/**
* API function - The ACP backend, this marks the end of the easy methods
*/
function acp_page($id, &$module)
{
global $db, $user, $auth, $template, $lang;
global $config, $phpbb_admin_path;
$user->add_lang('acp/board');
$user->add_lang('captcha_qa');
if (!$this->is_installed()) {
$this->install();
}
$module->tpl_name = 'captcha_qa_acp';
$module->page_title = 'ACP_VC_SETTINGS';
$form_key = 'acp_captcha';
add_form_key($form_key);
$submit = request_var('submit', false);
$question_id = request_var('question_id', 0);
$action = request_var('action', '');
// we have two pages, so users might want to navigate from one to the other
$list_url = $module->u_action . "&configure=1&select_captcha=" . $this->get_class_name();
$template->assign_vars(array('U_ACTION' => $module->u_action, 'QUESTION_ID' => $question_id, 'CLASS' => $this->get_class_name()));
// show the list?
if (!$question_id && $action != 'add') {
$this->acp_question_list($module);
} else {
if ($question_id && $action == 'delete') {
if (confirm_box(true)) {
$this->acp_delete_question($question_id);
trigger_error($lang['QUESTION_DELETED'] . page_back_link($list_url));
} else {
confirm_box(false, $lang['CONFIRM_OPERATION'], build_hidden_fields(array('question_id' => $question_id, 'action' => $action, 'configure' => 1, 'select_captcha' => $this->get_class_name())));
}
} else {
// okay, show the editor
$error = false;
$input_question = request_var('question_text', '', true);
$input_answers = request_var('answers', '', true);
$input_lang = request_var('lang_iso', '', true);
$input_strict = request_var('strict', false);
$langs = $this->get_languages();
foreach ($langs as $lang => $entry) {
$template->assign_block_vars('langs', array('ISO' => $lang, 'NAME' => $entry['name']));
}
$template->assign_vars(array('U_LIST' => $list_url));
if ($question_id) {
if ($question = $this->acp_get_question_data($question_id)) {
$answers = isset($input_answers[$lang]) ? $input_answers[$lang] : implode("\n", $question['answers']);
$template->assign_vars(array('QUESTION_TEXT' => $input_question ? $input_question : $question['question_text'], 'LANG_ISO' => $input_lang ? $input_lang : $question['lang_iso'], 'STRICT' => isset($_REQUEST['strict']) ? $input_strict : $question['strict'], 'ANSWERS' => $answers));
} else {
trigger_error($lang['FORM_INVALID'] . page_back_link($list_url));
}
} else {
$template->assign_vars(array('QUESTION_TEXT' => $input_question, 'LANG_ISO' => $input_lang, 'STRICT' => $input_strict, 'ANSWERS' => $input_answers));
}
if ($submit && check_form_key($form_key)) {
$data = $this->acp_get_question_input();
if (!$this->validate_input($data)) {
$template->assign_vars(array('S_ERROR' => true));
} else {
if ($question_id) {
$this->acp_update_question($data, $question_id);
} else {
$this->acp_add_question($data);
}
add_log('admin', 'LOG_CONFIG_VISUAL');
trigger_error($lang['CONFIG_UPDATED'] . page_back_link($list_url));
}
} else {
if ($submit) {
trigger_error($lang['FORM_INVALID'] . page_back_link($list_url));
}
}
}
}
}
if (substr($data['bbcode_tag'], -1) === '=') {
$test = substr($data['bbcode_tag'], 0, -1);
} else {
$test = $data['bbcode_tag'];
}
if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $data['bbcode_match'])) {
trigger_error($lang['BBCODE_OPEN_ENDED_TAG'] . page_back_link($page_action), E_USER_WARNING);
}
if (strlen($data['bbcode_tag']) > 16) {
trigger_error($lang['BBCODE_TAG_TOO_LONG'] . page_back_link($page_action), E_USER_WARNING);
}
if (strlen($data['bbcode_match']) > 4000) {
trigger_error($lang['BBCODE_TAG_DEF_TOO_LONG'] . page_back_link($page_action), E_USER_WARNING);
}
if (strlen($data['bbcode_helpline']) > 255) {
trigger_error($lang['BBCODE_HELPLINE_TOO_LONG'] . page_back_link($page_action), E_USER_WARNING);
}
if ($data['bbcode_match'] == '' && $data['bbcode_tpl'] == '') {
trigger_error($lang['BBCODE_INVALID'], E_USER_WARNING);
}
if ($bbcode_id > 0) {
$class_db->update_item($bbcode_id, $data);
$message = '<br /><br />' . $lang['BBCODES_DB_UPDATED'];
} else {
$class_db->insert_item($data);
$message = '<br /><br />' . $lang['BBCODES_DB_ADDED'];
}
$cache->destroy_datafiles(array('_bbcodes'), MAIN_CACHE_FOLDER, 'data', true);
$message .= '<br /><br />' . sprintf($lang['BBCODES_DB_CLICK'], '<a href="' . append_sid(THIS_PAGE) . '">', '</a>');
$message .= '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
function acp_page($id, &$module)
{
global $lang;
trigger_error($lang['CAPTCHA_NO_OPTIONS'] . page_back_link($module->u_action));
}
function main($id, $mode)
{
global $db, $cache, $config, $user, $lang, $auth, $template, $cms_admin;
add_permission_language();
include_once IP_ROOT_PATH . 'includes/class_auth_admin.' . PHP_EXT;
$auth_admin = new auth_admin();
$submit = isset($_POST['submit']) ? true : false;
$role_id = request_var('role_id', 0);
$action = request_var('paction', '');
$action = isset($_POST['add']) ? 'add' : $action;
$form_name = 'acp_permissions';
add_form_key($form_name);
$this->tpl_name = 'cms_permissions_roles.tpl';
$this->u_action = append_sid($cms_admin->root . '?mode=auth&rmode=' . $mode . '&roles_admin=1');
switch ($mode) {
case 'admin_roles':
$permission_type = 'a_';
$this->page_title = 'ACP_ADMIN_ROLES';
break;
case 'cms_roles':
$permission_type = 'cms_';
$this->page_title = 'ACP_CMS_ROLES';
break;
case 'forum_roles':
$permission_type = 'f_';
$this->page_title = 'ACP_FORUM_ROLES';
break;
case 'mod_roles':
$permission_type = 'm_';
$this->page_title = 'ACP_MOD_ROLES';
break;
case 'plugins_roles':
$permission_type = 'pl_';
$this->page_title = 'ACP_PLUGINS_ROLES';
break;
case 'user_roles':
$permission_type = 'u_';
$this->page_title = 'ACP_USER_ROLES';
break;
default:
trigger_error('NO_MODE', E_USER_ERROR);
break;
}
$template->assign_vars(array('L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN']));
// Take action... admin submitted something
if ($submit || $action == 'remove') {
switch ($action) {
case 'remove':
if (!$role_id) {
trigger_error($user->lang['NO_ROLE_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING);
}
$sql = 'SELECT *
FROM ' . ACL_ROLES_TABLE . '
WHERE role_id = ' . $role_id;
$result = $db->sql_query($sql);
$role_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$role_row) {
trigger_error($user->lang['NO_ROLE_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING);
}
if (confirm_box(true)) {
$this->remove_role($role_id, $permission_type);
$role_name = !empty($user->lang[$role_row['role_name']]) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', $role_name);
trigger_error($user->lang['ROLE_DELETED'] . page_back_link($this->u_action));
} else {
$s_hidden_fields = array('i' => $id, 'pmode' => $mode, 'role_id' => $role_id, 'paction' => $action);
confirm_box(false, 'DELETE_ROLE', build_hidden_fields($s_hidden_fields));
}
break;
case 'edit':
if (!$role_id) {
trigger_error($user->lang['NO_ROLE_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING);
}
// Get role we edit
$sql = 'SELECT *
FROM ' . ACL_ROLES_TABLE . '
WHERE role_id = ' . $role_id;
$result = $db->sql_query($sql);
$role_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$role_row) {
trigger_error($user->lang['NO_ROLE_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING);
}
// no break;
// no break;
case 'add':
if (!check_form_key($form_name)) {
trigger_error($user->lang['FORM_INVALID'] . page_back_link($this->u_action), E_USER_WARNING);
}
$role_name = utf8_normalize_nfc(request_var('role_name', '', true));
$role_description = utf8_normalize_nfc(request_var('role_description', '', true));
$auth_settings = request_var('setting', array('' => 0));
if (!$role_name) {
trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . page_back_link($this->u_action), E_USER_WARNING);
}
if (utf8_strlen($role_description) > 4000) {
trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . page_back_link($this->u_action), E_USER_WARNING);
}
// if we add/edit a role we check the name to be unique among the settings...
$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "\n\t\t\t\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\t\t\t\t\tAND role_name = '" . $db->sql_escape($role_name) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// Make sure we only print out the error if we add the role or change it's name
if ($row && ($mode == 'add' || $mode == 'edit' && $role_row['role_name'] != $role_name)) {
trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . page_back_link($this->u_action), E_USER_WARNING);
}
$sql_ary = array('role_name' => (string) $role_name, 'role_description' => (string) $role_description, 'role_type' => (string) $permission_type);
if ($action == 'edit') {
$sql = 'UPDATE ' . ACL_ROLES_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE role_id = ' . $role_id;
$db->sql_query($sql);
} else {
// Get maximum role order for inserting a new role...
$sql = 'SELECT MAX(role_order) as max_order
FROM ' . ACL_ROLES_TABLE . "\n\t\t\t\t\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'";
$result = $db->sql_query($sql);
$max_order = (int) $db->sql_fetchfield('max_order');
$db->sql_freeresult($result);
$sql_ary['role_order'] = $max_order + 1;
$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
$role_id = $db->sql_nextid();
}
// Now add the auth settings
$auth_admin->acl_set_role($role_id, $auth_settings);
$role_name = !empty($user->lang[$role_name]) ? $user->lang[$role_name] : $role_name;
add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), $role_name);
trigger_error($user->lang['ROLE_' . strtoupper($action) . '_SUCCESS'] . page_back_link($this->u_action));
break;
}
}
// Display screens
switch ($action) {
case 'add':
$options_from = request_var('options_from', 0);
$role_row = array('role_name' => utf8_normalize_nfc(request_var('role_name', '', true)), 'role_description' => utf8_normalize_nfc(request_var('role_description', '', true)), 'role_type' => $permission_type);
if ($options_from) {
$sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
WHERE o.auth_option_id = p.auth_option_id
AND p.role_id = ' . $options_from . '
ORDER BY p.auth_option_id';
$result = $db->sql_query($sql);
$auth_options = array();
while ($row = $db->sql_fetchrow($result)) {
$auth_options[$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
} else {
$sql = 'SELECT auth_option_id, auth_option
FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\t\tWHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . "\n\t\t\t\t\t\t\tAND auth_option <> '{$permission_type}'\n\t\t\t\t\t\tORDER BY auth_option_id";
$result = $db->sql_query($sql);
$auth_options = array();
while ($row = $db->sql_fetchrow($result)) {
$auth_options[$row['auth_option']] = ACL_NO;
}
$db->sql_freeresult($result);
}
// no break;
// no break;
case 'edit':
if ($action == 'edit') {
if (!$role_id) {
trigger_error($user->lang['NO_ROLE_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING);
}
$sql = 'SELECT *
FROM ' . ACL_ROLES_TABLE . '
WHERE role_id = ' . $role_id;
$result = $db->sql_query($sql);
$role_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
WHERE o.auth_option_id = p.auth_option_id
AND p.role_id = ' . $role_id . '
ORDER BY p.auth_option_id';
$result = $db->sql_query($sql);
$auth_options = array();
while ($row = $db->sql_fetchrow($result)) {
$auth_options[$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
}
if (!$role_row) {
trigger_error($user->lang['NO_ROLE_SELECTED'] . page_back_link($this->u_action), E_USER_WARNING);
}
$template->assign_vars(array('S_EDIT' => true, 'U_ACTION' => $this->u_action . "&paction={$action}&role_id={$role_id}", 'U_BACK' => $this->u_action, 'ROLE_NAME' => $role_row['role_name'], 'ROLE_DESCRIPTION' => $role_row['role_description'], 'L_ACL_TYPE' => $user->lang['ACL_TYPE_' . strtoupper($permission_type)]));
// We need to fill the auth options array with ACL_NO options ;)
$sql = 'SELECT auth_option_id, auth_option
FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . "\n\t\t\t\t\t\tAND auth_option <> '{$permission_type}'\n\t\t\t\t\tORDER BY auth_option_id";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if (!isset($auth_options[$row['auth_option']])) {
$auth_options[$row['auth_option']] = ACL_NO;
}
}
$db->sql_freeresult($result);
// Unset global permission option
unset($auth_options[$permission_type]);
// Display auth options
$this->display_auth_options($auth_options);
// Get users/groups/forums using this preset...
if ($action == 'edit') {
$hold_ary = $auth_admin->get_role_mask($role_id);
if (sizeof($hold_ary)) {
$role_name = !empty($user->lang[$role_row['role_name']]) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
$template->assign_vars(array('S_DISPLAY_ROLE_MASK' => true, 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name)));
$auth_admin->display_role_mask($hold_ary);
}
}
return;
break;
case 'move_up':
case 'move_down':
$order = request_var('order', 0);
$order_total = $order * 2 + ($action == 'move_up' ? -1 : 1);
$sql = 'UPDATE ' . ACL_ROLES_TABLE . '
SET role_order = ' . $order_total . " - role_order\n\t\t\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\t\t\t\tAND role_order IN ({$order}, " . ($action == 'move_up' ? $order - 1 : $order + 1) . ')';
$db->sql_query($sql);
break;
}
// By default, check that role_order is valid and fix it if necessary
$sql = 'SELECT role_id, role_order
FROM ' . ACL_ROLES_TABLE . "\n\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\tORDER BY role_order ASC";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
$order = 0;
do {
$order++;
if ($row['role_order'] != $order) {
$db->sql_query('UPDATE ' . ACL_ROLES_TABLE . " SET role_order = {$order} WHERE role_id = {$row['role_id']}");
}
} while ($row = $db->sql_fetchrow($result));
}
$db->sql_freeresult($result);
// Display assigned items?
$display_item = request_var('display_item', 0);
// Select existing roles
$sql = 'SELECT *
FROM ' . ACL_ROLES_TABLE . "\n\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\tORDER BY role_order ASC";
$result = $db->sql_query($sql);
$s_role_options = '';
while ($row = $db->sql_fetchrow($result)) {
$role_name = !empty($user->lang[$row['role_name']]) ? $user->lang[$row['role_name']] : $row['role_name'];
$template->assign_block_vars('roles', array('ROLE_NAME' => $role_name, 'ROLE_DESCRIPTION' => !empty($user->lang[$row['role_description']]) ? $user->lang[$row['role_description']] : nl2br($row['role_description']), 'U_EDIT' => $this->u_action . '&paction=edit&role_id=' . $row['role_id'], 'U_REMOVE' => $this->u_action . '&paction=remove&role_id=' . $row['role_id'], 'U_MOVE_UP' => $this->u_action . '&paction=move_up&order=' . $row['role_order'], 'U_MOVE_DOWN' => $this->u_action . '&paction=move_down&order=' . $row['role_order'], 'U_DISPLAY_ITEMS' => $row['role_id'] == $display_item ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to'));
$s_role_options .= '<option value="' . $row['role_id'] . '">' . $role_name . '</option>';
if ($display_item == $row['role_id']) {
$template->assign_vars(array('L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name)));
}
}
$db->sql_freeresult($result);
$template->assign_vars(array('S_ROLE_OPTIONS' => $s_role_options));
if ($display_item) {
$template->assign_vars(array('S_DISPLAY_ROLE_MASK' => true));
$hold_ary = $auth_admin->get_role_mask($display_item);
$auth_admin->display_role_mask($hold_ary);
}
}
/**
* Remove permissions
*/
function remove_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$group_id, &$forum_id)
{
global $db, $user, $auth;
// User or group to be set?
$ug_type = sizeof($user_id) ? 'user' : 'group';
// Check the permission setting again
if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's')) {
trigger_error($user->lang['NO_AUTH_OPERATION'] . page_back_link($this->u_action), E_USER_WARNING);
}
$auth_admin->acl_delete($ug_type, $ug_type == 'user' ? $user_id : $group_id, sizeof($forum_id) ? $forum_id : false, $permission_type);
// Do we need to recache the moderator lists?
if ($permission_type == 'm_') {
cache_moderators();
}
$this->log_action($mode, 'del', $permission_type, $ug_type, $ug_type == 'user' ? $user_id : $group_id, sizeof($forum_id) ? $forum_id : array(0 => 0));
if ($mode == 'setting_forum_local' || $mode == 'setting_mod_local') {
trigger_error($user->lang['AUTH_UPDATED'] . page_back_link($this->u_action . '&forum_id[]=' . implode('&forum_id[]=', $forum_id)));
} else {
trigger_error($user->lang['AUTH_UPDATED'] . page_back_link($this->u_action));
}
}
function acp_page($id, &$module)
{
global $db, $config, $lang, $auth, $template;
$user->add_lang('acp/board');
$config_vars = array('enable_confirm' => 'REG_ENABLE', 'enable_post_confirm' => 'POST_ENABLE', 'confirm_refresh' => 'CONFIRM_REFRESH', 'captcha_gd' => 'CAPTCHA_GD');
$module->tpl_name = 'captcha_gd_acp';
$module->page_title = 'ACP_VC_SETTINGS';
$form_key = 'acp_captcha';
add_form_key($form_key);
$submit = request_var('submit', '');
if ($submit && check_form_key($form_key)) {
$captcha_vars = array_keys($this->captcha_vars);
foreach ($captcha_vars as $captcha_var) {
$value = request_var($captcha_var, 0);
if ($value >= 0) {
set_config($captcha_var, $value);
}
}
//add_log('admin', 'LOG_CONFIG_VISUAL');
trigger_error($lang['CONFIG_UPDATED'] . page_back_link($module->u_action));
} else {
if ($submit) {
trigger_error($lang['FORM_INVALID'] . page_back_link($module->u_action));
} else {
foreach ($this->captcha_vars as $captcha_var => $template_var) {
$var = isset($_REQUEST[$captcha_var]) ? request_var($captcha_var, 0) : $config[$captcha_var];
$template->assign_var($template_var, $var);
}
$template->assign_vars(array('CAPTCHA_PREVIEW' => $this->get_demo_template($id), 'CAPTCHA_NAME' => $this->get_class_name(), 'U_ACTION' => $module->u_action));
}
}
}
function acp_page($id, &$module)
{
global $config, $db, $template, $user;
$captcha_vars = array('recaptcha_pubkey' => 'RECAPTCHA_PUBKEY', 'recaptcha_privkey' => 'RECAPTCHA_PRIVKEY');
$module->tpl_name = 'captcha_recaptcha_acp';
$module->page_title = 'ACP_VC_SETTINGS';
$form_key = 'acp_captcha';
add_form_key($form_key);
$submit = request_var('submit', '');
if ($submit && check_form_key($form_key)) {
$captcha_vars = array_keys($captcha_vars);
foreach ($captcha_vars as $captcha_var) {
$value = request_var($captcha_var, '');
if ($value) {
set_config($captcha_var, $value);
}
}
add_log('admin', 'LOG_CONFIG_VISUAL');
trigger_error($user->lang['CONFIG_UPDATED'] . page_back_link($module->u_action));
} elseif ($submit) {
trigger_error($user->lang['FORM_INVALID'] . page_back_link($module->u_action));
} else {
foreach ($captcha_vars as $captcha_var => $template_var) {
$var = isset($_REQUEST[$captcha_var]) ? request_var($captcha_var, '') : (isset($config[$captcha_var]) ? $config[$captcha_var] : '');
$template->assign_var($template_var, $var);
}
$template->assign_vars(array('CAPTCHA_PREVIEW' => $this->get_demo_template($id), 'CAPTCHA_NAME' => $this->get_class_name(), 'U_ACTION' => $module->u_action));
}
}