/** * Check a user against multiple gang ranks. * This function calls gang_auth() once for each rank checked. * It returns true if any of the ranks validated. In other words, * this performs a logical OR comparison. * * @param int $userid * @param array $ranks * @return bool */ function gang_auth_all($userid, $ranks) { global $gvars; if (!is_array($ranks)) { $ranks = array($ranks); } foreach ($ranks as $rank) { if (gang_auth($userid, $rank)) { return true; } } return false; }
function sgang_alter_staff() { global $gvars; if (!gang_auth_all($gvars->userid, array('pres', 'vice'))) { echo "<h3>You are not authorized to access this portion of the staff panel.</h3>"; gang_go_back('yourgang.php?action=sgang_home'); return; } if (!isset($_REQUEST['them_id']) or intval($_REQUEST['them_id']) < 1) { echo "<h3>Please submit a valid request.</h3>"; gang_go_back('yourgang.php?action=sgang_leadership'); return; } $them_id = intval($_REQUEST['them_id']); $q_get = sprintf('select username from users where userid = %d and gang = %d', $them_id, $gvars->ir['gang']); $q_get = mysql_query($q_get); if (!$q_get or mysql_num_rows($q_get) < 1) { echo "<h3>Please submit a valid request.</h3>"; gang_go_back('yourgang.php?action=sgang_leadership'); return; } list($them_name) = mysql_fetch_array($q_get); if (!isset($_REQUEST['rank']) or strlen($_REQUEST['rank']) < 1) { echo "<h3>Please submit a valid request.</h3>"; gang_go_back('yourgang.php?action=sgang_leadership'); return; } $rank = $_REQUEST['rank']; $us_p = gang_get_profile_link($gvars->userid, $gvars->ir['username']); $them_p = gang_get_profile_link($them_id, $them_name); $completed = false; switch ($rank) { case 'pres': if (gang_auth($gvars->userid, 'pres')) { $q_set = sprintf('update gangs set gangPRESIDENT = %d where gangID = %d', $them_id, $gvars->ir['gang']); mysql_query($q_set); if (mysql_affected_rows() > 0) { $q_set = sprintf('update gangs set gangVICEPRES = 0 where gangVICEPRES = %d and gangID = %d', $them_id, $gvars->ir['gang']); mysql_query($q_set); gang_new_event($gvars->ir['gang'], sprintf('%s promoted %s to the position of %s', $us_p, $them_p, $gvars->pres), 'escape'); event_add($them_id, sprintf('%s promoted you to the position of %s of %s', $us_p, $gvars->pres, $gvars->data['gangNAME']), $gvars->c); $result = "<p class=\"center\">{$them_p} has been promoted to {$gvars->pres}.</p>"; $completed = true; } } break; case 'vice': if (gang_auth($gvars->userid, 'pres') and $gvars->userid != $them_id) { $q_set = sprintf('update gangs set gangVICEPRES = %d where gangID = %d', $them_id, $gvars->ir['gang']); mysql_query($q_set); if (mysql_error()) { echo mysql_error(); } if (mysql_affected_rows() > 0) { gang_new_event($gvars->ir['gang'], sprintf('%s promoted %s to the position of %s', $us_p, $them_p, $gvars->vice_pres), 'escape'); if ($gvars->userid != $gvars->data['gangVICEPRES'] and $gvars->data['gangVICEPRES'] > 0) { event_add($them_id, sprintf('%s demoted you from the position of %s of %s', $us_p, $gvars->vice_pres, $gvars->data['gangNAME']), $gvars->c); } event_add($them_id, sprintf('%s promoted you to the position of %s of %s', $us_p, $gvars->vice_pres, $gvars->data['gangNAME']), $gvars->c); $result = "<p class=\"center\">{$them_p} has been promoted to {$gvars->vice_pres}.</p>"; $completed = true; } } break; case 'remove': if (gang_auth($gvars->userid, 'pres')) { $q_set = sprintf('update gangs set gangVICEPRES = 0 where gangVICEPRES = %d and gangID = %d', $them_id, $gvars->ir['gang']); mysql_query($q_set); if (mysql_affected_rows() > 0) { gang_new_event($gvars->ir['gang'], sprintf('%s demoted %s from the position of %s', $us_p, $them_p, $gvars->vice_pres), 'escape'); if ($them_id != $gvars->userid) { event_add($them_id, sprintf('%s demoted you from the position of %s of %s', $us_p, $gvars->vice_pres, $gvars->data['gangNAME']), $gvars->c); } $result = "<p class=\"center\">{$them_p} has been demoted from {$gvars->vice_pres}.</p>"; $completed = true; } } break; } if (!$completed) { echo "<h3>The request could not be completed.</h3><p>If you are the {$gvars->pres}, you may not demote yourself, you may only promote someone else\n\t\tto the position of {$gvars->pres}. If you are the {$gvars->vice_pres}, you can only remove yourself from your position.</p>"; } else { echo "<h3>Complete</h3>{$result}"; } gang_go_back('yourgang.php?action=sgang_leadership'); return; }