499
</th>
+ − 500
</tr>
+ − 501
</table>
+ − 502
</div>
+ − 503
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 504
</form>';
+ − 505
}
+ − 506
}
+ − 507
else
+ − 508
{
+ − 509
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 510
echo '<div class="tblholder">
+ − 511
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 512
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 513
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th>
0
+ − 514
</tr>
+ − 515
<tr>
30
+ − 516
<td class="row2" style="text-align: right; width: 50%;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 517
' . $lang->get('groupcp_lbl_current_memberships') . '
0
+ − 518
</td>
30
+ − 519
<td class="row1" style="width: 50%;">';
0
+ − 520
$taboo = Array('Everyone');
30
+ − 521
if ( sizeof ( $session->groups ) > count($taboo) )
0
+ − 522
{
+ − 523
echo '<select name="group_id">';
+ − 524
foreach ( $session->groups as $id => $group )
+ − 525
{
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 526
$taboo[] = $db->escape($group);
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 527
$group = htmlspecialchars($group);
0
+ − 528
if ( $group != 'Everyone' )
+ − 529
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 530
$g_name_local = 'groupcp_grp_' . strtolower($group);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 531
$str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 532
if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 533
$group = $str;
0
+ − 534
echo '<option value="' . $id . '">' . $group . '</option>';
+ − 535
}
+ − 536
}
+ − 537
echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 538
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />';
0
+ − 539
}
+ − 540
else
+ − 541
{
+ − 542
echo 'None';
+ − 543
}
+ − 544
+ − 545
echo '</td>
+ − 546
</tr>';
+ − 547
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\'';
+ − 548
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;');
+ − 549
if(!$q)
+ − 550
{
+ − 551
echo $db->get_error();
+ − 552
$template->footer();
+ − 553
return;
+ − 554
}
+ − 555
if($db->numrows() > 0)
+ − 556
{
+ − 557
echo '<tr>
+ − 558
<td class="row2" style="text-align: right;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 559
' . $lang->get('groupcp_lbl_non_memberships') . '
0
+ − 560
</td>
+ − 561
<td class="row1">
+ − 562
<select name="group_id_n">';
+ − 563
while ( $row = $db->fetchrow() )
+ − 564
{
+ − 565
if ( $row['group_name'] != 'Everyone' )
+ − 566
{
357
+ − 567
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>';
0
+ − 568
}
+ − 569
}
+ − 570
echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 571
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" />
0
+ − 572
</td>
+ − 573
</tr>
+ − 574
';
+ − 575
}
+ − 576
$db->free_result();
+ − 577
echo '</table>
+ − 578
</div>
+ − 579
</form>';
+ − 580
}
+ − 581
$template->footer();
+ − 582
}
+ − 583
+ − 584
?>