0
+ − 1 <?php
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 2 /**!info**
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 3 {
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 4 "Plugin Name" : "plugin_specialgroups_title",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 5 "Plugin URI" : "http://enanocms.org/",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 6 "Description" : "plugin_specialgroups_desc",
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 7 "Author" : "Dan Fuhry",
564
a1c450a911a6
Updated version number metadata in system plugin files; added some comments and removed unused code from index.php and includes/graphs.php
Dan
diff
changeset
+ − 8 "Version" : "1.1.4",
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 9 "Author URI" : "http://enanocms.org/"
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 10 }
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
diff
changeset
+ − 11 **!*/
0
+ − 12
+ − 13 /*
+ − 14 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
+ − 15 * Version 1.1.4 (Caoineag alpha 4)
0
+ − 16 * Copyright (C) 2007 Dan Fuhry
+ − 17 *
+ − 18 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 19 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 20 *
+ − 21 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 23 */
+ − 24
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 25 $plugins->attachHook('session_started', '
0
+ − 26 global $paths;
+ − 27 $paths->add_page(Array(
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 28 \'name\'=>\'specialpage_groupcp\',
0
+ − 29 \'urlname\'=>\'Usergroups\',
+ − 30 \'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 31 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 32 ));
+ − 33 ');
+ − 34
+ − 35 function page_Special_Usergroups()
+ − 36 {
+ − 37 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 38 global $email; // Import e-mail encryption functions
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 39 global $lang;
0
+ − 40
+ − 41 if ( !$session->user_logged_in )
+ − 42 {
+ − 43 header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page));
+ − 44 $db->close();
+ − 45 exit;
+ − 46 }
+ − 47
+ − 48 $template->header();
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 49 userprefs_show_menu();
0
+ − 50 if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) )
+ − 51 {
+ − 52 $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
+ − 53 if ( empty($gid) || $gid < 1 )
+ − 54 {
+ − 55 die_friendly('Error', '<p>Hacking attempt</p>');
+ − 56 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 57 $q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
0
+ − 58 if ( !$q )
+ − 59 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 60 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 61 }
+ − 62 $row = $db->fetchrow();
+ − 63 $db->free_result();
+ − 64 $members = array();
+ − 65 $pending = array();
322
+ − 66 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments
0
+ − 67 FROM '.table_prefix.'users AS u
+ − 68 LEFT JOIN '.table_prefix.'group_members AS m
+ − 69 ON ( m.user_id = u.user_id )
+ − 70 LEFT JOIN '.table_prefix.'comments AS c
+ − 71 ON ( c.name = u.username )
+ − 72 WHERE m.group_id=' . $gid . '
322
+ − 73 GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending
0
+ − 74 ORDER BY m.is_mod DESC,u.username ASC;');
+ − 75 if ( !$q )
+ − 76 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 77 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 78 }
+ − 79
+ − 80 $is_member = false;
+ − 81 $is_mod = false;
+ − 82 $is_pending = false;
+ − 83
+ − 84 while ( $mr = $db->fetchrow() )
+ − 85 {
+ − 86 if ( $mr['pending'] == 1 )
+ − 87 {
+ − 88 $pending[] = $mr;
+ − 89 if ( $mr['user_id'] == $session->user_id )
+ − 90 {
+ − 91 $is_pending = true;
+ − 92 }
+ − 93 }
+ − 94 else
+ − 95 {
+ − 96 $members[] = $mr;
+ − 97 if ( $mr['user_id'] == $session->user_id )
+ − 98 {
+ − 99 $is_member = true;
+ − 100 if ( $mr['is_mod'] == 1 )
+ − 101 {
+ − 102 $is_mod = true;
+ − 103 }
+ − 104 }
+ − 105 }
+ − 106 }
+ − 107
+ − 108 $status = ( $is_member && $is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 109 ? $lang->get('groupcp_status_mod')
0
+ − 110 : ( ( $is_member && !$is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 111 ? $lang->get('groupcp_status_member')
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 112 : $lang->get('groupcp_status_not_member')
0
+ − 113 );
+ − 114
+ − 115 $can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN );
+ − 116
+ − 117 switch ( $row['group_type'] )
+ − 118 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 119 case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 120 case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 121 case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 122 case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break;
0
+ − 123 }
+ − 124
+ − 125 if ( isset($_GET['act']) && $can_do_admin_stuff )
+ − 126 {
+ − 127 switch($_GET['act'])
+ − 128 {
+ − 129 case 'update':
+ − 130 if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 131 {
+ − 132 die_friendly('ERROR', '<p>Hacking attempt</p>');
+ − 133 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 134 $q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 135 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136 $db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 137 $error = false;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 138 if ( $db->numrows() < 1 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 139 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 140 echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 141 $error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 142 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 143 $r = $db->fetchrow();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 144 if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 145 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 146 echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 147 $error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 148 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 149 if ( !$error )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 150 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 151 $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 152 if (!$q)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 153 $db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 154 $row['group_type'] = $_POST['group_state'];
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 155 echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 156 }
0
+ − 157 break;
+ − 158 case 'adduser':
+ − 159 $username = $_POST['add_username'];
+ − 160 $mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
+ − 161
+ − 162 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
+ − 163 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 164 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 165 if ($db->numrows() < 1)
+ − 166 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 167 echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>';
0
+ − 168 break;
+ − 169 }
+ − 170 $r = $db->fetchrow();
+ − 171 $db->free_result();
+ − 172 $uid = intval($r['user_id']);
+ − 173
+ − 174 // Check if the user is already in the group, and if so, only update modship
+ − 175 $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
+ − 176 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 177 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 178 if ( $db->numrows() > 0 )
+ − 179 {
+ − 180 $r = $db->fetchrow();
+ − 181 if ( (string) $r['is_mod'] != $mod )
+ − 182 {
+ − 183 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
+ − 184 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 185 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 186 foreach ( $members as $i => $member )
+ − 187 {
+ − 188 if ( $member['member_id'] == $r['member_id'] )
+ − 189 $members[$i]['is_mod'] = (int)$mod;
+ − 190 }
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 191 echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>';
0
+ − 192 }
+ − 193 else
+ − 194 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 195 echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>';
0
+ − 196 }
+ − 197 break;
+ − 198 }
+ − 199
+ − 200 $db->free_result();
+ − 201
+ − 202 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
+ − 203 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 204 $db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 205 echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>';
0
+ − 206
322
+ − 207 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 208 FROM '.table_prefix.'users AS u
+ − 209 LEFT JOIN '.table_prefix.'group_members AS m
+ − 210 ON ( m.user_id = u.user_id )
+ − 211 LEFT JOIN '.table_prefix.'comments AS c
+ − 212 ON ( c.name = u.username )
+ − 213 WHERE m.group_id=' . $gid . '
+ − 214 AND m.pending!=1
+ − 215 AND u.user_id=' . $uid . '
322
+ − 216 GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 217 ORDER BY m.is_mod DESC,u.username ASC
+ − 218 LIMIT 1;');
+ − 219 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 220 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 221
+ − 222 $r = $db->fetchrow();
+ − 223 $members[] = $r;
+ − 224 $db->free_result();
+ − 225
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 226 // just added a user to the group, so regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 227 generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 228
0
+ − 229 break;
+ − 230 case 'del_users':
+ − 231 foreach ( $members as $i => $member )
+ − 232 {
+ − 233 if ( isset($_POST['del_user'][$member['member_id']]) )
+ − 234 {
+ − 235 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 236 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 237 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 238 unset($members[$i]);
+ − 239 }
+ − 240 }
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 241 // regenerate the ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 242 generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 243
0
+ − 244 break;
+ − 245 case 'pending':
+ − 246 foreach ( $pending as $i => $member )
+ − 247 {
+ − 248 if ( isset( $_POST['with_user'][$member['member_id']]) )
+ − 249 {
+ − 250 if ( isset ( $_POST['do_appr_pending'] ) )
+ − 251 {
+ − 252 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
+ − 253 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 254 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 255 $members[] = $member;
+ − 256 unset($pending[$i]);
+ − 257 continue;
+ − 258 }
+ − 259 elseif ( isset ( $_POST['do_reject_pending'] ) )
+ − 260 {
+ − 261 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 262 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 263 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 264 unset($pending[$i]);
+ − 265 }
+ − 266 }
+ − 267 }
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 268 // memberships updated/changed, regenerate ranks cache
573
43e7254afdb4
Renamed some functions (that were new in this release anyway) due to compatibility broken with PunBB bridge
Dan
diff
changeset
+ − 269 generate_cache_userranks();
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 270
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 271 echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>';
0
+ − 272 break;
+ − 273 }
+ − 274 }
+ − 275
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 276 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff )
0
+ − 277 {
+ − 278 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
+ − 279 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 280 $db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 281 echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>';
0
+ − 282
322
+ − 283 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 284 FROM '.table_prefix.'users AS u
+ − 285 LEFT JOIN '.table_prefix.'group_members AS m
+ − 286 ON ( m.user_id = u.user_id )
+ − 287 LEFT JOIN '.table_prefix.'comments AS c
+ − 288 ON ( c.name = u.username )
+ − 289 WHERE m.group_id=' . $gid . '
+ − 290 AND m.pending!=1
+ − 291 AND u.user_id=' . $session->user_id . '
322
+ − 292 GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 293 ORDER BY m.is_mod DESC,u.username ASC
+ − 294 LIMIT 1;');
+ − 295 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 296 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 297
+ − 298 $r = $db->fetchrow();
+ − 299 $members[] = $r;
+ − 300 $db->free_result();
+ − 301
+ − 302 }
+ − 303
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 304 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff )
0
+ − 305 {
+ − 306 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
+ − 307 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 308 $db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 309 echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>';
0
+ − 310 }
+ − 311
+ − 312 $state_btns = ( $can_do_admin_stuff ) ?
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 313 '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 314 <label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 315 <label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 316 <label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>'
0
+ − 317 : $g_state;
+ − 318 if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member )
+ − 319 {
+ − 320 if ( $is_pending )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 321 $state_btns .= ' ' . $lang->get('groupcp_msg_status_pending');
0
+ − 322 else
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 323 $state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />';
0
+ − 324 }
+ − 325
+ − 326 if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member )
+ − 327 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 328 $state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />';
0
+ − 329 }
+ − 330
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 331 $g_name_local = 'groupcp_grp_' . strtolower($row['group_name']);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 332 $str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 333 if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 334 $row['group_name'] = $str;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 335
0
+ − 336 echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data">
+ − 337 <div class="tblholder">
+ − 338 <table border="0" cellspacing="1" cellpadding="4">
+ − 339 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 340 <th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th>
0
+ − 341 </tr>
+ − 342 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 343 <td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 344 <td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td>
0
+ − 345 </tr>
+ − 346 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 347 <td class="row2">' . $lang->get('groupcp_lbl_status') . '</td>
0
+ − 348 <td class="row1">' . $status . '</td>
+ − 349 </tr>
+ − 350 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 351 <td class="row2">' . $lang->get('groupcp_lbl_state') . '</td>
0
+ − 352 <td class="row1">' . $state_btns . '</td>
+ − 353 </tr>
+ − 354 ' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? '
+ − 355 <tr>
+ − 356 <th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 357 <input type="submit" value="' . $lang->get('etc_save_changes') . '" />
0
+ − 358 </th>
+ − 359 </tr>
+ − 360 ' : '' ) . '
+ − 361 </table>
+ − 362 </div>
+ − 363 <input name="group_id" value="' . $gid . '" type="hidden" />
+ − 364 </form>';
+ − 365 if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff )
+ − 366 {
+ − 367 echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data">
+ − 368 <input name="group_id" value="' . $gid . '" type="hidden" />
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 369 <h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2>
0
+ − 370 <div class="tblholder">
+ − 371 <table border="0" cellspacing="1" cellpadding="4">
+ − 372 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 373 <th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 374 <th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 375 <th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 376 <th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 377 <th>' . $lang->get('groupcp_th_select') . '</th>
0
+ − 378 </tr>';
+ − 379 $cls = 'row2';
+ − 380 foreach ( $pending as $member )
+ − 381 {
+ − 382
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 383 $date = enano_date('F d, Y', $member['reg_time']);
0
+ − 384 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 385 $addy = $email->encryptEmail($member['email']);
+ − 386
+ − 387 echo "<tr>
+ − 388 <td class='{$cls}'>{$member['username']}</td>
+ − 389 <td class='{$cls}'>{$addy}</td>
+ − 390 <td class='{$cls}'>{$date}</td>
322
+ − 391 <td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 392 <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td>
+ − 393 </tr>";
+ − 394 }
+ − 395 echo '</table>
+ − 396 </div>
+ − 397 <div style="margin: 10px 0 0 auto;">
+ − 398 With selected:
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 399 <input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" />
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 400 <input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" />
0
+ − 401 </div>
+ − 402 </form>';
+ − 403 }
+ − 404 echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 405 <h2>' . $lang->get('groupcp_th_group_members') . '</h2>
0
+ − 406 <div class="tblholder">
+ − 407 <table border="0" cellspacing="1" cellpadding="4">
+ − 408 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 409 <th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 410 <th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 411 <th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 412 <th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 413 ' . ( ( $can_do_admin_stuff ) ? '
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 414 <th>' . $lang->get('groupcp_th_remove') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 415 ' : '' ) . '
0
+ − 416 </tr>
+ − 417 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 418 <th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th>
0
+ − 419 </tr>';
+ − 420 $mod_printed = false;
+ − 421 $mem_printed = false;
+ − 422 $cls = 'row2';
+ − 423
+ − 424 foreach ( $members as $member )
+ − 425 {
+ − 426 if ( $member['is_mod'] != 1 )
+ − 427 break;
+ − 428
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 429 $date = enano_date('F d, Y', $member['reg_time']);
0
+ − 430 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 431 $addy = $email->encryptEmail($member['email']);
+ − 432
+ − 433 $mod_printed = true;
+ − 434
+ − 435 echo "<tr>
+ − 436 <td class='{$cls}'>{$member['username']}</td>
+ − 437 <td class='{$cls}'>{$addy}</td>
+ − 438 <td class='{$cls}'>{$date}</td>
322
+ − 439 <td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 440 " . ( ( $can_do_admin_stuff ) ? "
+ − 441 <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 442 " : '' ) . "
+ − 443 </tr>";
+ − 444 }
+ − 445 if (!$mod_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 446 echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>';
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 447 echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>';
0
+ − 448 foreach ( $members as $member )
+ − 449 {
+ − 450 if ( $member['is_mod'] == 1 )
+ − 451 continue;
+ − 452
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 453 $date = enano_date('F d, Y', $member['reg_time']);
0
+ − 454 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 455 $addy = $email->encryptEmail($member['email']);
+ − 456
+ − 457 $mem_printed = true;
+ − 458
+ − 459 echo "<tr>
+ − 460 <td class='{$cls}'>{$member['username']}</td>
+ − 461 <td class='{$cls}'>{$addy}</td>
+ − 462 <td class='{$cls}'>{$date}</td>
322
+ − 463 <td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 464 " . ( ( $can_do_admin_stuff ) ? "
+ − 465 <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 466 " : '' ) . "
+ − 467 </tr>";
+ − 468 }
+ − 469 if (!$mem_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 470 echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>';
0
+ − 471 echo ' </table>
+ − 472 </div>';
+ − 473 if ( $can_do_admin_stuff )
+ − 474 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 475 echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>";
0
+ − 476 }
+ − 477 echo '<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 478 </form>';
+ − 479 if ( $can_do_admin_stuff )
+ − 480 {
+ − 481 echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;">
+ − 482 <div class="tblholder">
+ − 483 <table border="0" cellspacing="1" cellpadding="4">
+ − 484 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 485 <th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th>
0
+ − 486 </tr>
+ − 487 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 488 <td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td>
0
+ − 489 </tr>
+ − 490 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 491 <td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td>
0
+ − 492 </tr>
+ − 493 <tr>
+ − 494 <th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 495 <input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" />
0
+ − 496 </th>
+ − 497 </tr>
+ − 498 </table>
+ − 499 </div>
+ − 500 <input name="group_id" value="' . $gid . '" type="hidden" />
+ − 501 </form>';
+ − 502 }
+ − 503 }
+ − 504 else
+ − 505 {
+ − 506 echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 507 echo '<div class="tblholder">
+ − 508 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 509 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 510 <th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th>
0
+ − 511 </tr>
+ − 512 <tr>
30
+ − 513 <td class="row2" style="text-align: right; width: 50%;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 514 ' . $lang->get('groupcp_lbl_current_memberships') . '
0
+ − 515 </td>
30
+ − 516 <td class="row1" style="width: 50%;">';
0
+ − 517 $taboo = Array('Everyone');
30
+ − 518 if ( sizeof ( $session->groups ) > count($taboo) )
0
+ − 519 {
+ − 520 echo '<select name="group_id">';
+ − 521 foreach ( $session->groups as $id => $group )
+ − 522 {
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 523 $taboo[] = $db->escape($group);
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 524 $group = htmlspecialchars($group);
0
+ − 525 if ( $group != 'Everyone' )
+ − 526 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 527 $g_name_local = 'groupcp_grp_' . strtolower($group);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 528 $str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 529 if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 530 $group = $str;
0
+ − 531 echo '<option value="' . $id . '">' . $group . '</option>';
+ − 532 }
+ − 533 }
+ − 534 echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 535 <input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />';
0
+ − 536 }
+ − 537 else
+ − 538 {
+ − 539 echo 'None';
+ − 540 }
+ − 541
+ − 542 echo '</td>
+ − 543 </tr>';
+ − 544 $taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\'';
+ − 545 $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;');
+ − 546 if(!$q)
+ − 547 {
+ − 548 echo $db->get_error();
+ − 549 $template->footer();
+ − 550 return;
+ − 551 }
+ − 552 if($db->numrows() > 0)
+ − 553 {
+ − 554 echo '<tr>
+ − 555 <td class="row2" style="text-align: right;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 556 ' . $lang->get('groupcp_lbl_non_memberships') . '
0
+ − 557 </td>
+ − 558 <td class="row1">
+ − 559 <select name="group_id_n">';
+ − 560 while ( $row = $db->fetchrow() )
+ − 561 {
+ − 562 if ( $row['group_name'] != 'Everyone' )
+ − 563 {
357
+ − 564 echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>';
0
+ − 565 }
+ − 566 }
+ − 567 echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 568 <input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" />
0
+ − 569 </td>
+ − 570 </tr>
+ − 571 ';
+ − 572 }
+ − 573 $db->free_result();
+ − 574 echo '</table>
+ − 575 </div>
+ − 576 </form>';
+ − 577 }
+ − 578 $template->footer();
+ − 579 }
+ − 580
+ − 581 ?>