| [ Index ] |
PHP Cross Reference of MyBB 1.8.38 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'managegroup.php'); 13 14 $templatelist = "managegroup_leaders_bit,managegroup_leaders,postbit_pm,postbit_email,managegroup_user_checkbox,managegroup_user,managegroup_adduser,managegroup_removeusers,managegroup,managegroup_joinrequests_request,managegroup_joinrequests"; 15 $templatelist .= ",managegroup_requestnote,managegroup_no_users,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start"; 16 17 require_once "./global.php"; 18 19 // Load language files 20 $lang->load("managegroup"); 21 22 $gid = $mybb->get_input('gid', MyBB::INPUT_INT); 23 if(!isset($groupscache[$gid])) 24 { 25 error($lang->invalid_group); 26 } 27 $usergroup = $groupscache[$gid]; 28 $lang->nav_group_management = $lang->sprintf($lang->nav_group_management, htmlspecialchars_uni($usergroup['title'])); 29 add_breadcrumb($lang->nav_group_memberships, "usercp.php?action=usergroups"); 30 add_breadcrumb($lang->nav_group_management, "managegroup.php?gid=$gid"); 31 32 $mybb->input['action'] = $mybb->get_input('action'); 33 34 if($mybb->input['action'] == "joinrequests") 35 { 36 add_breadcrumb($lang->nav_join_requests); 37 } 38 39 // Check that this user is actually a leader of this group 40 $query = $db->simple_select("groupleaders", "*", "uid='{$mybb->user['uid']}' AND gid='{$gid}'"); 41 $groupleader = $db->fetch_array($query); 42 43 if(!$groupleader && $mybb->usergroup['cancp'] != 1) 44 { 45 error($lang->not_leader_of_this_group); 46 } 47 48 if($mybb->input['action'] == "do_add" && $mybb->request_method == "post") 49 { 50 // Verify incoming POST request 51 verify_post_check($mybb->get_input('my_post_key')); 52 53 if($groupleader['canmanagemembers'] == 0) 54 { 55 error_no_permission(); 56 } 57 58 $plugins->run_hooks("managegroup_do_add_start"); 59 60 $options = array( 61 'fields' => array('additionalgroups', 'usergroup') 62 ); 63 64 $user = get_user_by_username($mybb->get_input('username'), $options); 65 66 if($user) 67 { 68 $additionalgroups = explode(',', $user['additionalgroups']); 69 if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups)) 70 { 71 join_usergroup($user['uid'], $gid); 72 $db->delete_query("joinrequests", "uid='{$user['uid']}' AND gid='{$gid}'"); 73 $plugins->run_hooks("managegroup_do_add_end"); 74 redirect("managegroup.php?gid=".$gid, $lang->user_added); 75 } 76 else 77 { 78 error($lang->error_alreadyingroup); 79 } 80 } 81 else 82 { 83 error($lang->error_invalidusername); 84 } 85 } 86 elseif($mybb->input['action'] == "do_invite" && $mybb->request_method == "post") 87 { 88 // Verify incoming POST request 89 verify_post_check($mybb->get_input('my_post_key')); 90 91 if($groupleader['caninvitemembers'] == 0) 92 { 93 error_no_permission(); 94 } 95 96 $plugins->run_hooks("managegroup_do_invite_start"); 97 98 $options = array( 99 'fields' => array('additionalgroups', 'usergroup', 'language') 100 ); 101 102 $user = get_user_by_username($mybb->get_input('inviteusername'), $options); 103 104 if($user) 105 { 106 $additionalgroups = explode(',', $user['additionalgroups']); 107 if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups)) 108 { 109 $query = $db->simple_select("joinrequests", "rid", "uid = '".(int)$user['uid']."' AND gid = '".(int)$gid."'", array("limit" => 1)); 110 $pendinginvite = $db->fetch_array($query); 111 if($pendinginvite) 112 { 113 error($lang->error_alreadyinvited); 114 } 115 else 116 { 117 $usergroups_cache = $cache->read('usergroups'); 118 $usergroup = $usergroups_cache[$gid]; 119 120 $joinrequest = array( 121 "uid" => $user['uid'], 122 "gid" => $usergroup['gid'], 123 "dateline" => TIME_NOW, 124 "invite" => 1 125 ); 126 $db->insert_query("joinrequests", $joinrequest); 127 128 $lang_var = 'invite_pm_message'; 129 if($mybb->settings['deleteinvites'] != 0) 130 { 131 $lang_var .= '_expires'; 132 } 133 134 $pm = array( 135 'subject' => array('invite_pm_subject', $usergroup['title']), 136 'message' => array($lang_var, $usergroup['title'], $mybb->settings['bburl'], $mybb->settings['deleteinvites']), 137 'touid' => $user['uid'], 138 'language' => $user['language'], 139 'language_file' => 'managegroup' 140 ); 141 142 send_pm($pm, $mybb->user['uid'], true); 143 144 $plugins->run_hooks("managegroup_do_invite_end"); 145 146 redirect("managegroup.php?gid=".$gid, $lang->user_invited); 147 } 148 } 149 else 150 { 151 error($lang->error_alreadyingroup); 152 } 153 } 154 else 155 { 156 error($lang->error_invalidusername); 157 } 158 } 159 elseif($mybb->input['action'] == "do_joinrequests" && $mybb->request_method == "post") 160 { 161 // Verify incoming POST request 162 verify_post_check($mybb->get_input('my_post_key')); 163 164 if($groupleader['canmanagerequests'] == 0) 165 { 166 error_no_permission(); 167 } 168 169 $plugins->run_hooks("managegroup_do_joinrequests_start"); 170 171 $uidin = null; 172 if(is_array($mybb->get_input('request', MyBB::INPUT_ARRAY))) 173 { 174 $uidin = array(); 175 foreach($mybb->get_input('request', MyBB::INPUT_ARRAY) as $uid => $what) 176 { 177 if($what == "accept") 178 { 179 join_usergroup($uid, $gid); 180 $uidin[] = (int)$uid; 181 } 182 elseif($what == "decline") 183 { 184 $uidin[] = (int)$uid; 185 } 186 } 187 } 188 if(is_array($uidin) && !empty($uidin)) 189 { 190 $uids = implode(",", $uidin); 191 $db->delete_query("joinrequests", "uid IN ({$uids}) AND gid='{$gid}'"); 192 } 193 194 $plugins->run_hooks("managegroup_do_joinrequests_end"); 195 196 redirect("managegroup.php?gid={$gid}", $lang->join_requests_moderated); 197 } 198 elseif($mybb->input['action'] == "joinrequests") 199 { 200 $users = $joinrequests = ''; 201 $plugins->run_hooks("managegroup_joinrequests_start"); 202 203 $query = $db->query(" 204 SELECT j.*, u.uid, u.username, u.postnum, u.regdate 205 FROM ".TABLE_PREFIX."joinrequests j 206 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=j.uid) 207 WHERE j.gid='{$gid}' AND j.uid != 0 208 ORDER BY u.username ASC 209 "); 210 while($user = $db->fetch_array($query)) 211 { 212 $user['reason'] = htmlspecialchars_uni($user['reason']); 213 $altbg = alt_trow(); 214 $regdate = my_date($mybb->settings['dateformat'], $user['regdate']); 215 $user['username'] = htmlspecialchars_uni($user['username']); 216 $user['profilelink'] = build_profile_link($user['username'], $user['uid']); 217 eval("\$users .= \"".$templates->get("managegroup_joinrequests_request")."\";"); 218 } 219 if(!$users) 220 { 221 error($lang->no_requests); 222 } 223 $lang->join_requests = $lang->sprintf($lang->join_requests_title, htmlspecialchars_uni($usergroup['title'])); 224 225 $plugins->run_hooks("managegroup_joinrequests_end"); 226 227 eval("\$joinrequests = \"".$templates->get("managegroup_joinrequests")."\";"); 228 output_page($joinrequests); 229 } 230 elseif($mybb->input['action'] == "do_manageusers" && $mybb->request_method == "post") 231 { 232 // Verify incoming POST request 233 verify_post_check($mybb->get_input('my_post_key')); 234 235 if($groupleader['canmanagemembers'] == 0) 236 { 237 error_no_permission(); 238 } 239 240 $users = $mybb->get_input('removeuser', MyBB::INPUT_ARRAY); 241 242 $plugins->run_hooks("managegroup_do_manageusers_start"); 243 244 if(!empty($users)) 245 { 246 foreach($users as $uid) 247 { 248 leave_usergroup($uid, $gid); 249 } 250 } 251 else 252 { 253 error($lang->no_users_selected); 254 } 255 256 $plugins->run_hooks("managegroup_do_manageusers_end"); 257 258 redirect("managegroup.php?gid={$gid}", $lang->users_removed); 259 } 260 else 261 { 262 $plugins->run_hooks("managegroup_start"); 263 264 $lang->members_of = $lang->sprintf($lang->members_of, htmlspecialchars_uni($usergroup['title'])); 265 $lang->add_member = $lang->sprintf($lang->add_member, htmlspecialchars_uni($usergroup['title'])); 266 $lang->invite_member = $lang->sprintf($lang->invite_member, htmlspecialchars_uni($usergroup['title'])); 267 $joinrequests = ''; 268 if($usergroup['type'] == 5) 269 { 270 $usergrouptype = $lang->group_public_invite; 271 } 272 elseif($usergroup['type'] == 4) 273 { 274 $query = $db->simple_select("joinrequests", "COUNT(*) AS req", "gid='{$gid}'"); 275 $numrequests = $db->fetch_array($query); 276 if($numrequests['req']) 277 { 278 $lang->num_requests_pending = $lang->sprintf($lang->num_requests_pending, $numrequests['req']); 279 eval("\$joinrequests = \"".$templates->get("managegroup_requestnote")."\";"); 280 } 281 $usergrouptype = $lang->group_public_moderated; 282 } 283 elseif($usergroup['type'] == 3) 284 { 285 $usergrouptype = $lang->group_public_not_moderated; 286 } 287 elseif($usergroup['type'] == 2) 288 { 289 $usergrouptype = $lang->group_private; 290 } 291 else 292 { 293 $usergrouptype = $lang->group_default; 294 } 295 296 $group_leaders = ''; 297 298 // Display group leaders (if there is any) 299 $query = $db->query(" 300 SELECT g.*, u.username, u.usergroup, u.displaygroup 301 FROM ".TABLE_PREFIX."groupleaders g 302 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid) 303 WHERE g.gid = '{$gid}' 304 "); 305 306 $leaders_array = array(); 307 308 if($db->num_rows($query)) 309 { 310 $loop = 1; 311 $leaders = ''; 312 $leader_count = $db->num_rows($query); 313 while($leader = $db->fetch_array($query)) 314 { 315 $leader['username'] = htmlspecialchars_uni($leader['username']); 316 $leader_name = format_name($leader['username'], $leader['usergroup'], $leader['displaygroup']); 317 $leader_profile_link = build_profile_link($leader_name, $leader['uid']); 318 319 $leaders_array[] = $leader['uid']; 320 321 // Get commas... 322 if($loop != $leader_count) 323 { 324 $comma = $lang->comma; 325 } 326 else 327 { 328 $comma = ''; 329 } 330 331 ++$loop; 332 eval("\$leaders .= \"".$templates->get("managegroup_leaders_bit")."\";"); 333 } 334 335 eval("\$group_leaders = \"".$templates->get("managegroup_leaders")."\";"); 336 } 337 338 switch($db->type) 339 { 340 case "pgsql": 341 case "sqlite": 342 $query = $db->simple_select("users", "*", "','||additionalgroups||',' LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username')); 343 break; 344 default: 345 $query = $db->simple_select("users", "*", "CONCAT(',',additionalgroups,',') LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username')); 346 } 347 348 $numusers = $db->num_rows($query); 349 350 $perpage = (int)$mybb->settings['membersperpage']; 351 if($perpage < 1) 352 { 353 $perpage = 20; 354 } 355 356 $page = $mybb->get_input('page', MyBB::INPUT_INT); 357 if($page && $page > 0) 358 { 359 $start = ($page-1) * $perpage; 360 $pages = ceil($numusers / $perpage); 361 if($page > $pages) 362 { 363 $start = 0; 364 $page = 1; 365 } 366 } 367 else 368 { 369 $start = 0; 370 $page = 1; 371 } 372 $multipage = multipage($numusers, $perpage, $page, "managegroup.php?gid=".$gid); 373 374 switch($db->type) 375 { 376 case "pgsql": 377 case "sqlite": 378 $query = $db->simple_select("users", "*", "','||additionalgroups||',' LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username', 'limit' => $perpage, 'limit_start' => $start)); 379 break; 380 default: 381 $query = $db->simple_select("users", "*", "CONCAT(',',additionalgroups,',') LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username', 'limit' => $perpage, 'limit_start' => $start)); 382 } 383 384 $removeable_count = 0; 385 $users = ""; 386 while($user = $db->fetch_array($query)) 387 { 388 $altbg = alt_trow(); 389 $regdate = my_date('relative', $user['regdate']); 390 $post = $user; 391 $sendpm = $email = ''; 392 if($mybb->settings['enablepms'] == 1 && $post['receivepms'] != 0 && $mybb->usergroup['cansendpms'] == 1 && my_strpos(",".$post['ignorelist'].",", ",".$mybb->user['uid'].",") === false) 393 { 394 eval("\$sendpm = \"".$templates->get("postbit_pm")."\";"); 395 } 396 397 if($user['hideemail'] != 1) 398 { 399 eval("\$email = \"".$templates->get("postbit_email")."\";"); 400 } 401 else 402 { 403 $email = ''; 404 } 405 406 $user['username'] = htmlspecialchars_uni($user['username']); 407 $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']); 408 $user['profilelink'] = build_profile_link($user['username'], $user['uid']); 409 if(in_array($user['uid'], $leaders_array)) 410 { 411 $leader = $lang->leader; 412 } 413 else 414 { 415 $leader = ''; 416 } 417 418 // Checkbox for user management - only if current user is allowed 419 $checkbox = $disabled = ''; 420 if($user['usergroup'] == $gid) 421 { 422 $disabled = 'disabled="disabled"'; 423 } 424 else 425 { 426 ++$removeable_count; 427 } 428 429 if($groupleader['canmanagemembers'] == 1) 430 { 431 eval("\$checkbox = \"".$templates->get("managegroup_user_checkbox")."\";"); 432 } 433 434 eval("\$users .= \"".$templates->get("managegroup_user")."\";"); 435 } 436 437 if(!$users) 438 { 439 eval("\$users = \"".$templates->get("managegroup_no_users")."\";"); 440 } 441 442 $add_user = $remove_users = $invite_user = ''; 443 444 if($groupleader['canmanagemembers'] == 1) 445 { 446 eval("\$add_user = \"".$templates->get("managegroup_adduser")."\";"); 447 if($removeable_count) 448 { 449 eval("\$remove_users = \"".$templates->get("managegroup_removeusers")."\";"); 450 } 451 } 452 453 if($usergroup['type'] == 5 && $groupleader['caninvitemembers'] == 1) 454 { 455 eval("\$invite_user = \"".$templates->get("managegroup_inviteuser")."\";"); 456 } 457 458 $plugins->run_hooks("managegroup_end"); 459 460 eval("\$manageusers = \"".$templates->get("managegroup")."\";"); 461 output_page($manageusers); 462 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |