2 /* |
2 /* |
3 Plugin Name: Group control panel |
3 Plugin Name: Group control panel |
4 Plugin URI: http://enanocms.org/ |
4 Plugin URI: http://enanocms.org/ |
5 Description: Provides group moderators and site administrators with the ability to control who is part of their groups. |
5 Description: Provides group moderators and site administrators with the ability to control who is part of their groups. |
6 Author: Dan Fuhry |
6 Author: Dan Fuhry |
7 Version: 1.0.1 |
7 Version: 1.0.2 |
8 Author URI: http://enanocms.org/ |
8 Author URI: http://enanocms.org/ |
9 */ |
9 */ |
10 |
10 |
11 /* |
11 /* |
12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
13 * Version 1.0 release candidate 2 |
13 * Version 1.0.2 |
14 * Copyright (C) 2007 Dan Fuhry |
14 * Copyright (C) 2007 Dan Fuhry |
15 * |
15 * |
16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
18 * |
18 * |
48 $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); |
48 $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); |
49 if ( empty($gid) || $gid < 1 ) |
49 if ( empty($gid) || $gid < 1 ) |
50 { |
50 { |
51 die_friendly('Error', '<p>Hacking attempt</p>'); |
51 die_friendly('Error', '<p>Hacking attempt</p>'); |
52 } |
52 } |
53 $q = $db->sql_query('SELECT group_name,group_type FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); |
53 $q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); |
54 if ( !$q ) |
54 if ( !$q ) |
55 { |
55 { |
56 $db->_die(); |
56 $db->_die('SpecialGroups.php, line ' . __LINE__); |
57 } |
57 } |
58 $row = $db->fetchrow(); |
58 $row = $db->fetchrow(); |
59 $db->free_result(); |
59 $db->free_result(); |
60 $members = array(); |
60 $members = array(); |
61 $pending = array(); |
61 $pending = array(); |
125 case 'update': |
125 case 'update': |
126 if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
126 if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
127 { |
127 { |
128 die_friendly('ERROR', '<p>Hacking attempt</p>'); |
128 die_friendly('ERROR', '<p>Hacking attempt</p>'); |
129 } |
129 } |
130 $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
130 $q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
131 if (!$q) |
131 if ( !$q ) |
132 $db->_die(); |
132 $db->_die('SpecialGroups.php, line ' . __LINE__); |
133 $row['group_type'] = $_POST['group_state']; |
133 $error = false; |
134 echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>'; |
134 if ( $db->numrows() < 1 ) |
|
135 { |
|
136 echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>'; |
|
137 $error = true; |
|
138 } |
|
139 $r = $db->fetchrow(); |
|
140 if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) ) |
|
141 { |
|
142 echo '<div class="error-box" style="margin-left: 0;">Because this is a system group, you can\'t make it open or allow membership requests.</div>'; |
|
143 $error = true; |
|
144 } |
|
145 if ( !$error ) |
|
146 { |
|
147 $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); |
|
148 if (!$q) |
|
149 $db->_die('SpecialGroups.php, line ' . __LINE__); |
|
150 $row['group_type'] = $_POST['group_state']; |
|
151 echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>'; |
|
152 } |
135 break; |
153 break; |
136 case 'adduser': |
154 case 'adduser': |
137 $username = $_POST['add_username']; |
155 $username = $_POST['add_username']; |
138 $mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; |
156 $mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; |
139 |
157 |
140 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); |
158 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); |
141 if (!$q) |
159 if (!$q) |
142 $db->_die(); |
160 $db->_die('SpecialGroups.php, line ' . __LINE__); |
143 if ($db->numrows() < 1) |
161 if ($db->numrows() < 1) |
144 { |
162 { |
145 echo '<div class="error-box">The username you entered could not be found.</div>'; |
163 echo '<div class="error-box">The username you entered could not be found.</div>'; |
146 break; |
164 break; |
147 } |
165 } |
150 $uid = intval($r['user_id']); |
168 $uid = intval($r['user_id']); |
151 |
169 |
152 // Check if the user is already in the group, and if so, only update modship |
170 // Check if the user is already in the group, and if so, only update modship |
153 $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); |
171 $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); |
154 if ( !$q ) |
172 if ( !$q ) |
155 $db->_die(); |
173 $db->_die('SpecialGroups.php, line ' . __LINE__); |
156 if ( $db->numrows() > 0 ) |
174 if ( $db->numrows() > 0 ) |
157 { |
175 { |
158 $r = $db->fetchrow(); |
176 $r = $db->fetchrow(); |
159 if ( (string) $r['is_mod'] != $mod ) |
177 if ( (string) $r['is_mod'] != $mod ) |
160 { |
178 { |
161 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); |
179 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); |
162 if ( !$q ) |
180 if ( !$q ) |
163 $db->_die(); |
181 $db->_die('SpecialGroups.php, line ' . __LINE__); |
164 foreach ( $members as $i => $member ) |
182 foreach ( $members as $i => $member ) |
165 { |
183 { |
166 if ( $member['member_id'] == $r['member_id'] ) |
184 if ( $member['member_id'] == $r['member_id'] ) |
167 $members[$i]['is_mod'] = (int)$mod; |
185 $members[$i]['is_mod'] = (int)$mod; |
168 } |
186 } |
177 |
195 |
178 $db->free_result(); |
196 $db->free_result(); |
179 |
197 |
180 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); |
198 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); |
181 if (!$q) |
199 if (!$q) |
182 $db->_die(); |
200 $db->_die('SpecialGroups.php, line ' . __LINE__); |
183 echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>'; |
201 echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>'; |
184 |
202 |
185 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) |
203 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) |
186 FROM '.table_prefix.'users AS u |
204 FROM '.table_prefix.'users AS u |
187 LEFT JOIN '.table_prefix.'group_members AS m |
205 LEFT JOIN '.table_prefix.'group_members AS m |
221 { |
239 { |
222 if ( isset ( $_POST['do_appr_pending'] ) ) |
240 if ( isset ( $_POST['do_appr_pending'] ) ) |
223 { |
241 { |
224 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); |
242 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); |
225 if (!$q) |
243 if (!$q) |
226 $db->_die(); |
244 $db->_die('SpecialGroups.php, line ' . __LINE__); |
227 $members[] = $member; |
245 $members[] = $member; |
228 unset($pending[$i]); |
246 unset($pending[$i]); |
229 continue; |
247 continue; |
230 } |
248 } |
231 elseif ( isset ( $_POST['do_reject_pending'] ) ) |
249 elseif ( isset ( $_POST['do_reject_pending'] ) ) |
232 { |
250 { |
233 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
251 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); |
234 if (!$q) |
252 if (!$q) |
235 $db->_die(); |
253 $db->_die('SpecialGroups.php, line ' . __LINE__); |
236 unset($pending[$i]); |
254 unset($pending[$i]); |
237 } |
255 } |
238 } |
256 } |
239 } |
257 } |
240 echo '<div class="info-box">Pending members status updated successfully.</div>'; |
258 echo '<div class="info-box">Pending members status updated successfully.</div>'; |
244 |
262 |
245 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN ) |
263 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN ) |
246 { |
264 { |
247 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); |
265 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); |
248 if (!$q) |
266 if (!$q) |
249 $db->_die(); |
267 $db->_die('SpecialGroups.php, line ' . __LINE__); |
250 echo '<div class="info-box">You have been added to this group.</div>'; |
268 echo '<div class="info-box">You have been added to this group.</div>'; |
251 |
269 |
252 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) |
270 $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) |
253 FROM '.table_prefix.'users AS u |
271 FROM '.table_prefix.'users AS u |
254 LEFT JOIN '.table_prefix.'group_members AS m |
272 LEFT JOIN '.table_prefix.'group_members AS m |
272 |
290 |
273 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending ) |
291 if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending ) |
274 { |
292 { |
275 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); |
293 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); |
276 if (!$q) |
294 if (!$q) |
277 $db->_die(); |
295 $db->_die('SpecialGroups.php, line ' . __LINE__); |
278 echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>'; |
296 echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>'; |
279 } |
297 } |
280 |
298 |
281 $state_btns = ( $can_do_admin_stuff ) ? |
299 $state_btns = ( $can_do_admin_stuff ) ? |
282 '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label> |
300 '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label> |
303 <tr> |
321 <tr> |
304 <th colspan="2">Group information</th> |
322 <th colspan="2">Group information</th> |
305 </tr> |
323 </tr> |
306 <tr> |
324 <tr> |
307 <td class="row2">Group name:</td> |
325 <td class="row2">Group name:</td> |
308 <td class="row1">' . $row['group_name'] . '</td> |
326 <td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' (system group)' : '' ) . '</td> |
309 </tr> |
327 </tr> |
310 <tr> |
328 <tr> |
311 <td class="row2">Membership status:</td> |
329 <td class="row2">Membership status:</td> |
312 <td class="row1">' . $status . '</td> |
330 <td class="row1">' . $status . '</td> |
313 </tr> |
331 </tr> |