MyBB PHP Cross Reference Discussion Forums

Source: /managegroup.php - 322 lines - 9307 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define('THIS_SCRIPT', 'managegroup.php');
  14  
  15  $templatelist = "managegroup_leaders_bit,managegroup_leaders,postbit_pm,postbit_email,managegroup_user_checkbox,managegroup_user,managegroup_adduser,managegroup_removeusers,managegroup,managegroup_joinrequests_request,managegroup_joinrequests";
  16  $templatelist .= ",managegroup_requestnote,managegroup_no_users,multipage_prevpage,multipage_start,multipage_page_current,multipage_page,multipage_end,multipage_nextpage,multipage";
  17  
  18  require_once  "./global.php";
  19  
  20  // Load language files
  21  $lang->load("managegroup");
  22  
  23  $gid = $mybb->input['gid'] = intval($mybb->input['gid']);
  24  $usergroup = $groupscache[$mybb->input['gid']];
  25  if(!$usergroup['gid'])
  26  {
  27      error($lang->invalid_group);
  28  }
  29  $lang->nav_group_management = $lang->sprintf($lang->nav_group_management, $usergroup['title']);
  30  add_breadcrumb($lang->nav_group_memberships, "usercp.php?action=usergroups");
  31  add_breadcrumb($lang->nav_group_management, "managegroup.php?gid=$gid");
  32  
  33  if($mybb->input['action'] == "joinrequests")
  34  {
  35      add_breadcrumb($lang->nav_join_requests);
  36  }
  37  
  38  // Check that this user is actually a leader of this group
  39  $query = $db->simple_select("groupleaders", "*", "uid='{$mybb->user['uid']}' AND gid='{$gid}'");
  40  $groupleader = $db->fetch_array($query);
  41  if(!$groupleader['uid'] && $mybb->user['cancp'] != 1)
  42  {
  43      error($lang->not_leader_of_this_group);
  44  }
  45  
  46  if($mybb->input['action'] == "do_add" && $mybb->request_method == "post")
  47  {
  48      // Verify incoming POST request
  49      verify_post_check($mybb->input['my_post_key']);
  50  
  51      if($groupleader['canmanagemembers'] == 0)
  52      {
  53          error_no_permission();
  54      }
  55      $query = $db->simple_select("users", "uid, additionalgroups, usergroup", "username = '".$db->escape_string($mybb->input['username'])."'", array("limit" => 1));
  56      $user = $db->fetch_array($query);
  57      if($user['uid'])
  58      {
  59          $additionalgroups = explode(',', $user['additionalgroups']);
  60          if ($user['usergroup'] != $gid && !in_array($gid, $additionalgroups))
  61          {
  62              join_usergroup($user['uid'], $gid);
  63              $db->delete_query("joinrequests", "uid='{$user['uid']}' AND gid='{$gid}'");
  64              redirect("managegroup.php?gid=".$gid, $lang->user_added);
  65          }
  66          else 
  67          {
  68              error($lang->error_alreadyingroup);
  69          }
  70      }
  71      else
  72      {
  73          error($lang->error_invalidusername);
  74      }
  75  }
  76  elseif($mybb->input['action'] == "do_joinrequests" && $mybb->request_method == "post")
  77  {
  78      // Verify incoming POST request
  79      verify_post_check($mybb->input['my_post_key']);
  80  
  81      if($groupleader['canmanagerequests'] == 0)
  82      {
  83          error_no_permission();
  84      }
  85  
  86      $plugins->run_hooks("managegroup_do_joinrequests_start");
  87  
  88      if(is_array($mybb->input['request']))
  89      {
  90          foreach($mybb->input['request'] as $uid => $what)
  91          {
  92              if($what == "accept")
  93              {
  94                  join_usergroup($uid, $gid);
  95                  $uidin[] = intval($uid);
  96              }
  97              elseif($what == "decline")
  98              {
  99                  $uidin[] = intval($uid);
 100              }
 101          }
 102      }
 103      if(is_array($uidin))
 104      {
 105          $uids = implode(",", $uidin);
 106          $db->delete_query("joinrequests", "uid IN ({$uids}) AND gid='{$gid}'");
 107      }
 108  
 109      $plugins->run_hooks("managegroup_do_joinrequests_end");
 110  
 111      redirect("managegroup.php?gid={$gid}", $lang->join_requests_moderated);
 112  }
 113  elseif($mybb->input['action'] == "joinrequests")
 114  {
 115      $users = "";
 116      $plugins->run_hooks("managegroup_joinrequests_start");
 117  
 118      $query = $db->query("
 119          SELECT j.*, u.uid, u.username, u.postnum, u.regdate
 120          FROM ".TABLE_PREFIX."joinrequests j
 121          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=j.uid)
 122          WHERE j.gid='".$mybb->input['gid']."' AND j.uid != 0
 123          ORDER BY u.username ASC
 124      ");
 125      while($user = $db->fetch_array($query))
 126      {
 127          $user['reason'] = htmlspecialchars_uni($user['reason']);
 128          $altbg = alt_trow();
 129          $regdate = my_date($mybb->settings['dateformat'], $user['regdate']);
 130          $user['profilelink'] = build_profile_link($user['username'], $user['uid']);
 131          eval("\$users .= \"".$templates->get("managegroup_joinrequests_request")."\";");
 132      }
 133      if(!$users)
 134      {
 135          error($lang->no_requests);
 136      }
 137      $lang->join_requests = $lang->sprintf($lang->join_requests_title,htmlspecialchars_uni($usergroup['title']));
 138  
 139      $plugins->run_hooks("managegroup_joinrequests_end");
 140  
 141      eval("\$joinrequests = \"".$templates->get("managegroup_joinrequests")."\";");
 142      output_page($joinrequests);
 143  }
 144  elseif($mybb->input['action'] == "do_manageusers" && $mybb->request_method == "post")
 145  {
 146      // Verify incoming POST request
 147      verify_post_check($mybb->input['my_post_key']);
 148  
 149      if($groupleader['canmanagemembers'] == 0)
 150      {
 151          error_no_permission();
 152      }
 153  
 154      $plugins->run_hooks("managegroup_do_manageusers_start");
 155  
 156      if(is_array($mybb->input['removeuser']))
 157      {
 158          foreach($mybb->input['removeuser'] as $uid)
 159          {
 160              leave_usergroup($uid, $mybb->input['gid']);
 161          }
 162      }
 163      else
 164      {
 165          error($lang->no_users_selected);
 166      }
 167  
 168      $plugins->run_hooks("managegroup_do_manageusers_end");
 169  
 170      redirect("managegroup.php?gid={$gid}", $lang->users_removed);
 171  }
 172  else
 173  {
 174      $plugins->run_hooks("managegroup_start");
 175  
 176      $lang->members_of = $lang->sprintf($lang->members_of, $usergroup['title']);
 177      $lang->add_member = $lang->sprintf($lang->add_member, $usergroup['title']);
 178      if($usergroup['type'] == 4)
 179      {
 180          $query = $db->simple_select("joinrequests", "COUNT(*) AS req", "gid='".$mybb->input['gid']."'");
 181          $numrequests = $db->fetch_array($query);
 182          if($numrequests['req'])
 183          {
 184              $lang->num_requests_pending = $lang->sprintf($lang->num_requests_pending, $numrequests['req']);
 185              eval("\$joinrequests = \"".$templates->get("managegroup_requestnote")."\";");
 186          }
 187          $usergrouptype = $lang->group_public_moderated;
 188      }
 189      elseif($usergroup['type'] == 3)
 190      {
 191          $usergrouptype = $lang->group_public_not_moderated;
 192      }
 193      elseif($usergroup['type'] == 2)
 194      {
 195          $usergrouptype = $lang->group_private;
 196      }
 197      else
 198      {
 199          $usergrouptype = $lang->group_default;
 200      }
 201  
 202      // Display group leaders (if there is any)
 203      $query = $db->query("
 204          SELECT g.*, u.username, u.usergroup, u.displaygroup
 205          FROM ".TABLE_PREFIX."groupleaders g
 206          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
 207          WHERE g.gid = '".$mybb->input['gid']."'
 208      ");
 209      if($db->num_rows($query))
 210      {
 211          $loop = 1;
 212          $leader_count = $db->num_rows($query);
 213          while($leader = $db->fetch_array($query))
 214          {
 215              $leader_name = format_name(htmlspecialchars_uni($leader['username']), $leader['usergroup'], $leader['displaygroup']);
 216              $leader_profile_link = build_profile_link($leader_name, $leader['uid']);
 217  
 218              // Get commas...
 219              if($loop != $leader_count)
 220              {
 221                  $comma = $lang->comma;
 222              }
 223              else
 224              {
 225                  $comma = '';
 226              }
 227  
 228              ++$loop;
 229              eval("\$leaders .= \"".$templates->get("managegroup_leaders_bit")."\";");
 230          }
 231  
 232          eval("\$group_leaders = \"".$templates->get("managegroup_leaders")."\";");
 233      }
 234  
 235      switch($db->type)
 236      {
 237          case "pgsql":
 238          case "sqlite":
 239              $query = $db->simple_select("users", "*", "','||additionalgroups||',' LIKE '%,".$mybb->input['gid'].",%' OR usergroup='".$mybb->input['gid']."'", array('order_by' => 'username'));
 240              break;
 241          default:
 242              $query = $db->simple_select("users", "*", "CONCAT(',',additionalgroups,',') LIKE '%,".$mybb->input['gid'].",%' OR usergroup='".$mybb->input['gid']."'", array('order_by' => 'username'));
 243      }
 244  
 245      $numusers = $db->num_rows($query);
 246      /*if(!$numusers && !$numrequests)
 247      {
 248          error($lang->group_no_members);
 249      }*/
 250      $perpage = $mybb->settings['membersperpage'];
 251      if($page && $page > 0)
 252      {
 253          $start = ($page-1) *$perpage;
 254      }
 255      else
 256      {
 257          $start = 0;
 258          $page = 1;
 259      }
 260      $multipage = multipage($numusers, $perpage, $page, "managegroup.php?gid=".$mybb->input['gid']);
 261      $users = "";
 262      while($user = $db->fetch_array($query))
 263      {
 264          $altbg = alt_trow();
 265          $regdate = my_date($mybb->settings['dateformat'].", ".$mybb->settings['timeformat'], $user['regdate']);
 266          $post = $user;
 267          $sendpm = $email = '';
 268          if($mybb->settings['enablepms'] == 1 && $post['receivepms'] != 0 && $mybb->usergroup['cansendpms'] == 1 && my_strpos(",".$post['ignorelist'].",", ",".$mybb->user['uid'].",") === false)
 269          {
 270              eval("\$sendpm = \"".$templates->get("postbit_pm")."\";");
 271          }
 272          
 273          if($user['hideemail'] != 1)
 274          {
 275              eval("\$email = \"".$templates->get("postbit_email")."\";");
 276          }
 277          else
 278          {
 279              $email = '';
 280          }
 281          $query1 = $db->simple_select("groupleaders", "uid", "uid='{$user['uid']}' AND gid='{$gid}'");
 282          $isleader = $db->fetch_array($query1);
 283          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 284          $user['profilelink'] = build_profile_link($user['username'], $user['uid']);
 285          if($isleader['uid'])
 286          {
 287              $leader = $lang->leader;
 288          }
 289          else
 290          {
 291              $leader = '';
 292          }
 293  
 294          // Checkbox for user management - only if current user is allowed
 295          $checkbox = '';
 296          if($groupleader['canmanagemembers'] == 1)
 297          {
 298              eval("\$checkbox = \"".$templates->get("managegroup_user_checkbox")."\";");
 299          }
 300  
 301          eval("\$users .= \"".$templates->get("managegroup_user")."\";");
 302      }
 303  
 304      if(!$users)
 305      {
 306          eval("\$users = \"".$templates->get("managegroup_no_users")."\";");
 307      }
 308  
 309      $add_user = '';
 310      $remove_users = '';
 311      if($groupleader['canmanagemembers'] == 1)
 312      {
 313          eval("\$add_user = \"".$templates->get("managegroup_adduser")."\";");
 314          eval("\$remove_users = \"".$templates->get("managegroup_removeusers")."\";");
 315      }
 316  
 317      $plugins->run_hooks("managegroup_end");
 318  
 319      eval("\$manageusers = \"".$templates->get("managegroup")."\";");
 320      output_page($manageusers);
 321  }
 322  ?>

title

Description

title

Description

title

Description

title

title

Body