[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/ -> managegroup.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'managegroup.php');
  13  
  14  $templatelist = "managegroup_leaders_bit,managegroup_leaders,postbit_pm,postbit_email,managegroup_user_checkbox,managegroup_user,managegroup_adduser,managegroup_removeusers,managegroup,managegroup_joinrequests_request,managegroup_joinrequests";
  15  $templatelist .= ",managegroup_requestnote,managegroup_no_users,multipage,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  16  
  17  require_once  "./global.php";
  18  
  19  // Load language files
  20  $lang->load("managegroup");
  21  
  22  $gid = $mybb->get_input('gid', MyBB::INPUT_INT);
  23  if(!isset($groupscache[$gid]))
  24  {
  25      error($lang->invalid_group);
  26  }
  27  $usergroup = $groupscache[$gid];
  28  $lang->nav_group_management = $lang->sprintf($lang->nav_group_management, htmlspecialchars_uni($usergroup['title']));
  29  add_breadcrumb($lang->nav_group_memberships, "usercp.php?action=usergroups");
  30  add_breadcrumb($lang->nav_group_management, "managegroup.php?gid=$gid");
  31  
  32  $mybb->input['action'] = $mybb->get_input('action');
  33  
  34  if($mybb->input['action'] == "joinrequests")
  35  {
  36      add_breadcrumb($lang->nav_join_requests);
  37  }
  38  
  39  // Check that this user is actually a leader of this group
  40  $query = $db->simple_select("groupleaders", "*", "uid='{$mybb->user['uid']}' AND gid='{$gid}'");
  41  $groupleader = $db->fetch_array($query);
  42  
  43  if(!$groupleader && $mybb->usergroup['cancp'] != 1)
  44  {
  45      error($lang->not_leader_of_this_group);
  46  }
  47  
  48  if($mybb->input['action'] == "do_add" && $mybb->request_method == "post")
  49  {
  50      // Verify incoming POST request
  51      verify_post_check($mybb->get_input('my_post_key'));
  52  
  53      if($groupleader['canmanagemembers'] == 0)
  54      {
  55          error_no_permission();
  56      }
  57  
  58      $plugins->run_hooks("managegroup_do_add_start");
  59  
  60      $options = array(
  61          'fields' => array('additionalgroups', 'usergroup')
  62      );
  63  
  64      $user = get_user_by_username($mybb->get_input('username'), $options);
  65  
  66      if($user)
  67      {
  68          $additionalgroups = explode(',', $user['additionalgroups']);
  69          if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups))
  70          {
  71              join_usergroup($user['uid'], $gid);
  72              $db->delete_query("joinrequests", "uid='{$user['uid']}' AND gid='{$gid}'");
  73              $plugins->run_hooks("managegroup_do_add_end");
  74              redirect("managegroup.php?gid=".$gid, $lang->user_added);
  75          }
  76          else
  77          {
  78              error($lang->error_alreadyingroup);
  79          }
  80      }
  81      else
  82      {
  83          error($lang->error_invalidusername);
  84      }
  85  }
  86  elseif($mybb->input['action'] == "do_invite" && $mybb->request_method == "post")
  87  {
  88      // Verify incoming POST request
  89      verify_post_check($mybb->get_input('my_post_key'));
  90  
  91      if($groupleader['caninvitemembers'] == 0)
  92      {
  93          error_no_permission();
  94      }
  95  
  96      $plugins->run_hooks("managegroup_do_invite_start");
  97  
  98      $options = array(
  99          'fields' => array('additionalgroups', 'usergroup', 'language')
 100      );
 101  
 102      $user = get_user_by_username($mybb->get_input('inviteusername'), $options);
 103  
 104      if($user)
 105      {
 106          $additionalgroups = explode(',', $user['additionalgroups']);
 107          if($user['usergroup'] != $gid && !in_array($gid, $additionalgroups))
 108          {
 109              $query = $db->simple_select("joinrequests", "rid", "uid = '".(int)$user['uid']."' AND gid = '".(int)$gid."'", array("limit" => 1));
 110              $pendinginvite = $db->fetch_array($query);
 111              if($pendinginvite)
 112              {
 113                  error($lang->error_alreadyinvited);
 114              }
 115              else
 116              {
 117                  $usergroups_cache = $cache->read('usergroups');
 118                  $usergroup = $usergroups_cache[$gid];
 119  
 120                  $joinrequest = array(
 121                      "uid" => $user['uid'],
 122                      "gid" => $usergroup['gid'],
 123                      "dateline" => TIME_NOW,
 124                      "invite" => 1
 125                  );
 126                  $db->insert_query("joinrequests", $joinrequest);
 127  
 128                  $lang_var = 'invite_pm_message';
 129                  if($mybb->settings['deleteinvites'] != 0)
 130                  {
 131                      $lang_var .= '_expires';
 132                  }
 133  
 134                  $pm = array(
 135                      'subject' => array('invite_pm_subject', $usergroup['title']),
 136                      'message' => array($lang_var, $usergroup['title'], $mybb->settings['bburl'], $mybb->settings['deleteinvites']),
 137                      'touid' => $user['uid'],
 138                      'language' => $user['language'],
 139                      'language_file' => 'managegroup'
 140                  );
 141  
 142                  send_pm($pm, $mybb->user['uid'], true);
 143  
 144                  $plugins->run_hooks("managegroup_do_invite_end");
 145  
 146                  redirect("managegroup.php?gid=".$gid, $lang->user_invited);
 147              }
 148          }
 149          else
 150          {
 151              error($lang->error_alreadyingroup);
 152          }
 153      }
 154      else
 155      {
 156          error($lang->error_invalidusername);
 157      }
 158  }
 159  elseif($mybb->input['action'] == "do_joinrequests" && $mybb->request_method == "post")
 160  {
 161      // Verify incoming POST request
 162      verify_post_check($mybb->get_input('my_post_key'));
 163  
 164      if($groupleader['canmanagerequests'] == 0)
 165      {
 166          error_no_permission();
 167      }
 168  
 169      $plugins->run_hooks("managegroup_do_joinrequests_start");
 170  
 171      $uidin = null;
 172      if(is_array($mybb->get_input('request', MyBB::INPUT_ARRAY)))
 173      {
 174          $uidin = array();
 175          foreach($mybb->get_input('request', MyBB::INPUT_ARRAY) as $uid => $what)
 176          {
 177              if($what == "accept")
 178              {
 179                  join_usergroup($uid, $gid);
 180                  $uidin[] = (int)$uid;
 181              }
 182              elseif($what == "decline")
 183              {
 184                  $uidin[] = (int)$uid;
 185              }
 186          }
 187      }
 188      if(is_array($uidin) && !empty($uidin))
 189      {
 190          $uids = implode(",", $uidin);
 191          $db->delete_query("joinrequests", "uid IN ({$uids}) AND gid='{$gid}'");
 192      }
 193  
 194      $plugins->run_hooks("managegroup_do_joinrequests_end");
 195  
 196      redirect("managegroup.php?gid={$gid}", $lang->join_requests_moderated);
 197  }
 198  elseif($mybb->input['action'] == "joinrequests")
 199  {
 200      $users = $joinrequests = '';
 201      $plugins->run_hooks("managegroup_joinrequests_start");
 202  
 203      $query = $db->query("
 204          SELECT j.*, u.uid, u.username, u.postnum, u.regdate
 205          FROM ".TABLE_PREFIX."joinrequests j
 206          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=j.uid)
 207          WHERE j.gid='{$gid}' AND j.uid != 0
 208          ORDER BY u.username ASC
 209      ");
 210      while($user = $db->fetch_array($query))
 211      {
 212          $user['reason'] = htmlspecialchars_uni($user['reason']);
 213          $altbg = alt_trow();
 214          $regdate = my_date($mybb->settings['dateformat'], $user['regdate']);
 215          $user['username'] = htmlspecialchars_uni($user['username']);
 216          $user['profilelink'] = build_profile_link($user['username'], $user['uid']);
 217          eval("\$users .= \"".$templates->get("managegroup_joinrequests_request")."\";");
 218      }
 219      if(!$users)
 220      {
 221          error($lang->no_requests);
 222      }
 223      $lang->join_requests = $lang->sprintf($lang->join_requests_title, htmlspecialchars_uni($usergroup['title']));
 224  
 225      $plugins->run_hooks("managegroup_joinrequests_end");
 226  
 227      eval("\$joinrequests = \"".$templates->get("managegroup_joinrequests")."\";");
 228      output_page($joinrequests);
 229  }
 230  elseif($mybb->input['action'] == "do_manageusers" && $mybb->request_method == "post")
 231  {
 232      // Verify incoming POST request
 233      verify_post_check($mybb->get_input('my_post_key'));
 234  
 235      if($groupleader['canmanagemembers'] == 0)
 236      {
 237          error_no_permission();
 238      }
 239  
 240      $users = $mybb->get_input('removeuser', MyBB::INPUT_ARRAY);
 241  
 242      $plugins->run_hooks("managegroup_do_manageusers_start");
 243  
 244      if(!empty($users))
 245      {
 246          foreach($users as $uid)
 247          {
 248              leave_usergroup($uid, $gid);
 249          }
 250      }
 251      else
 252      {
 253          error($lang->no_users_selected);
 254      }
 255  
 256      $plugins->run_hooks("managegroup_do_manageusers_end");
 257  
 258      redirect("managegroup.php?gid={$gid}", $lang->users_removed);
 259  }
 260  else
 261  {
 262      $plugins->run_hooks("managegroup_start");
 263  
 264      $lang->members_of = $lang->sprintf($lang->members_of, htmlspecialchars_uni($usergroup['title']));
 265      $lang->add_member = $lang->sprintf($lang->add_member, htmlspecialchars_uni($usergroup['title']));
 266      $lang->invite_member = $lang->sprintf($lang->invite_member, htmlspecialchars_uni($usergroup['title']));
 267      $joinrequests = '';
 268      if($usergroup['type'] == 5)
 269      {
 270          $usergrouptype = $lang->group_public_invite;
 271      }
 272      elseif($usergroup['type'] == 4)
 273      {
 274          $query = $db->simple_select("joinrequests", "COUNT(*) AS req", "gid='{$gid}'");
 275          $numrequests = $db->fetch_array($query);
 276          if($numrequests['req'])
 277          {
 278              $lang->num_requests_pending = $lang->sprintf($lang->num_requests_pending, $numrequests['req']);
 279              eval("\$joinrequests = \"".$templates->get("managegroup_requestnote")."\";");
 280          }
 281          $usergrouptype = $lang->group_public_moderated;
 282      }
 283      elseif($usergroup['type'] == 3)
 284      {
 285          $usergrouptype = $lang->group_public_not_moderated;
 286      }
 287      elseif($usergroup['type'] == 2)
 288      {
 289          $usergrouptype = $lang->group_private;
 290      }
 291      else
 292      {
 293          $usergrouptype = $lang->group_default;
 294      }
 295  
 296      $group_leaders = '';
 297  
 298      // Display group leaders (if there is any)
 299      $query = $db->query("
 300          SELECT g.*, u.username, u.usergroup, u.displaygroup
 301          FROM ".TABLE_PREFIX."groupleaders g
 302          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=g.uid)
 303          WHERE g.gid = '{$gid}'
 304      ");
 305  
 306      $leaders_array = array();
 307  
 308      if($db->num_rows($query))
 309      {
 310          $loop = 1;
 311          $leaders = '';
 312          $leader_count = $db->num_rows($query);
 313          while($leader = $db->fetch_array($query))
 314          {
 315              $leader['username'] = htmlspecialchars_uni($leader['username']);
 316              $leader_name = format_name($leader['username'], $leader['usergroup'], $leader['displaygroup']);
 317              $leader_profile_link = build_profile_link($leader_name, $leader['uid']);
 318  
 319              $leaders_array[] = $leader['uid'];
 320  
 321              // Get commas...
 322              if($loop != $leader_count)
 323              {
 324                  $comma = $lang->comma;
 325              }
 326              else
 327              {
 328                  $comma = '';
 329              }
 330  
 331              ++$loop;
 332              eval("\$leaders .= \"".$templates->get("managegroup_leaders_bit")."\";");
 333          }
 334  
 335          eval("\$group_leaders = \"".$templates->get("managegroup_leaders")."\";");
 336      }
 337  
 338      switch($db->type)
 339      {
 340          case "pgsql":
 341          case "sqlite":
 342              $query = $db->simple_select("users", "*", "','||additionalgroups||',' LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username'));
 343              break;
 344          default:
 345              $query = $db->simple_select("users", "*", "CONCAT(',',additionalgroups,',') LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username'));
 346      }
 347  
 348      $numusers = $db->num_rows($query);
 349  
 350      $perpage = (int)$mybb->settings['membersperpage'];
 351      if($perpage < 1)
 352      {
 353          $perpage = 20;
 354      }
 355  
 356      $page = $mybb->get_input('page', MyBB::INPUT_INT);
 357      if($page && $page > 0)
 358      {
 359          $start = ($page-1) * $perpage;
 360          $pages = ceil($numusers / $perpage);
 361          if($page > $pages)
 362          {
 363              $start = 0;
 364              $page = 1;
 365          }
 366      }
 367      else
 368      {
 369          $start = 0;
 370          $page = 1;
 371      }
 372      $multipage = multipage($numusers, $perpage, $page, "managegroup.php?gid=".$gid);
 373  
 374      switch($db->type)
 375      {
 376          case "pgsql":
 377          case "sqlite":
 378              $query = $db->simple_select("users", "*", "','||additionalgroups||',' LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username', 'limit' => $perpage, 'limit_start' => $start));
 379              break;
 380          default:
 381              $query = $db->simple_select("users", "*", "CONCAT(',',additionalgroups,',') LIKE '%,{$gid},%' OR usergroup='{$gid}'", array('order_by' => 'username', 'limit' => $perpage, 'limit_start' => $start));
 382      }
 383  
 384      $removeable_count = 0;
 385      $users = "";
 386      while($user = $db->fetch_array($query))
 387      {
 388          $altbg = alt_trow();
 389          $regdate = my_date('relative', $user['regdate']);
 390          $post = $user;
 391          $sendpm = $email = '';
 392          if($mybb->settings['enablepms'] == 1 && $post['receivepms'] != 0 && $mybb->usergroup['cansendpms'] == 1 && my_strpos(",".$post['ignorelist'].",", ",".$mybb->user['uid'].",") === false)
 393          {
 394              eval("\$sendpm = \"".$templates->get("postbit_pm")."\";");
 395          }
 396  
 397          if($user['hideemail'] != 1)
 398          {
 399              eval("\$email = \"".$templates->get("postbit_email")."\";");
 400          }
 401          else
 402          {
 403              $email = '';
 404          }
 405  
 406          $user['username'] = htmlspecialchars_uni($user['username']);
 407          $user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 408          $user['profilelink'] = build_profile_link($user['username'], $user['uid']);
 409          if(in_array($user['uid'], $leaders_array))
 410          {
 411              $leader = $lang->leader;
 412          }
 413          else
 414          {
 415              $leader = '';
 416          }
 417  
 418          // Checkbox for user management - only if current user is allowed
 419          $checkbox = $disabled = '';
 420          if($user['usergroup'] == $gid)
 421          {
 422              $disabled = 'disabled="disabled"';
 423          }
 424          else
 425          {
 426              ++$removeable_count;
 427          }
 428  
 429          if($groupleader['canmanagemembers'] == 1)
 430          {
 431              eval("\$checkbox = \"".$templates->get("managegroup_user_checkbox")."\";");
 432          }
 433  
 434          eval("\$users .= \"".$templates->get("managegroup_user")."\";");
 435      }
 436  
 437      if(!$users)
 438      {
 439          eval("\$users = \"".$templates->get("managegroup_no_users")."\";");
 440      }
 441  
 442      $add_user = $remove_users = $invite_user = '';
 443  
 444      if($groupleader['canmanagemembers'] == 1)
 445      {
 446          eval("\$add_user = \"".$templates->get("managegroup_adduser")."\";");
 447          if($removeable_count)
 448          {
 449              eval("\$remove_users = \"".$templates->get("managegroup_removeusers")."\";");
 450          }
 451      }
 452  
 453      if($usergroup['type'] == 5 && $groupleader['caninvitemembers'] == 1)
 454      {
 455          eval("\$invite_user = \"".$templates->get("managegroup_inviteuser")."\";");
 456      }
 457  
 458      $plugins->run_hooks("managegroup_end");
 459  
 460      eval("\$manageusers = \"".$templates->get("managegroup")."\";");
 461      output_page($manageusers);
 462  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref