347
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 5
* Version 1.1.6 (Caoineag beta 1)
536
+ − 6
* Copyright (C) 2006-2008 Dan Fuhry
347
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
// Usergroup editor
+ − 16
+ − 17
function page_Admin_GroupManager()
+ − 18
{
+ − 19
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 20
global $lang;
+ − 21
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 22
{
+ − 23
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ − 24
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ − 25
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
+ − 26
return;
+ − 27
}
+ − 28
+ − 29
if(isset($_POST['do_create_stage1']))
+ − 30
{
+ − 31
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 32
{
+ − 33
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 34
return;
+ − 35
}
+ − 36
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 37
echo '<div class="tblholder">
+ − 38
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 39
<tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr>
+ − 40
<tr>
+ − 41
<td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 42
</tr>
+ − 43
<tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2">
+ − 44
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br />
+ − 45
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br />
+ − 46
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br />
+ − 47
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label>
+ − 48
</td></tr>
+ − 49
<tr>
+ − 50
<th class="subhead" colspan="2">
+ − 51
<input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" />
+ − 52
<input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" />
+ − 53
</th>
+ − 54
</tr>
+ − 55
</table>
+ − 56
</div>';
+ − 57
echo '</form>';
+ − 58
return;
+ − 59
}
+ − 60
elseif(isset($_POST['do_create_stage2']))
+ − 61
{
+ − 62
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 63
{
+ − 64
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 65
return;
+ − 66
}
+ − 67
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 68
{
+ − 69
echo '<p>Hacking attempt</p>';
+ − 70
return;
+ − 71
}
+ − 72
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 73
if(!$e)
+ − 74
{
+ − 75
echo $db->get_error();
+ − 76
return;
+ − 77
}
+ − 78
if($db->numrows() > 0)
+ − 79
{
+ − 80
echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>';
+ − 81
return;
+ − 82
}
+ − 83
$db->free_result();
+ − 84
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 85
if(!$q)
+ − 86
{
+ − 87
echo $db->get_error();
+ − 88
return;
+ − 89
}
+ − 90
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 91
if(!$e)
+ − 92
{
+ − 93
echo $db->get_error();
+ − 94
return;
+ − 95
}
+ − 96
if($db->numrows() < 1)
+ − 97
{
+ − 98
echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>';
+ − 99
return;
+ − 100
}
+ − 101
$row = $db->fetchrow();
+ − 102
$id = $row['user_id'];
+ − 103
$db->free_result();
+ − 104
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 105
if(!$e)
+ − 106
{
+ − 107
echo $db->get_error();
+ − 108
return;
+ − 109
}
+ − 110
if($db->numrows() < 1)
+ − 111
{
+ − 112
echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>';
+ − 113
return;
+ − 114
}
+ − 115
$row = $db->fetchrow();
+ − 116
$gid = $row['group_id'];
+ − 117
$db->free_result();
+ − 118
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 119
if(!$e)
+ − 120
{
+ − 121
echo $db->get_error();
+ − 122
return;
+ − 123
}
+ − 124
$g_name = htmlspecialchars($_POST['create_group_name']);
+ − 125
echo "<div class='info-box'>
+ − 126
<b>" . $lang->get('acpug_heading_info') . "</b><br />
+ − 127
" . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . "
+ − 128
</div>";
+ − 129
}
+ − 130
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 131
{
+ − 132
// Fetch the group name
631
+ − 133
$q = $db->sql_query('SELECT group_name,system_group,group_rank FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
347
+ − 134
if(!$q)
+ − 135
{
+ − 136
echo $db->get_error();
+ − 137
return;
+ − 138
}
+ − 139
if($db->numrows() < 1)
+ − 140
{
+ − 141
echo '<p>Error: couldn\'t look up group name</p>';
+ − 142
}
+ − 143
$row = $db->fetchrow();
+ − 144
$name = htmlspecialchars($row['group_name']);
+ − 145
$db->free_result();
+ − 146
if(isset($_POST['edit_do']))
+ − 147
{
+ − 148
if(isset($_POST['edit_do']['del_group']))
+ − 149
{
+ − 150
if ( $row['system_group'] == 1 )
+ − 151
{
+ − 152
echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>';
+ − 153
}
+ − 154
else
+ − 155
{
+ − 156
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 157
if(!$q)
+ − 158
{
+ − 159
echo $db->get_error();
+ − 160
return;
+ − 161
}
+ − 162
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 163
if(!$q)
+ − 164
{
+ − 165
echo $db->get_error();
+ − 166
return;
+ − 167
}
+ − 168
echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>';
+ − 169
return;
+ − 170
}
+ − 171
}
+ − 172
if(isset($_POST['edit_do']['save_name']))
+ − 173
{
+ − 174
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 175
{
+ − 176
echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>';
+ − 177
return;
+ − 178
}
631
+ − 179
// determine rank
+ − 180
$group_rank =& $_POST['group_rank'];
+ − 181
if ( $_POST['group_rank'] !== 'NULL' )
+ − 182
{
+ − 183
$group_rank = intval($group_rank);
+ − 184
if ( empty($group_rank) )
+ − 185
{
+ − 186
echo '<p>Hacked rank ID</p>';
+ − 187
return;
+ − 188
}
+ − 189
}
+ − 190
$row['group_rank'] = $group_rank;
+ − 191
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\',group_rank = ' . $group_rank . '
347
+ − 192
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 193
if(!$q)
+ − 194
{
+ − 195
echo $db->get_error();
+ − 196
return;
+ − 197
}
+ − 198
else
+ − 199
{
+ − 200
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 201
' . $lang->get('acpug_msg_name_update_success') . '
+ − 202
</div>';
+ − 203
}
+ − 204
$name = htmlspecialchars($_POST['group_name']);
+ − 205
+ − 206
}
+ − 207
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 208
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 209
if(!$q)
+ − 210
{
+ − 211
echo $db->get_error();
+ − 212
return;
+ − 213
}
+ − 214
if($db->numrows() > 0)
+ − 215
{
631
+ − 216
while($delrow = $db->fetchrow($q))
347
+ − 217
{
631
+ − 218
if(isset($_POST['edit_do']['del_' . $delrow['member_id']]))
347
+ − 219
{
631
+ − 220
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$delrow['member_id']);
347
+ − 221
if(!$e)
+ − 222
{
+ − 223
echo $db->get_error();
+ − 224
return;
+ − 225
}
+ − 226
}
+ − 227
}
+ − 228
}
+ − 229
$db->free_result();
+ − 230
if(isset($_POST['edit_do']['add_member']))
+ − 231
{
+ − 232
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 233
if(!$q)
+ − 234
{
+ − 235
echo $db->get_error();
+ − 236
return;
+ − 237
}
+ − 238
if($db->numrows() > 0)
+ − 239
{
+ − 240
$row = $db->fetchrow();
+ − 241
$user_id = $row['user_id'];
+ − 242
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 243
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 244
if(!$q)
+ − 245
{
+ − 246
echo $db->get_error();
+ − 247
return;
+ − 248
}
+ − 249
else
+ − 250
{
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 251
347
+ − 252
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 253
' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '
+ − 254
</div>';
+ − 255
}
+ − 256
}
+ − 257
else
+ − 258
echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>';
+ − 259
}
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 260
generate_cache_userranks();
347
+ − 261
}
+ − 262
$sg_disabled = ( $row['system_group'] == 1 ) ?
+ − 263
' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' :
+ − 264
' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" ';
631
+ − 265
+ − 266
// build rank list
+ − 267
$q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks');
+ − 268
if ( !$q )
+ − 269
$db->_die();
+ − 270
$rank_list = '<option value="NULL"' . ( $row['group_rank'] === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n";
+ − 271
while ( $rank_row = $db->fetchrow() )
+ − 272
{
+ − 273
$rank_list .= '<option value="' . $rank_row['rank_id'] . '"' . ( $rank_row['rank_id'] == $row['group_rank'] ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($rank_row['rank_title'])) . '</option>' . "\n";
+ − 274
}
+ − 275
347
+ − 276
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 277
echo '<div class="tblholder">
+ − 278
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 279
<tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr>
+ − 280
<tr>
+ − 281
<td class="row1">
+ − 282
' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" />
+ − 283
</td>
+ − 284
</tr>
+ − 285
<tr>
631
+ − 286
<td class="row1">
+ − 287
' . $lang->get('acpug_field_group_rank') . ' <select name="group_rank" />' . $rank_list . '</select>
+ − 288
</td>
+ − 289
</tr>
+ − 290
<tr>
347
+ − 291
<th class="subhead">
+ − 292
<input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" />
+ − 293
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 294
</th>
+ − 295
</tr>
+ − 296
</table>
+ − 297
</div>
+ − 298
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 299
echo '</form>';
+ − 300
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 301
echo '<div class="tblholder">
+ − 302
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 303
<tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>';
+ − 304
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 305
LEFT JOIN '.table_prefix.'users AS u
+ − 306
ON u.user_id=m.user_id
+ − 307
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 308
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 309
if(!$q)
+ − 310
{
+ − 311
echo $db->get_error();
+ − 312
return;
+ − 313
}
+ − 314
if($db->numrows() < 1)
+ − 315
{
+ − 316
echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>';
+ − 317
}
+ − 318
else
+ − 319
{
+ − 320
$cls = 'row2';
+ − 321
while($row = $db->fetchrow())
+ − 322
{
+ − 323
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 324
$mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : '';
+ − 325
echo '<tr>
+ − 326
<td class="'.$cls.'" style="width: 100%;">
+ − 327
' . $row['username'] . '
+ − 328
</td>
+ − 329
<td class="'.$cls.'">
+ − 330
'.$mod.'
+ − 331
</td>
+ − 332
<td class="'.$cls.'">
+ − 333
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" />
+ − 334
</td>
+ − 335
</tr>';
+ − 336
}
+ − 337
}
+ − 338
$db->free_result();
+ − 339
echo '</table>
+ − 340
</div>
+ − 341
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 342
echo '</form>';
+ − 343
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 344
echo '<div class="tblholder">
+ − 345
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 346
<tr>
+ − 347
<th>' . $lang->get('acpug_heading_add_member') . '</th>
+ − 348
</tr>
+ − 349
<tr>
+ − 350
<td class="row1">
+ − 351
' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . '
+ − 352
</td>
+ − 353
</tr>
+ − 354
<tr>
+ − 355
<td class="row2">
+ − 356
<label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label>
+ − 357
' . $lang->get('acpug_field_make_mod_hint') . '
+ − 358
</td>
+ − 359
</tr>
+ − 360
<tr>
+ − 361
<th class="subhead">
+ − 362
<input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" />
+ − 363
</th>
+ − 364
</tr>
+ − 365
</table>
+ − 366
</div>
+ − 367
<input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />';
+ − 368
echo '</form>';
+ − 369
return;
+ − 370
}
+ − 371
echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>';
+ − 372
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 373
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 374
if(!$q)
+ − 375
{
+ − 376
echo $db->get_error();
+ − 377
}
+ − 378
else
+ − 379
{
+ − 380
echo '<div class="tblholder">
+ − 381
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 382
<tr>
+ − 383
<th>' . $lang->get('acpug_heading_edit_existing') . '</th>
+ − 384
</tr>';
+ − 385
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 386
while ( $row = $db->fetchrow() )
+ − 387
{
+ − 388
if ( $row['group_name'] != 'Everyone' )
+ − 389
{
+ − 390
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 391
}
+ − 392
}
+ − 393
$db->free_result();
+ − 394
echo '</select></td></tr>';
+ − 395
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr>
+ − 396
</table>
+ − 397
</div>
+ − 398
</form><br />';
+ − 399
}
+ − 400
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 401
echo '<div class="tblholder">
+ − 402
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 403
<tr>
+ − 404
<th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th>
+ − 405
</tr>';
+ − 406
echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 407
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' »" /></td></tr>
+ − 408
</table>
+ − 409
</div>';
+ − 410
echo '</form>';
+ − 411
}
+ − 412
+ − 413
?>