0
+ − 1 <?php
+ − 2 /*
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 3 Plugin Name: plugin_specialgroups_title
36
+ − 4 Plugin URI: http://enanocms.org/
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 5 Description: plugin_specialgroups_desc
0
+ − 6 Author: Dan Fuhry
387
92664d2efab8
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
diff
changeset
+ − 7 Version: 1.1.1
36
+ − 8 Author URI: http://enanocms.org/
0
+ − 9 */
+ − 10
+ − 11 /*
+ − 12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
430
ec90736b9cb9
Started (but disabled) work on the new theme manager, 1.1.2 is being released with this thing halfway done.
Dan
diff
changeset
+ − 13 * Version 1.1.2 (Caoineag alpha 2)
0
+ − 14 * Copyright (C) 2007 Dan Fuhry
+ − 15 *
+ − 16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18 *
+ − 19 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21 */
+ − 22
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 23 $plugins->attachHook('session_started', '
0
+ − 24 global $paths;
+ − 25 $paths->add_page(Array(
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 26 \'name\'=>\'specialpage_groupcp\',
0
+ − 27 \'urlname\'=>\'Usergroups\',
+ − 28 \'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 29 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 30 ));
+ − 31 ');
+ − 32
+ − 33 function page_Special_Usergroups()
+ − 34 {
+ − 35 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 36 global $email; // Import e-mail encryption functions
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 37 global $lang;
0
+ − 38
+ − 39 if ( !$session->user_logged_in )
+ − 40 {
+ − 41 header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page));
+ − 42 $db->close();
+ − 43 exit;
+ − 44 }
+ − 45
+ − 46 $template->header();
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 47 userprefs_show_menu();
0
+ − 48 if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) )
+ − 49 {
+ − 50 $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
+ − 51 if ( empty($gid) || $gid < 1 )
+ − 52 {
+ − 53 die_friendly('Error', '<p>Hacking attempt</p>');
+ − 54 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 55 $q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
0
+ − 56 if ( !$q )
+ − 57 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 58 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 59 }
+ − 60 $row = $db->fetchrow();
+ − 61 $db->free_result();
+ − 62 $members = array();
+ − 63 $pending = array();
322
+ − 64 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments
0
+ − 65 FROM '.table_prefix.'users AS u
+ − 66 LEFT JOIN '.table_prefix.'group_members AS m
+ − 67 ON ( m.user_id = u.user_id )
+ − 68 LEFT JOIN '.table_prefix.'comments AS c
+ − 69 ON ( c.name = u.username )
+ − 70 WHERE m.group_id=' . $gid . '
322
+ − 71 GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending
0
+ − 72 ORDER BY m.is_mod DESC,u.username ASC;');
+ − 73 if ( !$q )
+ − 74 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 75 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 76 }
+ − 77
+ − 78 $is_member = false;
+ − 79 $is_mod = false;
+ − 80 $is_pending = false;
+ − 81
+ − 82 while ( $mr = $db->fetchrow() )
+ − 83 {
+ − 84 if ( $mr['pending'] == 1 )
+ − 85 {
+ − 86 $pending[] = $mr;
+ − 87 if ( $mr['user_id'] == $session->user_id )
+ − 88 {
+ − 89 $is_pending = true;
+ − 90 }
+ − 91 }
+ − 92 else
+ − 93 {
+ − 94 $members[] = $mr;
+ − 95 if ( $mr['user_id'] == $session->user_id )
+ − 96 {
+ − 97 $is_member = true;
+ − 98 if ( $mr['is_mod'] == 1 )
+ − 99 {
+ − 100 $is_mod = true;
+ − 101 }
+ − 102 }
+ − 103 }
+ − 104 }
+ − 105
+ − 106 $status = ( $is_member && $is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 107 ? $lang->get('groupcp_status_mod')
0
+ − 108 : ( ( $is_member && !$is_mod )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 109 ? $lang->get('groupcp_status_member')
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 110 : $lang->get('groupcp_status_not_member')
0
+ − 111 );
+ − 112
+ − 113 $can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN );
+ − 114
+ − 115 switch ( $row['group_type'] )
+ − 116 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 117 case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 118 case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 119 case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 120 case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break;
0
+ − 121 }
+ − 122
+ − 123 if ( isset($_GET['act']) && $can_do_admin_stuff )
+ − 124 {
+ − 125 switch($_GET['act'])
+ − 126 {
+ − 127 case 'update':
+ − 128 if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 129 {
+ − 130 die_friendly('ERROR', '<p>Hacking attempt</p>');
+ − 131 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 132 $q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 133 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 134 $db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 135 $error = false;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136 if ( $db->numrows() < 1 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 137 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 138 echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 139 $error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 140 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 141 $r = $db->fetchrow();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 142 if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 143 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 144 echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 145 $error = true;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 146 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 147 if ( !$error )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 148 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 149 $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 150 if (!$q)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 151 $db->_die('SpecialGroups.php, line ' . __LINE__);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 152 $row['group_type'] = $_POST['group_state'];
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 153 echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 154 }
0
+ − 155 break;
+ − 156 case 'adduser':
+ − 157 $username = $_POST['add_username'];
+ − 158 $mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
+ − 159
+ − 160 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
+ − 161 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 162 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 163 if ($db->numrows() < 1)
+ − 164 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 165 echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>';
0
+ − 166 break;
+ − 167 }
+ − 168 $r = $db->fetchrow();
+ − 169 $db->free_result();
+ − 170 $uid = intval($r['user_id']);
+ − 171
+ − 172 // Check if the user is already in the group, and if so, only update modship
+ − 173 $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
+ − 174 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 175 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 176 if ( $db->numrows() > 0 )
+ − 177 {
+ − 178 $r = $db->fetchrow();
+ − 179 if ( (string) $r['is_mod'] != $mod )
+ − 180 {
+ − 181 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
+ − 182 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 183 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 184 foreach ( $members as $i => $member )
+ − 185 {
+ − 186 if ( $member['member_id'] == $r['member_id'] )
+ − 187 $members[$i]['is_mod'] = (int)$mod;
+ − 188 }
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 189 echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>';
0
+ − 190 }
+ − 191 else
+ − 192 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 193 echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>';
0
+ − 194 }
+ − 195 break;
+ − 196 }
+ − 197
+ − 198 $db->free_result();
+ − 199
+ − 200 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
+ − 201 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 202 $db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 203 echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>';
0
+ − 204
322
+ − 205 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 206 FROM '.table_prefix.'users AS u
+ − 207 LEFT JOIN '.table_prefix.'group_members AS m
+ − 208 ON ( m.user_id = u.user_id )
+ − 209 LEFT JOIN '.table_prefix.'comments AS c
+ − 210 ON ( c.name = u.username )
+ − 211 WHERE m.group_id=' . $gid . '
+ − 212 AND m.pending!=1
+ − 213 AND u.user_id=' . $uid . '
322
+ − 214 GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 215 ORDER BY m.is_mod DESC,u.username ASC
+ − 216 LIMIT 1;');
+ − 217 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 218 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 219
+ − 220 $r = $db->fetchrow();
+ − 221 $members[] = $r;
+ − 222 $db->free_result();
+ − 223
+ − 224 break;
+ − 225 case 'del_users':
+ − 226 foreach ( $members as $i => $member )
+ − 227 {
+ − 228 if ( isset($_POST['del_user'][$member['member_id']]) )
+ − 229 {
+ − 230 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 231 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 232 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 233 unset($members[$i]);
+ − 234 }
+ − 235 }
+ − 236 break;
+ − 237 case 'pending':
+ − 238 foreach ( $pending as $i => $member )
+ − 239 {
+ − 240 if ( isset( $_POST['with_user'][$member['member_id']]) )
+ − 241 {
+ − 242 if ( isset ( $_POST['do_appr_pending'] ) )
+ − 243 {
+ − 244 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
+ − 245 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 246 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 247 $members[] = $member;
+ − 248 unset($pending[$i]);
+ − 249 continue;
+ − 250 }
+ − 251 elseif ( isset ( $_POST['do_reject_pending'] ) )
+ − 252 {
+ − 253 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
+ − 254 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 255 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 256 unset($pending[$i]);
+ − 257 }
+ − 258 }
+ − 259 }
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 260 echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>';
0
+ − 261 break;
+ − 262 }
+ − 263 }
+ − 264
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 265 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff )
0
+ − 266 {
+ − 267 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
+ − 268 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 269 $db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 270 echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>';
0
+ − 271
322
+ − 272 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments
0
+ − 273 FROM '.table_prefix.'users AS u
+ − 274 LEFT JOIN '.table_prefix.'group_members AS m
+ − 275 ON ( m.user_id = u.user_id )
+ − 276 LEFT JOIN '.table_prefix.'comments AS c
+ − 277 ON ( c.name = u.username )
+ − 278 WHERE m.group_id=' . $gid . '
+ − 279 AND m.pending!=1
+ − 280 AND u.user_id=' . $session->user_id . '
322
+ − 281 GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod
0
+ − 282 ORDER BY m.is_mod DESC,u.username ASC
+ − 283 LIMIT 1;');
+ − 284 if ( !$q )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 285 $db->_die('SpecialGroups.php, line ' . __LINE__);
0
+ − 286
+ − 287 $r = $db->fetchrow();
+ − 288 $members[] = $r;
+ − 289 $db->free_result();
+ − 290
+ − 291 }
+ − 292
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 293 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff )
0
+ − 294 {
+ − 295 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
+ − 296 if (!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 297 $db->_die('SpecialGroups.php, line ' . __LINE__);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 298 echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>';
0
+ − 299 }
+ − 300
+ − 301 $state_btns = ( $can_do_admin_stuff ) ?
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 302 '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 303 <label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 304 <label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 305 <label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>'
0
+ − 306 : $g_state;
+ − 307 if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member )
+ − 308 {
+ − 309 if ( $is_pending )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 310 $state_btns .= ' ' . $lang->get('groupcp_msg_status_pending');
0
+ − 311 else
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 312 $state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />';
0
+ − 313 }
+ − 314
+ − 315 if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member )
+ − 316 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 317 $state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />';
0
+ − 318 }
+ − 319
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 320 $g_name_local = 'groupcp_grp_' . strtolower($row['group_name']);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 321 $str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 322 if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 323 $row['group_name'] = $str;
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 324
0
+ − 325 echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data">
+ − 326 <div class="tblholder">
+ − 327 <table border="0" cellspacing="1" cellpadding="4">
+ − 328 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 329 <th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th>
0
+ − 330 </tr>
+ − 331 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 332 <td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 333 <td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td>
0
+ − 334 </tr>
+ − 335 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 336 <td class="row2">' . $lang->get('groupcp_lbl_status') . '</td>
0
+ − 337 <td class="row1">' . $status . '</td>
+ − 338 </tr>
+ − 339 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 340 <td class="row2">' . $lang->get('groupcp_lbl_state') . '</td>
0
+ − 341 <td class="row1">' . $state_btns . '</td>
+ − 342 </tr>
+ − 343 ' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? '
+ − 344 <tr>
+ − 345 <th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 346 <input type="submit" value="' . $lang->get('etc_save_changes') . '" />
0
+ − 347 </th>
+ − 348 </tr>
+ − 349 ' : '' ) . '
+ − 350 </table>
+ − 351 </div>
+ − 352 <input name="group_id" value="' . $gid . '" type="hidden" />
+ − 353 </form>';
+ − 354 if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff )
+ − 355 {
+ − 356 echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data">
+ − 357 <input name="group_id" value="' . $gid . '" type="hidden" />
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 358 <h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2>
0
+ − 359 <div class="tblholder">
+ − 360 <table border="0" cellspacing="1" cellpadding="4">
+ − 361 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 362 <th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 363 <th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 364 <th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 365 <th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 366 <th>' . $lang->get('groupcp_th_select') . '</th>
0
+ − 367 </tr>';
+ − 368 $cls = 'row2';
+ − 369 foreach ( $pending as $member )
+ − 370 {
+ − 371
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 372 $date = enano_date('F d, Y', $member['reg_time']);
0
+ − 373 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 374 $addy = $email->encryptEmail($member['email']);
+ − 375
+ − 376 echo "<tr>
+ − 377 <td class='{$cls}'>{$member['username']}</td>
+ − 378 <td class='{$cls}'>{$addy}</td>
+ − 379 <td class='{$cls}'>{$date}</td>
322
+ − 380 <td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 381 <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td>
+ − 382 </tr>";
+ − 383 }
+ − 384 echo '</table>
+ − 385 </div>
+ − 386 <div style="margin: 10px 0 0 auto;">
+ − 387 With selected:
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 388 <input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" />
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 389 <input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" />
0
+ − 390 </div>
+ − 391 </form>';
+ − 392 }
+ − 393 echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 394 <h2>' . $lang->get('groupcp_th_group_members') . '</h2>
0
+ − 395 <div class="tblholder">
+ − 396 <table border="0" cellspacing="1" cellpadding="4">
+ − 397 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 398 <th>' . $lang->get('groupcp_th_username') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 399 <th>' . $lang->get('groupcp_th_email') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 400 <th>' . $lang->get('groupcp_th_reg_time') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 401 <th>' . $lang->get('groupcp_th_comments') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 402 ' . ( ( $can_do_admin_stuff ) ? '
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 403 <th>' . $lang->get('groupcp_th_remove') . '</th>
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 404 ' : '' ) . '
0
+ − 405 </tr>
+ − 406 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 407 <th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th>
0
+ − 408 </tr>';
+ − 409 $mod_printed = false;
+ − 410 $mem_printed = false;
+ − 411 $cls = 'row2';
+ − 412
+ − 413 foreach ( $members as $member )
+ − 414 {
+ − 415 if ( $member['is_mod'] != 1 )
+ − 416 break;
+ − 417
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 418 $date = enano_date('F d, Y', $member['reg_time']);
0
+ − 419 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 420 $addy = $email->encryptEmail($member['email']);
+ − 421
+ − 422 $mod_printed = true;
+ − 423
+ − 424 echo "<tr>
+ − 425 <td class='{$cls}'>{$member['username']}</td>
+ − 426 <td class='{$cls}'>{$addy}</td>
+ − 427 <td class='{$cls}'>{$date}</td>
322
+ − 428 <td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 429 " . ( ( $can_do_admin_stuff ) ? "
+ − 430 <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 431 " : '' ) . "
+ − 432 </tr>";
+ − 433 }
+ − 434 if (!$mod_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 435 echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>';
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 436 echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>';
0
+ − 437 foreach ( $members as $member )
+ − 438 {
+ − 439 if ( $member['is_mod'] == 1 )
+ − 440 continue;
+ − 441
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 442 $date = enano_date('F d, Y', $member['reg_time']);
0
+ − 443 $cls = ( $cls == 'row2' ) ? 'row1' : 'row2';
+ − 444 $addy = $email->encryptEmail($member['email']);
+ − 445
+ − 446 $mem_printed = true;
+ − 447
+ − 448 echo "<tr>
+ − 449 <td class='{$cls}'>{$member['username']}</td>
+ − 450 <td class='{$cls}'>{$addy}</td>
+ − 451 <td class='{$cls}'>{$date}</td>
322
+ − 452 <td class='{$cls}'>{$member['num_comments']}</td>
0
+ − 453 " . ( ( $can_do_admin_stuff ) ? "
+ − 454 <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td>
+ − 455 " : '' ) . "
+ − 456 </tr>";
+ − 457 }
+ − 458 if (!$mem_printed)
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 459 echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>';
0
+ − 460 echo ' </table>
+ − 461 </div>';
+ − 462 if ( $can_do_admin_stuff )
+ − 463 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 464 echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>";
0
+ − 465 }
+ − 466 echo '<input name="group_id" value="' . $gid . '" type="hidden" />
+ − 467 </form>';
+ − 468 if ( $can_do_admin_stuff )
+ − 469 {
+ − 470 echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;">
+ − 471 <div class="tblholder">
+ − 472 <table border="0" cellspacing="1" cellpadding="4">
+ − 473 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 474 <th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th>
0
+ − 475 </tr>
+ − 476 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 477 <td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td>
0
+ − 478 </tr>
+ − 479 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 480 <td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td>
0
+ − 481 </tr>
+ − 482 <tr>
+ − 483 <th class="subhead" colspan="2">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 484 <input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" />
0
+ − 485 </th>
+ − 486 </tr>
+ − 487 </table>
+ − 488 </div>
+ − 489 <input name="group_id" value="' . $gid . '" type="hidden" />
+ − 490 </form>';
+ − 491 }
+ − 492 }
+ − 493 else
+ − 494 {
+ − 495 echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 496 echo '<div class="tblholder">
+ − 497 <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">
+ − 498 <tr>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 499 <th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th>
0
+ − 500 </tr>
+ − 501 <tr>
30
+ − 502 <td class="row2" style="text-align: right; width: 50%;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 503 ' . $lang->get('groupcp_lbl_current_memberships') . '
0
+ − 504 </td>
30
+ − 505 <td class="row1" style="width: 50%;">';
0
+ − 506 $taboo = Array('Everyone');
30
+ − 507 if ( sizeof ( $session->groups ) > count($taboo) )
0
+ − 508 {
+ − 509 echo '<select name="group_id">';
+ − 510 foreach ( $session->groups as $id => $group )
+ − 511 {
447
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 512 $taboo[] = $db->escape($group);
a9a3789ce02d
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
Dan
diff
changeset
+ − 513 $group = htmlspecialchars($group);
0
+ − 514 if ( $group != 'Everyone' )
+ − 515 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 516 $g_name_local = 'groupcp_grp_' . strtolower($group);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 517 $str = $lang->get($g_name_local);
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 518 if ( $str != $g_name_local )
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 519 $group = $str;
0
+ − 520 echo '<option value="' . $id . '">' . $group . '</option>';
+ − 521 }
+ − 522 }
+ − 523 echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 524 <input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />';
0
+ − 525 }
+ − 526 else
+ − 527 {
+ − 528 echo 'None';
+ − 529 }
+ − 530
+ − 531 echo '</td>
+ − 532 </tr>';
+ − 533 $taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\'';
+ − 534 $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;');
+ − 535 if(!$q)
+ − 536 {
+ − 537 echo $db->get_error();
+ − 538 $template->footer();
+ − 539 return;
+ − 540 }
+ − 541 if($db->numrows() > 0)
+ − 542 {
+ − 543 echo '<tr>
+ − 544 <td class="row2" style="text-align: right;">
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 545 ' . $lang->get('groupcp_lbl_non_memberships') . '
0
+ − 546 </td>
+ − 547 <td class="row1">
+ − 548 <select name="group_id_n">';
+ − 549 while ( $row = $db->fetchrow() )
+ − 550 {
+ − 551 if ( $row['group_name'] != 'Everyone' )
+ − 552 {
357
+ − 553 echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>';
0
+ − 554 }
+ − 555 }
+ − 556 echo '</select>
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 557 <input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" />
0
+ − 558 </td>
+ − 559 </tr>
+ − 560 ';
+ − 561 }
+ − 562 $db->free_result();
+ − 563 echo '</table>
+ − 564 </div>
+ − 565 </form>';
+ − 566 }
+ − 567 $template->footer();
+ − 568 }
+ − 569
+ − 570 ?>