32 RANK_ID_GUEST |
32 RANK_ID_GUEST |
33 ); |
33 ); |
34 |
34 |
35 if ( $paths->getParam(0) == 'action.json' ) |
35 if ( $paths->getParam(0) == 'action.json' ) |
36 { |
36 { |
37 // ajax call |
37 // ajax call, try to decode json request |
|
38 header('Content-type: application/json'); |
|
39 |
|
40 if ( !isset($_POST['r']) ) |
|
41 { |
|
42 echo enano_json_encode(array( |
|
43 'mode' => 'error', |
|
44 'error' => 'Missing JSON request payload' |
|
45 )); |
|
46 return true; |
|
47 } |
|
48 try |
|
49 { |
|
50 $request = enano_json_decode($_POST['r']); |
|
51 } |
|
52 catch ( Exception $e ) |
|
53 { |
|
54 echo enano_json_encode(array( |
|
55 'mode' => 'error', |
|
56 'error' => 'Invalid JSON request payload' |
|
57 )); |
|
58 return true; |
|
59 } |
|
60 |
|
61 if ( !isset($request['mode']) ) |
|
62 { |
|
63 echo enano_json_encode(array( |
|
64 'mode' => 'error', |
|
65 'error' => 'JSON request payload does not contain required parameter "mode"' |
|
66 )); |
|
67 return true; |
|
68 } |
|
69 |
|
70 // we've got it |
|
71 switch ( $request['mode'] ) |
|
72 { |
|
73 case 'get_rank': |
|
74 // easy enough, get a rank from the DB |
|
75 $rank_id = intval(@$request['rank_id']); |
|
76 if ( empty($rank_id) ) |
|
77 { |
|
78 echo enano_json_encode(array( |
|
79 'mode' => 'error', |
|
80 'error' => 'Missing rank ID' |
|
81 )); |
|
82 return true; |
|
83 } |
|
84 // query and fetch |
|
85 $q = $db->sql_query('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;"); |
|
86 if ( !$q || $db->numrows() < 1 ) |
|
87 $db->die_json(); |
|
88 |
|
89 $row = $db->fetchrow(); |
|
90 $db->free_result(); |
|
91 |
|
92 // why does mysql do this? |
|
93 $row['rank_id'] = intval($row['rank_id']); |
|
94 echo enano_json_encode($row); |
|
95 break; |
|
96 case 'save_rank': |
|
97 // easy enough, get a rank from the DB |
|
98 $rank_id = intval(@$request['rank_id']); |
|
99 // note - an empty rank_style field is permitted |
|
100 if ( empty($rank_id) ) |
|
101 { |
|
102 echo enano_json_encode(array( |
|
103 'mode' => 'error', |
|
104 'error' => 'Missing rank ID' |
|
105 )); |
|
106 return true; |
|
107 } |
|
108 |
|
109 if ( empty($request['rank_title']) ) |
|
110 { |
|
111 echo enano_json_encode(array( |
|
112 'mode' => 'error', |
|
113 'error' => $lang->get('acpur_err_missing_rank_title') |
|
114 )); |
|
115 return true; |
|
116 } |
|
117 |
|
118 // perform update |
|
119 $rank_title = $db->escape($request['rank_title']); |
|
120 $rank_style = $db->escape(@$request['rank_style']); |
|
121 $q = $db->sql_query('UPDATE ' . table_prefix . "ranks SET rank_title = '$rank_title', rank_style = '$rank_style' WHERE rank_id = $rank_id;"); |
|
122 |
|
123 echo enano_json_encode(array( |
|
124 'mode' => 'success' |
|
125 )); |
|
126 break; |
|
127 case 'create_rank': |
|
128 if ( empty($request['rank_title']) ) |
|
129 { |
|
130 echo enano_json_encode(array( |
|
131 'mode' => 'error', |
|
132 'error' => $lang->get('acpur_err_missing_rank_title') |
|
133 )); |
|
134 return true; |
|
135 } |
|
136 |
|
137 $rank_title = $db->escape($request['rank_title']); |
|
138 $rank_style = $db->escape(@$request['rank_style']); |
|
139 |
|
140 // perform insert |
|
141 $q = $db->sql_query('INSERT INTO ' . table_prefix . "ranks ( rank_title, rank_style ) VALUES\n" |
|
142 . " ( '$rank_title', '$rank_style' );"); |
|
143 if ( !$q ) |
|
144 $db->die_json(); |
|
145 |
|
146 $rank_id = $db->insert_id(); |
|
147 if ( !$rank_id ) |
|
148 { |
|
149 echo enano_json_encode(array( |
|
150 'mode' => 'error', |
|
151 'error' => 'Refetch of rank ID failed' |
|
152 )); |
|
153 return true; |
|
154 } |
|
155 |
|
156 echo enano_json_encode(array( |
|
157 'mode' => 'success', |
|
158 'rank_id' => $rank_id |
|
159 )); |
|
160 break; |
|
161 case 'delete_rank': |
|
162 // nuke a rank |
|
163 $rank_id = intval(@$request['rank_id']); |
|
164 if ( empty($rank_id) ) |
|
165 { |
|
166 echo enano_json_encode(array( |
|
167 'mode' => 'error', |
|
168 'error' => 'Missing rank ID' |
|
169 )); |
|
170 return true; |
|
171 } |
|
172 |
|
173 // is this rank protected (e.g. a system rank)? |
|
174 if ( in_array($rank_id, $protected_ranks) ) |
|
175 { |
|
176 echo enano_json_encode(array( |
|
177 'mode' => 'error', |
|
178 'error' => $lang->get('acpur_err_cant_delete_system_rank') |
|
179 )); |
|
180 return true; |
|
181 } |
|
182 |
|
183 // unset any user and groups that might be using it |
|
184 $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_rank = NULL WHERE user_rank = $rank_id;"); |
|
185 if ( !$q ) |
|
186 $db->die_json(); |
|
187 $q = $db->sql_query('UPDATE ' . table_prefix . "groups SET group_rank = NULL WHERE group_rank = $rank_id;"); |
|
188 if ( !$q ) |
|
189 $db->die_json(); |
|
190 |
|
191 // now remove the rank itself |
|
192 $q = $db->sql_query('DELETE FROM ' . table_prefix . "ranks WHERE rank_id = $rank_id;"); |
|
193 if ( !$q ) |
|
194 $db->_die(); |
|
195 |
|
196 echo enano_json_encode(array( |
|
197 'mode' => 'success' |
|
198 )); |
|
199 break; |
|
200 default: |
|
201 echo enano_json_encode(array( |
|
202 'mode' => 'error', |
|
203 'error' => 'Unknown requested operation' |
|
204 )); |
|
205 return true; |
|
206 } |
38 return true; |
207 return true; |
39 } |
208 } |
40 |
209 |
41 // draw initial interface |
210 // draw initial interface |
42 // yes, four paragraphs of introduction. Suck it up. |
211 // yes, four paragraphs of introduction. Suck it up. |
58 // rank titles can be stored as language strings, so have the language manager fetch this |
227 // rank titles can be stored as language strings, so have the language manager fetch this |
59 // normally it refetches (which takes time) if a string isn't found, but it won't try to fetch |
228 // normally it refetches (which takes time) if a string isn't found, but it won't try to fetch |
60 // a string that isn't in the category_stringid format |
229 // a string that isn't in the category_stringid format |
61 $rank_title = $lang->get($row['rank_title']); |
230 $rank_title = $lang->get($row['rank_title']); |
62 // FIXME: make sure htmlspecialchars() is escaping quotes and backslashes |
231 // FIXME: make sure htmlspecialchars() is escaping quotes and backslashes |
63 echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '">' . htmlspecialchars($rank_title) . '</a> '; |
232 echo '<a href="#rank_edit:' . $row['rank_id'] . '" onclick="ajaxInitRankEdit(' . $row['rank_id'] . '); return false;" class="rankadmin-editlink" style="' . htmlspecialchars($row['rank_style']) . '" id="rankadmin_editlink_' . $row['rank_id'] . '">' . htmlspecialchars($rank_title) . '</a> '; |
64 } |
233 } |
|
234 echo '<a href="#rank_create" onclick="ajaxInitRankCreate(); return false;" class="rankadmin-editlink rankadmin-createlink" id="rankadmin_createlink">' . $lang->get('acpur_btn_create_init') . '</a> '; |
65 echo '</div>'; |
235 echo '</div>'; |
66 |
236 |
67 echo '<div class="rankadmin-right" id="admin_ranks_container_right">'; |
237 echo '<div class="rankadmin-right" id="admin_ranks_container_right">'; |
68 echo $lang->get('acpur_msg_select_rank'); |
238 echo $lang->get('acpur_msg_select_rank'); |
69 echo '</div>'; |
239 echo '</div>'; |