[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> managegroup.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'managegroup.php');
  13  
  14  $templatelist = "managegroup_leaders_bit,managegroup_leaders,postbit_pm,postbit_email,managegroup_user_checkbox,managegroup_user,managegroup_adduser,managegroup_removeusers,managegroup,managegroup_joinrequests_request,managegroup_joinrequests";
  15  $templatelist .= ",managegroup_requestnote,managegroup_no_users,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  16  
  17  require_once  "./global.php";
  18  
  19  // Load language files
  20  $lang->load("managegroup");
  21  
  22  $gid = $mybb->get_input('gid', MyBB::INPUT_INT);
  23  if(!isset($groupscache[$gid]))
  24  {
  25      error($lang->invalid_group);
  26  }
  27  $usergroup = $groupscache[$gid];
  28  $lang->nav_group_management = $lang->sprintf($lang->nav_group_management, htmlspecialchars_uni($usergroup['title']));
  29  add_breadcrumb($lang->nav_group_memberships, "usercp.php?action=usergroups");
  30  add_breadcrumb($lang->nav_group_management, "managegroup.php?gid=$gid");
  31  
  32  $mybb->input['action'] = $mybb->get_input('action');
  33  
  34  if($mybb->input['action'] == "joinrequests")
  35  {
  36      add_breadcrumb($lang->nav_join_requests);
  37  }
  38  
  39  // Check that this user is actually a leader of this group
  40  $query = $db->simple_select("groupleaders", "*", "uid='{$mybb->user['uid']}' AND gid='{$gid}'");
  41  $groupleader = $db->fetch_array($query);
  42  
  43  if(!$groupleader['uid'] && $mybb->usergroup['cancp'] != 1)
  44  {
  45      error($lang->not_leader_of_this_group);
  46  }
  47  
  48  if($mybb->input['action'] == "do_add" && $mybb->request_method == "post")
  49  {
  50      // Verify incoming POST request
  51      verify_post_check($mybb->get_input('my_post_key'));
  52  
  53      if($groupleader['canmanagemembers'] == 0)
  54      {
  55          error_no_permission();
  56      }
  57  
  58      $plugins->run_hooks("managegroup_do_add_start");
  59  
  60      $options = array(
  61          'fields' => array('additionalgroups', 'usergroup')
  62      );
  63  
  64      $user = get_user_by_username($mybb->get_input('username'), $options);
  65  
  66      if($user['uid'])
  67      {
  68          $additionalgroups = explode(',', $user['additionalgroups']);
  69          if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups))
  70          {
  71              join_usergroup($user['uid'], $gid);
  72              $db->delete_query("joinrequests", "uid='{$user['uid']}' AND gid='{$gid}'");
  73              $plugins->run_hooks("managegroup_do_add_end");
  74              redirect("managegroup.php?gid=".$gid, $lang->user_added);
  75          }
  76          else
  77          {
  78              error($lang->error_alreadyingroup);
  79          }
  80      }
  81      else
  82      {
  83          error($lang->error_invalidusername);
  84      }
  85  }
  86  elseif($mybb->input['action'] == "do_invite" && $mybb->request_method == "post")
  87  {
  88      // Verify incoming POST request
  89      verify_post_check($mybb->get_input('my_post_key'));
  90  
  91      if($groupleader['caninvitemembers'] == 0)
  92      {
  93          error_no_permission();
  94      }
  95  
  96      $plugins->run_hooks("managegroup_do_invite_start");
  97  
  98      $options = array(
  99          'fields' => array('additionalgroups', 'usergroup', 'language')
 100      );
 101  
 102      $user = get_user_by_username($mybb->get_input('inviteusername'), $options);
 103  
 104      if($user['uid'])
 105      {
 106          $additionalgroups = explode(',', $user['additionalgroups']);
 107          if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups))
 108          {
 109              $query = $db->simple_select("joinrequests", "rid", "uid = '".(int)$user['uid']."' AND gid = '".(int)$gid."'", array("limit" => 1));
 110              $pendinginvite = $db->fetch_array($query);
 111              if($pendinginvite['rid'])
 112              {
 113                  error($lang->error_alreadyinvited);
 114              }
 115              else
 116              {
 117                  $usergroups_cache = $cache->read('usergroups');
 118                  $usergroup = $usergroups_cache[$gid];
 119  
 120                  $joinrequest = array(
 121                      "uid" => $user['uid'],
 122                      "gid" => $usergroup['gid'],
 123                      "dateline" => TIME_NOW,
 124                      "invite" => 1
 125                  );
 126                  $db->insert_query("joinrequests", $joinrequest);
 127  
 128                  $lang_var = 'invite_pm_message';
 129                  if($mybb->settings['deleteinvites'] != 0)
 130                  {
 131                      $lang_var .= '_expires';
 132                  }
 133  
 134                  $pm = array(
 135                      'subject' => array('invite_pm_subject', $usergroup['title']),
 136                      'message' => array($lang_var, $usergroup['title'], $mybb->settings['bburl'], $mybb->settings['deleteinvites']),
 137                      'touid' => $user['uid'],
 138                      'language' => $user['language'],
 139                      'language_file' => 'managegroup'
 140                  );
 141  
 142                  send_pm($pm, $mybb->user['uid'], true);
 143  
 144                  $plugins->run_hooks("managegroup_do_invite_end");
 145  
 146                  redirect("managegroup.php?gid=".$gid, $lang->user_invited);
 147              }
 148          }
 149          else
 150          {
 151              error($lang->error_alreadyingroup);
 152          }
 153      }
 154      else
 155      {
 156          error($lang->error_invalidusername);
 157      }
 158  }
 159  elseif($mybb->input['action'] == "do_joinrequests" && $mybb->request_method == "post")
 160  {
 161      // Verify incoming POST request
 162      verify_post_check($mybb->get_input('my_post_key'));
 163  
 164      if($groupleader['canmanagerequests'] == 0)
 165      {
 166          error_no_permission();
 167      }
 168  
 169      $plugins->run_hooks("managegroup_do_joinrequests_start");
 170  
 171      $uidin = null;
 172      if(is_array($mybb->get_input('request', MyBB::INPUT_ARRAY)))
 173      {
 174          $uidin = array();
 175          foreach($mybb->get_input('request', MyBB::INPUT_ARRAY) as $uid => $what)
 176          {
 177              if($what == "accept")
 178              {
 179                  join_usergroup($uid, $gid);
 180                  $uidin[] = (int)$uid;
 181              }
 182              elseif($what == "decline")
 183              {
 184                  $uidin[] = (int)$uid;
 185              }
 186          }
 187      }
 188      if(is_array($uidin) && !empty($uidin))
 189      {
 190          $uids = implode(",", $uidin);
 191          $db->delete_query("joinrequests", "uid IN ({$uids}) AND gid='{$gid}'");
 192      }
 193  
 194      $plugins->run_hooks("managegroup_do_joinrequests_end");
 195  
 196      redirect("managegroup.php?gid={$gid}", $lang->join_requests_moderated);
 197  }
 198  elseif($mybb->input['action'] == "joinrequests")
 199  {
 200      $users = "";
 201      $plugins->run_hooks("managegroup_joinrequests_start");
 202  
 203      $query = $db->query("
 204          SELECT j.*, u.uid, u.username, u.postnum, u.regdate
 205          FROM ".TABLE_PREFIX."joinrequests j
 206          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=j.uid)
 207          WHERE j.gid='{$gid}' AND j.uid != 0
 208          ORDER BY u.username ASC
 209      ");
 210      while($user = $db->fetch_array($query))
 211      {
 212          $user['reason'] = htmlspecialchars_uni($user['reason']);
 213          $altbg = alt_trow();
 214          $regdate = my_date($mybb->settings['dateformat'], $user['regdate']);
 215          $user['username'] = htmlspecialchars_uni($user['username']);
 216          $user['profilelink'] = build_profile_link($user['username'], $user['uid']);
 217          eval("\$users .= \"".$templates->get("managegroup_joinrequests_request")."\";");
 218      }
 219      if(!$users)
 220      {
 221          error($lang->no_requests);
 222      }
 223      $lang->join_requests = $lang->sprintf($lang->join_requests_title, htmlspecialchars_uni($usergroup['title']));
 224  
 225      $plugins->run_hooks("managegroup_joinrequests_end");
 226  
 227      eval("\$joinrequests = \"".$templates->get("managegroup_joinrequests")."\";");
 228      output_page($joinrequests);
 229  }
 230  elseif($mybb->input['action'] == "do_manageusers" && $mybb->request_method == "post")
 231  {
 232      // Verify incoming POST request
 233      verify_post_check($mybb->get_input('my_post_key'));
 234  
 235      if($groupleader['canmanagemembers'] == 0)
 236      {
 237          error_no_permission();
 238      }
 239  
 240      $plugins->run_hooks("managegroup_do_manageusers_start");
 241  
 242      if(is_array($mybb->get_input('removeuser', MyBB::INPUT_ARRAY)))
 243      {
 244          foreach($mybb->get_input('removeuser', MyBB::INPUT_ARRAY) as $uid)
 245          {
 246              leave_usergroup($uid, $gid);
 247          }
 248      }
 249      else
 250      {
 251          error($lang->no_users_selected);
 252      }
 253  
 254      $plugins->run_hooks("managegroup_do_manageusers_end");
 255  
 256      redirect("managegroup.php?gid={$gid}", $lang->users_removed);
 257  }
 258  else
 259  {
 260      $plugins->run_hooks("managegroup_start");
 261  
 262      $lang->members_of = $lang->sprintf($lang->members_of, htmlspecialchars_uni($usergroup['title']));
 263      $lang->add_member = $lang->sprintf($lang->add_member, htmlspecialchars_uni($usergroup['title']));
 264      $lang->invite_member = $lang->sprintf($lang->invite_member, htmlspecialchars_uni($usergroup['title']));
 265      $joinrequests = '';
 266      if($usergroup['type'] == 5)
 267      {
 268          $usergrouptype = $lang->group_public_invite;
 269      }
 270      elseif($usergroup['type'] == 4)
 271      {
 272          $query = $db->simple_select("joinrequests", "COUNT(*) AS req", "gid='{$gid}'");
 273          $numrequests = $db->fetch_array($query);
 274          if($numrequests['req'])
 275          {
 276              $lang->num_requests_pending = $lang->sprintf($lang->num_requests_pending, $numrequests['req']);
 277              eval("\$joinrequests = \"".$templates->get("managegroup_requestnote")."\";");
 278          }
 279          $usergrouptype = $lang->group_public_moderated;
 280      }
 281      elseif($usergroup['type'] == 3)
 282      {
 283          $usergrouptype = $lang->group_public_not_moderated;
 284      }
 285      elseif($usergroup['type'] == 2)
 286      {
 287          $usergrouptype = $lang->group_private;
 288      }
 289      else
 290      {
 291          $usergrouptype = $lang->group_default;
 292      }
 293  
 294      $group_leaders = '';
 295  
 296      // Display group leaders (if there is any)
 297      $query = $db->query("
 298          SELECT g.*, u.username, u.usergroup, u.displaygroup
 299          FROM ".TABLE_PREFIX."groupleaders g
 300          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
 301          WHERE g.gid = '{$gid}'
 302      ");
 303  
 304      $leaders_array = array();
 305  
 306      if($db->num_rows($query))
 307      {
 308          $loop = 1;
 309          $leaders = '';
 310          $leader_count = $db->num_rows($query);
 311          while($leader = $db->fetch_array($query))
 312          {
 313              $leader['username'] = htmlspecialchars_uni($leader['username']);
 314              $leader_name = format_name($leader['username'], $leader['usergroup'], $leader['displaygroup']);
 315              $leader_profile_link = build_profile_link($leader_name, $leader['uid']);
 316  
 317              $leaders_array[] = $leader['uid'];
 318  
 319              // Get commas...
 320              if($loop != $leader_count)
 321              {
 322                  $comma = $lang->comma;
 323              }
 324              else
 325              {
 326                  $comma = '';
 327              }
 328  
 329              ++$loop;
 330              eval("\$leaders .= \"".$templates->get("managegroup_leaders_bit")."\";");
 331          }
 332  
 333          eval("\$group_leaders = \"".$templates->get("managegroup_leaders")."\";");
 334      }
 335  
 336      switch($db->type)
 337      {
 338          case "pgsql":
 339          case "sqlite":
 340              $query = $db->simple_select("users", "*", "','||additionalgroups||',' LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username'));
 341              break;
 342          default:
 343              $query = $db->simple_select("users", "*", "CONCAT(',',additionalgroups,',') LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username'));
 344      }
 345  
 346      $numusers = $db->num_rows($query);
 347  
 348      $perpage = (int)$mybb->settings['membersperpage'];
 349      if($perpage < 1)
 350      {
 351          $perpage = 20;
 352      }
 353  
 354      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 355      if($page && $page > 0)
 356      {
 357          $start = ($page-1) * $perpage;
 358      }
 359      else
 360      {
 361          $start = 0;
 362          $page = 1;
 363      }
 364      $multipage = multipage($numusers, $perpage, $page, "managegroup.php?gid=".$gid);
 365  
 366      switch($db->type)
 367      {
 368          case "pgsql":
 369          case "sqlite":
 370              $query = $db->simple_select("users", "*", "','||additionalgroups||',' LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username', 'limit' => $perpage, 'limit_start' => $start));
 371              break;
 372          default:
 373              $query = $db->simple_select("users", "*", "CONCAT(',',additionalgroups,',') LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username', 'limit' => $perpage, 'limit_start' => $start));
 374      }
 375  
 376      $users = "";
 377      while($user = $db->fetch_array($query))
 378      {
 379          $altbg = alt_trow();
 380          $regdate = my_date('relative', $user['regdate']);
 381          $post = $user;
 382          $sendpm = $email = '';
 383          if($mybb->settings['enablepms'] == 1 && $post['receivepms'] != 0 && $mybb->usergroup['cansendpms'] == 1 && my_strpos(",".$post['ignorelist'].",", ",".$mybb->user['uid'].",") === false)
 384          {
 385              eval("\$sendpm = \"".$templates->get("postbit_pm")."\";");
 386          }
 387  
 388          if($user['hideemail'] != 1)
 389          {
 390              eval("\$email = \"".$templates->get("postbit_email")."\";");
 391          }
 392          else
 393          {
 394              $email = '';
 395          }
 396  
 397          $user['username'] = htmlspecialchars_uni($user['username']);
 398          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 399          $user['profilelink'] = build_profile_link($user['username'], $user['uid']);
 400          if(in_array($user['uid'], $leaders_array))
 401          {
 402              $leader = $lang->leader;
 403          }
 404          else
 405          {
 406              $leader = '';
 407          }
 408  
 409          // Checkbox for user management - only if current user is allowed
 410          $checkbox = '';
 411          if($groupleader['canmanagemembers'] == 1)
 412          {
 413              eval("\$checkbox = \"".$templates->get("managegroup_user_checkbox")."\";");
 414          }
 415  
 416          eval("\$users .= \"".$templates->get("managegroup_user")."\";");
 417      }
 418  
 419      if(!$users)
 420      {
 421          eval("\$users = \"".$templates->get("managegroup_no_users")."\";");
 422      }
 423  
 424      $add_user = '';
 425      $remove_users = '';
 426      if($groupleader['canmanagemembers'] == 1)
 427      {
 428          eval("\$add_user = \"".$templates->get("managegroup_adduser")."\";");
 429          eval("\$remove_users = \"".$templates->get("managegroup_removeusers")."\";");
 430      }
 431  
 432      if($usergroup['type'] == 5 && $groupleader['caninvitemembers'] == 1)
 433      {
 434          eval("\$invite_user = \"".$templates->get("managegroup_inviteuser")."\";");
 435      }
 436  
 437      $plugins->run_hooks("managegroup_end");
 438  
 439      eval("\$manageusers = \"".$templates->get("managegroup")."\";");
 440      output_page($manageusers);
 441  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1