Location: PHPKode > projects > chillyCMS > chillyCMS/admin/groupform.include.php
<?php
//#################################################################################################
//	Groupform helper functions
//#################################################################################################
//	chillyCMS - Content Management System
//	Copyright (C) 2008
//	Stefanie Wiegand <hide@address.com> & Johannes Cox <hide@address.com>
//	
//	This program is licensed under the GPL 3.0 license. For more information see LICENSE.txt.
//#################################################################################################
//	groupform($id)
//	update_group($id)
//	add_member($gid,$member)
//	kickout($uid)
//	change_moderator($uid)
//#################################################################################################
defined('DOIT') or die('Restricted access');

//groupform/////////////////////////////////////////////////////////////////////////////////////////
function groupform($id) {
	global $general,$myaction,$l_gform,$l_uform,$l_gen,$is_admin,$action,$page;
	//if group exists then get groupdata from db
	if ($id>0) {
		$sql = "select g.*,u.user from system_groups as g,system_users as u where gid=$id ".
		"and g.moderator=u.uid limit 1";
		$page->query($sql);
		$result = $page->db->getdata();

		$result=array_map("escape_html",$result);
		$gid		= $result["gid"];
		$name		= $result["name"];
		$backend	= $result["backend"];
		$writerights	= $result["write"];
		$moderator	= $result["moderator"];
		$user		= $result["user"];
	} else {
		$gid = $name = $backend	= $writerights = $moderator = $user = false;
	
	}
	$page->query("select `uid`,`user`,`name`,`gids` from system_users order by `user`");
	$allusers = $page->db->getdata_array();

	$groupform = "\t<div class='groupform'>\n".
	"\t\t<div class='groupsettings'>\n".
	"<h1>$myaction</h1><br />\n".
	"<form method='post' action='groupform.site.php'>".
	//GID
	"<table cellspacing='0' width='100%'><tr height='30'><td class='left'>GID</td><td class='left'>$id</td></tr>".
	//groupname	
	"<tr><td class='left'>$l_gform[lbl_name]</td>".
	"<td><input type='text' class=\"textinput\" name='name' value='$name'></input></td></tr>".
	//moderator
	"<tr><td class='left'>Moderator</td><td class='left'>";
	foreach ($allusers as $user) {
		$user=array_map("escape_html",$user);
		if ($user["uid"]==$moderator) {
			$groupform .= $user["user"].
			"<input type='hidden' name='moderator' value='$user[uid]' />";
			break;
		}
	}
	$groupform .= "</td></tr>".
	//backend access?
	"<tr><td class='left'>$l_gform[lbl_be]</td><td class='left'>".
	"<input class='middle' type='radio' name='backend' value='yes'";
	//yes
	if ($backend==1) { $groupform .= " checked='checked'"; }
	$groupform .= " /><a class=ok></a><input class='middle' type='radio' name='backend' value='no'";
	//no
	if ($backend==0) { $groupform .= " checked='checked'"; }
	$groupform .= " /><a class='cancel'></a></td></tr>".
	//write?
	"<tr><td class='left'>$l_gform[lbl_write]</td><td class='left'>".
	"<input class='middle' type='radio' name='writerights' value='yes'";
	//yes
	if ($writerights==1) { $groupform .= " checked='checked'"; }
	$groupform .= "></input><a class='ok'></a><input class='middle' type='radio' name='writerights' value='no'";
	//no
	if ($writerights==0) { $groupform .= " checked='checked'"; }
	$groupform .= " /><a class='cancel'></a></td></tr>";
	//new group??
	if ($id=="") {
		//--make groupfolder?
		$groupform .= "<tr><td class='left'>$l_gform[lbl_mkgdir]</td><td class='left'>".
		"<input type='checkbox' name='makedir' /></td></tr>";
		//--make groupmenu?
		$groupform .= "<tr><td class='left'>$l_gform[lbl_mkgmenu]</td><td class='left'>".
		"<input type='checkbox' name='makemenu' /></td></tr>";
	}
	$groupform .= "</table>".
	"<input type='hidden' name='do' value='updategroup' />".
	"<input type='hidden' name='action' value='$action' />".
	"<input type='hidden' name='myaction' value='$myaction' />".
	"<input type='hidden' name='id' value='$id' /><br />".
	//save button
	"<input class='button' type='submit' name='savebutton' value='$l_gen[lbl_save]'></input>".
	"</form>".
	//reload button
	"<form method='post' action='groupform.site.php'>".
	"<input class='button' type='submit' value='$l_gen[lbl_reload]' />".
	"<input type='hidden' name='action' value='$action' />".
	"<input type='hidden' name='id' value='$id' />".
	"</form>".
	//cancel button
	"<form action='usersgroups.site.php'>".
	"<input class='button' type='submit' value='$l_gen[lbl_cancel]'></input></form>".
	"</div>";
	//members
	if ($id!="") {
		$groupform .= "<div class='groupmembers'>".
		"<h1 class='floatleft'>$l_gform[lbl_members]</h1>";
		$memberstable = "<br /><br /><table class=\"realtable\" width='100%' cellspacing='0'>".
		"<tr><th>$l_uform[lbl_name]</th>".
		"<th width='100' class='center'>$l_gform[lbl_moderator]?</th>".
		"<th width='100' class='center'>$l_gform[lbl_kickout]</th></tr>";
		$options=array();
		$style="odd";
		foreach ($allusers as $user) {
			$user=array_map("escape_html",$user);
			$gids=explode(",",$user["gids"]);
			//kickout button
			if (in_array($id,$gids)) {
				$kickout="\t\t\t\t\t<form method='post' action='groupform.site.php'>\n".
				"\t\t\t\t\t\t<input type='hidden' name='action' value='$action' />\n".
				"\t\t\t\t\t\t<input type='hidden' name='id' value='$id' />\n".
				"\t\t\t\t\t\t<input type='hidden' name='kickout' value='$user[uid]' />\n".
				"\t\t\t\t\t\t<input type='submit' value=\" \" class='delete' title='$l_gform[lbl_kickout]' />\n".
				"\t\t\t\t\t</form>\n";
				//moderator?
				if ($moderator==$user["uid"]) {
					$mod="\t\t\t\t\t<form method='post' action='groupform.site.php'>\n".
					"\t\t\t\t\t\t<input type='hidden' name='action' value='$action' />\n".
					"\t\t\t\t\t\t<input type='hidden' name='id' value='$id' />\n".
					"\t\t\t\t\t\t<input type='hidden' name='chmod' value='1' />\n".
					"\t\t\t\t\t\t<input type='submit' value=\" \" class='useractive' ".
					"title='$l_gform[lbl_mod_dism]' />\n".
					"\t\t\t\t\t</form>\n";
				} else {
					$mod="\t\t\t\t\t<form method='post' action='groupform.site.php'>\n".
					"\t\t\t\t\t\t<input type='hidden' name='action' value='$action' />\n".
					"\t\t\t\t\t\t<input type='hidden' name='id' value='$id' />\n".
					"\t\t\t\t\t\t<input type='hidden' name='chmod' value='$user[uid]' />\n".
					"\t\t\t\t\t\t<input type='submit' value=\" \" class='userinactive' ".
					"title='$l_gform[lbl_mod_app]' />\n".
					"\t\t\t\t\t</form>\n";
				}
				$memberstable .= "\t<tr class='$style'>".
				"<td class='left'>$user[user] ($user[name])</td>".
				"<td>$mod</td>".
				"<td>$kickout</td>".
				"</tr>\n";
				if ($style=="odd") { $style="even"; } else { $style="odd"; }
			} else {
				$options[]=$user;
			}
		}
		$memberstable .= "</table>";
		//add user to group - menu
		if (!empty($options)) {
			$groupform .= "<form method='post' action='groupform.site.php'>".
			"<input type='submit' class='floatright' name='addbutton' value='$l_gen[lbl_add]' />".
			"<select class='floatright' name='members'>";
			foreach ($options as $user) {
				$userinfo=$user["uid"].":".$user["gids"];
				$groupform .= "<option value='$userinfo'>".$user["user"]." (".$user["name"].")"."</option>";
			}
			$groupform .= "</select>".
			"<span class='dropdownspan'>$l_gform[lbl_adduser]</span>".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='$action' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$id' />\n".
			"</form>";
		}
		$groupform .= $memberstable.
		"</div>";
	}
	$groupform .= "<div class='clr'></div>\n\t</div>\n";
	
	return $groupform;
}
//Update group//////////////////////////////////////////////////////////////////////////////////////
function update_group($id) {
	global $l_ugs,$l_gform,$l_gen,$mysession,$page;
	
	$errors=0;
	//you can't edit the admin or usergroup!
	if ($id>0 && $id<3) { return array($l_ugs["msg_editau_err"],"bad"); }
	$name=num_text($_POST["name"]);
	if ($name=="") { return array($l_ugs["msg_gnamechars_err"],"bad"); }
	
	//check if the groupname already exists
	if ($id!="") { $sql= "select `gid` from system_groups where `name`='$name' and not `gid`=$id"; }
	else { $sql= "select `gid` from system_groups where `name`='$name'"; }
	$page->query($sql);

	//groupname already exists
	if ($page->db->query_count()>0) { return array($l_ugs["msg_gnameexists_err"],"bad"); }

	if (isset($_POST["chmod"])) {
		$moderator = intval($_GET["chmod"]);
	} elseif (isset($_POST["moderator"])) {
		$moderator = intval($_POST["moderator"]);
	} else {
		$moderator = 1;
	}
	if ($moderator==0) { $moderator=1; }
	$backend=$read=$write=0;
	if ($_POST["backend"]=="yes")		{ $backend=1; }	else { $backend=0; }
	if ($_POST["writerights"]=="yes")	{ $write=1; }	else { $write=0; }
	//edit group
	if ($id>2) {
		$sql="update system_groups set `name`='$name',`backend`=$backend,`write`=$write,".
		"`moderator`=$moderator where `gid`=$id";
	} else {
	//new group
		$sql="insert into system_groups (`name`,`backend`,`write`,`moderator`) values ".
		"('$name',$backend,$write,$moderator)";
	}
	
	if ($page->query($sql)) {
		//create groupfolder if new group was created
		if (isset($_POST["makedir"]) && $_POST["makedir"]=="on") {
			$path = PATH."/media";
			if (!make_dir($path,$name)) { $errors+=1; }
		}
		//create a usermenu?
		if (isset($_POST["makemenu"]) && $_POST["makemenu"]=="on") {
			//Next content id
			$nextcont = $page->db->next_autoincrement("site_content");
			//Next GID
			$nextgid = $page->db->next_autoincrement("system_groups")-1;
			//make content
			$page->query("start transaction");

			$page->query("select `id` from site_content where `depth`=0 and `parentid`=0 and ".
			"`next`=0 and `id`<$nextcont limit 1");

			$prev = $page->db->getdata();
			$prev = $prev["id"];
			$uid = $mysession->user->uid;
			$sql = "insert into site_content (`id`,`name`,`treeid`,`depth`,`parentid`,`order`,`active`,`startpage`,".
			"`modid`,`settings`,`access`,`specialaccess`,`uid`,`date_new`,`date_edit`,`views`,`content`) ".
			"values ($nextcont,'$name Menu',$nextcont,0,0,0,1,0,1,'',0,'$nextgid',$uid,now(),now(),0,'')";
			
			if (!$page->query($sql)) {
				$errors+=2;
			} else {
				//make module
				$sql="insert into site_modules (`name`,`modid`,`position`,`order`,`active`,`access`,".
				"`specialaccess`,`settings`) values ('$name Menu',2,'inactive',0,0,2,'$nextgid',".
				"'$nextcont,1,1,0')";
				if (!$page->query($sql)) { $errors+=4; }
			}
			if ($errors==0) { $sql="commit"; } else { $sql="rollback"; }
			while(1) {
				if ($page->query($sql)) { break; }
			}
		}
		switch ($errors) {
			case 0:	//everything ok
				return array("$l_gform[lbl_group] \"$name\" $l_ugs[msg_sav_ok]","good");
				break;
			case 1:	//group ok, folder creation failed
				return array($l_ugs["msg_mkgerr1_ok"],"good");
				break;
			case 2:	//group and folder ok, menu creation failed
				return array($l_ugs["msg_mkgerr2_ok"],"good");
				break;
			case 3:	//group ok, folder and menu creation failed
				return array($l_ugs["msg_mkgerr3_ok"],"good");
				break;
			case 4:	//group, folder and menu ok, module creation failed
				return array($l_ugs["msg_mkgerr4_ok"],"good");
				break;
			default://any other error
				return array("$l_ugs[msg_sav_err] $l_gform[lbl_group] \"$name\"","bad");
		}
	} else {
		return array("$l_ugs[msg_sav_err] $l_gform[lbl_group] \"$name\"","bad");
	}
}
//Add a member to the group////////////////////////////////////////////////////////////////////////
function add_member($gid,$member) {
	global $l_gform,$page;
	
	$usertoadd=explode(":",$_POST["members"]);
	$olduids=explode(",",$usertoadd[1]);
	$msg=array($l_gform["msg_addu_err"],"bad");
	//ckeck if the user is already in that group or is admin
	if (!in_array($gid,$olduids)) {
		$uidtoadd=intval($usertoadd[0]);
		$gidstoadd=escape($usertoadd[1].",".$gid);
		$sql="update system_users set `gids`='$gidstoadd' where `uid`=$uidtoadd limit 1";
		if ($page->query($sql)) {
			$msg=array($l_gform["msg_addu_ok"],"good");
		}
	}
	return $msg;
}
//Kick user out of group///////////////////////////////////////////////////////////////////////////
function kickout($uid) {
	global $id,$l_gform,$page;
	
	$error=true;
	if ($uid>0) {
		$page->query("select `gids` from system_users where `uid`=$uid limit 1");
		$gids=$page->db->getdata();
		$gids=$gids["gids"];
		//update that user's gids
		$gids=explode(",",$gids);
		remove_by_val($gids,$id);
		$gids=implode(",",$gids);
		if ($gids=="") {
			if ($uid==1) { $gids="1"; }
			else { $gids="2"; }
		}

		if ($page->query("update system_users set `gids`='$gids' where `uid`=$uid")) {
			$page->query("select `moderator` from system_groups where `gid`=$id limit 1");
			$mod=$page->db->getdata();
			if($mod["moderator"]==$uid) {
				$sql="update system_groups set `moderator`=1 where `gid`=$id";
				if ($page->query($sql)) { $error=false; }
			} else {
				$error=false;
			}
		}
	}
	if (!$error) { return array($l_gform["msg_kickout_ok"],"good"); }
	else { return array($l_gform["msg_kickout_err"],"bad"); }
}
//Change the moderator of a group//////////////////////////////////////////////////////////////////
function change_moderator($uid) {
	global $id,$l_gform,$page;
	
	if ($uid>0 and $id>2) {
		if ($page->query("update system_groups set `moderator`=$uid where `gid`=$id")) {
			return array($l_gform["msg_chmod_ok"],"good");
		}
	}
	return array($l_gform["msg_chmod_err"],"bad");
}
?>
Return current item: chillyCMS