author | Dan |
Fri, 08 Feb 2008 12:16:43 -0500 | |
changeset 405 | adb7f8de8ce1 |
parent 387 | 92664d2efab8 |
child 411 | d1a95497b68f |
permissions | -rw-r--r-- |
347 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
387
92664d2efab8
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
parents:
347
diff
changeset
|
5 |
* Version 1.1.1 (Caoineag alpha 1) |
347 | 6 |
* Copyright (C) 2006-2007 Dan Fuhry |
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
// Usergroup editor |
|
16 |
||
17 |
function page_Admin_GroupManager() |
|
18 |
{ |
|
19 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
20 |
global $lang; |
|
21 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
22 |
{ |
|
23 |
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
|
24 |
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
|
25 |
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
|
26 |
return; |
|
27 |
} |
|
28 |
||
29 |
if(isset($_POST['do_create_stage1'])) |
|
30 |
{ |
|
31 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
32 |
{ |
|
33 |
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; |
|
34 |
return; |
|
35 |
} |
|
36 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
37 |
echo '<div class="tblholder"> |
|
38 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
39 |
<tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr> |
|
40 |
<tr> |
|
41 |
<td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td> |
|
42 |
</tr> |
|
43 |
<tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2"> |
|
44 |
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br /> |
|
45 |
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br /> |
|
46 |
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br /> |
|
47 |
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label> |
|
48 |
</td></tr> |
|
49 |
<tr> |
|
50 |
<th class="subhead" colspan="2"> |
|
51 |
<input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" /> |
|
52 |
<input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" /> |
|
53 |
</th> |
|
54 |
</tr> |
|
55 |
</table> |
|
56 |
</div>'; |
|
57 |
echo '</form>'; |
|
58 |
return; |
|
59 |
} |
|
60 |
elseif(isset($_POST['do_create_stage2'])) |
|
61 |
{ |
|
62 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
63 |
{ |
|
64 |
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; |
|
65 |
return; |
|
66 |
} |
|
67 |
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
68 |
{ |
|
69 |
echo '<p>Hacking attempt</p>'; |
|
70 |
return; |
|
71 |
} |
|
72 |
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
73 |
if(!$e) |
|
74 |
{ |
|
75 |
echo $db->get_error(); |
|
76 |
return; |
|
77 |
} |
|
78 |
if($db->numrows() > 0) |
|
79 |
{ |
|
80 |
echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>'; |
|
81 |
return; |
|
82 |
} |
|
83 |
$db->free_result(); |
|
84 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); |
|
85 |
if(!$q) |
|
86 |
{ |
|
87 |
echo $db->get_error(); |
|
88 |
return; |
|
89 |
} |
|
90 |
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); |
|
91 |
if(!$e) |
|
92 |
{ |
|
93 |
echo $db->get_error(); |
|
94 |
return; |
|
95 |
} |
|
96 |
if($db->numrows() < 1) |
|
97 |
{ |
|
98 |
echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>'; |
|
99 |
return; |
|
100 |
} |
|
101 |
$row = $db->fetchrow(); |
|
102 |
$id = $row['user_id']; |
|
103 |
$db->free_result(); |
|
104 |
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
105 |
if(!$e) |
|
106 |
{ |
|
107 |
echo $db->get_error(); |
|
108 |
return; |
|
109 |
} |
|
110 |
if($db->numrows() < 1) |
|
111 |
{ |
|
112 |
echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>'; |
|
113 |
return; |
|
114 |
} |
|
115 |
$row = $db->fetchrow(); |
|
116 |
$gid = $row['group_id']; |
|
117 |
$db->free_result(); |
|
118 |
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); |
|
119 |
if(!$e) |
|
120 |
{ |
|
121 |
echo $db->get_error(); |
|
122 |
return; |
|
123 |
} |
|
124 |
$g_name = htmlspecialchars($_POST['create_group_name']); |
|
125 |
echo "<div class='info-box'> |
|
126 |
<b>" . $lang->get('acpug_heading_info') . "</b><br /> |
|
127 |
" . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . " |
|
128 |
</div>"; |
|
129 |
} |
|
130 |
if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) |
|
131 |
{ |
|
132 |
// Fetch the group name |
|
133 |
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
134 |
if(!$q) |
|
135 |
{ |
|
136 |
echo $db->get_error(); |
|
137 |
return; |
|
138 |
} |
|
139 |
if($db->numrows() < 1) |
|
140 |
{ |
|
141 |
echo '<p>Error: couldn\'t look up group name</p>'; |
|
142 |
} |
|
143 |
$row = $db->fetchrow(); |
|
144 |
$name = htmlspecialchars($row['group_name']); |
|
145 |
$db->free_result(); |
|
146 |
if(isset($_POST['edit_do'])) |
|
147 |
{ |
|
148 |
if(isset($_POST['edit_do']['del_group'])) |
|
149 |
{ |
|
150 |
if ( $row['system_group'] == 1 ) |
|
151 |
{ |
|
152 |
echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>'; |
|
153 |
} |
|
154 |
else |
|
155 |
{ |
|
156 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
157 |
if(!$q) |
|
158 |
{ |
|
159 |
echo $db->get_error(); |
|
160 |
return; |
|
161 |
} |
|
162 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
163 |
if(!$q) |
|
164 |
{ |
|
165 |
echo $db->get_error(); |
|
166 |
return; |
|
167 |
} |
|
168 |
echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>'; |
|
169 |
return; |
|
170 |
} |
|
171 |
} |
|
172 |
if(isset($_POST['edit_do']['save_name'])) |
|
173 |
{ |
|
174 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) |
|
175 |
{ |
|
176 |
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; |
|
177 |
return; |
|
178 |
} |
|
179 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\' |
|
180 |
WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
181 |
if(!$q) |
|
182 |
{ |
|
183 |
echo $db->get_error(); |
|
184 |
return; |
|
185 |
} |
|
186 |
else |
|
187 |
{ |
|
188 |
echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
189 |
' . $lang->get('acpug_msg_name_update_success') . ' |
|
190 |
</div>'; |
|
191 |
} |
|
192 |
$name = htmlspecialchars($_POST['group_name']); |
|
193 |
||
194 |
} |
|
195 |
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members |
|
196 |
WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
197 |
if(!$q) |
|
198 |
{ |
|
199 |
echo $db->get_error(); |
|
200 |
return; |
|
201 |
} |
|
202 |
if($db->numrows() > 0) |
|
203 |
{ |
|
204 |
while($row = $db->fetchrow($q)) |
|
205 |
{ |
|
206 |
if(isset($_POST['edit_do']['del_' . $row['member_id']])) |
|
207 |
{ |
|
208 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']); |
|
209 |
if(!$e) |
|
210 |
{ |
|
211 |
echo $db->get_error(); |
|
212 |
return; |
|
213 |
} |
|
214 |
} |
|
215 |
} |
|
216 |
} |
|
217 |
$db->free_result(); |
|
218 |
if(isset($_POST['edit_do']['add_member'])) |
|
219 |
{ |
|
220 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); |
|
221 |
if(!$q) |
|
222 |
{ |
|
223 |
echo $db->get_error(); |
|
224 |
return; |
|
225 |
} |
|
226 |
if($db->numrows() > 0) |
|
227 |
{ |
|
228 |
$row = $db->fetchrow(); |
|
229 |
$user_id = $row['user_id']; |
|
230 |
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; |
|
231 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); |
|
232 |
if(!$q) |
|
233 |
{ |
|
234 |
echo $db->get_error(); |
|
235 |
return; |
|
236 |
} |
|
237 |
else |
|
238 |
{ |
|
239 |
echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
240 |
' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . ' |
|
241 |
</div>'; |
|
242 |
} |
|
243 |
} |
|
244 |
else |
|
245 |
echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>'; |
|
246 |
} |
|
247 |
} |
|
248 |
$sg_disabled = ( $row['system_group'] == 1 ) ? |
|
249 |
' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' : |
|
250 |
' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" '; |
|
251 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
252 |
echo '<div class="tblholder"> |
|
253 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
254 |
<tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr> |
|
255 |
<tr> |
|
256 |
<td class="row1"> |
|
257 |
' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" /> |
|
258 |
</td> |
|
259 |
</tr> |
|
260 |
<tr> |
|
261 |
<th class="subhead"> |
|
262 |
<input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" /> |
|
263 |
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' /> |
|
264 |
</th> |
|
265 |
</tr> |
|
266 |
</table> |
|
267 |
</div> |
|
268 |
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
269 |
echo '</form>'; |
|
270 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
271 |
echo '<div class="tblholder"> |
|
272 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
273 |
<tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>'; |
|
274 |
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m |
|
275 |
LEFT JOIN '.table_prefix.'users AS u |
|
276 |
ON u.user_id=m.user_id |
|
277 |
WHERE m.group_id='.intval($_POST['group_edit_id']).' |
|
278 |
ORDER BY m.is_mod DESC, u.username ASC;'); |
|
279 |
if(!$q) |
|
280 |
{ |
|
281 |
echo $db->get_error(); |
|
282 |
return; |
|
283 |
} |
|
284 |
if($db->numrows() < 1) |
|
285 |
{ |
|
286 |
echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>'; |
|
287 |
} |
|
288 |
else |
|
289 |
{ |
|
290 |
$cls = 'row2'; |
|
291 |
while($row = $db->fetchrow()) |
|
292 |
{ |
|
293 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
294 |
$mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : ''; |
|
295 |
echo '<tr> |
|
296 |
<td class="'.$cls.'" style="width: 100%;"> |
|
297 |
' . $row['username'] . ' |
|
298 |
</td> |
|
299 |
<td class="'.$cls.'"> |
|
300 |
'.$mod.' |
|
301 |
</td> |
|
302 |
<td class="'.$cls.'"> |
|
303 |
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" /> |
|
304 |
</td> |
|
305 |
</tr>'; |
|
306 |
} |
|
307 |
} |
|
308 |
$db->free_result(); |
|
309 |
echo '</table> |
|
310 |
</div> |
|
311 |
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
312 |
echo '</form>'; |
|
313 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
314 |
echo '<div class="tblholder"> |
|
315 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
316 |
<tr> |
|
317 |
<th>' . $lang->get('acpug_heading_add_member') . '</th> |
|
318 |
</tr> |
|
319 |
<tr> |
|
320 |
<td class="row1"> |
|
321 |
' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . ' |
|
322 |
</td> |
|
323 |
</tr> |
|
324 |
<tr> |
|
325 |
<td class="row2"> |
|
326 |
<label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label> |
|
327 |
' . $lang->get('acpug_field_make_mod_hint') . ' |
|
328 |
</td> |
|
329 |
</tr> |
|
330 |
<tr> |
|
331 |
<th class="subhead"> |
|
332 |
<input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" /> |
|
333 |
</th> |
|
334 |
</tr> |
|
335 |
</table> |
|
336 |
</div> |
|
337 |
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; |
|
338 |
echo '</form>'; |
|
339 |
return; |
|
340 |
} |
|
341 |
echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>'; |
|
342 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
343 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); |
|
344 |
if(!$q) |
|
345 |
{ |
|
346 |
echo $db->get_error(); |
|
347 |
} |
|
348 |
else |
|
349 |
{ |
|
350 |
echo '<div class="tblholder"> |
|
351 |
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
352 |
<tr> |
|
353 |
<th>' . $lang->get('acpug_heading_edit_existing') . '</th> |
|
354 |
</tr>'; |
|
355 |
echo '<tr><td class="row2"><select name="group_edit_id">'; |
|
356 |
while ( $row = $db->fetchrow() ) |
|
357 |
{ |
|
358 |
if ( $row['group_name'] != 'Everyone' ) |
|
359 |
{ |
|
360 |
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>'; |
|
361 |
} |
|
362 |
} |
|
363 |
$db->free_result(); |
|
364 |
echo '</select></td></tr>'; |
|
365 |
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr> |
|
366 |
</table> |
|
367 |
</div> |
|
368 |
</form><br />'; |
|
369 |
} |
|
370 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
371 |
echo '<div class="tblholder"> |
|
372 |
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
373 |
<tr> |
|
374 |
<th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th> |
|
375 |
</tr>'; |
|
376 |
echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>'; |
|
377 |
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' »" /></td></tr> |
|
378 |
</table> |
|
379 |
</div>'; |
|
380 |
echo '</form>'; |
|
381 |
} |
|
382 |
||
383 |
?> |