11 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
11 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
12 */ |
12 */ |
13 |
13 |
14 function page_Admin_UserRanks() |
14 function page_Admin_UserRanks() |
15 { |
15 { |
16 global $db, $session, $paths, $template, $plugins; // Common objects |
16 global $db, $session, $paths, $template, $plugins; // Common objects |
17 global $lang; |
17 global $lang; |
18 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
18 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
19 { |
19 { |
20 $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
20 $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
21 echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
21 echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
22 echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
22 echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
23 return; |
23 return; |
24 } |
24 } |
25 |
25 |
26 // This should be a constant somewhere |
26 // This should be a constant somewhere |
27 $protected_ranks = array( |
27 $protected_ranks = array( |
28 RANK_ID_MEMBER, |
28 RANK_ID_MEMBER, |
29 RANK_ID_MOD, |
29 RANK_ID_MOD, |
30 RANK_ID_ADMIN, |
30 RANK_ID_ADMIN, |
31 RANK_ID_GUEST |
31 RANK_ID_GUEST |
32 ); |
32 ); |
33 |
33 |
34 if ( $paths->getParam(0) == 'action.json' ) |
34 if ( $paths->getParam(0) == 'action.json' ) |
35 { |
35 { |
36 // ajax call, try to decode json request |
36 // ajax call, try to decode json request |
37 header('Content-type: application/json'); |
37 header('Content-type: application/json'); |
38 |
38 |
39 if ( !isset($_POST['r']) ) |
39 if ( !isset($_POST['r']) ) |
40 { |
40 { |
41 echo enano_json_encode(array( |
41 echo enano_json_encode(array( |
42 'mode' => 'error', |
42 'mode' => 'error', |
43 'error' => 'Missing JSON request payload' |
43 'error' => 'Missing JSON request payload' |
44 )); |
44 )); |
45 return true; |
45 return true; |
46 } |
46 } |
47 try |
47 try |
48 { |
48 { |
49 $request = enano_json_decode($_POST['r']); |
49 $request = enano_json_decode($_POST['r']); |
50 } |
50 } |
51 catch ( Exception $e ) |
51 catch ( Exception $e ) |
52 { |
52 { |
53 echo enano_json_encode(array( |
53 echo enano_json_encode(array( |
54 'mode' => 'error', |
54 'mode' => 'error', |
55 'error' => 'Invalid JSON request payload' |
55 'error' => 'Invalid JSON request payload' |
56 )); |
56 )); |
57 return true; |
57 return true; |
58 } |
58 } |
59 |
59 |
60 if ( !isset($request['mode']) ) |
60 if ( !isset($request['mode']) ) |
61 { |
61 { |
62 echo enano_json_encode(array( |
62 echo enano_json_encode(array( |
63 'mode' => 'error', |
63 'mode' => 'error', |
64 'error' => 'JSON request payload does not contain required parameter "mode"' |
64 'error' => 'JSON request payload does not contain required parameter "mode"' |
65 )); |
65 )); |
66 return true; |
66 return true; |
67 } |
67 } |
68 |
68 |
69 // we've got it |
69 // we've got it |
70 switch ( $request['mode'] ) |
70 switch ( $request['mode'] ) |
71 { |
71 { |
72 case 'get_rank': |
72 case 'get_rank': |
73 // easy enough, get a rank from the DB |
73 // easy enough, get a rank from the DB |
74 $rank_id = intval(@$request['rank_id']); |
74 $rank_id = intval(@$request['rank_id']); |
75 if ( empty($rank_id) ) |
75 if ( empty($rank_id) ) |
76 { |
76 { |
77 echo enano_json_encode(array( |
77 echo enano_json_encode(array( |
78 'mode' => 'error', |
78 'mode' => 'error', |
79 'error' => 'Missing rank ID' |
79 'error' => 'Missing rank ID' |
80 )); |
80 )); |
81 return true; |
81 return true; |
82 } |
82 } |
83 // query and fetch |
83 // query and fetch |
84 $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;"); |
84 $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;"); |
85 if ( !$q || $db->numrows() < 1 ) |
85 if ( !$q || $db->numrows() < 1 ) |
86 $db->die_json(); |
86 $db->die_json(); |
87 |
87 |
88 $row = $db->fetchrow(); |
88 $row = $db->fetchrow(); |
89 $db->free_result(); |
89 $db->free_result(); |
90 |
90 |
91 // why does mysql do this? |
91 // why does mysql do this? |
92 $row['rank_id'] = intval($row['rank_id']); |
92 $row['rank_id'] = intval($row['rank_id']); |
93 echo enano_json_encode($row); |
93 echo enano_json_encode($row); |
94 break; |
94 break; |
95 case 'save_rank': |
95 case 'save_rank': |
96 // easy enough, get a rank from the DB |
96 // easy enough, get a rank from the DB |
97 $rank_id = intval(@$request['rank_id']); |
97 $rank_id = intval(@$request['rank_id']); |
98 // note - an empty rank_style field is permitted |
98 // note - an empty rank_style field is permitted |
99 if ( empty($rank_id) ) |
99 if ( empty($rank_id) ) |
100 { |
100 { |
101 echo enano_json_encode(array( |
101 echo enano_json_encode(array( |
102 'mode' => 'error', |
102 'mode' => 'error', |
103 'error' => 'Missing rank ID' |
103 'error' => 'Missing rank ID' |
104 )); |
104 )); |
105 return true; |
105 return true; |
106 } |
106 } |
107 |
107 |
108 if ( empty($request['rank_title']) ) |
108 if ( empty($request['rank_title']) ) |
109 { |
109 { |
110 echo enano_json_encode(array( |
110 echo enano_json_encode(array( |
111 'mode' => 'error', |
111 'mode' => 'error', |
112 'error' => $lang->get('acpur_err_missing_rank_title') |
112 'error' => $lang->get('acpur_err_missing_rank_title') |
113 )); |
113 )); |
114 return true; |
114 return true; |
115 } |
115 } |
116 |
116 |
117 // perform update |
117 // perform update |
118 $rank_title = $db->escape($request['rank_title']); |
118 $rank_title = $db->escape($request['rank_title']); |
119 $rank_style = $db->escape(@$request['rank_style']); |
119 $rank_style = $db->escape(@$request['rank_style']); |
120 $q = $db->sql_query('UPDATE ' . table_prefix . "ranks SET rank_title = '$rank_title', rank_style = '$rank_style' WHERE rank_id = $rank_id;"); |
120 $q = $db->sql_query('UPDATE ' . table_prefix . "ranks SET rank_title = '$rank_title', rank_style = '$rank_style' WHERE rank_id = $rank_id;"); |
121 |
121 |
122 // regenerate the ranks cache |
122 // regenerate the ranks cache |
123 generate_cache_userranks(); |
123 generate_cache_userranks(); |
124 |
124 |
125 echo enano_json_encode(array( |
125 echo enano_json_encode(array( |
126 'mode' => 'success' |
126 'mode' => 'success' |
127 )); |
127 )); |
128 break; |
128 break; |
129 case 'create_rank': |
129 case 'create_rank': |
130 if ( empty($request['rank_title']) ) |
130 if ( empty($request['rank_title']) ) |
131 { |
131 { |
132 echo enano_json_encode(array( |
132 echo enano_json_encode(array( |
133 'mode' => 'error', |
133 'mode' => 'error', |
134 'error' => $lang->get('acpur_err_missing_rank_title') |
134 'error' => $lang->get('acpur_err_missing_rank_title') |
135 )); |
135 )); |
136 return true; |
136 return true; |
137 } |
137 } |
138 |
138 |
139 $rank_title = $db->escape($request['rank_title']); |
139 $rank_title = $db->escape($request['rank_title']); |
140 $rank_style = $db->escape(@$request['rank_style']); |
140 $rank_style = $db->escape(@$request['rank_style']); |
141 |
141 |
142 // perform insert |
142 // perform insert |
143 $q = $db->sql_query('INSERT INTO ' . table_prefix . "ranks ( rank_title, rank_style ) VALUES\n" |
143 $q = $db->sql_query('INSERT INTO ' . table_prefix . "ranks ( rank_title, rank_style ) VALUES\n" |
144 . " ( '$rank_title', '$rank_style' );"); |
144 . " ( '$rank_title', '$rank_style' );"); |
145 if ( !$q ) |
145 if ( !$q ) |
146 $db->die_json(); |
146 $db->die_json(); |
147 |
147 |
148 $rank_id = $db->insert_id(); |
148 $rank_id = $db->insert_id(); |
149 if ( !$rank_id ) |
149 if ( !$rank_id ) |
150 { |
150 { |
151 echo enano_json_encode(array( |
151 echo enano_json_encode(array( |
152 'mode' => 'error', |
152 'mode' => 'error', |
153 'error' => 'Refetch of rank ID failed' |
153 'error' => 'Refetch of rank ID failed' |
154 )); |
154 )); |
155 return true; |
155 return true; |
156 } |
156 } |
157 |
157 |
158 // regenerate the ranks cache |
158 // regenerate the ranks cache |
159 generate_cache_userranks(); |
159 generate_cache_userranks(); |
160 |
160 |
161 echo enano_json_encode(array( |
161 echo enano_json_encode(array( |
162 'mode' => 'success', |
162 'mode' => 'success', |
163 'rank_id' => $rank_id |
163 'rank_id' => $rank_id |
164 )); |
164 )); |
165 break; |
165 break; |
166 case 'delete_rank': |
166 case 'delete_rank': |
167 // nuke a rank |
167 // nuke a rank |
168 $rank_id = intval(@$request['rank_id']); |
168 $rank_id = intval(@$request['rank_id']); |
169 if ( empty($rank_id) ) |
169 if ( empty($rank_id) ) |
170 { |
170 { |
171 echo enano_json_encode(array( |
171 echo enano_json_encode(array( |
172 'mode' => 'error', |
172 'mode' => 'error', |
173 'error' => 'Missing rank ID' |
173 'error' => 'Missing rank ID' |
174 )); |
174 )); |
175 return true; |
175 return true; |
176 } |
176 } |
177 |
177 |
178 // is this rank protected (e.g. a system rank)? |
178 // is this rank protected (e.g. a system rank)? |
179 if ( in_array($rank_id, $protected_ranks) ) |
179 if ( in_array($rank_id, $protected_ranks) ) |
180 { |
180 { |
181 echo enano_json_encode(array( |
181 echo enano_json_encode(array( |
182 'mode' => 'error', |
182 'mode' => 'error', |
183 'error' => $lang->get('acpur_err_cant_delete_system_rank') |
183 'error' => $lang->get('acpur_err_cant_delete_system_rank') |
184 )); |
184 )); |
185 return true; |
185 return true; |
186 } |
186 } |
187 |
187 |
188 // unset any user and groups that might be using it |
188 // unset any user and groups that might be using it |
189 $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_rank = NULL WHERE user_rank = $rank_id;"); |
189 $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_rank = NULL WHERE user_rank = $rank_id;"); |
190 if ( !$q ) |
190 if ( !$q ) |
191 $db->die_json(); |
191 $db->die_json(); |
192 $q = $db->sql_query('UPDATE ' . table_prefix . "groups SET group_rank = NULL WHERE group_rank = $rank_id;"); |
192 $q = $db->sql_query('UPDATE ' . table_prefix . "groups SET group_rank = NULL WHERE group_rank = $rank_id;"); |
193 if ( !$q ) |
193 if ( !$q ) |
194 $db->die_json(); |
194 $db->die_json(); |
195 |
195 |
196 // now remove the rank itself |
196 // now remove the rank itself |
197 $q = $db->sql_query('DELETE FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;"); |
197 $q = $db->sql_query('DELETE FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;"); |
198 if ( !$q ) |
198 if ( !$q ) |
199 $db->_die(); |
199 $db->_die(); |
200 |
200 |
201 // regenerate the ranks cache |
201 // regenerate the ranks cache |
202 generate_cache_userranks(); |
202 generate_cache_userranks(); |
203 |
203 |
204 echo enano_json_encode(array( |
204 echo enano_json_encode(array( |
205 'mode' => 'success' |
205 'mode' => 'success' |
206 )); |
206 )); |
207 break; |
207 break; |
208 default: |
208 default: |
209 echo enano_json_encode(array( |
209 echo enano_json_encode(array( |
210 'mode' => 'error', |
210 'mode' => 'error', |
211 'error' => 'Unknown requested operation' |
211 'error' => 'Unknown requested operation' |
212 )); |
212 )); |
213 return true; |
213 return true; |
214 } |
214 } |
215 return true; |
215 return true; |
216 } |
216 } |
217 |
217 |
218 // draw initial interface |
218 // draw initial interface |
219 // yes, four paragraphs of introduction. Suck it up. |
219 // yes, four paragraphs of introduction. Suck it up. |
220 echo '<h3>' . $lang->get('acpur_heading_main') . '</h3>'; |
220 echo '<h3>' . $lang->get('acpur_heading_main') . '</h3>'; |
221 echo '<p>' . $lang->get('acpur_intro_para1') . '</p>'; |
221 echo '<p>' . $lang->get('acpur_intro_para1') . '</p>'; |
222 echo '<p>' . $lang->get('acpur_intro_para2') . '</p>'; |
222 echo '<p>' . $lang->get('acpur_intro_para2') . '</p>'; |
223 echo '<p>' . $lang->get('acpur_intro_para3') . '</p>'; |
223 echo '<p>' . $lang->get('acpur_intro_para3') . '</p>'; |
224 echo '<p>' . $lang->get('acpur_intro_para4') . '</p>'; |
224 echo '<p>' . $lang->get('acpur_intro_para4') . '</p>'; |
225 |
225 |
226 // fetch ranks |
226 // fetch ranks |
227 $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks ORDER BY rank_title ASC;"); |
227 $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks ORDER BY rank_title ASC;"); |
228 if ( !$q ) |
228 if ( !$q ) |
229 $db->_die(); |
229 $db->_die(); |
230 |
230 |
231 echo '<div class="rankadmin-left" id="admin_ranks_container_left">'; |
231 echo '<div class="rankadmin-left" id="admin_ranks_container_left">'; |
232 while ( $row = $db->fetchrow() ) |
232 while ( $row = $db->fetchrow() ) |
233 { |
233 { |
234 // format rank according to what its users look like |
234 // format rank according to what its users look like |
235 // rank titles can be stored as language strings, so have the language manager fetch this |
235 // rank titles can be stored as language strings, so have the language manager fetch this |
236 // normally it refetches (which takes time) if a string isn't found, but it won't try to fetch |
236 // normally it refetches (which takes time) if a string isn't found, but it won't try to fetch |
237 // a string that isn't in the category_stringid format |
237 // a string that isn't in the category_stringid format |
238 $rank_title = $lang->get($row['rank_title']); |
238 $rank_title = $lang->get($row['rank_title']); |
239 // FIXME: make sure htmlspecialchars() is escaping quotes and backslashes |
239 // FIXME: make sure htmlspecialchars() is escaping quotes and backslashes |
240 echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '" id="rankadmin_editlink_' . $row['rank_id'] . '">' . htmlspecialchars($rank_title) . '</a> '; |
240 echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '" id="rankadmin_editlink_' . $row['rank_id'] . '">' . htmlspecialchars($rank_title) . '</a> '; |
241 } |
241 } |
242 echo '<a href="#rank_create" onclick="ajaxInitRankCreate(); return false;" class="rankadmin-editlink rankadmin-createlink" id="rankadmin_createlink">' . $lang->get('acpur_btn_create_init') . '</a> '; |
242 echo '<a href="#rank_create" onclick="ajaxInitRankCreate(); return false;" class="rankadmin-editlink rankadmin-createlink" id="rankadmin_createlink">' . $lang->get('acpur_btn_create_init') . '</a> '; |
243 echo '</div>'; |
243 echo '</div>'; |
244 |
244 |
245 echo '<div class="rankadmin-right" id="admin_ranks_container_right">'; |
245 echo '<div class="rankadmin-right" id="admin_ranks_container_right">'; |
246 echo $lang->get('acpur_msg_select_rank'); |
246 echo $lang->get('acpur_msg_select_rank'); |
247 echo '</div>'; |
247 echo '</div>'; |
248 echo '<span class="menuclear"></span>'; |
248 echo '<span class="menuclear"></span>'; |
249 } |
249 } |
250 |
250 |
251 ?> |
251 ?> |