mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-10 17:45:18 +02:00
422 lines
13 KiB
PHP
422 lines
13 KiB
PHP
<?php
|
|
/***************************************************************************
|
|
* admin_groups.php
|
|
* -------------------
|
|
* begin : Saturday, Feb 13, 2001
|
|
* copyright : (C) 2001 The phpBB Group
|
|
* email : support@phpbb.com
|
|
*
|
|
* $Id$
|
|
*
|
|
***************************************************************************/
|
|
|
|
/***************************************************************************
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
***************************************************************************/
|
|
|
|
if( !empty($setmodules) )
|
|
{
|
|
if ( !$auth->acl_get('a_group') )
|
|
{
|
|
return;
|
|
}
|
|
|
|
$filename = basename(__FILE__);
|
|
$module['Groups']['Create'] = $filename . "$SID&mode=create";
|
|
$module['Groups']['Delete'] = $filename . "$SID&mode=delete";
|
|
$module['Groups']['Manage'] = $filename . "$SID&mode=manage";
|
|
|
|
return;
|
|
}
|
|
|
|
define('IN_PHPBB', 1);
|
|
//
|
|
// Include files
|
|
//
|
|
$phpbb_root_path = '../';
|
|
require($phpbb_root_path . 'extension.inc');
|
|
require('pagestart.' . $phpEx);
|
|
|
|
//
|
|
// Do we have general permissions?
|
|
//
|
|
if ( !$auth->acl_get('a_group') )
|
|
{
|
|
message_die(MESSAGE, $user->lang['No_admin']);
|
|
}
|
|
|
|
if( isset($_POST[POST_GROUPS_URL]) || isset($_GET[POST_GROUPS_URL]) )
|
|
{
|
|
$group_id = ( isset($_POST[POST_GROUPS_URL]) ) ? intval($_POST[POST_GROUPS_URL]) : intval($_GET[POST_GROUPS_URL]);
|
|
}
|
|
else
|
|
{
|
|
$group_id = '';
|
|
}
|
|
|
|
//
|
|
// Mode setting
|
|
//
|
|
if( isset($_POST['mode']) || isset($_GET['mode']) )
|
|
{
|
|
$mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
|
|
}
|
|
else
|
|
{
|
|
$mode = "";
|
|
}
|
|
|
|
if( isset($_POST['edit']) || isset($_POST['new']) )
|
|
{
|
|
//
|
|
// Ok they are editing a group or creating a new group
|
|
//
|
|
$template->set_filenames(array(
|
|
"body" => "admin/group_edit_body.tpl")
|
|
);
|
|
|
|
if ( isset($_POST['edit']) )
|
|
{
|
|
//
|
|
// They're editing. Grab the vars.
|
|
//
|
|
$sql = "SELECT *
|
|
FROM " . GROUPS_TABLE . "
|
|
WHERE group_single_user <> " . TRUE . "
|
|
AND group_id = $group_id";
|
|
if(!$result = $db->sql_query($sql))
|
|
{
|
|
message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
if( !$db->sql_numrows($result) )
|
|
{
|
|
message_die(GENERAL_MESSAGE, $user->lang['Group_not_exist']);
|
|
}
|
|
|
|
$group_info = $db->sql_fetchrow($result);
|
|
|
|
$mode = "editgroup";
|
|
$template->assign_block_vars("group_edit", array());
|
|
|
|
}
|
|
else if( isset($_POST['new']) )
|
|
{
|
|
$group_info = array (
|
|
"group_name" => "",
|
|
"group_description" => "",
|
|
"group_moderator" => "",
|
|
"group_type" => GROUP_OPEN);
|
|
$group_open = "checked=\"checked\"";
|
|
|
|
$mode = "newgroup";
|
|
|
|
}
|
|
//
|
|
// Ok, now we know everything about them, let's show the page.
|
|
//
|
|
$sql = "SELECT user_id, username
|
|
FROM " . USERS_TABLE . "
|
|
WHERE user_id <> " . ANONYMOUS . "
|
|
ORDER BY username";
|
|
$u_result = $db->sql_query($sql);
|
|
if( !$u_result )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't obtain user info for moderator list", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$user_list = $db->sql_fetchrowset($u_result);
|
|
|
|
for($i = 0; $i < count($user_list); $i++)
|
|
{
|
|
if( $user_list[$i]['user_id'] == $group_info['group_moderator'] )
|
|
{
|
|
$group_moderator = $user_list[$i]['username'];
|
|
}
|
|
}
|
|
|
|
$group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? "checked=\"checked\"" : "";
|
|
$group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? "checked=\"checked\"" : "";
|
|
$group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? "checked=\"checked\"" : "";
|
|
|
|
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
|
|
|
|
$template->assign_vars(array(
|
|
"GROUP_NAME" => $group_info['group_name'],
|
|
"GROUP_DESCRIPTION" => $group_info['group_description'],
|
|
"GROUP_MODERATOR" => $group_moderator,
|
|
|
|
"L_GROUP_TITLE" => $user->lang['Group_administration'],
|
|
"L_GROUP_EDIT_DELETE" => ( isset($_POST['new']) ) ? $user->lang['New_group'] : $user->lang['Edit_group'],
|
|
"L_GROUP_NAME" => $user->lang['group_name'],
|
|
"L_GROUP_DESCRIPTION" => $user->lang['group_description'],
|
|
"L_GROUP_MODERATOR" => $user->lang['group_moderator'],
|
|
"L_FIND_USERNAME" => $user->lang['Find_username'],
|
|
"L_GROUP_STATUS" => $user->lang['group_status'],
|
|
"L_GROUP_OPEN" => $user->lang['group_open'],
|
|
"L_GROUP_CLOSED" => $user->lang['group_closed'],
|
|
"L_GROUP_HIDDEN" => $user->lang['group_hidden'],
|
|
"L_GROUP_DELETE" => $user->lang['group_delete'],
|
|
"L_GROUP_DELETE_CHECK" => $user->lang['group_delete_check'],
|
|
"L_SUBMIT" => $user->lang['Submit'],
|
|
"L_RESET" => $user->lang['Reset'],
|
|
"L_DELETE_MODERATOR" => $user->lang['delete_group_moderator'],
|
|
"L_DELETE_MODERATOR_EXPLAIN" => $user->lang['delete_moderator_explain'],
|
|
"L_YES" => $user->lang['Yes'],
|
|
|
|
"U_SEARCH_USER" => append_sid("../search.$phpEx?mode=searchuser"),
|
|
|
|
"S_GROUP_OPEN_TYPE" => GROUP_OPEN,
|
|
"S_GROUP_CLOSED_TYPE" => GROUP_CLOSED,
|
|
"S_GROUP_HIDDEN_TYPE" => GROUP_HIDDEN,
|
|
"S_GROUP_OPEN_CHECKED" => $group_open,
|
|
"S_GROUP_CLOSED_CHECKED" => $group_closed,
|
|
"S_GROUP_HIDDEN_CHECKED" => $group_hidden,
|
|
"S_GROUP_ACTION" => append_sid("admin_groups.$phpEx"),
|
|
"S_HIDDEN_FIELDS" => $s_hidden_fields)
|
|
);
|
|
|
|
$template->pparse('body');
|
|
|
|
}
|
|
else if( isset($_POST['group_update']) )
|
|
{
|
|
//
|
|
// Ok, they are submitting a group, let's save the data based on if it's new or editing
|
|
//
|
|
if( isset($_POST['group_delete']) )
|
|
{
|
|
$sql = "DELETE FROM " . GROUPS_TABLE . "
|
|
WHERE group_id = " . $group_id;
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
|
|
WHERE group_id = " . $group_id;
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't update user_group", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
|
|
WHERE group_id = " . $group_id;
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't update auth_access", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$message = $user->lang['Deleted_group'] . "<br /><br />" . sprintf($user->lang['Click_return_groupsadmin'], "<a href=\"" . append_sid("admin_groups.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($user->lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");;
|
|
|
|
message_die(GENERAL_MESSAGE, $message);
|
|
}
|
|
else
|
|
{
|
|
$group_type = isset($_POST['group_type']) ? intval($_POST['group_type']) : GROUP_OPEN;
|
|
$group_name = isset($_POST['group_name']) ? trim($_POST['group_name']) : "";
|
|
$group_description = isset($_POST['group_description']) ? trim($_POST['group_description']) : "";
|
|
$group_moderator = isset($_POST['username']) ? $_POST['username'] : "";
|
|
$delete_old_moderator = isset($_POST['delete_old_moderator']) ? intval($_POST['delete_old_moderator']) : "";
|
|
|
|
if( $group_name == "" )
|
|
{
|
|
message_die(GENERAL_MESSAGE, $user->lang['No_group_name']);
|
|
}
|
|
else if( $group_moderator == "" )
|
|
{
|
|
message_die(GENERAL_MESSAGE, $user->lang['No_group_moderator']);
|
|
}
|
|
|
|
$this_userdata = get_userdata($group_moderator);
|
|
$group_moderator = $this_userdata['user_id'];
|
|
|
|
if( !$group_moderator )
|
|
{
|
|
message_die(GENERAL_MESSAGE, $user->lang['No_group_moderator']);
|
|
}
|
|
|
|
if( $mode == "editgroup" )
|
|
{
|
|
$sql = "SELECT *
|
|
FROM " . GROUPS_TABLE . "
|
|
WHERE group_single_user <> " . TRUE . "
|
|
AND group_id = " . $group_id;
|
|
if(!$result = $db->sql_query($sql))
|
|
{
|
|
message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
if( !$db->sql_numrows($result) )
|
|
{
|
|
message_die(GENERAL_MESSAGE, $user->lang['Group_not_exist']);
|
|
}
|
|
$group_info = $db->sql_fetchrow($result);
|
|
|
|
if ( $group_info['group_moderator'] != $group_moderator )
|
|
{
|
|
if ( $delete_old_moderator != "" )
|
|
{
|
|
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
|
|
WHERE user_id = " . $group_info['group_moderator'] . "
|
|
AND group_id = " . $group_id;
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
}
|
|
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
|
|
VALUES (" . $group_id . ", " . $group_moderator . ", 0)";
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
}
|
|
$sql = "UPDATE " . GROUPS_TABLE . "
|
|
SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator
|
|
WHERE group_id = $group_id";
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$message = $user->lang['Updated_group'] . "<br /><br />" . sprintf($user->lang['Click_return_groupsadmin'], "<a href=\"" . append_sid("admin_groups.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($user->lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");;
|
|
|
|
message_die(GENERAL_MESSAGE, $message);
|
|
}
|
|
else if( $mode == "newgroup" )
|
|
{
|
|
$sql = "SELECT MAX(group_id) AS new_group_id
|
|
FROM " . GROUPS_TABLE;
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
$row = $db->sql_fetchrow($result);
|
|
|
|
$new_group_id = $row['new_group_id'] + 1;
|
|
|
|
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_type, group_name, group_description, group_moderator, group_single_user)
|
|
VALUES ($new_group_id, $group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
|
|
VALUES ($new_group_id, $group_moderator, 0)";
|
|
if ( !$result = $db->sql_query($sql) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't insert new user-group info", "", __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$message = $user->lang['Added_new_group'] . "<br /><br />" . sprintf($user->lang['Click_return_groupsadmin'], "<a href=\"" . append_sid("admin_groups.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($user->lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");;
|
|
|
|
message_die(GENERAL_MESSAGE, $message);
|
|
|
|
}
|
|
else
|
|
{
|
|
message_die(GENERAL_MESSAGE, $user->lang['Group_mode_not_selected']);
|
|
}
|
|
}
|
|
}
|
|
|
|
page_header($user->lang['Manage']);
|
|
|
|
?>
|
|
|
|
<h1><?php echo $user->lang['Manage']; ?></h1>
|
|
|
|
<p><?php echo $user->lang['Group_manage_explain']; ?></p>
|
|
|
|
<form method="post" action="<?php echo "admin_groups.$phpEx$SID&mode=$mode"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
|
|
<tr>
|
|
<th colspan="3"><?php echo $user->lang['Manage']; ?></th>
|
|
</tr>
|
|
<?php
|
|
|
|
$sql = "SELECT group_id, group_name
|
|
FROM " . GROUPS_TABLE . "
|
|
ORDER BY group_name";
|
|
$result = $db->sql_query($sql);
|
|
|
|
$groups = array();
|
|
if ( $row = $db->sql_fetchrow($result) )
|
|
{
|
|
do
|
|
{
|
|
$groups[] = $row;
|
|
}
|
|
while ( $row = $db->sql_fetchrow($result) );
|
|
}
|
|
|
|
$sql = "SELECT ug.group_id, u.user_id, u.username
|
|
FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug
|
|
WHERE ug.user_pending = 1
|
|
AND u.user_id = ug.user_id
|
|
ORDER BY ug.group_id";
|
|
$result = $db->sql_query($sql);
|
|
|
|
$pending = array();
|
|
if ( $row = $db->sql_fetchrow($result) )
|
|
{
|
|
do
|
|
{
|
|
$pending[$row['group_id']][] = $row;
|
|
}
|
|
while ( $row = $db->sql_fetchrow($result) );
|
|
}
|
|
|
|
foreach ( $groups as $group_ary )
|
|
{
|
|
$group_id = $group_ary['group_id'];
|
|
$group_name = ( !empty($user->lang[$group_ary['group_name']]) ) ? $user->lang[$group_ary['group_name']] : $group_ary['group_name'];
|
|
|
|
?>
|
|
<tr>
|
|
<td class="cat"><span class="cattitle"><?php echo $group_name;?></span></td>
|
|
<td class="cat" align="center"> <input class="liteoption" type="submit" name="edit[<?php echo $group_id; ?>]" value="<?php echo $user->lang['Edit'];?>" /> </td>
|
|
<td class="cat" align="center"> <input class="liteoption" type="submit" name="delete[<?php echo $group_id; ?>]" value="<?php echo $user->lang['Delete'];?>" /> </td>
|
|
</tr>
|
|
<?php
|
|
|
|
if ( is_array($pending[$group_id]) )
|
|
{
|
|
$row_class = '';
|
|
foreach( $pending[$group_id] as $pending_ary )
|
|
{
|
|
$row_class = ( $row_class != 'row1' ) ? 'row1' : 'row2';
|
|
?>
|
|
<tr>
|
|
<td class="<?php echo $row_class; ?>"><?php echo $pending_ary['username'];?></td>
|
|
<td class="<?php echo $row_class; ?>" align="center"><input class="liteoption" type="submit" name="approve[<?php echo $pending_ary['user_id']; ?>]" value="<?php echo $user->lang['Approve_selected'];?>" /></td>
|
|
<td class="<?php echo $row_class; ?>" align="center"><input class="liteoption" type="submit" name="decline[<?php echo $pending_ary['user_id']; ?>]" value="<?php echo $user->lang['Deny_selected'];?>" /></td>
|
|
</tr>
|
|
<?php
|
|
}
|
|
}
|
|
else
|
|
{
|
|
?>
|
|
<tr>
|
|
<td class="row1" colspan="4" align="center">No pending users</td>
|
|
</tr>
|
|
<?php
|
|
|
|
}
|
|
}
|
|
|
|
?>
|
|
</table></form>
|
|
|
|
<?php
|
|
|
|
page_footer();
|
|
|
|
?>
|