0
+ − 1
<?php
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 2
/**!info**
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 3
{
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 4
"Plugin Name" : "plugin_specialgroups_title",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 5
"Plugin URI" : "http://enanocms.org/",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 6
"Description" : "plugin_specialgroups_desc",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 7
"Author" : "Dan Fuhry",
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 8
"Version" : "1.1.6",
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 9
"Author URI" : "http://enanocms.org/"
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 10
}
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 11
**!*/
0
+ − 12
+ − 13
/*
+ − 14
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 15
* Version 1.1.6 (Caoineag beta 1)
0
+ − 16
* Copyright (C) 2007 Dan Fuhry
+ − 17
*
+ − 18
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 19
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 20
*
+ − 21
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 22
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 23
*/
+ − 24
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 25
// $plugins->attachHook('session_started', 'SpecialGroups_paths_init();');
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 26
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 27
function SpecialGroups_paths_init()
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 28
{
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
diff
changeset
+ − 29
register_special_page('Usergroups', 'specialpage_groupcp');
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
diff
changeset
+ − 30
}
0
+ − 31
+ − 32
function page_Special_Usergroups()
+ − 33
{
+ − 34
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 35
global $email; // Import e-mail encryption functions
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 36
global $lang;
0
+ − 37
+ − 38
if ( !$session->user_logged_in )
+ − 39
{
+ − 40
header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page));
+ − 41
$db->close();
+ − 42
exit;
+ − 43
}
+ − 44
+ − 45
$template->header();
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 46
userprefs_show_menu();
0
+ − 47
if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) )
+ − 48
{
+ − 49
$gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
+ − 50
if ( empty($gid) || $gid < 1 )
+ − 51
{
+ − 52
die_friendly('Error', '<p>Hacking attempt</p>');
+ − 53
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 54
$q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
0
+ − 55
if ( !$q )
+ − 56
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 57
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 58
}
+ − 59
$row = $db->fetchrow();
+ − 60
$db->free_result();
+ − 61
$members = array();
+ − 62
$pending = array();
322
+ − 63
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments
0
+ − 64
FROM '.table_prefix.'users AS u
+ − 65
LEFT JOIN '.table_prefix.'group_members AS m
+ − 66
ON ( m.user_id = u.user_id )
+ − 67
LEFT JOIN '.table_prefix.'comments AS c
+ − 68
ON ( c.name = u.username )
+ − 69
WHERE m.group_id=' . $gid . '
322
+ − 70
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending
0
+ − 71
ORDER BY m.is_mod DESC,u.username ASC;');
+ − 72
if ( !$q )
+ − 73
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 74
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 75
}
+ − 76
+ − 77
$is_member = false;
+ − 78
$is_mod = false;
+ − 79
$is_pending = false;
+ − 80
+ − 81
while ( $mr = $db->fetchrow() )
+ − 82
{
+ − 83
if ( $mr['pending'] == 1 )
+ − 84
{
+ − 85
$pending[] = $mr;
+ − 86
if ( $mr['user_id'] == $session->user_id )
+ − 87
{
+ − 88
$is_pending = true;
+ − 89
}
+ − 90
}
+ − 91
else
+ − 92
{
+ − 93
$members[] = $mr;
+ − 94
if ( $mr['user_id'] == $session->user_id )
+ − 95
{
+ − 96
$is_member = true;
+ − 97
if ( $mr['is_mod'] == 1 )
+ − 98
{
+ − 99
$is_mod = true;
+ − 100
}
+ − 101
}
+ − 102
}
+ − 103
}
+ − 104
+ − 105
$status = ( $is_member && $is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 106
? $lang->get('groupcp_status_mod')
0
+ − 107
: ( ( $is_member && !$is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 108
? $lang->get('groupcp_status_member')
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 109
: $lang->get('groupcp_status_not_member')
0
+ − 110
);
+ − 111
+ − 112
$can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN );
+ − 113
+ − 114
switch ( $row['group_type'] )
+ − 115
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 116
case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 117
case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 118
case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 119
case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break;
0
+ − 120
}
+ − 121
+ − 122
if ( isset($_GET['act']) && $can_do_admin_stuff )
+ − 123
{
+ − 124
switch($_GET['act'])
+ − 125
{
+ − 126
case 'update':
+ − 127
if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 128
{
+ − 129
die_friendly('ERROR', '<p>Hacking attempt</p>');
+ − 130
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 131
$q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 132
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 133
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 134
$error = false;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 135
if ( $db->numrows() < 1 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 137
echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 138
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 139
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 140
$r = $db->fetchrow();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 141
if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 142
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 143
echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 144
$error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 145
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 146
if ( !$error )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 147
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 148
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 149
if (!$q)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 150
$db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 151
$row['group_type'] = $_POST['group_state'];
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 152
echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 153
}
0
+ − 154
break;
+ − 155
case 'adduser':
+ − 156
$username = $_POST['add_username'];
+ − 157
$mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
+ − 158
+ − 159
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
+ − 160
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 161
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 162
if ($db->numrows() < 1)
+ − 163
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 164
echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>';
0
+ − 165
break;
+ − 166
}
+ − 167
$r = $db->fetchrow();
+ − 168
$db->free_result();
+ − 169
$uid = intval($r['user_id']);
+ − 170
+ − 171
// Check if the user is already in the group, and if so, only update modship
+ − 172
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
+ − 173
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 174
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 175
if ( $db->numrows() > 0 )
+ − 176
{
+ − 177
$r = $db->fetchrow();
+ − 178
if ( (string) $r['is_mod'] != $mod )
+ − 179
{
+ − 180
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
+ − 181
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 182
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 183
foreach ( $members as $i => $member )
+ − 184
{
+ − 185
if ( $member['member_id'] == $r['member_id'] )
+ − 186
$members[$i]['is_mod'] = (int)$mod;
+ − 187
}
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 188
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>';
0
+ − 189
}
+ − 190
else
+ − 191
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 192
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>';
0
+ − 193
}
+ − 194
break;
+ − 195
}
+ − 196
+ − 197
$db->free_result();
+ − 198
+ − 199
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
+ − 200
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 201
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 202
echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>';
0
+ − 203
322
+ − 204
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 205
FROM '.table_prefix.'users AS u
+ − 206
LEFT JOIN '.table_prefix.'group_members AS m
+ − 207
ON ( m.user_id = u.user_id )
+ − 208
LEFT JOIN '.table_prefix.'comments AS c
+ − 209
ON ( c.name = u.username )
+ − 210
WHERE m.group_id=' . $gid . '
+ − 211
AND m.pending!=1
+ − 212
AND u.user_id=' . $uid . '
322
+ − 213
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 214
ORDER BY m.is_mod DESC,u.username ASC
+ − 215
LIMIT 1;');
+ − 216
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 217
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 218
+ − 219
$r = $db->fetchrow();
+ − 220
$members[] = $r;
+ − 221
$db->free_result();
+ − 222
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 223
// just added a user to the group, so regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 224
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 225
0
+ − 226
break;
+ − 227
case 'del_users':
+ − 228
foreach ( $members as $i => $member )
+ − 229
{
+ − 230
if ( isset($_POST['del_user'][$member['member_id']]) )
+ − 231
{
+ − 232
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 233
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 234
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 235
unset($members[$i]);
+ − 236
}
+ − 237
}
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 238
// regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 239
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 240
0
+ − 241
break;
+ − 242
case 'pending':
+ − 243
foreach ( $pending as $i => $member )
+ − 244
{
+ − 245
if ( isset( $_POST['with_user'][$member['member_id']]) )
+ − 246
{
+ − 247
if ( isset ( $_POST['do_appr_pending'] ) )
+ − 248
{
+ − 249
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
+ − 250
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 251
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 252
$members[] = $member;
+ − 253
unset($pending[$i]);
+ − 254
continue;
+ − 255
}
+ − 256
elseif ( isset ( $_POST['do_reject_pending'] ) )
+ − 257
{
+ − 258
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 259
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 260
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 261
unset($pending[$i]);
+ − 262
}
+ − 263
}
+ − 264
}
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 265
// memberships updated/changed, regenerate ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 266
generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 267
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 268
echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>';
0
+ − 269
break;
+ − 270
}
+ − 271
}
+ − 272
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 273
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff )
0
+ − 274
{
+ − 275
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
+ − 276
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 277
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 278
echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>';
0
+ − 279
322
+ − 280
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 281
FROM '.table_prefix.'users AS u
+ − 282
LEFT JOIN '.table_prefix.'group_members AS m
+ − 283
ON ( m.user_id = u.user_id )
+ − 284
LEFT JOIN '.table_prefix.'comments AS c
+ − 285
ON ( c.name = u.username )
+ − 286
WHERE m.group_id=' . $gid . '
+ − 287
AND m.pending!=1
+ − 288
AND u.user_id=' . $session->user_id . '
322
+ − 289
GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 290
ORDER BY m.is_mod DESC,u.username ASC
+ − 291
LIMIT 1;');
+ − 292
if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 293
$db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 294
+ − 295
$r = $db->fetchrow();
+ − 296
$members[] = $r;
+ − 297
$db->free_result();
+ − 298
+ − 299
}
+ − 300
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 301
if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff )
0
+ − 302
{
+ − 303
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
+ − 304
if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 305
$db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 306
echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>';
0
+ − 307
}
+ − 308
+ − 309
$state_btns = ( $can_do_admin_stuff ) ?
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 310
'<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 311
<label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 312
<label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 313
<label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>'
0
+ − 314
: $g_state;
+ − 315
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member )
+ − 316
{
+ − 317
if ( $is_pending )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 318
$state_btns .= ' ' . $lang->get('groupcp_msg_status_pending');
0
+ − 319
else
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 320
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />';
0
+ − 321
}
+ − 322
+ − 323
if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member )
+ − 324
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 325
$state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />';
0
+ − 326
}
+ − 327
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 328
$g_name_local = 'groupcp_grp_' . strtolower($row['group_name']);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 329
$str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 330
if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 331
$row['group_name'] = $str;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 332
0
+ − 333
echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data">
+ − 334
<div class="tblholder">
+ − 335
<table border="0" cellspacing="1" cellpadding="4">
+ − 336
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 337
<th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th>
0
+ − 338
</tr>
+ − 339
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 340
<td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 341
<td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td>
0
+ − 342
</tr>
+ − 343
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 344
<td class="row2">' . $lang->get('groupcp_lbl_status') . '</td>
0
+ − 345
<td class="row1">' . $status . '</td>
+ − 346
</tr>
+ − 347
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 348
<td class="row2">' . $lang->get('groupcp_lbl_state') . '</td>
0
+ − 349
<td class="row1">' . $state_btns . '</td>
+ − 350
</tr>
+ − 351
' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? '
+ − 352
<tr>
+ − 353
<th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 354
<input type="submit" value="' . $lang->get('etc_save_changes') . '" />
0
+ − 355
</th>
+ − 356
</tr>
+ − 357
' : '' ) . '
+ − 358
</table>
+ − 359
</div>
+ − 360
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 361
</form>';
+ − 362
if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff )
+ − 363
{
+ − 364
echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data">
+ − 365
<input name="group_id" value="' . $gid . '" type="hidden" />
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 366
<h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2>
0
+ − 367
<div class="tblholder">
+ − 368
<table border="0" cellspacing="1" cellpadding="4">
+ − 369
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 370
<th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 371
<th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 372
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 373
<th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 374
<th>' . $lang->get('groupcp_th_select') . '</th>
0
+ − 375
</tr>';
+ − 376
$cls = 'row2';
+ − 377
foreach ( $pending as $member )
+ − 378
{
+ − 379
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 380
$date = enano_date('F d, Y', $member['reg_time']);
0
+ − 381
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 382
$addy = $email->encryptEmail($member['email']);
+ − 383
+ − 384
echo "<tr>
+ − 385
<td class='{$cls}'>{$member['username']}</td>
+ − 386
<td class='{$cls}'>{$addy}</td>
+ − 387
<td class='{$cls}'>{$date}</td>
322
+ − 388
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 389
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td>
+ − 390
</tr>";
+ − 391
}
+ − 392
echo '</table>
+ − 393
</div>
+ − 394
<div style="margin: 10px 0 0 auto;">
+ − 395
With selected:
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 396
<input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" />
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 397
<input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" />
0
+ − 398
</div>
+ − 399
</form>';
+ − 400
}
+ − 401
echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 402
<h2>' . $lang->get('groupcp_th_group_members') . '</h2>
0
+ − 403
<div class="tblholder">
+ − 404
<table border="0" cellspacing="1" cellpadding="4">
+ − 405
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 406
<th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 407
<th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 408
<th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 409
<th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 410
' . ( ( $can_do_admin_stuff ) ? '
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 411
<th>' . $lang->get('groupcp_th_remove') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 412
' : '' ) . '
0
+ − 413
</tr>
+ − 414
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 415
<th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th>
0
+ − 416
</tr>';
+ − 417
$mod_printed = false;
+ − 418
$mem_printed = false;
+ − 419
$cls = 'row2';
+ − 420
+ − 421
foreach ( $members as $member )
+ − 422
{
+ − 423
if ( $member['is_mod'] != 1 )
+ − 424
break;
+ − 425
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 426
$date = enano_date('F d, Y', $member['reg_time']);
0
+ − 427
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 428
$addy = $email->encryptEmail($member['email']);
+ − 429
+ − 430
$mod_printed = true;
+ − 431
+ − 432
echo "<tr>
+ − 433
<td class='{$cls}'>{$member['username']}</td>
+ − 434
<td class='{$cls}'>{$addy}</td>
+ − 435
<td class='{$cls}'>{$date}</td>
322
+ − 436
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 437
" . ( ( $can_do_admin_stuff ) ? "
+ − 438
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 439
" : '' ) . "
+ − 440
</tr>";
+ − 441
}
+ − 442
if (!$mod_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 443
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>';
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 444
echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>';
0
+ − 445
foreach ( $members as $member )
+ − 446
{
+ − 447
if ( $member['is_mod'] == 1 )
+ − 448
continue;
+ − 449
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 450
$date = enano_date('F d, Y', $member['reg_time']);
0
+ − 451
$cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 452
$addy = $email->encryptEmail($member['email']);
+ − 453
+ − 454
$mem_printed = true;
+ − 455
+ − 456
echo "<tr>
+ − 457
<td class='{$cls}'>{$member['username']}</td>
+ − 458
<td class='{$cls}'>{$addy}</td>
+ − 459
<td class='{$cls}'>{$date}</td>
322
+ − 460
<td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 461
" . ( ( $can_do_admin_stuff ) ? "
+ − 462
<td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 463
" : '' ) . "
+ − 464
</tr>";
+ − 465
}
+ − 466
if (!$mem_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 467
echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>';
0
+ − 468
echo ' </table>
+ − 469
</div>';
+ − 470
if ( $can_do_admin_stuff )
+ − 471
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 472
echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>";
0
+ − 473
}
+ − 474
echo '<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 475
</form>';
+ − 476
if ( $can_do_admin_stuff )
+ − 477
{
+ − 478
echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;">
+ − 479
<div class="tblholder">
+ − 480
<table border="0" cellspacing="1" cellpadding="4">
+ − 481
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 482
<th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th>
0
+ − 483
</tr>
+ − 484
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 485
<td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td>
0
+ − 486
</tr>
+ − 487
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 488
<td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td>
0
+ − 489
</tr>
+ − 490
<tr>
+ − 491
<th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 492
<input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" />
0
+ − 493
</th>
+ − 494
</tr>
+ − 495
</table>
+ − 496
</div>
+ − 497
<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 498
</form>';
+ − 499
}
+ − 500
}
+ − 501
else
+ − 502
{
+ − 503
echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 504
echo '<div class="tblholder">
+ − 505
<table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 506
<tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 507
<th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th>
0
+ − 508
</tr>
+ − 509
<tr>
30
+ − 510
<td class="row2" style="text-align: right; width: 50%;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 511
' . $lang->get('groupcp_lbl_current_memberships') . '
0
+ − 512
</td>
30
+ − 513
<td class="row1" style="width: 50%;">';
0
+ − 514
$taboo = Array('Everyone');
30
+ − 515
if ( sizeof ( $session->groups ) > count($taboo) )
0
+ − 516
{
+ − 517
echo '<select name="group_id">';
+ − 518
foreach ( $session->groups as $id => $group )
+ − 519
{
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 520
$taboo[] = $db->escape($group);
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 521
$group = htmlspecialchars($group);
0
+ − 522
if ( $group != 'Everyone' )
+ − 523
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 524
$g_name_local = 'groupcp_grp_' . strtolower($group);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 525
$str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 526
if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 527
$group = $str;
0
+ − 528
echo '<option value="' . $id . '">' . $group . '</option>';
+ − 529
}
+ − 530
}
+ − 531
echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 532
<input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />';
0
+ − 533
}
+ − 534
else
+ − 535
{
+ − 536
echo 'None';
+ − 537
}
+ − 538
+ − 539
echo '</td>
+ − 540
</tr>';
+ − 541
$taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\'';
+ − 542
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;');
+ − 543
if(!$q)
+ − 544
{
+ − 545
echo $db->get_error();
+ − 546
$template->footer();
+ − 547
return;
+ − 548
}
+ − 549
if($db->numrows() > 0)
+ − 550
{
+ − 551
echo '<tr>
+ − 552
<td class="row2" style="text-align: right;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 553
' . $lang->get('groupcp_lbl_non_memberships') . '
0
+ − 554
</td>
+ − 555
<td class="row1">
+ − 556
<select name="group_id_n">';
+ − 557
while ( $row = $db->fetchrow() )
+ − 558
{
+ − 559
if ( $row['group_name'] != 'Everyone' )
+ − 560
{
357
+ − 561
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>';
0
+ − 562
}
+ − 563
}
+ − 564
echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 565
<input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" />
0
+ − 566
</td>
+ − 567
</tr>
+ − 568
';
+ − 569
}
+ − 570
$db->free_result();
+ − 571
echo '</table>
+ − 572
</div>
+ − 573
</form>';
+ − 574
}
+ − 575
$template->footer();
+ − 576
}
+ − 577
+ − 578
?>