acl_get('a_group') )
{
return;
}
$module['GROUP']['MANAGE'] = basename(__FILE__) . "$SID";
return;
}
define('IN_PHPBB', 1);
// Include files
$phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
// Do we have general permissions?
if (!$auth->acl_get('a_group') )
{
trigger_error($user->lang['NO_ADMIN']);
}
// Check and set some common vars
$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : '';
if (isset($_POST['addgroup']))
{
$action = 'addgroup';
}
else if (isset($_POST['delete']))
{
$action = 'delete';
}
else if (isset($_POST['add']))
{
$action = 'add';
}
else
{
$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
}
$group_id = (isset($_REQUEST['g'])) ? intval($_REQUEST['g']) : '';
$start = (isset($_GET['start']) && $mode == 'member') ? intval($_GET['start']) : 0;
$start_mod = (isset($_GET['start']) && $mode == 'mod') ? intval($_GET['start']) : 0;
$start_pend = (isset($_GET['start']) && $mode == 'pend') ? intval($_GET['start']) : 0;
// Grab basic data for group, if group_id is set since it's used
// in several places below
if (!empty($group_id))
{
$sql = "SELECT *
FROM " . GROUPS_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
if (!extract($db->sql_fetchrow($result)))
{
trigger_error($user->lang['NO_GROUP']);
}
$db->sql_freeresult($result);
}
// Page header
page_header($user->lang['MANAGE']);
// Which page?
switch ($action)
{
case 'edit':
case 'addgroup':
$error = '';
// Did we submit?
if (isset($_POST['submit']) || isset($_POST['submitprefs']))
{
if (isset($_POST['submit']))
{
if ($group_type != GROUP_SPECIAL)
{
$group_name = (!empty($_POST['group_name'])) ? htmlspecialchars($_POST['group_name']) : '';
$group_type = (!empty($_POST['group_type'])) ? intval($_POST['group_type']) : '';
}
$group_description = (!empty($_POST['group_description'])) ? htmlspecialchars($_POST['group_description']) : '';
$group_colour = (!empty($_POST['group_colour'])) ? htmlspecialchars($_POST['group_colour']) : '';
$group_rank = (isset($_POST['group_rank'])) ? intval($_POST['group_rank']) : '';
$group_avatar = (!empty($_POST['group_avatar'])) ? htmlspecialchars($_POST['group_avatar']) : '';
// Check data
if ($group_name == '' || strlen($group_name) > 40)
{
$error .= (($error != '') ? '
' : '') . (($group_name == '') ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG']);
}
if (strlen($group_description) > 255)
{
$error .= (($error != '') ? '
' : '') . $user->lang['GROUP_ERR_DESC_LONG'];
}
if ($group_type < GROUP_OPEN || $group_type > GROUP_FREE)
{
$error .= (($error != '') ? '
' : '') . $user->lang['GROUP_ERR_TYPE'];
}
}
else
{
$user_lang = (!empty($_POST['user_lang'])) ? htmlspecialchars($_POST['user_lang']) : '';
$user_tz = (isset($_POST['user_tz'])) ? doubleval($_POST['user_tz']) : '';
$user_dst = (isset($_POST['user_dst'])) ? intval($_POST['user_dst']) : '';
}
// Update DB
if (!$error)
{
// Update group preferences
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_name = '$group_name', group_description = '$group_description', group_type = $group_type, group_rank = $group_rank, group_colour = '$group_colour'
WHERE group_id = $group_id";
$db->sql_query($sql);
$user_sql = '';
$user_sql .= (isset($_POST['submit'])) ? ((($user_sql != '') ? ', ' : '') . "user_colour = '$group_colour'") : '';
$user_sql .= (isset($_POST['submit']) && $group_rank != -1) ? ((($user_sql != '') ? ', ' : '') . "user_rank = $group_rank") : '';
$user_sql .= (isset($_POST['submitprefs']) && $user_lang != -1) ? ((($user_sql != '') ? ', ' : '') . "user_lang = '$user_lang'") : '';
$user_sql .= (isset($_POST['submitprefs']) && $user_tz != -14) ? ((($user_sql != '') ? ', ' : '') . "user_timezone = $user_tz") : '';
$user_sql .= (isset($_POST['submitprefs']) && $user_dst != -1) ? ((($user_sql != '') ? ', ' : '') . "user_dst = $user_dst") : '';
// Update group members preferences
switch (SQL_LAYER)
{
case 'mysql':
case 'mysql4':
// batchwise? 500 at a time or so maybe? try to reduce memory useage
$more = true;
$start = 0;
do
{
$sql = "SELECT user_id
FROM " . USER_GROUP_TABLE . "
WHERE group_id = $group_id
LIMIT $start, 500";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
$user_count = 0;
$user_id_sql = '';
do
{
$user_id_sql .= (($user_id_sql != '') ? ', ' : '') . $row['user_id'];
$user_count++;
}
while ($row = $db->sql_fetchrow($result));
$sql = "UPDATE " . USERS_TABLE . "
SET $user_sql
WHERE user_id IN ($user_id_sql)";
$db->sql_query($sql);
if ($user_count == 500)
{
$start += 500;
}
else
{
$more = false;
}
}
else
{
$more = false;
}
$db->sql_freeresult($result);
unset($user_id_sql);
}
while ($more);
break;
default:
$sql = "UPDATE " . USERS_TABLE . "
SET $user_sql
WHERE user_id IN (
SELECT user_id
FROM " . USER_GROUP_TABLE . "
WHERE group_id = $group_id)";
$db->sql_query($sql);
}
trigger_error($user->lang['GROUP_UPDATED']);
}
}
?>
lang['MANAGE'] . ' : ' . $group_name . ''; ?>
lang['GROUP_EDIT_EXPLAIN']; ?>
sql_query($sql);
$rank_options = '';
if ($row = $db->sql_fetchrow($result))
{
do
{
$selected = (!empty($group_rank) && $row['rank_id'] == $group_rank) ? ' selected="selected"' : '';
$rank_options .= '';
}
while ($row = $db->sql_fetchrow($result));
}
$db->sql_freeresult($result);
$type_open = ($group_type == GROUP_OPEN) ? ' checked="checked"' : '';
$type_closed = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
$type_hidden = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
$type_free = ($group_type == GROUP_FREE) ? ' checked="checked"' : '';
?>
lang['GROUP_SETTINGS']; ?>
lang['GROUP_SETTINGS_EXPLAIN']; ?>
lang['NO_USERS']);
}
$users = explode("\n", $_POST['usernames']);
$table_sql = ($mode == 'mod' ) ? GROUPS_MODERATOR_TABLE : USER_GROUP_TABLE;
// Grab the user ids
$sql = "SELECT user_id
FROM " . USERS_TABLE . "
WHERE username IN (" . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#', "'\\1'", $users)) . ")";
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result)))
{
trigger_error($user->lang['NO_USERS']);
}
$user_id_ary = array();
do
{
$user_id_ary[] = $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));
$db->sql_freeresult($result);
// Remove users who are already members of this group
$sql = "SELECT user_id
FROM $table_sql
WHERE user_id IN (" . implode(', ', $user_id_ary) . ")
AND group_id = $group_id";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
$old_user_id_ary = array();
do
{
$old_user_id_ary[] = $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));
$user_id_ary = array_diff($user_id_ary, $old_user_id_ary);
}
$db->sql_freeresult($result);
if (!sizeof($user_id_ary))
{
trigger_error($user->lang['GROUP_ERR_USERS_EXIST']);
}
// Insert the new users
switch (SQL_LAYER)
{
case 'postgresql':
case 'msaccess':
case 'mssql-odbc':
case 'oracle':
case 'db2':
foreach ($user_id_ary as $user_id)
{
$sql = "INSERT INTO $table_sql (user_id, group_id)
VALUES ($user_id, $group_id)";
$db->sql_query($sql);
}
break;
case 'mysql':
case 'mysql4':
$sql = "INSERT INTO $table_sql (user_id, group_id)
VALUES " . implode(', ', preg_replace('#^([0-9]+)$#', "(\\1, $group_id)", $user_id_ary));
$db->sql_query($sql);
break;
case 'mssql':
$sql = "INSERT INTO $table_sql (user_id, group_id)
VALUES " . implode(' UNION ALL ', preg_replace('#^([0-9]+)$#', "(\\1, $group_id)", $user_id_ary));
$db->sql_query($sql);
break;
}
// Update user settings (color, rank) if applicable
if (!empty($_POST['settings']))
{
$sql = "UPDATE " . USERS_TABLE ."
SET user_colour = '$group_colour', user_rank = " . intval($group_rank) . "
WHERE user_id IN (" . implode(', ', $user_id_ary) . ")";
$db->sql_query($sql);
}
// add_log();
$message = ($mode == 'mod') ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
trigger_error($user->lang[$message]);
break;
case 'delete':
// TODO:
// Need to offer ability to demote moderators or remove from group
break;
case 'approve':
break;
case 'list':
$sql = "SELECT *
FROM " . GROUPS_TABLE . "
WHERE group_id = $group_id";
$result = $db->sql_query($sql);
if (!extract($db->sql_fetchrow($result)))
{
trigger_error($user->lang['NO_GROUP']);
}
$db->sql_freeresult($result);
?>
lang['GROUP_MEMBERS']; ?>
lang['GROUP_MEMBERS_EXPLAIN']; ?>
lang['GROUP_MODS']; ?>
lang['GROUP_MODS_EXPLAIN']; ?>
sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$total_members = $row['total_members'];
$sql = "SELECT u.user_id, u.username, u.user_regdate, u.user_posts
FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug
WHERE ug.group_id = $group_id
AND ug.user_pending = 1
AND u.user_id = ug.user_id
ORDER BY u.username
LIMIT $start_pend, " . $config['topics_per_page'];
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result) )
{
?>
lang['GROUP_PENDING']; ?>
lang['GROUP_PENDING_EXPLAIN']; ?>
sql_freeresult($result);
}
// Existing members
$skip_user_sql = (sizeof($group_mod_ary)) ? ' AND ug.user_id NOT IN (' . implode(', ', $group_mod_ary) . ')' : '';
$sql = "SELECT COUNT(ug.user_id) AS total_members
FROM " . USER_GROUP_TABLE . " ug
WHERE ug.group_id = $group_id
AND ug.user_pending = 0
$skip_user_sql";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$total_members = $row['total_members'];
$sql = "SELECT u.user_id, u.username, u.user_regdate, u.user_posts
FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug
WHERE ug.group_id = $group_id
AND ug.user_pending = 0
AND u.user_id = ug.user_id
$skip_user_sql
ORDER BY u.username
LIMIT $start, " . $config['topics_per_page'];
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result) )
{
?>
lang['GROUP_LIST']; ?>
lang['GROUP_LIST_EXPLAIN']; ?>
sql_freeresult($result);
break;
default:
// Default mangement page
?>
lang['MANAGE']; ?>
lang['GROUP_MANAGE_EXPLAIN']; ?>
lang['USER_DEF_GROUPS']; ?>
lang['USER_DEF_GROUPS_EXPLAIN']; ?>