function user_create($Username, $Password) { global $pdo; if (user_exists($Username)) { return false; } $stmt = $pdo->prepare(' INSERT INTO `users` ( `username` , `password` ) VALUES ( :username , :password )'); $stmt->bindValue(':username', s($Username)); $stmt->bindValue(':password', user_hash($Password, $Username)); $stmt->execute(); $uid = $pdo->lastInsertId(); $stmt->closeCursor(); // Create a group for the new user lib('Group'); $gid = group_create(s($Username), 'user'); group_add($gid, $uid); return $uid; }
public function test_notifications() { global $phpbb_root_path, $phpEx, $phpbb_dispatcher, $phpbb_log; include_once $phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx; include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx; include_once $phpbb_root_path . 'includes/functions_content.' . $phpEx; set_config(false, false, false, $this->config); $this->container->set('groupposition.legend', new \phpbb\groupposition\legend($this->db, $this->user)); $this->container->set('groupposition.teampage', new \phpbb\groupposition\teampage($this->db, $this->user, $this->cache->get_driver())); $phpbb_dispatcher = new phpbb_mock_event_dispatcher(); $phpbb_log = new \phpbb\log\null(); // Now on to the actual test $group_id = false; group_create($group_id, GROUP_OPEN, 'test', 'test group', array()); // Add user 2 as group leader group_user_add($group_id, 2, false, false, false, true, false); // Add user 3 as pending group_user_add($group_id, 3, false, false, false, false, true); $this->assert_notifications(array(array('item_id' => 3, 'item_parent_id' => $group_id, 'user_id' => 2, 'notification_read' => 0, 'notification_data' => array('group_name' => 'test'))), array('user_id' => 2)); // Approve user 3 joining the group group_user_attributes('approve', $group_id, array(3)); // user 3 pending notification should have been deleted $this->assert_notifications(array(), array('user_id' => 2)); $this->assert_notifications(array(array('item_id' => $group_id, 'user_id' => 3, 'notification_read' => 0, 'notification_data' => array('group_name' => 'test'))), array('user_id' => 3)); }
function creategroup_submit(Pieform $form, $values) { global $USER; global $SESSION; list($grouptype, $jointype) = explode('.', $values['grouptype']); $values['public'] = isset($values['public']) ? $values['public'] : 0; $values['usersautoadded'] = isset($values['usersautoadded']) ? $values['usersautoadded'] : 0; $id = group_create(array('name' => $values['name'], 'description' => $values['description'], 'grouptype' => $grouptype, 'category' => empty($values['category']) ? null : intval($values['category']), 'jointype' => $jointype, 'public' => intval($values['public']), 'usersautoadded' => intval($values['usersautoadded']), 'members' => array($USER->get('id') => 'admin'), 'viewnotify' => intval($values['viewnotify']))); $USER->reset_grouproles(); $SESSION->add_ok_msg(get_string('groupsaved', 'group')); redirect('/group/view.php?id=' . $id); }
function editgroup_submit(Pieform $form, $values) { global $USER, $SESSION, $group_data, $publicallowed; $values['public'] = isset($values['public']) ? $values['public'] : 0; $values['usersautoadded'] = isset($values['usersautoadded']) ? $values['usersautoadded'] : 0; $newvalues = array('name' => $group_data->name == $values['name'] ? $values['name'] : trim($values['name']), 'description' => $values['description'], 'grouptype' => $values['grouptype'], 'category' => empty($values['category']) ? null : intval($values['category']), 'open' => intval($values['open']), 'controlled' => intval($values['controlled']), 'request' => intval($values['request']), 'usersautoadded' => intval($values['usersautoadded']), 'public' => $publicallowed ? intval($values['public']) : 0, 'viewnotify' => intval($values['viewnotify']), 'submittableto' => intval($values['submittableto']), 'allowarchives' => intval(!empty($values['allowarchives']) ? $values['allowarchives'] : 0), 'editroles' => $values['editroles'], 'hidden' => intval($values['hidden']), 'hidemembers' => intval(!empty($values['hidemembersfrommembers']) || !empty($values['hidemembers'])), 'hidemembersfrommembers' => intval($values['hidemembersfrommembers']), 'groupparticipationreports' => intval($values['groupparticipationreports']), 'invitefriends' => intval($values['invitefriends']), 'suggestfriends' => intval($values['suggestfriends']), 'editwindowstart' => db_format_timestamp($values['editwindowstart']), 'editwindowend' => db_format_timestamp($values['editwindowend']), 'sendnow' => intval($values['sendnow']), 'feedbacknotify' => intval($values['feedbacknotify'])); if (get_config('cleanurls') && isset($values['urlid']) && '' !== (string) $values['urlid']) { $newvalues['urlid'] = $values['urlid']; } db_begin(); if (!$group_data->id) { $newvalues['members'] = array($USER->get('id') => 'admin'); $group_data->id = group_create($newvalues); $USER->reset_grouproles(); } // Now update the description with any embedded image info $newvalues['description'] = EmbeddedImage::prepare_embedded_images($newvalues['description'], 'group', $group_data->id, $group_data->id); $newvalues['id'] = $group_data->id; unset($newvalues['members']); group_update((object) $newvalues); $SESSION->add_ok_msg(get_string('groupsaved', 'group')); db_commit(); // Reload $group_data->urlid or else the redirect will fail if (get_config('cleanurls') && (!isset($values['urlid']) || $group_data->urlid != $values['urlid'])) { $group_data->urlid = get_field('group', 'urlid', 'id', $group_data->id); } redirect(group_homepage_url($group_data)); }
/** * synchronize Mahara's groups with groups defined on a LDAP server * * @param boolean $dryrun dummy execution. Do not perform any database operations * @return boolean */ function sync_groups($dryrun = false) { global $USER; log_info('---------- started groupsync auth instance ' . $this->instanceid . ' at ' . date('r', time()) . ' ----------'); if (!$this->get_config('syncgroupscron')) { log_info('Not set to sync groups, so exiting'); return true; } // We need to tell the session that we are the admin user, so that we have permission to manipulate groups $USER->reanimate(1, 1); $syncbyattribute = $this->get_config('syncgroupsbyuserfield') && $this->get_config('syncgroupsgroupattribute'); $syncbyclass = $this->get_config('syncgroupsbyclass') && $this->get_config('syncgroupsgroupclass') && $this->get_config('syncgroupsgroupattribute') && $this->get_config('syncgroupsmemberattribute'); $excludelist = $this->get_config('syncgroupsexcludelist'); $includelist = $this->get_config('syncgroupsincludelist'); $searchsub = $this->get_config('syncgroupssearchsub'); $grouptype = $this->get_config('syncgroupsgrouptype'); $groupattribute = $this->get_config('syncgroupsgroupattribute'); $docreate = $this->get_config('syncgroupsautocreate'); // If neither one is set, return if (!$syncbyattribute && !$syncbyclass) { log_info('not set to sync by user attribute or by group objects, so exiting'); return true; } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("exclusion list : "); var_dump($excludelist); log_debug("inclusion list : "); var_dump($includelist); } // fetch userids of current members of that institution if ($this->institution == 'mahara') { $currentmembers = get_records_sql_assoc('select u.username as username, u.id as id from {usr} u where u.deleted=0 and not exists (select 1 from {usr_institution} ui where ui.usr=u.id)', array()); } else { $currentmembers = get_records_sql_assoc('select u.username as username, u.id as id from {usr} u inner join {usr_institution} ui on u.id=ui.usr where u.deleted=0 and ui.institution=?', array($this->institution)); } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("current members : " . count($currentmembers)); var_dump($currentmembers); } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("config. LDAP : "); var_dump($this->get_config()); } $groups = array(); if ($syncbyattribute) { // get the distinct values of the used attribute by a LDAP search // that may be restricted by flags -c or -o $groups = array_merge($groups, $this->get_attribute_distinct_values($searchsub)); } if ($syncbyclass) { $groups = array_merge($groups, $this->ldap_get_grouplist('*', $searchsub)); } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("Found LDAP groups : "); var_dump($groups); } $nbadded = 0; foreach ($groups as $group) { $nomatch = false; log_debug("Processing group '{$group}'"); if (!ldap_sync_filter_name($group, $includelist, $excludelist)) { continue; } if (get_config('auth_ldap_debug_sync_cron')) { log_debug("processing group : "); var_dump($group); } $ldapusers = array(); if ($syncbyattribute) { $ldapusers = array_merge($ldapusers, $this->get_users_having_attribute_value($group)); } if ($syncbyclass) { $ldapusers = array_merge($ldapusers, $this->ldap_get_group_members($group)); } // test whether this group exists within the institution // group.shortname is limited to 255 characters. Unlikely anyone will hit this, but why not? $shortname = substr($group, 0, 255); if (!($dbgroup = get_record('group', 'shortname', $shortname, 'institution', $this->institution))) { if (!$docreate) { log_debug('autocreation is off so skipping Mahara not existing group ' . $group); continue; } if (count($ldapusers) == 0) { log_debug('will not autocreate an empty Mahara group ' . $group); continue; } try { log_info('creating group ' . $group); // Make sure the name is unique (across all institutions) // group.name only allows 128 characters. In the event of // really long group names, we'll arbitrarily truncate them $basename = $this->institution . ' : ' . $group; $name = substr($basename, 0, 128); $n = 0; while (record_exists('group', 'name', $name)) { $n++; $tail = " {$n}"; $name .= substr($basename, 0, 128 - strlen($tail)) . $tail; } $dbgroup = array(); $dbgroup['name'] = $name; $dbgroup['institution'] = $this->institution; $dbgroup['shortname'] = $shortname; $dbgroup['grouptype'] = $grouptype; // default standard (change to course) $dbgroup['controlled'] = 1; //definitively $nbadded++; if (!$dryrun) { $groupid = group_create($dbgroup); } } catch (Exception $ex) { log_warn($ex->getMessage()); continue; } } else { $groupid = $dbgroup->id; log_debug('group exists ' . $group); } // now it does exist see what members should be added/removed if (get_config('auth_ldap_debug_sync_cron')) { log_debug($group . ' : '); var_dump($ldapusers); } // Puts the site's "admin" user into the group as a group admin $members = array('1' => 'admin'); //must be set otherwise fatal error group_update_members: no group admins listed for group foreach ($ldapusers as $username) { if (isset($currentmembers[$username])) { $id = $currentmembers[$username]->id; $members[$id] = 'member'; } } if (get_config('auth_ldap_debug_sync_cron')) { log_debug('new members list : ' . count($members)); var_dump($members); } unset($ldapusers); //try to save memory before memory consuming call to API $result = $dryrun ? false : group_update_members($groupid, $members); if ($result) { log_info(" -> added : {$result['added']} removed : {$result['removed']} updated : {$result['updated']}"); } else { log_debug('-> no change for ' . $group); } unset($members); //break; } log_info('---------- finished groupsync auth instance ' . $this->instanceid . ' at ' . date('r', time()) . ' ----------'); return true; }
/** * Update details of an existing group. * * @param array $new New values for the group table. * @param bool $create Create the group if it doesn't exist yet */ function group_update($new, $create = false) { if (!empty($new->id)) { $old = get_record_select('group', 'id = ? AND deleted = 0', array($new->id)); } else { if (!empty($new->institution) && isset($new->shortname) && strlen($new->shortname)) { $old = get_record_select('group', 'shortname = ? AND institution = ? AND deleted = 0', array($new->shortname, $new->institution)); if (!$old && $create) { return group_create((array) $new); } } } if (!$old) { throw new NotFoundException("group_update: group not found"); } if (!empty($old->institution) && $old->institution != 'mahara') { // Api-controlled group; check permissions. global $USER; if (!$USER->can_edit_institution($old->institution)) { throw new AccessDeniedException("group_update: cannot update a group in this institution"); } } if (isset($new->submittableto) && empty($new->submittableto) || !isset($new->submittableto) && empty($old->submittableto)) { $new->allowarchives = 0; } // Institution and shortname cannot be updated (yet) unset($new->institution); unset($new->shortname); foreach (array('id', 'grouptype', 'public', 'request', 'submittableto', 'allowarchives', 'editroles', 'hidden', 'hidemembers', 'hidemembersfrommembers', 'groupparticipationreports') as $f) { if (!isset($new->{$f})) { $new->{$f} = $old->{$f}; } } if (isset($new->jointype)) { log_warn("group_update: ignoring supplied jointype"); unset($new->jointype); } // If the caller isn't trying to enable open/controlled, use the old values if (!isset($new->open)) { $new->open = empty($new->controlled) && $old->jointype == 'open'; } if (!isset($new->controlled)) { $new->controlled = empty($new->open) && $old->jointype == 'controlled'; } if ($new->open) { if ($new->controlled) { throw new InvalidArgumentException("group_update: a group cannot have both open and controlled membership"); } $new->request = 0; $new->jointype = 'open'; } else { if ($new->controlled) { $new->jointype = 'controlled'; } else { $new->jointype = 'approve'; } } unset($new->open); unset($new->controlled); // Ensure only one of invitefriends,suggestfriends gets enabled. if (!empty($new->invitefriends)) { $new->suggestfriends = 0; } else { if (!isset($new->invitefriends)) { $new->invitefriends = (int) ($old->invitefriends && empty($new->suggestfriends)); } } if (!isset($new->suggestfriends)) { $new->suggestfriends = $old->suggestfriends; } $diff = array_diff_assoc((array) $new, (array) $old); if (empty($diff)) { return null; } db_begin(); if (isset($new->members)) { group_update_members($new->id, $new->members); unset($new->members); } update_record('group', $new, 'id'); // Add users who have requested membership of a group that's becoming // open if ($old->jointype != 'open' && $new->jointype == 'open') { $userids = get_column_sql(' SELECT u.id FROM {usr} u JOIN {group_member_request} r ON u.id = r.member WHERE r.group = ? AND u.deleted = 0', array($new->id)); if ($userids) { foreach ($userids as $uid) { group_add_user($new->id, $uid); } } } // Invitations to controlled groups are allowed, but if the admin is // changing a group to controlled membership, we'll assume they want // want to revoke all the existing invitations. if ($old->jointype != 'controlled' && $new->jointype == 'controlled') { delete_records('group_member_invite', 'group', $new->id); } // Remove requests if ($old->request && !$new->request) { delete_records('group_member_request', 'group', $new->id); } // When the group type changes, make sure everyone has a valid role. safe_require('grouptype', $new->grouptype); $allowedroles = call_static_method('GroupType' . ucfirst($new->grouptype), 'get_roles'); set_field_select('group_member', 'role', 'member', '"group" = ? AND NOT role IN (' . join(',', array_fill(0, count($allowedroles), '?')) . ')', array_merge(array($new->id), $allowedroles)); // When a group changes from public -> private or vice versa, set the // appropriate access permissions on the group homepage view. if ($old->public != $new->public) { $homepageid = get_field('view', 'id', 'type', 'grouphomepage', 'group', $new->id); if ($old->public && !$new->public) { delete_records('view_access', 'view', $homepageid, 'accesstype', 'public'); insert_record('view_access', (object) array('view' => $homepageid, 'accesstype' => 'loggedin', 'ctime' => db_format_timestamp(time()))); } else { if (!$old->public && $new->public) { delete_records('view_access', 'view', $homepageid, 'accesstype', 'loggedin'); insert_record('view_access', (object) array('view' => $homepageid, 'accesstype' => 'public', 'ctime' => db_format_timestamp(time()))); } } } db_commit(); return $diff; }
function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; $user->add_lang('acp/groups'); $this->tpl_name = 'acp_groups'; $this->page_title = 'ACP_GROUPS_MANAGE'; include $phpbb_root_path . 'includes/functions_user.' . $phpEx; // Check and set some common vars $action = isset($_POST['add']) ? 'add' : (isset($_POST['addusers']) ? 'addusers' : request_var('action', '')); $group_id = request_var('g', 0); $mark_ary = request_var('mark', array(0)); $name_ary = request_var('usernames', ''); $leader = request_var('leader', 0); $default = request_var('default', 0); $start = request_var('start', 0); $update = isset($_POST['update']) ? true : false; // Clear some vars $can_upload = file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $file_uploads ? true : false; $group_row = array(); // Grab basic data for group, if group_id is set and exists if ($group_id) { $sql = 'SELECT * FROM ' . GROUPS_TABLE . " \n\t\t\t\tWHERE group_id = {$group_id}"; $result = $db->sql_query($sql); $group_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$group_row) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action)); } } // Which page? switch ($action) { case 'approve': case 'demote': case 'promote': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action)); } // Approve, demote or promote group_user_attributes($action, $group_id, $mark_ary, false, $group_id ? $group_row['group_name'] : false); switch ($action) { case 'demote': $message = 'GROUP_MODS_DEMOTED'; break; case 'promote': $message = 'GROUP_MODS_PROMOTED'; break; case 'approve': $message = 'USERS_APPROVED'; break; } trigger_error($user->lang[$message] . adm_back_link($this->u_action)); break; case 'default': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action)); } if (confirm_box(true)) { if (!sizeof($mark_ary)) { $start = 0; do { $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\t\t\t\tWHERE group_id = {$group_id} \n\t\t\t\t\t\t\t\tORDER BY user_id"; $result = $db->sql_query_limit($sql, 200, $start); $mark_ary = array(); if ($row = $db->sql_fetchrow($result)) { do { $mark_ary[] = $row['user_id']; } while ($row = $db->sql_fetchrow($result)); group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); $start = sizeof($mark_ary) < 200 ? 0 : $start + 200; } else { $start = 0; } $db->sql_freeresult($result); } while ($start); } else { group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); } trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'deleteusers': case 'delete': if (confirm_box(true)) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action)); } $error = ''; switch ($action) { case 'delete': if (!$auth->acl_get('a_groupdel')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action)); } $error = group_delete($group_id, $group_row['group_name']); break; case 'deleteusers': $error = group_user_del($group_id, $mark_ary, false, $group_row['group_name']); break; } if ($error) { trigger_error($user->lang[$error] . adm_back_link($this->u_action)); } $message = $action == 'delete' ? 'GROUP_DELETED' : 'GROUP_USERS_REMOVE'; trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'addusers': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action)); } if (!$name_ary) { trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action)); } $name_ary = array_unique(explode("\n", $name_ary)); // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_row['group_name'], $default, $leader, 0, $group_row)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action)); } $message = $action == 'addleaders' ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED'; trigger_error($user->lang[$message] . adm_back_link($this->u_action)); break; case 'edit': case 'add': $data = $submit_ary = array(); if ($action == 'edit' && !$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action)); } if ($action == 'add' && !$auth->acl_get('a_groupadd')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action)); } $error = array(); $user->add_lang('ucp'); $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); // Did we submit? if ($update) { $group_name = request_var('group_name', '', true); $group_desc = request_var('group_desc', '', true); $group_type = request_var('group_type', GROUP_FREE); $allow_desc_bbcode = request_var('desc_parse_bbcode', false); $allow_desc_urls = request_var('desc_parse_urls', false); $allow_desc_smilies = request_var('desc_parse_smilies', false); $data['uploadurl'] = request_var('uploadurl', ''); $data['remotelink'] = request_var('remotelink', ''); $delete = request_var('delete', ''); $submit_ary = array('colour' => request_var('group_colour', ''), 'rank' => request_var('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, 'legend' => isset($_REQUEST['group_legend']) ? 1 : 0, 'message_limit' => request_var('group_message_limit', 0)); if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink']) { $data['width'] = request_var('width', ''); $data['height'] = request_var('height', ''); // Avatar stuff $var_ary = array('uploadurl' => array('string', true, 5, 255), 'remotelink' => array('string', true, 5, 255), 'width' => array('string', true, 1, 3), 'height' => array('string', true, 1, 3)); if (!($error = validate_data($data, $var_ary))) { $data['user_id'] = "g{$group_id}"; if ((!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl']) && $can_upload) { list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_upload($data, $error); } else { if ($data['remotelink']) { list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_remote($data, $error); } } } } else { if ($avatar_select && $config['allow_avatar_local']) { // check avatar gallery if (is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category)) { $submit_ary['avatar_type'] = AVATAR_GALLERY; list($submit_ary['avatar_width'], $submit_ary['avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_select); $submit_ary['avatar'] = $category . '/' . $avatar_select; } } else { if ($delete) { $submit_ary['avatar'] = ''; $submit_ary['avatar_type'] = $submit_ary['avatar_width'] = $submit_ary['avatar_height'] = 0; } } } if (isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar']) || $delete) { if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { avatar_delete($group_row['group_avatar']); } } if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. $group_attributes = array(); $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit'); foreach ($test_variables as $test) { if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test])) { $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; } } if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) { $group_perm_from = request_var('group_perm_from', 0); // Copy permissions? if ($group_perm_from && $action == 'add') { // From the mysql documentation: // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. // Due to this we stay on the safe side if we do the insertion "the manual way" // Copy permisisons from/to the acl groups table (only group_id gets changed) $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting FROM ' . ACL_GROUPS_TABLE . ' WHERE group_id = ' . $group_perm_from; $result = $db->sql_query($sql); $groups_sql_ary = array(); while ($row = $db->sql_fetchrow($result)) { $groups_sql_ary[] = array('group_id' => (int) $group_id, 'forum_id' => (int) $row['forum_id'], 'auth_option_id' => (int) $row['auth_option_id'], 'auth_role_id' => (int) $row['auth_role_id'], 'auth_setting' => (int) $row['auth_setting']); } $db->sql_freeresult($result); // Now insert the data if (sizeof($groups_sql_ary)) { switch (SQL_LAYER) { case 'mysql': case 'mysql4': case 'mysqli': $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $groups_sql_ary)); break; default: foreach ($groups_sql_ary as $ary) { $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $ary)); } break; } } $auth->acl_clear_prefetch(); } $cache->destroy('sql', GROUPS_TABLE); $message = $action == 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED'; trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } } if (sizeof($error)) { $group_rank = $submit_ary['rank']; $group_desc_data = array('text' => $group_desc, 'allow_bbcode' => $allow_desc_bbcode, 'allow_smilies' => $allow_desc_smilies, 'allow_urls' => $allow_desc_urls); } } else { if (!$group_id) { $group_name = request_var('group_name', '', true); $group_desc_data = array('text' => '', 'allow_bbcode' => true, 'allow_smilies' => true, 'allow_urls' => true); $group_rank = 0; $group_type = GROUP_OPEN; } else { $group_name = $group_row['group_name']; $group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield']); $group_type = $group_row['group_type']; $group_rank = $group_row['group_rank']; } } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $rank_options = '<option value="0"' . (!$group_rank ? ' selected="selected"' : '') . '>' . $user->lang['USER_DEFAULT'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = $group_rank && $row['rank_id'] == $group_rank ? ' selected="selected"' : ''; $rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $type_free = $group_type == GROUP_FREE ? ' checked="checked"' : ''; $type_open = $group_type == GROUP_OPEN ? ' checked="checked"' : ''; $type_closed = $group_type == GROUP_CLOSED ? ' checked="checked"' : ''; $type_hidden = $group_type == GROUP_HIDDEN ? ' checked="checked"' : ''; if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { switch ($group_row['group_avatar_type']) { case AVATAR_UPLOAD: $avatar_img = $phpbb_root_path . $config['avatar_path'] . '/'; break; case AVATAR_GALLERY: $avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/'; break; } $avatar_img .= $group_row['group_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $group_row['group_avatar_width'] . '" height="' . $group_row['group_avatar_height'] . '" alt="" />'; } else { $avatar_img = '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />'; } $display_gallery = isset($_POST['display_gallery']) ? true : false; if ($config['allow_avatar_local'] && $display_gallery) { avatar_gallery($category, $avatar_select, 4); } $back_link = request_var('back_link', ''); switch ($back_link) { case 'acp_users_groups': $u_back = append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=users&mode=groups&u=' . request_var('u', 0)); break; default: $u_back = $this->u_action; break; } $template->assign_vars(array('S_EDIT' => true, 'S_ADD_GROUP' => $action == 'add' ? true : false, 'S_INCLUDE_SWATCH' => true, 'S_CAN_UPLOAD' => $can_upload, 'S_ERROR' => sizeof($error) ? true : false, 'S_SPECIAL_GROUP' => $group_type == GROUP_SPECIAL ? true : false, 'S_DISPLAY_GALLERY' => $config['allow_avatar_local'] && !$display_gallery ? true : false, 'S_IN_GALLERY' => $config['allow_avatar_local'] && $display_gallery ? true : false, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : '', 'GROUP_NAME' => $group_type == GROUP_SPECIAL ? $user->lang['G_' . $group_name] : $group_name, 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_DESC' => $group_desc_data['text'], 'GROUP_RECEIVE_PM' => isset($group_row['group_receive_pm']) && $group_row['group_receive_pm'] ? ' checked="checked"' : '', 'GROUP_LEGEND' => isset($group_row['group_legend']) && $group_row['group_legend'] ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => isset($group_row['group_message_limit']) ? $group_row['group_message_limit'] : 0, 'GROUP_COLOUR' => isset($group_row['group_colour']) ? $group_row['group_colour'] : '', 'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'], 'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'], 'S_DESC_SMILIES_CHECKED' => $group_desc_data['allow_smilies'], 'S_RANK_OPTIONS' => $rank_options, 'S_GROUP_OPTIONS' => group_select_options(0), 'AVATAR_IMAGE' => $avatar_img, 'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'], 'GROUP_AVATAR_WIDTH' => isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '', 'GROUP_AVATAR_HEIGHT' => isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '', 'GROUP_TYPE_FREE' => GROUP_FREE, 'GROUP_TYPE_OPEN' => GROUP_OPEN, 'GROUP_TYPE_CLOSED' => GROUP_CLOSED, 'GROUP_TYPE_HIDDEN' => GROUP_HIDDEN, 'GROUP_TYPE_SPECIAL' => GROUP_SPECIAL, 'GROUP_FREE' => $type_free, 'GROUP_OPEN' => $type_open, 'GROUP_CLOSED' => $type_closed, 'GROUP_HIDDEN' => $type_hidden, 'U_BACK' => $u_back, 'U_SWATCH' => append_sid("{$phpbb_admin_path}swatch.{$phpEx}", 'form=settings&name=group_colour'), 'UA_SWATCH' => append_sid("{$phpbb_admin_path}swatch.{$phpEx}", 'form=settings&name=group_colour', false), 'U_ACTION' => "{$this->u_action}&action={$action}&g={$group_id}", 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))); return; break; case 'list': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action)); } $this->page_title = 'GROUP_MEMBERS'; // Total number of group leaders $sql = 'SELECT COUNT(user_id) AS total_leaders FROM ' . USER_GROUP_TABLE . " \n\t\t\t\t\tWHERE group_id = {$group_id} \n\t\t\t\t\t\tAND group_leader = 1"; $result = $db->sql_query($sql); $total_leaders = (int) $db->sql_fetchfield('total_leaders'); $db->sql_freeresult($result); // Total number of group members (non-leaders) $sql = 'SELECT COUNT(user_id) AS total_members FROM ' . USER_GROUP_TABLE . " \n\t\t\t\t\tWHERE group_id = {$group_id} \n\t\t\t\t\t\tAND group_leader <> 1"; $result = $db->sql_query($sql); $total_members = (int) $db->sql_fetchfield('total_members'); $db->sql_freeresult($result); // Grab the members $sql = 'SELECT u.user_id, u.username, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug \n\t\t\t\t\tWHERE ug.group_id = {$group_id} \n\t\t\t\t\t\tAND u.user_id = ug.user_id \n\t\t\t\t\tORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username"; $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); $leader = $member = 0; $group_data = array('leader' => array(), 'member' => array()); while ($row = $db->sql_fetchrow($result)) { $type = $row['group_leader'] ? 'leader' : 'member'; $group_data[$type][${$type}]['user_id'] = $row['user_id']; $group_data[$type][${$type}]['group_id'] = $row['group_id']; $group_data[$type][${$type}]['username'] = $row['username']; $group_data[$type][${$type}]['user_regdate'] = $row['user_regdate']; $group_data[$type][${$type}]['user_posts'] = $row['user_posts']; $group_data[$type][${$type}]['user_pending'] = $row['user_pending'] ? 1 : 0; ${$type}++; } $db->sql_freeresult($result); $s_action_options = ''; $options = array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'demote' => 'DEMOTE', 'promote' => 'PROMOTE', 'deleteusers' => 'DELETE'); foreach ($options as $option => $lang) { $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } $template->assign_vars(array('S_LIST' => true, 'S_GROUP_SPECIAL' => $group_row['group_type'] == GROUP_SPECIAL ? true : false, 'S_ACTION_OPTIONS' => $s_action_options, 'S_ON_PAGE' => on_page($total_members, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&action={$action}&g={$group_id}", $total_members, $config['topics_per_page'], $start, true), 'U_ACTION' => $this->u_action . "&g={$group_id}", 'U_BACK' => $this->u_action, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=list&field=usernames'))); foreach ($group_data['leader'] as $row) { $template->assign_block_vars('leader', array('U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $pending = false; foreach ($group_data['member'] as $row) { if ($row['user_pending'] && !$pending) { $template->assign_block_vars('member', array('S_PENDING' => true)); $pending = true; } $template->assign_block_vars('member', array('U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } return; break; } $template->assign_vars(array('U_ACTION' => $this->u_action, 'S_GROUP_ADD' => $auth->acl_get('a_groupadd') ? true : false)); $sql = 'SELECT g.group_id, g.group_name, g.group_type, COUNT(ug.user_id) AS total_members FROM ' . GROUPS_TABLE . ' g LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON (g.group_id = ug.group_id) GROUP BY g.group_id, g.group_name, g.group_type ORDER BY g.group_type ASC, g.group_name'; $result = $db->sql_query($sql); $special = $normal = 0; $group_ary = array(); while ($row = $db->sql_fetchrow($result)) { $type = $row['group_type'] == GROUP_SPECIAL ? 'special' : 'normal'; $group_ary[$type][${$type}]['group_id'] = $row['group_id']; $group_ary[$type][${$type}]['group_name'] = $row['group_name']; $group_ary[$type][${$type}]['group_type'] = $row['group_type']; $group_ary[$type][${$type}]['total_members'] = $row['total_members']; ${$type}++; } $db->sql_freeresult($result); ksort($group_ary); $special_toggle = false; foreach ($group_ary as $type => $row_ary) { if ($type == 'special') { $template->assign_block_vars('groups', array('S_SPECIAL' => true)); } foreach ($row_ary as $row) { $group_id = $row['group_id']; $group_name = !empty($user->lang['G_' . $row['group_name']]) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; $template->assign_block_vars('groups', array('U_LIST' => "{$this->u_action}&action=list&g={$group_id}", 'U_DEFAULT' => "{$this->u_action}&action=default&g={$group_id}", 'U_EDIT' => "{$this->u_action}&action=edit&g={$group_id}", 'U_DELETE' => $auth->acl_get('a_groupdel') ? "{$this->u_action}&action=delete&g={$group_id}" : '', 'S_GROUP_SPECIAL' => $row['group_type'] == GROUP_SPECIAL ? true : false, 'GROUP_NAME' => $group_name, 'TOTAL_MEMBERS' => $row['total_members'])); } } }
function group_received_create() { if (group_create(stripslashes($_POST['name']), manage_setting_get_received('default_group'))) { $_POST = array(); } }
/** * Correct the system groups */ function groups(&$error, $selected) { global $db; $data = $group_rows = $existing_groups = array(); get_group_rows($data, $group_rows, $existing_groups); foreach ($group_rows as $name) { // Skip ones that are in the default install and are in the existing permissions if (isset($this->db_cleaner->data->groups[$name]) && in_array($name, $existing_groups)) { continue; } if (isset($selected[$name])) { if (isset($this->db_cleaner->data->groups[$name]) && !in_array($name, $existing_groups)) { // Add it with the default settings we've got... $group_id = false; group_create($group_id, $this->db_cleaner->data->groups[$name]['group_type'], $name, $this->db_cleaner->data->groups[$name]['group_desc'], array('group_colour' => $this->db_cleaner->data->groups[$name]['group_colour'], 'group_legend' => $this->db_cleaner->data->groups[$name]['group_legend'], 'group_avatar' => $this->db_cleaner->data->groups[$name]['group_avatar'], 'group_max_recipients' => $this->db_cleaner->data->groups[$name]['group_max_recipients'])); } else { if (!isset($this->db_cleaner->data->groups[$name]) && in_array($name, $existing_groups)) { if (!function_exists('group_delete')) { include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT; } // Remove it $db->sql_query('SELECT group_id FROM ' . GROUPS_TABLE . ' WHERE group_name = \'' . $db->sql_escape($name) . '\''); $group_id = $db->sql_fetchfield('group_id'); group_delete($group_id, $name); } } } } }
function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; global $db, $user, $auth, $cache, $template; $user->add_lang('groups'); $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>'); $mark_ary = request_var('mark', array(0)); $submit = !empty($_POST['submit']) ? true : false; $delete = !empty($_POST['delete']) ? true : false; $error = $data = array(); switch ($mode) { case 'membership': $this->page_title = 'UCP_USERGROUPS_MEMBER'; if ($submit || isset($_POST['change_default'])) { $action = isset($_POST['change_default']) ? 'change_default' : request_var('action', ''); $group_id = $action == 'change_default' ? request_var('default', 0) : request_var('selected', 0); if (!$group_id) { trigger_error('NO_GROUP_SELECTED'); } $sql = 'SELECT group_id, group_name, group_type FROM ' . GROUPS_TABLE . "\n\t\t\t\t\t\tWHERE group_id IN ({$group_id}, {$user->data['group_id']})"; $result = $db->sql_query($sql); $group_row = array(); while ($row = $db->sql_fetchrow($result)) { $row['group_name'] = $row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']; $group_row[$row['group_id']] = $row; } $db->sql_freeresult($result); if (!sizeof($group_row)) { trigger_error('GROUP_NOT_EXIST'); } switch ($action) { case 'change_default': // User already having this group set as default? if ($group_id == $user->data['group_id']) { trigger_error($user->lang['ALREADY_DEFAULT_GROUP'] . $return_page); } if (!$auth->acl_get('u_chggrp')) { trigger_error($user->lang['NOT_AUTHORISED'] . $return_page); } // User needs to be member of the group in order to make it default if (!group_memberships($group_id, $user->data['user_id'], true)) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } if (confirm_box(true)) { group_user_attributes('default', $group_id, $user->data['user_id']); add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_CHANGE', sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name'])); meta_refresh(3, $this->u_action); trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page); } else { $s_hidden_fields = array('default' => $group_id, 'change_default' => true); confirm_box(false, sprintf($user->lang['GROUP_CHANGE_DEFAULT'], $group_row[$group_id]['group_name']), build_hidden_fields($s_hidden_fields)); } break; case 'resign': // User tries to resign from default group but is not allowed to change it? if ($group_id == $user->data['group_id'] && !$auth->acl_get('u_chggrp')) { trigger_error($user->lang['NOT_RESIGN_FROM_DEFAULT_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); $sql = 'SELECT group_type FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $group_id; $result = $db->sql_query($sql); $group_type = (int) $db->sql_fetchfield('group_type'); $db->sql_freeresult($result); if ($group_type != GROUP_OPEN && $group_type != GROUP_FREE) { trigger_error($user->lang['CANNOT_RESIGN_GROUP'] . $return_page); } if (confirm_box(true)) { group_user_del($group_id, $user->data['user_id']); add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_RESIGN', $group_row[$group_id]['group_name']); meta_refresh(3, $this->u_action); trigger_error($user->lang[$row['user_pending'] ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page); } else { $s_hidden_fields = array('selected' => $group_id, 'action' => 'resign', 'submit' => true); confirm_box(false, $row['user_pending'] ? 'GROUP_RESIGN_PENDING' : 'GROUP_RESIGN_MEMBERSHIP', build_hidden_fields($s_hidden_fields)); } break; case 'join': $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u WHERE ug.user_id = u.user_id AND ug.group_id = ' . $group_id . ' AND ug.user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { if ($row['user_pending']) { trigger_error($user->lang['ALREADY_IN_GROUP_PENDING'] . $return_page); } trigger_error($user->lang['ALREADY_IN_GROUP'] . $return_page); } // Check permission to join (open group or request) if ($group_row[$group_id]['group_type'] != GROUP_OPEN && $group_row[$group_id]['group_type'] != GROUP_FREE) { trigger_error($user->lang['CANNOT_JOIN_GROUP'] . $return_page); } if (confirm_box(true)) { if ($group_row[$group_id]['group_type'] == GROUP_FREE) { group_user_add($group_id, $user->data['user_id']); $email_template = 'group_added'; } else { group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1); $email_template = 'group_request'; } include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(); $sql = 'SELECT u.username, u.username_clean, u.user_email, u.user_notify_type, u.user_jabber, u.user_lang FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u WHERE ug.user_id = u.user_id AND ' . ($group_row[$group_id]['group_type'] == GROUP_FREE ? "ug.user_id = {$user->data['user_id']}" : 'ug.group_leader = 1') . "\n\t\t\t\t\t\t\t\t\t\tAND ug.group_id = {$group_id}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $messenger->template($email_template, $row['user_lang']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($row['username']), 'GROUP_NAME' => htmlspecialchars_decode($group_row[$group_id]['group_name']), 'REQUEST_USERNAME' => $user->data['username'], 'U_PENDING' => generate_board_url() . "/ucp.{$phpEx}?i=groups&mode=manage&action=list&g={$group_id}", 'U_GROUP' => generate_board_url() . "/memberlist.{$phpEx}?mode=group&g={$group_id}")); $messenger->send($row['user_notify_type']); } $db->sql_freeresult($result); $messenger->save_queue(); add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_JOIN' . ($group_row[$group_id]['group_type'] == GROUP_FREE ? '' : '_PENDING'), $group_row[$group_id]['group_name']); meta_refresh(3, $this->u_action); trigger_error($user->lang[$group_row[$group_id]['group_type'] == GROUP_FREE ? 'GROUP_JOINED' : 'GROUP_JOINED_PENDING'] . $return_page); } else { $s_hidden_fields = array('selected' => $group_id, 'action' => 'join', 'submit' => true); confirm_box(false, $group_row[$group_id]['group_type'] == GROUP_FREE ? 'GROUP_JOIN' : 'GROUP_JOIN_PENDING', build_hidden_fields($s_hidden_fields)); } break; case 'demote': if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } if (confirm_box(true)) { group_user_attributes('demote', $group_id, $user->data['user_id']); add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_DEMOTE', $group_row[$group_id]['group_name']); meta_refresh(3, $this->u_action); trigger_error($user->lang['USER_GROUP_DEMOTED'] . $return_page); } else { $s_hidden_fields = array('selected' => $group_id, 'action' => 'demote', 'submit' => true); confirm_box(false, 'USER_GROUP_DEMOTE', build_hidden_fields($s_hidden_fields)); } break; } } $sql = 'SELECT g.*, ug.group_leader, ug.user_pending FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug WHERE ug.user_id = ' . $user->data['user_id'] . ' AND g.group_id = ug.group_id ORDER BY g.group_type DESC, g.group_name'; $result = $db->sql_query($sql); $group_id_ary = array(); $leader_count = $member_count = $pending_count = 0; while ($row = $db->sql_fetchrow($result)) { $block = $row['group_leader'] ? 'leader' : ($row['user_pending'] ? 'pending' : 'member'); switch ($row['group_type']) { case GROUP_OPEN: $group_status = 'OPEN'; break; case GROUP_CLOSED: $group_status = 'CLOSED'; break; case GROUP_HIDDEN: $group_status = 'HIDDEN'; break; case GROUP_SPECIAL: $group_status = 'SPECIAL'; break; case GROUP_FREE: $group_status = 'FREE'; break; } $template->assign_block_vars($block, array('GROUP_ID' => $row['group_id'], 'GROUP_NAME' => $row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name'], 'GROUP_DESC' => $row['group_type'] != GROUP_SPECIAL ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => $row['group_type'] != GROUP_SPECIAL ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], 'GROUP_COLOUR' => $row['group_colour'], 'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=group&g=' . $row['group_id']), 'S_GROUP_DEFAULT' => $row['group_id'] == $user->data['group_id'] ? true : false, 'S_ROW_COUNT' => ${$block . '_count'}++)); $group_id_ary[] = (int) $row['group_id']; } $db->sql_freeresult($result); // Hide hidden groups unless user is an admin with group privileges $sql_and = $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; $sql = 'SELECT group_id, group_name, group_colour, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type, group_founder_manage FROM ' . GROUPS_TABLE . ' WHERE ' . (sizeof($group_id_ary) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . "\n\t\t\t\t\t\tgroup_type {$sql_and}\n\t\t\t\t\tORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); $nonmember_count = 0; while ($row = $db->sql_fetchrow($result)) { switch ($row['group_type']) { case GROUP_OPEN: $group_status = 'OPEN'; break; case GROUP_CLOSED: $group_status = 'CLOSED'; break; case GROUP_HIDDEN: $group_status = 'HIDDEN'; break; case GROUP_SPECIAL: $group_status = 'SPECIAL'; break; case GROUP_FREE: $group_status = 'FREE'; break; } $template->assign_block_vars('nonmember', array('GROUP_ID' => $row['group_id'], 'GROUP_NAME' => $row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name'], 'GROUP_DESC' => $row['group_type'] != GROUP_SPECIAL ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => $row['group_type'] != GROUP_SPECIAL ? false : true, 'GROUP_CLOSED' => $row['group_type'] != GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], 'S_CAN_JOIN' => $row['group_type'] == GROUP_OPEN || $row['group_type'] == GROUP_FREE ? true : false, 'GROUP_COLOUR' => $row['group_colour'], 'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=group&g=' . $row['group_id']), 'S_ROW_COUNT' => $nonmember_count++)); } $db->sql_freeresult($result); $template->assign_vars(array('S_CHANGE_DEFAULT' => $auth->acl_get('u_chggrp') ? true : false, 'S_LEADER_COUNT' => $leader_count, 'S_MEMBER_COUNT' => $member_count, 'S_PENDING_COUNT' => $pending_count, 'S_NONMEMBER_COUNT' => $nonmember_count, 'S_UCP_ACTION' => $this->u_action)); break; case 'manage': $this->page_title = 'UCP_USERGROUPS_MANAGE'; $action = isset($_POST['addusers']) ? 'addusers' : request_var('action', ''); $group_id = request_var('g', 0); include $phpbb_root_path . 'includes/functions_display.' . $phpEx; add_form_key('ucp_groups'); if ($group_id) { $sql = 'SELECT * FROM ' . GROUPS_TABLE . "\n\t\t\t\t\t\tWHERE group_id = {$group_id}"; $result = $db->sql_query($sql); $group_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$group_row) { trigger_error($user->lang['NO_GROUP'] . $return_page); } // Check if the user is allowed to manage this group if set to founder only. if ($user->data['user_type'] != USER_FOUNDER && $group_row['group_founder_manage']) { trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . $return_page, E_USER_WARNING); } $group_name = $group_row['group_name']; $group_type = $group_row['group_type']; $avatar_img = !empty($group_row['group_avatar']) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . $phpbb_root_path . 'adm/images/no_avatar.gif" alt="" />'; $template->assign_vars(array('GROUP_NAME' => $group_type == GROUP_SPECIAL ? $user->lang['G_' . $group_name] : $group_name, 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_COLOUR' => isset($group_row['group_colour']) ? $group_row['group_colour'] : '', 'GROUP_DESC_DISP' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']), 'GROUP_TYPE' => $group_row['group_type'], 'AVATAR' => $avatar_img, 'AVATAR_IMAGE' => $avatar_img, 'AVATAR_WIDTH' => isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '', 'AVATAR_HEIGHT' => isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '')); } switch ($action) { case 'edit': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $file_uploads = @ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on' ? true : false; $user->add_lang(array('acp/groups', 'acp/common')); $data = $submit_ary = array(); $update = isset($_POST['update']) ? true : false; $error = array(); $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); $can_upload = file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads ? true : false; // Did we submit? if ($update) { $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); $group_type = request_var('group_type', GROUP_FREE); $allow_desc_bbcode = request_var('desc_parse_bbcode', false); $allow_desc_urls = request_var('desc_parse_urls', false); $allow_desc_smilies = request_var('desc_parse_smilies', false); $submit_ary = array('colour' => request_var('group_colour', ''), 'rank' => request_var('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, 'message_limit' => request_var('group_message_limit', 0), 'max_recipients' => request_var('group_max_recipients', 0)); $data['uploadurl'] = request_var('uploadurl', ''); $data['remotelink'] = request_var('remotelink', ''); $data['width'] = request_var('width', ''); $data['height'] = request_var('height', ''); $delete = request_var('delete', ''); if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink']) { // Avatar stuff $var_ary = array('uploadurl' => array('string', true, 5, 255), 'remotelink' => array('string', true, 5, 255), 'width' => array('string', true, 1, 3), 'height' => array('string', true, 1, 3)); if (!($error = validate_data($data, $var_ary))) { $data['user_id'] = "g{$group_id}"; if ((!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl']) && $can_upload) { list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_upload($data, $error); } else { if ($data['remotelink']) { list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_remote($data, $error); } } } } else { if ($avatar_select && $config['allow_avatar_local']) { // check avatar gallery if (is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category)) { $submit_ary['avatar_type'] = AVATAR_GALLERY; list($submit_ary['avatar_width'], $submit_ary['avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_select); $submit_ary['avatar'] = $category . '/' . $avatar_select; } } else { if ($delete) { $submit_ary['avatar'] = ''; $submit_ary['avatar_type'] = $submit_ary['avatar_width'] = $submit_ary['avatar_height'] = 0; } else { if ($data['width'] && $data['height']) { // Only update the dimensions? if ($config['avatar_max_width'] || $config['avatar_max_height']) { if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height']) { $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']); } } if (!sizeof($error)) { if ($config['avatar_min_width'] || $config['avatar_min_height']) { if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height']) { $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']); } } } if (!sizeof($error)) { $submit_ary['avatar_width'] = $data['width']; $submit_ary['avatar_height'] = $data['height']; } } } } } if (isset($submit_ary['avatar']) && $submit_ary['avatar'] && !isset($group_row['group_avatar']) || $delete) { if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { avatar_delete('group', $group_row, true); } } if (!check_form_key('ucp_groups')) { $error[] = $user->lang['FORM_INVALID']; } if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. $group_attributes = array(); $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'max_recipients'); foreach ($test_variables as $test) { if ($action == 'add' || isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test]) { $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; } } if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) { $cache->destroy('sql', GROUPS_TABLE); $message = $action == 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED'; trigger_error($user->lang[$message] . $return_page); } } if (sizeof($error)) { $group_rank = $submit_ary['rank']; $group_desc_data = array('text' => $group_desc, 'allow_bbcode' => $allow_desc_bbcode, 'allow_smilies' => $allow_desc_smilies, 'allow_urls' => $allow_desc_urls); } } else { if (!$group_id) { $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc_data = array('text' => '', 'allow_bbcode' => true, 'allow_smilies' => true, 'allow_urls' => true); $group_rank = 0; $group_type = GROUP_OPEN; } else { $group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']); $group_rank = $group_row['group_rank']; } } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $rank_options = '<option value="0"' . (!$group_rank ? ' selected="selected"' : '') . '>' . $user->lang['USER_DEFAULT'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = $group_rank && $row['rank_id'] == $group_rank ? ' selected="selected"' : ''; $rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $type_free = $group_type == GROUP_FREE ? ' checked="checked"' : ''; $type_open = $group_type == GROUP_OPEN ? ' checked="checked"' : ''; $type_closed = $group_type == GROUP_CLOSED ? ' checked="checked"' : ''; $type_hidden = $group_type == GROUP_HIDDEN ? ' checked="checked"' : ''; $display_gallery = isset($_POST['display_gallery']) ? true : false; if ($config['allow_avatar_local'] && $display_gallery) { avatar_gallery($category, $avatar_select, 4); } $avatars_enabled = $can_upload || ($config['allow_avatar_local'] || $config['allow_avatar_remote']) ? true : false; $template->assign_vars(array('S_EDIT' => true, 'S_INCLUDE_SWATCH' => true, 'S_CAN_UPLOAD' => $can_upload, 'S_FORM_ENCTYPE' => $can_upload ? ' enctype="multipart/form-data"' : '', 'S_ERROR' => sizeof($error) ? true : false, 'S_SPECIAL_GROUP' => $group_type == GROUP_SPECIAL ? true : false, 'S_AVATARS_ENABLED' => $avatars_enabled, 'S_DISPLAY_GALLERY' => $config['allow_avatar_local'] && !$display_gallery ? true : false, 'S_IN_GALLERY' => $config['allow_avatar_local'] && $display_gallery ? true : false, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : '', 'GROUP_RECEIVE_PM' => isset($group_row['group_receive_pm']) && $group_row['group_receive_pm'] ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => isset($group_row['group_message_limit']) ? $group_row['group_message_limit'] : 0, 'GROUP_MAX_RECIPIENTS' => isset($group_row['group_max_recipients']) ? $group_row['group_max_recipients'] : 0, 'GROUP_DESC' => $group_desc_data['text'], 'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'], 'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'], 'S_DESC_SMILIES_CHECKED' => $group_desc_data['allow_smilies'], 'S_RANK_OPTIONS' => $rank_options, 'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'], 'GROUP_TYPE_FREE' => GROUP_FREE, 'GROUP_TYPE_OPEN' => GROUP_OPEN, 'GROUP_TYPE_CLOSED' => GROUP_CLOSED, 'GROUP_TYPE_HIDDEN' => GROUP_HIDDEN, 'GROUP_TYPE_SPECIAL' => GROUP_SPECIAL, 'GROUP_FREE' => $type_free, 'GROUP_OPEN' => $type_open, 'GROUP_CLOSED' => $type_closed, 'GROUP_HIDDEN' => $type_hidden, 'U_SWATCH' => append_sid("{$phpbb_root_path}adm/swatch.{$phpEx}", 'form=ucp&name=group_colour'), 'S_UCP_ACTION' => $this->u_action . "&action={$action}&g={$group_id}", 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024))); break; case 'list': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $user->add_lang(array('acp/groups', 'acp/common')); $start = request_var('start', 0); // Grab the leaders - always, on every page... $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\t\t\tAND ug.group_leader = 1\n\t\t\t\t\t\t\tORDER BY ug.user_pending DESC, u.username_clean"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array('USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'U_USER_VIEW' => get_username_string('profile', $row['user_id'], $row['username']), 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); // Total number of group members (non-leaders) $sql = 'SELECT COUNT(user_id) AS total_members FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\t\t\tAND group_leader = 0"; $result = $db->sql_query($sql); $total_members = (int) $db->sql_fetchfield('total_members'); $db->sql_freeresult($result); // Grab the members $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\t\t\tAND ug.group_leader = 0\n\t\t\t\t\t\t\tORDER BY ug.user_pending DESC, u.username_clean"; $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); $pending = false; $approved = false; while ($row = $db->sql_fetchrow($result)) { if ($row['user_pending'] && !$pending) { $template->assign_block_vars('member', array('S_PENDING' => true)); $template->assign_var('S_PENDING_SET', true); $pending = true; } else { if (!$row['user_pending'] && !$approved) { $template->assign_block_vars('member', array('S_APPROVED' => true)); $template->assign_var('S_APPROVED_SET', true); $approved = true; } } $template->assign_block_vars('member', array('USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'U_USER_VIEW' => get_username_string('profile', $row['user_id'], $row['username']), 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); $s_action_options = ''; $options = array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'deleteusers' => 'DELETE'); foreach ($options as $option => $lang) { $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } $template->assign_vars(array('S_LIST' => true, 'S_ACTION_OPTIONS' => $s_action_options, 'S_ON_PAGE' => on_page($total_members, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&action={$action}&g={$group_id}", $total_members, $config['topics_per_page'], $start), 'U_ACTION' => $this->u_action . "&g={$group_id}", 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=ucp&field=usernames'))); break; case 'approve': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $user->add_lang('acp/groups'); // Approve, demote or promote group_user_attributes('approve', $group_id, $mark_ary, false, false); trigger_error($user->lang['USERS_APPROVED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); break; case 'default': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $group_row['group_name'] = $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; if (confirm_box(true)) { if (!sizeof($mark_ary)) { $start = 0; do { $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\t\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\t\t\t\t\tORDER BY user_id"; $result = $db->sql_query_limit($sql, 200, $start); $mark_ary = array(); if ($row = $db->sql_fetchrow($result)) { do { $mark_ary[] = $row['user_id']; } while ($row = $db->sql_fetchrow($result)); group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); $start = sizeof($mark_ary) < 200 ? 0 : $start + 200; } else { $start = 0; } $db->sql_freeresult($result); } while ($start); } else { group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); } $user->add_lang('acp/groups'); trigger_error($user->lang['GROUP_DEFS_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } else { $user->add_lang('acp/common'); confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'deleteusers': $user->add_lang(array('acp/groups', 'acp/common')); if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $group_row['group_name'] = $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; if (confirm_box(true)) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } $error = group_user_del($group_id, $mark_ary, false, $group_row['group_name']); if ($error) { trigger_error($user->lang[$error] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } trigger_error($user->lang['GROUP_USERS_REMOVE'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'addusers': $user->add_lang(array('acp/groups', 'acp/common')); $names = utf8_normalize_nfc(request_var('usernames', '', true)); if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!$names) { trigger_error($user->lang['NO_USERS'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $name_ary = array_unique(explode("\n", $names)); $group_name = $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; $default = request_var('default', 0); if (confirm_box(true)) { // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row)) { trigger_error($user->lang[$error] . $return_page); } trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } else { $s_hidden_fields = array('default' => $default, 'usernames' => $names, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action); confirm_box(false, sprintf($user->lang['GROUP_CONFIRM_ADD_USER' . (sizeof($name_ary) == 1 ? '' : 'S')], implode(', ', $name_ary)), build_hidden_fields($s_hidden_fields)); } trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); break; default: $user->add_lang('acp/common'); $sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_desc, g.group_desc_uid, g.group_desc_bitfield, g.group_desc_options, g.group_type, ug.group_leader FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug WHERE ug.user_id = ' . $user->data['user_id'] . ' AND g.group_id = ug.group_id AND ug.group_leader = 1 ORDER BY g.group_type DESC, g.group_name'; $result = $db->sql_query($sql); while ($value = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array('GROUP_NAME' => $value['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $value['group_name']] : $value['group_name'], 'GROUP_DESC' => generate_text_for_display($value['group_desc'], $value['group_desc_uid'], $value['group_desc_bitfield'], $value['group_desc_options']), 'GROUP_TYPE' => $value['group_type'], 'GROUP_ID' => $value['group_id'], 'GROUP_COLOUR' => $value['group_colour'], 'U_LIST' => $this->u_action . "&action=list&g={$value['group_id']}", 'U_EDIT' => $this->u_action . "&action=edit&g={$value['group_id']}")); } $db->sql_freeresult($result); break; } break; } $this->tpl_name = 'ucp_groups_' . $mode; }
function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; $user->add_lang('acp/groups'); $this->tpl_name = 'acp_groups'; $this->page_title = 'ACP_GROUPS_MANAGE'; $form_key = 'acp_groups'; add_form_key($form_key); include $phpbb_root_path . 'includes/functions_user.' . $phpEx; // Check and set some common vars $action = isset($_POST['add']) ? 'add' : (isset($_POST['addusers']) ? 'addusers' : request_var('action', '')); $group_id = request_var('g', 0); $mark_ary = request_var('mark', array(0)); $name_ary = request_var('usernames', '', true); $leader = request_var('leader', 0); $default = request_var('default', 0); $start = request_var('start', 0); $update = isset($_POST['update']) ? true : false; // Clear some vars $can_upload = file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads ? true : false; $group_row = array(); // Grab basic data for group, if group_id is set and exists if ($group_id) { $sql = 'SELECT * FROM ' . GROUPS_TABLE . "\n\t\t\t\tWHERE group_id = {$group_id}"; $result = $db->sql_query($sql); $group_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$group_row) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } // Check if the user is allowed to manage this group if set to founder only. if ($user->data['user_type'] != USER_FOUNDER && $group_row['group_founder_manage']) { trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } } // Which page? switch ($action) { case 'approve': case 'demote': case 'promote': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } // Approve, demote or promote $group_name = $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; $error = group_user_attributes($action, $group_id, $mark_ary, false, $group_name); if (!$error) { switch ($action) { case 'demote': $message = 'GROUP_MODS_DEMOTED'; break; case 'promote': $message = 'GROUP_MODS_PROMOTED'; break; case 'approve': $message = 'USERS_APPROVED'; break; } trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); } else { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } break; case 'default': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } if (confirm_box(true)) { $group_name = $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; if (!sizeof($mark_ary)) { $start = 0; do { $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\t\t\tORDER BY user_id"; $result = $db->sql_query_limit($sql, 200, $start); $mark_ary = array(); if ($row = $db->sql_fetchrow($result)) { do { $mark_ary[] = $row['user_id']; } while ($row = $db->sql_fetchrow($result)); group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); $start = sizeof($mark_ary) < 200 ? 0 : $start + 200; } else { $start = 0; } $db->sql_freeresult($result); } while ($start); } else { group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); } trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'deleteusers': case 'delete': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if ($action === 'delete' && $group_row['group_type'] == GROUP_SPECIAL) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } } if (confirm_box(true)) { $error = ''; switch ($action) { case 'delete': if (!$auth->acl_get('a_groupdel')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $error = group_delete($group_id, $group_row['group_name']); break; case 'deleteusers': $group_name = $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; $error = group_user_del($group_id, $mark_ary, false, $group_name); break; } $back_link = $action == 'delete' ? $this->u_action : $this->u_action . '&action=list&g=' . $group_id; if ($error) { trigger_error($user->lang[$error] . adm_back_link($back_link), E_USER_WARNING); } $message = $action == 'delete' ? 'GROUP_DELETED' : 'GROUP_USERS_REMOVE'; trigger_error($user->lang[$message] . adm_back_link($back_link)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'addusers': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!$name_ary) { trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } $name_ary = array_unique(explode("\n", $name_ary)); $group_name = $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, $leader, 0, $group_row)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } $message = $leader ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED'; trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); break; case 'edit': case 'add': include $phpbb_root_path . 'includes/functions_display.' . $phpEx; $data = $submit_ary = array(); if ($action == 'edit' && !$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } if ($action == 'add' && !$auth->acl_get('a_groupadd')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $error = array(); $user->add_lang('ucp'); $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); // Did we submit? if ($update) { if (!check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); $group_type = request_var('group_type', GROUP_FREE); $allow_desc_bbcode = request_var('desc_parse_bbcode', false); $allow_desc_urls = request_var('desc_parse_urls', false); $allow_desc_smilies = request_var('desc_parse_smilies', false); $data['uploadurl'] = request_var('uploadurl', ''); $data['remotelink'] = request_var('remotelink', ''); $data['width'] = request_var('width', ''); $data['height'] = request_var('height', ''); $delete = request_var('delete', ''); $submit_ary = array('colour' => request_var('group_colour', ''), 'rank' => request_var('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, 'legend' => isset($_REQUEST['group_legend']) ? 1 : 0, 'message_limit' => request_var('group_message_limit', 0), 'max_recipients' => request_var('group_max_recipients', 0), 'founder_manage' => 0, 'skip_auth' => request_var('group_skip_auth', 0)); if ($user->data['user_type'] == USER_FOUNDER) { $submit_ary['founder_manage'] = isset($_REQUEST['group_founder_manage']) ? 1 : 0; } if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink']) { // Avatar stuff $var_ary = array('uploadurl' => array('string', true, 5, 255), 'remotelink' => array('string', true, 5, 255), 'width' => array('string', true, 1, 3), 'height' => array('string', true, 1, 3)); if (!($error = validate_data($data, $var_ary))) { $data['user_id'] = "g{$group_id}"; if ((!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl']) && $can_upload) { list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_upload($data, $error); } else { if ($data['remotelink']) { list($submit_ary['avatar_type'], $submit_ary['avatar'], $submit_ary['avatar_width'], $submit_ary['avatar_height']) = avatar_remote($data, $error); } } } } else { if ($avatar_select && $config['allow_avatar_local']) { // check avatar gallery if (is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category)) { $submit_ary['avatar_type'] = AVATAR_GALLERY; list($submit_ary['avatar_width'], $submit_ary['avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_select); $submit_ary['avatar'] = $category . '/' . $avatar_select; } } else { if ($delete) { $submit_ary['avatar'] = ''; $submit_ary['avatar_type'] = $submit_ary['avatar_width'] = $submit_ary['avatar_height'] = 0; } else { if ($data['width'] && $data['height']) { // Only update the dimensions? if ($config['avatar_max_width'] || $config['avatar_max_height']) { if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height']) { $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']); } } if (!sizeof($error)) { if ($config['avatar_min_width'] || $config['avatar_min_height']) { if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height']) { $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']); } } } if (!sizeof($error)) { $submit_ary['avatar_width'] = $data['width']; $submit_ary['avatar_height'] = $data['height']; } } } } } if (isset($submit_ary['avatar']) && $submit_ary['avatar'] && !isset($group_row['group_avatar']) || $delete) { if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { avatar_delete('group', $group_row, true); } } // Validate the length of "Maximum number of allowed recipients per private message" setting. // We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value // which is the lowest amongst DBMSes supported by phpBB3 if ($max_recipients_error = validate_data($submit_ary, array('max_recipients' => array('num', false, 0, 16777215)))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error)); } if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. $group_attributes = array(); $test_variables = array('rank' => 'int', 'colour' => 'string', 'avatar' => 'string', 'avatar_type' => 'int', 'avatar_width' => 'int', 'avatar_height' => 'int', 'receive_pm' => 'int', 'legend' => 'int', 'message_limit' => 'int', 'max_recipients' => 'int', 'founder_manage' => 'int', 'skip_auth' => 'int'); foreach ($test_variables as $test => $type) { if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test])) { settype($submit_ary[$test], $type); $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; } } if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) { $group_perm_from = request_var('group_perm_from', 0); // Copy permissions? // If the user has the a_authgroups permission and at least one additional permission ability set the permissions are fully transferred. // We do not limit on one auth category because this can lead to incomplete permissions being tricky to fix for the admin, roles being assigned or added non-default permissions. // Since the user only has the option to copy permissions from non leader managed groups this seems to be a good compromise. if ($group_perm_from && $action == 'add' && $auth->acl_get('a_authgroups') && $auth->acl_gets('a_aauth', 'a_fauth', 'a_mauth', 'a_uauth')) { $sql = 'SELECT group_founder_manage FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $group_perm_from; $result = $db->sql_query($sql); $check_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Check the group if non-founder if ($check_row && ($user->data['user_type'] == USER_FOUNDER || $check_row['group_founder_manage'] == 0)) { // From the mysql documentation: // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. // Due to this we stay on the safe side if we do the insertion "the manual way" // Copy permisisons from/to the acl groups table (only group_id gets changed) $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting FROM ' . ACL_GROUPS_TABLE . ' WHERE group_id = ' . $group_perm_from; $result = $db->sql_query($sql); $groups_sql_ary = array(); while ($row = $db->sql_fetchrow($result)) { $groups_sql_ary[] = array('group_id' => (int) $group_id, 'forum_id' => (int) $row['forum_id'], 'auth_option_id' => (int) $row['auth_option_id'], 'auth_role_id' => (int) $row['auth_role_id'], 'auth_setting' => (int) $row['auth_setting']); } $db->sql_freeresult($result); // Now insert the data $db->sql_multi_insert(ACL_GROUPS_TABLE, $groups_sql_ary); $auth->acl_clear_prefetch(); } } $cache->destroy('sql', GROUPS_TABLE); $message = $action == 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED'; trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } } if (sizeof($error)) { $group_rank = $submit_ary['rank']; $group_desc_data = array('text' => $group_desc, 'allow_bbcode' => $allow_desc_bbcode, 'allow_smilies' => $allow_desc_smilies, 'allow_urls' => $allow_desc_urls); } } else { if (!$group_id) { $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc_data = array('text' => '', 'allow_bbcode' => true, 'allow_smilies' => true, 'allow_urls' => true); $group_rank = 0; $group_type = GROUP_OPEN; } else { $group_name = $group_row['group_name']; $group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']); $group_type = $group_row['group_type']; $group_rank = $group_row['group_rank']; } } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $rank_options = '<option value="0"' . (!$group_rank ? ' selected="selected"' : '') . '>' . $user->lang['USER_DEFAULT'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = $group_rank && $row['rank_id'] == $group_rank ? ' selected="selected"' : ''; $rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $type_free = $group_type == GROUP_FREE ? ' checked="checked"' : ''; $type_open = $group_type == GROUP_OPEN ? ' checked="checked"' : ''; $type_closed = $group_type == GROUP_CLOSED ? ' checked="checked"' : ''; $type_hidden = $group_type == GROUP_HIDDEN ? ' checked="checked"' : ''; $avatar_img = !empty($group_row['group_avatar']) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />'; $display_gallery = isset($_POST['display_gallery']) ? true : false; if ($config['allow_avatar_local'] && $display_gallery) { avatar_gallery($category, $avatar_select, 4); } $back_link = request_var('back_link', ''); switch ($back_link) { case 'acp_users_groups': $u_back = append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=users&mode=groups&u=' . request_var('u', 0)); break; default: $u_back = $this->u_action; break; } $template->assign_vars(array('S_EDIT' => true, 'S_ADD_GROUP' => $action == 'add' ? true : false, 'S_GROUP_PERM' => $action == 'add' && $auth->acl_get('a_authgroups') && $auth->acl_gets('a_aauth', 'a_fauth', 'a_mauth', 'a_uauth') ? true : false, 'S_INCLUDE_SWATCH' => true, 'S_CAN_UPLOAD' => $can_upload, 'S_ERROR' => sizeof($error) ? true : false, 'S_SPECIAL_GROUP' => $group_type == GROUP_SPECIAL ? true : false, 'S_DISPLAY_GALLERY' => $config['allow_avatar_local'] && !$display_gallery ? true : false, 'S_IN_GALLERY' => $config['allow_avatar_local'] && $display_gallery ? true : false, 'S_USER_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : '', 'GROUP_NAME' => $group_type == GROUP_SPECIAL ? $user->lang['G_' . $group_name] : $group_name, 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_DESC' => $group_desc_data['text'], 'GROUP_RECEIVE_PM' => isset($group_row['group_receive_pm']) && $group_row['group_receive_pm'] ? ' checked="checked"' : '', 'GROUP_FOUNDER_MANAGE' => isset($group_row['group_founder_manage']) && $group_row['group_founder_manage'] ? ' checked="checked"' : '', 'GROUP_LEGEND' => isset($group_row['group_legend']) && $group_row['group_legend'] ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => isset($group_row['group_message_limit']) ? $group_row['group_message_limit'] : 0, 'GROUP_MAX_RECIPIENTS' => isset($group_row['group_max_recipients']) ? $group_row['group_max_recipients'] : 0, 'GROUP_COLOUR' => isset($group_row['group_colour']) ? $group_row['group_colour'] : '', 'GROUP_SKIP_AUTH' => !empty($group_row['group_skip_auth']) ? ' checked="checked"' : '', 'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'], 'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'], 'S_DESC_SMILIES_CHECKED' => $group_desc_data['allow_smilies'], 'S_RANK_OPTIONS' => $rank_options, 'S_GROUP_OPTIONS' => group_select_options(false, false, $user->data['user_type'] == USER_FOUNDER ? false : 0), 'AVATAR' => $avatar_img, 'AVATAR_IMAGE' => $avatar_img, 'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'], 'AVATAR_WIDTH' => isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '', 'AVATAR_HEIGHT' => isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '', 'GROUP_TYPE_FREE' => GROUP_FREE, 'GROUP_TYPE_OPEN' => GROUP_OPEN, 'GROUP_TYPE_CLOSED' => GROUP_CLOSED, 'GROUP_TYPE_HIDDEN' => GROUP_HIDDEN, 'GROUP_TYPE_SPECIAL' => GROUP_SPECIAL, 'GROUP_FREE' => $type_free, 'GROUP_OPEN' => $type_open, 'GROUP_CLOSED' => $type_closed, 'GROUP_HIDDEN' => $type_hidden, 'U_BACK' => $u_back, 'U_SWATCH' => append_sid("{$phpbb_admin_path}swatch.{$phpEx}", 'form=settings&name=group_colour'), 'U_ACTION' => "{$this->u_action}&action={$action}&g={$group_id}", 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))); return; break; case 'list': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } $this->page_title = 'GROUP_MEMBERS'; // Grab the leaders - always, on every page... $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_regdate, u.user_colour, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\tAND ug.group_leader = 1\n\t\t\t\t\tORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username_clean"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array('U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); // Total number of group members (non-leaders) $sql = 'SELECT COUNT(user_id) AS total_members FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\tAND group_leader = 0"; $result = $db->sql_query($sql); $total_members = (int) $db->sql_fetchfield('total_members'); $db->sql_freeresult($result); $s_action_options = ''; $options = array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'demote' => 'DEMOTE', 'promote' => 'PROMOTE', 'deleteusers' => 'DELETE'); foreach ($options as $option => $lang) { $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } $template->assign_vars(array('S_LIST' => true, 'S_GROUP_SPECIAL' => $group_row['group_type'] == GROUP_SPECIAL ? true : false, 'S_ACTION_OPTIONS' => $s_action_options, 'S_ON_PAGE' => on_page($total_members, $config['topics_per_page'], $start), 'PAGINATION' => generate_pagination($this->u_action . "&action={$action}&g={$group_id}", $total_members, $config['topics_per_page'], $start, true), 'GROUP_NAME' => $group_row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'], 'U_ACTION' => $this->u_action . "&g={$group_id}", 'U_BACK' => $this->u_action, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=list&field=usernames'), 'U_DEFAULT_ALL' => "{$this->u_action}&action=default&g={$group_id}")); // Grab the members $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\tAND ug.group_leader = 0\n\t\t\t\t\tORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username_clean"; $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); $pending = false; while ($row = $db->sql_fetchrow($result)) { if ($row['user_pending'] && !$pending) { $template->assign_block_vars('member', array('S_PENDING' => true)); $pending = true; } $template->assign_block_vars('member', array('U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); return; break; } $template->assign_vars(array('U_ACTION' => $this->u_action, 'S_GROUP_ADD' => $auth->acl_get('a_groupadd') ? true : false)); // Get us all the groups $sql = 'SELECT g.group_id, g.group_name, g.group_type FROM ' . GROUPS_TABLE . ' g ORDER BY g.group_type ASC, g.group_name'; $result = $db->sql_query($sql); $lookup = $cached_group_data = array(); while ($row = $db->sql_fetchrow($result)) { $type = $row['group_type'] == GROUP_SPECIAL ? 'special' : 'normal'; // used to determine what type a group is $lookup[$row['group_id']] = $type; // used for easy access to the data within a group $cached_group_data[$type][$row['group_id']] = $row; $cached_group_data[$type][$row['group_id']]['total_members'] = 0; } $db->sql_freeresult($result); // How many people are in which group? $sql = 'SELECT COUNT(ug.user_id) AS total_members, ug.group_id FROM ' . USER_GROUP_TABLE . ' ug WHERE ' . $db->sql_in_set('ug.group_id', array_keys($lookup)) . ' GROUP BY ug.group_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $type = $lookup[$row['group_id']]; $cached_group_data[$type][$row['group_id']]['total_members'] = $row['total_members']; } $db->sql_freeresult($result); // The order is... normal, then special ksort($cached_group_data); foreach ($cached_group_data as $type => $row_ary) { if ($type == 'special') { $template->assign_block_vars('groups', array('S_SPECIAL' => true)); } foreach ($row_ary as $group_id => $row) { $group_name = !empty($user->lang['G_' . $row['group_name']]) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; $template->assign_block_vars('groups', array('U_LIST' => "{$this->u_action}&action=list&g={$group_id}", 'U_EDIT' => "{$this->u_action}&action=edit&g={$group_id}", 'U_DELETE' => $auth->acl_get('a_groupdel') ? "{$this->u_action}&action=delete&g={$group_id}" : '', 'S_GROUP_SPECIAL' => $row['group_type'] == GROUP_SPECIAL ? true : false, 'GROUP_NAME' => $group_name, 'TOTAL_MEMBERS' => $row['total_members'])); } } }
function display_options() { global $config, $db, $plugin, $template, $umil, $user; $continue = (isset($_POST['continue'])) ? true : false; $step = request_var('step', 0); $selected = request_var('items', array('' => '')); // Apply Changes to the DB? $apply_changes = true; if ($step > 0) { // Kick them if bad form key check_form_key('database_cleaner', false, append_sid(STK_INDEX, 't=database_cleaner'), true); } // include the required file for this version $version_file = preg_replace('#([^0-9]+)#', '_', $config['version']) . '.' . PHP_EXT; if (!file_exists(STK_ROOT_PATH . 'includes/database_cleaner/' . $version_file)) { trigger_error('PHPBB_VERSION_NOT_SUPPORTED'); } include(STK_ROOT_PATH . 'includes/database_cleaner/functions.' . PHP_EXT); include(STK_ROOT_PATH . 'includes/database_cleaner/' . $version_file); $cleaner = new database_cleaner_data(); $user->add_lang('acp/common'); switch ($step) { case 0 : // Display a quick intro here and make sure they know what they are doing... $template->assign_vars(array( 'S_NO_INSTRUCTIONS' => true, 'SUCCESS_TITLE' => $user->lang['DATABASE_CLEANER'], 'SUCCESS_MESSAGE' => $user->lang['DATABASE_CLEANER_WELCOME'], 'ERROR_TITLE' => ' ', 'ERROR_MESSAGE' => $user->lang['DATABASE_CLEANER_WARNING'], )); break; case 1 : // Redirect if they selected quit if (isset($_POST['quit'])) { redirect(append_sid(STK_ROOT_PATH . 'index.' . PHP_EXT)); } // Start by disabling the board if ($apply_changes) { set_config('board_disable', 1); } $template->assign_var('SUCCESS_MESSAGE', $user->lang['BOARD_DISABLE_SUCCESS']); // Find any extra tables and list them as options to remove if (!function_exists('get_tables')) { include(PHPBB_ROOT_PATH . 'includes/functions_install.' . PHP_EXT); } $existing_tables = get_tables($db); $tables = array_unique(array_merge(array_keys($cleaner->tables), $existing_tables)); sort($tables); $template->assign_block_vars('section', array( 'NAME' => $user->lang['DATABASE_TABLES'], 'TITLE' => $user->lang['DATABASE_TABLES'], )); foreach ($tables as $table) { if ((isset($cleaner->tables[$table]) && !in_array($table, $existing_tables)) || (!isset($cleaner->tables[$table]) && in_array($table, $existing_tables))) { $template->assign_block_vars('section.items', array( 'NAME' => $table, 'FIELD_NAME' => $table, 'MISSING' => (isset($cleaner->tables[$table])) ? true : false, )); } } break; case 2: // Remove the extra selected tables, and add the missing removed tables $error = array(); if ($apply_changes) { if (!function_exists('get_tables')) { include(PHPBB_ROOT_PATH . 'includes/functions_install.' . PHP_EXT); } $existing_tables = get_tables($db); $tables = array_unique(array_merge(array_keys($cleaner->tables), $existing_tables)); foreach ($tables as $table) { if (isset($selected[$table])) { if (isset($cleaner->tables[$table]) && !in_array($table, $existing_tables)) { $result = $umil->table_add($table, $cleaner->tables[$table]); if (stripos($result, 'SQL ERROR')) { $error[] = $result; } } else if (!isset($cleaner->tables[$table]) && in_array($table, $existing_tables)) { $result = $umil->table_remove($table); if (stripos($result, 'SQL ERROR')) { $error[] = $result; } } } } } if (!empty($error)) { $template->assign_var('ERROR_MESSAGE', implode('<br />', $error)); } else { $template->assign_var('SUCCESS_MESSAGE', $user->lang['DATABASE_TABLES_SUCCESS']); } // Time to start going through the database and listing any extra/missing fields $last_output_table = ''; foreach ($cleaner->tables as $table_name => $data) { // We shouldn't mess with profile fields here. Users probably will not know what this table does or what would happen if they remove fields added to it. if ($table_name == PROFILE_FIELDS_DATA_TABLE) { continue; } $existing_columns = $this->get_columns($table_name); if ($existing_columns === false) { // Table doesn't exist, don't handle here. continue; } $columns = array_unique(array_merge(array_keys($data['COLUMNS']), $existing_columns)); sort($columns); foreach ($columns as $column) { if ((!isset($data['COLUMNS'][$column]) && in_array($column, $existing_columns)) || (isset($data['COLUMNS'][$column]) && !in_array($column, $existing_columns))) { // Output the table block if it's not been done yet if ($last_output_table != $table_name) { $last_output_table = $table_name; $template->assign_block_vars('section', array( 'NAME' => $table_name, 'TITLE' => $user->lang['ROWS'], )); } $template->assign_block_vars('section.items', array( 'NAME' => $column, 'FIELD_NAME' => $table_name . '_' . $column, 'MISSING' => (!in_array($column, $existing_columns)) ? true : false, )); } } } break; case 3: // Update the tables according to what they selected last time $error = array(); if ($apply_changes) { foreach ($cleaner->tables as $table_name => $data) { if ($table_name == PROFILE_FIELDS_DATA_TABLE) { continue; } $existing_columns = $this->get_columns($table_name); if ($existing_columns === false) { // Table doesn't exist, don't handle here. continue; } $columns = array_unique(array_merge(array_keys($data['COLUMNS']), $existing_columns)); foreach ($columns as $column) { if (isset($selected[$table_name . '_' . $column])) { if (!isset($data['COLUMNS'][$column]) && in_array($column, $existing_columns)) { $result = $umil->table_column_remove($table_name, $column); if (stripos($result, 'SQL ERROR')) { $error[] = $result; } } else if (isset($data['COLUMNS'][$column]) && !in_array($column, $existing_columns)) { // This can return an error under some circumstances, like when trying to add an auto-increment field (hope to hell nobody drops one of those) $result = $umil->table_column_add($table_name, $column, $data['COLUMNS'][$column]); if (stripos($result, 'SQL ERROR')) { $error[] = $result; } // We can re-add *some* keys if (isset($data['KEYS'])) { if (in_array($column, $data['KEYS'])) { if ($data['KEYS'][$column][0] == 'INDEX' && $data['KEYS'][$column][1] == $column) { $result = $umil->table_index_add($table_name, $column, $column); if (stripos($result, 'SQL ERROR')) { $error[] = $result; } } } } } } } } } if (!empty($error)) { $template->assign_var('ERROR_MESSAGE', implode('<br />', $error)); } else { $template->assign_var('SUCCESS_MESSAGE', $user->lang['DATABASE_COLUMNS_SUCCESS']); } // display extra config variables and let them check/uncheck the ones they want to add/remove $template->assign_block_vars('section', array( 'NAME' => $user->lang['CONFIG_SETTINGS'], 'TITLE' => $user->lang['ROWS'], )); $config_rows = $existing_config = array(); get_config_rows($cleaner, $config_rows, $existing_config); foreach ($config_rows as $name) { // Skip ones that are in the default install and are in the existing config if (isset($cleaner->config[$name]) && in_array($name, $existing_config)) { continue; } $template->assign_block_vars('section.items', array( 'NAME' => $name, 'FIELD_NAME' => $name, 'MISSING' => (!in_array($name, $existing_config)) ? true : false, )); } break; case 4 : // Add/remove the extra config variables they selected. if ($apply_changes) { $config_rows = $existing_config = array(); get_config_rows($cleaner, $config_rows, $existing_config); foreach ($config_rows as $name) { if (isset($cleaner->config[$name]) && in_array($name, $existing_config)) { continue; } if (isset($selected[$name])) { if (isset($cleaner->config[$name]) && !in_array($name, $existing_config)) { // Add it with the default settings we've got... set_config($name, $cleaner->config[$name]['config_value'], $cleaner->config[$name]['is_dynamic']); } else if (!isset($cleaner->config[$name]) && in_array($name, $existing_config)) { // Remove it $db->sql_query('DELETE FROM ' . CONFIG_TABLE . " WHERE config_name = '" . $db->sql_escape($name) . "'"); } } } } $template->assign_var('SUCCESS_MESSAGE', $user->lang['CONFIG_UPDATE_SUCCESS']); // Display the extra permission fields and again let them select ones to add/remove $template->assign_block_vars('section', array( 'NAME' => $user->lang['PERMISSION_SETTINGS'], 'TITLE' => $user->lang['ROWS'], )); $permission_rows = $existing_permissions = array(); get_permission_rows($cleaner, $permission_rows, $existing_permissions); foreach ($permission_rows as $name) { // Skip ones that are in the default install and are in the existing permissions if (isset($cleaner->permissions[$name]) && in_array($name, $existing_permissions)) { continue; } $template->assign_block_vars('section.items', array( 'NAME' => $name, 'FIELD_NAME' => $name, 'MISSING' => (!in_array($name, $existing_permissions)) ? true : false, )); } break; case 5 : // Add/remove the permission fields they selected if ($apply_changes) { $permission_rows = $existing_permissions = array(); get_permission_rows($cleaner, $permission_rows, $existing_permissions); foreach ($permission_rows as $name) { // Skip ones that are in the default install and are in the existing permissions if (isset($cleaner->permissions[$name]) && in_array($name, $existing_permissions)) { continue; } if (isset($selected[$name])) { if (isset($cleaner->permissions[$name]) && !in_array($name, $existing_permissions)) { // Add it with the default settings we've got... $umil->permission_add($name, (($cleaner->permissions[$name]['is_global']) ? true : false)); } else if (!isset($cleaner->permissions[$name]) && in_array($name, $existing_permissions)) { // Remove it $umil->permission_remove($name, true); $umil->permission_remove($name, false); } } } } $template->assign_var('SUCCESS_MESSAGE', $user->lang['PERMISSION_UPDATE_SUCCESS']); // Display the system groups that are missing or aren't from a vanilla installation $template->assign_block_vars('section', array( 'NAME' => $user->lang['ACP_GROUPS_MANAGEMENT'], 'TITLE' => $user->lang['ROWS'], )); $group_rows = $existing_groups = array(); get_group_rows($cleaner, $group_rows, $existing_groups); foreach ($group_rows as $name) { // Skip ones that are in the default install and are in the existing permissions if (isset($cleaner->groups[$name]) && in_array($name, $existing_groups)) { continue; } $template->assign_block_vars('section.items', array( 'NAME' => $name, 'FIELD_NAME' => $name, 'MISSING' => (!in_array($name, $existing_groups)) ? true : false, )); } break; case 6: // Add/remove selected system groups if ($apply_changes) { $group_rows = $existing_groups = array(); get_group_rows($cleaner, $group_rows, $existing_groups); foreach ($group_rows as $name) { // Skip ones that are in the default install and are in the existing permissions if (isset($cleaner->groups[$name]) && in_array($name, $existing_groups)) { continue; } if (isset($selected[$name])) { if (isset($cleaner->groups[$name]) && !in_array($name, $existing_groups)) { // Add it with the default settings we've got... $group_id = false; group_create($group_id, $cleaner->groups[$name]['group_type'], $name, $cleaner->groups[$name]['group_desc'], array('group_colour' => $cleaner->groups[$name]['group_colour'], 'group_legend' => $cleaner->groups[$name]['group_legend'], 'group_avatar' => $cleaner->groups[$name]['group_avatar'], 'group_max_recipients' => $cleaner->groups[$name]['group_max_recipients'])); } else if (!isset($cleaner->groups[$name]) && in_array($name, $existing_groups)) { // Remove it $db->sql_query('SELECT group_id FROM ' . GROUPS_TABLE . ' WHERE group_name = \'' . $name . '\''); $group_id = $db->sql_fetchfield('group_id'); group_delete($group_id, $name); } } } } // Ask if they would like to reset the modules (handled in the template) $template->assign_vars(array( 'S_MODULE_OPTIONS' => true, 'S_NO_INSTRUCTIONS' => true, )); break; case 7 : // Reset the modules if they wanted to if (isset($_POST['yes']) && $apply_changes) { // Remove existing modules $db->sql_query('DELETE FROM ' . MODULES_TABLE); // Add the modules $db->sql_multi_insert(MODULES_TABLE, $cleaner->modules); $template->assign_var('SUCCESS_MESSAGE', $user->lang['RESET_MODULE_SUCCESS']); } // Ask if they would like to reset the bots (handled in the template) $template->assign_vars(array( 'S_BOT_OPTIONS' => true, 'S_NO_INSTRUCTIONS' => true, )); break; case 8 : // Reset the bots if they wanted to if (isset($_POST['yes']) && $apply_changes) { $sql = 'SELECT group_id, group_colour FROM ' . GROUPS_TABLE . " WHERE group_name = 'BOTS'"; $result = $db->sql_query($sql); $group_id = (int) $db->sql_fetchfield('group_id', false, $result); $group_colour = $db->sql_fetchfield('group_colour', 0, $result); $db->sql_freeresult($result); if (!$group_id) { // If we reach this point then something has gone very wrong $template->assign_var('ERROR_MESSAGE', $user->lang['NO_BOT_GROUP']); } else { if (!function_exists('user_add')) { include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT); } // Remove existing bots $uids = array(); $sql = 'SELECT user_id FROM ' . BOTS_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $uids[] = $row['user_id']; } $db->sql_freeresult($result); if (!empty($uids)) { $db->sql_query('DELETE FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $uids)); $db->sql_query('DELETE FROM ' . BOTS_TABLE); } // Add the bots foreach ($this->bot_list as $bot_name => $bot_ary) { $user_row = array( 'user_type' => USER_IGNORE, 'group_id' => $group_id, 'username' => $bot_name, 'user_regdate' => time(), 'user_password' => '', 'user_colour' => $group_colour, 'user_email' => '', 'user_lang' => $config['default_lang'], 'user_style' => 1, 'user_timezone' => 0, 'user_dateformat' => $config['default_dateformat'], 'user_allow_massemail' => 0, ); $user_id = user_add($user_row); if ($user_id) { $sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'bot_active' => 1, 'bot_name' => (string) $bot_name, 'user_id' => (int) $user_id, 'bot_agent' => (string) $bot_ary[0], 'bot_ip' => (string) $bot_ary[1], )); $result = $db->sql_query($sql); } } $template->assign_var('SUCCESS_MESSAGE', $user->lang['RESET_BOT_SUCCESS']); } } // Misc things will be done next $template->assign_vars(array( 'SUCCESS_MESSAGE' => $user->lang['FINAL_STEP'], 'S_NO_INSTRUCTIONS' => true, )); break; case 9 : if ($apply_changes) { set_config('board_disable', 0); $umil->cache_purge(); $umil->cache_purge('auth'); } // Finished? trigger_error('DATABASE_CLEANER_SUCCESS'); break; } page_header($user->lang['DATABASE_CLEANER'], false); $template->assign_vars(array( 'STEP' => $step, 'U_NEXT_STEP' => append_sid(STK_INDEX, 't=database_cleaner&step=' . ($step + 1)), )); $template->set_filenames(array( 'body' => 'tools/database_cleaner.html', )); page_footer(); }
/** * Add the users to the system. Make sure that they have to change their * password on next login also. */ function uploadcsv_submit(Pieform $form, $values) { global $SESSION, $CSVDATA, $FORMAT, $UPDATES, $USER; $formatkeylookup = array_flip($FORMAT); $institution = $values['institution']; if ($values['updategroups']) { log_info('Updating groups from the CSV file'); } else { log_info('Inserting groups from the CSV file'); } db_begin(); $addedgroups = array(); foreach ($CSVDATA as $record) { $group = new StdClass(); $group->name = $record[$formatkeylookup['displayname']]; $group->shortname = $record[$formatkeylookup['shortname']]; $group->institution = $institution; $group->grouptype = $record[$formatkeylookup['roles']]; foreach ($FORMAT as $field) { if ($field == 'displayname' || $field == 'shortname' || $field == 'roles') { continue; } if ($field == 'submitpages') { $group->submittableto = $record[$formatkeylookup[$field]]; continue; } $group->{$field} = $record[$formatkeylookup[$field]]; } if (!$values['updategroups'] || !isset($UPDATES[$group->shortname])) { $group->members = array($USER->id => 'admin'); $group->id = group_create((array) $group); $addedgroups[] = $group; log_debug('added group ' . $group->name); } else { if (isset($UPDATES[$group->shortname])) { $shortname = $group->shortname; $updates = group_update($group); if (empty($updates)) { unset($UPDATES[$shortname]); } else { if (isset($updates['name'])) { $updates['displayname'] = $updates['name']; unset($updates['name']); } $UPDATES[$shortname] = $updates; log_debug('updated group ' . $group->name . ' (' . implode(', ', array_keys((array) $updates)) . ')'); } } } } db_commit(); $SESSION->add_ok_msg(get_string('csvfileprocessedsuccessfully', 'admin')); if ($UPDATES) { $updatemsg = smarty_core(); $updatemsg->assign('added', count($addedgroups)); $updatemsg->assign('updates', $UPDATES); $SESSION->add_info_msg($updatemsg->fetch('admin/groups/csvupdatemessage.tpl'), false); } else { $SESSION->add_ok_msg(get_string('numbernewgroupsadded', 'admin', count($addedgroups))); } redirect('/admin/groups/uploadcsv.php'); }
/** * Create a group that can be used in a test. * * @param array $groupdata data about the group to create - this can take anything that {@link group_create} can take. * If null then a group called 'groupX' will be created, where X is the number of groups created so far. * These will be automatically cleaned up in tearDown, so make sure you call parent::tearDown(). * @return int new group id. */ protected function create_test_group($groupdata = null) { $testdata = array('name' => 'group' . count($this->testgroups), 'grouptype' => 'test' . count($this->testusers) . '@localhost'); $combineddata = array_merge($testdata, (array) $groupdata); if (array_key_exists($combineddata['name'], $this->testgroups)) { throw new MaharaUnitTextException("MaharaUnitTest::create_test_group called with duplicate name {$combineddata['name']}"); } try { $newgroupid = group_create($combineddata); $this->testgroups[$combineddata['name']] = $newgroupid; return $newgroupid; } catch (Exception $e) { throw new MaharaUnitTestException("MaharaUnitTest::create_test_group call caught an exception creating a group: " . $e->getMessage()); } }
function mahara_group_update_group_members($client) { //Set test data $dbuser1 = $this->create_user1_for_update(); $dbuser2 = $this->create_user2_for_update(); //Test data //a full group: group1 $group1 = new stdClass(); $group1->name = 'The test group 1 - create'; $group1->shortname = 'testgroupshortname1'; $group1->description = 'a description for test group 1'; $group1->institution = 'mahara'; $group1->grouptype = 'standard'; $group1->open = 1; $group1->request = 0; $group1->controlled = 0; $group1->submitpages = 0; $group1->public = 0; $group1->usersautoadded = 0; $group1->members = array($dbuser1->id => 'admin', $dbuser2->id => 'admin'); //a small group: group2 $group2 = new stdClass(); $group2->shortname = 'testgroupshortname2'; $group2->name = 'The test group 2 - create'; $group2->description = 'a description for test group 2'; $group2->institution = 'mahara'; $group2->grouptype = 'standard'; $group2->open = 1; $group2->request = 0; $group2->controlled = 0; $group2->submitpages = 0; $group2->public = 0; $group2->usersautoadded = 0; $group2->members = array($dbuser1->id => 'admin'); //do not run the test if group1 or group2 already exists foreach (array($group1->shortname, $group2->shortname) as $shortname) { $existinggroup = get_record('group', 'shortname', $shortname, 'institution', 'mahara'); if (!empty($existinggroup)) { group_delete($existinggroup->id); } } // setup test groups $groupid1 = group_create((array) $group1); $groupid2 = group_create((array) $group2); $this->created_groups[] = $groupid1; $this->created_groups[] = $groupid2; $dbgroup1 = get_record('group', 'shortname', $group1->shortname, 'institution', 'mahara'); $dbgroup2 = get_record('group', 'shortname', $group2->shortname, 'institution', 'mahara'); //update the test data $group1 = new stdClass(); $group1->id = $dbgroup1->id; $group1->shortname = 'testgroupshortname1'; $group1->institution = 'mahara'; $group1->members = array(array('id' => $dbuser1->id, 'action' => 'remove')); //a small group: group2 $group2 = new stdClass(); $group2->shortname = 'testgroupshortname2'; $group2->institution = 'mahara'; $group2->members = array(array('username' => $dbuser2->username, 'role' => 'admin', 'action' => 'add')); $groups = array($group1, $group2); //update the users by web service $function = 'mahara_group_update_group_members'; $params = array('groups' => $groups); $client->call($function, $params); $dbgroup1 = get_record('group', 'id', $groupid1); $dbgroupmembers1 = get_records_array('group_member', 'group', $dbgroup1->id); $dbgroup2 = get_record('group', 'id', $groupid2); $dbgroupmembers2 = get_records_array('group_member', 'group', $dbgroup2->id); //compare DB group with the test data // current user added as admin $this->assertEquals(count($dbgroupmembers1), 1); // current user added as admin $this->assertEquals(count($dbgroupmembers2), 2); }
$cli->cli_print('will not autocreate an empty Mahara group ' . $group); continue; } try { $cli->cli_print('creating group ' . $group); $dbgroup = array(); $dbgroup['name'] = $institutionname . ' : ' . $group; $dbgroup['institution'] = $institutionname; $dbgroup['shortname'] = $group; $dbgroup['grouptype'] = $grouptype; // default standard (change to course) $dbgroup['controlled'] = 1; //definitively $nbadded++; if (!$dryrun) { $groupid = group_create($dbgroup); } } catch (Exception $ex) { $cli->cli_print($ex->getMessage()); continue; } } else { $groupid = $dbgroup->id; $cli->cli_print('group exists ' . $group); $ldapusers = $instance->get_users_having_attribute_value($group); } // now it does exist see what members should be added/removed $members = array('1' => 'admin'); //must be set otherwise fatal error group_update_members: no group admins listed for group foreach ($ldapusers as $username) { if (isset($currentmembers[$username])) {
/** * Create one or more group * * @param array $groups An array of groups to create. * @return array An array of arrays describing groups */ public static function create_groups($groups) { global $USER, $WEBSERVICE_INSTITUTION; // Do basic automatic PARAM checks on incoming data, using params description $params = self::validate_parameters(self::create_groups_parameters(), array('groups' => $groups)); db_begin(); $groupids = array(); foreach ($params['groups'] as $group) { // Make sure that the group doesn't already exist if (!empty($group['name'])) { // don't checked deleted as the real function doesn't if (get_record('group', 'name', $group['name'])) { throw new WebserviceInvalidParameterException(get_string('groupexists', 'auth.webservice', $group['name'])); } } else { if (isset($group['shortname']) && strlen($group['shortname'])) { // check the institution is allowed if (isset($group['institution']) && strlen($group['institution'])) { if ($WEBSERVICE_INSTITUTION != $group['institution']) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('accessdeniedforinstgroup', 'auth.webservice', $group['institution'], $group['name'])); } if (!$USER->can_edit_institution($group['institution'])) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('accessdeniedforinstgroup', 'auth.webservice', $group['institution'], $group['name'])); } } else { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('instmustbeongroup', 'auth.webservice', $group['name'] . '/' . $group['shortname'])); } // does the group exist? if (get_record('group', 'shortname', $group['shortname'], 'institution', $group['institution'])) { throw new WebserviceInvalidParameterException(get_string('groupexists', 'auth.webservice', $group['shortname'])); } } else { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('noname', 'auth.webservice')); } } // convert the category if (!empty($group['category'])) { $groupcategory = get_record('group_category', 'title', $group['category']); if (empty($groupcategory)) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('catinvalid', 'auth.webservice', $group['category'])); } $group['category'] = $groupcategory->id; } // validate the join type combinations if ($group['open'] && $group['request']) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('invalidjointype', 'auth.webservice', 'open+request')); } if ($group['open'] && $group['controlled']) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('invalidjointype', 'auth.webservice', 'open+controlled')); } if (!$group['open'] && !$group['request'] && !$group['controlled']) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('correctjointype', 'auth.webservice')); } if (isset($group['editroles']) && !in_array($group['editroles'], array_keys(group_get_editroles_options()))) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('groupeditroles', 'auth.webservice', $group['editroles'], implode(', ', array_keys(group_get_editroles_options())))); } // check that the members exist and we are allowed to administer them $members = array($USER->get('id') => 'admin'); foreach ($group['members'] as $member) { if (!empty($member['id'])) { $dbuser = get_record('usr', 'id', $member['id'], 'deleted', 0); } else { if (!empty($member['username'])) { $dbuser = get_record('usr', 'username', $member['username'], 'deleted', 0); } else { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('nousernameoridgroup', 'auth.webservice', $group['name'])); } } if (empty($dbuser)) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('invalidusergroup', 'auth.webservice', $member['id'] . '/' . $member['username'], $group['name'])); } // check user is in this institution if this is an institution controlled group if (isset($group['shortname']) && strlen($group['shortname']) && (isset($group['institution']) && strlen($group['institution']))) { if (!mahara_external_in_institution($dbuser, $WEBSERVICE_INSTITUTION)) { throw new WebserviceInvalidParameterException(get_string('notauthforuseridinstitutiongroup', 'auth.webservice', $dbuser->id, $WEBSERVICE_INSTITUTION, $group['shortname'])); } } else { // Make sure auth is valid if (!($authinstance = get_record('auth_instance', 'id', $dbuser->authinstance))) { throw new WebserviceInvalidParameterException(get_string('invalidauthtype', 'auth.webservice', $dbuser->authinstance)); } // check the institution is allowed // basic check authorisation to edit for the current institution of the user if (!$USER->can_edit_institution($authinstance->institution)) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('accessdeniedforinstuser', 'auth.webservice', $authinstance->institution, $dbuser->username)); } } // check the specified role if (!in_array($member['role'], self::$member_roles)) { throw new WebserviceInvalidParameterException('create_groups | ' . get_string('invalidmemroles', 'auth.webservice', $member['role'], $dbuser->username)); } $members[$dbuser->id] = $member['role']; } // set the basic elements $create = array('shortname' => isset($group['shortname']) ? $group['shortname'] : null, 'name' => isset($group['name']) ? $group['name'] : null, 'description' => $group['description'], 'institution' => isset($group['institution']) ? $group['institution'] : null, 'grouptype' => $group['grouptype'], 'members' => $members); // check for the rest foreach (array('category', 'open', 'controlled', 'request', 'submitpages', 'editroles', 'hidemembers', 'invitefriends', 'suggestfriends', 'hidden', 'quota', 'hidemembersfrommembers', 'public', 'usersautoadded', 'viewnotify') as $attr) { if (isset($group[$attr]) && $group[$attr] !== false && $group[$attr] !== null && strlen("" . $group[$attr])) { $create[$attr] = $group[$attr]; } } // create the group $id = group_create($create); $groupids[] = array('id' => $id, 'name' => $group['name']); } db_commit(); return $groupids; }
/** * Setup test data */ protected function setUp() { // default current user to admin global $USER; $USER->id = 1; $USER->admin = 1; set_config('webservice_enabled', true); set_config('webservice_rest_enabled', true); set_config('webservice_xmlrpc_enabled', true); set_config('webservice_soap_enabled', true); set_config('webservice_oauth_enabled', true); //token to test $this->servicename = 'test webservices'; $this->testuser = '******'; $this->testinstitution = 'mytestinstitutionone'; // clean out first $this->tearDown(); if (!($authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice'))) { $authinstance = new stdClass(); $authinstance->instancename = 'webservice'; $authinstance->institution = 'mahara'; $authinstance->authname = 'webservice'; $lastinstance = get_records_array('auth_instance', 'institution', 'mahara', 'priority DESC', '*', '0', '1'); if ($lastinstance == false) { $authinstance->priority = 0; } else { $authinstance->priority = $lastinstance[0]->priority + 1; } $authinstance->id = insert_record('auth_instance', $authinstance, 'id', true); } $this->authinstance = $authinstance; $this->institution = new Institution($authinstance->institution); // create the new test user if (!($dbuser = get_record('usr', 'username', $this->testuser))) { db_begin(); $new_user = new StdClass(); $new_user->authinstance = $authinstance->id; $new_user->username = $this->testuser; $new_user->firstname = 'Firstname'; $new_user->lastname = 'Lastname'; $new_user->password = $this->testuser; $new_user->email = $this->testuser . '@hogwarts.school.nz'; $new_user->passwordchange = 0; $new_user->admin = 1; $profilefields = new StdClass(); $userid = create_user($new_user, $profilefields, $this->institution, $authinstance); $dbuser = get_record('usr', 'username', $this->testuser); db_commit(); } // construct a test service from all available functions $dbservice = get_record('external_services', 'name', $this->servicename); if (empty($dbservice)) { $service = array('name' => $this->servicename, 'tokenusers' => 0, 'restrictedusers' => 0, 'enabled' => 1, 'component' => 'webservice', 'ctime' => db_format_timestamp(time())); insert_record('external_services', $service); $dbservice = get_record('external_services', 'name', $this->servicename); } $dbfunctions = get_records_array('external_functions', null, null, 'name'); foreach ($dbfunctions as $function) { $sfexists = record_exists('external_services_functions', 'externalserviceid', $dbservice->id, 'functionname', $function->name); if (!$sfexists) { $service_function = array('externalserviceid' => $dbservice->id, 'functionname' => $function->name); insert_record('external_services_functions', $service_function); $dbservice->mtime = db_format_timestamp(time()); update_record('external_services', $dbservice); } } // create an OAuth registry object require_once get_config('docroot') . 'webservice/libs/oauth-php/OAuthServer.php'; require_once get_config('docroot') . 'webservice/libs/oauth-php/OAuthStore.php'; require_once get_config('docroot') . 'webservice/libs/oauth-php/OAuthRequester.php'; $store = OAuthStore::instance('Mahara', array(), true); $new_app = array('application_title' => 'Test Application', 'application_uri' => 'http://example.com', 'requester_name' => $dbuser->firstname . ' ' . $dbuser->lastname, 'requester_email' => $dbuser->email, 'callback_uri' => 'http://example.com', 'institution' => 'mahara', 'externalserviceid' => $dbservice->id); $this->consumer_key = $store->updateConsumer($new_app, $dbuser->id, true); $this->consumer = (object) $store->getConsumer($this->consumer_key, $dbuser->id); // Now do the request and access token $this->request_token = $store->addConsumerRequestToken($this->consumer_key, array()); // authorise $verifier = $store->authorizeConsumerRequestToken($this->request_token['token'], $dbuser->id, 'localhost'); // exchange access token $options = array(); $options['verifier'] = $verifier; $this->access_token = $store->exchangeConsumerRequestForAccessToken($this->request_token['token'], $options); // generate a test token $token = webservice_generate_token(EXTERNAL_TOKEN_PERMANENT, $dbservice, $dbuser->id); $dbtoken = get_record('external_tokens', 'token', $token); $this->testtoken = $dbtoken->token; // create an external test user instance $dbserviceuser = (object) array('externalserviceid' => $dbservice->id, 'userid' => $dbuser->id, 'institution' => 'mahara', 'ctime' => db_format_timestamp(time()), 'wssigenc' => 0, 'publickeyexpires' => 0); $dbserviceuser->id = insert_record('external_services_users', $dbserviceuser, 'id', true); // setup test groups $groupid = group_create(array('shortname' => 'mytestgroup1', 'name' => 'The test group 1', 'description' => 'a description for test group 1', 'institution' => 'mahara', 'grouptype' => 'standard', 'open' => 1, 'controlled' => 0, 'request' => 0, 'submitpages' => 0, 'hidemembers' => 0, 'invitefriends' => 0, 'suggestfriends' => 0, 'hidden' => 0, 'hidemembersfrommembers' => 0, 'public' => 0, 'usersautoadded' => 0, 'members' => array($dbuser->id => 'admin'), 'viewnotify' => 0)); // create test institution $dbinstitution = get_record('institution', 'name', $this->testinstitution); if (empty($dbinstitution)) { db_begin(); $newinstitution = new StdClass(); $institution = $newinstitution->name = $this->testinstitution; $newinstitution->displayname = $institution . ' - display name'; $newinstitution->authplugin = 'internal'; $newinstitution->showonlineusers = 1; $newinstitution->registerallowed = 0; $newinstitution->theme = null; $newinstitution->defaultquota = get_config_plugin('artefact', 'file', 'defaultquota'); $newinstitution->defaultmembershipperiod = null; $newinstitution->maxuseraccounts = null; $newinstitution->allowinstitutionpublicviews = 1; insert_record('institution', $newinstitution); $authinstance = (object) array('instancename' => 'internal', 'priority' => 0, 'institution' => $newinstitution->name, 'authname' => 'internal'); insert_record('auth_instance', $authinstance); db_commit(); } //protocols to test $this->testrest = false; $this->testxmlrpc = false; $this->testsoap = false; ////// READ-ONLY DB tests //// $this->readonlytests = array(); ////// WRITE DB tests //// $this->writetests = array(); ///// Authentication types //// $this->auths = array(); //performance testing: number of time the web service are run $this->iteration = 1; // keep track of users created and deleted $this->created_users = array(); // keep track of groups $this->created_groups = array(); //DO NOT CHANGE //reset the timers $this->timerrest = 0; $this->timerxmlrpc = 0; $this->timersoap = 0; }
function main($id, $mode) { global $config, $phpbb_root_path, $phpEx, $phpbb_admin_path; global $db, $user, $auth, $cache, $template; global $request, $phpbb_container, $phpbb_log; $user->add_lang('groups'); $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>'); $mark_ary = $request->variable('mark', array(0)); $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST); $delete = $request->variable('delete', false, false, \phpbb\request\request_interface::POST); $error = $data = array(); /** @var \phpbb\group\helper $group_helper */ $group_helper = $phpbb_container->get('group_helper'); switch ($mode) { case 'membership': $this->page_title = 'UCP_USERGROUPS_MEMBER'; if ($submit || isset($_POST['change_default'])) { $action = isset($_POST['change_default']) ? 'change_default' : $request->variable('action', ''); $group_id = $action == 'change_default' ? $request->variable('default', 0) : $request->variable('selected', 0); if (!$group_id) { trigger_error('NO_GROUP_SELECTED'); } $sql = 'SELECT group_id, group_name, group_type FROM ' . GROUPS_TABLE . "\n\t\t\t\t\t\tWHERE group_id IN ({$group_id}, {$user->data['group_id']})"; $result = $db->sql_query($sql); $group_row = array(); while ($row = $db->sql_fetchrow($result)) { $row['group_name'] = $group_helper->get_name($row['group_name']); $group_row[$row['group_id']] = $row; } $db->sql_freeresult($result); if (!sizeof($group_row)) { trigger_error('GROUP_NOT_EXIST'); } switch ($action) { case 'change_default': // User already having this group set as default? if ($group_id == $user->data['group_id']) { trigger_error($user->lang['ALREADY_DEFAULT_GROUP'] . $return_page); } if (!$auth->acl_get('u_chggrp')) { trigger_error($user->lang['NOT_AUTHORISED'] . $return_page); } // User needs to be member of the group in order to make it default if (!group_memberships($group_id, $user->data['user_id'], true)) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } if (confirm_box(true)) { group_user_attributes('default', $group_id, $user->data['user_id']); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_CHANGE', false, array('reportee_id' => $user->data['user_id'], sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name']))); meta_refresh(3, $this->u_action); trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page); } else { $s_hidden_fields = array('default' => $group_id, 'change_default' => true); confirm_box(false, sprintf($user->lang['GROUP_CHANGE_DEFAULT'], $group_row[$group_id]['group_name']), build_hidden_fields($s_hidden_fields)); } break; case 'resign': // User tries to resign from default group but is not allowed to change it? if ($group_id == $user->data['group_id'] && !$auth->acl_get('u_chggrp')) { trigger_error($user->lang['NOT_RESIGN_FROM_DEFAULT_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); $sql = 'SELECT group_type FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $group_id; $result = $db->sql_query($sql); $group_type = (int) $db->sql_fetchfield('group_type'); $db->sql_freeresult($result); if ($group_type != GROUP_OPEN && $group_type != GROUP_FREE) { trigger_error($user->lang['CANNOT_RESIGN_GROUP'] . $return_page); } if (confirm_box(true)) { group_user_del($group_id, $user->data['user_id']); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_RESIGN', false, array('reportee_id' => $user->data['user_id'], $group_row[$group_id]['group_name'])); meta_refresh(3, $this->u_action); trigger_error($user->lang[$row['user_pending'] ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page); } else { $s_hidden_fields = array('selected' => $group_id, 'action' => 'resign', 'submit' => true); confirm_box(false, $row['user_pending'] ? 'GROUP_RESIGN_PENDING' : 'GROUP_RESIGN_MEMBERSHIP', build_hidden_fields($s_hidden_fields)); } break; case 'join': $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u WHERE ug.user_id = u.user_id AND ug.group_id = ' . $group_id . ' AND ug.user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { if ($row['user_pending']) { trigger_error($user->lang['ALREADY_IN_GROUP_PENDING'] . $return_page); } trigger_error($user->lang['ALREADY_IN_GROUP'] . $return_page); } // Check permission to join (open group or request) if ($group_row[$group_id]['group_type'] != GROUP_OPEN && $group_row[$group_id]['group_type'] != GROUP_FREE) { trigger_error($user->lang['CANNOT_JOIN_GROUP'] . $return_page); } if (confirm_box(true)) { if ($group_row[$group_id]['group_type'] == GROUP_FREE) { group_user_add($group_id, $user->data['user_id']); } else { group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1); } $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_JOIN' . ($group_row[$group_id]['group_type'] == GROUP_FREE ? '' : '_PENDING'), false, array('reportee_id' => $user->data['user_id'], $group_row[$group_id]['group_name'])); meta_refresh(3, $this->u_action); trigger_error($user->lang[$group_row[$group_id]['group_type'] == GROUP_FREE ? 'GROUP_JOINED' : 'GROUP_JOINED_PENDING'] . $return_page); } else { $s_hidden_fields = array('selected' => $group_id, 'action' => 'join', 'submit' => true); confirm_box(false, $group_row[$group_id]['group_type'] == GROUP_FREE ? 'GROUP_JOIN' : 'GROUP_JOIN_PENDING', build_hidden_fields($s_hidden_fields)); } break; case 'demote': if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } if (confirm_box(true)) { group_user_attributes('demote', $group_id, $user->data['user_id']); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_DEMOTE', false, array('reportee_id' => $user->data['user_id'], $group_row[$group_id]['group_name'])); meta_refresh(3, $this->u_action); trigger_error($user->lang['USER_GROUP_DEMOTED'] . $return_page); } else { $s_hidden_fields = array('selected' => $group_id, 'action' => 'demote', 'submit' => true); confirm_box(false, 'USER_GROUP_DEMOTE', build_hidden_fields($s_hidden_fields)); } break; } } $sql = 'SELECT g.*, ug.group_leader, ug.user_pending FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug WHERE ug.user_id = ' . $user->data['user_id'] . ' AND g.group_id = ug.group_id ORDER BY g.group_type DESC, g.group_name'; $result = $db->sql_query($sql); $group_id_ary = array(); $leader_count = $member_count = $pending_count = 0; while ($row = $db->sql_fetchrow($result)) { $block = $row['group_leader'] ? 'leader' : ($row['user_pending'] ? 'pending' : 'member'); switch ($row['group_type']) { case GROUP_OPEN: $group_status = 'OPEN'; break; case GROUP_CLOSED: $group_status = 'CLOSED'; break; case GROUP_HIDDEN: $group_status = 'HIDDEN'; break; case GROUP_SPECIAL: $group_status = 'SPECIAL'; break; case GROUP_FREE: $group_status = 'FREE'; break; } $template->assign_block_vars($block, array('GROUP_ID' => $row['group_id'], 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => $row['group_type'] != GROUP_SPECIAL ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => $row['group_type'] != GROUP_SPECIAL ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], 'GROUP_COLOUR' => $row['group_colour'], 'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=group&g=' . $row['group_id']), 'S_GROUP_DEFAULT' => $row['group_id'] == $user->data['group_id'] ? true : false, 'S_ROW_COUNT' => ${$block . '_count'}++)); $group_id_ary[] = (int) $row['group_id']; } $db->sql_freeresult($result); // Hide hidden groups unless user is an admin with group privileges $sql_and = $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; $sql = 'SELECT group_id, group_name, group_colour, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type, group_founder_manage FROM ' . GROUPS_TABLE . ' WHERE ' . (sizeof($group_id_ary) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . "\n\t\t\t\t\t\tgroup_type {$sql_and}\n\t\t\t\t\tORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); $nonmember_count = 0; while ($row = $db->sql_fetchrow($result)) { switch ($row['group_type']) { case GROUP_OPEN: $group_status = 'OPEN'; break; case GROUP_CLOSED: $group_status = 'CLOSED'; break; case GROUP_HIDDEN: $group_status = 'HIDDEN'; break; case GROUP_SPECIAL: $group_status = 'SPECIAL'; break; case GROUP_FREE: $group_status = 'FREE'; break; } $template->assign_block_vars('nonmember', array('GROUP_ID' => $row['group_id'], 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => $row['group_type'] != GROUP_SPECIAL ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => $row['group_type'] != GROUP_SPECIAL ? false : true, 'GROUP_CLOSED' => $row['group_type'] != GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], 'S_CAN_JOIN' => $row['group_type'] == GROUP_OPEN || $row['group_type'] == GROUP_FREE ? true : false, 'GROUP_COLOUR' => $row['group_colour'], 'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=group&g=' . $row['group_id']), 'S_ROW_COUNT' => $nonmember_count++)); } $db->sql_freeresult($result); $template->assign_vars(array('S_CHANGE_DEFAULT' => $auth->acl_get('u_chggrp') ? true : false, 'S_LEADER_COUNT' => $leader_count, 'S_MEMBER_COUNT' => $member_count, 'S_PENDING_COUNT' => $pending_count, 'S_NONMEMBER_COUNT' => $nonmember_count, 'S_UCP_ACTION' => $this->u_action)); break; case 'manage': $this->page_title = 'UCP_USERGROUPS_MANAGE'; $action = isset($_POST['addusers']) ? 'addusers' : $request->variable('action', ''); $group_id = $request->variable('g', 0); include $phpbb_root_path . 'includes/functions_display.' . $phpEx; add_form_key('ucp_groups'); if ($group_id) { $sql = 'SELECT g.*, t.teampage_position AS group_teampage FROM ' . GROUPS_TABLE . ' g LEFT JOIN ' . TEAMPAGE_TABLE . ' t ON (t.group_id = g.group_id) WHERE g.group_id = ' . $group_id; $result = $db->sql_query($sql); $group_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$group_row) { trigger_error($user->lang['NO_GROUP'] . $return_page); } // Check if the user is allowed to manage this group if set to founder only. if ($user->data['user_type'] != USER_FOUNDER && $group_row['group_founder_manage']) { trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . $return_page, E_USER_WARNING); } $group_name = $group_row['group_name']; $group_type = $group_row['group_type']; $avatar = phpbb_get_group_avatar($group_row, 'GROUP_AVATAR', true); $template->assign_vars(array('GROUP_NAME' => $group_helper->get_name($group_name), 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_COLOUR' => isset($group_row['group_colour']) ? $group_row['group_colour'] : '', 'GROUP_DESC_DISP' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']), 'GROUP_TYPE' => $group_row['group_type'], 'AVATAR' => empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar, 'AVATAR_IMAGE' => empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar, 'AVATAR_WIDTH' => isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '', 'AVATAR_HEIGHT' => isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '')); } switch ($action) { case 'edit': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $file_uploads = @ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on' ? true : false; $user->add_lang(array('acp/groups', 'acp/common')); $data = $submit_ary = array(); $update = isset($_POST['update']) ? true : false; $error = array(); // Setup avatar data for later $avatars_enabled = false; $avatar_drivers = null; $avatar_data = null; $avatar_error = array(); if ($config['allow_avatar']) { /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the group_ prefix $avatar_data = \phpbb\avatar\manager::clean_row($group_row, 'group'); } // Handle deletion of avatars if ($request->is_set_post('avatar_delete')) { if (confirm_box(true)) { $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, GROUPS_TABLE, 'group_'); $cache->destroy('sql', GROUPS_TABLE); $message = $action == 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED'; trigger_error($user->lang[$message] . $return_page); } else { confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array('avatar_delete' => true, 'i' => $id, 'mode' => $mode, 'g' => $group_id, 'action' => $action))); } } // Did we submit? if ($update) { $group_name = $request->variable('group_name', '', true); $group_desc = $request->variable('group_desc', '', true); $group_type = $request->variable('group_type', GROUP_FREE); $allow_desc_bbcode = $request->variable('desc_parse_bbcode', false); $allow_desc_urls = $request->variable('desc_parse_urls', false); $allow_desc_smilies = $request->variable('desc_parse_smilies', false); $submit_ary = array('colour' => $request->variable('group_colour', ''), 'rank' => $request->variable('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, 'message_limit' => $request->variable('group_message_limit', 0), 'max_recipients' => $request->variable('group_max_recipients', 0), 'legend' => $group_row['group_legend'], 'teampage' => $group_row['group_teampage']); if ($config['allow_avatar']) { // Handle avatar $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); $config_name = preg_replace('#^avatar\\.driver.#', '', $driver_name); if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) { $driver = $phpbb_avatar_manager->get_driver($driver_name); $result = $driver->process_form($request, $template, $user, $avatar_data, $avatar_error); if ($result && empty($avatar_error)) { $result['avatar_type'] = $driver_name; $submit_ary = array_merge($submit_ary, $result); } } // Merge any avatars errors into the primary error array $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } if (!check_form_key('ucp_groups')) { $error[] = $user->lang['FORM_INVALID']; } // Validate submitted colour value if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) { // Replace "error" string with its real, localised form $error = array_merge($error, $colour_error); } if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. // However there are some attributes that need to be set everytime, // otherwise the group gets removed from the feature. $set_attributes = array('legend', 'teampage'); $group_attributes = array(); $test_variables = array('rank' => 'int', 'colour' => 'string', 'avatar' => 'string', 'avatar_type' => 'string', 'avatar_width' => 'int', 'avatar_height' => 'int', 'receive_pm' => 'int', 'legend' => 'int', 'teampage' => 'int', 'message_limit' => 'int', 'max_recipients' => 'int'); foreach ($test_variables as $test => $type) { if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test] || isset($group_attributes['group_avatar']) && strpos($test, 'avatar') === 0 || in_array($test, $set_attributes))) { settype($submit_ary[$test], $type); $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; } } if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) { $cache->destroy('sql', GROUPS_TABLE); $cache->destroy('sql', TEAMPAGE_TABLE); $message = $action == 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED'; trigger_error($user->lang[$message] . $return_page); } } if (sizeof($error)) { $error = array_map(array(&$user, 'lang'), $error); $group_rank = $submit_ary['rank']; $group_desc_data = array('text' => $group_desc, 'allow_bbcode' => $allow_desc_bbcode, 'allow_smilies' => $allow_desc_smilies, 'allow_urls' => $allow_desc_urls); } } else { if (!$group_id) { $group_name = $request->variable('group_name', '', true); $group_desc_data = array('text' => '', 'allow_bbcode' => true, 'allow_smilies' => true, 'allow_urls' => true); $group_rank = 0; $group_type = GROUP_OPEN; } else { $group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']); $group_rank = $group_row['group_rank']; } } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $rank_options = '<option value="0"' . (!$group_rank ? ' selected="selected"' : '') . '>' . $user->lang['USER_DEFAULT'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = $group_rank && $row['rank_id'] == $group_rank ? ' selected="selected"' : ''; $rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $type_free = $group_type == GROUP_FREE ? ' checked="checked"' : ''; $type_open = $group_type == GROUP_OPEN ? ' checked="checked"' : ''; $type_closed = $group_type == GROUP_CLOSED ? ' checked="checked"' : ''; $type_hidden = $group_type == GROUP_HIDDEN ? ' checked="checked"' : ''; // Load up stuff for avatars if ($config['allow_avatar']) { $avatars_enabled = false; $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type'])); foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); $avatars_enabled = true; $template->set_filenames(array('avatar' => $driver->get_template_name())); if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error)) { $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver); $driver_upper = strtoupper($driver_name); $template->assign_block_vars('avatar_drivers', array('L_TITLE' => $user->lang($driver_upper . '_TITLE'), 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 'DRIVER' => $driver_name, 'SELECTED' => $current_driver == $selected_driver, 'OUTPUT' => $template->assign_display('avatar'))); } } } if (isset($phpbb_avatar_manager) && !$update) { // Merge any avatars errors into the primary error array $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } $template->assign_vars(array('S_EDIT' => true, 'S_INCLUDE_SWATCH' => true, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', 'S_ERROR' => sizeof($error) ? true : false, 'S_SPECIAL_GROUP' => $group_type == GROUP_SPECIAL ? true : false, 'S_AVATARS_ENABLED' => $config['allow_avatar'] && $avatars_enabled, 'S_GROUP_MANAGE' => true, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : '', 'GROUP_RECEIVE_PM' => isset($group_row['group_receive_pm']) && $group_row['group_receive_pm'] ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => isset($group_row['group_message_limit']) ? $group_row['group_message_limit'] : 0, 'GROUP_MAX_RECIPIENTS' => isset($group_row['group_max_recipients']) ? $group_row['group_max_recipients'] : 0, 'GROUP_DESC' => $group_desc_data['text'], 'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'], 'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'], 'S_DESC_SMILIES_CHECKED' => $group_desc_data['allow_smilies'], 'S_RANK_OPTIONS' => $rank_options, 'GROUP_TYPE_FREE' => GROUP_FREE, 'GROUP_TYPE_OPEN' => GROUP_OPEN, 'GROUP_TYPE_CLOSED' => GROUP_CLOSED, 'GROUP_TYPE_HIDDEN' => GROUP_HIDDEN, 'GROUP_TYPE_SPECIAL' => GROUP_SPECIAL, 'GROUP_FREE' => $type_free, 'GROUP_OPEN' => $type_open, 'GROUP_CLOSED' => $type_closed, 'GROUP_HIDDEN' => $type_hidden, 'S_UCP_ACTION' => $this->u_action . "&action={$action}&g={$group_id}", 'L_AVATAR_EXPLAIN' => phpbb_avatar_explanation_string())); break; case 'list': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $user->add_lang(array('acp/groups', 'acp/common')); $start = $request->variable('start', 0); // Grab the leaders - always, on every page... $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\t\t\tAND ug.group_leader = 1\n\t\t\t\t\t\t\tORDER BY ug.user_pending DESC, u.username_clean"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array('USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'U_USER_VIEW' => get_username_string('profile', $row['user_id'], $row['username']), 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); // Total number of group members (non-leaders) $sql = 'SELECT COUNT(user_id) AS total_members FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\t\t\tAND group_leader = 0"; $result = $db->sql_query($sql); $total_members = (int) $db->sql_fetchfield('total_members'); $db->sql_freeresult($result); // Grab the members $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\t\t\tAND ug.group_leader = 0\n\t\t\t\t\t\t\tORDER BY ug.user_pending DESC, u.username_clean"; $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); $pending = false; $approved = false; while ($row = $db->sql_fetchrow($result)) { if ($row['user_pending'] && !$pending) { $template->assign_block_vars('member', array('S_PENDING' => true)); $template->assign_var('S_PENDING_SET', true); $pending = true; } else { if (!$row['user_pending'] && !$approved) { $template->assign_block_vars('member', array('S_APPROVED' => true)); $template->assign_var('S_APPROVED_SET', true); $approved = true; } } $template->assign_block_vars('member', array('USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), 'U_USER_VIEW' => get_username_string('profile', $row['user_id'], $row['username']), 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); $s_action_options = ''; $options = array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'deleteusers' => 'DELETE'); foreach ($options as $option => $lang) { $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $base_url = $this->u_action . "&action={$action}&g={$group_id}"; $start = $pagination->validate_start($start, $config['topics_per_page'], $total_members); $pagination->generate_template_pagination($base_url, 'pagination', 'start', $total_members, $config['topics_per_page'], $start); $template->assign_vars(array('S_LIST' => true, 'S_ACTION_OPTIONS' => $s_action_options, 'U_ACTION' => $this->u_action . "&g={$group_id}", 'S_UCP_ACTION' => $this->u_action . "&g={$group_id}", 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=ucp&field=usernames'))); break; case 'approve': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $user->add_lang('acp/groups'); // Approve, demote or promote group_user_attributes('approve', $group_id, $mark_ary, false, false); trigger_error($user->lang['USERS_APPROVED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); break; case 'default': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { if (!sizeof($mark_ary)) { $start = 0; do { $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\t\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\t\t\t\t\tORDER BY user_id"; $result = $db->sql_query_limit($sql, 200, $start); $mark_ary = array(); if ($row = $db->sql_fetchrow($result)) { do { $mark_ary[] = $row['user_id']; } while ($row = $db->sql_fetchrow($result)); group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); $start = sizeof($mark_ary) < 200 ? 0 : $start + 200; } else { $start = 0; } $db->sql_freeresult($result); } while ($start); } else { group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); } $user->add_lang('acp/groups'); trigger_error($user->lang['GROUP_DEFS_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } else { $user->add_lang('acp/common'); confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } // redirect to last screen redirect($this->u_action . '&action=list&g=' . $group_id); break; case 'deleteusers': $user->add_lang(array('acp/groups', 'acp/common')); if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } $error = group_user_del($group_id, $mark_ary, false, $group_row['group_name']); if ($error) { trigger_error($user->lang[$error] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } trigger_error($user->lang['GROUP_USERS_REMOVE'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } // redirect to last screen redirect($this->u_action . '&action=list&g=' . $group_id); break; case 'addusers': $user->add_lang(array('acp/groups', 'acp/common')); $names = $request->variable('usernames', '', true); if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . $return_page); } if (!$names) { trigger_error($user->lang['NO_USERS'] . $return_page); } if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); if (!$row['group_leader']) { trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } $name_ary = array_unique(explode("\n", $names)); $group_name = $group_helper->get_name($group_row['group_name']); $default = $request->variable('default', 0); if (confirm_box(true)) { // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row)) { trigger_error($user->lang[$error] . $return_page); } trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); } else { $s_hidden_fields = array('default' => $default, 'usernames' => $names, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action); confirm_box(false, $user->lang('GROUP_CONFIRM_ADD_USERS', sizeof($name_ary), implode($user->lang['COMMA_SEPARATOR'], $name_ary)), build_hidden_fields($s_hidden_fields)); } trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); break; default: $user->add_lang('acp/common'); $sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_desc, g.group_desc_uid, g.group_desc_bitfield, g.group_desc_options, g.group_type, ug.group_leader FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug WHERE ug.user_id = ' . $user->data['user_id'] . ' AND g.group_id = ug.group_id AND ug.group_leader = 1 ORDER BY g.group_type DESC, g.group_name'; $result = $db->sql_query($sql); while ($value = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array('GROUP_NAME' => $group_helper->get_name($value['group_name']), 'GROUP_DESC' => generate_text_for_display($value['group_desc'], $value['group_desc_uid'], $value['group_desc_bitfield'], $value['group_desc_options']), 'GROUP_TYPE' => $value['group_type'], 'GROUP_ID' => $value['group_id'], 'GROUP_COLOUR' => $value['group_colour'], 'U_LIST' => $this->u_action . "&action=list&g={$value['group_id']}", 'U_EDIT' => $this->u_action . "&action=edit&g={$value['group_id']}")); } $db->sql_freeresult($result); break; } break; } $this->tpl_name = 'ucp_groups_' . $mode; }
/** * Create a test group * @param array $record * @throws ErrorException if creating failed * @return int new group id */ public function create_group($record) { // Data validation $record['name'] = trim($record['name']); if ($ids = get_records_sql_array('SELECT id FROM {group} WHERE LOWER(TRIM(name)) = ?', array(strtolower($record['name'])))) { if (count($ids) > 1 || $ids[0]->id != $group_data->id) { throw new SystemException("Invalid group name '" . $record['name'] . "'. " . get_string('groupalreadyexists', 'group')); } } $record['owner'] = trim($record['owner']); $ids = get_records_sql_array('SELECT id FROM {usr} WHERE LOWER(TRIM(username)) = ?', array(strtolower($record['owner']))); if (!$ids || count($ids) > 1) { throw new SystemException("Invalid group owner '" . $record['owner'] . "'. The username does not exist or duplicated"); } $members = array($ids[0]->id => 'admin'); if (!empty($record['members'])) { foreach (explode(',', $record['members']) as $membername) { $ids = get_records_sql_array('SELECT id FROM {usr} WHERE LOWER(TRIM(username)) = ?', array(strtolower(trim($membername)))); if (!$ids || count($ids) > 1) { throw new SystemException("Invalid group member '" . $membername . "'. The username does not exist or duplicated"); } $members[$ids[0]->id] = 'member'; } } if (!empty($record['staff'])) { foreach (explode(',', $record['staff']) as $membername) { $ids = get_records_sql_array('SELECT id FROM {usr} WHERE LOWER(TRIM(username)) = ?', array(strtolower(trim($membername)))); if (!$ids || count($ids) > 1) { throw new SystemException("Invalid group staff '" . $membername . "'. The username does not exist or duplicated"); } $members[$ids[0]->id] = 'staff'; } } if (!empty($record['admins'])) { foreach (explode(',', $record['admins']) as $membername) { $ids = get_records_sql_array('SELECT id FROM {usr} WHERE LOWER(TRIM(username)) = ?', array(strtolower(trim($membername)))); if (!$ids || count($ids) > 1) { throw new SystemException("Invalid group admin '" . $membername . "'. The username does not exist or duplicated"); } $members[$ids[0]->id] = 'admin'; } } $availablegrouptypes = group_get_grouptypes(); if (!in_array($record['grouptype'], $availablegrouptypes)) { throw new SystemException("Invalid grouptype '" . $record['grouptype'] . "'. This grouptype does not exist.\n" . "The available grouptypes are " . join(', ', $availablegrouptypes)); } $availablegroupeditroles = array_keys(group_get_editroles_options()); if (!in_array($record['editroles'], $availablegroupeditroles)) { throw new SystemException("Invalid group editroles '" . $record['editroles'] . "'. This edit role does not exist.\n" . "The available group editroles are " . join(', ', $availablegroupeditroles)); } if (!empty($record['open'])) { if (!empty($record['controlled'])) { throw new SystemException('Invalid group membership setting. ' . get_string('membershipopencontrolled', 'group')); } if (!empty($record['request'])) { throw new SystemException('Invalid group membership setting. ' . get_string('membershipopenrequest', 'group')); } } if (!empty($record['invitefriends']) && !empty($record['suggestfriends'])) { throw new SystemException('Invalid friend invitation setting. ' . get_string('suggestinvitefriends', 'group')); } if (!empty($record['suggestfriends']) && empty($record['open']) && empty($record['request'])) { throw new SystemException('Invalid friend invitation setting. ' . get_string('suggestfriendsrequesterror', 'group')); } if (!empty($record['editwindowstart']) && !empty($record['editwindowend']) && $record['editwindowstart'] >= $record['editwindowend']) { throw new SystemException('Invalid group editability setting. ' . get_string('editwindowendbeforestart', 'group')); } $group_data = array('id' => null, 'name' => $record['name'], 'description' => isset($record['description']) ? $record['description'] : null, 'grouptype' => $record['grouptype'], 'open' => isset($record['open']) ? $record['open'] : 1, 'controlled' => isset($record['controlled']) ? $record['controlled'] : 0, 'request' => isset($record['request']) ? $record['request'] : 0, 'invitefriends' => isset($record['invitefriends']) ? $record['invitefriends'] : 0, 'suggestfriends' => isset($record['suggestfriends']) ? $record['suggestfriends'] : 0, 'category' => null, 'public' => 0, 'usersautoadded' => 0, 'viewnotify' => GROUP_ROLES_ALL, 'submittableto' => isset($record['submittableto']) ? $record['submittableto'] : 0, 'allowarchives' => isset($record['allowarchives']) ? $record['allowarchives'] : 0, 'editroles' => isset($record['editroles']) ? $record['editroles'] : 'all', 'hidden' => 0, 'hidemembers' => 0, 'hidemembersfrommembers' => 0, 'groupparticipationreports' => 0, 'urlid' => null, 'editwindowstart' => isset($record['editwindowstart']) ? $record['editwindowstart'] : null, 'editwindowend' => isset($record['editwindowend']) ? $record['editwindowend'] : null, 'sendnow' => 0, 'feedbacknotify' => GROUP_ROLES_ALL, 'members' => $members); // Create a new group db_begin(); $group_data['id'] = group_create($group_data); db_commit(); $this->groupcount++; return $group_data['id']; }
function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx; global $request, $phpbb_container, $phpbb_dispatcher; $user->add_lang('acp/groups'); $this->tpl_name = 'acp_groups'; $this->page_title = 'ACP_GROUPS_MANAGE'; $form_key = 'acp_groups'; add_form_key($form_key); if ($mode == 'position') { $this->manage_position(); return; } if (!function_exists('group_user_attributes')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } // Check and set some common vars $action = isset($_POST['add']) ? 'add' : (isset($_POST['addusers']) ? 'addusers' : $request->variable('action', '')); $group_id = $request->variable('g', 0); $mark_ary = $request->variable('mark', array(0)); $name_ary = $request->variable('usernames', '', true); $leader = $request->variable('leader', 0); $default = $request->variable('default', 0); $start = $request->variable('start', 0); $update = isset($_POST['update']) ? true : false; /** @var \phpbb\group\helper $group_helper */ $group_helper = $phpbb_container->get('group_helper'); // Clear some vars $group_row = array(); // Grab basic data for group, if group_id is set and exists if ($group_id) { $sql = 'SELECT g.*, t.teampage_position AS group_teampage FROM ' . GROUPS_TABLE . ' g LEFT JOIN ' . TEAMPAGE_TABLE . ' t ON (t.group_id = g.group_id) WHERE g.group_id = ' . $group_id; $result = $db->sql_query($sql); $group_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$group_row) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } // Check if the user is allowed to manage this group if set to founder only. if ($user->data['user_type'] != USER_FOUNDER && $group_row['group_founder_manage']) { trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } } // Which page? switch ($action) { case 'approve': case 'demote': case 'promote': if (!check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } // Approve, demote or promote $group_name = $group_helper->get_name($group_row['group_name']); $error = group_user_attributes($action, $group_id, $mark_ary, false, $group_name); if (!$error) { switch ($action) { case 'demote': $message = 'GROUP_MODS_DEMOTED'; break; case 'promote': $message = 'GROUP_MODS_PROMOTED'; break; case 'approve': $message = 'USERS_APPROVED'; break; } trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); } else { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } break; case 'default': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if (empty($mark_ary)) { trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } } if (confirm_box(true)) { $group_name = $group_helper->get_name($group_row['group_name']); group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'set_default_on_all': if (confirm_box(true)) { $group_name = $group_helper->get_name($group_row['group_name']); $start = 0; do { $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\t\tORDER BY user_id"; $result = $db->sql_query_limit($sql, 200, $start); $mark_ary = array(); if ($row = $db->sql_fetchrow($result)) { do { $mark_ary[] = $row['user_id']; } while ($row = $db->sql_fetchrow($result)); group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); $start = sizeof($mark_ary) < 200 ? 0 : $start + 200; } else { $start = 0; } $db->sql_freeresult($result); } while ($start); trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'deleteusers': if (empty($mark_ary)) { trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } case 'delete': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if ($action === 'delete' && $group_row['group_type'] == GROUP_SPECIAL) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } } if (confirm_box(true)) { $error = ''; switch ($action) { case 'delete': if (!$auth->acl_get('a_groupdel')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $error = group_delete($group_id, $group_row['group_name']); break; case 'deleteusers': $group_name = $group_helper->get_name($group_row['group_name']); $error = group_user_del($group_id, $mark_ary, false, $group_name); break; } $back_link = $action == 'delete' ? $this->u_action : $this->u_action . '&action=list&g=' . $group_id; if ($error) { trigger_error($user->lang[$error] . adm_back_link($back_link), E_USER_WARNING); } $message = $action == 'delete' ? 'GROUP_DELETED' : 'GROUP_USERS_REMOVE'; trigger_error($user->lang[$message] . adm_back_link($back_link)); } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('mark' => $mark_ary, 'g' => $group_id, 'i' => $id, 'mode' => $mode, 'action' => $action))); } break; case 'addusers': if (!check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!$name_ary) { trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } $name_ary = array_unique(explode("\n", $name_ary)); $group_name = $group_helper->get_name($group_row['group_name']); // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, $leader, 0, $group_row)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } $message = $leader ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED'; trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); break; case 'edit': case 'add': if (!function_exists('display_forums')) { include $phpbb_root_path . 'includes/functions_display.' . $phpEx; } if ($action == 'edit' && !$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } if ($action == 'add' && !$auth->acl_get('a_groupadd')) { trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } $error = array(); $user->add_lang('ucp'); // Setup avatar data for later $avatars_enabled = false; $avatar_drivers = null; $avatar_data = null; $avatar_error = array(); if ($config['allow_avatar']) { /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the group_ prefix $avatar_data = \phpbb\avatar\manager::clean_row($group_row, 'group'); if (!isset($avatar_data['id'])) { $avatar_data['id'] = 'g' . $group_id; } } if ($request->is_set_post('avatar_delete')) { if (confirm_box(true)) { $avatar_data['id'] = substr($avatar_data['id'], 1); $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, GROUPS_TABLE, 'group_'); $message = $action == 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED'; trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } else { confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array('avatar_delete' => true, 'i' => $id, 'mode' => $mode, 'g' => $group_id, 'action' => $action))); } } // Did we submit? if ($update) { if (!check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $group_name = $request->variable('group_name', '', true); $group_desc = $request->variable('group_desc', '', true); $group_type = $request->variable('group_type', GROUP_FREE); $allow_desc_bbcode = $request->variable('desc_parse_bbcode', false); $allow_desc_urls = $request->variable('desc_parse_urls', false); $allow_desc_smilies = $request->variable('desc_parse_smilies', false); $submit_ary = array('colour' => $request->variable('group_colour', ''), 'rank' => $request->variable('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, 'legend' => isset($_REQUEST['group_legend']) ? 1 : 0, 'teampage' => isset($_REQUEST['group_teampage']) ? 1 : 0, 'message_limit' => $request->variable('group_message_limit', 0), 'max_recipients' => $request->variable('group_max_recipients', 0), 'founder_manage' => 0, 'skip_auth' => $request->variable('group_skip_auth', 0)); if ($user->data['user_type'] == USER_FOUNDER) { $submit_ary['founder_manage'] = isset($_REQUEST['group_founder_manage']) ? 1 : 0; } if ($config['allow_avatar']) { // Handle avatar $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) { $driver = $phpbb_avatar_manager->get_driver($driver_name); $result = $driver->process_form($request, $template, $user, $avatar_data, $avatar_error); if ($result && empty($avatar_error)) { $result['avatar_type'] = $driver_name; $submit_ary = array_merge($submit_ary, $result); } } else { $driver = $phpbb_avatar_manager->get_driver($avatar_data['avatar_type']); if ($driver) { $driver->delete($avatar_data); } // Removing the avatar $submit_ary['avatar_type'] = ''; $submit_ary['avatar'] = ''; $submit_ary['avatar_width'] = 0; $submit_ary['avatar_height'] = 0; } // Merge any avatar errors into the primary error array $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } /* * Validate the length of "Maximum number of allowed recipients per * private message" setting. We use 16777215 as a maximum because it matches * MySQL unsigned mediumint maximum value which is the lowest amongst DBMSes * supported by phpBB3. Also validate the submitted colour value. */ $validation_checks = array('max_recipients' => array('num', false, 0, 16777215), 'colour' => array('hex_colour', true)); /** * Request group data and operate on it * * @event core.acp_manage_group_request_data * @var string action Type of the action: add|edit * @var int group_id The group id * @var array group_row Array with new group data * @var array error Array of errors, if you add errors * ensure to update the template variables * S_ERROR and ERROR_MSG to display it * @var string group_name The group name * @var string group_desc The group description * @var int group_type The group type * @var bool allow_desc_bbcode Allow bbcode in group description: true|false * @var bool allow_desc_urls Allow urls in group description: true|false * @var bool allow_desc_smilies Allow smiles in group description: true|false * @var array submit_ary Array with new group data * @var array validation_checks Array with validation data * @since 3.1.0-b5 */ $vars = array('action', 'group_id', 'group_row', 'error', 'group_name', 'group_desc', 'group_type', 'allow_desc_bbcode', 'allow_desc_urls', 'allow_desc_smilies', 'submit_ary', 'validation_checks'); extract($phpbb_dispatcher->trigger_event('core.acp_manage_group_request_data', compact($vars))); if ($validation_error = validate_data($submit_ary, $validation_checks)) { // Replace "error" string with its real, localised form $error = array_merge($error, $validation_error); } if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. // However there are some attributes that need to be set everytime, // otherwise the group gets removed from the feature. $set_attributes = array('legend', 'teampage'); $group_attributes = array(); $test_variables = array('rank' => 'int', 'colour' => 'string', 'avatar' => 'string', 'avatar_type' => 'string', 'avatar_width' => 'int', 'avatar_height' => 'int', 'receive_pm' => 'int', 'legend' => 'int', 'teampage' => 'int', 'message_limit' => 'int', 'max_recipients' => 'int', 'founder_manage' => 'int', 'skip_auth' => 'int'); /** * Initialise data before we display the add/edit form * * @event core.acp_manage_group_initialise_data * @var string action Type of the action: add|edit * @var int group_id The group id * @var array group_row Array with new group data * @var array error Array of errors, if you add errors * ensure to update the template variables * S_ERROR and ERROR_MSG to display it * @var string group_name The group name * @var string group_desc The group description * @var int group_type The group type * @var bool allow_desc_bbcode Allow bbcode in group description: true|false * @var bool allow_desc_urls Allow urls in group description: true|false * @var bool allow_desc_smilies Allow smiles in group description: true|false * @var array submit_ary Array with new group data * @var array test_variables Array with variables for test * @since 3.1.0-b5 */ $vars = array('action', 'group_id', 'group_row', 'error', 'group_name', 'group_desc', 'group_type', 'allow_desc_bbcode', 'allow_desc_urls', 'allow_desc_smilies', 'submit_ary', 'test_variables'); extract($phpbb_dispatcher->trigger_event('core.acp_manage_group_initialise_data', compact($vars))); foreach ($test_variables as $test => $type) { if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test] || isset($group_attributes['group_avatar']) && strpos($test, 'avatar') === 0 || in_array($test, $set_attributes))) { settype($submit_ary[$test], $type); $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; } } if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) { $group_perm_from = $request->variable('group_perm_from', 0); // Copy permissions? // If the user has the a_authgroups permission and at least one additional permission ability set the permissions are fully transferred. // We do not limit on one auth category because this can lead to incomplete permissions being tricky to fix for the admin, roles being assigned or added non-default permissions. // Since the user only has the option to copy permissions from non leader managed groups this seems to be a good compromise. if ($group_perm_from && $action == 'add' && $auth->acl_get('a_authgroups') && $auth->acl_gets('a_aauth', 'a_fauth', 'a_mauth', 'a_uauth')) { $sql = 'SELECT group_founder_manage FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $group_perm_from; $result = $db->sql_query($sql); $check_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Check the group if non-founder if ($check_row && ($user->data['user_type'] == USER_FOUNDER || $check_row['group_founder_manage'] == 0)) { // From the mysql documentation: // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. // Due to this we stay on the safe side if we do the insertion "the manual way" // Copy permisisons from/to the acl groups table (only group_id gets changed) $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting FROM ' . ACL_GROUPS_TABLE . ' WHERE group_id = ' . $group_perm_from; $result = $db->sql_query($sql); $groups_sql_ary = array(); while ($row = $db->sql_fetchrow($result)) { $groups_sql_ary[] = array('group_id' => (int) $group_id, 'forum_id' => (int) $row['forum_id'], 'auth_option_id' => (int) $row['auth_option_id'], 'auth_role_id' => (int) $row['auth_role_id'], 'auth_setting' => (int) $row['auth_setting']); } $db->sql_freeresult($result); // Now insert the data $db->sql_multi_insert(ACL_GROUPS_TABLE, $groups_sql_ary); $auth->acl_clear_prefetch(); } } $cache->destroy('sql', array(GROUPS_TABLE, TEAMPAGE_TABLE)); $message = $action == 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED'; trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } } if (sizeof($error)) { $error = array_map(array(&$user, 'lang'), $error); $group_rank = $submit_ary['rank']; $group_desc_data = array('text' => $group_desc, 'allow_bbcode' => $allow_desc_bbcode, 'allow_smilies' => $allow_desc_smilies, 'allow_urls' => $allow_desc_urls); } } else { if (!$group_id) { $group_name = $request->variable('group_name', '', true); $group_desc_data = array('text' => '', 'allow_bbcode' => true, 'allow_smilies' => true, 'allow_urls' => true); $group_rank = 0; $group_type = GROUP_OPEN; } else { $group_name = $group_row['group_name']; $group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']); $group_type = $group_row['group_type']; $group_rank = $group_row['group_rank']; } } $sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $result = $db->sql_query($sql); $rank_options = '<option value="0"' . (!$group_rank ? ' selected="selected"' : '') . '>' . $user->lang['USER_DEFAULT'] . '</option>'; while ($row = $db->sql_fetchrow($result)) { $selected = $group_rank && $row['rank_id'] == $group_rank ? ' selected="selected"' : ''; $rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>'; } $db->sql_freeresult($result); $type_free = $group_type == GROUP_FREE ? ' checked="checked"' : ''; $type_open = $group_type == GROUP_OPEN ? ' checked="checked"' : ''; $type_closed = $group_type == GROUP_CLOSED ? ' checked="checked"' : ''; $type_hidden = $group_type == GROUP_HIDDEN ? ' checked="checked"' : ''; // Load up stuff for avatars if ($config['allow_avatar']) { $avatars_enabled = false; $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type'])); foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); $avatars_enabled = true; $template->set_filenames(array('avatar' => $driver->get_acp_template_name())); if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error)) { $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver); $driver_upper = strtoupper($driver_name); $template->assign_block_vars('avatar_drivers', array('L_TITLE' => $user->lang($driver_upper . '_TITLE'), 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'), 'DRIVER' => $driver_name, 'SELECTED' => $current_driver == $selected_driver, 'OUTPUT' => $template->assign_display('avatar'))); } } } $avatar = phpbb_get_group_avatar($group_row, 'GROUP_AVATAR', true); if (isset($phpbb_avatar_manager) && !$update) { // Merge any avatar errors into the primary error array $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } $back_link = $request->variable('back_link', ''); switch ($back_link) { case 'acp_users_groups': $u_back = append_sid("{$phpbb_admin_path}index.{$phpEx}", 'i=users&mode=groups&u=' . $request->variable('u', 0)); break; default: $u_back = $this->u_action; break; } $template->assign_vars(array('S_EDIT' => true, 'S_ADD_GROUP' => $action == 'add' ? true : false, 'S_GROUP_PERM' => $action == 'add' && $auth->acl_get('a_authgroups') && $auth->acl_gets('a_aauth', 'a_fauth', 'a_mauth', 'a_uauth') ? true : false, 'S_INCLUDE_SWATCH' => true, 'S_ERROR' => sizeof($error) ? true : false, 'S_SPECIAL_GROUP' => $group_type == GROUP_SPECIAL ? true : false, 'S_USER_FOUNDER' => $user->data['user_type'] == USER_FOUNDER ? true : false, 'S_AVATARS_ENABLED' => $config['allow_avatar'] && $avatars_enabled, 'ERROR_MSG' => sizeof($error) ? implode('<br />', $error) : '', 'GROUP_NAME' => $group_helper->get_name($group_name), 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_DESC' => $group_desc_data['text'], 'GROUP_RECEIVE_PM' => isset($group_row['group_receive_pm']) && $group_row['group_receive_pm'] ? ' checked="checked"' : '', 'GROUP_FOUNDER_MANAGE' => isset($group_row['group_founder_manage']) && $group_row['group_founder_manage'] ? ' checked="checked"' : '', 'GROUP_LEGEND' => isset($group_row['group_legend']) && $group_row['group_legend'] ? ' checked="checked"' : '', 'GROUP_TEAMPAGE' => isset($group_row['group_teampage']) && $group_row['group_teampage'] ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => isset($group_row['group_message_limit']) ? $group_row['group_message_limit'] : 0, 'GROUP_MAX_RECIPIENTS' => isset($group_row['group_max_recipients']) ? $group_row['group_max_recipients'] : 0, 'GROUP_COLOUR' => isset($group_row['group_colour']) ? $group_row['group_colour'] : '', 'GROUP_SKIP_AUTH' => !empty($group_row['group_skip_auth']) ? ' checked="checked"' : '', 'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'], 'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'], 'S_DESC_SMILIES_CHECKED' => $group_desc_data['allow_smilies'], 'S_RANK_OPTIONS' => $rank_options, 'S_GROUP_OPTIONS' => group_select_options(false, false, $user->data['user_type'] == USER_FOUNDER ? false : 0), 'AVATAR' => empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar, 'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'], 'AVATAR_WIDTH' => isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '', 'AVATAR_HEIGHT' => isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '', 'GROUP_TYPE_FREE' => GROUP_FREE, 'GROUP_TYPE_OPEN' => GROUP_OPEN, 'GROUP_TYPE_CLOSED' => GROUP_CLOSED, 'GROUP_TYPE_HIDDEN' => GROUP_HIDDEN, 'GROUP_TYPE_SPECIAL' => GROUP_SPECIAL, 'GROUP_FREE' => $type_free, 'GROUP_OPEN' => $type_open, 'GROUP_CLOSED' => $type_closed, 'GROUP_HIDDEN' => $type_hidden, 'U_BACK' => $u_back, 'U_ACTION' => "{$this->u_action}&action={$action}&g={$group_id}", 'L_AVATAR_EXPLAIN' => phpbb_avatar_explanation_string())); /** * Modify group template data before we display the form * * @event core.acp_manage_group_display_form * @var string action Type of the action: add|edit * @var bool update Do we display the form only * or did the user press submit * @var int group_id The group id * @var array group_row Array with new group data * @var string group_name The group name * @var int group_type The group type * @var array group_desc_data The group description data * @var string group_rank The group rank * @var string rank_options The rank options * @var array error Array of errors, if you add errors * ensure to update the template variables * S_ERROR and ERROR_MSG to display it * @since 3.1.0-b5 */ $vars = array('action', 'update', 'group_id', 'group_row', 'group_desc_data', 'group_name', 'group_type', 'group_rank', 'rank_options', 'error'); extract($phpbb_dispatcher->trigger_event('core.acp_manage_group_display_form', compact($vars))); return; break; case 'list': if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $this->page_title = 'GROUP_MEMBERS'; // Grab the leaders - always, on every page... $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_regdate, u.user_colour, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\tAND ug.group_leader = 1\n\t\t\t\t\tORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username_clean"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array('U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); // Total number of group members (non-leaders) $sql = 'SELECT COUNT(user_id) AS total_members FROM ' . USER_GROUP_TABLE . "\n\t\t\t\t\tWHERE group_id = {$group_id}\n\t\t\t\t\t\tAND group_leader = 0"; $result = $db->sql_query($sql); $total_members = (int) $db->sql_fetchfield('total_members'); $db->sql_freeresult($result); $s_action_options = ''; $options = array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'demote' => 'DEMOTE', 'promote' => 'PROMOTE', 'deleteusers' => 'DELETE'); foreach ($options as $option => $lang) { $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } $base_url = $this->u_action . "&action={$action}&g={$group_id}"; $pagination->generate_template_pagination($base_url, 'pagination', 'start', $total_members, $config['topics_per_page'], $start); $template->assign_vars(array('S_LIST' => true, 'S_GROUP_SPECIAL' => $group_row['group_type'] == GROUP_SPECIAL ? true : false, 'S_ACTION_OPTIONS' => $s_action_options, 'GROUP_NAME' => $group_helper->get_name($group_row['group_name']), 'U_ACTION' => $this->u_action . "&g={$group_id}", 'U_BACK' => $this->u_action, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=searchuser&form=list&field=usernames'), 'U_DEFAULT_ALL' => "{$this->u_action}&action=set_default_on_all&g={$group_id}")); // Grab the members $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug\n\t\t\t\t\tWHERE ug.group_id = {$group_id}\n\t\t\t\t\t\tAND u.user_id = ug.user_id\n\t\t\t\t\t\tAND ug.group_leader = 0\n\t\t\t\t\tORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username_clean"; $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); $pending = false; while ($row = $db->sql_fetchrow($result)) { if ($row['user_pending'] && !$pending) { $template->assign_block_vars('member', array('S_PENDING' => true)); $pending = true; } $template->assign_block_vars('member', array('U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.{$phpEx}", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'USERNAME_COLOUR' => $row['user_colour'], 'S_GROUP_DEFAULT' => $row['group_id'] == $group_id ? true : false, 'JOINED' => $row['user_regdate'] ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], 'USER_ID' => $row['user_id'])); } $db->sql_freeresult($result); return; break; } $template->assign_vars(array('U_ACTION' => $this->u_action, 'S_GROUP_ADD' => $auth->acl_get('a_groupadd') ? true : false)); // Get us all the groups $sql = 'SELECT g.group_id, g.group_name, g.group_type FROM ' . GROUPS_TABLE . ' g ORDER BY g.group_type ASC, g.group_name'; $result = $db->sql_query($sql); $lookup = $cached_group_data = array(); while ($row = $db->sql_fetchrow($result)) { $type = $row['group_type'] == GROUP_SPECIAL ? 'special' : 'normal'; // used to determine what type a group is $lookup[$row['group_id']] = $type; // used for easy access to the data within a group $cached_group_data[$type][$row['group_id']] = $row; $cached_group_data[$type][$row['group_id']]['total_members'] = 0; } $db->sql_freeresult($result); // How many people are in which group? $sql = 'SELECT COUNT(ug.user_id) AS total_members, ug.group_id FROM ' . USER_GROUP_TABLE . ' ug WHERE ' . $db->sql_in_set('ug.group_id', array_keys($lookup)) . ' GROUP BY ug.group_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $type = $lookup[$row['group_id']]; $cached_group_data[$type][$row['group_id']]['total_members'] = $row['total_members']; } $db->sql_freeresult($result); // The order is... normal, then special ksort($cached_group_data); foreach ($cached_group_data as $type => $row_ary) { if ($type == 'special') { $template->assign_block_vars('groups', array('S_SPECIAL' => true)); } foreach ($row_ary as $group_id => $row) { $group_name = !empty($user->lang['G_' . $row['group_name']]) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; $template->assign_block_vars('groups', array('U_LIST' => "{$this->u_action}&action=list&g={$group_id}", 'U_EDIT' => "{$this->u_action}&action=edit&g={$group_id}", 'U_DELETE' => $auth->acl_get('a_groupdel') ? "{$this->u_action}&action=delete&g={$group_id}" : '', 'S_GROUP_SPECIAL' => $row['group_type'] == GROUP_SPECIAL ? true : false, 'GROUP_NAME' => $group_name, 'TOTAL_MEMBERS' => $row['total_members'])); } } }
$header['title'] = '用户组管理'; $grouplist = group_find(); $maxgid = group_maxid(); include "./admin/view/group_list.htm"; // 用户组更新 } elseif ($action == 'create') { $gid = param(2, 0); $group = group_read($gid); $group and message(-1, '用户组已经存在!'); $name = param('name'); $agreesfrom = param('agreesfrom', 0); $agreesto = param('agreesto', 0); $maxagrees = param('maxagrees', 0); empty($name) and message(1, '用户组名称不能为空'); $arr = array('gid' => $gid, 'name' => $name, 'agreesfrom' => $agreesfrom, 'agreesto' => $agreesto, 'maxagrees' => $maxagrees); $r = group_create($arr); $r !== FALSE ? message(0, '创建成功') : message(-1, '创建失败'); // 用户组更新 } elseif ($action == 'update') { $gid = param(2, 0); $group = group_read($gid); if ($method == 'GET') { empty($group) and message(1, '用户组不存在'); include './admin/view/group_update.htm'; } else { // 两种情况的提交 list/update $name = param('name'); $agreesfrom = param('agreesfrom', 0); $agreesto = param('agreesto', 0); $maxagrees = param('maxagrees', 0); // 标示是不是更新详情