plugins/admin/UserRanks.php
changeset 1227 bdac73ed481e
parent 1081 745200a9cc2a
equal deleted inserted replaced
1226:de56132c008d 1227:bdac73ed481e
    11  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    11  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    12  */
    12  */
    13 
    13 
    14 function page_Admin_UserRanks()
    14 function page_Admin_UserRanks()
    15 {
    15 {
    16   global $db, $session, $paths, $template, $plugins; // Common objects
    16 	global $db, $session, $paths, $template, $plugins; // Common objects
    17   global $lang;
    17 	global $lang;
    18   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
    18 	if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
    19   {
    19 	{
    20     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
    20 		$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
    21     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
    21 		echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
    22     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
    22 		echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
    23     return;
    23 		return;
    24   }
    24 	}
    25   
    25 	
    26   // This should be a constant somewhere
    26 	// This should be a constant somewhere
    27   $protected_ranks = array(
    27 	$protected_ranks = array(
    28       RANK_ID_MEMBER,
    28 			RANK_ID_MEMBER,
    29       RANK_ID_MOD,
    29 			RANK_ID_MOD,
    30       RANK_ID_ADMIN,
    30 			RANK_ID_ADMIN,
    31       RANK_ID_GUEST
    31 			RANK_ID_GUEST
    32     );
    32 		);
    33   
    33 	
    34   if ( $paths->getParam(0) == 'action.json' )
    34 	if ( $paths->getParam(0) == 'action.json' )
    35   {
    35 	{
    36     // ajax call, try to decode json request
    36 		// ajax call, try to decode json request
    37     header('Content-type: application/json');
    37 		header('Content-type: application/json');
    38     
    38 		
    39     if ( !isset($_POST['r']) )
    39 		if ( !isset($_POST['r']) )
    40     {
    40 		{
    41       echo enano_json_encode(array(
    41 			echo enano_json_encode(array(
    42           'mode' => 'error',
    42 					'mode' => 'error',
    43           'error' => 'Missing JSON request payload'
    43 					'error' => 'Missing JSON request payload'
    44         ));
    44 				));
    45       return true;
    45 			return true;
    46     }
    46 		}
    47     try
    47 		try
    48     {
    48 		{
    49       $request = enano_json_decode($_POST['r']);
    49 			$request = enano_json_decode($_POST['r']);
    50     }
    50 		}
    51     catch ( Exception $e )
    51 		catch ( Exception $e )
    52     {
    52 		{
    53       echo enano_json_encode(array(
    53 			echo enano_json_encode(array(
    54           'mode' => 'error',
    54 					'mode' => 'error',
    55           'error' => 'Invalid JSON request payload'
    55 					'error' => 'Invalid JSON request payload'
    56         ));
    56 				));
    57       return true;
    57 			return true;
    58     }
    58 		}
    59     
    59 		
    60     if ( !isset($request['mode']) )
    60 		if ( !isset($request['mode']) )
    61     {
    61 		{
    62       echo enano_json_encode(array(
    62 			echo enano_json_encode(array(
    63           'mode' => 'error',
    63 					'mode' => 'error',
    64           'error' => 'JSON request payload does not contain required parameter "mode"'
    64 					'error' => 'JSON request payload does not contain required parameter "mode"'
    65         ));
    65 				));
    66       return true;
    66 			return true;
    67     }
    67 		}
    68     
    68 		
    69     // we've got it
    69 		// we've got it
    70     switch ( $request['mode'] )
    70 		switch ( $request['mode'] )
    71     {
    71 		{
    72       case 'get_rank':
    72 			case 'get_rank':
    73         // easy enough, get a rank from the DB
    73 				// easy enough, get a rank from the DB
    74         $rank_id = intval(@$request['rank_id']);
    74 				$rank_id = intval(@$request['rank_id']);
    75         if ( empty($rank_id) )
    75 				if ( empty($rank_id) )
    76         {
    76 				{
    77           echo enano_json_encode(array(
    77 					echo enano_json_encode(array(
    78               'mode' => 'error',
    78 							'mode' => 'error',
    79               'error' => 'Missing rank ID'
    79 							'error' => 'Missing rank ID'
    80             ));
    80 						));
    81           return true;
    81 					return true;
    82         }
    82 				}
    83         // query and fetch
    83 				// query and fetch
    84         $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
    84 				$q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
    85         if ( !$q || $db->numrows() < 1 )
    85 				if ( !$q || $db->numrows() < 1 )
    86           $db->die_json();
    86 					$db->die_json();
    87         
    87 				
    88         $row = $db->fetchrow();
    88 				$row = $db->fetchrow();
    89         $db->free_result();
    89 				$db->free_result();
    90         
    90 				
    91         // why does mysql do this?
    91 				// why does mysql do this?
    92         $row['rank_id'] = intval($row['rank_id']);
    92 				$row['rank_id'] = intval($row['rank_id']);
    93         echo enano_json_encode($row);
    93 				echo enano_json_encode($row);
    94         break;
    94 				break;
    95       case 'save_rank':
    95 			case 'save_rank':
    96         // easy enough, get a rank from the DB
    96 				// easy enough, get a rank from the DB
    97         $rank_id = intval(@$request['rank_id']);
    97 				$rank_id = intval(@$request['rank_id']);
    98         // note - an empty rank_style field is permitted
    98 				// note - an empty rank_style field is permitted
    99         if ( empty($rank_id) )
    99 				if ( empty($rank_id) )
   100         {
   100 				{
   101           echo enano_json_encode(array(
   101 					echo enano_json_encode(array(
   102               'mode' => 'error',
   102 							'mode' => 'error',
   103               'error' => 'Missing rank ID'
   103 							'error' => 'Missing rank ID'
   104             ));
   104 						));
   105           return true;
   105 					return true;
   106         }
   106 				}
   107         
   107 				
   108         if ( empty($request['rank_title']) )
   108 				if ( empty($request['rank_title']) )
   109         {
   109 				{
   110           echo enano_json_encode(array(
   110 					echo enano_json_encode(array(
   111               'mode' => 'error',
   111 							'mode' => 'error',
   112               'error' => $lang->get('acpur_err_missing_rank_title')
   112 							'error' => $lang->get('acpur_err_missing_rank_title')
   113             ));
   113 						));
   114           return true;
   114 					return true;
   115         }
   115 				}
   116         
   116 				
   117         // perform update
   117 				// perform update
   118         $rank_title = $db->escape($request['rank_title']);
   118 				$rank_title = $db->escape($request['rank_title']);
   119         $rank_style = $db->escape(@$request['rank_style']);
   119 				$rank_style = $db->escape(@$request['rank_style']);
   120         $q = $db->sql_query('UPDATE ' . table_prefix . "ranks SET rank_title = '$rank_title', rank_style = '$rank_style' WHERE rank_id = $rank_id;");
   120 				$q = $db->sql_query('UPDATE ' . table_prefix . "ranks SET rank_title = '$rank_title', rank_style = '$rank_style' WHERE rank_id = $rank_id;");
   121         
   121 				
   122         // regenerate the ranks cache
   122 				// regenerate the ranks cache
   123         generate_cache_userranks();
   123 				generate_cache_userranks();
   124         
   124 				
   125         echo enano_json_encode(array(
   125 				echo enano_json_encode(array(
   126             'mode' => 'success'
   126 						'mode' => 'success'
   127           ));
   127 					));
   128         break;
   128 				break;
   129       case 'create_rank':
   129 			case 'create_rank':
   130         if ( empty($request['rank_title']) )
   130 				if ( empty($request['rank_title']) )
   131         {
   131 				{
   132           echo enano_json_encode(array(
   132 					echo enano_json_encode(array(
   133               'mode' => 'error',
   133 							'mode' => 'error',
   134               'error' => $lang->get('acpur_err_missing_rank_title')
   134 							'error' => $lang->get('acpur_err_missing_rank_title')
   135             ));
   135 						));
   136           return true;
   136 					return true;
   137         }
   137 				}
   138         
   138 				
   139         $rank_title = $db->escape($request['rank_title']);
   139 				$rank_title = $db->escape($request['rank_title']);
   140         $rank_style = $db->escape(@$request['rank_style']);
   140 				$rank_style = $db->escape(@$request['rank_style']);
   141         
   141 				
   142         // perform insert
   142 				// perform insert
   143         $q = $db->sql_query('INSERT INTO ' . table_prefix . "ranks ( rank_title, rank_style ) VALUES\n"
   143 				$q = $db->sql_query('INSERT INTO ' . table_prefix . "ranks ( rank_title, rank_style ) VALUES\n"
   144                           . "  ( '$rank_title', '$rank_style' );");
   144 													. "  ( '$rank_title', '$rank_style' );");
   145         if ( !$q )
   145 				if ( !$q )
   146           $db->die_json();
   146 					$db->die_json();
   147         
   147 				
   148         $rank_id = $db->insert_id();
   148 				$rank_id = $db->insert_id();
   149         if ( !$rank_id )
   149 				if ( !$rank_id )
   150         {
   150 				{
   151           echo enano_json_encode(array(
   151 					echo enano_json_encode(array(
   152               'mode' => 'error',
   152 							'mode' => 'error',
   153               'error' => 'Refetch of rank ID failed'
   153 							'error' => 'Refetch of rank ID failed'
   154             ));
   154 						));
   155           return true;
   155 					return true;
   156         }
   156 				}
   157         
   157 				
   158         // regenerate the ranks cache
   158 				// regenerate the ranks cache
   159         generate_cache_userranks();
   159 				generate_cache_userranks();
   160         
   160 				
   161         echo enano_json_encode(array(
   161 				echo enano_json_encode(array(
   162             'mode' => 'success',
   162 						'mode' => 'success',
   163             'rank_id' => $rank_id
   163 						'rank_id' => $rank_id
   164           ));
   164 					));
   165         break;
   165 				break;
   166       case 'delete_rank':
   166 			case 'delete_rank':
   167         // nuke a rank
   167 				// nuke a rank
   168         $rank_id = intval(@$request['rank_id']);
   168 				$rank_id = intval(@$request['rank_id']);
   169         if ( empty($rank_id) )
   169 				if ( empty($rank_id) )
   170         {
   170 				{
   171           echo enano_json_encode(array(
   171 					echo enano_json_encode(array(
   172               'mode' => 'error',
   172 							'mode' => 'error',
   173               'error' => 'Missing rank ID'
   173 							'error' => 'Missing rank ID'
   174             ));
   174 						));
   175           return true;
   175 					return true;
   176         }
   176 				}
   177         
   177 				
   178         // is this rank protected (e.g. a system rank)?
   178 				// is this rank protected (e.g. a system rank)?
   179         if ( in_array($rank_id, $protected_ranks) )
   179 				if ( in_array($rank_id, $protected_ranks) )
   180         {
   180 				{
   181           echo enano_json_encode(array(
   181 					echo enano_json_encode(array(
   182               'mode' => 'error',
   182 							'mode' => 'error',
   183               'error' => $lang->get('acpur_err_cant_delete_system_rank')
   183 							'error' => $lang->get('acpur_err_cant_delete_system_rank')
   184             ));
   184 						));
   185           return true;
   185 					return true;
   186         }
   186 				}
   187         
   187 				
   188         // unset any user and groups that might be using it
   188 				// unset any user and groups that might be using it
   189         $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_rank = NULL WHERE user_rank = $rank_id;");
   189 				$q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_rank = NULL WHERE user_rank = $rank_id;");
   190         if ( !$q )
   190 				if ( !$q )
   191           $db->die_json();
   191 					$db->die_json();
   192         $q = $db->sql_query('UPDATE ' . table_prefix . "groups SET group_rank = NULL WHERE group_rank = $rank_id;");
   192 				$q = $db->sql_query('UPDATE ' . table_prefix . "groups SET group_rank = NULL WHERE group_rank = $rank_id;");
   193         if ( !$q )
   193 				if ( !$q )
   194           $db->die_json();
   194 					$db->die_json();
   195         
   195 				
   196         // now remove the rank itself
   196 				// now remove the rank itself
   197         $q = $db->sql_query('DELETE FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
   197 				$q = $db->sql_query('DELETE FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;");
   198         if ( !$q )
   198 				if ( !$q )
   199           $db->_die();
   199 					$db->_die();
   200         
   200 				
   201         // regenerate the ranks cache
   201 				// regenerate the ranks cache
   202         generate_cache_userranks();
   202 				generate_cache_userranks();
   203         
   203 				
   204         echo enano_json_encode(array(
   204 				echo enano_json_encode(array(
   205             'mode' => 'success'
   205 						'mode' => 'success'
   206           ));
   206 					));
   207         break;
   207 				break;
   208       default:
   208 			default:
   209         echo enano_json_encode(array(
   209 				echo enano_json_encode(array(
   210           'mode' => 'error',
   210 					'mode' => 'error',
   211           'error' => 'Unknown requested operation'
   211 					'error' => 'Unknown requested operation'
   212         ));
   212 				));
   213       return true;
   213 			return true;
   214     }
   214 		}
   215     return true;
   215 		return true;
   216   }
   216 	}
   217   
   217 	
   218   // draw initial interface
   218 	// draw initial interface
   219   // yes, four paragraphs of introduction. Suck it up.
   219 	// yes, four paragraphs of introduction. Suck it up.
   220   echo '<h3>' . $lang->get('acpur_heading_main') . '</h3>';
   220 	echo '<h3>' . $lang->get('acpur_heading_main') . '</h3>';
   221   echo '<p>' . $lang->get('acpur_intro_para1') . '</p>';
   221 	echo '<p>' . $lang->get('acpur_intro_para1') . '</p>';
   222   echo '<p>' . $lang->get('acpur_intro_para2') . '</p>';
   222 	echo '<p>' . $lang->get('acpur_intro_para2') . '</p>';
   223   echo '<p>' . $lang->get('acpur_intro_para3') . '</p>';
   223 	echo '<p>' . $lang->get('acpur_intro_para3') . '</p>';
   224   echo '<p>' . $lang->get('acpur_intro_para4') . '</p>';
   224 	echo '<p>' . $lang->get('acpur_intro_para4') . '</p>';
   225   
   225 	
   226   // fetch ranks
   226 	// fetch ranks
   227   $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks ORDER BY rank_title ASC;");
   227 	$q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks ORDER BY rank_title ASC;");
   228   if ( !$q )
   228 	if ( !$q )
   229     $db->_die();
   229 		$db->_die();
   230   
   230 	
   231   echo '<div class="rankadmin-left" id="admin_ranks_container_left">';
   231 	echo '<div class="rankadmin-left" id="admin_ranks_container_left">';
   232   while ( $row = $db->fetchrow() )
   232 	while ( $row = $db->fetchrow() )
   233   {
   233 	{
   234     // format rank according to what its users look like
   234 		// format rank according to what its users look like
   235     // rank titles can be stored as language strings, so have the language manager fetch this
   235 		// rank titles can be stored as language strings, so have the language manager fetch this
   236     // normally it refetches (which takes time) if a string isn't found, but it won't try to fetch
   236 		// normally it refetches (which takes time) if a string isn't found, but it won't try to fetch
   237     // a string that isn't in the category_stringid format
   237 		// a string that isn't in the category_stringid format
   238     $rank_title = $lang->get($row['rank_title']);
   238 		$rank_title = $lang->get($row['rank_title']);
   239     // FIXME: make sure htmlspecialchars() is escaping quotes and backslashes
   239 		// FIXME: make sure htmlspecialchars() is escaping quotes and backslashes
   240     echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '" id="rankadmin_editlink_' . $row['rank_id'] . '">' . htmlspecialchars($rank_title) . '</a> ';
   240 		echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '" id="rankadmin_editlink_' . $row['rank_id'] . '">' . htmlspecialchars($rank_title) . '</a> ';
   241   }
   241 	}
   242   echo '<a href="#rank_create" onclick="ajaxInitRankCreate(); return false;" class="rankadmin-editlink rankadmin-createlink" id="rankadmin_createlink">' . $lang->get('acpur_btn_create_init') . '</a> ';
   242 	echo '<a href="#rank_create" onclick="ajaxInitRankCreate(); return false;" class="rankadmin-editlink rankadmin-createlink" id="rankadmin_createlink">' . $lang->get('acpur_btn_create_init') . '</a> ';
   243   echo '</div>';
   243 	echo '</div>';
   244   
   244 	
   245   echo '<div class="rankadmin-right" id="admin_ranks_container_right">';
   245 	echo '<div class="rankadmin-right" id="admin_ranks_container_right">';
   246   echo $lang->get('acpur_msg_select_rank');
   246 	echo $lang->get('acpur_msg_select_rank');
   247   echo '</div>';
   247 	echo '</div>';
   248   echo '<span class="menuclear"></span>';
   248 	echo '<span class="menuclear"></span>';
   249 }
   249 }
   250 
   250 
   251 ?>
   251 ?>