Location: PHPKode > projects > MyBB - Bullitin Board > Upload/admin/adminoptions.php
<?php
/**
 * MyBB 1.2
 * Copyright © 2006 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/eula.html
 *
 * $Id: adminoptions.php 2932 2007-03-10 05:48:55Z chris $
 */

define("IN_MYBB", 1);

require_once "./global.php";

// Load language packs for this section
global $lang;
$lang->load("adminoptions");

logadmin();

switch($mybb->input['action'])
{
	case "adminpermissions":
	case "updateperms":
		addacpnav($lang->nav_admin_permissions, "adminoptions.php?".SID."&action=adminpermissions");
		break;
	case "":
	case "updateprefs":
		addacpnav($lang->nav_admin_prefs);
		break;
}

$plugins->run_hooks("admin_adminoptions_start");
	
if($mybb->input['action'] == "do_updateprefs")
{
	$options = array(
		"limit" => "1"
	);
	$query = $db->simple_select(TABLE_PREFIX."adminoptions", "*", "uid='$user[uid]'", $options);
	$adminoptions = $db->fetch_array($query);
	$sqlarray = array(
		"notes" => $db->escape_string($mybb->input['notes']),
		"cpstyle" => $db->escape_string($mybb->input['cpstyle']),
		);
	$plugins->run_hooks("admin_adminoptions_do_updateprefs");
	if(isset($adminoptions['uid']))
	{
		$db->update_query(TABLE_PREFIX."adminoptions", $sqlarray, "uid='".$user['uid']."'");
	}
	else
	{
		$db->insert_query(TABLE_PREFIX."adminoptions", $sqlarray);
	}
	cpredirect("adminoptions.php?".SID, $lang->prefs_updated);
}
if($mybb->input['action'] == "revokeperms")
{
	$uid = intval($mybb->input['uid']);
	
	if(is_super_admin($uid) && $mybb->user['uid'] != $uid)
	{
		cperror($lang->cannot_perform_action_super_admin);
	}
	
	checkadminpermissions("caneditaperms");

	$newperms = array(
		"permsset" => 0
		);
	$plugins->run_hooks("admin_adminoptions_revokeperms");
	$db->update_query(TABLE_PREFIX."adminoptions", $newperms, "uid='$uid'");

	if($uid < 0)
	{
		cpredirect("adminoptions.php?".SID."&action=adminpermissions", $lang->group_perms_revoked);
	}
	else
	{
		cpredirect("adminoptions.php?".SID."&action=adminpermissions", $lang->perms_revoked);
	}
}
if($mybb->input['action'] == "do_updateperms")
{
	$uid = intval($mybb->input['uid']);
	
	if(is_super_admin($uid) && $mybb->user['uid'] != $uid)
	{
		cperror($lang->cannot_perform_action_super_admin);
	}
	
	checkadminpermissions("caneditaperms");

	// Check if there are custom permissions for this admin.
	$options = array(
		"limit" => "1"
	);
	$query = $db->simple_select(TABLE_PREFIX."adminoptions", "permsset", "uid='$uid'", $options);
	$adminoptions = $db->fetch_array($query);

	// If no custom permissions are set for this admin, create a blank custom set first.
	if(!isset($adminoptions['permsset']))
	{
		$options_update = array(
			"uid" => $uid,
			"notes" => ""
		);
		$db->insert_query(TABLE_PREFIX."adminoptions", $options_update);
	}

	// Update the admin to the new permissions.
	$newperms = $mybb->input['newperms'];
	$sqlarray = array(
		"permsset" => '1',
		"caneditsettings" => $db->escape_string($newperms['caneditsettings']),
		"caneditann" => $db->escape_string($newperms['caneditann']),
		"caneditforums" => $db->escape_string($newperms['caneditforums']),
		"canmodposts" => $db->escape_string($newperms['canmodposts']),
		"caneditsmilies" => $db->escape_string($newperms['caneditsmilies']),
		"caneditpicons" => $db->escape_string($newperms['caneditpicons']),
		"caneditthemes" => $db->escape_string($newperms['caneditthemes']),
		"canedittemps" => $db->escape_string($newperms['canedittemps']),
		"caneditusers" => $db->escape_string($newperms['caneditusers']),
		"caneditpfields" => $db->escape_string($newperms['caneditpfields']),
		"caneditugroups" => $db->escape_string($newperms['caneditugroups']),
		"caneditaperms" => $db->escape_string($newperms['caneditaperms']),
		"caneditutitles" => $db->escape_string($newperms['caneditutitles']),
		"caneditattach" => $db->escape_string($newperms['caneditattach']),
		"canedithelp" => $db->escape_string($newperms['canedithelp']),
		"caneditlangs" => $db->escape_string($newperms['caneditlangs']),
		"canrunmaint" => $db->escape_string($newperms['canrunmaint']),
		"canrundbtools" => $db->escape_string($newperms['canrundbtools']),
	);
		
	$plugins->run_hooks("admin_adminoptions_do_updateperms");
	
	$db->update_query(TABLE_PREFIX."adminoptions", $sqlarray, "uid='$uid'");

	// Redirect based on what the user did.
	if($uid == 0)
	{
		cpredirect("adminoptions.php?".SID."&action=adminpermissions", $lang->default_perms_updated);
	}
	elseif($uid < 0)
	{
		cpredirect("adminoptions.php?".SID."&action=adminpermissions", $lang->group_perms_updated);
	}
	else
	{
		cpredirect("adminoptions.php?".SID."&action=adminpermissions", $lang->perms_updated);
	}
}
if($mybb->input['action'] == "updateperms")
{
	$uid = intval($mybb->input['uid']);
	if(is_super_admin($uid) && $mybb->user['uid'] != $uid)
	{
		cperror($lang->cannot_perform_action_super_admin);
	}
	checkadminpermissions("caneditaperms");

	$plugins->run_hooks("admin_adminoptions_updateperms");
	
	if($uid > 0)
	{
		$query = $db->query("
			SELECT u.uid, u.username, g.cancp, g.gid
			FROM (".TABLE_PREFIX."users u, ".TABLE_PREFIX."usergroups g)
			WHERE u.uid='$uid'
			AND u.usergroup=g.gid
			AND g.cancp='yes'
			LIMIT 1
		");
		$admin = $db->fetch_array($query);
		$tsub = sprintf($lang->edit_admin_perms, $admin['username']);
		$permissions = getadminpermissions($uid, $admin['gid']);
		$lang->nav_edit_permissions = sprintf($lang->nav_edit_permissions, $admin['username']);
		addacpnav($lang->nav_edit_permissions);
	}
	elseif($uid < 0)
	{
		$gid = abs($uid);
		$query = $db->simple_select(TABLE_PREFIX."usergroups", "title", "gid='$gid'");
		$group = $db->fetch_array($query);
		$tsub = sprintf($lang->edit_admin_group_perms, $group['title']);
		$permissions = getadminpermissions("", $gid);
		$lang->nav_edit_permissions = sprintf($lang->nav_edit_group_permissions, $group['title']);
		addacpnav($lang->nav_edit_permissions);
	}
	else
	{
		$tsub = $lang->edit_default_perms;
		$query = $db->simple_select(TABLE_PREFIX."adminoptions", "*", "uid='0'");
		$permissions = $db->fetch_array($query);
		addacpnav($lang->nav_edit_def_permissions);
	}
	cpheader();
	startform("adminoptions.php", "", "do_updateperms");
	makehiddencode("uid", $uid);
	starttable();
	tableheader($lang->edit_perms);
	tablesubheader("$tsub");
	makeyesnocode($lang->can_manage_settings, "newperms[caneditsettings]", $permissions['caneditsettings']);
	makeyesnocode($lang->can_manage_announcements, "newperms[caneditann]", $permissions['caneditann']);
	makeyesnocode($lang->can_manage_forums, "newperms[caneditforums]", $permissions['caneditforums']);
	makeyesnocode($lang->can_moderate_posts, "newperms[canmodposts]", $permissions['canmodposts']);
	makeyesnocode($lang->can_manage_smilies, "newperms[caneditsmilies]", $permissions['caneditsmilies']);
	makeyesnocode($lang->can_manage_posticons, "newperms[caneditpicons]", $permissions['caneditpicons']);
	makeyesnocode($lang->can_manage_themes, "newperms[caneditthemes]", $permissions['caneditthemes']);
	makeyesnocode($lang->can_manage_templates, "newperms[canedittemps]", $permissions['canedittemps']);
	makeyesnocode($lang->can_manage_users, "newperms[caneditusers]", $permissions['caneditusers']);
	makeyesnocode($lang->can_manage_profilefields, "newperms[caneditpfields]", $permissions['caneditpfields']);
	makeyesnocode($lang->can_manage_usergroups, "newperms[caneditugroups]", $permissions['caneditugroups']);
	makeyesnocode($lang->can_manage_adminperms, "newperms[caneditaperms]", $permissions['caneditaperms']);
	makeyesnocode($lang->can_manage_usertitles, "newperms[caneditutitles]", $permissions['caneditutitles']);
	makeyesnocode($lang->can_manage_attachments, "newperms[caneditattach]", $permissions['caneditattach']);
	makeyesnocode($lang->can_manage_helpdocs, "newperms[canedithelp]", $permissions['canedithelp']);
	makeyesnocode($lang->can_manage_languages, "newperms[caneditlangs]", $permissions['caneditlangs']);
	makeyesnocode($lang->can_use_maint, "newperms[canrunmaint]", $permissions['canrunmaint']);
	makeyesnocode($lang->can_use_dbbackup, "newperms[canrundbtools]", $permissions['canrundbtools']);
	$plugins->run_hooks("admin_adminoptions_adminpermissions_yesnocodes");
	endtable();
	endform($lang->update_permissions, $lang->reset_button);


	cpfooter();
}
if($mybb->input['action'] == "adminpermissions")
{
	$plugins->run_hooks("admin_adminoptions_adminpermissions");

	checkadminpermissions("caneditaperms");
		
	// Get usergroups with ACP access
	$usergroups = array();
	$query = $db->simple_select(TABLE_PREFIX."usergroups", "*", "cancp='yes'");
	while($usergroup = $db->fetch_array($query))
	{
		$usergroups[$usergroup['gid']] = $usergroup;
	}

	cpheader();
	starttable();
	tableheader($lang->admin_perms.makelinkcode($lang->edit_default, "adminoptions.php?".SID."&action=updateperms&uid=0", "", "header"), "", 4);
	echo "<tr>\n";
	echo "<td class=\"subheader\">$lang->username</td>\n";
	echo "<td class=\"subheader\">$lang->lastactive</td>\n";
	echo "<td class=\"subheader\">$lang->perm_options</td>\n";
	echo "<td class=\"subheader\">$lang->options</td>\n";
	echo "</tr>\n";
	// Get users whose primary or secondary usergroup has ACP access
	$comma = $primary_group_list = $secondary_group_list = '';
	foreach($usergroups as $gid => $group_info)
	{
		$primary_group_list .= $comma.$gid;
		$secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'";
		$comma = ',';
	}
	$group_list = implode(',', array_keys($usergroups));
	$secondary_groups = ','.$group_list.',';
	$query = $db->query("
		SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permsset
		FROM ".TABLE_PREFIX."users u
		LEFT JOIN ".TABLE_PREFIX."adminoptions a
		ON (a.uid=u.uid)
		WHERE (u.usergroup IN ({$primary_group_list}) {$secondary_group_list})
		ORDER BY u.username ASC
	");
	while($admin = $db->fetch_array($query))
	{
		$la = my_date($mybb->settings['dateformat'].",".$mybb->settings['timeformat'], $admin['lastactive']);
		$bgcolor = getaltbg();
		$usergroup_list = array();
		// Build a list of group memberships that have access to the Admin CP
		// Primary usergroup?
		if($usergroups[$admin['usergroup']]['cancp'] == "yes")
		{
			$usergroup_list[] = $usergroups[$admin['usergroup']]['title'];
		}
		// Secondary usergroups?
		$additional_groups = explode(',', $admin['additionalgroups']);
		if(is_array($additional_groups))
		{
			foreach($additional_groups as $gid)
			{
				if($usergroups[$gid]['cancp'] == "yes")
				{
					$usergroup_list[] = $usergroups[$gid]['title'];
				}
			}
		}
		$usergroup_list = implode(", ", $usergroup_list);
		echo "<tr>\n";
		echo "<td class=\"$bgcolor\">{$admin['username']}<br /><small>{$usergroup_list}</small></td>\n";
		echo "<td class=\"$bgcolor\">$la</td>\n";
		echo "<td class=\"$bgcolor\">";
		if($admin['permsset'])
		{
			echo makelinkcode($lang->edit_perms2, "adminoptions.php?".SID."&action=updateperms&uid=$admin[uid]");
			echo makelinkcode($lang->revoke_custom_perms, "adminoptions.php?".SID."&action=revokeperms&uid=$admin[uid]");
		}
		else
		{
			echo makelinkcode($lang->set_perms, "adminoptions.php?".SID."&action=updateperms&uid=$admin[uid]");
		}
		echo "</td>\n";
		echo "<td class=\"$bgcolor\">";
		echo makelinkcode($lang->admin_log, "adminlogs.php?".SID."&action=view&fromadmin=$admin[uid]")."\n";
		echo "</td>\n";
		echo "</tr>\n";
	}
	endtable();

	// Usergroup list
	starttable();
	tableheader($lang->admin_group_perms);
	echo "<tr>\n";
	echo "<td class=\"subheader\">$lang->groupname</td>\n";
	echo "<td class=\"subheader\">$lang->perm_options</td>\n";
	echo "</tr>\n";
	$query = $db->query("
		SELECT g.title, g.cancp, a.permsset, g.gid
		FROM (".TABLE_PREFIX."usergroups g)
		LEFT JOIN ".TABLE_PREFIX."adminoptions a
		ON (a.uid = -g.gid)
		WHERE g.cancp='yes'
		ORDER BY g.title ASC
	");
	while($group = $db->fetch_array($query))
	{
		$bgcolor = getaltbg();
		echo "<tr>\n";
		echo "<td class=\"$bgcolor\">$group[title]</td>\n";
		echo "<td class=\"$bgcolor\">";
		$uid = -$group['gid'];
		if($group['permsset'])
		{
			echo makelinkcode($lang->edit_perms2, "adminoptions.php?".SID."&action=updateperms&uid=$uid");
			echo makelinkcode($lang->revoke_custom_perms, "adminoptions.php?".SID."&action=revokeperms&uid=$uid");
		}
		else
		{
			echo makelinkcode($lang->set_perms, "adminoptions.php?".SID."&action=updateperms&uid=$uid");
		}
		echo "</td>\n";
		echo "</tr>\n";
	}
	endtable();
	cpfooter();

}
if($mybb->input['action'] == "updateprefs" || $mybb->input['action'] == "")
{
	
	$query = $db->simple_select(TABLE_PREFIX."adminoptions", "*", "uid='$user[uid]'");
	$adminoptions = $db->fetch_array($query);

	$plugins->run_hooks("admin_adminoptions_updateprefs");
	
	$dir = @opendir(MYBB_ADMIN_DIR."/styles");
	while($folder = readdir($dir))
	{
		if($folder != "." && $folder != ".." && @file_exists(MYBB_ADMIN_DIR."/styles/$folder/stylesheet.css"))
		{
			$folders[$folder] = $folder;
		}
	}
	closedir($dir);
	ksort($folders);
	foreach($folders as $key => $val)
	{
		if($val == $adminoptions['cpstyle'])
		{
			$sel = "selected";
		}
		else
		{
			$sel = "";
		}
		$options .= "<option value=\"$val\" $sel>$val</option>\n";
	}
	cpheader();
	startform("adminoptions.php", "", "do_updateprefs");
	starttable();
	tableheader($lang->cp_prefs);
	tablesubheader($lang->prefs);
	makelabelcode($lang->cp_style, "<select name=\"cpstyle\" size=\"4\">\n<option value=\"\">Default</option>\n<option value=\"\">---------</option>\n$options</select>");
	tablesubheader($lang->notepad);
	makelabelcode("<div align=\"center\"><textarea name=\"notes\" rows=\"25\" cols=\"80\">$adminoptions[notes]</textarea></div>", "", 2);
	endtable();
	endform($lang->update_prefs, $lang->reset_button);
	cpfooter();
}
?>
Return current item: MyBB - Bullitin Board