Beehive PHP Cross Reference Discussion Forums

Source: /admin_forum_access.php - 404 lines - 15387 bytes - Summary - Text - Print

   1  <?php
   2  
   3  /*======================================================================
   4  Copyright Project Beehive Forum 2002
   5  
   6  This file is part of Beehive Forum.
   7  
   8  Beehive Forum is free software; you can redistribute it and/or modify
   9  it under the terms of the GNU General Public License as published by
  10  the Free Software Foundation; either version 3 of the License, or
  11  (at your option) any later version.
  12  
  13  Beehive Forum is distributed in the hope that it will be useful,
  14  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  GNU General Public License for more details.
  17  
  18  You should have received a copy of the GNU General Public License
  19  along with Beehive; if not, write to the Free Software
  20  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  21  USA
  22  ======================================================================*/
  23  
  24  // Bootstrap
  25  require_once  'boot.php';
  26  
  27  // Required includes
  28  require_once  BH_INCLUDE_PATH . 'admin.inc.php';
  29  require_once  BH_INCLUDE_PATH . 'constants.inc.php';
  30  require_once  BH_INCLUDE_PATH . 'form.inc.php';
  31  require_once  BH_INCLUDE_PATH . 'format.inc.php';
  32  require_once  BH_INCLUDE_PATH . 'forum.inc.php';
  33  require_once  BH_INCLUDE_PATH . 'header.inc.php';
  34  require_once  BH_INCLUDE_PATH . 'html.inc.php';
  35  require_once  BH_INCLUDE_PATH . 'server.inc.php';
  36  require_once  BH_INCLUDE_PATH . 'session.inc.php';
  37  require_once  BH_INCLUDE_PATH . 'user.inc.php';
  38  require_once  BH_INCLUDE_PATH . 'word_filter.inc.php';
  39  // End Required includes
  40  
  41  // Check we're logged in correctly
  42  if (!session::logged_in()) {
  43      html_guest_error();
  44  }
  45  
  46  // Check we have Admin / Moderator access
  47  if (!(session::check_perm(USER_PERM_ADMIN_TOOLS, 0)) || (forum_get_setting('access_level', FORUM_DISABLED))) {
  48      html_draw_error(gettext("You do not have permission to use this section."));
  49  }
  50  
  51  // Perform additional admin login.
  52  admin_check_credentials();
  53  
  54  $forum_fid = forum_get_setting('fid');
  55  
  56  if (isset($_GET['ret']) && strlen(trim($_GET['ret'])) > 0) {
  57      $ret = rawurldecode(trim($_GET['ret']));
  58  } else if (isset($_POST['ret']) && strlen(trim($_POST['ret'])) > 0) {
  59      $ret = trim($_POST['ret']);
  60  } else {
  61      $ret = "admin_forums.php?webtag=$webtag";
  62  }
  63  
  64  // validate the return to page
  65  if (isset($ret) && strlen(trim($ret)) > 0) {
  66  
  67      $available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files()));
  68  
  69      if (preg_match("/^$available_files_preg/u", basename($ret)) < 1) {
  70          $ret = "admin_forums.php?webtag=$webtag";
  71      }
  72  }
  73  
  74  if (isset($_POST['back'])) {
  75      header_redirect($ret);
  76  }
  77  
  78  if (isset($_POST['enable'])) {
  79  
  80      if (forum_update_access($forum_fid, FORUM_RESTRICTED)) {
  81  
  82          header_redirect("admin_forum_access.php?webtag=$webtag");
  83          exit;
  84      }
  85  }
  86  
  87  if (!forum_get_setting('access_level', FORUM_RESTRICTED)) {
  88      html_draw_error(gettext("Forum is not set to Restricted Mode. Do you want to enable it now?"), 'admin_forum_access.php', 'post', array(
  89          'enable' => gettext("Enable"),
  90          'back' => gettext("Back")
  91      ), array('ret' => $ret), '_self', 'center');
  92  }
  93  
  94  if (isset($_GET['page']) && is_numeric($_GET['page'])) {
  95      $main_page = $_GET['main_page'];
  96  } else if (isset($_POST['main_page']) && is_numeric($_POST['main_page'])) {
  97      $main_page = $_POST['main_page'];
  98  } else {
  99      $main_page = 1;
 100  }
 101  
 102  if (isset($_GET['search_page']) && is_numeric($_GET['search_page'])) {
 103      $search_page = $_GET['search_page'];
 104  } else if (isset($_POST['search_page']) && is_numeric($_POST['search_page'])) {
 105      $search_page = $_POST['search_page'];
 106  } else {
 107      $search_page = 1;
 108  }
 109  
 110  if (isset($_POST['user_search']) && strlen(trim($_POST['user_search'])) > 0) {
 111      $user_search = trim($_POST['user_search']);
 112  } else if (isset($_GET['user_search']) && strlen(trim($_GET['user_search'])) > 0) {
 113      $user_search = trim($_GET['user_search']);
 114  } else {
 115      $user_search = '';
 116  }
 117  
 118  if (isset($_POST['clear'])) {
 119      $user_search = '';
 120  }
 121  
 122  if (isset($_POST['add'])) {
 123  
 124      $valid = true;
 125  
 126      if (isset($_POST['add_user']) && is_array($_POST['add_user'])) {
 127  
 128          foreach ($_POST['add_user'] as $add_user_uid) {
 129  
 130              if (($user_logon = user_get_logon($add_user_uid)) !== false) {
 131  
 132                  if (user_update_forums($add_user_uid, $forum_fid, FORUM_USER_ALLOWED)) {
 133  
 134                      $forum_name = forum_get_name($forum_fid);
 135                      admin_add_log_entry(CHANGE_FORUM_ACCESS, array($forum_name, $user_logon));
 136  
 137                  } else {
 138  
 139                      $error_msg_array[] = sprintf(gettext("Failed to add permissions for user '%s'"), $user_logon);
 140                      $valid = false;
 141                  }
 142              }
 143          }
 144  
 145          if ($valid) {
 146  
 147              $ret = rawurlencode($ret);
 148              $user_search = rawurlencode($user_search);
 149  
 150              header_redirect("admin_forum_access.php?webtag=$webtag&user_search=$user_search&ret=$ret&added=true");
 151              exit;
 152          }
 153      }
 154  
 155  } else if (isset($_POST['remove'])) {
 156  
 157      $valid = true;
 158  
 159      if (isset($_POST['remove_user']) && is_array($_POST['remove_user'])) {
 160  
 161          foreach ($_POST['remove_user'] as $remove_user_uid) {
 162  
 163              if (($user_logon = user_get_logon($remove_user_uid)) !== false) {
 164  
 165                  if (user_update_forums($remove_user_uid, $forum_fid, FORUM_USER_DISALLOWED)) {
 166  
 167                      $forum_name = forum_get_name($forum_fid);
 168                      admin_add_log_entry(CHANGE_FORUM_ACCESS, array($forum_name, $user_logon));
 169  
 170                  } else {
 171  
 172                      $error_msg_array[] = sprintf(gettext("Failed to remove permissions from user '%s'"), $user_logon);
 173                      $valid = false;
 174                  }
 175              }
 176          }
 177  
 178          if ($valid) {
 179  
 180              $ret = rawurlencode($ret);
 181              $user_search = rawurlencode($user_search);
 182  
 183              header_redirect("admin_forum_access.php?webtag=$webtag&user_search=$user_search&ret=$ret&removed=true");
 184              exit;
 185          }
 186      }
 187  }
 188  
 189  html_draw_top(sprintf('title=%s', gettext("Admin - Manage Forum Permissions")), 'class=window_title', 'main_css=admin.css');
 190  
 191  $user_permissions_array = forum_get_permissions($forum_fid, $main_page);
 192  
 193  echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Manage Forum Permissions"), "</h1>\n";
 194  
 195  if (isset($_GET['added'])) {
 196  
 197      html_display_success_msg(gettext("Successfully added permissions for selected users"), '500', 'center');
 198  
 199  } else if (isset($_GET['removed'])) {
 200  
 201      html_display_success_msg(gettext("Successfully removed permissions from selected users"), '500', 'center');
 202  
 203  } else if (sizeof($user_permissions_array['user_array']) < 1) {
 204  
 205      html_display_warning_msg(gettext("No existing users permissions found. To grant permission to users search for them below."), '500', 'center');
 206  }
 207  
 208  echo "<br />\n";
 209  echo "<div align=\"center\">\n";
 210  echo "<form accept-charset=\"utf-8\" name=\"f_user\" action=\"admin_forum_access.php\" method=\"post\">\n";
 211  echo "  ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
 212  echo "  ", form_input_hidden('ret', htmlentities_array($ret)), "\n";
 213  echo "  ", form_input_hidden("user_search", htmlentities_array($user_search)), "\n";
 214  echo "  ", form_input_hidden("search_page", htmlentities_array($main_page)), "\n";
 215  echo "  <table cellpadding=\"0\" cellspacing=\"0\" width=\"500\">\n";
 216  echo "    <tr>\n";
 217  echo "      <td align=\"left\">\n";
 218  echo "        <table class=\"box\" width=\"100%\">\n";
 219  echo "          <tr>\n";
 220  echo "            <td align=\"left\" class=\"posthead\">\n";
 221  echo "              <table class=\"posthead\" width=\"100%\">\n";
 222  echo "                <tr>\n";
 223  echo "                  <td align=\"left\" class=\"subhead\" colspan=\"3\">", gettext("Existing Permissions"), "</td>\n";
 224  echo "                </tr>\n";
 225  echo "                <tr>\n";
 226  echo "                  <td align=\"center\">\n";
 227  echo "                    <table class=\"posthead\" width=\"95%\">\n";
 228  
 229  if (sizeof($user_permissions_array['user_array']) > 0) {
 230  
 231      foreach ($user_permissions_array['user_array'] as $user_permission_result) {
 232  
 233          echo "                      <tr>\n";
 234          echo "                        <td align=\"left\">", form_checkbox("remove_user[]", $user_permission_result['UID'], null), "&nbsp;", word_filter_add_ob_tags(format_user_name($user_permission_result['LOGON'], $user_permission_result['NICKNAME']), true), "</td>\n";
 235          echo "                      </tr>\n";
 236      }
 237  }
 238  
 239  echo "                      <tr>\n";
 240  echo "                        <td align=\"left\">&nbsp;</td>\n";
 241  echo "                      </tr>\n";
 242  echo "                    </table>\n";
 243  echo "                  </td>\n";
 244  echo "                </tr>\n";
 245  echo "              </table>\n";
 246  echo "            </td>\n";
 247  echo "          </tr>\n";
 248  echo "        </table>\n";
 249  echo "      </td>\n";
 250  echo "    </tr>\n";
 251  
 252  if (sizeof($user_permissions_array['user_array']) > 0) {
 253  
 254      echo "    <tr>\n";
 255      echo "      <td align=\"left\">&nbsp;</td>\n";
 256      echo "    </tr>\n";
 257      echo "    <tr>\n";
 258      echo "      <td class=\"postbody\" align=\"center\">";
 259  
 260      html_page_links("admin_forum_access.php?webtag=$webtag&user_search=$user_search&search_page=$search_page", $main_page, $user_permissions_array['user_count'], 10, "main_page");
 261  
 262      echo "      </td>\n";
 263      echo "    </tr>\n";
 264      echo "    <tr>\n";
 265      echo "      <td align=\"left\">&nbsp;</td>\n";
 266      echo "    </tr>\n";
 267      echo "    <tr>\n";
 268      echo "      <td align=\"center\">", form_submit("remove", gettext("Remove Selected Users")), "</td>\n";
 269      echo "    </tr>\n";
 270  
 271  } else {
 272  
 273      echo "    <tr>\n";
 274      echo "      <td align=\"left\">&nbsp;</td>\n";
 275      echo "    </tr>\n";
 276      echo "    <tr>\n";
 277      echo "      <td align=\"center\">", form_submit("back", gettext("Back")), "</td>\n";
 278      echo "    </tr>\n";
 279  }
 280  
 281  echo "  </table>\n";
 282  echo "</form>\n";
 283  echo "<br />\n";
 284  
 285  if (isset($user_search) && strlen(trim($user_search)) > 0) {
 286  
 287      $user_search_array = admin_user_search($user_search, 'LOGON', 'ASC', 0, $search_page);
 288  
 289      if (sizeof($user_search_array['user_array']) < 1) {
 290          html_display_warning_msg(gettext("Search Returned No Results"), '500', 'center');
 291      }
 292  
 293      echo "<form accept-charset=\"utf-8\" method=\"post\" action=\"admin_forum_access.php\" target=\"_self\">\n";
 294      echo "  ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
 295      echo "  ", form_input_hidden('ret', htmlentities_array($ret)), "\n";
 296      echo "  ", form_input_hidden("user_search", htmlentities_array($user_search)), "\n";
 297      echo "  ", form_input_hidden("main_page", htmlentities_array($main_page)), "\n";
 298      echo "  <table cellpadding=\"0\" cellspacing=\"0\" width=\"500\">\n";
 299      echo "    <tr>\n";
 300      echo "      <td align=\"left\" class=\"posthead\">\n";
 301      echo "        <table class=\"box\" width=\"100%\">\n";
 302      echo "          <tr>\n";
 303      echo "            <td align=\"left\" class=\"posthead\">\n";
 304      echo "              <table class=\"posthead\" width=\"100%\">\n";
 305      echo "                <tr>\n";
 306      echo "                  <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Search Results"), "</td>\n";
 307      echo "                </tr>\n";
 308      echo "                <tr>\n";
 309      echo "                  <td align=\"center\">\n";
 310      echo "                    <table class=\"posthead\" width=\"95%\">\n";
 311  
 312      if (sizeof($user_search_array['user_array']) > 0) {
 313  
 314          foreach ($user_search_array['user_array'] as $user_search_result) {
 315  
 316              echo "                      <tr>\n";
 317              echo "                        <td align=\"left\">", form_checkbox("add_user[]", $user_search_result['UID'], null), "&nbsp;", word_filter_add_ob_tags(format_user_name($user_search_result['LOGON'], $user_search_result['NICKNAME']), true), "</td>\n";
 318              echo "                      </tr>\n";
 319          }
 320      }
 321  
 322      echo "                      <tr>\n";
 323      echo "                        <td align=\"left\">&nbsp;</td>\n";
 324      echo "                      </tr>\n";
 325      echo "                    </table>\n";
 326      echo "                  </td>\n";
 327      echo "                </tr>\n";
 328      echo "              </table>\n";
 329      echo "            </td>\n";
 330      echo "          </tr>\n";
 331      echo "        </table>\n";
 332      echo "      </td>\n";
 333      echo "    </tr>\n";
 334  
 335      if (sizeof($user_search_array['user_array']) > 0) {
 336  
 337          echo "    <tr>\n";
 338          echo "      <td align=\"left\">&nbsp;</td>\n";
 339          echo "    </tr>\n";
 340          echo "    <tr>\n";
 341          echo "      <td class=\"postbody\" align=\"center\">";
 342  
 343          html_page_links("admin_forum_access.php?webtag=$webtag&user_search=$user_search&main_page=$main_page", $search_page, $user_search_array['user_count'], 10, "search_page");
 344  
 345          echo "      </td>\n";
 346          echo "    </tr>\n";
 347          echo "    <tr>\n";
 348          echo "      <td align=\"left\">&nbsp;</td>\n";
 349          echo "    </tr>\n";
 350          echo "    <tr>\n";
 351          echo "      <td align=\"center\">", form_submit("add", gettext("Add Selected Users")), "</td>\n";
 352          echo "    </tr>\n";
 353      }
 354  
 355      echo "  </table>\n";
 356      echo "</form>\n";
 357      echo "<br />\n";
 358  }
 359  
 360  echo "<form accept-charset=\"utf-8\" method=\"post\" action=\"admin_forum_access.php\" target=\"_self\">\n";
 361  echo "  ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
 362  echo "  ", form_input_hidden('ret', htmlentities_array($ret)), "\n";
 363  echo "  ", form_input_hidden("user_search", htmlentities_array($user_search)), "\n";
 364  echo "  ", form_input_hidden("main_page", htmlentities_array($main_page)), "\n";
 365  echo "  ", form_input_hidden("search_page", htmlentities_array($search_page)), "\n";
 366  echo "  <table cellpadding=\"0\" cellspacing=\"0\" width=\"500\">\n";
 367  echo "    <tr>\n";
 368  echo "      <td align=\"left\">\n";
 369  echo "        <table class=\"box\" width=\"100%\">\n";
 370  echo "          <tr>\n";
 371  echo "            <td align=\"left\" class=\"posthead\">\n";
 372  echo "              <table class=\"posthead\" width=\"100%\">\n";
 373  echo "                <tr>\n";
 374  echo "                  <td class=\"subhead\" align=\"left\">", gettext("Search For User"), "</td>\n";
 375  echo "                </tr>\n";
 376  echo "                <tr>\n";
 377  echo "                  <td align=\"center\">\n";
 378  echo "                    <table class=\"posthead\" width=\"95%\">\n";
 379  echo "                      <tr>\n";
 380  echo "                        <td align=\"left\">", gettext("Search"), ": ", form_input_text('user_search', htmlentities_array($user_search), 32, 15), "&nbsp;", form_submit('search', gettext("Search")), "&nbsp;", form_submit('clear', gettext("Clear")), "</td>\n";
 381  echo "                      </tr>\n";
 382  echo "                      <tr>\n";
 383  echo "                        <td align=\"left\">&nbsp;</td>\n";
 384  echo "                      </tr>\n";
 385  echo "                    </table>\n";
 386  echo "                  </td>\n";
 387  echo "                </tr>\n";
 388  echo "              </table>\n";
 389  echo "            </td>\n";
 390  echo "          </tr>\n";
 391  echo "        </table>\n";
 392  echo "      </td>\n";
 393  echo "    </tr>\n";
 394  echo "    <tr>\n";
 395  echo "      <td align=\"left\">&nbsp;</td>\n";
 396  echo "    </tr>\n";
 397  echo "    <tr>\n";
 398  echo "      <td align=\"center\">", form_submit("back", gettext("Back")), "</td>\n";
 399  echo "    </tr>\n";
 400  echo "  </table>\n";
 401  echo "</form>\n";
 402  echo "</div>\n";
 403  
 404  html_draw_bottom();

title

Description

title

Description

title

Description

title

title

Body