diff -r 68469a95658d -r 1f85c1c609fd plugins/admin/PageGroups.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/admin/PageGroups.php Wed Jul 25 18:09:21 2007 -0400 @@ -0,0 +1,805 @@ +auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + return; + } + + if ( isset($_POST['action']) ) + { + if ( isset($_POST['action']['create']) || isset($_POST['action']['create_stage2']) ) + { + switch ( isset($_POST['action']['create_stage2']) ) + { + case true: + if ( empty($_POST['pg_name']) || empty($_POST['group_type']) ) + { + echo '
Please enter a name for the page group.
'; + return; + } + if ( $_POST['group_type'] == PAGE_GRP_TAGGED && empty($_POST['member_tag']) ) + { + echo '
Please enter a page tag.
'; + return; + } + if ( $_POST['group_type'] == PAGE_GRP_CATLINK && empty($_POST['member_cat']) ) + { + echo '
Please create a category page before linking a page group to a category.
'; + return; + } + if ( $_POST['group_type'] == PAGE_GRP_NORMAL && empty($_POST['member_page_0']) ) + { + echo '
Please specify at least one page to place in this group.
'; + return; + } + if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL ) + { + echo '
Umm, you sent an invalid group type. I\'d put a real error message here but this will only be shown if you try to hack the system.
'; + return; + } + // All checks passed, create the group + switch($_POST['group_type']) + { + case PAGE_GRP_TAGGED: + $name = $db->escape($_POST['pg_name']); + $tag = $db->escape($_POST['member_tag']); + $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_TAGGED . ', \'' . $name . '\', \'' . $tag . '\');'; + $q = $db->sql_query($sql); + if ( !$q ) + $db->_die(); + break; + case PAGE_GRP_CATLINK: + $name = $db->escape($_POST['pg_name']); + $cat = $db->escape($_POST['member_cat']); + $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_CATLINK . ', \'' . $name . '\', \'' . $cat . '\');'; + $q = $db->sql_query($sql); + if ( !$q ) + $db->_die(); + break; + case PAGE_GRP_NORMAL: + $name = $db->escape($_POST['pg_name']); + $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name) VALUES(' . PAGE_GRP_NORMAL . ', \'' . $name . '\');'; + $q = $db->sql_query($sql); + if ( !$q ) + $db->_die(); + + $ins_id = $db->insert_id(); + + // Page list + $keys = array_keys($_POST); + $arr_pages = array(); + foreach ( $keys as $val ) + { + if ( preg_match('/^member_page_([0-9]+?)$/', $val) && !empty($_POST[$val]) && isPage($_POST[$val]) ) + { + $arr_pages[] = $_POST[$val]; + } + } + $arr_sql = array(); + foreach ( $arr_pages as $page ) + { + list($id, $ns) = RenderMan::strToPageID($page); + $id = sanitize_page_id($id); + $arr_sql[] = '(' . $ins_id . ',\'' . $db->escape($id) . '\', \'' . $ns . '\')'; + } + $sql = 'INSERT INTO '.table_prefix.'page_group_members(pg_id,page_id,namespace) VALUES' . implode(',', $arr_sql) . ';'; + $q = $db->sql_query($sql); + if ( !$q ) + $db->_die(); + break; + } + echo '
The page group "' . htmlspecialchars($_POST['pg_name']) . '" has been created.
'; + break; + } + // A little Javascript magic + ?> + + sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';'); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() < 1 ) + { + $catlist = 'There aren\'t any categories on this site.'; + } + else + { + $catlist = ''; + } + + echo '
'; + + echo '
+ + + + '; + + // Name + echo ' + + + '; + + // Group type + echo ' + + + '; + + // Titles + echo ' + + '; + + echo ' + '; + + echo ' + '; + + // Submit button + echo ' + + '; + + echo '
Create page group
+ Group name:
+ This should be short, descriptive, and human-readable. +
+ +
+ Group type: + + +
+ + Static group of pages + + + Group of commonly tagged pages + + + Mirror a category + +
+
+ Member pages:
+ Click the "plus" button to add more fields. +
+ +
+ Include pages with this tag: +
+
+
+
+
+
+
+
+ +
+
+ +
+ +
+
'; + + echo '
'; + return; + } + else if ( isset($_POST['action']['del']) ) + { + // Confirmation to delete a group (this is really only a stub) + + $delete_id = array_keys($_POST['action']['del']); + $delete_id = intval($delete_id[0]); + + if ( !empty($delete_id) ) + { + echo '
'; + echo ''; + echo '
'; + echo ' '; + echo ' '; + echo ' '; + echo ' '; + echo '
Confirm deletion
Are you sure you want to delete this page group?
'; + echo ' '; + echo ' '; + echo '
'; + echo ''; + + return; + } + } + else if ( isset($_POST['action']['del_confirm']) ) + { + $delete_id = intval($_POST['delete_id']); + if ( empty($delete_id) ) + { + echo 'Hack attempt'; + return; + } + // Obtain group name + $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';'); + if ( !$q ) + $db->_die(); + if ( $db->numrows() < 1 ) + { + echo 'Page group dun exist.'; + return; + } + $row = $db->fetchrow(); + $db->free_result(); + $pg_name = $row['pg_name']; + unset($row); + // Delete the group + $q = $db->sql_query('DELETE FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';'); + if ( !$q ) + $db->_die(); + $q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';'); + if ( !$q ) + $db->_die(); + echo "
The group ".'"'."$pg_name".'"'." has been deleted.
"; + } + else if ( isset($_POST['action']['edit']) && !isset($_POST['action']['noop']) ) + { + if ( isset($_POST['action']['edit_save']) ) + { + } + + if ( isset($_POST['action']['edit']['add_page']) && isset($_GET['src']) && $_GET['src'] == 'ajax' ) + { + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + $return = array('successful' => false); + + // + // Add the specified page to the group + // + + // Get ID of the group + $edit_id = intval($_POST['pg_id']); + if ( !$edit_id ) + { + $return = array('mode' => 'error', 'text' => 'Hack attempt'); + echo $json->encode($return); + return; + } + + // Run some validation - check that page exists and that it's not already in the group + $page = $_POST['new_page']; + if ( empty($page) ) + { + $return = array('mode' => 'error', 'text' => 'Please enter a page title.'); + echo $json->encode($return); + return; + } + + if ( !isPage($page) ) + { + $return = array('mode' => 'error', 'text' => 'The page you are trying to add (' . htmlspecialchars($page) . ') does not exist.'); + echo $json->encode($return); + return; + } + + list($page_id, $namespace) = RenderMan::strToPageID($page); + $page_id = sanitize_page_id($page_id); + + $q = $db->sql_query('SELECT "x" FROM '.table_prefix.'page_group_members WHERE pg_id=' . $edit_id . ' AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $namespace . '\';'); + if ( !$q ) + { + $return = array('mode' => 'error', 'text' => $db->get_error()); + echo $json->encode($return); + return; + } + if ( $db->numrows() > 0 ) + { + $return = array('mode' => 'error', 'text' => 'The page you are trying to add is already in this group.'); + echo $json->encode($return); + return; + } + + $q = $db->sql_query('INSERT INTO '.table_prefix.'page_group_members(pg_id, page_id, namespace) VALUES(' . $edit_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); + if ( !$q ) + { + $return = array('mode' => 'error', 'text' => $db->get_error()); + echo $json->encode($return); + return; + } + + $title = "($namespace) " . get_page_title($paths->nslist[$namespace] . $page_id); + + $return = array('mode' => 'info', 'text' => 'The page has been added to the specified group.', 'successful' => true, 'title' => $title, 'member_id' => $db->insert_id()); + + echo $json->encode($return); + return; + } + + if ( isset($_POST['action']['edit_save']) ) + { + $edit_id = $_POST['action']['edit']; + } + else + { + $edit_id = array_keys($_POST['action']['edit']); + $edit_id = intval($edit_id[0]); + } + + if ( empty($edit_id) ) + { + echo 'Hack attempt'; + return; + } + + if ( isset($_POST['action']['edit_save']['do_rm']) ) + { + $vals = array_keys($_POST['action']['edit_save']['rm']); + $good = array(); + foreach ( $vals as $id ) + { + if ( strval(intval($id)) == $id ) + $good[] = $id; + } + $subquery = 'pg_member_id=' . implode(' OR pg_member_id=', $good); + $sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;"; + if ( !$db->sql_query($sql) ) + { + $db->_die(); + } + echo '
The requested page group members have been deleted.
'; + } + + // Fetch information about page group + $q = $db->sql_query('SELECT pg_name, pg_type, pg_target FROM '.table_prefix.'page_groups WHERE pg_id=' . $edit_id . ';'); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() < 1 ) + { + echo 'Bad request - can\'t load page group from database.'; + return; + } + + $row = $db->fetchrow(); + $db->free_result(); + + echo '
'; + echo ''; + echo '
+ + + + '; + // Group name + + echo ' + + + '; + + $ajax_page_add = false; + + // This is where the going gets tricky. + // For static groups, we need to have each page listed out with a removal button, and a form to add new pages. + // For category links, we need a select box with each category in it, and + // For tag sets, just a text box to enter a new tag. + + // You can guess which one I dreaded. + + switch ( $row['pg_type'] ) + { + case PAGE_GRP_NORMAL: + // You have guessed correct. + // *Sits in chair for 10 minutes listening to the radio in an effort to put off writing the code you see below* + + echo ''; + + $q = $db->sql_query('SELECT m.pg_member_id,m.page_id,m.namespace FROM '.table_prefix.'page_group_members AS m + LEFT JOIN '.table_prefix.'pages AS p + ON ( p.urlname = m.page_id AND p.namespace = m.namespace ) + WHERE m.pg_id=' . $edit_id . ';'); + + if ( !$q ) + $db->_die(); + + $delim = ceil( $db->numrows() / 2 ); + if ( $delim < 5 ) + { + $delim = 0xFFFFFFFE; + // stupid hack + $colspan = '2" id="pg_edit_tackon2me'; + } + else + { + $colspan = "1"; + } + + echo ''; + echo ''; + + // More javascript magic! + ?> + + '; + } + else + { + + } + + echo '
Editing page group: ' . htmlspecialchars($row['pg_name']) . '
Group name:
Remove pages:'; + $i = 0; + + while ( $row = $db->fetchrow() ) + { + $i++; + if ( $i == $delim ) + { + echo ''; + } + $page_name = '(' . $row['namespace'] . ') ' . get_page_title($paths->nslist[$row['namespace']] . $row['page_id']); + echo '
'; + } + + echo '
+
'; + echo '
'; + + // This needs to be outside of the form. + echo '
'; + echo ''; + echo ''; + // Add pages AJAX form + echo ''; + echo ''; + echo '
On-the-fly tools
Add page:
You can add multiple pages by entering part of a page title, and it will be auto-completed. Press Enter to quickly add the page. This only works if you a really up-to-date browser.
'; + + return; + } + else if ( isset($_POST['action']['noop']) ) + { + // Do nothing - skip to main form (noop is usually invoked by a cancel button in a form above) + } + else + { + echo '
Invalid format of $_POST[action].
'; + } + } + // No action defined - show default menu + + echo '

Manage page groups

'; + echo '

Enano\'s page grouping system allows you to build sets of pages that can be controlled by a single ACL rule. This makes managing features such as a members-only section of your site a lot easier. If you don\'t use the ACL system, you probably don\'t need to use page groups.

'; + + $q = $db->sql_query('SELECT pg_id, pg_type, pg_name, pg_target FROM '.table_prefix.'page_groups;'); + if ( !$q ) + $db->_die(); + + echo '
'; + + echo '
+ + + + + + + '; + + if ( $row = $db->fetchrow() ) + { + do + { + $name = htmlspecialchars($row['pg_name']); + $type = 'Invalid'; + switch ( $row['pg_type'] ) + { + case PAGE_GRP_CATLINK: + $type = 'Link to category'; + break; + case PAGE_GRP_TAGGED: + $type = 'Set of tagged pages'; + break; + case PAGE_GRP_NORMAL: + $type = 'Static set of pages'; + break; + } + $target = ''; + if ( $row['pg_type'] == PAGE_GRP_TAGGED ) + { + $target = 'Tag: ' . htmlspecialchars($row['pg_target']); + } + else if ( $row['pg_type'] == PAGE_GRP_CATLINK ) + { + $target = 'Category: ' . htmlspecialchars(get_page_title($paths->nslist['Category'] . sanitize_page_id($row['pg_target']))); + } + $btn_edit = ''; + $btn_del = ''; + // stupid jEdit bug/hack + $quot = '"'; + echo " + + + + + + "; + } + while ( $row = $db->fetchrow() ); + } + else + { + echo ' '; + } + + echo ' + + '; + + echo '
Group nameTypeTargetActions
$name$type$target$btn_edit$btn_del
No page groups defined.
+ +
+
'; + + echo '
'; + +} + +?>