/** * Uses membergroupsById to return the group information of a single group * * @package Membergroups * @param int $group_id * @param bool $detailed * @param bool $assignable */ function membergroupById($group_id, $detailed = false, $assignable = false) { $groups = membergroupsById(array($group_id), 1, $detailed, $assignable); if (isset($groups[$group_id])) { return $groups[$group_id]; } else { return false; } }
/** * This function actually makes all the group changes * * @return string */ public function action_groupMembership2() { global $context, $user_profile, $modSettings, $scripturl, $language; $db = database(); $memID = currentMemberID(); // Let's be extra cautious... if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership'])) { isAllowedTo('manage_membergroups'); } if (!isset($_REQUEST['gid']) && !isset($_POST['primary'])) { fatal_lang_error('no_access', false); } checkSession(isset($_GET['gid']) ? 'get' : 'post'); require_once SUBSDIR . '/Membergroups.subs.php'; $old_profile =& $user_profile[$memID]; $context['can_manage_membergroups'] = allowedTo('manage_membergroups'); $context['can_manage_protected'] = allowedTo('admin_forum'); // By default the new primary is the old one. $newPrimary = $old_profile['id_group']; $addGroups = array_flip(explode(',', $old_profile['additional_groups'])); $canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0; $changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free'); // One way or another, we have a target group in mind... $group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary']; $foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false; // Sanity check!! if ($group_id == 1) { isAllowedTo('admin_forum'); } // What ever we are doing, we need to determine if changing primary is possible! $groups_details = membergroupsById(array($group_id, $old_profile['id_group']), 0, true); // Protected groups require proper permissions! if ($group_id != 1 && $groups_details[$group_id]['group_type'] == 1) { isAllowedTo('admin_forum'); } foreach ($groups_details as $key => $row) { // Is this the new group? if ($row['id_group'] == $group_id) { $foundTarget = true; $group_name = $row['group_name']; // Does the group type match what we're doing - are we trying to request a non-requestable group? if ($changeType == 'request' && $row['group_type'] != 2) { fatal_lang_error('no_access', false); } elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']])) { fatal_lang_error('no_access', false); } elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2) { fatal_lang_error('no_access', false); } // We can't change the primary group if this is hidden! if ($row['hidden'] == 2) { $canChangePrimary = false; } } // If this is their old primary, can we change it? if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false) { $canChangePrimary = 1; } // If we are not doing a force primary move, don't do it automatically if current primary is not 0. if ($changeType != 'primary' && $old_profile['id_group'] != 0) { $canChangePrimary = false; } // If this is the one we are acting on, can we even act? if (!$context['can_manage_protected'] && $row['group_type'] == 1 || !$context['can_manage_membergroups'] && $row['group_type'] == 0) { $canChangePrimary = false; } } // Didn't find the target? if (!$foundTarget) { fatal_lang_error('no_access', false); } // Final security check, don't allow users to promote themselves to admin. if ($context['can_manage_membergroups'] && !allowedTo('admin_forum')) { $request = $db->query('', ' SELECT COUNT(permission) FROM {db_prefix}permissions WHERE id_group = {int:selected_group} AND permission = {string:admin_forum} AND add_deny = {int:not_denied}', array('selected_group' => $group_id, 'not_denied' => 1, 'admin_forum' => 'admin_forum')); list($disallow) = $db->fetch_row($request); $db->free_result($request); if ($disallow) { isAllowedTo('admin_forum'); } } // If we're requesting, add the note then return. if ($changeType == 'request') { $request = $db->query('', ' SELECT id_member FROM {db_prefix}log_group_requests WHERE id_member = {int:selected_member} AND id_group = {int:selected_group}', array('selected_member' => $memID, 'selected_group' => $group_id)); if ($db->num_rows($request) != 0) { fatal_lang_error('profile_error_already_requested_group'); } $db->free_result($request); // Log the request. $db->insert('', '{db_prefix}log_group_requests', array('id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534'), array($memID, $group_id, time(), $_POST['reason']), array('id_request')); // Send an email to all group moderators etc. require_once SUBSDIR . '/Mail.subs.php'; // Do we have any group moderators? $request = $db->query('', ' SELECT id_member FROM {db_prefix}group_moderators WHERE id_group = {int:selected_group}', array('selected_group' => $group_id)); $moderators = array(); while ($row = $db->fetch_assoc($request)) { $moderators[] = $row['id_member']; } $db->free_result($request); // Otherwise this is the backup! if (empty($moderators)) { require_once SUBSDIR . '/Members.subs.php'; $moderators = membersAllowedTo('manage_membergroups'); } if (!empty($moderators)) { require_once SUBSDIR . '/Members.subs.php'; $members = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile')); foreach ($members as $member) { if ($member['notify_types'] != 4) { continue; } // Check whether they are interested. if (!empty($member['mod_prefs'])) { list(, , $pref_binary) = explode('|', $member['mod_prefs']); if (!($pref_binary & 4)) { continue; } } $replacements = array('RECPNAME' => $member['member_name'], 'APPYNAME' => $old_profile['member_name'], 'GROUPNAME' => $group_name, 'REASON' => $_POST['reason'], 'MODLINK' => $scripturl . '?action=moderate;area=groups;sa=requests'); $emaildata = loadEmailTemplate('request_membership', $replacements, empty($member['lngfile']) || empty($modSettings['userLanguage']) ? $language : $member['lngfile']); sendmail($member['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } } return $changeType; } elseif ($changeType == 'free') { // Are we leaving? if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id])) { if ($old_profile['id_group'] == $group_id) { $newPrimary = 0; } else { unset($addGroups[$group_id]); } } else { // Can we change the primary, and do we want to? if ($canChangePrimary) { if ($old_profile['id_group'] != 0) { $addGroups[$old_profile['id_group']] = -1; } $newPrimary = $group_id; } else { $addGroups[$group_id] = -1; } } } elseif ($canChangePrimary) { if ($old_profile['id_group'] != 0) { $addGroups[$old_profile['id_group']] = -1; } if (isset($addGroups[$group_id])) { unset($addGroups[$group_id]); } $newPrimary = $group_id; } // Finally, we can make the changes! foreach ($addGroups as $id => $dummy) { if (empty($id)) { unset($addGroups[$id]); } } $addGroups = implode(',', array_flip($addGroups)); // Ensure that we don't cache permissions if the group is changing. if ($context['user']['is_owner']) { $_SESSION['mc']['time'] = 0; } else { updateSettings(array('settings_updated' => time())); } updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups)); return $changeType; }