plugins/SpecialGroups.php
changeset 194 bf0fdec102e9
parent 192 9237767a23ae
child 317 f8356d9c3481
equal deleted inserted replaced
192:9237767a23ae 194:bf0fdec102e9
    48     $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
    48     $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']);
    49     if ( empty($gid) || $gid < 1 )
    49     if ( empty($gid) || $gid < 1 )
    50     {
    50     {
    51       die_friendly('Error', '<p>Hacking attempt</p>');
    51       die_friendly('Error', '<p>Hacking attempt</p>');
    52     }
    52     }
    53     $q = $db->sql_query('SELECT group_name,group_type FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
    53     $q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
    54     if ( !$q )
    54     if ( !$q )
    55     {
    55     {
    56       $db->_die();
    56       $db->_die('SpecialGroups.php, line ' . __LINE__);
    57     }
    57     }
    58     $row = $db->fetchrow();
    58     $row = $db->fetchrow();
    59     $db->free_result();
    59     $db->free_result();
    60     $members = array();
    60     $members = array();
    61     $pending = array();
    61     $pending = array();
    68                            WHERE m.group_id=' . $gid . '
    68                            WHERE m.group_id=' . $gid . '
    69                            GROUP BY u.user_id
    69                            GROUP BY u.user_id
    70                            ORDER BY m.is_mod DESC,u.username ASC;');
    70                            ORDER BY m.is_mod DESC,u.username ASC;');
    71     if ( !$q )
    71     if ( !$q )
    72     {
    72     {
    73       $db->_die();
    73       $db->_die('SpecialGroups.php, line ' . __LINE__);
    74     }
    74     }
    75     
    75     
    76     $is_member = false;
    76     $is_member = false;
    77     $is_mod = false;
    77     $is_mod = false;
    78     $is_pending = false;
    78     $is_pending = false;
   125         case 'update':
   125         case 'update':
   126           if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
   126           if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
   127           {
   127           {
   128             die_friendly('ERROR', '<p>Hacking attempt</p>');
   128             die_friendly('ERROR', '<p>Hacking attempt</p>');
   129           }
   129           }
   130           $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
   130           $q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
   131           if (!$q)
   131           if ( !$q )
   132             $db->_die();
   132             $db->_die('SpecialGroups.php, line ' . __LINE__);
   133           $row['group_type'] = $_POST['group_state'];
   133           $error = false;
   134           echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>';
   134           if ( $db->numrows() < 1 )
       
   135           {
       
   136             echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
       
   137             $error = true;
       
   138           }
       
   139           $r = $db->fetchrow();
       
   140           if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
       
   141           {
       
   142             echo '<div class="error-box" style="margin-left: 0;">Because this is a system group, you can\'t make it open or allow membership requests.</div>';
       
   143             $error = true;
       
   144           }
       
   145           if ( !$error )
       
   146           {
       
   147             $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
       
   148             if (!$q)
       
   149               $db->_die('SpecialGroups.php, line ' . __LINE__);
       
   150             $row['group_type'] = $_POST['group_state'];
       
   151             echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>';
       
   152           }
   135           break;
   153           break;
   136         case 'adduser':
   154         case 'adduser':
   137           $username = $_POST['add_username'];
   155           $username = $_POST['add_username'];
   138           $mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
   156           $mod = ( isset($_POST['add_mod']) ) ? '1' : '0';
   139           
   157           
   140           $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
   158           $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
   141           if (!$q)
   159           if (!$q)
   142             $db->_die();
   160             $db->_die('SpecialGroups.php, line ' . __LINE__);
   143           if ($db->numrows() < 1)
   161           if ($db->numrows() < 1)
   144           {
   162           {
   145             echo '<div class="error-box">The username you entered could not be found.</div>';
   163             echo '<div class="error-box">The username you entered could not be found.</div>';
   146             break;
   164             break;
   147           }
   165           }
   150           $uid = intval($r['user_id']);
   168           $uid = intval($r['user_id']);
   151 
   169 
   152           // Check if the user is already in the group, and if so, only update modship
   170           // Check if the user is already in the group, and if so, only update modship
   153           $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
   171           $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
   154           if ( !$q )
   172           if ( !$q )
   155             $db->_die();
   173             $db->_die('SpecialGroups.php, line ' . __LINE__);
   156           if ( $db->numrows() > 0 )
   174           if ( $db->numrows() > 0 )
   157           {
   175           {
   158             $r = $db->fetchrow();
   176             $r = $db->fetchrow();
   159             if ( (string) $r['is_mod'] != $mod )
   177             if ( (string) $r['is_mod'] != $mod )
   160             {
   178             {
   161               $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
   179               $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
   162               if ( !$q )
   180               if ( !$q )
   163                 $db->_die();
   181                 $db->_die('SpecialGroups.php, line ' . __LINE__);
   164               foreach ( $members as $i => $member )
   182               foreach ( $members as $i => $member )
   165               {
   183               {
   166                 if ( $member['member_id'] == $r['member_id'] )
   184                 if ( $member['member_id'] == $r['member_id'] )
   167                   $members[$i]['is_mod'] = (int)$mod;
   185                   $members[$i]['is_mod'] = (int)$mod;
   168               }
   186               }
   177           
   195           
   178           $db->free_result();
   196           $db->free_result();
   179           
   197           
   180           $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
   198           $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
   181           if (!$q)
   199           if (!$q)
   182             $db->_die();
   200             $db->_die('SpecialGroups.php, line ' . __LINE__);
   183           echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>';
   201           echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>';
   184           
   202           
   185           $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
   203           $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
   186                                  FROM '.table_prefix.'users AS u
   204                                  FROM '.table_prefix.'users AS u
   187                                  LEFT JOIN '.table_prefix.'group_members AS m
   205                                  LEFT JOIN '.table_prefix.'group_members AS m
   193                                    AND u.user_id=' . $uid . '
   211                                    AND u.user_id=' . $uid . '
   194                                  GROUP BY u.user_id
   212                                  GROUP BY u.user_id
   195                                  ORDER BY m.is_mod DESC,u.username ASC
   213                                  ORDER BY m.is_mod DESC,u.username ASC
   196                                  LIMIT 1;');
   214                                  LIMIT 1;');
   197           if ( !$q )
   215           if ( !$q )
   198             $db->_die();
   216             $db->_die('SpecialGroups.php, line ' . __LINE__);
   199           
   217           
   200           $r = $db->fetchrow();
   218           $r = $db->fetchrow();
   201           $members[] = $r;
   219           $members[] = $r;
   202           $db->free_result();
   220           $db->free_result();
   203           
   221           
   207           {
   225           {
   208             if ( isset($_POST['del_user'][$member['member_id']]) )
   226             if ( isset($_POST['del_user'][$member['member_id']]) )
   209             {
   227             {
   210               $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
   228               $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
   211               if (!$q)
   229               if (!$q)
   212                 $db->_die();
   230                 $db->_die('SpecialGroups.php, line ' . __LINE__);
   213               unset($members[$i]);
   231               unset($members[$i]);
   214             }
   232             }
   215           }
   233           }
   216           break;
   234           break;
   217         case 'pending':
   235         case 'pending':
   221             {
   239             {
   222               if ( isset ( $_POST['do_appr_pending'] ) )
   240               if ( isset ( $_POST['do_appr_pending'] ) )
   223               {
   241               {
   224                 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
   242                 $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
   225                 if (!$q)
   243                 if (!$q)
   226                   $db->_die();
   244                   $db->_die('SpecialGroups.php, line ' . __LINE__);
   227                 $members[] = $member;
   245                 $members[] = $member;
   228                 unset($pending[$i]);
   246                 unset($pending[$i]);
   229                 continue;
   247                 continue;
   230               }
   248               }
   231               elseif ( isset ( $_POST['do_reject_pending'] ) )
   249               elseif ( isset ( $_POST['do_reject_pending'] ) )
   232               {
   250               {
   233                 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
   251                 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
   234                 if (!$q)
   252                 if (!$q)
   235                   $db->_die();
   253                   $db->_die('SpecialGroups.php, line ' . __LINE__);
   236                 unset($pending[$i]);
   254                 unset($pending[$i]);
   237               }
   255               }
   238             }
   256             }
   239           }
   257           }
   240           echo '<div class="info-box">Pending members status updated successfully.</div>';
   258           echo '<div class="info-box">Pending members status updated successfully.</div>';
   244     
   262     
   245     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN )
   263     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN )
   246     {
   264     {
   247       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
   265       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
   248       if (!$q)
   266       if (!$q)
   249         $db->_die();
   267         $db->_die('SpecialGroups.php, line ' . __LINE__);
   250       echo '<div class="info-box">You have been added to this group.</div>';
   268       echo '<div class="info-box">You have been added to this group.</div>';
   251       
   269       
   252       $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
   270       $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
   253                              FROM '.table_prefix.'users AS u
   271                              FROM '.table_prefix.'users AS u
   254                              LEFT JOIN '.table_prefix.'group_members AS m
   272                              LEFT JOIN '.table_prefix.'group_members AS m
   260                                AND u.user_id=' . $session->user_id . '
   278                                AND u.user_id=' . $session->user_id . '
   261                              GROUP BY u.user_id
   279                              GROUP BY u.user_id
   262                              ORDER BY m.is_mod DESC,u.username ASC
   280                              ORDER BY m.is_mod DESC,u.username ASC
   263                              LIMIT 1;');
   281                              LIMIT 1;');
   264       if ( !$q )
   282       if ( !$q )
   265         $db->_die();
   283         $db->_die('SpecialGroups.php, line ' . __LINE__);
   266       
   284       
   267       $r = $db->fetchrow();
   285       $r = $db->fetchrow();
   268       $members[] = $r;
   286       $members[] = $r;
   269       $db->free_result();
   287       $db->free_result();
   270       
   288       
   272     
   290     
   273     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending )
   291     if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending )
   274     {
   292     {
   275       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
   293       $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
   276       if (!$q)
   294       if (!$q)
   277         $db->_die();
   295         $db->_die('SpecialGroups.php, line ' . __LINE__);
   278       echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>';
   296       echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>';
   279     }
   297     }
   280     
   298     
   281     $state_btns = ( $can_do_admin_stuff ) ?
   299     $state_btns = ( $can_do_admin_stuff ) ?
   282                   '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label>
   300                   '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> Hidden group</label>
   303               <tr>
   321               <tr>
   304                 <th colspan="2">Group information</th>
   322                 <th colspan="2">Group information</th>
   305               </tr>
   323               </tr>
   306               <tr>
   324               <tr>
   307                 <td class="row2">Group name:</td>
   325                 <td class="row2">Group name:</td>
   308                 <td class="row1">' . $row['group_name'] . '</td>
   326                 <td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' (system group)' : '' ) . '</td>
   309               </tr>
   327               </tr>
   310               <tr>
   328               <tr>
   311                 <td class="row2">Membership status:</td>
   329                 <td class="row2">Membership status:</td>
   312                 <td class="row1">' . $status . '</td>
   330                 <td class="row1">' . $status . '</td>
   313               </tr>
   331               </tr>