ManageMembergroups.php 36 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076
  1. <?php
  2. /**
  3. * This file is concerned with anything in the Manage Membergroups screen.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2011 Simple Machines
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.0
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. /**
  17. * Main dispatcher, the entrance point for all 'Manage Membergroup' actions.
  18. * It forwards to a function based on the given subaction, default being subaction 'index', or, without manage_membergroup
  19. * permissions, then 'settings'.
  20. * Called by ?action=admin;area=membergroups.
  21. * Requires the manage_membergroups or the admin_forum permission.
  22. *
  23. * @uses ManageMembergroups template.
  24. * @uses ManageMembers language file.
  25. */
  26. function ModifyMembergroups()
  27. {
  28. global $context, $txt, $scripturl, $sourcedir;
  29. $subActions = array(
  30. 'add' => array('AddMembergroup', 'manage_membergroups'),
  31. 'delete' => array('DeleteMembergroup', 'manage_membergroups'),
  32. 'edit' => array('EditMembergroup', 'manage_membergroups'),
  33. 'index' => array('MembergroupIndex', 'manage_membergroups'),
  34. 'members' => array('MembergroupMembers', 'manage_membergroups', 'Groups.php'),
  35. 'settings' => array('ModifyMembergroupsettings', 'admin_forum'),
  36. );
  37. // Default to sub action 'index' or 'settings' depending on permissions.
  38. $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : (allowedTo('manage_membergroups') ? 'index' : 'settings');
  39. // Is it elsewhere?
  40. if (isset($subActions[$_REQUEST['sa']][2]))
  41. require_once($sourcedir . '/' . $subActions[$_REQUEST['sa']][2]);
  42. // Do the permission check, you might not be allowed her.
  43. isAllowedTo($subActions[$_REQUEST['sa']][1]);
  44. // Language and template stuff, the usual.
  45. loadLanguage('ManageMembers');
  46. loadTemplate('ManageMembergroups');
  47. // Setup the admin tabs.
  48. $context[$context['admin_menu_name']]['tab_data'] = array(
  49. 'title' => $txt['membergroups_title'],
  50. 'help' => 'membergroups',
  51. 'description' => $txt['membergroups_description'],
  52. );
  53. // Call the right function.
  54. $subActions[$_REQUEST['sa']][0]();
  55. }
  56. /**
  57. * Shows an overview of the current membergroups.
  58. * Called by ?action=admin;area=membergroups.
  59. * Requires the manage_membergroups permission.
  60. * Splits the membergroups in regular ones and post count based groups.
  61. * It also counts the number of members part of each membergroup.
  62. *
  63. * @uses ManageMembergroups template, main.
  64. */
  65. function MembergroupIndex()
  66. {
  67. global $txt, $scripturl, $context, $settings, $smcFunc, $sourcedir;
  68. $context['page_title'] = $txt['membergroups_title'];
  69. // The first list shows the regular membergroups.
  70. $listOptions = array(
  71. 'id' => 'regular_membergroups_list',
  72. 'title' => $txt['membergroups_regular'],
  73. 'base_href' => $scripturl . '?action=admin;area=membergroups' . (isset($_REQUEST['sort2']) ? ';sort2=' . urlencode($_REQUEST['sort2']) : ''),
  74. 'default_sort_col' => 'name',
  75. 'get_items' => array(
  76. 'file' => $sourcedir . '/Subs-Membergroups.php',
  77. 'function' => 'list_getMembergroups',
  78. 'params' => array(
  79. 'regular',
  80. ),
  81. ),
  82. 'columns' => array(
  83. 'name' => array(
  84. 'header' => array(
  85. 'value' => $txt['membergroups_name'],
  86. ),
  87. 'data' => array(
  88. 'function' => create_function('$rowData', '
  89. global $scripturl;
  90. // Since the moderator group has no explicit members, no link is needed.
  91. if ($rowData[\'id_group\'] == 3)
  92. $group_name = $rowData[\'group_name\'];
  93. else
  94. {
  95. $color_style = empty($rowData[\'online_color\']) ? \'\' : sprintf(\' style="color: %1$s;"\', $rowData[\'online_color\']);
  96. $group_name = sprintf(\'<a href="%1$s?action=admin;area=membergroups;sa=members;group=%2$d"%3$s>%4$s</a>\', $scripturl, $rowData[\'id_group\'], $color_style, $rowData[\'group_name\']);
  97. }
  98. // Add a help option for moderator and administrator.
  99. if ($rowData[\'id_group\'] == 1)
  100. $group_name .= sprintf(\' (<a href="%1$s?action=helpadmin;help=membergroup_administrator" onclick="return reqWin(this.href);">?</a>)\', $scripturl);
  101. elseif ($rowData[\'id_group\'] == 3)
  102. $group_name .= sprintf(\' (<a href="%1$s?action=helpadmin;help=membergroup_moderator" onclick="return reqWin(this.href);">?</a>)\', $scripturl);
  103. return $group_name;
  104. '),
  105. ),
  106. 'sort' => array(
  107. 'default' => 'CASE WHEN id_group < 4 THEN id_group ELSE 4 END, group_name',
  108. 'reverse' => 'CASE WHEN id_group < 4 THEN id_group ELSE 4 END, group_name DESC',
  109. ),
  110. ),
  111. 'stars' => array(
  112. 'header' => array(
  113. 'value' => $txt['membergroups_stars'],
  114. ),
  115. 'data' => array(
  116. 'function' => create_function('$rowData', '
  117. global $settings;
  118. $stars = explode(\'#\', $rowData[\'stars\']);
  119. // In case no stars are setup, return with nothing
  120. if (empty($stars[0]) || empty($stars[1]))
  121. return \'\';
  122. // Otherwise repeat the image a given number of times.
  123. else
  124. {
  125. $image = sprintf(\'<img src="%1$s/%2$s" alt="*" />\', $settings[\'images_url\'], $stars[1]);
  126. return str_repeat($image, $stars[0]);
  127. }
  128. '),
  129. ),
  130. 'sort' => array(
  131. 'default' => 'stars',
  132. 'reverse' => 'stars DESC',
  133. )
  134. ),
  135. 'members' => array(
  136. 'header' => array(
  137. 'value' => $txt['membergroups_members_top'],
  138. ),
  139. 'data' => array(
  140. 'function' => create_function('$rowData', '
  141. global $txt;
  142. // No explicit members for the moderator group.
  143. return $rowData[\'id_group\'] == 3 ? $txt[\'membergroups_guests_na\'] : $rowData[\'num_members\'];
  144. '),
  145. 'style' => 'text-align: center',
  146. ),
  147. 'sort' => array(
  148. 'default' => 'CASE WHEN id_group < 4 THEN id_group ELSE 4 END, 1',
  149. 'reverse' => 'CASE WHEN id_group < 4 THEN id_group ELSE 4 END, 1 DESC',
  150. ),
  151. ),
  152. 'modify' => array(
  153. 'header' => array(
  154. 'value' => $txt['modify'],
  155. ),
  156. 'data' => array(
  157. 'sprintf' => array(
  158. 'format' => '<a href="' . $scripturl . '?action=admin;area=membergroups;sa=edit;group=%1$d">' . $txt['membergroups_modify'] . '</a>',
  159. 'params' => array(
  160. 'id_group' => false,
  161. ),
  162. ),
  163. 'style' => 'text-align: center',
  164. ),
  165. ),
  166. ),
  167. 'additional_rows' => array(
  168. array(
  169. 'position' => 'below_table_data',
  170. 'value' => '[<a href="' . $scripturl . '?action=admin;area=membergroups;sa=add;generalgroup">' . $txt['membergroups_add_group'] . '</a>]',
  171. ),
  172. ),
  173. );
  174. require_once($sourcedir . '/Subs-List.php');
  175. createList($listOptions);
  176. // The second list shows the post count based groups.
  177. $listOptions = array(
  178. 'id' => 'post_count_membergroups_list',
  179. 'title' => $txt['membergroups_post'],
  180. 'base_href' => $scripturl . '?action=admin;area=membergroups' . (isset($_REQUEST['sort']) ? ';sort=' . urlencode($_REQUEST['sort']) : ''),
  181. 'default_sort_col' => 'required_posts',
  182. 'request_vars' => array(
  183. 'sort' => 'sort2',
  184. 'desc' => 'desc2',
  185. ),
  186. 'get_items' => array(
  187. 'file' => $sourcedir . '/Subs-Membergroups.php',
  188. 'function' => 'list_getMembergroups',
  189. 'params' => array(
  190. 'post_count',
  191. ),
  192. ),
  193. 'columns' => array(
  194. 'name' => array(
  195. 'header' => array(
  196. 'value' => $txt['membergroups_name'],
  197. ),
  198. 'data' => array(
  199. 'function' => create_function('$rowData', '
  200. global $scripturl;
  201. $colorStyle = empty($rowData[\'online_color\']) ? \'\' : sprintf(\' style="color: %1$s;"\', $rowData[\'online_color\']);
  202. return sprintf(\'<a href="%1$s?action=moderate;area=viewgroups;sa=members;group=%2$d"%3$s>%4$s</a>\', $scripturl, $rowData[\'id_group\'], $colorStyle, $rowData[\'group_name\']);
  203. '),
  204. ),
  205. 'sort' => array(
  206. 'default' => 'group_name',
  207. 'reverse' => 'group_name DESC',
  208. ),
  209. ),
  210. 'stars' => array(
  211. 'header' => array(
  212. 'value' => $txt['membergroups_stars'],
  213. ),
  214. 'data' => array(
  215. 'function' => create_function('$rowData', '
  216. global $settings;
  217. $stars = explode(\'#\', $rowData[\'stars\']);
  218. if (empty($stars[0]) || empty($stars[1]))
  219. return \'\';
  220. else
  221. {
  222. $star_image = sprintf(\'<img src="%1$s/%2$s" alt="*" />\', $settings[\'images_url\'], $stars[1]);
  223. return str_repeat($star_image, $stars[0]);
  224. }
  225. '),
  226. ),
  227. 'sort' => array(
  228. 'default' => 'CASE WHEN id_group < 4 THEN id_group ELSE 4 END, stars',
  229. 'reverse' => 'CASE WHEN id_group < 4 THEN id_group ELSE 4 END, stars DESC',
  230. )
  231. ),
  232. 'members' => array(
  233. 'header' => array(
  234. 'value' => $txt['membergroups_members_top'],
  235. ),
  236. 'data' => array(
  237. 'db' => 'num_members',
  238. 'style' => 'text-align: center',
  239. ),
  240. 'sort' => array(
  241. 'default' => '1 DESC',
  242. 'reverse' => '1',
  243. ),
  244. ),
  245. 'required_posts' => array(
  246. 'header' => array(
  247. 'value' => $txt['membergroups_min_posts'],
  248. ),
  249. 'data' => array(
  250. 'db' => 'min_posts',
  251. 'style' => 'text-align: center',
  252. ),
  253. 'sort' => array(
  254. 'default' => 'min_posts',
  255. 'reverse' => 'min_posts DESC',
  256. ),
  257. ),
  258. 'modify' => array(
  259. 'header' => array(
  260. 'value' => $txt['modify'],
  261. ),
  262. 'data' => array(
  263. 'sprintf' => array(
  264. 'format' => '<a href="' . $scripturl . '?action=admin;area=membergroups;sa=edit;group=%1$d">' . $txt['membergroups_modify'] . '</a>',
  265. 'params' => array(
  266. 'id_group' => false,
  267. ),
  268. ),
  269. 'style' => 'text-align: center',
  270. ),
  271. ),
  272. ),
  273. 'additional_rows' => array(
  274. array(
  275. 'position' => 'below_table_data',
  276. 'value' => '[<a href="' . $scripturl . '?action=admin;area=membergroups;sa=add;postgroup">' . $txt['membergroups_add_group'] . '</a>]',
  277. ),
  278. ),
  279. );
  280. createList($listOptions);
  281. }
  282. /**
  283. * This function handles adding a membergroup and setting some initial properties.
  284. * Called by ?action=admin;area=membergroups;sa=add.
  285. * It requires the manage_membergroups permission.
  286. * Allows to use a predefined permission profile or copy one from another group.
  287. * Redirects to action=admin;area=membergroups;sa=edit;group=x.
  288. *
  289. * @uses the new_group sub template of ManageMembergroups.
  290. */
  291. function AddMembergroup()
  292. {
  293. global $context, $txt, $sourcedir, $modSettings, $smcFunc;
  294. // A form was submitted, we can start adding.
  295. if (!empty($_POST['group_name']))
  296. {
  297. checkSession();
  298. $postCountBasedGroup = isset($_POST['min_posts']) && (!isset($_POST['postgroup_based']) || !empty($_POST['postgroup_based']));
  299. $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || ($_POST['group_type'] == 1 && !allowedTo('admin_forum')) ? 0 : (int) $_POST['group_type'];
  300. // !!! Check for members with same name too?
  301. $request = $smcFunc['db_query']('', '
  302. SELECT MAX(id_group)
  303. FROM {db_prefix}membergroups',
  304. array(
  305. )
  306. );
  307. list ($id_group) = $smcFunc['db_fetch_row']($request);
  308. $smcFunc['db_free_result']($request);
  309. $id_group++;
  310. $smcFunc['db_insert']('',
  311. '{db_prefix}membergroups',
  312. array(
  313. 'id_group' => 'int', 'description' => 'string', 'group_name' => 'string-80', 'min_posts' => 'int',
  314. 'stars' => 'string', 'online_color' => 'string', 'group_type' => 'int',
  315. ),
  316. array(
  317. $id_group, '', $_POST['group_name'], ($postCountBasedGroup ? (int) $_POST['min_posts'] : '-1'),
  318. '1#star.gif', '', $_POST['group_type'],
  319. ),
  320. array('id_group')
  321. );
  322. // Update the post groups now, if this is a post group!
  323. if (isset($_POST['min_posts']))
  324. updateStats('postgroups');
  325. // You cannot set permissions for post groups if they are disabled.
  326. if ($postCountBasedGroup && empty($modSettings['permission_enable_postgroups']))
  327. $_POST['perm_type'] = '';
  328. if ($_POST['perm_type'] == 'predefined')
  329. {
  330. // Set default permission level.
  331. require_once($sourcedir . '/ManagePermissions.php');
  332. setPermissionLevel($_POST['level'], $id_group, 'null');
  333. }
  334. // Copy or inherit the permissions!
  335. elseif ($_POST['perm_type'] == 'copy' || $_POST['perm_type'] == 'inherit')
  336. {
  337. $copy_id = $_POST['perm_type'] == 'copy' ? (int) $_POST['copyperm'] : (int) $_POST['inheritperm'];
  338. // Are you a powerful admin?
  339. if (!allowedTo('admin_forum'))
  340. {
  341. $request = $smcFunc['db_query']('', '
  342. SELECT group_type
  343. FROM {db_prefix}membergroups
  344. WHERE id_group = {int:copy_from}
  345. LIMIT {int:limit}',
  346. array(
  347. 'copy_from' => $copy_id,
  348. 'limit' => 1,
  349. )
  350. );
  351. list ($copy_type) = $smcFunc['db_fetch_row']($request);
  352. $smcFunc['db_free_result']($request);
  353. // Protected groups are... well, protected!
  354. if ($copy_type == 1)
  355. fatal_lang_error('membergroup_does_not_exist');
  356. }
  357. // Don't allow copying of a real priviledged person!
  358. require_once($sourcedir . '/ManagePermissions.php');
  359. loadIllegalPermissions();
  360. $request = $smcFunc['db_query']('', '
  361. SELECT permission, add_deny
  362. FROM {db_prefix}permissions
  363. WHERE id_group = {int:copy_from}',
  364. array(
  365. 'copy_from' => $copy_id,
  366. )
  367. );
  368. $inserts = array();
  369. while ($row = $smcFunc['db_fetch_assoc']($request))
  370. {
  371. if (empty($context['illegal_permissions']) || !in_array($row['permission'], $context['illegal_permissions']))
  372. $inserts[] = array($id_group, $row['permission'], $row['add_deny']);
  373. }
  374. $smcFunc['db_free_result']($request);
  375. if (!empty($inserts))
  376. $smcFunc['db_insert']('insert',
  377. '{db_prefix}permissions',
  378. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  379. $inserts,
  380. array('id_group', 'permission')
  381. );
  382. $request = $smcFunc['db_query']('', '
  383. SELECT id_profile, permission, add_deny
  384. FROM {db_prefix}board_permissions
  385. WHERE id_group = {int:copy_from}',
  386. array(
  387. 'copy_from' => $copy_id,
  388. )
  389. );
  390. $inserts = array();
  391. while ($row = $smcFunc['db_fetch_assoc']($request))
  392. $inserts[] = array($id_group, $row['id_profile'], $row['permission'], $row['add_deny']);
  393. $smcFunc['db_free_result']($request);
  394. if (!empty($inserts))
  395. $smcFunc['db_insert']('insert',
  396. '{db_prefix}board_permissions',
  397. array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  398. $inserts,
  399. array('id_group', 'id_profile', 'permission')
  400. );
  401. // Also get some membergroup information if we're copying and not copying from guests...
  402. if ($copy_id > 0 && $_POST['perm_type'] == 'copy')
  403. {
  404. $request = $smcFunc['db_query']('', '
  405. SELECT online_color, max_messages, stars
  406. FROM {db_prefix}membergroups
  407. WHERE id_group = {int:copy_from}
  408. LIMIT 1',
  409. array(
  410. 'copy_from' => $copy_id,
  411. )
  412. );
  413. $group_info = $smcFunc['db_fetch_assoc']($request);
  414. $smcFunc['db_free_result']($request);
  415. // ...and update the new membergroup with it.
  416. $smcFunc['db_query']('', '
  417. UPDATE {db_prefix}membergroups
  418. SET
  419. online_color = {string:online_color},
  420. max_messages = {int:max_messages},
  421. stars = {string:stars}
  422. WHERE id_group = {int:current_group}',
  423. array(
  424. 'max_messages' => $group_info['max_messages'],
  425. 'current_group' => $id_group,
  426. 'online_color' => $group_info['online_color'],
  427. 'stars' => $group_info['stars'],
  428. )
  429. );
  430. }
  431. // If inheriting say so...
  432. elseif ($_POST['perm_type'] == 'inherit')
  433. {
  434. $smcFunc['db_query']('', '
  435. UPDATE {db_prefix}membergroups
  436. SET id_parent = {int:copy_from}
  437. WHERE id_group = {int:current_group}',
  438. array(
  439. 'copy_from' => $copy_id,
  440. 'current_group' => $id_group,
  441. )
  442. );
  443. }
  444. }
  445. // Make sure all boards selected are stored in a proper array.
  446. $_POST['boardaccess'] = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
  447. foreach ($_POST['boardaccess'] as $key => $value)
  448. $_POST['boardaccess'][$key] = (int) $value;
  449. // Only do this if they have special access requirements.
  450. if (!empty($_POST['boardaccess']))
  451. $smcFunc['db_query']('', '
  452. UPDATE {db_prefix}boards
  453. SET member_groups = CASE WHEN member_groups = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT(member_groups, {string:comma_group}) END
  454. WHERE id_board IN ({array_int:board_list})',
  455. array(
  456. 'board_list' => $_POST['boardaccess'],
  457. 'blank_string' => '',
  458. 'group_id_string' => (string) $id_group,
  459. 'comma_group' => ',' . $id_group,
  460. )
  461. );
  462. // If this is joinable then set it to show group membership in people's profiles.
  463. if (empty($modSettings['show_group_membership']) && $_POST['group_type'] > 1)
  464. updateSettings(array('show_group_membership' => 1));
  465. // Rebuild the group cache.
  466. updateSettings(array(
  467. 'settings_updated' => time(),
  468. ));
  469. // We did it.
  470. logAction('add_group', array('group' => $_POST['group_name']), 'admin');
  471. // Go change some more settings.
  472. redirectexit('action=admin;area=membergroups;sa=edit;group=' . $id_group);
  473. }
  474. // Just show the 'add membergroup' screen.
  475. $context['page_title'] = $txt['membergroups_new_group'];
  476. $context['sub_template'] = 'new_group';
  477. $context['post_group'] = isset($_REQUEST['postgroup']);
  478. $context['undefined_group'] = !isset($_REQUEST['postgroup']) && !isset($_REQUEST['generalgroup']);
  479. $context['allow_protected'] = allowedTo('admin_forum');
  480. $result = $smcFunc['db_query']('', '
  481. SELECT id_group, group_name
  482. FROM {db_prefix}membergroups
  483. WHERE (id_group > {int:moderator_group} OR id_group = {int:global_mod_group})' . (empty($modSettings['permission_enable_postgroups']) ? '
  484. AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : '
  485. AND group_type != {int:is_protected}') . '
  486. ORDER BY min_posts, id_group != {int:global_mod_group}, group_name',
  487. array(
  488. 'moderator_group' => 3,
  489. 'global_mod_group' => 2,
  490. 'min_posts' => -1,
  491. 'is_protected' => 1,
  492. )
  493. );
  494. $context['groups'] = array();
  495. while ($row = $smcFunc['db_fetch_assoc']($result))
  496. $context['groups'][] = array(
  497. 'id' => $row['id_group'],
  498. 'name' => $row['group_name']
  499. );
  500. $smcFunc['db_free_result']($result);
  501. $result = $smcFunc['db_query']('', '
  502. SELECT id_board, name, child_level
  503. FROM {db_prefix}boards
  504. ORDER BY board_order',
  505. array(
  506. )
  507. );
  508. $context['boards'] = array();
  509. while ($row = $smcFunc['db_fetch_assoc']($result))
  510. $context['boards'][] = array(
  511. 'id' => $row['id_board'],
  512. 'name' => $row['name'],
  513. 'child_level' => $row['child_level'],
  514. 'selected' => false
  515. );
  516. $smcFunc['db_free_result']($result);
  517. }
  518. /**
  519. * Deleting a membergroup by URL (not implemented).
  520. * Called by ?action=admin;area=membergroups;sa=delete;group=x;session_var=y.
  521. * Requires the manage_membergroups permission.
  522. * Redirects to ?action=admin;area=membergroups.
  523. *
  524. * @todo look at this
  525. */
  526. function DeleteMembergroup()
  527. {
  528. global $sourcedir;
  529. checkSession('get');
  530. require_once($sourcedir . '/Subs-Membergroups.php');
  531. deleteMembergroups((int) $_REQUEST['group']);
  532. // Go back to the membergroup index.
  533. redirectexit('action=admin;area=membergroups;');
  534. }
  535. /**
  536. * Editing a membergroup.
  537. * Screen to edit a specific membergroup.
  538. * Called by ?action=admin;area=membergroups;sa=edit;group=x.
  539. * It requires the manage_membergroups permission.
  540. * Also handles the delete button of the edit form.
  541. * Redirects to ?action=admin;area=membergroups.
  542. *
  543. * @uses the edit_group sub template of ManageMembergroups.
  544. */
  545. function EditMembergroup()
  546. {
  547. global $context, $txt, $sourcedir, $modSettings, $smcFunc;
  548. $_REQUEST['group'] = isset($_REQUEST['group']) && $_REQUEST['group'] > 0 ? (int) $_REQUEST['group'] : 0;
  549. // Make sure this group is editable.
  550. if (!empty($_REQUEST['group']))
  551. {
  552. $request = $smcFunc['db_query']('', '
  553. SELECT id_group
  554. FROM {db_prefix}membergroups
  555. WHERE id_group = {int:current_group}' . (allowedTo('admin_forum') ? '' : '
  556. AND group_type != {int:is_protected}') . '
  557. LIMIT {int:limit}',
  558. array(
  559. 'current_group' => $_REQUEST['group'],
  560. 'is_protected' => 1,
  561. 'limit' => 1,
  562. )
  563. );
  564. list ($_REQUEST['group']) = $smcFunc['db_fetch_row']($request);
  565. $smcFunc['db_free_result']($request);
  566. }
  567. // Now, do we have a valid id?
  568. if (empty($_REQUEST['group']))
  569. fatal_lang_error('membergroup_does_not_exist', false);
  570. // The delete this membergroup button was pressed.
  571. if (isset($_POST['delete']))
  572. {
  573. checkSession();
  574. require_once($sourcedir . '/Subs-Membergroups.php');
  575. deleteMembergroups($_REQUEST['group']);
  576. redirectexit('action=admin;area=membergroups;');
  577. }
  578. // A form was submitted with the new membergroup settings.
  579. elseif (isset($_POST['submit']))
  580. {
  581. // Validate the session.
  582. checkSession();
  583. // Can they really inherit from this group?
  584. if ($_POST['group_inherit'] != -2 && !allowedTo('admin_forum'))
  585. {
  586. $request = $smcFunc['db_query']('', '
  587. SELECT group_type
  588. FROM {db_prefix}membergroups
  589. WHERE id_group = {int:inherit_from}
  590. LIMIT {int:limit}',
  591. array(
  592. 'inherit_from' => $_POST['group_inherit'],
  593. 'limit' => 1,
  594. )
  595. );
  596. list ($inherit_type) = $smcFunc['db_fetch_row']($request);
  597. $smcFunc['db_free_result']($request);
  598. }
  599. // Set variables to their proper value.
  600. $_POST['max_messages'] = isset($_POST['max_messages']) ? (int) $_POST['max_messages'] : 0;
  601. $_POST['min_posts'] = isset($_POST['min_posts']) && isset($_POST['group_type']) && $_POST['group_type'] == -1 && $_REQUEST['group'] > 3 ? abs($_POST['min_posts']) : ($_REQUEST['group'] == 4 ? 0 : -1);
  602. $_POST['stars'] = (empty($_POST['star_count']) || $_POST['star_count'] < 0) ? '' : min((int) $_POST['star_count'], 99) . '#' . $_POST['star_image'];
  603. $_POST['group_desc'] = isset($_POST['group_desc']) && ($_REQUEST['group'] == 1 || (isset($_POST['group_type']) && $_POST['group_type'] != -1)) ? trim($_POST['group_desc']) : '';
  604. $_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || ($_POST['group_type'] == 1 && !allowedTo('admin_forum')) ? 0 : (int) $_POST['group_type'];
  605. $_POST['group_hidden'] = empty($_POST['group_hidden']) || $_POST['min_posts'] != -1 || $_REQUEST['group'] == 3 ? 0 : (int) $_POST['group_hidden'];
  606. $_POST['group_inherit'] = $_REQUEST['group'] > 1 && $_REQUEST['group'] != 3 && (empty($inherit_type) || $inherit_type != 1) ? (int) $_POST['group_inherit'] : -2;
  607. // !!! Don't set online_color for the Moderators group?
  608. // Do the update of the membergroup settings.
  609. $smcFunc['db_query']('', '
  610. UPDATE {db_prefix}membergroups
  611. SET group_name = {string:group_name}, online_color = {string:online_color},
  612. max_messages = {int:max_messages}, min_posts = {int:min_posts}, stars = {string:stars},
  613. description = {string:group_desc}, group_type = {int:group_type}, hidden = {int:group_hidden},
  614. id_parent = {int:group_inherit}
  615. WHERE id_group = {int:current_group}',
  616. array(
  617. 'max_messages' => $_POST['max_messages'],
  618. 'min_posts' => $_POST['min_posts'],
  619. 'group_type' => $_POST['group_type'],
  620. 'group_hidden' => $_POST['group_hidden'],
  621. 'group_inherit' => $_POST['group_inherit'],
  622. 'current_group' => (int) $_REQUEST['group'],
  623. 'group_name' => $_POST['group_name'],
  624. 'online_color' => $_POST['online_color'],
  625. 'stars' => $_POST['stars'],
  626. 'group_desc' => $_POST['group_desc'],
  627. )
  628. );
  629. // Time to update the boards this membergroup has access to.
  630. if ($_REQUEST['group'] == 2 || $_REQUEST['group'] > 3)
  631. {
  632. $_POST['boardaccess'] = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
  633. foreach ($_POST['boardaccess'] as $key => $value)
  634. $_POST['boardaccess'][$key] = (int) $value;
  635. // Find all board this group is in, but shouldn't be in.
  636. $request = $smcFunc['db_query']('', '
  637. SELECT id_board, member_groups
  638. FROM {db_prefix}boards
  639. WHERE FIND_IN_SET({string:current_group}, member_groups) != 0' . (empty($_POST['boardaccess']) ? '' : '
  640. AND id_board NOT IN ({array_int:board_access_list})'),
  641. array(
  642. 'current_group' => (int) $_REQUEST['group'],
  643. 'board_access_list' => $_POST['boardaccess'],
  644. )
  645. );
  646. while ($row = $smcFunc['db_fetch_assoc']($request))
  647. $smcFunc['db_query']('', '
  648. UPDATE {db_prefix}boards
  649. SET member_groups = {string:member_group_access}
  650. WHERE id_board = {int:current_board}',
  651. array(
  652. 'current_board' => $row['id_board'],
  653. 'member_group_access' => implode(',', array_diff(explode(',', $row['member_groups']), array($_REQUEST['group']))),
  654. )
  655. );
  656. $smcFunc['db_free_result']($request);
  657. // Add the membergroup to all boards that hadn't been set yet.
  658. if (!empty($_POST['boardaccess']))
  659. $smcFunc['db_query']('', '
  660. UPDATE {db_prefix}boards
  661. SET member_groups = CASE WHEN member_groups = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT(member_groups, {string:comma_group}) END
  662. WHERE id_board IN ({array_int:board_list})
  663. AND FIND_IN_SET({int:current_group}, member_groups) = 0',
  664. array(
  665. 'board_list' => $_POST['boardaccess'],
  666. 'blank_string' => '',
  667. 'current_group' => (int) $_REQUEST['group'],
  668. 'group_id_string' => (string) (int) $_REQUEST['group'],
  669. 'comma_group' => ',' . $_REQUEST['group'],
  670. )
  671. );
  672. }
  673. // Remove everyone from this group!
  674. if ($_POST['min_posts'] != -1)
  675. {
  676. $smcFunc['db_query']('', '
  677. UPDATE {db_prefix}members
  678. SET id_group = {int:regular_member}
  679. WHERE id_group = {int:current_group}',
  680. array(
  681. 'regular_member' => 0,
  682. 'current_group' => (int) $_REQUEST['group'],
  683. )
  684. );
  685. $request = $smcFunc['db_query']('', '
  686. SELECT id_member, additional_groups
  687. FROM {db_prefix}members
  688. WHERE FIND_IN_SET({string:current_group}, additional_groups) != 0',
  689. array(
  690. 'current_group' => (int) $_REQUEST['group'],
  691. )
  692. );
  693. $updates = array();
  694. while ($row = $smcFunc['db_fetch_assoc']($request))
  695. $updates[$row['additional_groups']][] = $row['id_member'];
  696. $smcFunc['db_free_result']($request);
  697. foreach ($updates as $additional_groups => $memberArray)
  698. updateMemberData($memberArray, array('additional_groups' => implode(',', array_diff(explode(',', $additional_groups), array((int) $_REQUEST['group'])))));
  699. }
  700. elseif ($_REQUEST['group'] != 3)
  701. {
  702. // Making it a hidden group? If so remove everyone with it as primary group (Actually, just make them additional).
  703. if ($_POST['group_hidden'] == 2)
  704. {
  705. $request = $smcFunc['db_query']('', '
  706. SELECT id_member, additional_groups
  707. FROM {db_prefix}members
  708. WHERE id_group = {int:current_group}
  709. AND FIND_IN_SET({int:current_group}, additional_groups) = 0',
  710. array(
  711. 'current_group' => (int) $_REQUEST['group'],
  712. )
  713. );
  714. $updates = array();
  715. while ($row = $smcFunc['db_fetch_assoc']($request))
  716. $updates[$row['additional_groups']][] = $row['id_member'];
  717. $smcFunc['db_free_result']($request);
  718. foreach ($updates as $additional_groups => $memberArray)
  719. updateMemberData($memberArray, array('additional_groups' => implode(',', array_merge(explode(',', $additional_groups), array((int) $_REQUEST['group'])))));
  720. $smcFunc['db_query']('', '
  721. UPDATE {db_prefix}members
  722. SET id_group = {int:regular_member}
  723. WHERE id_group = {int:current_group}',
  724. array(
  725. 'regular_member' => 0,
  726. 'current_group' => $_REQUEST['group'],
  727. )
  728. );
  729. }
  730. // Either way, let's check our "show group membership" setting is correct.
  731. $request = $smcFunc['db_query']('', '
  732. SELECT COUNT(*)
  733. FROM {db_prefix}membergroups
  734. WHERE group_type > {int:non_joinable}',
  735. array(
  736. 'non_joinable' => 1,
  737. )
  738. );
  739. list ($have_joinable) = $smcFunc['db_fetch_row']($request);
  740. $smcFunc['db_free_result']($request);
  741. // Do we need to update the setting?
  742. if ((empty($modSettings['show_group_membership']) && $have_joinable) || (!empty($modSettings['show_group_membership']) && !$have_joinable))
  743. updateSettings(array('show_group_membership' => $have_joinable ? 1 : 0));
  744. }
  745. // Do we need to set inherited permissions?
  746. if ($_POST['group_inherit'] != -2 && $_POST['group_inherit'] != $_POST['old_inherit'])
  747. {
  748. require_once($sourcedir . '/ManagePermissions.php');
  749. updateChildPermissions($_POST['group_inherit']);
  750. }
  751. // Finally, moderators!
  752. $moderator_string = isset($_POST['group_moderators']) ? trim($_POST['group_moderators']) : '';
  753. $smcFunc['db_query']('', '
  754. DELETE FROM {db_prefix}group_moderators
  755. WHERE id_group = {int:current_group}',
  756. array(
  757. 'current_group' => $_REQUEST['group'],
  758. )
  759. );
  760. if ((!empty($moderator_string) || !empty($_POST['moderator_list'])) && $_POST['min_posts'] == -1 && $_REQUEST['group'] != 3)
  761. {
  762. // Get all the usernames from the string
  763. if (!empty($moderator_string))
  764. {
  765. $moderator_string = strtr(preg_replace('~&amp;#(\d{4,5}|[2-9]\d{2,4}|1[2-9]\d);~', '&#$1;', htmlspecialchars($moderator_string), ENT_QUOTES), array('&quot;' => '"'));
  766. preg_match_all('~"([^"]+)"~', $moderator_string, $matches);
  767. $moderators = array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $moderator_string)));
  768. for ($k = 0, $n = count($moderators); $k < $n; $k++)
  769. {
  770. $moderators[$k] = trim($moderators[$k]);
  771. if (strlen($moderators[$k]) == 0)
  772. unset($moderators[$k]);
  773. }
  774. // Find all the id_member's for the member_name's in the list.
  775. $group_moderators = array();
  776. if (!empty($moderators))
  777. {
  778. $request = $smcFunc['db_query']('', '
  779. SELECT id_member
  780. FROM {db_prefix}members
  781. WHERE member_name IN ({array_string:moderators}) OR real_name IN ({array_string:moderators})
  782. LIMIT ' . count($moderators),
  783. array(
  784. 'moderators' => $moderators,
  785. )
  786. );
  787. while ($row = $smcFunc['db_fetch_assoc']($request))
  788. $group_moderators[] = $row['id_member'];
  789. $smcFunc['db_free_result']($request);
  790. }
  791. }
  792. else
  793. {
  794. $moderators = array();
  795. foreach ($_POST['moderator_list'] as $moderator)
  796. $moderators[] = (int) $moderator;
  797. $group_moderators = array();
  798. if (!empty($moderators))
  799. {
  800. $request = $smcFunc['db_query']('', '
  801. SELECT id_member
  802. FROM {db_prefix}members
  803. WHERE id_member IN ({array_int:moderators})
  804. LIMIT {int:num_moderators}',
  805. array(
  806. 'moderators' => $moderators,
  807. 'num_moderators' => count($moderators),
  808. )
  809. );
  810. while ($row = $smcFunc['db_fetch_assoc']($request))
  811. $group_moderators[] = $row['id_member'];
  812. $smcFunc['db_free_result']($request);
  813. }
  814. }
  815. // Found some?
  816. if (!empty($group_moderators))
  817. {
  818. $mod_insert = array();
  819. foreach ($group_moderators as $moderator)
  820. $mod_insert[] = array($_REQUEST['group'], $moderator);
  821. $smcFunc['db_insert']('insert',
  822. '{db_prefix}group_moderators',
  823. array('id_group' => 'int', 'id_member' => 'int'),
  824. $mod_insert,
  825. array('id_group', 'id_member')
  826. );
  827. }
  828. }
  829. // There might have been some post group changes.
  830. updateStats('postgroups');
  831. // We've definitely changed some group stuff.
  832. updateSettings(array(
  833. 'settings_updated' => time(),
  834. ));
  835. // Log the edit.
  836. logAction('edited_group', array('group' => $_POST['group_name']), 'admin');
  837. redirectexit('action=admin;area=membergroups');
  838. }
  839. // Fetch the current group information.
  840. $request = $smcFunc['db_query']('', '
  841. SELECT group_name, description, min_posts, online_color, max_messages, stars, group_type, hidden, id_parent
  842. FROM {db_prefix}membergroups
  843. WHERE id_group = {int:current_group}
  844. LIMIT 1',
  845. array(
  846. 'current_group' => (int) $_REQUEST['group'],
  847. )
  848. );
  849. if ($smcFunc['db_num_rows']($request) == 0)
  850. fatal_lang_error('membergroup_does_not_exist', false);
  851. $row = $smcFunc['db_fetch_assoc']($request);
  852. $smcFunc['db_free_result']($request);
  853. $row['stars'] = explode('#', $row['stars']);
  854. $context['group'] = array(
  855. 'id' => $_REQUEST['group'],
  856. 'name' => $row['group_name'],
  857. 'description' => htmlspecialchars($row['description']),
  858. 'editable_name' => htmlspecialchars($row['group_name']),
  859. 'color' => $row['online_color'],
  860. 'min_posts' => $row['min_posts'],
  861. 'max_messages' => $row['max_messages'],
  862. 'star_count' => (int) $row['stars'][0],
  863. 'star_image' => isset($row['stars'][1]) ? $row['stars'][1] : '',
  864. 'is_post_group' => $row['min_posts'] != -1,
  865. 'type' => $row['min_posts'] != -1 ? 0 : $row['group_type'],
  866. 'hidden' => $row['min_posts'] == -1 ? $row['hidden'] : 0,
  867. 'inherited_from' => $row['id_parent'],
  868. 'allow_post_group' => $_REQUEST['group'] == 2 || $_REQUEST['group'] > 4,
  869. 'allow_delete' => $_REQUEST['group'] == 2 || $_REQUEST['group'] > 4,
  870. 'allow_protected' => allowedTo('admin_forum'),
  871. );
  872. // Get any moderators for this group
  873. $request = $smcFunc['db_query']('', '
  874. SELECT mem.id_member, mem.real_name
  875. FROM {db_prefix}group_moderators AS mods
  876. INNER JOIN {db_prefix}members AS mem ON (mem.id_member = mods.id_member)
  877. WHERE mods.id_group = {int:current_group}',
  878. array(
  879. 'current_group' => $_REQUEST['group'],
  880. )
  881. );
  882. $context['group']['moderators'] = array();
  883. while ($row = $smcFunc['db_fetch_assoc']($request))
  884. $context['group']['moderators'][$row['id_member']] = $row['real_name'];
  885. $smcFunc['db_free_result']($request);
  886. $context['group']['moderator_list'] = empty($context['group']['moderators']) ? '' : '&quot;' . implode('&quot;, &quot;', $context['group']['moderators']) . '&quot;';
  887. if (!empty($context['group']['moderators']))
  888. list ($context['group']['last_moderator_id']) = array_slice(array_keys($context['group']['moderators']), -1);
  889. // Get a list of boards this membergroup is allowed to see.
  890. $context['boards'] = array();
  891. if ($_REQUEST['group'] == 2 || $_REQUEST['group'] > 3)
  892. {
  893. $result = $smcFunc['db_query']('', '
  894. SELECT id_board, name, child_level, FIND_IN_SET({string:current_group}, member_groups) != 0 AS can_access
  895. FROM {db_prefix}boards
  896. ORDER BY board_order',
  897. array(
  898. 'current_group' => (int) $_REQUEST['group'],
  899. )
  900. );
  901. while ($row = $smcFunc['db_fetch_assoc']($result))
  902. $context['boards'][] = array(
  903. 'id' => $row['id_board'],
  904. 'name' => $row['name'],
  905. 'child_level' => $row['child_level'],
  906. 'selected' => !(empty($row['can_access']) || $row['can_access'] == 'f'),
  907. );
  908. $smcFunc['db_free_result']($result);
  909. }
  910. // Finally, get all the groups this could be inherited off.
  911. $request = $smcFunc['db_query']('', '
  912. SELECT id_group, group_name
  913. FROM {db_prefix}membergroups
  914. WHERE id_group != {int:current_group}' .
  915. (empty($modSettings['permission_enable_postgroups']) ? '
  916. AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : '
  917. AND group_type != {int:is_protected}') . '
  918. AND id_group NOT IN (1, 3)
  919. AND id_parent = {int:not_inherited}',
  920. array(
  921. 'current_group' => (int) $_REQUEST['group'],
  922. 'min_posts' => -1,
  923. 'not_inherited' => -2,
  924. 'is_protected' => 1,
  925. )
  926. );
  927. $context['inheritable_groups'] = array();
  928. while ($row = $smcFunc['db_fetch_assoc']($request))
  929. $context['inheritable_groups'][$row['id_group']] = $row['group_name'];
  930. $smcFunc['db_free_result']($request);
  931. $context['sub_template'] = 'edit_group';
  932. $context['page_title'] = $txt['membergroups_edit_group'];
  933. }
  934. /**
  935. * Set some general membergroup settings and permissions.
  936. * Called by ?action=admin;area=membergroups;sa=settings
  937. * Requires the admin_forum permission (and manage_permissions for changing permissions)
  938. * Redirects to itself.
  939. *
  940. * @uses membergroup_settings sub template of ManageMembergroups.
  941. */
  942. function ModifyMembergroupsettings()
  943. {
  944. global $context, $sourcedir, $scripturl, $modSettings, $txt;
  945. $context['sub_template'] = 'show_settings';
  946. $context['page_title'] = $txt['membergroups_settings'];
  947. // Needed for the settings functions.
  948. require_once($sourcedir . '/ManageServer.php');
  949. // Don't allow assignment of guests.
  950. $context['permissions_excluded'] = array(-1);
  951. // Only one thing here!
  952. $config_vars = array(
  953. array('permissions', 'manage_membergroups'),
  954. );
  955. if (isset($_REQUEST['save']))
  956. {
  957. checkSession();
  958. // Yeppers, saving this...
  959. saveDBSettings($config_vars);
  960. redirectexit('action=admin;area=membergroups;sa=settings');
  961. }
  962. // Some simple context.
  963. $context['post_url'] = $scripturl . '?action=admin;area=membergroups;save;sa=settings';
  964. $context['settings_title'] = $txt['membergroups_settings'];
  965. prepareDBSettingContext($config_vars);
  966. }
  967. ?>