Rev Author Line No. Line
130 kaklik 1 <?php
2 /***************************************************************************
3 * admin_groups.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: admin_groups.php,v 1.25.2.13 2006/03/09 19:42:41 grahamje Exp $
10 *
11 *
12 ***************************************************************************/
13  
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22  
23 define('IN_PHPBB', 1);
24  
25 if ( !empty($setmodules) )
26 {
27 $filename = basename(__FILE__);
28 $module['Groups']['Manage'] = $filename;
29  
30 return;
31 }
32  
33 //
34 // Load default header
35 //
36 $phpbb_root_path = './../';
37 require($phpbb_root_path . 'extension.inc');
38 require('./pagestart.' . $phpEx);
39  
40 if ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
41 {
42 $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
43 }
44 else
45 {
46 $group_id = 0;
47 }
48  
49 if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
50 {
51 $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
52 $mode = htmlspecialchars($mode);
53 }
54 else
55 {
56 $mode = '';
57 }
58  
59 if ( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
60 {
61 //
62 // Ok they are editing a group or creating a new group
63 //
64 $template->set_filenames(array(
65 'body' => 'admin/group_edit_body.tpl')
66 );
67  
68 if ( isset($HTTP_POST_VARS['edit']) )
69 {
70 //
71 // They're editing. Grab the vars.
72 //
73 $sql = "SELECT *
74 FROM " . GROUPS_TABLE . "
75 WHERE group_single_user <> " . TRUE . "
76 AND group_id = $group_id";
77 if ( !($result = $db->sql_query($sql)) )
78 {
79 message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
80 }
81  
82 if ( !($group_info = $db->sql_fetchrow($result)) )
83 {
84 message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
85 }
86  
87 $mode = 'editgroup';
88 $template->assign_block_vars('group_edit', array());
89  
90 }
91 else if ( isset($HTTP_POST_VARS['new']) )
92 {
93 $group_info = array (
94 'group_name' => '',
95 'group_description' => '',
96 'group_moderator' => '',
97 'group_type' => GROUP_OPEN);
98 $group_open = ' checked="checked"';
99  
100 $mode = 'newgroup';
101  
102 }
103  
104 //
105 // Ok, now we know everything about them, let's show the page.
106 //
107 if ($group_info['group_moderator'] != '')
108 {
109 $sql = "SELECT user_id, username
110 FROM " . USERS_TABLE . "
111 WHERE user_id = " . $group_info['group_moderator'];
112 if ( !($result = $db->sql_query($sql)) )
113 {
114 message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
115 }
116  
117 if ( !($row = $db->sql_fetchrow($result)) )
118 {
119 message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
120 }
121  
122 $group_moderator = $row['username'];
123 }
124 else
125 {
126 $group_moderator = '';
127 }
128  
129 $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : '';
130 $group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? ' checked="checked"' : '';
131 $group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? ' checked="checked"' : '';
132  
133 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
134  
135 $template->assign_vars(array(
136 'GROUP_NAME' => $group_info['group_name'],
137 'GROUP_DESCRIPTION' => $group_info['group_description'],
138 'GROUP_MODERATOR' => $group_moderator,
139  
140 'L_GROUP_TITLE' => $lang['Group_administration'],
141 'L_GROUP_EDIT_DELETE' => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
142 'L_GROUP_NAME' => $lang['group_name'],
143 'L_GROUP_DESCRIPTION' => $lang['group_description'],
144 'L_GROUP_MODERATOR' => $lang['group_moderator'],
145 'L_FIND_USERNAME' => $lang['Find_username'],
146 'L_GROUP_STATUS' => $lang['group_status'],
147 'L_GROUP_OPEN' => $lang['group_open'],
148 'L_GROUP_CLOSED' => $lang['group_closed'],
149 'L_GROUP_HIDDEN' => $lang['group_hidden'],
150 'L_GROUP_DELETE' => $lang['group_delete'],
151 'L_GROUP_DELETE_CHECK' => $lang['group_delete_check'],
152 'L_SUBMIT' => $lang['Submit'],
153 'L_RESET' => $lang['Reset'],
154 'L_DELETE_MODERATOR' => $lang['delete_group_moderator'],
155 'L_DELETE_MODERATOR_EXPLAIN' => $lang['delete_moderator_explain'],
156 'L_YES' => $lang['Yes'],
157  
158 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"),
159  
160 'S_GROUP_OPEN_TYPE' => GROUP_OPEN,
161 'S_GROUP_CLOSED_TYPE' => GROUP_CLOSED,
162 'S_GROUP_HIDDEN_TYPE' => GROUP_HIDDEN,
163 'S_GROUP_OPEN_CHECKED' => $group_open,
164 'S_GROUP_CLOSED_CHECKED' => $group_closed,
165 'S_GROUP_HIDDEN_CHECKED' => $group_hidden,
166 'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
167 'S_HIDDEN_FIELDS' => $s_hidden_fields)
168 );
169  
170 $template->pparse('body');
171  
172 }
173 else if ( isset($HTTP_POST_VARS['group_update']) )
174 {
175 //
176 // Ok, they are submitting a group, let's save the data based on if it's new or editing
177 //
178 if ( isset($HTTP_POST_VARS['group_delete']) )
179 {
180 //
181 // Reset User Moderator Level
182 //
183  
184 // Is Group moderating a forum ?
185 $sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . "
186 WHERE group_id = " . $group_id;
187 if ( !($result = $db->sql_query($sql)) )
188 {
189 message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql);
190 }
191  
192 $row = $db->sql_fetchrow($result);
193 if (intval($row['auth_mod']) == 1)
194 {
195 // Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums
196 $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . "
197 WHERE group_id = " . $group_id;
198 if ( !($result = $db->sql_query($sql)) )
199 {
200 message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql);
201 }
202  
203 $rows = $db->sql_fetchrowset($result);
204 for ($i = 0; $i < count($rows); $i++)
205 {
206 $sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
207 WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id)
208 AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")";
209 if ( !($result = $db->sql_query($sql)) )
210 {
211 message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql);
212 }
213  
214 if ($db->sql_numrows($result) == 0)
215 {
216 $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . "
217 WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']);
218  
219 if ( !$db->sql_query($sql) )
220 {
221 message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql);
222 }
223 }
224 }
225 }
226  
227 //
228 // Delete Group
229 //
230 $sql = "DELETE FROM " . GROUPS_TABLE . "
231 WHERE group_id = " . $group_id;
232 if ( !$db->sql_query($sql) )
233 {
234 message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
235 }
236  
237 $sql = "DELETE FROM " . USER_GROUP_TABLE . "
238 WHERE group_id = " . $group_id;
239 if ( !$db->sql_query($sql) )
240 {
241 message_die(GENERAL_ERROR, 'Could not update user_group', '', __LINE__, __FILE__, $sql);
242 }
243  
244 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
245 WHERE group_id = " . $group_id;
246 if ( !$db->sql_query($sql) )
247 {
248 message_die(GENERAL_ERROR, 'Could not update auth_access', '', __LINE__, __FILE__, $sql);
249 }
250  
251 $message = $lang['Deleted_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
252  
253 message_die(GENERAL_MESSAGE, $message);
254 }
255 else
256 {
257 $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
258 $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
259 $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
260 $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
261 $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;
262  
263 if ( $group_name == '' )
264 {
265 message_die(GENERAL_MESSAGE, $lang['No_group_name']);
266 }
267 else if ( $group_moderator == '' )
268 {
269 message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
270 }
271  
272 $this_userdata = get_userdata($group_moderator, true);
273 $group_moderator = $this_userdata['user_id'];
274  
275 if ( !$group_moderator )
276 {
277 message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
278 }
279  
280 if( $mode == "editgroup" )
281 {
282 $sql = "SELECT *
283 FROM " . GROUPS_TABLE . "
284 WHERE group_single_user <> " . TRUE . "
285 AND group_id = " . $group_id;
286 if ( !($result = $db->sql_query($sql)) )
287 {
288 message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
289 }
290  
291 if( !($group_info = $db->sql_fetchrow($result)) )
292 {
293 message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
294 }
295  
296 if ( $group_info['group_moderator'] != $group_moderator )
297 {
298 if ( $delete_old_moderator )
299 {
300 $sql = "DELETE FROM " . USER_GROUP_TABLE . "
301 WHERE user_id = " . $group_info['group_moderator'] . "
302 AND group_id = " . $group_id;
303 if ( !$db->sql_query($sql) )
304 {
305 message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
306 }
307 }
308  
309 $sql = "SELECT user_id
310 FROM " . USER_GROUP_TABLE . "
311 WHERE user_id = $group_moderator
312 AND group_id = $group_id";
313 if ( !($result = $db->sql_query($sql)) )
314 {
315 message_die(GENERAL_ERROR, 'Failed to obtain current group moderator info', '', __LINE__, __FILE__, $sql);
316 }
317  
318 if ( !($row = $db->sql_fetchrow($result)) )
319 {
320 $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
321 VALUES (" . $group_id . ", " . $group_moderator . ", 0)";
322 if ( !$db->sql_query($sql) )
323 {
324 message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
325 }
326 }
327 }
328  
329 $sql = "UPDATE " . GROUPS_TABLE . "
330 SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator
331 WHERE group_id = $group_id";
332 if ( !$db->sql_query($sql) )
333 {
334 message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
335 }
336  
337 $message = $lang['Updated_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');;
338  
339 message_die(GENERAL_MESSAGE, $message);
340 }
341 else if( $mode == 'newgroup' )
342 {
343 $sql = "INSERT INTO " . GROUPS_TABLE . " (group_type, group_name, group_description, group_moderator, group_single_user)
344 VALUES ($group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
345 if ( !$db->sql_query($sql) )
346 {
347 message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
348 }
349 $new_group_id = $db->sql_nextid();
350  
351 $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
352 VALUES ($new_group_id, $group_moderator, 0)";
353 if ( !$db->sql_query($sql) )
354 {
355 message_die(GENERAL_ERROR, 'Could not insert new user-group info', '', __LINE__, __FILE__, $sql);
356 }
357  
358 $message = $lang['Added_new_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');;
359  
360 message_die(GENERAL_MESSAGE, $message);
361  
362 }
363 else
364 {
365 message_die(GENERAL_MESSAGE, $lang['No_group_action']);
366 }
367 }
368 }
369 else
370 {
371 $sql = "SELECT group_id, group_name
372 FROM " . GROUPS_TABLE . "
373 WHERE group_single_user <> " . TRUE . "
374 ORDER BY group_name";
375 if ( !($result = $db->sql_query($sql)) )
376 {
377 message_die(GENERAL_ERROR, 'Could not obtain group list', '', __LINE__, __FILE__, $sql);
378 }
379  
380 $select_list = '';
381 if ( $row = $db->sql_fetchrow($result) )
382 {
383 $select_list .= '<select name="' . POST_GROUPS_URL . '">';
384 do
385 {
386 $select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
387 }
388 while ( $row = $db->sql_fetchrow($result) );
389 $select_list .= '</select>';
390 }
391  
392 $template->set_filenames(array(
393 'body' => 'admin/group_select_body.tpl')
394 );
395  
396 $template->assign_vars(array(
397 'L_GROUP_TITLE' => $lang['Group_administration'],
398 'L_GROUP_EXPLAIN' => $lang['Group_admin_explain'],
399 'L_GROUP_SELECT' => $lang['Select_group'],
400 'L_LOOK_UP' => $lang['Look_up_group'],
401 'L_CREATE_NEW_GROUP' => $lang['New_group'],
402  
403 'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
404 'S_GROUP_SELECT' => $select_list)
405 );
406  
407 if ( $select_list != '' )
408 {
409 $template->assign_block_vars('select_box', array());
410 }
411  
412 $template->pparse('body');
413 }
414  
415 include('./page_footer_admin.'.$phpEx);
416  
417 ?>