function SetQuickGroups() { global $db_prefix, $context; checkSession(); loadIllegalPermissions(); // Make sure only one of the quick options was selected. if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) { fatal_lang_error('permissions_only_one_option', false); } if (empty($_POST['group']) || !is_array($_POST['group'])) { $_POST['group'] = array(); } // Only accept numeric values for selected membergroups. foreach ($_POST['group'] as $id => $group_id) { $_POST['group'][$id] = (int) $group_id; } $_POST['group'] = array_unique($_POST['group']); if (empty($_REQUEST['boardid'])) { $_REQUEST['boardid'] = 0; } else { $_REQUEST['boardid'] = (int) $_REQUEST['boardid']; } if (isset($_POST['access'])) { foreach ($_POST['access'] as $k => $v) { $_POST['access'][$k] = (int) $v; } $access = implode(',', $_POST['access']); } else { $access = ''; } db_query("\n\t\tUPDATE {$db_prefix}boards\n\t\tSET memberGroups = '{$access}'\n\t\tWHERE ID_BOARD = {$_REQUEST['boardid']}\n\t\tLIMIT 1", __FILE__, __LINE__); // No groups where selected. if (empty($_POST['group'])) { redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); } // Set a predefined permission profile. if (!empty($_POST['predefined'])) { // Make sure it's a predefined permission set we expect. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) { redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); } foreach ($_POST['group'] as $group_id) { if (!empty($_REQUEST['boardid'])) { setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['boardid']); } else { setPermissionLevel($_POST['predefined'], $group_id); } } } elseif (isset($_POST['from_board']) && $_POST['from_board'] != 'empty') { // Just checking the input. if (!is_numeric($_POST['from_board'])) { redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); } // Fetch all the board permissions for these groups. $request = db_query("\n\t\t\tSELECT ID_GROUP, permission, addDeny\n\t\t\tFROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = {$_POST['from_board']}\n\t\t\t\tAND ID_GROUP IN (" . implode(',', $_POST['group']) . ")", __FILE__, __LINE__); $target_perms = array(); while ($row = mysql_fetch_assoc($request)) { $target_perms[] = "('{$row['permission']}', {$row['ID_GROUP']}, {$_REQUEST['boardid']}, {$row['addDeny']})"; } mysql_free_result($request); // Delete the previous global board permissions... db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}", __FILE__, __LINE__); // And insert the copied permissions. if (!empty($target_perms)) { db_query("\n\t\t\t\tINSERT IGNORE INTO {$db_prefix}board_permissions\n\t\t\t\t\t(permission, ID_GROUP, ID_BOARD, addDeny)\n\t\t\t\tVALUES " . implode(',', $target_perms), __FILE__, __LINE__); } } elseif ($_POST['copy_from'] != 'empty') { // Just checking the input. if (!is_numeric($_POST['copy_from'])) { redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); } // Make sure the group we're copying to is never included. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from'])); // No groups left? Too bad. if (empty($_POST['group'])) { redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); } if (empty($_REQUEST['boardid'])) { // Retrieve current permissions of group. $request = db_query("\n\t\t\t\tSELECT permission, addDeny\n\t\t\t\tFROM {$db_prefix}permissions\n\t\t\t\tWHERE ID_GROUP = {$_POST['copy_from']}", __FILE__, __LINE__); $target_perm = array(); while ($row = mysql_fetch_assoc($request)) { $target_perm[$row['permission']] = $row['addDeny']; } mysql_free_result($request); $insert_string = ''; foreach ($_POST['group'] as $group_id) { foreach ($target_perm as $perm => $addDeny) { // No dodgy permissions please! if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions'])) { continue; } $insert_string .= "('{$perm}', {$group_id}, {$addDeny}),"; } } // Delete the previous permissions... db_query("\n\t\t\t\tDELETE FROM {$db_prefix}permissions\n\t\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")" . (empty($context['illegal_permissions']) ? '' : "\n\t\t\t\t\tAND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__); if (!empty($insert_string)) { // Cut off the last comma. $insert_string = substr($insert_string, 0, -1); // ..and insert the new ones. db_query("\n\t\t\t\t\tINSERT IGNORE INTO {$db_prefix}permissions\n\t\t\t\t\t\t(permission, ID_GROUP, addDeny)\n\t\t\t\t\tVALUES {$insert_string}", __FILE__, __LINE__); } } // Now do the same for the board permissions. $request = db_query("\n\t\t\tSELECT permission, addDeny\n\t\t\tFROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_GROUP = {$_POST['copy_from']}\n\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}", __FILE__, __LINE__); $target_perm = array(); while ($row = mysql_fetch_assoc($request)) { $target_perm[$row['permission']] = $row['addDeny']; } mysql_free_result($request); $insert_string = ''; foreach ($_POST['group'] as $group_id) { foreach ($target_perm as $perm => $addDeny) { $insert_string .= "('{$perm}', {$group_id}, {$_REQUEST['boardid']}, {$addDeny}),"; } } // Delete the previous global board permissions... db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}", __FILE__, __LINE__); // And insert the copied permissions. if (!empty($insert_string)) { $insert_string = substr($insert_string, 0, -1); db_query("\n\t\t\t\tINSERT IGNORE INTO {$db_prefix}board_permissions\n\t\t\t\t\t(permission, ID_GROUP, ID_BOARD, addDeny)\n\t\t\t\tVALUES {$insert_string}", __FILE__, __LINE__); } } elseif (!empty($_POST['permissions'])) { // Unpack two variables that were transported. list($permissionType, $permission) = explode('/', $_POST['permissions']); // Check whether our input is within expected range. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) { redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); } if ($_POST['add_remove'] == 'clear') { if ($permissionType == 'membergroup') { db_query("\n\t\t\t\t\tDELETE FROM {$db_prefix}permissions\n\t\t\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\t\t\tAND permission = '{$permission}'" . (empty($context['illegal_permissions']) ? '' : "\n\t\t\t\t\t\tAND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__); } else { db_query("\n\t\t\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\t\t\tWHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")\n\t\t\t\t\t\tAND ID_BOARD = {$_REQUEST['boardid']}\n\t\t\t\t\t\tAND permission = '{$permission}'", __FILE__, __LINE__); } } else { $addDeny = $_POST['add_remove'] == 'add' ? '1' : '0'; if ($permissionType == 'membergroup' && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) { db_query("\n\t\t\t\t\tREPLACE INTO {$db_prefix}permissions\n\t\t\t\t\t\t(permission, ID_GROUP, addDeny)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$permission}', " . implode(", {$addDeny}),\n\t\t\t\t\t\t('{$permission}', ", $_POST['group']) . ", {$addDeny})", __FILE__, __LINE__); } elseif ($permissionType != 'membergroup') { db_query("\n\t\t\t\t\tREPLACE INTO {$db_prefix}board_permissions\n\t\t\t\t\t\t(permission, ID_GROUP, ID_BOARD, addDeny)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$permission}', " . implode(", {$_REQUEST['boardid']}, {$addDeny}),\n\t\t\t\t\t\t('{$permission}', ", $_POST['group']) . ", {$_REQUEST['boardid']}, {$addDeny})", __FILE__, __LINE__); } } } // Don't allow guests to have certain permissions. db_query("\n\t\tDELETE FROM {$db_prefix}permissions\n\t\tWHERE ID_GROUP = -1 AND\n\t\t\t(permission = 'manage_membergroups'\n\t\t\tOR permission = 'manage_permissions'\n\t\t\tOR permission = 'admin_forum')", __FILE__, __LINE__); redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); }
/** * This function handles adding a membergroup and setting some initial properties. * Called by ?action=admin;area=membergroups;sa=add. * It requires the manage_membergroups permission. * Allows to use a predefined permission profile or copy one from another group. * Redirects to action=admin;area=membergroups;sa=edit;group=x. * * @uses the new_group sub template of ManageMembergroups. */ function AddMembergroup() { global $context, $txt, $sourcedir, $modSettings, $smcFunc; // A form was submitted, we can start adding. if (isset($_POST['group_name']) && trim($_POST['group_name']) != '') { checkSession(); validateToken('admin-mmg'); $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based'])); $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type']; // @todo Check for members with same name too? $request = $smcFunc['db_query']('', ' SELECT MAX(id_group) FROM {db_prefix}membergroups', array()); list($id_group) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $id_group++; $smcFunc['db_insert']('', '{db_prefix}membergroups', array('id_group' => 'int', 'description' => 'string', 'group_name' => 'string-80', 'min_posts' => 'int', 'icons' => 'string', 'online_color' => 'string', 'group_type' => 'int'), array($id_group, '', $smcFunc['htmlspecialchars']($_POST['group_name'], ENT_QUOTES), $postCountBasedGroup ? (int) $_POST['min_posts'] : '-1', '1#star.png', '', $_POST['group_type']), array('id_group')); call_integration_hook('integrate_add_membergroup', array($id_group, $postCountBasedGroup)); // Update the post groups now, if this is a post group! if (isset($_POST['min_posts'])) { updateStats('postgroups'); } // You cannot set permissions for post groups if they are disabled. if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) { $_POST['perm_type'] = ''; } if ($_POST['perm_type'] == 'predefined') { // Set default permission level. require_once $sourcedir . '/ManagePermissions.php'; setPermissionLevel($_POST['level'], $id_group, 'null'); } elseif ($_POST['perm_type'] == 'copy' || $_POST['perm_type'] == 'inherit') { $copy_id = $_POST['perm_type'] == 'copy' ? (int) $_POST['copyperm'] : (int) $_POST['inheritperm']; // Are you a powerful admin? if (!allowedTo('admin_forum')) { $request = $smcFunc['db_query']('', ' SELECT group_type FROM {db_prefix}membergroups WHERE id_group = {int:copy_from} LIMIT {int:limit}', array('copy_from' => $copy_id, 'limit' => 1)); list($copy_type) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Protected groups are... well, protected! if ($copy_type == 1) { fatal_lang_error('membergroup_does_not_exist'); } } // Don't allow copying of a real priviledged person! require_once $sourcedir . '/ManagePermissions.php'; loadIllegalPermissions(); $request = $smcFunc['db_query']('', ' SELECT permission, add_deny FROM {db_prefix}permissions WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id)); $inserts = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (empty($context['illegal_permissions']) || !in_array($row['permission'], $context['illegal_permissions'])) { $inserts[] = array($id_group, $row['permission'], $row['add_deny']); } } $smcFunc['db_free_result']($request); if (!empty($inserts)) { $smcFunc['db_insert']('insert', '{db_prefix}permissions', array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'permission')); } $request = $smcFunc['db_query']('', ' SELECT id_profile, permission, add_deny FROM {db_prefix}board_permissions WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id)); $inserts = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $inserts[] = array($id_group, $row['id_profile'], $row['permission'], $row['add_deny']); } $smcFunc['db_free_result']($request); if (!empty($inserts)) { $smcFunc['db_insert']('insert', '{db_prefix}board_permissions', array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'id_profile', 'permission')); } // Also get some membergroup information if we're copying and not copying from guests... if ($copy_id > 0 && $_POST['perm_type'] == 'copy') { $request = $smcFunc['db_query']('', ' SELECT online_color, max_messages, icons FROM {db_prefix}membergroups WHERE id_group = {int:copy_from} LIMIT 1', array('copy_from' => $copy_id)); $group_info = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // ...and update the new membergroup with it. $smcFunc['db_query']('', ' UPDATE {db_prefix}membergroups SET online_color = {string:online_color}, max_messages = {int:max_messages}, icons = {string:icons} WHERE id_group = {int:current_group}', array('max_messages' => $group_info['max_messages'], 'current_group' => $id_group, 'online_color' => $group_info['online_color'], 'icons' => $group_info['icons'])); } elseif ($_POST['perm_type'] == 'inherit') { $smcFunc['db_query']('', ' UPDATE {db_prefix}membergroups SET id_parent = {int:copy_from} WHERE id_group = {int:current_group}', array('copy_from' => $copy_id, 'current_group' => $id_group)); } } // Make sure all boards selected are stored in a proper array. $accesses = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess']; $changed_boards['allow'] = array(); $changed_boards['deny'] = array(); $changed_boards['ignore'] = array(); foreach ($accesses as $group_id => $action) { $changed_boards[$action][] = (int) $group_id; } foreach (array('allow', 'deny') as $board_action) { // Only do this if they have special access requirements. if (!empty($changed_boards[$board_action])) { $smcFunc['db_query']('', ' UPDATE {db_prefix}boards SET {raw:column} = CASE WHEN {raw:column} = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT({raw:column}, {string:comma_group}) END WHERE id_board IN ({array_int:board_list})', array('board_list' => $changed_boards[$board_action], 'blank_string' => '', 'group_id_string' => (string) $id_group, 'comma_group' => ',' . $id_group, 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups')); } } // If this is joinable then set it to show group membership in people's profiles. if (empty($modSettings['show_group_membership']) && $_POST['group_type'] > 1) { updateSettings(array('show_group_membership' => 1)); } // Rebuild the group cache. updateSettings(array('settings_updated' => time())); // We did it. logAction('add_group', array('group' => $_POST['group_name']), 'admin'); // Go change some more settings. redirectexit('action=admin;area=membergroups;sa=edit;group=' . $id_group); } // Just show the 'add membergroup' screen. $context['page_title'] = $txt['membergroups_new_group']; $context['sub_template'] = 'new_group'; $context['post_group'] = isset($_REQUEST['postgroup']); $context['undefined_group'] = !isset($_REQUEST['postgroup']) && !isset($_REQUEST['generalgroup']); $context['allow_protected'] = allowedTo('admin_forum'); if (!empty($modSettings['deny_boards_access'])) { loadLanguage('ManagePermissions'); } $result = $smcFunc['db_query']('', ' SELECT id_group, group_name FROM {db_prefix}membergroups WHERE (id_group > {int:moderator_group} OR id_group = {int:global_mod_group})' . (empty($modSettings['permission_enable_postgroups']) ? ' AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : ' AND group_type != {int:is_protected}') . ' ORDER BY min_posts, id_group != {int:global_mod_group}, group_name', array('moderator_group' => 3, 'global_mod_group' => 2, 'min_posts' => -1, 'is_protected' => 1)); $context['groups'] = array(); while ($row = $smcFunc['db_fetch_assoc']($result)) { $context['groups'][] = array('id' => $row['id_group'], 'name' => $row['group_name']); } $smcFunc['db_free_result']($result); $request = $smcFunc['db_query']('', ' SELECT b.id_cat, c.name AS cat_name, b.id_board, b.name, b.child_level FROM {db_prefix}boards AS b LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) ORDER BY board_order', array()); $context['num_boards'] = $smcFunc['db_num_rows']($request); $context['categories'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { // This category hasn't been set up yet.. if (!isset($context['categories'][$row['id_cat']])) { $context['categories'][$row['id_cat']] = array('id' => $row['id_cat'], 'name' => $row['cat_name'], 'boards' => array()); } // Set this board up, and let the template know when it's a child. (indent them..) $context['categories'][$row['id_cat']]['boards'][$row['id_board']] = array('id' => $row['id_board'], 'name' => $row['name'], 'child_level' => $row['child_level'], 'allow' => false, 'deny' => false); } $smcFunc['db_free_result']($request); // Now, let's sort the list of categories into the boards for templates that like that. $temp_boards = array(); foreach ($context['categories'] as $category) { $temp_boards[] = array('name' => $category['name'], 'child_ids' => array_keys($category['boards'])); $temp_boards = array_merge($temp_boards, array_values($category['boards'])); // Include a list of boards per category for easy toggling. $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']); } createToken('admin-mmg'); }
function SetQuickGroups() { global $context, $smcFunc; checkSession(); loadIllegalPermissions(); loadIllegalGuestPermissions(); // Make sure only one of the quick options was selected. if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) { fatal_lang_error('permissions_only_one_option', false); } if (empty($_POST['group']) || !is_array($_POST['group'])) { $_POST['group'] = array(); } // Only accept numeric values for selected membergroups. foreach ($_POST['group'] as $id => $group_id) { $_POST['group'][$id] = (int) $group_id; } $_POST['group'] = array_unique($_POST['group']); if (empty($_REQUEST['pid'])) { $_REQUEST['pid'] = 0; } else { $_REQUEST['pid'] = (int) $_REQUEST['pid']; } // Fix up the old global to the new default! $bid = max(1, $_REQUEST['pid']); // No modifying the predefined profiles. if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5) { fatal_lang_error('no_access', false); } // Clear out any cached authority. updateSettings(array('settings_updated' => time())); // No groups where selected. if (empty($_POST['group'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } // Set a predefined permission profile. if (!empty($_POST['predefined'])) { // Make sure it's a predefined permission set we expect. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } foreach ($_POST['group'] as $group_id) { if (!empty($_REQUEST['pid'])) { setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']); } else { setPermissionLevel($_POST['predefined'], $group_id); } } } elseif ($_POST['copy_from'] != 'empty') { // Just checking the input. if (!is_numeric($_POST['copy_from'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } // Make sure the group we're copying to is never included. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from'])); // No groups left? Too bad. if (empty($_POST['group'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } if (empty($_REQUEST['pid'])) { // Retrieve current permissions of group. $request = $smcFunc['db_query']('', ' SELECT permission, add_deny FROM {db_prefix}permissions WHERE id_group = {int:copy_from}', array('copy_from' => $_POST['copy_from'])); $target_perm = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $target_perm[$row['permission']] = $row['add_deny']; } $smcFunc['db_free_result']($request); $inserts = array(); foreach ($_POST['group'] as $group_id) { foreach ($target_perm as $perm => $add_deny) { // No dodgy permissions please! if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions'])) { continue; } if ($group_id == -1 && in_array($perm, $context['non_guest_permissions'])) { continue; } if ($group_id != 1 && $group_id != 3) { $inserts[] = array($perm, $group_id, $add_deny); } } } // Delete the previous permissions... $smcFunc['db_query']('', ' DELETE FROM {db_prefix}permissions WHERE id_group IN ({array_int:group_list}) ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'), array('group_list' => $_POST['group'], 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array())); if (!empty($inserts)) { // ..and insert the new ones. $smcFunc['db_insert']('', '{db_prefix}permissions', array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'), $inserts, array('permission', 'id_group')); } } // Now do the same for the board permissions. $request = $smcFunc['db_query']('', ' SELECT permission, add_deny FROM {db_prefix}board_permissions WHERE id_group = {int:copy_from} AND id_profile = {int:current_profile}', array('copy_from' => $_POST['copy_from'], 'current_profile' => $bid)); $target_perm = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $target_perm[$row['permission']] = $row['add_deny']; } $smcFunc['db_free_result']($request); $inserts = array(); foreach ($_POST['group'] as $group_id) { foreach ($target_perm as $perm => $add_deny) { // Are these for guests? if ($group_id == -1 && in_array($perm, $context['non_guest_permissions'])) { continue; } $inserts[] = array($perm, $group_id, $bid, $add_deny); } } // Delete the previous global board permissions... $smcFunc['db_query']('', ' DELETE FROM {db_prefix}board_permissions WHERE id_group IN ({array_int:current_group_list}) AND id_profile = {int:current_profile}', array('current_group_list' => $_POST['group'], 'current_profile' => $bid)); // And insert the copied permissions. if (!empty($inserts)) { // ..and insert the new ones. $smcFunc['db_insert']('', '{db_prefix}board_permissions', array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'), $inserts, array('permission', 'id_group', 'id_profile')); } // Update any children out there! updateChildPermissions($_POST['group'], $_REQUEST['pid']); } elseif (!empty($_POST['permissions'])) { // Unpack two variables that were transported. list($permissionType, $permission) = explode('/', $_POST['permissions']); // Check whether our input is within expected range. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } if ($_POST['add_remove'] == 'clear') { if ($permissionType == 'membergroup') { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}permissions WHERE id_group IN ({array_int:current_group_list}) AND permission = {string:current_permission} ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'), array('current_group_list' => $_POST['group'], 'current_permission' => $permission, 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array())); } else { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}board_permissions WHERE id_group IN ({array_int:current_group_list}) AND id_profile = {int:current_profile} AND permission = {string:current_permission}', array('current_group_list' => $_POST['group'], 'current_profile' => $bid, 'current_permission' => $permission)); } } else { $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0'; $permChange = array(); foreach ($_POST['group'] as $groupID) { if ($groupID == -1 && in_array($permission, $context['non_guest_permissions'])) { continue; } if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) { $permChange[] = array($permission, $groupID, $add_deny); } elseif ($permissionType != 'membergroup') { $permChange[] = array($permission, $groupID, $bid, $add_deny); } } if (!empty($permChange)) { if ($permissionType == 'membergroup') { $smcFunc['db_insert']('replace', '{db_prefix}permissions', array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'), $permChange, array('permission', 'id_group')); } else { $smcFunc['db_insert']('replace', '{db_prefix}board_permissions', array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'), $permChange, array('permission', 'id_group', 'id_profile')); } } } // Another child update! updateChildPermissions($_POST['group'], $_REQUEST['pid']); } redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); }
function AddMembergroup() { global $context, $txt, $sourcedir, $modSettings, $backend_subdir; // A form was submitted, we can start adding. if (!empty($_POST['group_name'])) { checkSession(); $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based'])); $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type']; // !!! Check for members with same name too? $request = smf_db_query(' SELECT MAX(id_group) FROM {db_prefix}membergroups', array()); list($id_group) = mysql_fetch_row($request); mysql_free_result($request); $id_group++; smf_db_insert('', '{db_prefix}membergroups', array('id_group' => 'int', 'description' => 'string', 'group_name' => 'string-80', 'min_posts' => 'int', 'stars' => 'string', 'online_color' => 'string', 'group_type' => 'int'), array($id_group, '', $_POST['group_name'], $postCountBasedGroup ? (int) $_POST['min_posts'] : '-1', '1#star.gif', '', $_POST['group_type']), array('id_group')); // Update the post groups now, if this is a post group! if (isset($_POST['min_posts'])) { updateStats('postgroups'); } // You cannot set permissions for post groups if they are disabled. if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) { $_POST['perm_type'] = ''; } if ($_POST['perm_type'] == 'predefined') { // Set default permission level. require_once $sourcedir . '/' . $backend_subdir . '/ManagePermissions.php'; setPermissionLevel($_POST['level'], $id_group, 'null'); } elseif ($_POST['perm_type'] == 'copy' || $_POST['perm_type'] == 'inherit') { $copy_id = $_POST['perm_type'] == 'copy' ? (int) $_POST['copyperm'] : (int) $_POST['inheritperm']; // Are you a powerful admin? if (!allowedTo('admin_forum')) { $request = smf_db_query(' SELECT group_type FROM {db_prefix}membergroups WHERE id_group = {int:copy_from} LIMIT {int:limit}', array('copy_from' => $copy_id, 'limit' => 1)); list($copy_type) = mysql_fetch_row($request); mysql_free_result($request); // Protected groups are... well, protected! if ($copy_type == 1) { fatal_lang_error('membergroup_does_not_exist'); } } // Don't allow copying of a real priviledged person! require_once $sourcedir . '/' . $backend_subdir . '/ManagePermissions.php'; loadIllegalPermissions(); $request = smf_db_query(' SELECT permission, add_deny FROM {db_prefix}permissions WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id)); $inserts = array(); while ($row = mysql_fetch_assoc($request)) { if (empty($context['illegal_permissions']) || !in_array($row['permission'], $context['illegal_permissions'])) { $inserts[] = array($id_group, $row['permission'], $row['add_deny']); } } mysql_free_result($request); if (!empty($inserts)) { smf_db_insert('insert', '{db_prefix}permissions', array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'permission')); } $request = smf_db_query(' SELECT id_profile, permission, add_deny FROM {db_prefix}board_permissions WHERE id_group = {int:copy_from}', array('copy_from' => $copy_id)); $inserts = array(); while ($row = mysql_fetch_assoc($request)) { $inserts[] = array($id_group, $row['id_profile'], $row['permission'], $row['add_deny']); } mysql_free_result($request); if (!empty($inserts)) { smf_db_insert('insert', '{db_prefix}board_permissions', array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'), $inserts, array('id_group', 'id_profile', 'permission')); } // Also get some membergroup information if we're copying and not copying from guests... if ($copy_id > 0 && $_POST['perm_type'] == 'copy') { $request = smf_db_query(' SELECT online_color, max_messages, stars FROM {db_prefix}membergroups WHERE id_group = {int:copy_from} LIMIT 1', array('copy_from' => $copy_id)); $group_info = mysql_fetch_assoc($request); mysql_free_result($request); // ...and update the new membergroup with it. smf_db_query(' UPDATE {db_prefix}membergroups SET online_color = {string:online_color}, max_messages = {int:max_messages}, stars = {string:stars} WHERE id_group = {int:current_group}', array('max_messages' => $group_info['max_messages'], 'current_group' => $id_group, 'online_color' => $group_info['online_color'], 'stars' => $group_info['stars'])); } elseif ($_POST['perm_type'] == 'inherit') { smf_db_query(' UPDATE {db_prefix}membergroups SET id_parent = {int:copy_from} WHERE id_group = {int:current_group}', array('copy_from' => $copy_id, 'current_group' => $id_group)); } } // Make sure all boards selected are stored in a proper array. $_POST['boardaccess'] = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess']; foreach ($_POST['boardaccess'] as $key => $value) { $_POST['boardaccess'][$key] = (int) $value; } // Only do this if they have special access requirements. if (!empty($_POST['boardaccess'])) { smf_db_query(' UPDATE {db_prefix}boards SET member_groups = CASE WHEN member_groups = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT(member_groups, {string:comma_group}) END WHERE id_board IN ({array_int:board_list})', array('board_list' => $_POST['boardaccess'], 'blank_string' => '', 'group_id_string' => (string) $id_group, 'comma_group' => ',' . $id_group)); } // If this is joinable then set it to show group membership in people's profiles. if (empty($modSettings['show_group_membership']) && $_POST['group_type'] > 1) { updateSettings(array('show_group_membership' => 1)); } // Rebuild the group cache. updateSettings(array('settings_updated' => time())); // We did it. logAction('add_group', array('group' => $_POST['group_name']), 'admin'); regenerateColorStyle(); // Go change some more settings. redirectexit('action=admin;area=membergroups;sa=edit;group=' . $id_group); } // Just show the 'add membergroup' screen. $context['page_title'] = $txt['membergroups_new_group']; $context['sub_template'] = 'new_group'; $context['post_group'] = isset($_REQUEST['postgroup']); $context['undefined_group'] = !isset($_REQUEST['postgroup']) && !isset($_REQUEST['generalgroup']); $context['allow_protected'] = allowedTo('admin_forum'); $result = smf_db_query(' SELECT id_group, group_name FROM {db_prefix}membergroups WHERE (id_group > {int:moderator_group} OR id_group = {int:global_mod_group})' . (empty($modSettings['permission_enable_postgroups']) ? ' AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : ' AND group_type != {int:is_protected}') . ' ORDER BY min_posts, id_group != {int:global_mod_group}, group_name', array('moderator_group' => 3, 'global_mod_group' => 2, 'min_posts' => -1, 'is_protected' => 1)); $context['groups'] = array(); while ($row = mysql_fetch_assoc($result)) { $context['groups'][] = array('id' => $row['id_group'], 'name' => $row['group_name']); } mysql_free_result($result); $result = smf_db_query(' SELECT id_board, name, child_level FROM {db_prefix}boards ORDER BY board_order', array()); $context['boards'] = array(); while ($row = mysql_fetch_assoc($result)) { $context['boards'][] = array('id' => $row['id_board'], 'name' => $row['name'], 'child_level' => $row['child_level'], 'selected' => false); } mysql_free_result($result); }
function AddMembergroup() { global $db_prefix, $context, $txt, $sourcedir, $modSettings; // A form was submitted, we can start adding. if (!empty($_POST['group_name'])) { checkSession(); $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based'])); // !!! Check for members with same name too? $request = db_query("\n\t\t\tSELECT MAX(ID_GROUP)\n\t\t\tFROM {$db_prefix}membergroups", __FILE__, __LINE__); list($ID_GROUP) = mysql_fetch_row($request); mysql_free_result($request); $ID_GROUP++; db_query("\n\t\t\tINSERT INTO {$db_prefix}membergroups\n\t\t\t\t(ID_GROUP, groupName, minPosts, stars, onlineColor)\n\t\t\tVALUES ({$ID_GROUP}, SUBSTRING('{$_POST['group_name']}', 1, 80), " . ($postCountBasedGroup ? (int) $_POST['min_posts'] : '-1') . ", '1#star.gif', '')", __FILE__, __LINE__); // Update the post groups now, if this is a post group! if (isset($_POST['min_posts'])) { updateStats('postgroups'); } // You cannot set permissions for post groups if they are disabled. if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) { $_POST['perm_type'] = ''; } if ($_POST['perm_type'] == 'predefined') { // Set default permission level. require_once $sourcedir . '/ManagePermissions.php'; setPermissionLevel($_POST['level'], $ID_GROUP, 'null'); } elseif ($_POST['perm_type'] == 'copy') { $_POST['copyperm'] = (int) $_POST['copyperm']; // Don't allow copying of a real priviledged person! require_once $sourcedir . '/ManagePermissions.php'; loadIllegalPermissions(); $request = db_query("\n\t\t\t\tSELECT permission, addDeny\n\t\t\t\tFROM {$db_prefix}permissions\n\t\t\t\tWHERE ID_GROUP = {$_POST['copyperm']}", __FILE__, __LINE__); $setString = ''; while ($row = mysql_fetch_assoc($request)) { if (empty($context['illegal_permissions']) || !in_array($row['permission'], $context['illegal_permissions'])) { $setString .= "\n\t\t\t\t\t\t({$ID_GROUP}, '{$row['permission']}', {$row['addDeny']}),"; } } mysql_free_result($request); if (!empty($setString)) { db_query("\n\t\t\t\t\tINSERT INTO {$db_prefix}permissions\n\t\t\t\t\t\t(ID_GROUP, permission, addDeny)\n\t\t\t\t\tVALUES" . substr($setString, 0, -1), __FILE__, __LINE__); } $request = db_query("\n\t\t\t\tSELECT ID_BOARD, permission, addDeny\n\t\t\t\tFROM {$db_prefix}board_permissions\n\t\t\t\tWHERE ID_GROUP = {$_POST['copyperm']}" . (empty($modSettings['permission_enable_by_board']) ? "\n\t\t\t\t\tAND ID_BOARD = 0" : ''), __FILE__, __LINE__); $setString = ''; while ($row = mysql_fetch_assoc($request)) { $setString .= "\n\t\t\t\t\t({$ID_GROUP}, {$row['ID_BOARD']}, '{$row['permission']}', {$row['addDeny']}),"; } mysql_free_result($request); if (!empty($setString)) { db_query("\n\t\t\t\t\tINSERT INTO {$db_prefix}board_permissions\n\t\t\t\t\t\t(ID_GROUP, ID_BOARD, permission, addDeny)\n\t\t\t\t\tVALUES" . substr($setString, 0, -1), __FILE__, __LINE__); } // Also get some membergroup information if we're not copying from guests... if ($_POST['copyperm'] > 0) { $request = db_query("\n\t\t\t\t\tSELECT onlineColor, maxMessages, stars\n\t\t\t\t\tFROM {$db_prefix}membergroups\n\t\t\t\t\tWHERE ID_GROUP = {$_POST['copyperm']}\n\t\t\t\t\tLIMIT 1", __FILE__, __LINE__); $group_info = mysql_fetch_assoc($request); mysql_free_result($request); // ...and update the new membergroup with it. db_query("\n\t\t\t\t\tUPDATE {$db_prefix}membergroups\n\t\t\t\t\tSET\n\t\t\t\t\t\tonlineColor = '{$group_info['onlineColor']}',\n\t\t\t\t\t\tmaxMessages = {$group_info['maxMessages']},\n\t\t\t\t\t\tstars = '{$group_info['stars']}'\n\t\t\t\t\tWHERE ID_GROUP = {$ID_GROUP}\n\t\t\t\t\tLIMIT 1", __FILE__, __LINE__); } } // Make sure all boards selected are stored in a proper array. $_POST['boardaccess'] = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess']; foreach ($_POST['boardaccess'] as $key => $value) { $_POST['boardaccess'][$key] = (int) $value; } // Only do this if they have special access requirements. if (!empty($_POST['boardaccess'])) { db_query("\n\t\t\t\tUPDATE {$db_prefix}boards\n\t\t\t\tSET memberGroups = IF(memberGroups = '', '{$ID_GROUP}', CONCAT(memberGroups, ',{$ID_GROUP}'))\n\t\t\t\tWHERE ID_BOARD IN (" . implode(', ', $_POST['boardaccess']) . ")\n\t\t\t\tLIMIT " . count($_POST['boardaccess']), __FILE__, __LINE__); } // Go change some more settings. redirectexit('action=membergroups;sa=edit;group=' . $ID_GROUP); } // Just show the 'add membergroup' screen. $context['page_title'] = $txt['membergroups_new_group']; $context['sub_template'] = 'new_group'; $context['post_group'] = !empty($_REQUEST['postgroup']); $context['undefined_group'] = empty($_REQUEST['postgroup']) && empty($_REQUEST['generalgroup']); $result = db_query("\n\t\tSELECT ID_GROUP, groupName\n\t\tFROM {$db_prefix}membergroups\n\t\tWHERE (ID_GROUP > 3 OR ID_GROUP = 2)" . (empty($modSettings['permission_enable_postgroups']) ? "\n\t\t\tAND minPosts = -1" : '') . "\n\t\tORDER BY minPosts, ID_GROUP != 2, groupName", __FILE__, __LINE__); $context['groups'] = array(); while ($row = mysql_fetch_assoc($result)) { $context['groups'][] = array('id' => $row['ID_GROUP'], 'name' => $row['groupName']); } mysql_free_result($result); $result = db_query("\n\t\tSELECT ID_BOARD, name, childLevel\n\t\tFROM {$db_prefix}boards", __FILE__, __LINE__); $context['boards'] = array(); while ($row = mysql_fetch_assoc($result)) { $context['boards'][] = array('id' => $row['ID_BOARD'], 'name' => $row['name'], 'child_level' => $row['childLevel'], 'selected' => false); } mysql_free_result($result); }
/** * Handles permission modification actions from the upper part of the * permission manager index. */ public function action_quick() { global $context; checkSession(); validateToken('admin-mpq', 'quick'); // we'll need to init illegal permissions, update permissions, etc. require_once SUBSDIR . '/Permission.subs.php'; require_once SUBSDIR . '/ManagePermissions.subs.php'; loadIllegalPermissions(); loadIllegalGuestPermissions(); // Make sure only one of the quick options was selected. if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) { fatal_lang_error('permissions_only_one_option', false); } if (empty($_POST['group']) || !is_array($_POST['group'])) { $_POST['group'] = array(); } // Only accept numeric values for selected membergroups. foreach ($_POST['group'] as $id => $group_id) { $_POST['group'][$id] = (int) $group_id; } $_POST['group'] = array_unique($_POST['group']); if (empty($_REQUEST['pid'])) { $_REQUEST['pid'] = 0; } else { $_REQUEST['pid'] = (int) $_REQUEST['pid']; } // Fix up the old global to the new default! $bid = max(1, $_REQUEST['pid']); // No modifying the predefined profiles. if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5) { fatal_lang_error('no_access', false); } // Clear out any cached authority. updateSettings(array('settings_updated' => time())); // No groups where selected. if (empty($_POST['group'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } // Set a predefined permission profile. if (!empty($_POST['predefined'])) { // Make sure it's a predefined permission set we expect. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } foreach ($_POST['group'] as $group_id) { if (!empty($_REQUEST['pid'])) { setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']); } else { setPermissionLevel($_POST['predefined'], $group_id); } } } elseif ($_POST['copy_from'] != 'empty') { // Just checking the input. if (!is_numeric($_POST['copy_from'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } // Make sure the group we're copying to is never included. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from'])); // No groups left? Too bad. if (empty($_POST['group'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } if (empty($_REQUEST['pid'])) { copyPermission($_POST['copy_from'], $_POST['group'], $context['illegal_permissions'], $context['non_guest_permissions']); } // Now do the same for the board permissions. copyBoardPermission($_POST['copy_from'], $_POST['group'], $bid, $context['non_guest_permissions']); // Update any children out there! updateChildPermissions($_POST['group'], $_REQUEST['pid']); } elseif (!empty($_POST['permissions'])) { // Unpack two variables that were transported. list($permissionType, $permission) = explode('/', $_POST['permissions']); // Check whether our input is within expected range. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } if ($_POST['add_remove'] == 'clear') { if ($permissionType == 'membergroup') { deletePermission($_POST['group'], $permission, $context['illegal_permissions']); } else { deleteBoardPermission($_POST['group'], $bid, $permission); } } else { $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0'; $permChange = array(); foreach ($_POST['group'] as $groupID) { if ($groupID == -1 && in_array($permission, $context['non_guest_permissions'])) { continue; } if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) { $permChange[] = array($permission, $groupID, $add_deny); } elseif ($permissionType != 'membergroup') { $permChange[] = array($permission, $groupID, $add_deny, $bid); } } if (!empty($permChange)) { if ($permissionType == 'membergroup') { replacePermission($permChange); } else { replaceBoardPermission($permChange); } } } // Another child update! updateChildPermissions($_POST['group'], $_REQUEST['pid']); } redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); }
/** * This function handles adding a membergroup and setting some initial properties. * * What it does: * -Called by ?action=admin;area=membergroups;sa=add. * -It requires the manage_membergroups permission. * -Allows to use a predefined permission profile or copy one from another group. * -Redirects to action=admin;area=membergroups;sa=edit;group=x. * * @uses the new_group sub template of ManageMembergroups. */ public function action_add() { global $context, $txt, $modSettings; require_once SUBSDIR . '/Membergroups.subs.php'; // A form was submitted, we can start adding. if (isset($_POST['group_name']) && trim($_POST['group_name']) != '') { checkSession(); validateToken('admin-mmg'); $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based'])); $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type']; // @todo Check for members with same name too? // Don't allow copying of a real priviledged person! require_once SUBSDIR . '/Permission.subs.php'; loadIllegalPermissions(); $id_group = getMaxGroupID() + 1; $minposts = !empty($_POST['min_posts']) ? (int) $_POST['min_posts'] : '-1'; addMembergroup($id_group, $_POST['group_name'], $minposts, $_POST['group_type']); call_integration_hook('integrate_add_membergroup', array($id_group, $postCountBasedGroup)); // Update the post groups now, if this is a post group! if (isset($_POST['min_posts'])) { updateStats('postgroups'); } // You cannot set permissions for post groups if they are disabled. if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups'])) { $_POST['perm_type'] = ''; } if ($_POST['perm_type'] == 'predefined') { // Set default permission level. require_once SUBSDIR . '/ManagePermissions.subs.php'; setPermissionLevel($_POST['level'], $id_group, null); } elseif ($_POST['perm_type'] == 'copy' || $_POST['perm_type'] == 'inherit') { $copy_id = $_POST['perm_type'] == 'copy' ? (int) $_POST['copyperm'] : (int) $_POST['inheritperm']; // Are you a powerful admin? if (!allowedTo('admin_forum')) { $copy_type = membergroupById($copy_id); // Protected groups are... well, protected! if ($copy_type['group_type'] == 1) { fatal_lang_error('membergroup_does_not_exist'); } } // Don't allow copying of a real priviledged person! require_once SUBSDIR . '/Permission.subs.php'; loadIllegalPermissions(); copyPermissions($id_group, $copy_id, $context['illegal_permissions']); copyBoardPermissions($id_group, $copy_id); // Also get some membergroup information if we're copying and not copying from guests... if ($copy_id > 0 && $_POST['perm_type'] == 'copy') { updateCopiedGroup($id_group, $copy_id); } elseif ($_POST['perm_type'] == 'inherit') { updateInheritedGroup($id_group, $copy_id); } } // Make sure all boards selected are stored in a proper array. $changed_boards = array(); $accesses = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess']; $changed_boards['allow'] = array(); $changed_boards['deny'] = array(); $changed_boards['ignore'] = array(); foreach ($accesses as $group_id => $action) { $changed_boards[$action][] = (int) $group_id; } foreach (array('allow', 'deny') as $board_action) { // Only do this if they have special access requirements. if (!empty($changed_boards[$board_action])) { assignGroupToBoards($id_group, $changed_boards, $board_action); } } // If this is joinable then set it to show group membership in people's profiles. if (empty($modSettings['show_group_membership']) && $_POST['group_type'] > 1) { updateSettings(array('show_group_membership' => 1)); } // Rebuild the group cache. updateSettings(array('settings_updated' => time())); // We did it. logAction('add_group', array('group' => $_POST['group_name']), 'admin'); // Go change some more settings. redirectexit('action=admin;area=membergroups;sa=edit;group=' . $id_group); } // Just show the 'add membergroup' screen. $context['page_title'] = $txt['membergroups_new_group']; $context['sub_template'] = 'new_group'; $context['post_group'] = isset($_REQUEST['postgroup']); $context['undefined_group'] = !isset($_REQUEST['postgroup']) && !isset($_REQUEST['generalgroup']); $context['allow_protected'] = allowedTo('admin_forum'); if (!empty($modSettings['deny_boards_access'])) { loadLanguage('ManagePermissions'); } $context['groups'] = getBasicMembergroupData(array('globalmod'), array(), 'min_posts, id_group != {int:global_mod_group}, group_name'); require_once SUBSDIR . '/Boards.subs.php'; $context += getBoardList(); // Include a list of boards per category for easy toggling. foreach ($context['categories'] as $category) { $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']); } createToken('admin-mmg'); }