Esempio n. 1
0
function SetQuickGroups()
{
    global $db_prefix, $context;
    checkSession();
    loadIllegalPermissions();
    // Make sure only one of the quick options was selected.
    if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) {
        fatal_lang_error('permissions_only_one_option', false);
    }
    if (empty($_POST['group']) || !is_array($_POST['group'])) {
        $_POST['group'] = array();
    }
    // Only accept numeric values for selected membergroups.
    foreach ($_POST['group'] as $id => $group_id) {
        $_POST['group'][$id] = (int) $group_id;
    }
    $_POST['group'] = array_unique($_POST['group']);
    if (empty($_REQUEST['boardid'])) {
        $_REQUEST['boardid'] = 0;
    } else {
        $_REQUEST['boardid'] = (int) $_REQUEST['boardid'];
    }
    if (isset($_POST['access'])) {
        foreach ($_POST['access'] as $k => $v) {
            $_POST['access'][$k] = (int) $v;
        }
        $access = implode(',', $_POST['access']);
    } else {
        $access = '';
    }
    db_query("\n\t\tUPDATE {$db_prefix}boards\n\t\tSET memberGroups = '{$access}'\n\t\tWHERE ID_BOARD = {$_REQUEST['boardid']}\n\t\tLIMIT 1", __FILE__, __LINE__);
    // No groups where selected.
    if (empty($_POST['group'])) {
        redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']);
    }
    // Set a predefined permission profile.
    if (!empty($_POST['predefined'])) {
        // Make sure it's a predefined permission set we expect.
        if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) {
            redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']);
        }
        foreach ($_POST['group'] as $group_id) {
            if (!empty($_REQUEST['boardid'])) {
                setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['boardid']);
            } else {
                setPermissionLevel($_POST['predefined'], $group_id);
            }
        }
    } elseif (isset($_POST['from_board']) && $_POST['from_board'] != 'empty') {
        // Just checking the input.
        if (!is_numeric($_POST['from_board'])) {
            redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']);
        }
        // Fetch all the board permissions for these groups.
        $request = db_query("\n\t\t\tSELECT ID_GROUP, permission, addDeny\n\t\t\tFROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = {$_POST['from_board']}\n\t\t\t\tAND ID_GROUP IN (" . implode(',', $_POST['group']) . ")", __FILE__, __LINE__);
        $target_perms = array();
        while ($row = mysql_fetch_assoc($request)) {
            $target_perms[] = "('{$row['permission']}', {$row['ID_GROUP']}, {$_REQUEST['boardid']}, {$row['addDeny']})";
        }
        mysql_free_result($request);
        // Delete the previous global board permissions...
        db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}", __FILE__, __LINE__);
        // And insert the copied permissions.
        if (!empty($target_perms)) {
            db_query("\n\t\t\t\tINSERT IGNORE INTO {$db_prefix}board_permissions\n\t\t\t\t\t(permission, ID_GROUP, ID_BOARD, addDeny)\n\t\t\t\tVALUES " . implode(',', $target_perms), __FILE__, __LINE__);
        }
    } elseif ($_POST['copy_from'] != 'empty') {
        // Just checking the input.
        if (!is_numeric($_POST['copy_from'])) {
            redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']);
        }
        // Make sure the group we're copying to is never included.
        $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
        // No groups left? Too bad.
        if (empty($_POST['group'])) {
            redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']);
        }
        if (empty($_REQUEST['boardid'])) {
            // Retrieve current permissions of group.
            $request = db_query("\n\t\t\t\tSELECT permission, addDeny\n\t\t\t\tFROM {$db_prefix}permissions\n\t\t\t\tWHERE ID_GROUP = {$_POST['copy_from']}", __FILE__, __LINE__);
            $target_perm = array();
            while ($row = mysql_fetch_assoc($request)) {
                $target_perm[$row['permission']] = $row['addDeny'];
            }
            mysql_free_result($request);
            $insert_string = '';
            foreach ($_POST['group'] as $group_id) {
                foreach ($target_perm as $perm => $addDeny) {
                    // No dodgy permissions please!
                    if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions'])) {
                        continue;
                    }
                    $insert_string .= "('{$perm}', {$group_id}, {$addDeny}),";
                }
            }
            // Delete the previous permissions...
            db_query("\n\t\t\t\tDELETE FROM {$db_prefix}permissions\n\t\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")" . (empty($context['illegal_permissions']) ? '' : "\n\t\t\t\t\tAND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__);
            if (!empty($insert_string)) {
                // Cut off the last comma.
                $insert_string = substr($insert_string, 0, -1);
                // ..and insert the new ones.
                db_query("\n\t\t\t\t\tINSERT IGNORE INTO {$db_prefix}permissions\n\t\t\t\t\t\t(permission, ID_GROUP, addDeny)\n\t\t\t\t\tVALUES {$insert_string}", __FILE__, __LINE__);
            }
        }
        // Now do the same for the board permissions.
        $request = db_query("\n\t\t\tSELECT permission, addDeny\n\t\t\tFROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_GROUP = {$_POST['copy_from']}\n\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}", __FILE__, __LINE__);
        $target_perm = array();
        while ($row = mysql_fetch_assoc($request)) {
            $target_perm[$row['permission']] = $row['addDeny'];
        }
        mysql_free_result($request);
        $insert_string = '';
        foreach ($_POST['group'] as $group_id) {
            foreach ($target_perm as $perm => $addDeny) {
                $insert_string .= "('{$perm}', {$group_id}, {$_REQUEST['boardid']}, {$addDeny}),";
            }
        }
        // Delete the previous global board permissions...
        db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}", __FILE__, __LINE__);
        // And insert the copied permissions.
        if (!empty($insert_string)) {
            $insert_string = substr($insert_string, 0, -1);
            db_query("\n\t\t\t\tINSERT IGNORE INTO {$db_prefix}board_permissions\n\t\t\t\t\t(permission, ID_GROUP, ID_BOARD, addDeny)\n\t\t\t\tVALUES {$insert_string}", __FILE__, __LINE__);
        }
    } elseif (!empty($_POST['permissions'])) {
        // Unpack two variables that were transported.
        list($permissionType, $permission) = explode('/', $_POST['permissions']);
        // Check whether our input is within expected range.
        if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) {
            redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']);
        }
        if ($_POST['add_remove'] == 'clear') {
            if ($permissionType == 'membergroup') {
                db_query("\n\t\t\t\t\tDELETE FROM {$db_prefix}permissions\n\t\t\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\t\t\tAND permission = '{$permission}'" . (empty($context['illegal_permissions']) ? '' : "\n\t\t\t\t\t\tAND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__);
            } else {
                db_query("\n\t\t\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}\n\t\t\t\t\t\tAND permission = '{$permission}'", __FILE__, __LINE__);
            }
        } else {
            $addDeny = $_POST['add_remove'] == 'add' ? '1' : '0';
            if ($permissionType == 'membergroup' && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) {
                db_query("\n\t\t\t\t\tREPLACE INTO {$db_prefix}permissions\n\t\t\t\t\t\t(permission, ID_GROUP, addDeny)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$permission}', " . implode(", {$addDeny}),\n\t\t\t\t\t\t('{$permission}', ", $_POST['group']) . ", {$addDeny})", __FILE__, __LINE__);
            } elseif ($permissionType != 'membergroup') {
                db_query("\n\t\t\t\t\tREPLACE INTO {$db_prefix}board_permissions\n\t\t\t\t\t\t(permission, ID_GROUP, ID_BOARD, addDeny)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$permission}', " . implode(", {$_REQUEST['boardid']}, {$addDeny}),\n\t\t\t\t\t\t('{$permission}', ", $_POST['group']) . ", {$_REQUEST['boardid']}, {$addDeny})", __FILE__, __LINE__);
            }
        }
    }
    // Don't allow guests to have certain permissions.
    db_query("\n\t\tDELETE FROM {$db_prefix}permissions\n\t\tWHERE ID_GROUP = -1 AND\n\t\t\t(permission = 'manage_membergroups'\n\t\t\tOR permission = 'manage_permissions'\n\t\t\tOR permission = 'admin_forum')", __FILE__, __LINE__);
    redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']);
}
Esempio n. 2
0
/**
 * This function handles adding a membergroup and setting some initial properties.
 * Called by ?action=admin;area=membergroups;sa=add.
 * It requires the manage_membergroups permission.
 * Allows to use a predefined permission profile or copy one from another group.
 * Redirects to action=admin;area=membergroups;sa=edit;group=x.
 *
 * @uses the new_group sub template of ManageMembergroups.
 */
function AddMembergroup()
{
    global $context, $txt, $sourcedir, $modSettings, $smcFunc;
    // A form was submitted, we can start adding.
    if (isset($_POST['group_name']) && trim($_POST['group_name']) != '') {
        checkSession();
        validateToken('admin-mmg');
        $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based']));
        $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type'];
        // @todo Check for members with same name too?
        $request = $smcFunc['db_query']('', '
			SELECT MAX(id_group)
			FROM {db_prefix}membergroups', array());
        list($id_group) = $smcFunc['db_fetch_row']($request);
        $smcFunc['db_free_result']($request);
        $id_group++;
        $smcFunc['db_insert']('', '{db_prefix}membergroups', array('id_group' => 'int', 'description' => 'string', 'group_name' => 'string-80', 'min_posts' => 'int', 'icons' => 'string', 'online_color' => 'string', 'group_type' => 'int'), array($id_group, '', $smcFunc['htmlspecialchars']($_POST['group_name'], ENT_QUOTES), $postCountBasedGroup ? (int) $_POST['min_posts'] : '-1', '1#star.png', '', $_POST['group_type']), array('id_group'));
        call_integration_hook('integrate_add_membergroup', array($id_group, $postCountBasedGroup));
        // Update the post groups now, if this is a post group!
        if (isset($_POST['min_posts'])) {
            updateStats('postgroups');
        }
        // You cannot set permissions for post groups if they are disabled.
        if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) {
            $_POST['perm_type'] = '';
        }
        if ($_POST['perm_type'] == 'predefined') {
            // Set default permission level.
            require_once $sourcedir . '/ManagePermissions.php';
            setPermissionLevel($_POST['level'], $id_group, 'null');
        } elseif ($_POST['perm_type'] == 'copy' || $_POST['perm_type'] == 'inherit') {
            $copy_id = $_POST['perm_type'] == 'copy' ? (int) $_POST['copyperm'] : (int) $_POST['inheritperm'];
            // Are you a powerful admin?
            if (!allowedTo('admin_forum')) {
                $request = $smcFunc['db_query']('', '
					SELECT group_type
					FROM {db_prefix}membergroups
					WHERE id_group = {int:copy_from}
					LIMIT {int:limit}', array('copy_from' => $copy_id, 'limit' => 1));
                list($copy_type) = $smcFunc['db_fetch_row']($request);
                $smcFunc['db_free_result']($request);
                // Protected groups are... well, protected!
                if ($copy_type == 1) {
                    fatal_lang_error('membergroup_does_not_exist');
                }
            }
            // Don't allow copying of a real priviledged person!
            require_once $sourcedir . '/ManagePermissions.php';
            loadIllegalPermissions();
            $request = $smcFunc['db_query']('', '
				SELECT permission, add_deny
				FROM {db_prefix}permissions
				WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id));
            $inserts = array();
            while ($row = $smcFunc['db_fetch_assoc']($request)) {
                if (empty($context['illegal_permissions']) || !in_array($row['permission'], $context['illegal_permissions'])) {
                    $inserts[] = array($id_group, $row['permission'], $row['add_deny']);
                }
            }
            $smcFunc['db_free_result']($request);
            if (!empty($inserts)) {
                $smcFunc['db_insert']('insert', '{db_prefix}permissions', array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'permission'));
            }
            $request = $smcFunc['db_query']('', '
				SELECT id_profile, permission, add_deny
				FROM {db_prefix}board_permissions
				WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id));
            $inserts = array();
            while ($row = $smcFunc['db_fetch_assoc']($request)) {
                $inserts[] = array($id_group, $row['id_profile'], $row['permission'], $row['add_deny']);
            }
            $smcFunc['db_free_result']($request);
            if (!empty($inserts)) {
                $smcFunc['db_insert']('insert', '{db_prefix}board_permissions', array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'id_profile', 'permission'));
            }
            // Also get some membergroup information if we're copying and not copying from guests...
            if ($copy_id > 0 && $_POST['perm_type'] == 'copy') {
                $request = $smcFunc['db_query']('', '
					SELECT online_color, max_messages, icons
					FROM {db_prefix}membergroups
					WHERE id_group = {int:copy_from}
					LIMIT 1', array('copy_from' => $copy_id));
                $group_info = $smcFunc['db_fetch_assoc']($request);
                $smcFunc['db_free_result']($request);
                // ...and update the new membergroup with it.
                $smcFunc['db_query']('', '
					UPDATE {db_prefix}membergroups
					SET
						online_color = {string:online_color},
						max_messages = {int:max_messages},
						icons = {string:icons}
					WHERE id_group = {int:current_group}', array('max_messages' => $group_info['max_messages'], 'current_group' => $id_group, 'online_color' => $group_info['online_color'], 'icons' => $group_info['icons']));
            } elseif ($_POST['perm_type'] == 'inherit') {
                $smcFunc['db_query']('', '
					UPDATE {db_prefix}membergroups
					SET id_parent = {int:copy_from}
					WHERE id_group = {int:current_group}', array('copy_from' => $copy_id, 'current_group' => $id_group));
            }
        }
        // Make sure all boards selected are stored in a proper array.
        $accesses = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
        $changed_boards['allow'] = array();
        $changed_boards['deny'] = array();
        $changed_boards['ignore'] = array();
        foreach ($accesses as $group_id => $action) {
            $changed_boards[$action][] = (int) $group_id;
        }
        foreach (array('allow', 'deny') as $board_action) {
            // Only do this if they have special access requirements.
            if (!empty($changed_boards[$board_action])) {
                $smcFunc['db_query']('', '
					UPDATE {db_prefix}boards
					SET {raw:column} = CASE WHEN {raw:column} = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT({raw:column}, {string:comma_group}) END
					WHERE id_board IN ({array_int:board_list})', array('board_list' => $changed_boards[$board_action], 'blank_string' => '', 'group_id_string' => (string) $id_group, 'comma_group' => ',' . $id_group, 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups'));
            }
        }
        // If this is joinable then set it to show group membership in people's profiles.
        if (empty($modSettings['show_group_membership']) && $_POST['group_type'] > 1) {
            updateSettings(array('show_group_membership' => 1));
        }
        // Rebuild the group cache.
        updateSettings(array('settings_updated' => time()));
        // We did it.
        logAction('add_group', array('group' => $_POST['group_name']), 'admin');
        // Go change some more settings.
        redirectexit('action=admin;area=membergroups;sa=edit;group=' . $id_group);
    }
    // Just show the 'add membergroup' screen.
    $context['page_title'] = $txt['membergroups_new_group'];
    $context['sub_template'] = 'new_group';
    $context['post_group'] = isset($_REQUEST['postgroup']);
    $context['undefined_group'] = !isset($_REQUEST['postgroup']) && !isset($_REQUEST['generalgroup']);
    $context['allow_protected'] = allowedTo('admin_forum');
    if (!empty($modSettings['deny_boards_access'])) {
        loadLanguage('ManagePermissions');
    }
    $result = $smcFunc['db_query']('', '
		SELECT id_group, group_name
		FROM {db_prefix}membergroups
		WHERE (id_group > {int:moderator_group} OR id_group = {int:global_mod_group})' . (empty($modSettings['permission_enable_postgroups']) ? '
			AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : '
			AND group_type != {int:is_protected}') . '
		ORDER BY min_posts, id_group != {int:global_mod_group}, group_name', array('moderator_group' => 3, 'global_mod_group' => 2, 'min_posts' => -1, 'is_protected' => 1));
    $context['groups'] = array();
    while ($row = $smcFunc['db_fetch_assoc']($result)) {
        $context['groups'][] = array('id' => $row['id_group'], 'name' => $row['group_name']);
    }
    $smcFunc['db_free_result']($result);
    $request = $smcFunc['db_query']('', '
		SELECT b.id_cat, c.name AS cat_name, b.id_board, b.name, b.child_level
		FROM {db_prefix}boards AS b
			LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
		ORDER BY board_order', array());
    $context['num_boards'] = $smcFunc['db_num_rows']($request);
    $context['categories'] = array();
    while ($row = $smcFunc['db_fetch_assoc']($request)) {
        // This category hasn't been set up yet..
        if (!isset($context['categories'][$row['id_cat']])) {
            $context['categories'][$row['id_cat']] = array('id' => $row['id_cat'], 'name' => $row['cat_name'], 'boards' => array());
        }
        // Set this board up, and let the template know when it's a child.  (indent them..)
        $context['categories'][$row['id_cat']]['boards'][$row['id_board']] = array('id' => $row['id_board'], 'name' => $row['name'], 'child_level' => $row['child_level'], 'allow' => false, 'deny' => false);
    }
    $smcFunc['db_free_result']($request);
    // Now, let's sort the list of categories into the boards for templates that like that.
    $temp_boards = array();
    foreach ($context['categories'] as $category) {
        $temp_boards[] = array('name' => $category['name'], 'child_ids' => array_keys($category['boards']));
        $temp_boards = array_merge($temp_boards, array_values($category['boards']));
        // Include a list of boards per category for easy toggling.
        $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
    }
    createToken('admin-mmg');
}
Esempio n. 3
0
function SetQuickGroups()
{
    global $context, $smcFunc;
    checkSession();
    loadIllegalPermissions();
    loadIllegalGuestPermissions();
    // Make sure only one of the quick options was selected.
    if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) {
        fatal_lang_error('permissions_only_one_option', false);
    }
    if (empty($_POST['group']) || !is_array($_POST['group'])) {
        $_POST['group'] = array();
    }
    // Only accept numeric values for selected membergroups.
    foreach ($_POST['group'] as $id => $group_id) {
        $_POST['group'][$id] = (int) $group_id;
    }
    $_POST['group'] = array_unique($_POST['group']);
    if (empty($_REQUEST['pid'])) {
        $_REQUEST['pid'] = 0;
    } else {
        $_REQUEST['pid'] = (int) $_REQUEST['pid'];
    }
    // Fix up the old global to the new default!
    $bid = max(1, $_REQUEST['pid']);
    // No modifying the predefined profiles.
    if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5) {
        fatal_lang_error('no_access', false);
    }
    // Clear out any cached authority.
    updateSettings(array('settings_updated' => time()));
    // No groups where selected.
    if (empty($_POST['group'])) {
        redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
    }
    // Set a predefined permission profile.
    if (!empty($_POST['predefined'])) {
        // Make sure it's a predefined permission set we expect.
        if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) {
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
        }
        foreach ($_POST['group'] as $group_id) {
            if (!empty($_REQUEST['pid'])) {
                setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
            } else {
                setPermissionLevel($_POST['predefined'], $group_id);
            }
        }
    } elseif ($_POST['copy_from'] != 'empty') {
        // Just checking the input.
        if (!is_numeric($_POST['copy_from'])) {
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
        }
        // Make sure the group we're copying to is never included.
        $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
        // No groups left? Too bad.
        if (empty($_POST['group'])) {
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
        }
        if (empty($_REQUEST['pid'])) {
            // Retrieve current permissions of group.
            $request = $smcFunc['db_query']('', '
				SELECT permission, add_deny
				FROM {db_prefix}permissions
				WHERE id_group = {int:copy_from}', array('copy_from' => $_POST['copy_from']));
            $target_perm = array();
            while ($row = $smcFunc['db_fetch_assoc']($request)) {
                $target_perm[$row['permission']] = $row['add_deny'];
            }
            $smcFunc['db_free_result']($request);
            $inserts = array();
            foreach ($_POST['group'] as $group_id) {
                foreach ($target_perm as $perm => $add_deny) {
                    // No dodgy permissions please!
                    if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions'])) {
                        continue;
                    }
                    if ($group_id == -1 && in_array($perm, $context['non_guest_permissions'])) {
                        continue;
                    }
                    if ($group_id != 1 && $group_id != 3) {
                        $inserts[] = array($perm, $group_id, $add_deny);
                    }
                }
            }
            // Delete the previous permissions...
            $smcFunc['db_query']('', '
				DELETE FROM {db_prefix}permissions
				WHERE id_group IN ({array_int:group_list})
					' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'), array('group_list' => $_POST['group'], 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array()));
            if (!empty($inserts)) {
                // ..and insert the new ones.
                $smcFunc['db_insert']('', '{db_prefix}permissions', array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'), $inserts, array('permission', 'id_group'));
            }
        }
        // Now do the same for the board permissions.
        $request = $smcFunc['db_query']('', '
			SELECT permission, add_deny
			FROM {db_prefix}board_permissions
			WHERE id_group = {int:copy_from}
				AND id_profile = {int:current_profile}', array('copy_from' => $_POST['copy_from'], 'current_profile' => $bid));
        $target_perm = array();
        while ($row = $smcFunc['db_fetch_assoc']($request)) {
            $target_perm[$row['permission']] = $row['add_deny'];
        }
        $smcFunc['db_free_result']($request);
        $inserts = array();
        foreach ($_POST['group'] as $group_id) {
            foreach ($target_perm as $perm => $add_deny) {
                // Are these for guests?
                if ($group_id == -1 && in_array($perm, $context['non_guest_permissions'])) {
                    continue;
                }
                $inserts[] = array($perm, $group_id, $bid, $add_deny);
            }
        }
        // Delete the previous global board permissions...
        $smcFunc['db_query']('', '
			DELETE FROM {db_prefix}board_permissions
			WHERE id_group IN ({array_int:current_group_list})
				AND id_profile = {int:current_profile}', array('current_group_list' => $_POST['group'], 'current_profile' => $bid));
        // And insert the copied permissions.
        if (!empty($inserts)) {
            // ..and insert the new ones.
            $smcFunc['db_insert']('', '{db_prefix}board_permissions', array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'), $inserts, array('permission', 'id_group', 'id_profile'));
        }
        // Update any children out there!
        updateChildPermissions($_POST['group'], $_REQUEST['pid']);
    } elseif (!empty($_POST['permissions'])) {
        // Unpack two variables that were transported.
        list($permissionType, $permission) = explode('/', $_POST['permissions']);
        // Check whether our input is within expected range.
        if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) {
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
        }
        if ($_POST['add_remove'] == 'clear') {
            if ($permissionType == 'membergroup') {
                $smcFunc['db_query']('', '
					DELETE FROM {db_prefix}permissions
					WHERE id_group IN ({array_int:current_group_list})
						AND permission = {string:current_permission}
						' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'), array('current_group_list' => $_POST['group'], 'current_permission' => $permission, 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array()));
            } else {
                $smcFunc['db_query']('', '
					DELETE FROM {db_prefix}board_permissions
					WHERE id_group IN ({array_int:current_group_list})
						AND id_profile = {int:current_profile}
						AND permission = {string:current_permission}', array('current_group_list' => $_POST['group'], 'current_profile' => $bid, 'current_permission' => $permission));
            }
        } else {
            $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
            $permChange = array();
            foreach ($_POST['group'] as $groupID) {
                if ($groupID == -1 && in_array($permission, $context['non_guest_permissions'])) {
                    continue;
                }
                if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) {
                    $permChange[] = array($permission, $groupID, $add_deny);
                } elseif ($permissionType != 'membergroup') {
                    $permChange[] = array($permission, $groupID, $bid, $add_deny);
                }
            }
            if (!empty($permChange)) {
                if ($permissionType == 'membergroup') {
                    $smcFunc['db_insert']('replace', '{db_prefix}permissions', array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'), $permChange, array('permission', 'id_group'));
                } else {
                    $smcFunc['db_insert']('replace', '{db_prefix}board_permissions', array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'), $permChange, array('permission', 'id_group', 'id_profile'));
                }
            }
        }
        // Another child update!
        updateChildPermissions($_POST['group'], $_REQUEST['pid']);
    }
    redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}
Esempio n. 4
0
function AddMembergroup()
{
    global $context, $txt, $sourcedir, $modSettings, $backend_subdir;
    // A form was submitted, we can start adding.
    if (!empty($_POST['group_name'])) {
        checkSession();
        $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based']));
        $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type'];
        // !!! Check for members with same name too?
        $request = smf_db_query('
			SELECT MAX(id_group)
			FROM {db_prefix}membergroups', array());
        list($id_group) = mysql_fetch_row($request);
        mysql_free_result($request);
        $id_group++;
        smf_db_insert('', '{db_prefix}membergroups', array('id_group' => 'int', 'description' => 'string', 'group_name' => 'string-80', 'min_posts' => 'int', 'stars' => 'string', 'online_color' => 'string', 'group_type' => 'int'), array($id_group, '', $_POST['group_name'], $postCountBasedGroup ? (int) $_POST['min_posts'] : '-1', '1#star.gif', '', $_POST['group_type']), array('id_group'));
        // Update the post groups now, if this is a post group!
        if (isset($_POST['min_posts'])) {
            updateStats('postgroups');
        }
        // You cannot set permissions for post groups if they are disabled.
        if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) {
            $_POST['perm_type'] = '';
        }
        if ($_POST['perm_type'] == 'predefined') {
            // Set default permission level.
            require_once $sourcedir . '/' . $backend_subdir . '/ManagePermissions.php';
            setPermissionLevel($_POST['level'], $id_group, 'null');
        } elseif ($_POST['perm_type'] == 'copy' || $_POST['perm_type'] == 'inherit') {
            $copy_id = $_POST['perm_type'] == 'copy' ? (int) $_POST['copyperm'] : (int) $_POST['inheritperm'];
            // Are you a powerful admin?
            if (!allowedTo('admin_forum')) {
                $request = smf_db_query('
					SELECT group_type
					FROM {db_prefix}membergroups
					WHERE id_group = {int:copy_from}
					LIMIT {int:limit}', array('copy_from' => $copy_id, 'limit' => 1));
                list($copy_type) = mysql_fetch_row($request);
                mysql_free_result($request);
                // Protected groups are... well, protected!
                if ($copy_type == 1) {
                    fatal_lang_error('membergroup_does_not_exist');
                }
            }
            // Don't allow copying of a real priviledged person!
            require_once $sourcedir . '/' . $backend_subdir . '/ManagePermissions.php';
            loadIllegalPermissions();
            $request = smf_db_query('
				SELECT permission, add_deny
				FROM {db_prefix}permissions
				WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id));
            $inserts = array();
            while ($row = mysql_fetch_assoc($request)) {
                if (empty($context['illegal_permissions']) || !in_array($row['permission'], $context['illegal_permissions'])) {
                    $inserts[] = array($id_group, $row['permission'], $row['add_deny']);
                }
            }
            mysql_free_result($request);
            if (!empty($inserts)) {
                smf_db_insert('insert', '{db_prefix}permissions', array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'permission'));
            }
            $request = smf_db_query('
				SELECT id_profile, permission, add_deny
				FROM {db_prefix}board_permissions
				WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id));
            $inserts = array();
            while ($row = mysql_fetch_assoc($request)) {
                $inserts[] = array($id_group, $row['id_profile'], $row['permission'], $row['add_deny']);
            }
            mysql_free_result($request);
            if (!empty($inserts)) {
                smf_db_insert('insert', '{db_prefix}board_permissions', array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'id_profile', 'permission'));
            }
            // Also get some membergroup information if we're copying and not copying from guests...
            if ($copy_id > 0 && $_POST['perm_type'] == 'copy') {
                $request = smf_db_query('
					SELECT online_color, max_messages, stars
					FROM {db_prefix}membergroups
					WHERE id_group = {int:copy_from}
					LIMIT 1', array('copy_from' => $copy_id));
                $group_info = mysql_fetch_assoc($request);
                mysql_free_result($request);
                // ...and update the new membergroup with it.
                smf_db_query('
					UPDATE {db_prefix}membergroups
					SET
						online_color = {string:online_color},
						max_messages = {int:max_messages},
						stars = {string:stars}
					WHERE id_group = {int:current_group}', array('max_messages' => $group_info['max_messages'], 'current_group' => $id_group, 'online_color' => $group_info['online_color'], 'stars' => $group_info['stars']));
            } elseif ($_POST['perm_type'] == 'inherit') {
                smf_db_query('
					UPDATE {db_prefix}membergroups
					SET id_parent = {int:copy_from}
					WHERE id_group = {int:current_group}', array('copy_from' => $copy_id, 'current_group' => $id_group));
            }
        }
        // Make sure all boards selected are stored in a proper array.
        $_POST['boardaccess'] = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
        foreach ($_POST['boardaccess'] as $key => $value) {
            $_POST['boardaccess'][$key] = (int) $value;
        }
        // Only do this if they have special access requirements.
        if (!empty($_POST['boardaccess'])) {
            smf_db_query('
				UPDATE {db_prefix}boards
				SET member_groups = CASE WHEN member_groups = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT(member_groups, {string:comma_group}) END
				WHERE id_board IN ({array_int:board_list})', array('board_list' => $_POST['boardaccess'], 'blank_string' => '', 'group_id_string' => (string) $id_group, 'comma_group' => ',' . $id_group));
        }
        // If this is joinable then set it to show group membership in people's profiles.
        if (empty($modSettings['show_group_membership']) && $_POST['group_type'] > 1) {
            updateSettings(array('show_group_membership' => 1));
        }
        // Rebuild the group cache.
        updateSettings(array('settings_updated' => time()));
        // We did it.
        logAction('add_group', array('group' => $_POST['group_name']), 'admin');
        regenerateColorStyle();
        // Go change some more settings.
        redirectexit('action=admin;area=membergroups;sa=edit;group=' . $id_group);
    }
    // Just show the 'add membergroup' screen.
    $context['page_title'] = $txt['membergroups_new_group'];
    $context['sub_template'] = 'new_group';
    $context['post_group'] = isset($_REQUEST['postgroup']);
    $context['undefined_group'] = !isset($_REQUEST['postgroup']) && !isset($_REQUEST['generalgroup']);
    $context['allow_protected'] = allowedTo('admin_forum');
    $result = smf_db_query('
		SELECT id_group, group_name
		FROM {db_prefix}membergroups
		WHERE (id_group > {int:moderator_group} OR id_group = {int:global_mod_group})' . (empty($modSettings['permission_enable_postgroups']) ? '
			AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : '
			AND group_type != {int:is_protected}') . '
		ORDER BY min_posts, id_group != {int:global_mod_group}, group_name', array('moderator_group' => 3, 'global_mod_group' => 2, 'min_posts' => -1, 'is_protected' => 1));
    $context['groups'] = array();
    while ($row = mysql_fetch_assoc($result)) {
        $context['groups'][] = array('id' => $row['id_group'], 'name' => $row['group_name']);
    }
    mysql_free_result($result);
    $result = smf_db_query('
		SELECT id_board, name, child_level
		FROM {db_prefix}boards
		ORDER BY board_order', array());
    $context['boards'] = array();
    while ($row = mysql_fetch_assoc($result)) {
        $context['boards'][] = array('id' => $row['id_board'], 'name' => $row['name'], 'child_level' => $row['child_level'], 'selected' => false);
    }
    mysql_free_result($result);
}
Esempio n. 5
0
function AddMembergroup()
{
    global $db_prefix, $context, $txt, $sourcedir, $modSettings;
    // A form was submitted, we can start adding.
    if (!empty($_POST['group_name'])) {
        checkSession();
        $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based']));
        // !!! Check for members with same name too?
        $request = db_query("\n\t\t\tSELECT MAX(ID_GROUP)\n\t\t\tFROM {$db_prefix}membergroups", __FILE__, __LINE__);
        list($ID_GROUP) = mysql_fetch_row($request);
        mysql_free_result($request);
        $ID_GROUP++;
        db_query("\n\t\t\tINSERT INTO {$db_prefix}membergroups\n\t\t\t\t(ID_GROUP, groupName, minPosts, stars, onlineColor)\n\t\t\tVALUES ({$ID_GROUP}, SUBSTRING('{$_POST['group_name']}', 1, 80), " . ($postCountBasedGroup ? (int) $_POST['min_posts'] : '-1') . ", '1#star.gif', '')", __FILE__, __LINE__);
        // Update the post groups now, if this is a post group!
        if (isset($_POST['min_posts'])) {
            updateStats('postgroups');
        }
        // You cannot set permissions for post groups if they are disabled.
        if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) {
            $_POST['perm_type'] = '';
        }
        if ($_POST['perm_type'] == 'predefined') {
            // Set default permission level.
            require_once $sourcedir . '/ManagePermissions.php';
            setPermissionLevel($_POST['level'], $ID_GROUP, 'null');
        } elseif ($_POST['perm_type'] == 'copy') {
            $_POST['copyperm'] = (int) $_POST['copyperm'];
            // Don't allow copying of a real priviledged person!
            require_once $sourcedir . '/ManagePermissions.php';
            loadIllegalPermissions();
            $request = db_query("\n\t\t\t\tSELECT permission, addDeny\n\t\t\t\tFROM {$db_prefix}permissions\n\t\t\t\tWHERE ID_GROUP = {$_POST['copyperm']}", __FILE__, __LINE__);
            $setString = '';
            while ($row = mysql_fetch_assoc($request)) {
                if (empty($context['illegal_permissions']) || !in_array($row['permission'], $context['illegal_permissions'])) {
                    $setString .= "\n\t\t\t\t\t\t({$ID_GROUP}, '{$row['permission']}', {$row['addDeny']}),";
                }
            }
            mysql_free_result($request);
            if (!empty($setString)) {
                db_query("\n\t\t\t\t\tINSERT INTO {$db_prefix}permissions\n\t\t\t\t\t\t(ID_GROUP, permission, addDeny)\n\t\t\t\t\tVALUES" . substr($setString, 0, -1), __FILE__, __LINE__);
            }
            $request = db_query("\n\t\t\t\tSELECT ID_BOARD, permission, addDeny\n\t\t\t\tFROM {$db_prefix}board_permissions\n\t\t\t\tWHERE ID_GROUP = {$_POST['copyperm']}" . (empty($modSettings['permission_enable_by_board']) ? "\n\t\t\t\t\tAND ID_BOARD = 0" : ''), __FILE__, __LINE__);
            $setString = '';
            while ($row = mysql_fetch_assoc($request)) {
                $setString .= "\n\t\t\t\t\t({$ID_GROUP}, {$row['ID_BOARD']}, '{$row['permission']}', {$row['addDeny']}),";
            }
            mysql_free_result($request);
            if (!empty($setString)) {
                db_query("\n\t\t\t\t\tINSERT INTO {$db_prefix}board_permissions\n\t\t\t\t\t\t(ID_GROUP, ID_BOARD, permission, addDeny)\n\t\t\t\t\tVALUES" . substr($setString, 0, -1), __FILE__, __LINE__);
            }
            // Also get some membergroup information if we're not copying from guests...
            if ($_POST['copyperm'] > 0) {
                $request = db_query("\n\t\t\t\t\tSELECT onlineColor, maxMessages, stars\n\t\t\t\t\tFROM {$db_prefix}membergroups\n\t\t\t\t\tWHERE ID_GROUP = {$_POST['copyperm']}\n\t\t\t\t\tLIMIT 1", __FILE__, __LINE__);
                $group_info = mysql_fetch_assoc($request);
                mysql_free_result($request);
                // ...and update the new membergroup with it.
                db_query("\n\t\t\t\t\tUPDATE {$db_prefix}membergroups\n\t\t\t\t\tSET\n\t\t\t\t\t\tonlineColor = '{$group_info['onlineColor']}',\n\t\t\t\t\t\tmaxMessages = {$group_info['maxMessages']},\n\t\t\t\t\t\tstars = '{$group_info['stars']}'\n\t\t\t\t\tWHERE ID_GROUP = {$ID_GROUP}\n\t\t\t\t\tLIMIT 1", __FILE__, __LINE__);
            }
        }
        // Make sure all boards selected are stored in a proper array.
        $_POST['boardaccess'] = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
        foreach ($_POST['boardaccess'] as $key => $value) {
            $_POST['boardaccess'][$key] = (int) $value;
        }
        // Only do this if they have special access requirements.
        if (!empty($_POST['boardaccess'])) {
            db_query("\n\t\t\t\tUPDATE {$db_prefix}boards\n\t\t\t\tSET memberGroups = IF(memberGroups = '', '{$ID_GROUP}', CONCAT(memberGroups, ',{$ID_GROUP}'))\n\t\t\t\tWHERE ID_BOARD IN (" . implode(', ', $_POST['boardaccess']) . ")\n\t\t\t\tLIMIT " . count($_POST['boardaccess']), __FILE__, __LINE__);
        }
        // Go change some more settings.
        redirectexit('action=membergroups;sa=edit;group=' . $ID_GROUP);
    }
    // Just show the 'add membergroup' screen.
    $context['page_title'] = $txt['membergroups_new_group'];
    $context['sub_template'] = 'new_group';
    $context['post_group'] = !empty($_REQUEST['postgroup']);
    $context['undefined_group'] = empty($_REQUEST['postgroup']) && empty($_REQUEST['generalgroup']);
    $result = db_query("\n\t\tSELECT ID_GROUP, groupName\n\t\tFROM {$db_prefix}membergroups\n\t\tWHERE (ID_GROUP > 3 OR ID_GROUP = 2)" . (empty($modSettings['permission_enable_postgroups']) ? "\n\t\t\tAND minPosts = -1" : '') . "\n\t\tORDER BY minPosts, ID_GROUP != 2, groupName", __FILE__, __LINE__);
    $context['groups'] = array();
    while ($row = mysql_fetch_assoc($result)) {
        $context['groups'][] = array('id' => $row['ID_GROUP'], 'name' => $row['groupName']);
    }
    mysql_free_result($result);
    $result = db_query("\n\t\tSELECT ID_BOARD, name, childLevel\n\t\tFROM {$db_prefix}boards", __FILE__, __LINE__);
    $context['boards'] = array();
    while ($row = mysql_fetch_assoc($result)) {
        $context['boards'][] = array('id' => $row['ID_BOARD'], 'name' => $row['name'], 'child_level' => $row['childLevel'], 'selected' => false);
    }
    mysql_free_result($result);
}
 /**
  * Handles permission modification actions from the upper part of the
  * permission manager index.
  */
 public function action_quick()
 {
     global $context;
     checkSession();
     validateToken('admin-mpq', 'quick');
     // we'll need to init illegal permissions, update permissions, etc.
     require_once SUBSDIR . '/Permission.subs.php';
     require_once SUBSDIR . '/ManagePermissions.subs.php';
     loadIllegalPermissions();
     loadIllegalGuestPermissions();
     // Make sure only one of the quick options was selected.
     if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) {
         fatal_lang_error('permissions_only_one_option', false);
     }
     if (empty($_POST['group']) || !is_array($_POST['group'])) {
         $_POST['group'] = array();
     }
     // Only accept numeric values for selected membergroups.
     foreach ($_POST['group'] as $id => $group_id) {
         $_POST['group'][$id] = (int) $group_id;
     }
     $_POST['group'] = array_unique($_POST['group']);
     if (empty($_REQUEST['pid'])) {
         $_REQUEST['pid'] = 0;
     } else {
         $_REQUEST['pid'] = (int) $_REQUEST['pid'];
     }
     // Fix up the old global to the new default!
     $bid = max(1, $_REQUEST['pid']);
     // No modifying the predefined profiles.
     if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5) {
         fatal_lang_error('no_access', false);
     }
     // Clear out any cached authority.
     updateSettings(array('settings_updated' => time()));
     // No groups where selected.
     if (empty($_POST['group'])) {
         redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
     }
     // Set a predefined permission profile.
     if (!empty($_POST['predefined'])) {
         // Make sure it's a predefined permission set we expect.
         if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) {
             redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
         }
         foreach ($_POST['group'] as $group_id) {
             if (!empty($_REQUEST['pid'])) {
                 setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
             } else {
                 setPermissionLevel($_POST['predefined'], $group_id);
             }
         }
     } elseif ($_POST['copy_from'] != 'empty') {
         // Just checking the input.
         if (!is_numeric($_POST['copy_from'])) {
             redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
         }
         // Make sure the group we're copying to is never included.
         $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
         // No groups left? Too bad.
         if (empty($_POST['group'])) {
             redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
         }
         if (empty($_REQUEST['pid'])) {
             copyPermission($_POST['copy_from'], $_POST['group'], $context['illegal_permissions'], $context['non_guest_permissions']);
         }
         // Now do the same for the board permissions.
         copyBoardPermission($_POST['copy_from'], $_POST['group'], $bid, $context['non_guest_permissions']);
         // Update any children out there!
         updateChildPermissions($_POST['group'], $_REQUEST['pid']);
     } elseif (!empty($_POST['permissions'])) {
         // Unpack two variables that were transported.
         list($permissionType, $permission) = explode('/', $_POST['permissions']);
         // Check whether our input is within expected range.
         if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) {
             redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
         }
         if ($_POST['add_remove'] == 'clear') {
             if ($permissionType == 'membergroup') {
                 deletePermission($_POST['group'], $permission, $context['illegal_permissions']);
             } else {
                 deleteBoardPermission($_POST['group'], $bid, $permission);
             }
         } else {
             $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
             $permChange = array();
             foreach ($_POST['group'] as $groupID) {
                 if ($groupID == -1 && in_array($permission, $context['non_guest_permissions'])) {
                     continue;
                 }
                 if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) {
                     $permChange[] = array($permission, $groupID, $add_deny);
                 } elseif ($permissionType != 'membergroup') {
                     $permChange[] = array($permission, $groupID, $add_deny, $bid);
                 }
             }
             if (!empty($permChange)) {
                 if ($permissionType == 'membergroup') {
                     replacePermission($permChange);
                 } else {
                     replaceBoardPermission($permChange);
                 }
             }
         }
         // Another child update!
         updateChildPermissions($_POST['group'], $_REQUEST['pid']);
     }
     redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
 }
 /**
  * This function handles adding a membergroup and setting some initial properties.
  *
  * What it does:
  * -Called by ?action=admin;area=membergroups;sa=add.
  * -It requires the manage_membergroups permission.
  * -Allows to use a predefined permission profile or copy one from another group.
  * -Redirects to action=admin;area=membergroups;sa=edit;group=x.
  *
  * @uses the new_group sub template of ManageMembergroups.
  */
 public function action_add()
 {
     global $context, $txt, $modSettings;
     require_once SUBSDIR . '/Membergroups.subs.php';
     // A form was submitted, we can start adding.
     if (isset($_POST['group_name']) && trim($_POST['group_name']) != '') {
         checkSession();
         validateToken('admin-mmg');
         $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based']));
         $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type'];
         // @todo Check for members with same name too?
         // Don't allow copying of a real priviledged person!
         require_once SUBSDIR . '/Permission.subs.php';
         loadIllegalPermissions();
         $id_group = getMaxGroupID() + 1;
         $minposts = !empty($_POST['min_posts']) ? (int) $_POST['min_posts'] : '-1';
         addMembergroup($id_group, $_POST['group_name'], $minposts, $_POST['group_type']);
         call_integration_hook('integrate_add_membergroup', array($id_group, $postCountBasedGroup));
         // Update the post groups now, if this is a post group!
         if (isset($_POST['min_posts'])) {
             updateStats('postgroups');
         }
         // You cannot set permissions for post groups if they are disabled.
         if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) {
             $_POST['perm_type'] = '';
         }
         if ($_POST['perm_type'] == 'predefined') {
             // Set default permission level.
             require_once SUBSDIR . '/ManagePermissions.subs.php';
             setPermissionLevel($_POST['level'], $id_group, null);
         } elseif ($_POST['perm_type'] == 'copy' || $_POST['perm_type'] == 'inherit') {
             $copy_id = $_POST['perm_type'] == 'copy' ? (int) $_POST['copyperm'] : (int) $_POST['inheritperm'];
             // Are you a powerful admin?
             if (!allowedTo('admin_forum')) {
                 $copy_type = membergroupById($copy_id);
                 // Protected groups are... well, protected!
                 if ($copy_type['group_type'] == 1) {
                     fatal_lang_error('membergroup_does_not_exist');
                 }
             }
             // Don't allow copying of a real priviledged person!
             require_once SUBSDIR . '/Permission.subs.php';
             loadIllegalPermissions();
             copyPermissions($id_group, $copy_id, $context['illegal_permissions']);
             copyBoardPermissions($id_group, $copy_id);
             // Also get some membergroup information if we're copying and not copying from guests...
             if ($copy_id > 0 && $_POST['perm_type'] == 'copy') {
                 updateCopiedGroup($id_group, $copy_id);
             } elseif ($_POST['perm_type'] == 'inherit') {
                 updateInheritedGroup($id_group, $copy_id);
             }
         }
         // Make sure all boards selected are stored in a proper array.
         $changed_boards = array();
         $accesses = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
         $changed_boards['allow'] = array();
         $changed_boards['deny'] = array();
         $changed_boards['ignore'] = array();
         foreach ($accesses as $group_id => $action) {
             $changed_boards[$action][] = (int) $group_id;
         }
         foreach (array('allow', 'deny') as $board_action) {
             // Only do this if they have special access requirements.
             if (!empty($changed_boards[$board_action])) {
                 assignGroupToBoards($id_group, $changed_boards, $board_action);
             }
         }
         // If this is joinable then set it to show group membership in people's profiles.
         if (empty($modSettings['show_group_membership']) && $_POST['group_type'] > 1) {
             updateSettings(array('show_group_membership' => 1));
         }
         // Rebuild the group cache.
         updateSettings(array('settings_updated' => time()));
         // We did it.
         logAction('add_group', array('group' => $_POST['group_name']), 'admin');
         // Go change some more settings.
         redirectexit('action=admin;area=membergroups;sa=edit;group=' . $id_group);
     }
     // Just show the 'add membergroup' screen.
     $context['page_title'] = $txt['membergroups_new_group'];
     $context['sub_template'] = 'new_group';
     $context['post_group'] = isset($_REQUEST['postgroup']);
     $context['undefined_group'] = !isset($_REQUEST['postgroup']) && !isset($_REQUEST['generalgroup']);
     $context['allow_protected'] = allowedTo('admin_forum');
     if (!empty($modSettings['deny_boards_access'])) {
         loadLanguage('ManagePermissions');
     }
     $context['groups'] = getBasicMembergroupData(array('globalmod'), array(), 'min_posts, id_group != {int:global_mod_group}, group_name');
     require_once SUBSDIR . '/Boards.subs.php';
     $context += getBoardList();
     // Include a list of boards per category for easy toggling.
     foreach ($context['categories'] as $category) {
         $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
     }
     createToken('admin-mmg');
 }