function groupDispatch($op)
{
if (isset($_POST['undo'])) {
$op = 'groups';
}
if (isset($_POST['cancelselector'])) {
$op = 'groups';
}
if (isset($_POST['okselector'])) {
$op = 'savemembers';
}
switch ($op) {
case "groups":
groups();
break;
case "subscribe":
subscribe();
break;
case "savemembers":
savemembers();
break;
case "editgroup":
editgroup();
break;
case "savegroup":
savegroup();
break;
case "delgroup":
delgroup();
break;
}
}
/**
* Save a group to the database
*
* @param string $grp_id ID of group to save
* @param string $grp_name Group Name
* @param string $grp_descr Description of group
* @param boolean $grp_admin Flag that indicates this is an admin use group
* @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group
* @param boolean $grp_default Flag that indicates if this is a default group
* @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
* @return string HTML refresh or error message
*
*/
function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE;
$retval = '';
if (!empty($grp_name) && !empty($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups();
if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
if ($grp_gl_core == 1 and !is_array($features)) {
COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
// group names have to be unique, so check if this one exists already
$g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
if ($g_id > 0) {
if (empty($grp_id) || $grp_id != $g_id) {
// there already is a group with that name - complain
$retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
$grp_descr = COM_stripslashes($grp_descr);
$grp_descr = DB_escapeString($grp_descr);
$grp_applydefault_add = true;
if (empty($grp_id)) {
DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
$new_group = true;
} else {
if ($grp_applydefault == 1) {
// check if $grp_default changed
$old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}");
if ($old_default == $grp_default) {
// no change required
$grp_applydefault = 0;
} elseif ($old_default == 1) {
$grp_applydefault_add = false;
}
}
DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$new_group = false;
}
if (empty($grp_id) || $grp_id < 1) {
// "this shouldn't happen"
COM_errorLog("Internal error: invalid group id");
$retval .= COM_showMessage(95);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
// Use the field grp_gl_core to indicate if this non-core GL Group
// is an Admin related group
if ($grp_gl_core != 1 and $grp_id > 1) {
if ($grp_admin == 1) {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}");
} else {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}");
}
}
// now save the features
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
$num_features = count($features);
if (SEC_inGroup('Root')) {
foreach ($features as $f) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
} else {
$GroupAdminFeatures = SEC_getUserPermissions();
$availableFeatures = explode(',', $GroupAdminFeatures);
foreach ($features as $f) {
if (in_array($f, $availableFeatures)) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
}
}
if ($_GROUP_VERBOSE) {
COM_errorLog('groups = ' . $groups);
COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1);
}
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
if (!empty($groups)) {
foreach ($groups as $g) {
if (in_array($g, $GroupAdminGroups)) {
if ($_GROUP_VERBOSE) {
COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})";
DB_query($sql);
}
}
}
// Make sure Root group belongs to any new group
if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)");
}
// make sure this Group Admin belongs to the new group
if (!SEC_inGroup('Root')) {
if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})");
}
}
if ($grp_applydefault == 1) {
applydefaultgroup($grp_id, $grp_applydefault_add);
}
if ($new_group) {
PLG_groupChanged($grp_id, 'new');
} else {
PLG_groupChanged($grp_id, 'edit');
}
if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49');
}
} else {
$retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
if (isset($_GET["action"]) && stripslashes($_GET["action"]) == "edit" && isset($_GET["gid"]) && $_GET["gid"] != "") {
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
if (mysqli_connect_errno()) {
errorpage("MYSQL DATABASE ERROR", mysqli_connect_error(), $charset, CMUM_TITLE, $_SERVER["REQUEST_URI"], CMUM_VERSION, CMUM_BUILD, CMUM_MOD);
exit;
}
$sql = $mysqli->query("SELECT id,name,comment FROM groups WHERE id='" . $mysqli->real_escape_string($_GET["gid"]) . "'");
$eg_res = $sql->fetch_array();
$eg_id = $eg_res["id"];
$eg_name = $eg_res["name"];
$eg_comment = $eg_res["comment"];
mysqli_close($mysqli);
$notice = "\$('#modalEditGroup').modal({ show: true });";
}
if (isset($_POST["value"]) && $_POST["value"] == "beditgrp") {
$status = editgroup($_POST["gid"], $_POST["name"], $_POST["comment"]);
if ($status == "0") {
$notice = "toastr.success('Changes successfully saved');";
} elseif ($status == "1") {
$eg_id = $_POST["gid"];
$eg_name = $_POST["name"];
$eg_comment = $_POST["comment"];
$notice = "toastr.error('You must enter a group name'); \$('#modalEditGroup').modal({ show: true });";
} elseif ($status == "2") {
$eg_id = $_POST["gid"];
$eg_name = $_POST["name"];
$eg_comment = $_POST["comment"];
$notice = "toastr.error('Group already exists'); \$('#modalEditGroup').modal({ show: true });";
}
}
if (isset($_GET["action"]) && stripslashes($_GET["action"]) == "delete" && isset($_GET["gid"]) && $_GET["gid"] != "") {
