author | Dan Fuhry <dan@enanocms.org> |
Mon, 15 Nov 2010 19:21:40 -0500 | |
changeset 1311 | a228f7e8fb15 |
parent 1270 | bd3ee7f12bc1 |
permissions | -rw-r--r-- |
<?php /**!info** { "Plugin Name" : "plugin_specialgroups_title", "Plugin URI" : "http://enanocms.org/", "Description" : "plugin_specialgroups_desc", "Author" : "Dan Fuhry", "Version" : "1.1.6", "Author URI" : "http://enanocms.org/" } **!*/ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between * Copyright (C) 2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. */ // $plugins->attachHook('session_started', 'SpecialGroups_paths_init();'); function SpecialGroups_paths_init() { register_special_page('Usergroups', 'specialpage_groupcp'); } function page_Special_Usergroups() { global $db, $session, $paths, $template, $plugins; // Common objects global $email; // Import e-mail encryption functions global $lang; if ( !$session->user_logged_in ) { header('Location: ' . makeUrlComplete('Special', 'Login/' . $paths->page)); $db->close(); exit; } $template->header(); userprefs_show_menu(); if ( isset($_POST['do_view']) || isset($_POST['do_view_n']) || ( isset($_GET['act']) && isset($_POST['group_id']) ) ) { $gid = ( isset ( $_POST['do_view_n'] ) ) ? intval($_POST['group_id_n']) : intval($_POST['group_id']); if ( empty($gid) || $gid < 1 ) { die_friendly('Error', '<p>Hacking attempt</p>'); } $q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';'); if ( !$q ) { $db->_die('SpecialGroups.php, line ' . __LINE__); } $row = $db->fetchrow(); $db->free_result(); $members = array(); $pending = array(); $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending,COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u LEFT JOIN '.table_prefix.'group_members AS m ON ( m.user_id = u.user_id ) LEFT JOIN '.table_prefix.'comments AS c ON ( c.name = u.username ) WHERE m.group_id=' . $gid . ' GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,m.pending ORDER BY m.is_mod DESC,u.username ASC;'); if ( !$q ) { $db->_die('SpecialGroups.php, line ' . __LINE__); } $is_member = false; $is_mod = false; $is_pending = false; while ( $mr = $db->fetchrow() ) { if ( $mr['pending'] == 1 ) { $pending[] = $mr; if ( $mr['user_id'] == $session->user_id ) { $is_pending = true; } } else { $members[] = $mr; if ( $mr['user_id'] == $session->user_id ) { $is_member = true; if ( $mr['is_mod'] == 1 ) { $is_mod = true; } } } } $status = ( $is_member && $is_mod ) ? $lang->get('groupcp_status_mod') : ( ( $is_member && !$is_mod ) ? $lang->get('groupcp_status_member') : $lang->get('groupcp_status_not_member') ); $can_do_admin_stuff = ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ); switch ( $row['group_type'] ) { case GROUP_HIDDEN: $g_state = $lang->get('groupcp_type_hidden'); break; case GROUP_CLOSED: $g_state = $lang->get('groupcp_type_closed'); break; case GROUP_REQUEST: $g_state = $lang->get('groupcp_type_request'); break; case GROUP_OPEN: $g_state = $lang->get('groupcp_type_open'); break; } if ( isset($_GET['act']) && $can_do_admin_stuff ) { switch($_GET['act']) { case 'update': if(!in_array(intval($_POST['group_state']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) { die_friendly('ERROR', '<p>Hacking attempt</p>'); } $q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';'); if ( !$q ) $db->_die('SpecialGroups.php, line ' . __LINE__); $error = false; if ( $db->numrows() < 1 ) { echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>'; $error = true; } $r = $db->fetchrow(); if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) ) { echo '<div class="error-box" style="margin-left: 0;">' . $lang->get('groupcp_err_state_system_group') . '</div>'; $error = true; } if ( !$error ) { $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); $row['group_type'] = $_POST['group_state']; echo '<div class="info-box" style="margin-left: 0;">' . $lang->get('groupcp_msg_state_updated') . '</div>'; } break; case 'adduser': $username = $_POST['add_username']; $mod = ( isset($_POST['add_mod']) ) ? '1' : '0'; $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); if ($db->numrows() < 1) { echo '<div class="error-box">' . $lang->get('groupcp_err_user_not_found') . '</div>'; break; } $r = $db->fetchrow(); $db->free_result(); $uid = intval($r['user_id']); // Check if the user is already in the group, and if so, only update modship $q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';'); if ( !$q ) $db->_die('SpecialGroups.php, line ' . __LINE__); if ( $db->numrows() > 0 ) { $r = $db->fetchrow(); if ( (string) $r['is_mod'] != $mod ) { $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';'); if ( !$q ) $db->_die('SpecialGroups.php, line ' . __LINE__); foreach ( $members as $i => $member ) { if ( $member['member_id'] == $r['member_id'] ) $members[$i]['is_mod'] = (int)$mod; } echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in_mod_updated', array('username' => $username)) . '</div>'; } else { echo '<div class="info-box">' . $lang->get('groupcp_msg_user_already_in', array('username' => $username)) . '</div>'; } break; } $db->free_result(); $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); echo '<div class="info-box">' . $lang->get('groupcp_msg_user_added', array('username' => $username)) . '</div>'; $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u LEFT JOIN '.table_prefix.'group_members AS m ON ( m.user_id = u.user_id ) LEFT JOIN '.table_prefix.'comments AS c ON ( c.name = u.username ) WHERE m.group_id=' . $gid . ' AND m.pending!=1 AND u.user_id=' . $uid . ' GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod ORDER BY m.is_mod DESC,u.username ASC LIMIT 1;'); if ( !$q ) $db->_die('SpecialGroups.php, line ' . __LINE__); $r = $db->fetchrow(); $members[] = $r; $db->free_result(); // just added a user to the group, so regenerate the ranks cache generate_cache_userranks(); break; case 'del_users': foreach ( $members as $i => $member ) { if ( isset($_POST['del_user'][$member['member_id']]) ) { $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); unset($members[$i]); } } // regenerate the ranks cache generate_cache_userranks(); break; case 'pending': foreach ( $pending as $i => $member ) { if ( isset( $_POST['with_user'][$member['member_id']]) ) { if ( isset ( $_POST['do_appr_pending'] ) ) { $q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); $members[] = $member; unset($pending[$i]); continue; } elseif ( isset ( $_POST['do_reject_pending'] ) ) { $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); unset($pending[$i]); } } } // memberships updated/changed, regenerate ranks cache generate_cache_userranks(); echo '<div class="info-box">' . $lang->get('groupcp_msg_pending_updated') . '</div>'; break; } } if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_OPEN && !$can_do_admin_stuff ) { $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); echo '<div class="info-box">' . $lang->get('groupcp_msg_self_added') . '</div>'; $q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'users AS u LEFT JOIN '.table_prefix.'group_members AS m ON ( m.user_id = u.user_id ) LEFT JOIN '.table_prefix.'comments AS c ON ( c.name = u.username ) WHERE m.group_id=' . $gid . ' AND m.pending!=1 AND u.user_id=' . $session->user_id . ' GROUP BY u.user_id,u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod ORDER BY m.is_mod DESC,u.username ASC LIMIT 1;'); if ( !$q ) $db->_die('SpecialGroups.php, line ' . __LINE__); $r = $db->fetchrow(); $members[] = $r; $db->free_result(); $is_member = true; } else if ( isset($_GET['act']) && $_GET['act'] == 'update' && $is_member && ($row['group_type'] == GROUP_OPEN || $row['group_type'] == GROUP_REQUEST) && !$can_do_admin_stuff ) { $q = $db->sql_query('DELETE FROM ' . table_prefix . "group_members WHERE group_id = $gid AND user_id = $session->user_id;"); if ( !$q ) $db->_die(); foreach ( $members as $i => $m ) { if ( $m['user_id'] == $session->user_id ) { unset($members[$i]); break; } } echo '<div class="info-box">' . $lang->get('groupcp_msg_self_removed') . '</div>'; $is_member = false; } else if ( isset($_GET['act']) && $_GET['act'] == 'update' && !$is_member && $row['group_type'] == GROUP_REQUEST && !$is_pending && !$can_do_admin_stuff ) { $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);'); if (!$q) $db->_die('SpecialGroups.php, line ' . __LINE__); echo '<div class="info-box">' . $lang->get('groupcp_msg_membership_requested') . '</div>'; $is_pending = true; } $state_btns = ( $can_do_admin_stuff ) ? '<label><input type="radio" name="group_state" value="' . GROUP_HIDDEN . '" ' . (( $row['group_type'] == GROUP_HIDDEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_hidden') . '</label> <label><input type="radio" name="group_state" value="' . GROUP_CLOSED . '" ' . (( $row['group_type'] == GROUP_CLOSED ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_closed') . '</label> <label><input type="radio" name="group_state" value="' . GROUP_REQUEST. '" ' . (( $row['group_type'] == GROUP_REQUEST) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_request') . '</label> <label><input type="radio" name="group_state" value="' . GROUP_OPEN . '" ' . (( $row['group_type'] == GROUP_OPEN ) ? 'checked="checked"' : '' ) . ' /> ' . $lang->get('groupcp_type_open') . '</label>' : $g_state; if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_REQUEST && !$is_member ) { if ( $is_pending ) $state_btns .= ' ' . $lang->get('groupcp_msg_status_pending'); else $state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_request_join') . '" />'; } if ( !$can_do_admin_stuff && $row['group_type'] == GROUP_OPEN && !$is_member ) { $state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_join') . '" />'; } else if ( !$can_do_admin_stuff && ($row['group_type'] == GROUP_OPEN || $row['group_type'] == GROUP_REQUEST) && $is_member ) { $state_btns .= ' <input type="submit" value="' . $lang->get('groupcp_btn_leave') . '" />'; } $g_name_local = 'groupcp_grp_' . strtolower($row['group_name']); $str = $lang->get($g_name_local); if ( $str != $g_name_local ) $row['group_name'] = $str; echo '<form action="' . makeUrl($paths->page, 'act=update') . '" method="post" enctype="multipart/form-data"> <div class="tblholder"> <table border="0" cellspacing="1" cellpadding="4"> <tr> <th colspan="2">' . $lang->get('groupcp_th_group_info') . '</th> </tr> <tr> <td class="row2">' . $lang->get('groupcp_lbl_group_name') . '</td> <td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' ' . $lang->get('groupcp_msg_system_group') : '' ) . '</td> </tr> <tr> <td class="row2">' . $lang->get('groupcp_lbl_status') . '</td> <td class="row1">' . $status . '</td> </tr> <tr> <td class="row2">' . $lang->get('groupcp_lbl_state') . '</td> <td class="row1">' . $state_btns . '</td> </tr> ' . ( ( $is_mod || $session->user_level >= USER_LEVEL_ADMIN ) ? ' <tr> <th class="subhead" colspan="2"> <input type="submit" value="' . $lang->get('etc_save_changes') . '" /> </th> </tr> ' : '' ) . ' </table> </div> <input name="group_id" value="' . $gid . '" type="hidden" /> </form>'; if ( sizeof ( $pending ) > 0 && $can_do_admin_stuff ) { echo '<form action="' . makeUrl($paths->page, 'act=pending') . '" method="post" enctype="multipart/form-data"> <input name="group_id" value="' . $gid . '" type="hidden" /> <h2>' . $lang->get('groupcp_th_pending_memberships') . '</h2> <div class="tblholder"> <table border="0" cellspacing="1" cellpadding="4"> <tr> <th>' . $lang->get('groupcp_th_username') . '</th> <th>' . $lang->get('groupcp_th_email') . '</th> <th>' . $lang->get('groupcp_th_reg_time') . '</th> <th>' . $lang->get('groupcp_th_comments') . '</th> <th>' . $lang->get('groupcp_th_select') . '</th> </tr>'; $cls = 'row2'; foreach ( $pending as $member ) { $date = enano_date(ED_DATE, $member['reg_time']); $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; $addy = $email->encryptEmail($member['email']); echo "<tr> <td class='{$cls}'>{$member['username']}</td> <td class='{$cls}'>{$addy}</td> <td class='{$cls}'>{$date}</td> <td class='{$cls}'>{$member['num_comments']}</td> <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='with_user[{$member['member_id']}]' /></td> </tr>"; } echo '</table> </div> <div style="margin: 10px 0 0 auto;"> With selected: <input type="submit" name="do_appr_pending" value="' . $lang->get('groupcp_btn_approve_pending') . '" /> <input type="submit" name="do_reject_pending" value="' . $lang->get('groupcp_btn_reject_pending') . '" /> </div> </form>'; } echo '<form action="' . makeUrl($paths->page, 'act=del_users') . '" method="post" enctype="multipart/form-data"> <h2>' . $lang->get('groupcp_th_group_members') . '</h2> <div class="tblholder"> <table border="0" cellspacing="1" cellpadding="4"> <tr> <th>' . $lang->get('groupcp_th_username') . '</th> <th>' . $lang->get('groupcp_th_email') . '</th> <th>' . $lang->get('groupcp_th_reg_time') . '</th> <th>' . $lang->get('groupcp_th_comments') . '</th> ' . ( ( $can_do_admin_stuff ) ? ' <th>' . $lang->get('groupcp_th_remove') . '</th> ' : '' ) . ' </tr> <tr> <th colspan="5" class="subhead">' . $lang->get('groupcp_th_group_mods') . '</th> </tr>'; $mod_printed = false; $mem_printed = false; $cls = 'row2'; foreach ( $members as $member ) { if ( $member['is_mod'] != 1 ) break; $date = enano_date(ED_DATE, $member['reg_time']); $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; $addy = $email->encryptEmail($member['email']); $mod_printed = true; echo "<tr> <td class='{$cls}'>{$member['username']}</td> <td class='{$cls}'>{$addy}</td> <td class='{$cls}'>{$date}</td> <td class='{$cls}'>{$member['num_comments']}</td> " . ( ( $can_do_admin_stuff ) ? " <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> " : '' ) . " </tr>"; } if (!$mod_printed) echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_mods') . '</td></th>'; echo '<tr><th class="subhead" colspan="5">' . $lang->get('groupcp_th_group_members') . '</th></tr>'; foreach ( $members as $member ) { if ( $member['is_mod'] == 1 ) continue; $date = enano_date(ED_DATE, $member['reg_time']); $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; $addy = $email->encryptEmail($member['email']); $mem_printed = true; echo "<tr> <td class='{$cls}'>{$member['username']}</td> <td class='{$cls}'>{$addy}</td> <td class='{$cls}'>{$date}</td> <td class='{$cls}'>{$member['num_comments']}</td> " . ( ( $can_do_admin_stuff ) ? " <td class='{$cls}' style='text-align: center;'><input type='checkbox' name='del_user[{$member['member_id']}]' /></td> " : '' ) . " </tr>"; } if (!$mem_printed) echo '<tr><td class="' . $cls . '" colspan="5">' . $lang->get('groupcp_msg_no_members') . '</td></th>'; echo ' </table> </div>'; if ( $can_do_admin_stuff ) { echo "<div style='margin: 10px 0 0 auto;'><input type='submit' name='do_del_user' value=\"" . $lang->get('groupcp_btn_remove_selected') . "\" /></div>"; } echo '<input name="group_id" value="' . $gid . '" type="hidden" /> </form>'; if ( $can_do_admin_stuff ) { echo '<form action="' . makeUrl($paths->page, 'act=adduser') . '" method="post" enctype="multipart/form-data" onsubmit="if(!submitAuthorized) return false;"> <div class="tblholder"> <table border="0" cellspacing="1" cellpadding="4"> <tr> <th colspan="2">' . $lang->get('groupcp_th_add_member') . '</th> </tr> <tr> <td class="row2">' . $lang->get('groupcp_lbl_username') . '</td><td class="row1">' . $template->username_field('add_username') . '</td> </tr> <tr> <td class="row2">' . $lang->get('groupcp_lbl_moderator') . '</td><td class="row1"><label><input type="checkbox" name="add_mod" /> ' . $lang->get('groupcp_lbl_make_mod') . '</label></td> </tr> <tr> <th class="subhead" colspan="2"> <input type="submit" value="' . $lang->get('groupcp_btn_add_member') . '" /> </th> </tr> </table> </div> <input name="group_id" value="' . $gid . '" type="hidden" /> </form>'; } } else { echo '<form action="'.makeUrlNS('Special', 'Usergroups').'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; echo '<div class="tblholder"> <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4"> <tr> <th colspan="2">' . $lang->get('groupcp_th_select_group') . '</th> </tr> <tr> <td class="row2" style="text-align: right; width: 50%;"> ' . $lang->get('groupcp_lbl_current_memberships') . ' </td> <td class="row1" style="width: 50%;">'; $taboo = Array('Everyone'); if ( sizeof ( $session->groups ) > count($taboo) ) { echo '<select name="group_id">'; foreach ( $session->groups as $id => $group ) { $taboo[] = $db->escape($group); $group = htmlspecialchars($group); if ( $group != 'Everyone' ) { $g_name_local = 'groupcp_grp_' . strtolower($group); $str = $lang->get($g_name_local); if ( $str != $g_name_local ) $group = $str; echo '<option value="' . $id . '">' . $group . '</option>'; } } echo '</select> <input type="submit" name="do_view" value="' . $lang->get('groupcp_btn_view') . '" />'; } else { echo 'None'; } echo '</td> </tr>'; $taboo = 'WHERE group_name != \'' . implode('\' AND group_name != \'', $taboo) . '\''; $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups '.$taboo.' AND group_type != ' . GROUP_HIDDEN . ' ORDER BY group_name ASC;'); if(!$q) { echo $db->get_error(); $template->footer(); return; } if($db->numrows() > 0) { echo '<tr> <td class="row2" style="text-align: right;"> ' . $lang->get('groupcp_lbl_non_memberships') . ' </td> <td class="row1"> <select name="group_id_n">'; while ( $row = $db->fetchrow() ) { if ( $row['group_name'] != 'Everyone' ) { echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars($row['group_name']) . '</option>'; } } echo '</select> <input type="submit" name="do_view_n" value="' . $lang->get('groupcp_btn_view') . '" /> </td> </tr> '; } $db->free_result(); echo '</table> </div> </form>'; } $template->footer(); } ?>