diff -r de56132c008d -r bdac73ed481e plugins/admin/GroupManager.php --- a/plugins/admin/GroupManager.php Sun Mar 28 21:49:26 2010 -0400 +++ b/plugins/admin/GroupManager.php Sun Mar 28 23:10:46 2010 -0400 @@ -15,398 +15,398 @@ function page_Admin_GroupManager() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; - echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; - return; - } - - if(isset($_POST['do_create_stage1'])) - { - if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) - { - echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; - return; - } - echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; - echo '<div class="tblholder"> - <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> - <tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr> - <tr> - <td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td> - </tr> - <tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2"> - <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br /> - <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br /> - <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br /> - <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label> - </td></tr> - <tr> - <th class="subhead" colspan="2"> - <input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" /> - <input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" /> - </th> - </tr> - </table> - </div>'; - echo '</form>'; - return; - } - elseif(isset($_POST['do_create_stage2'])) - { - if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) - { - echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; - return; - } - if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) - { - echo '<p>Hacking attempt</p>'; - return; - } - $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); - if(!$e) - { - echo $db->get_error(); - return; - } - if($db->numrows() > 0) - { - echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>'; - return; - } - $db->free_result(); - $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); - if(!$q) - { - echo $db->get_error(); - return; - } - $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); - if(!$e) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>'; - return; - } - $row = $db->fetchrow(); - $id = $row['user_id']; - $db->free_result(); - $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); - if(!$e) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>'; - return; - } - $row = $db->fetchrow(); - $gid = $row['group_id']; - $db->free_result(); - $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); - if(!$e) - { - echo $db->get_error(); - return; - } - $g_name = htmlspecialchars($_POST['create_group_name']); - echo "<div class='info-box'> - <b>" . $lang->get('acpug_heading_info') . "</b><br /> - " . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . " - </div>"; - } - if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) - { - // Fetch the group name - $q = $db->sql_query('SELECT group_name,system_group,group_rank FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo '<p>Error: couldn\'t look up group name</p>'; - } - $row = $db->fetchrow(); - $name = htmlspecialchars($row['group_name']); - $db->free_result(); - if(isset($_POST['edit_do'])) - { - if(isset($_POST['edit_do']['del_group'])) - { - if ( $row['system_group'] == 1 ) - { - echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>'; - } - else - { - $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>'; - return; - } - } - if(isset($_POST['edit_do']['save_name'])) - { - if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) - { - echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; - return; - } - // determine rank - $group_rank =& $_POST['group_rank']; - if ( $_POST['group_rank'] !== 'NULL' ) - { - $group_rank = intval($group_rank); - if ( empty($group_rank) ) - { - echo '<p>Hacked rank ID</p>'; - return; - } - } - $row['group_rank'] = $group_rank; - $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\',group_rank = ' . $group_rank . ' - WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - else - { - echo '<div class="info-box" style="margin: 0 0 10px 0;""> - ' . $lang->get('acpug_msg_name_update_success') . ' - </div>'; - } - $name = htmlspecialchars($_POST['group_name']); - - } - $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members - WHERE group_id='.intval($_POST['group_edit_id']).';'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() > 0) - { - while($delrow = $db->fetchrow($q)) - { - if(isset($_POST['edit_do']['del_' . $delrow['member_id']])) - { - $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$delrow['member_id']); - if(!$e) - { - echo $db->get_error(); - return; - } - } - } - } - $db->free_result(); - if(isset($_POST['edit_do']['add_member'])) - { - $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() > 0) - { - $row = $db->fetchrow(); - $user_id = $row['user_id']; - $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; - $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); - if(!$q) - { - echo $db->get_error(); - return; - } - else - { - - echo '<div class="info-box" style="margin: 0 0 10px 0;""> - ' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . ' - </div>'; - } - } - else - echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>'; - } - generate_cache_userranks(); - } - $sg_disabled = ( $row['system_group'] == 1 ) ? - ' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' : - ' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" '; - - // build rank list - $q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks'); - if ( !$q ) - $db->_die(); - $rank_list = '<option value="NULL"' . ( $row['group_rank'] === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n"; - while ( $rank_row = $db->fetchrow() ) - { - $rank_list .= '<option value="' . $rank_row['rank_id'] . '"' . ( $rank_row['rank_id'] == $row['group_rank'] ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($rank_row['rank_title'])) . '</option>' . "\n"; - } - - echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; - echo '<div class="tblholder"> - <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> - <tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr> - <tr> - <td class="row1"> - ' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" /> - </td> - </tr> - <tr> - <td class="row1"> - ' . $lang->get('acpug_field_group_rank') . ' <select name="group_rank" />' . $rank_list . '</select> - </td> - </tr> - <tr> - <th class="subhead"> - <input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" /> - <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' /> - </th> - </tr> - </table> - </div> - <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; - echo '</form>'; - echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; - echo '<div class="tblholder"> - <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> - <tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>'; - $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m - LEFT JOIN '.table_prefix.'users AS u - ON u.user_id=m.user_id - WHERE m.group_id='.intval($_POST['group_edit_id']).' - ORDER BY m.is_mod DESC, u.username ASC;'); - if(!$q) - { - echo $db->get_error(); - return; - } - if($db->numrows() < 1) - { - echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>'; - } - else - { - $cls = 'row2'; - while($row = $db->fetchrow()) - { - $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; - $mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : ''; - echo '<tr> - <td class="'.$cls.'" style="width: 100%;"> - ' . $row['username'] . ' - </td> - <td class="'.$cls.'"> - '.$mod.' - </td> - <td class="'.$cls.'"> - <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" /> - </td> - </tr>'; - } - } - $db->free_result(); - echo '</table> - </div> - <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; - echo '</form>'; - echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; - echo '<div class="tblholder"> - <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> - <tr> - <th>' . $lang->get('acpug_heading_add_member') . '</th> - </tr> - <tr> - <td class="row1"> - ' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . ' - </td> - </tr> - <tr> - <td class="row2"> - <label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label> - ' . $lang->get('acpug_field_make_mod_hint') . ' - </td> - </tr> - <tr> - <th class="subhead"> - <input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" /> - </th> - </tr> - </table> - </div> - <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; - echo '</form>'; - return; - } - echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>'; - echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; - $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); - if(!$q) - { - echo $db->get_error(); - } - else - { - echo '<div class="tblholder"> - <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> - <tr> - <th>' . $lang->get('acpug_heading_edit_existing') . '</th> - </tr>'; - echo '<tr><td class="row2"><select name="group_edit_id">'; - while ( $row = $db->fetchrow() ) - { - if ( $row['group_name'] != 'Everyone' ) - { - echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>'; - } - } - $db->free_result(); - echo '</select></td></tr>'; - echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr> - </table> - </div> - </form><br />'; - } - echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; - echo '<div class="tblholder"> - <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> - <tr> - <th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th> - </tr>'; - echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>'; - echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' »" /></td></tr> - </table> - </div>'; - echo '</form>'; + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; + echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; + return; + } + + if(isset($_POST['do_create_stage1'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) + { + echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; + return; + } + echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; + echo '<div class="tblholder"> + <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> + <tr><th colspan="2">' . $lang->get('acpug_heading_creating_group') . ' '.htmlspecialchars($_POST['create_group_name']).'</th></tr> + <tr> + <td class="row1">' . $lang->get('acpug_field_group_mod') . '</td><td class="row1">' . $template->username_field('group_mod') . '</td> + </tr> + <tr><td class="row2">' . $lang->get('acpug_field_group_type') . '</td><td class="row2"> + <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> ' . $lang->get('groupcp_type_hidden') . '</label><br /> + <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> ' . $lang->get('groupcp_type_closed') . '</label><br /> + <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> ' . $lang->get('groupcp_type_request') . '</label><br /> + <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> ' . $lang->get('groupcp_type_open') . '</label> + </td></tr> + <tr> + <th class="subhead" colspan="2"> + <input type="hidden" name="create_group_name" value="'.htmlspecialchars($_POST['create_group_name']).'" /> + <input type="submit" name="do_create_stage2" value="' . $lang->get('acpug_btn_create_stage2') . '" /> + </th> + </tr> + </table> + </div>'; + echo '</form>'; + return; + } + elseif(isset($_POST['do_create_stage2'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) + { + echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; + return; + } + if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) + { + echo '<p>Hacking attempt</p>'; + return; + } + $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + echo '<p>' . $lang->get('acpug_err_already_exist') . '</p>'; + return; + } + $db->free_result(); + $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); + if(!$q) + { + echo $db->get_error(); + return; + } + $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '<p>' . $lang->get('acpug_err_bad_username') . '</p>'; + return; + } + $row = $db->fetchrow(); + $id = $row['user_id']; + $db->free_result(); + $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); + if(!$e) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '<p>' . $lang->get('acpug_err_bad_insert_id') . '</p>'; + return; + } + $row = $db->fetchrow(); + $gid = $row['group_id']; + $db->free_result(); + $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); + if(!$e) + { + echo $db->get_error(); + return; + } + $g_name = htmlspecialchars($_POST['create_group_name']); + echo "<div class='info-box'> + <b>" . $lang->get('acpug_heading_info') . "</b><br /> + " . $lang->get('acpug_msg_create_success', array('g_name' => $g_name)) . " + </div>"; + } + if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) + { + // Fetch the group name + $q = $db->sql_query('SELECT group_name,system_group,group_rank FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '<p>Error: couldn\'t look up group name</p>'; + } + $row = $db->fetchrow(); + $name = htmlspecialchars($row['group_name']); + $db->free_result(); + if(isset($_POST['edit_do'])) + { + if(isset($_POST['edit_do']['del_group'])) + { + if ( $row['system_group'] == 1 ) + { + echo '<div class="error-box">' . $lang->get('acpug_err_nodelete_system_group', array('g_name' => $name)) . '</div>'; + } + else + { + $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + echo '<div class="info-box">' . $lang->get('acpug_msg_delete_success', array('g_name' => $name, 'a_flags' => 'href="javascript:ajaxPage(\'' . $paths->nslist['Admin'] . 'GroupManager\');"')) . '</div>'; + return; + } + } + if(isset($_POST['edit_do']['save_name'])) + { + if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) + { + echo '<p>' . $lang->get('acpug_err_group_name_invalid') . '</p>'; + return; + } + // determine rank + $group_rank =& $_POST['group_rank']; + if ( $_POST['group_rank'] !== 'NULL' ) + { + $group_rank = intval($group_rank); + if ( empty($group_rank) ) + { + echo '<p>Hacked rank ID</p>'; + return; + } + } + $row['group_rank'] = $group_rank; + $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\',group_rank = ' . $group_rank . ' + WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + else + { + echo '<div class="info-box" style="margin: 0 0 10px 0;""> + ' . $lang->get('acpug_msg_name_update_success') . ' + </div>'; + } + $name = htmlspecialchars($_POST['group_name']); + + } + $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members + WHERE group_id='.intval($_POST['group_edit_id']).';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + while($delrow = $db->fetchrow($q)) + { + if(isset($_POST['edit_do']['del_' . $delrow['member_id']])) + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$delrow['member_id']); + if(!$e) + { + echo $db->get_error(); + return; + } + } + } + } + $db->free_result(); + if(isset($_POST['edit_do']['add_member'])) + { + $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() > 0) + { + $row = $db->fetchrow(); + $user_id = $row['user_id']; + $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; + $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); + if(!$q) + { + echo $db->get_error(); + return; + } + else + { + + echo '<div class="info-box" style="margin: 0 0 10px 0;""> + ' . $lang->get('acpug_msg_user_added', array('username' => htmlspecialchars($_POST['edit_add_username']))) . ' + </div>'; + } + } + else + echo '<div class="warning-box">' . $lang->get('acpug_err_username_not_exist', array('username' => htmlspecialchars($_POST['edit_add_username']))) . '</div>'; + } + generate_cache_userranks(); + } + $sg_disabled = ( $row['system_group'] == 1 ) ? + ' value="' . $lang->get('acpug_btn_cant_delete') . '" disabled="disabled" style="color: #FF9773" ' : + ' value="' . $lang->get('acpug_btn_delete_group') . '" style="color: #FF3713" '; + + // build rank list + $q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks'); + if ( !$q ) + $db->_die(); + $rank_list = '<option value="NULL"' . ( $row['group_rank'] === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n"; + while ( $rank_row = $db->fetchrow() ) + { + $rank_list .= '<option value="' . $rank_row['rank_id'] . '"' . ( $rank_row['rank_id'] == $row['group_rank'] ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($rank_row['rank_title'])) . '</option>' . "\n"; + } + + echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; + echo '<div class="tblholder"> + <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> + <tr><th>' . $lang->get('acpug_heading_edit_name') . '</th></tr> + <tr> + <td class="row1"> + ' . $lang->get('acpug_field_group_name') . ' <input type="text" name="group_name" value="'.$name.'" /> + </td> + </tr> + <tr> + <td class="row1"> + ' . $lang->get('acpug_field_group_rank') . ' <select name="group_rank" />' . $rank_list . '</select> + </td> + </tr> + <tr> + <th class="subhead"> + <input type="submit" name="edit_do[save_name]" value="' . $lang->get('acpug_btn_save_name') . '" /> + <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' /> + </th> + </tr> + </table> + </div> + <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; + echo '</form>'; + echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; + echo '<div class="tblholder"> + <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> + <tr><th colspan="3">' . $lang->get('acpug_heading_edit_members') . '</th></tr>'; + $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m + LEFT JOIN '.table_prefix.'users AS u + ON u.user_id=m.user_id + WHERE m.group_id='.intval($_POST['group_edit_id']).' + ORDER BY m.is_mod DESC, u.username ASC;'); + if(!$q) + { + echo $db->get_error(); + return; + } + if($db->numrows() < 1) + { + echo '<tr><td colspan="3" class="row1">' . $lang->get('acpug_msg_no_members') . '</td></tr>'; + } + else + { + $cls = 'row2'; + while($row = $db->fetchrow()) + { + $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; + $mod = ( $row['is_mod'] == 1 ) ? $lang->get('acpug_lbl_member_mod') : ''; + echo '<tr> + <td class="'.$cls.'" style="width: 100%;"> + ' . $row['username'] . ' + </td> + <td class="'.$cls.'"> + '.$mod.' + </td> + <td class="'.$cls.'"> + <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="' . $lang->get('acpug_btn_remove_member') . '" /> + </td> + </tr>'; + } + } + $db->free_result(); + echo '</table> + </div> + <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; + echo '</form>'; + echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; + echo '<div class="tblholder"> + <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> + <tr> + <th>' . $lang->get('acpug_heading_add_member') . '</th> + </tr> + <tr> + <td class="row1"> + ' . $lang->get('acpug_field_username') . ' ' . $template->username_field('edit_add_username') . ' + </td> + </tr> + <tr> + <td class="row2"> + <label><input type="checkbox" name="add_mod" /> ' . $lang->get('acpug_field_make_mod') . '</label> + ' . $lang->get('acpug_field_make_mod_hint') . ' + </td> + </tr> + <tr> + <th class="subhead"> + <input type="submit" name="edit_do[add_member]" value="' . $lang->get('acpug_btn_add_user') . '" /> + </th> + </tr> + </table> + </div> + <input type="hidden" name="group_edit_id" value="'.htmlspecialchars($_POST['group_edit_id']).'" />'; + echo '</form>'; + return; + } + echo '<h3>' . $lang->get('acpug_heading_main') . '</h3>'; + echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; + $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); + if(!$q) + { + echo $db->get_error(); + } + else + { + echo '<div class="tblholder"> + <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> + <tr> + <th>' . $lang->get('acpug_heading_edit_existing') . '</th> + </tr>'; + echo '<tr><td class="row2"><select name="group_edit_id">'; + while ( $row = $db->fetchrow() ) + { + if ( $row['group_name'] != 'Everyone' ) + { + echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>'; + } + } + $db->free_result(); + echo '</select></td></tr>'; + echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="' . $lang->get('acpug_btn_edit_stage1') . '" /></td></tr> + </table> + </div> + </form><br />'; + } + echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; + echo '<div class="tblholder"> + <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> + <tr> + <th colspan="2">' . $lang->get('acpug_heading_create_new') . '</th> + </tr>'; + echo '<tr><td class="row2">' . $lang->get('acpug_field_group_name') . '</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>'; + echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="' . $lang->get('acpug_btn_create_stage1') . ' »" /></td></tr> + </table> + </div>'; + echo '</form>'; } ?>