00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060 function globalSettingsForm()
00061 {
00062 global $ICONS;
00063 $globalform=<<<globalform
00064 <style>
00065 #tabBar {
00066 display: none;
00067 }
00068 </style>
00069 <script type="text/javascript">
00070 total = 4;
00071 function showOption(num) {
00072 for(i=1;i<=total;i++)
00073 document.getElementById('globaloption'+i).style.display="none";
00074 document.getElementById('globaloption'+num).style.display="block";
00075 }
00076 window.onload=function() {
00077 for(i=1;i<=total;i++)
00078 document.getElementById('globaloption'+i).style.display="none";
00079 showOption(1);
00080 document.getElementById('tabBar').style.display="block";
00081 }
00082 </script>
00083 <fieldset>
00084 <legend>{$ICONS['Global Settings']['small']}Global Settings</legend>
00085 <div id="tabBar">
00086 <table style="width:100%">
00087 <tr>
00088 <td id="subaction" style="width:35%"><a onclick="showOption(1);"><Button>Website Information</Button></td>
00089 <td style="width:35%"><a onclick="showOption(2);"><Button>Template and Navigation</Button></td>
00090 <td style="width:35%"><a onclick="showOption(3);"><Button>Email and Registrations</Button></td>
00091 <td style="width:35%"><a onclick="showOption(4);"><Button>Security and Maintainence</Button></td>
00092 </tr>
00093 </table>
00094 </div>
00095 globalform;
00096 return $globalform."<form method='POST' action='./+admin&subaction=global'><div id=\"globaloption1\">".websiteInfoSettingsForm()."</div><div id=\"globaloption2\">".templateSettingsForm()."</div><div id=\"globaloption3\">".registrationsSettingsForm()."</div><div id=\"globaloption4\">".securitySettingsForm()."</div><input type='hidden' name='update_global_settings' /><input type='submit' value='Update' /><input type='button' value='Cancel' onclick=\"window.open('./+view','_top')\" /></form></fieldset>";
00097 }
00098
00099 function websiteInfoSettingsForm()
00100 {
00101 global $pageFullPath;
00102 global $CMSTEMPLATE;
00103 global $urlRequestRoot,$templateFolder,$cmsFolder;
00104 $globals=getGlobalSettings();
00105 foreach($globals as $var=>$val)
00106 $$var=$val;
00107 $globalform=<<<globalform
00108 <table style="width:100%">
00109 <tr>
00110 <td style="width:35%">Website Name :</td>
00111 <td style="width:65%"><input type="text" name='cms_title' value="$cms_title"></td>
00112 </tr>
00113 <tr>
00114 <td>Site Description :</td>
00115 <td><textarea style="width:98%" rows=10 cols=10 name='cms_desc' />$cms_desc</textarea></td>
00116 </tr>
00117 <tr>
00118 <td>Site Keywords (comma-separated) :</td>
00119 <td><input type="text" name='cms_keywords' value='$cms_keywords'></td>
00120 </tr>
00121 <tr>
00122 <td>Site Footer :</td>
00123 <td><textarea style="width:98%" rows=10 cols=10 name='cms_footer' />$cms_footer</textarea></td>
00124 </tr>
00125 </table>
00126 globalform;
00127 return $globalform;
00128 }
00129 function templateSettingsForm()
00130 {
00131 global $pageFullPath;
00132 global $CMSTEMPLATE;
00133 global $urlRequestRoot,$templateFolder,$cmsFolder;
00134 $globals=getGlobalSettings();
00135 foreach($globals as $var=>$val)
00136 $$var=$val;
00137 $templates = getAvailableTemplates();
00138 $allow_pagespecific_header=$allow_pagespecific_header==0?"":"checked";
00139 $allow_pagespecific_template=$allow_pagespecific_template==0?"":"checked";
00140
00141 $globalform=<<<globalform
00142 <table style="width:100%">
00143 <tr>
00144 <td>Default template :</td>
00145 <td><select name='default_template'>
00146 globalform;
00147
00148
00149 for($i=0; $i<count($templates); $i++)
00150 {
00151 if($templates[$i]==DEF_TEMPLATE)
00152 $globalform.="<option value='".$templates[$i]."' selected >".ucwords($templates[$i])."</option>";
00153 else
00154 $globalform.="<option value='".$templates[$i]."' >".ucwords($templates[$i])."</option>";
00155 }
00156
00157 $globalform.=<<<globalform
00158 </select>
00159 </td>
00160 </tr>
00161 <tr>
00162 <td>Allow Page-specific Template ?</td>
00163 <td><input name='allow_page_template' type='checkbox' $allow_pagespecific_template></td>
00164 </tr>
00165 <tr>
00166 <td>Allow Page-specific Headers ?</td>
00167 <td><input name='allow_page_header' type='checkbox' $allow_pagespecific_header></td>
00168 </tr>
00169
00170 <tr>
00171 <td>Show Breadcrumbs Submenu ?</td>
00172 <td><input name='breadcrumb_submenu' type='checkbox' $breadcrumb_submenu></td>
00173 </tr>
00174 </table>
00175 globalform;
00176 return $globalform;
00177 }
00178
00179 function registrationsSettingsForm()
00180 {
00181 global $pageFullPath;
00182 global $CMSTEMPLATE;
00183 global $urlRequestRoot,$templateFolder,$cmsFolder;
00184 $globals=getGlobalSettings();
00185 foreach($globals as $var=>$val)
00186 $$var=$val;
00187 $activate_useronreg=$default_user_activate==0?"":"checked";
00188 $default_mailverify=$default_mail_verify==0?"":"checked";
00189 $breadcrumb_submenu=$breadcrumb_submenu==0?"":"checked";
00190 $allow_login=$allow_login==0?"":"checked";
00191
00192
00193 $globalform=<<<globalform
00194 <table style="width:100%">
00195 <tr>
00196 <td>Send Mail on Registration ?</td>
00197 <td><input name='send_mail_on_reg' type='checkbox' $default_mailverify></td>
00198 </tr>
00199 <tr>
00200 <td>Website Email :</td>
00201 <td><input type="text" name='cms_email' value='$cms_email'></td>
00202 </tr>
00203
00204 <tr>
00205 <td>Activate User On Registration ?</td>
00206 <td><input name='activate_useronreg' type='checkbox' $activate_useronreg></td>
00207 </tr>
00208 <tr>
00209 <td>Allow Users to Login/Register ?</td>
00210 <td><input name='allow_login' type='checkbox' $allow_login></td>
00211 </tr>
00212 </table>
00213 globalform;
00214 return $globalform;
00215 }
00216
00217
00218 function securitySettingsForm()
00219 {
00220 global $pageFullPath;
00221 global $CMSTEMPLATE;
00222 global $urlRequestRoot,$templateFolder,$cmsFolder;
00223 $globals=getGlobalSettings();
00224 foreach($globals as $var=>$val)
00225 $$var=$val;
00226 $openidno_ischecked=($openid_enabled=='false')?'checked':'';
00227 $openidyes_ischecked=($openid_enabled=='false')?'':'checked';
00228 $recapt_ischecked=($recaptcha=='1')?'checked':'';
00229 $globalform=<<<globalform
00230 <table style="width:100%">
00231 <tr>
00232 <td style="width:35%">Upload Limit (bytes) </td>
00233 <td style="width:"65%"><input type="text" name='upload_limit' value='$upload_limit'></td>
00234 </tr>
00235 <tr>
00236 <td>Site Reindex Frequency (days) </td>
00237 <td><input type="text" name='reindex_frequency' value='$reindex_frequency'></td>
00238 </tr>
00239 <tr>
00240 <td><label for="optEnableOpenID">Enable OpenID?</label></td>
00241 <td>
00242 <labe><input type="radio" name="openid_enabled" id="optEnableOpenIDNo" value="false" $openidno_ischecked />No</label>
00243 <label><input type="radio" name="openid_enabled" id="optEnableOpenIDYes" value="true" $openidyes_ischecked />Yes</label>
00244 </td>
00245 </tr>
00246 <tr>
00247 <td>Censor Words (use | to seperate the words. Please dont use spaces) </td>
00248 <td><textarea style="width:98%" rows=10 cols=10 name='censor_words' />$censor_words</textarea></td>
00249 </tr>
00250 <tr>
00251 <td>Use ReCAPTCHA ?</td>
00252 <td>
00253 <label><input type="checkbox" name="recaptcha_enable" id="recaptcha_enable" value="Yes" $recapt_ischecked/>Yes</label>
00254 </td>
00255 </tr>
00256 <tr>
00257 <td><label for="public_key">ReCAPTCHA Public Key:</label></td>
00258 <td><input type="text" id="public_key" name="public_key" value='$recaptcha_public' /></td>
00259 </tr>
00260 <tr>
00261 <td><label for="private_key">ReCAPTCHA Private Key:</label></td>
00262 <td><input type="text" id="private_key" name="private_key" value='$recaptcha_private' /></td>
00263 </tr>
00264 </table>
00265 globalform;
00266 return $globalform;
00267 }
00268
00269
00270
00271
00272 function extension($file) {
00273 $start = strrpos($file,".");
00274 $len = strlen($file);
00275 return substr($file,$start,$len-$start);
00276 }
00277
00278 function delDir($dirname) {
00279 if (is_dir($dirname))
00280 $dir_handle = opendir($dirname);
00281 if (!isset($dir_handle) || !$dir_handle)
00282 return false;
00283 while($file = readdir($dir_handle)) {
00284 if ($file != "." && $file != "..") {
00285 if (!is_dir($dirname."/".$file))
00286 unlink($dirname."/".$file);
00287 else
00288 delDir($dirname.'/'.$file);
00289 }
00290 }
00291 closedir($dir_handle);
00292 rmdir($dirname);
00293 return true;
00294 }
00295
00296 function getSuggestions($pattern) {
00297 $suggestionsQuery = "SELECT IF(user_email LIKE \"$pattern%\", 1, " .
00298 "IF(`user_fullname` LIKE \"$pattern%\", 2, " .
00299 "IF(`user_fullname` LIKE \"% $pattern%\", 3, " .
00300 "IF(`user_email` LIKE \"%$pattern%\", 4, " .
00301 "IF(`user_fullname` LIKE \"%$pattern%\", 5, 6" .
00302 "))))) AS `relevance`, `user_email`, `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE " .
00303 " `user_activated`=1 AND(`user_email` LIKE \"%$pattern%\" OR `user_fullname` LIKE \"%$pattern%\" ) ORDER BY `relevance`";
00304
00305 $suggestionsResult = mysql_query($suggestionsQuery);
00306
00307 $suggestions = array($pattern);
00308
00309 while($suggestionsRow = mysql_fetch_row($suggestionsResult)) {
00310 $suggestions[] = $suggestionsRow[1] . ' - ' . $suggestionsRow[2];
00311 }
00312
00313 return join($suggestions, ',');
00314 }
00315
00316 function admin($pageid, $userid) {
00317
00318 if(isset($_GET['doaction']) && $_GET['doaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
00319 if(strlen($_GET['forwhat']) >= 3) {
00320 echo getSuggestions($_GET['forwhat']);
00321 disconnect();
00322 exit();
00323 }
00324 }
00325 global $urlRequestRoot,$templateFolder,$cmsFolder,$ICONS;
00326 if(isset($_GET['indexsite'])) {
00327 global $sourceFolder;
00328 require("$sourceFolder/modules/search/admin/spider.php");
00329 if($_GET['indexsite'] == 1) {
00330 $serveruri=$_SERVER['SCRIPT_NAME'];
00331 $uri=substr($serveruri,0,stripos($serveruri,"index.php"));
00332 $site = "http://" . $_SERVER['HTTP_HOST'] . $uri . "home/";
00333 index_site($site, 0, -1, 'full', "", "+\n&", 0);
00334 displayinfo("Index for site created");
00335 } else {
00336 index_all();
00337 }
00338 }
00339
00340 $result = mysql_fetch_array(mysql_query("SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'reindex_frequency'"));
00341 if($result != NULL)
00342 $threshold = $result['value'];
00343 else
00344 $threshold = 30;
00345 $result = mysql_fetch_array(mysql_query("SELECT to_days(CURRENT_TIMESTAMP)-to_days(`indexdate`) AS 'diff' FROM `sites` WHERE `url` LIKE '%home%'"));
00346
00347 if($result == NULL)
00348 displayinfo("It seems the site doesn't have index for the search to work. Click <a href='./+admin&indexsite=1'>here</a> to index the site.");
00349 else if($result['diff'] > $threshold)
00350 displayinfo("Your site index was created {$result['diff']} days before. Click <a href='./+admin&indexsite=2'>here</a> to reindex your site.");
00351
00352 $quicklinks = <<<ADMINPAGE
00353 <fieldset>
00354 <legend>{$ICONS['Website Administration']['small']}Website Administration</legend>
00355 <a name='quicklinks'></a>
00356 <table class="iconspanel">
00357 <tr>
00358 <td><a href="./+admin&subaction=global"><div>{$ICONS['Global Settings']['large']}<br/>Global Settings</div></a></td>
00359 <td><a href="./+admin&subaction=template"><div>{$ICONS['Templates Management']['large']}<br/>Templates Management</div></a></td>
00360 <td><a href="./+admin&subaction=module"><div>{$ICONS['Modules Management']['large']}<br/>Module Management</div></a></td>
00361 <td><a href="./+admin&subaction=widgets"><div>{$ICONS['Widgets']['large']}<br/>Widgets Management</div></a></td>
00362 </tr>
00363 <tr>
00364 <td><a href="./+admin&subaction=icon"><div>{$ICONS['Icons']['large']}<br/>Icons Management</div></a></td>
00365 <td><a href="./+admin&subaction=email"><div>{$ICONS['Email Registrants']['large']}<br/>Email Registrants</div></a></td>
00366 <td><a href="./+admin&subaction=editgroups"><div>{$ICONS['User Groups']['large']}<br/>Group Management</div></a></td>
00367 <td><a href="./+admin&subaction=expert"><div>{$ICONS['Site Maintenance']['large']}<br/>Site Maintenance</div></a></td>
00368 </tr>
00369 <tr>
00370
00371 <td colspan=2><a href="./+admin&subaction=useradmin"><div>{$ICONS['User Management']['large']}<br/>User Management</div></a></td>
00372 <td colspan=2><a href="./+admin&subaction=editprofileform"><div>{$ICONS['User Profile']['large']}<br/>User Profiles</div></a></td>
00373 </tr>
00374
00375 </table>
00376 </fieldset>
00377 ADMINPAGE;
00378 if(isset($_GET['subaction'])) {
00379 require_once("email.lib.php");
00380 if($_GET['subaction'] == "email")
00381 return displayEmail().$quicklinks;
00382 else if($_GET['subaction'] == "openemail")
00383 return displayEmail(escape($_GET['name'])).$quicklinks;
00384 else if($_GET['subaction'] == "emailsend") {
00385 sendEmail();
00386 return displayEmail(escape($_POST['emailtemplates'])).$quicklinks;
00387 }
00388 else if($_GET['subaction'] == "emailsave") {
00389 saveEmail();
00390 return displayEmail(escape($_POST['emailtemplates'])).$quicklinks ;
00391 }
00392 }
00393 if(isset($_GET['subaction']) && ($_GET['subaction']=='module'||$_GET['subaction']=='template')) {
00394 $type = escape($_GET['subaction']);
00395 if($type=='module')
00396 displaywarning("Module Installation/Uninstallation has the potential to completely bring down the CMS, so Install only modules from trusted source");
00397 require_once("module.lib.php");
00398 require_once("template.lib.php");
00399 $type = ucfirst($type);
00400 $function = "handle{$type}Management";
00401 $op = $function();
00402 if($op != "") return $op.$quicklinks;
00403 return managementForm($type).$quicklinks;
00404 }
00405 global $sourceFolder;
00406 if(!isset($_GET['subaction']) && !isset($_GET['subsubaction'])) return $quicklinks;
00407 require_once("users.lib.php");
00408 $op="";$ophead=""; $str="";
00409
00410
00411
00412
00413 if (isset($_GET['subaction'])||isset($_GET['subsubaction'])||isset ($_GET['id'])||isset ($_GET['movePermId'])||isset ($_GET['module'])) {
00414
00415 if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_POST['update_global_settings']))
00416 updateGlobalSettings();
00417
00418 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'useradmin')
00419 {
00420 $op .= handleUserMgmt();
00421 $ophead="{$ICONS['User Management']['small']}User Management";
00422 }
00423 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'widgets')
00424 {
00425 $op .= handleWidgetAdmin($pageid);
00426 $ophead="{$ICONS['Widgets']['small']}Widgets Management";
00427 }
00428 else if(isset($_GET['subaction']) && $_GET['subaction'] == 'icon')
00429 {
00430 require_once("iconmanagement.lib.php");
00431 $res = handleIconManagement();
00432 if(isset($_GET['iconURL']))
00433 return $res;
00434
00435 $op .= $res;
00436 $ophead = "{$ICONS['Icons']['small']}Icons Management";
00437 }
00438 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups') {
00439 require_once("permission.lib.php");
00440 $pagepath = array();
00441 parseUrlDereferenced($pageid, $pagepath);
00442 $virtue = '';
00443 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, array_reverse(getGroupIds($userid)), $virtue);
00444 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00445 $op .= groupManagementForm($userid, $modifiableGroups, $pagepath);
00446 $ophead="{$ICONS['Group Management']['small']}Group Management";
00447 }
00448 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadtemplates')
00449 {
00450 $op .= reloadTemplates();
00451 $ophead="{$ICONS['Templates Management']['small']}Reloading Templates";
00452 }
00453 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadmodules')
00454 {
00455 $op .= reloadModules();
00456 $ophead="{$ICONS['Modules Management']['small']}Reloading Modules";
00457 }
00458 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'checkPerm')
00459 {
00460 $op .= admin_checkFunctionPerms();
00461 $ophead="{$ICONS['Access Permissions']['small']}Checking Permissions Consistency";
00462 }
00463 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminUser')
00464 {
00465 $op .= admin_checkAdminUser();
00466 $ophead="Checking Administrator User";
00467 }
00468 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminPerms')
00469 {
00470 $op .= admin_checkAdminPerms();
00471 $ophead="Checking Administrator Permissions";
00472 }
00473 elseif (isset($_GET['subaction']) && ($_GET['subaction'] == 'changePermRank'))
00474 {
00475 $op .= admin_changePermRank();
00476 $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank";
00477 }
00478 elseif ((isset($_GET['subaction']) && ($_GET['subaction'] == 'editprofileform')) ||
00479 (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editprofileform'))
00480 {
00481 $op .= admin_editProfileForm();
00482 $ophead="{$ICONS['User Profile']['small']}Edit User Profile Form";
00483 }
00484 elseif (isset ($_GET['id']))
00485 $op .= admin_userAdmin();
00486 elseif (isset ($_GET['movePermId']))
00487 {
00488 $op .= admin_changePermRank();
00489 $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank";
00490 }
00491 elseif (isset ($_GET['module']))
00492 {
00493 $op .= admin_changePermRank(escape($_GET['module']));
00494 $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank for module '".escape($_GET['module'])."'";
00495 }
00496 }
00497 if($op!="")
00498 {
00499 $op ="<fieldset><legend>$ophead</legend>$op</fieldset>";
00500 }
00501
00502 if(isset($_GET['subaction']) && $_GET['subaction']=='global')
00503 $str .= globalSettingsForm();
00504 else if(isset($_GET['subaction']) && $_GET['subaction']=='editgroups') {
00505
00506 }
00507 else if(isset($_GET['subaction']) && $_GET['subaction']=='useradmin')
00508 {
00509
00510 $op .= userManagementForm();
00511 }
00512 else if(isset($_GET['subaction']) && $_GET['subaction']=='expert')
00513 {
00514 $str .= "<fieldset><legend>{$ICONS['Site Maintenance']['small']}Experts Only</legend>";
00515 $str .= '<a href="./+admin&subaction=checkPerm">Check Permission List</a><br />';
00516 $str .= '<a href="./+admin&subaction=checkAdminUser">Check Admin User</a><br />';
00517 $str .= '<a href="./+admin&subaction=checkAdminPerms">Check Admin Perms</a><br />';
00518 $str .= '<a href="./+admin&subaction=changePermRank">Change Perm Ranks</a><br />';
00519 $str .= '<a href="./+admin&subaction=reloadtemplates">Reload Templates</a><br />';
00520 $str .= '<a href="./+admin&subaction=reloadmodules">Reload Modules</a><br />';
00521 $str .= '<a href="./+admin&indexsite=2">Reindex Site for Searching</a></br/></fieldset>';
00522
00523
00524 }
00525
00526 return $str.$op.$quicklinks;
00527
00528 }
00529
00530 function managementForm($type) {
00531 $function = "getAvailable{$type}s";
00532 $modules = $function();
00533 $modulesList = "<select name='{$type}'>";
00534 foreach($modules as $module)
00535 $modulesList .= "<option value='" . $module . "'>" . $module . "</option>";
00536 $modulesList .= "</select>";
00537 global $ICONS;
00538 $smallIcon = $ICONS[$type.'s Management']['small'];
00539 $subaction = ($type=="Module")?'module':($type=="Template"?'template':"");
00540 $form=<<<FORM
00541 <script type="text/javascript">
00542 function delconfirm(obj) {
00543 return confirm("Are you sure want to delete '" + document.getElementById('modules').value + "' {$type}?");
00544 }
00545 </script>
00546 <fieldset>
00547 <legend>{$smallIcon}{$type} Management</legend>
00548 <form name='module' method='POST' action="./+admin&subaction={$subaction}&subsubaction=install" enctype="multipart/form-data">
00549 Add new {$type}: <input type='file' name='file' id='file' /><input type='submit' name='btn_install' value='Upload' />
00550 </form>
00551 <br/><br/>
00552 <form method='POST' action="./+admin&subaction={$subaction}&subsubaction=uninstall" enctype="multipart/form-data">
00553 Delete Existing {$type}: {$modulesList}<input type='submit' name='btn_uninstall' value='Uninstall' onclick='return delconfirm(this);' />
00554 </form>
00555 </fieldset>
00556 FORM;
00557 return $form;
00558 }
00559
00560 function updateGlobalSettings()
00561 {
00562
00563 $global=array();
00564 $global['allow_pagespecific_header']=isset($_POST['allow_page_header'])?1:0;
00565 $global['allow_pagespecific_template']=isset($_POST['allow_page_template'])?1:0;
00566 $global['default_user_activate']=isset($_POST['activate_useronreg'])?1:0;
00567 $global['default_mail_verify']=isset($_POST['send_mail_on_reg'])?1:0;
00568 $global['breadcrumb_submenu']=isset($_POST['breadcrumb_submenu'])?1:0;
00569
00570 $global['allow_login']=isset($_POST['allow_login'])?1:0;
00571 $global['cms_title']=escape($_POST['cms_title']);
00572 $global['default_template']=escape($_POST['default_template']);
00573 $global['cms_email']=escape($_POST['cms_email']);
00574 $global['upload_limit']=escape($_POST['upload_limit']);
00575 $global['reindex_frequency']=escape($_POST['reindex_frequency']);
00576 $global['cms_desc']=escape($_POST['cms_desc']);
00577 $global['cms_keywords']=escape($_POST['cms_keywords']);
00578 $global['cms_footer']=escape($_POST['cms_footer']);
00579 $global['censor_words']=safe_html($_POST['censor_words']);
00580 if(isset($_POST['openid_enabled']) && escape($_POST['openid_enabled']=='true'))
00581 {
00582 if (iscurlinstalled())
00583 $global['openid_enabled']='true';
00584 else
00585 {
00586 global $curl_message;
00587 displaywarning($curl_message);
00588 $global['openid_enabled']='false';
00589 }
00590 }
00591 else
00592 $global['openid_enabled']='false';
00593 if(isset($_POST['recaptcha_enable']))
00594 {
00595 if (($_POST['public_key']!=NULL)&&($_POST['private_key']!=NULL))
00596 {
00597 $global['recaptcha']='1';
00598 $global['recaptcha_public']=escape($_POST['public_key']);
00599 $global['recaptcha_private']=escape($_POST['private_key']);
00600
00601 }
00602 else
00603 {
00604 displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled");
00605 $global['recaptcha']='0';
00606 }
00607 }
00608 else
00609 $global['recaptcha']='0';
00610 setGlobalSettings($global);
00611
00612 displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
00613
00614 }
00615
00616 function admin_checkFunctionPerms() {
00617 global $sourceFolder;
00618 $returnStr="";
00619
00620 if ($handle = opendir($sourceFolder . '/modules')) {
00621 while (false !== ($file = readdir($handle))) {
00622 $list[] = $file;
00623 }
00624 closedir($handle);
00625 }
00626 foreach ($list as $temp) {
00627 if (strpos($temp, '.lib.php')==strlen($temp)-8) {
00628 $moduleArray[] = str_replace('.lib.php', '', $temp);
00629 }
00630 }
00631 $moduleList = "";
00632 foreach ($moduleArray as $module) {
00633 $moduleList .= $module . ", ";
00634 }
00635 $moduleList .= "";
00636
00637 $returnStr.="<br/>The following modules/classes exist in the file system:<br>$moduleList";
00638 $moduleList = "";
00639
00640
00641
00642
00643
00644 global $sourceFolder;
00645 global $moduleFolder;
00646 foreach ($moduleArray as $module) {
00647 $perm = array ();
00648 reset($perm);
00649 $i = 0;
00650 if (($module != 'forum') && ($module != 'poll') && ($module != 'contest')) {
00651
00652
00653 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00654
00655 $functionArray = get_class_methods($module);
00656
00657 if($functionArray==NULL)
00658 {
00659 $returnStr.="<br/><b>Please check the Class definition of $module. It may have undefined functions. Please define the functions or declare the class as an abstract class</b>";
00660 continue;
00661 }
00662 foreach ($functionArray as $method) {
00663 if ((substr($method, 0, 6)) == 'action') {
00664 $permission = str_replace('action', "", $method);
00665 $permission = strtolower($permission);
00666 $perm[$i] = $permission;
00667 $i = $i +1;
00668 }
00669 }
00670
00671 $permList = "";
00672 foreach ($perm as $permElements) {
00673 $permList .= $permElements . ", ";
00674 }
00675 $returnStr.="<br/>The following methods/functions/actions exist in the filesystem class for $module:<br> $permList";
00676 $perm[] = 'create';
00677 $permExists = "";
00678 $i = 0;
00679
00680 foreach ($perm as $permission) {
00681 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module' AND `perm_action`='$permission'";
00682 $result = mysql_query($query);
00683 if (mysql_num_rows($result) > 0) {
00684 if ($i == 1)
00685 $permExists .= ", ";
00686 $permExists .= $permission;
00687 $i = 1;
00688 } else {
00689 $returnStr.="<br/><b>$permission DOES NOT exist for $module but will be created</b><br>";
00690 $query = "SELECT MAX(perm_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00691 $result = mysql_query($query) or die(mysql_error());
00692 $row = mysql_fetch_assoc($result);
00693 $permid = $row['MAX'] + 1;
00694 $query = "SELECT MAX(perm_rank) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00695 $result = mysql_query($query) or die(mysql_error());
00696 $row = mysql_fetch_assoc($result);
00697 $permrank = $row['MAX'] + 1;
00698 $desc = $permission . " the " . $module;
00699 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "permissionlist`(`perm_id` ,`page_module` ,`perm_action` ,`perm_text` ,`perm_rank` ,`perm_description`)VALUES ('$permid', '$module', '$permission', '$permission', '$permrank', '$desc') ";
00700 $result = mysql_query($query) or die(mysql_error());
00701 if (mysql_affected_rows())
00702 displayinfo("$permission has been created for $module");
00703 }
00704 }
00705
00706 $permExists .= ".";
00707 $returnStr.="<br/>The following permissions exist in database for $module :<br>$permExists";
00708
00709 }
00710
00711 }
00712
00713
00714
00715 foreach ($moduleArray as $module) {
00716 if (($module != 'forum') && ($module != 'poll') && ($module!='contest')) {
00717 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00718 $class = new $module ();
00719 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00720 $result = mysql_query($query);
00721 while ($tempres = mysql_fetch_assoc($result)) {
00722
00723 $permName = ucfirst($tempres['perm_action']);
00724 $method = "action" . $permName;
00725
00726 if (!(method_exists($class, $method)))
00727 $returnStr.="<br/>Permission $method, perm id = $tempres[perm_id] exists in database but not in class $module";
00728
00729 }
00730
00731 }
00732 }
00733 return $returnStr;
00734 }
00735
00736
00737
00738 function admin_checkAdminUser() {
00739 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin'";
00740 $result = mysql_query($query);
00741 if (mysql_num_rows($result) > 0) {
00742 displayinfo("User \"Admin\" exists in database.");
00743 } else {
00744 $query = "SELECT MAX(user_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "users` ";
00745 $result = mysql_query($query) or die(mysql_error() . "check.lib L:141");
00746 $row = mysql_fetch_assoc($result);
00747 $uid = $row['MAX'] + 1;
00748 $passwd = rand();
00749 $adminPasswd = md5($passwd);
00750 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users`( `user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_activated`)VALUES ( $uid , 'admin', 'admin@cms.org', 'Administrator', '$adminPasswd', '1')";
00751
00752 $result = mysql_query($query) or die(mysql_error());
00753 if (mysql_affected_rows() > 0) {
00754 displayinfo("User Admin has been created with email admin@cms.org and password as $passwd");
00755 } else
00756 displayerror("Failed to create user Admin");
00757 }
00758 }
00759
00760 function admin_checkAdminPerms()
00761
00762
00763
00764
00765
00766 {
00767 $returnStr="";
00768 $str="";
00769 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin' ";
00770 $result = mysql_query($query);
00771 if (mysql_num_rows($result) > 0) {
00772 $temp = mysql_fetch_array($result);
00773 $user_Id = $temp['user_id'];
00774 $query1 = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00775 $result1 = mysql_query($query1);
00776 while ($temp1 = mysql_fetch_assoc($result1)) {
00777 foreach ($temp1 as $var => $val) {
00778 if ($var == 'perm_id') {
00779 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type`='user' AND `usergroup_id`=$user_Id AND `page_id`=0 AND `perm_id`=$val AND `perm_permission`='Y'";
00780 $result = mysql_query($query) or die(mysql_error());
00781 if (!mysql_num_rows($result)) {
00782 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "userpageperm` (`perm_type`,`page_id`,`usergroup_id`,`perm_id`,`perm_permission`) VALUES ('user','0','$user_Id','$val','Y')";
00783 $result2 = mysql_query($query);
00784 if (mysql_affected_rows())
00785 $returnStr.="\n<br>User Admin userId=$user_Id has been allotted permission $temp1[perm_action] of module $temp1[page_module] over page 0";
00786 else
00787 $returnStr.="\n<br>Failed to create permission $temp1[perm_action] of module $temp1[page_module] over page 0 for User Admin userId=$user_Id";
00788 } else {
00789 $str .= "";
00790 $str .= "\n<tr><td>" . $temp1['page_module'] . "</td><td>" . $temp1['perm_action'] . "</td></tr>";
00791 }
00792 }
00793 }
00794 }
00795 if ($str != '')
00796 $returnStr.="The following permissions exist for user admin: <table border=\"1\"><tr><th>Module</th><th>Permission</th></tr>" .$str. "</table>";
00797
00798 } else {
00799 $returnStr.=admin_checkAdminUser();
00800 $returnStr.=admin_checkAdminPerms();
00801 }
00802 return $returnStr;
00803 }
00804
00805
00806
00807
00808
00809
00810
00811 function admin_changePermRank($module="") {
00812 require_once("tbman_executer.lib.php");
00813
00814
00815 $pv = "";
00816 if(isset($_POST['querystring'])) {
00817 $pv = $_POST;
00818 } else {
00819 $pv = "SELECT * FROM `". MYSQL_DATABASE_PREFIX ."permissionlist`";
00820 }
00821 $table = new tbman_executer($pv);
00822 $table->formaction="./+admin&subaction=changePermRank";
00823 return $table->execute();
00824
00825 }
00826
00827
00828 function admin_editProfileForm() {
00829 include_once('profile.lib.php');
00830 return getProfileFormEditForm();
00831 }
00832
00833 function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath) {
00834 require_once("group.lib.php");
00835 global $ICONS;
00836 global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder,$sourceFolder;
00837 $scriptsFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts";
00838 $imagesFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/images";
00839
00841 $groupRow = $groupId = $userId = null;
00842 $subAction = '';
00843 if ((isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname'])) || (isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])))
00844 $subAction = 'showeditform';
00845 elseif(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform')
00846 $subAction = 'associateform';
00847 elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail']))
00848 $subAction = 'deleteuser';
00849 elseif (isset($_POST['btnAddUserToGroup']))
00850 $subAction = 'addusertogroup';
00851 elseif (isset($_POST['btnSaveGroupProperties']))
00852 $subAction = 'savegroupproperties';
00853 elseif (isset($_POST['btnEditGroupPriorities']) || (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities'))
00854 $subAction = 'editgrouppriorities';
00855
00856 if(isset($_POST['selEditGroups']) || isset($_GET['groupname'])) {
00857 $groupRow = getGroupRow( isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname']) );
00858 $groupId = $groupRow['group_id'];
00859 if($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) {
00860 displayerror('Error! Invalid group requested.');
00861 return ;
00862 }
00863
00864 if(!is_null($groupId)) {
00865 if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
00866 displayerror('You do not have the permission to modify the selected group.');
00867 return '';
00868 }
00869 }
00870 }
00871 if(isset($_GET['useremail'])) {
00872 $userId = getUserIdFromEmail($_GET['useremail']);
00873 }
00874
00875 if($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) {
00876 if ($subAction == 'deleteuser') {
00877 if($groupRow['form_id'] != 0) {
00878 displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.');
00879 }
00880 elseif (!$userId) {
00881 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00882 }
00883 else {
00884 $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = ' . $userId . ' AND `group_id` = ' . $groupId;
00885 $deleteResult = mysql_query($deleteQuery);
00886 if(!$deleteResult || mysql_affected_rows() != 1) {
00887 displayerror('Could not delete user with the given E-mail from the given group.');
00888 }
00889 else {
00890 displayinfo('Successfully removed user from the current group');
00891
00892 if($userId == $currentUserId) {
00893 $virtue = '';
00894 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
00895 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
00896 }
00897 }
00898 }
00899 }
00900 elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) {
00901 $updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '".escape($_POST['txtGroupDescription'])."' WHERE `group_id` = $groupId";
00902 $updateResult = mysql_query($updateQuery);
00903 if (!$updateResult) {
00904 displayerror('Could not update database.');
00905 }
00906 else {
00907 displayinfo('Changes to the group have been successfully saved.');
00908 }
00909 $groupRow = getGroupRow($groupRow['group_name']);
00910 }
00911 elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') {
00912 if($groupRow['form_id'] != 0) {
00913 displayerror('The selected group is associated with a form. To add a user, register the user to the form.');
00914 }
00915 else {
00916 $passedEmails = explode(',', escape($_POST['txtUserEmail']));
00917
00918 for($i = 0; $i < count($passedEmails); $i++) {
00919 $hyphenPos = strpos($passedEmails[$i], '-');
00920 if ($hyphenPos >= 0) {
00921 $userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1));
00922 }
00923 else {
00924 $userEmail = escape($_POST['txtUserEmail']);
00925 }
00926
00927 $userId = getUserIdFromEmail($userEmail);
00928 if(!$userId || $userId < 1) {
00929 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00930 }
00931
00932 if(!addUserToGroupName($groupRow['group_name'], $userId)) {
00933 displayerror('Could not add the given user to the current group.');
00934 }
00935 else {
00936 displayinfo('User has been successfully inserted into the given group.');
00937 }
00938 }
00939 }
00940 }
00941 elseif ($subAction == 'associateform') {
00942 if(isset($_POST['btnAssociateGroup'])) {
00943 $pageIdArray = array();
00944 $formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray);
00945 if($formPageId <= 0 || getPageModule($formPageId) != 'form') {
00946 displayerror('Invalid page selected! The page you selected is not a form.');
00947 }
00948 elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form'))
00949 displayerror('You do not have the permissions to associate the selected form with a group.');
00950 else {
00951 $formModuleId = getModuleComponentIdFromPageId($formPageId, 'form');
00952 require_once("$sourceFolder/$moduleFolder/form.lib.php");
00953
00954 if(isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) {
00955 associateGroupWithForm($groupId, $formModuleId);
00956 $groupRow = getGroupRow($groupRow['group_name']);
00957 }
00958 else
00959 displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.');
00960 }
00961 }
00962 elseif(isset($_POST['btnUnassociateGroup'])) {
00963 if($groupRow['form_id'] <= 0) {
00964 displayerror('The selected group is currently not associated with any form.');
00965 }
00966 elseif(!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) {
00967 displayerror('You do not have the permissions to unassociate the form from this group.');
00968 }
00969 else {
00970 unassociateFormFromGroup($groupId);
00971 $virtue = '';
00972 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
00973 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
00974 $groupRow = getGroupRow($groupRow['group_name']);
00975 }
00976 }
00977 }
00978
00979 if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
00980 displayerror('You do not have the permission to modify the selected group.');
00981 return '';
00982 }
00983
00984 $usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`';
00985 $usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`';
00986 $userQuery = "SELECT `user_email`, `user_fullname` FROM $usergroupTable, $usersTable WHERE `group_id` = $groupId AND $usersTable.`user_id` = $usergroupTable.`user_id` ORDER BY `user_email`";
00987 $userResult = mysql_query($userQuery);
00988 if(!$userResult) {
00989 displayerror('Error! Could not fetch group information.');
00990 return '';
00991 }
00992
00993 $userEmails = array();
00994 $userFullnames = array();
00995 while($userRow = mysql_fetch_row($userResult)) {
00996 $userEmails[] = $userRow[0];
00997 $userFullnames[] = $userRow[1];
00998 }
00999
01000 $groupEditForm = <<<GROUPEDITFORM
01001 <h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br />
01002 <fieldset style="padding: 8px">
01003 <legend>{$ICONS['User Groups']['small']}Group Properties</legend>
01004 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01005 Group Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" />
01006 <input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" />
01007 </form>
01008 </fieldset>
01009
01010 <br />
01011 <fieldset style="padding: 8px">
01012 <legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend>
01013 GROUPEDITFORM;
01014
01015 $userCount = mysql_num_rows($userResult);
01016 global $urlRequestRoot, $cmsFolder, $templateFolder,$sourceFolder;
01017 $deleteImage = "<img src=\"$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />";
01018
01019 for($i = 0; $i < $userCount; $i++) {
01020 $isntAssociatedWithForm = ($groupRow['form_id'] == 0);
01021 if($isntAssociatedWithForm)
01022 $groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>";
01023 $groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n";
01024 }
01025
01026 $associateForm = '';
01027 if($groupRow['form_id'] == 0) {
01028 $associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId));
01029 $associableFormCount = count($associableForms);
01030 $associableFormsBox = '<select name="selFormPath">';
01031 for($i = 0; $i < $associableFormCount; ++$i) {
01032 $associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>';
01033 }
01034 $associableFormsBox .= '</select>';
01035 $associateForm = <<<GROUPASSOCIATEFORM
01036
01037 Select a form to associate the group with: $associableFormsBox
01038 <input type="submit" name="btnAssociateGroup" value="Associate Group with Form" />
01039 GROUPASSOCIATEFORM;
01040 }
01041 else {
01042 $associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']);
01043 $associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' .
01044 '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />';
01045 }
01046
01047 $groupEditForm .= '</fieldset>';
01048 if($groupRow['form_id'] == 0) {
01049 $groupEditForm .= <<<GROUPEDITFORM
01050 <br />
01051 <fieldset style="padding: 8px">
01052 <legend>{$ICONS['Add']['small']}Add Users to Group</legend>
01053 <form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01054 Email ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" />
01055 <div id="suggestionDiv" class="suggestionbox"></div>
01056
01057 <script language="javascript" type="text/javascript" src="$scriptsFolder/ajaxsuggestionbox.js"></script>
01058 <script language="javascript" type="text/javascript">
01059 <!--
01060 var addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%");
01061 addUserBox.loadingImageUrl = '$imagesFolder/ajaxloading.gif';
01062 -->
01063 </script>
01064
01065 <input type="submit" name="btnAddUserToGroup" value="Add User to Group" />
01066 </form>
01067 </fieldset>
01068 GROUPEDITFORM;
01069 }
01070 $groupEditForm .= <<<GROUPEDITFORM
01071 <br />
01072 <fieldset style="padding: 8px">
01073 <legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend>
01074 <form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST">
01075 $associateForm
01076 </form>
01077 </fieldset>
01078 GROUPEDITFORM;
01079
01080 return $groupEditForm;
01081 }
01082
01083 if ($subAction == 'editgrouppriorities') {
01084 $modifiableCount = count($modifiableGroups);
01085 $userMaxPriority = $maxPriorityGroup = 1;
01086 if($modifiableCount != 0) {
01087 $userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']);
01088 $maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id'];
01089 }
01090
01091 if(isset($_GET['dowhat']) && !is_null($groupId)) {
01092 if($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') {
01093 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true);
01094 }
01095 elseif($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') {
01096 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false);
01097 }
01098 elseif($_GET['dowhat'] == 'emptygroup') {
01099 emptyGroup($groupRow['group_name']);
01100 }
01101 elseif($_GET['dowhat'] == 'deletegroup') {
01102 if(deleteGroup($groupRow['group_name'])) {
01103 $virtue = '';
01104 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01105 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01106 }
01107 }
01108
01109 $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01110 }
01111 elseif(isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') {
01112 if(isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) {
01113 $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '".escape($_POST['txtGroupName'])."'";
01114 $existsResult = mysql_query($existsQuery);
01115 if(trim($_POST['txtGroupName']) == '') {
01116 displayerror('Cannot create a group with an empty name. Please type in a name for the new group.');
01117 }
01118 elseif(mysql_num_rows($existsResult) >= 1) {
01119 displayerror('A group with the name you specified already exists.');
01120 }
01121 else {
01122 $idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
01123 $idResult = mysql_query($idQuery);
01124 $idRow = mysql_fetch_row($idResult);
01125 $newGroupId = 2;
01126 if(!is_null($idRow[0])) {
01127 $newGroupId = $idRow[0] + 1;
01128 }
01129
01130 $newGroupPriority = 1;
01131 if($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) {
01132 $newGroupPriority = escape($_POST['selGroupPriority']);
01133 }
01134
01135 $addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' .
01136 "VALUES($newGroupId, '".escape($_POST['txtGroupName'])."', '".escape($_POST['txtGroupDescription'])."', $newGroupPriority)";
01137 $addGroupResult = mysql_query($addGroupQuery);
01138 if($addGroupResult) {
01139 displayinfo('New group added successfully.');
01140
01141 if(isset($_POST['chkAddMe'])) {
01142 $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ($currentUserId, $newGroupId)";
01143 if(!mysql_query($insertQuery)) {
01144 displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query());
01145 }
01146 }
01147 $virtue = '';
01148 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01149 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01150 }
01151 else {
01152 displayerror('Could not run MySQL query. New group could not be added.');
01153 }
01154 }
01155 }
01156
01157 $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01158 }
01159
01160 $modifiableCount = count($modifiableGroups);
01161 if($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) {
01162 $modifiableGroups = array_reverse($modifiableGroups);
01163 }
01164 $previousPriority = $modifiableGroups[0]['group_priority'];
01165 global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder,$sourceFolder;
01166 $iconsFolderUrl = "$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16";
01167 $moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />';
01168 $moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />';
01169 $moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />';
01170 $moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />';
01171 $emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />';
01172 $deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />';
01173
01174 $groupsForm = '<h3>Edit Group Priorities</h3><br />';
01175 for($i = 0; $i < $modifiableCount; $i++) {
01176 if($modifiableGroups[$i]['group_priority'] != $previousPriority) {
01177 $groupsForm .= '<br /><br /><hr /><br />';
01178 }
01179 $groupsForm .=
01180 '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' .
01181 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' .
01182 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' .
01183 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' .
01184 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' .
01185 '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' .
01186 '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' .
01187 '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n";
01188 $previousPriority = $modifiableGroups[$i]['group_priority'];
01189 }
01190
01191 $priorityBox = '<option value="1">1</option>';
01192 for($i = 2; $i <= $userMaxPriority; ++$i) {
01193 $priorityBox .= '<option value="' . $i . '">' . $i . '</option>';
01194 }
01195 $groupsForm .= <<<GROUPSFORM
01196 <br /><br />
01197 <fieldset style="padding: 8px">
01198 <legend>Create New Group:</legend>
01199
01200 <form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup">
01201 <label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br />
01202 <label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br />
01203 <label>Group Priority: <select name="selGroupPriority">$priorityBox</select><br />
01204 <label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br />
01205 <input type="submit" name="btnAddNewGroup" value="Add Group" />
01206 </form>
01207 </fieldset>
01208 GROUPSFORM;
01209
01210 return $groupsForm;
01211 }
01212
01213
01214 $modifiableCount = count($modifiableGroups);
01215 $groupsBox = '<select name="selEditGroups">';
01216 for($i = 0; $i < $modifiableCount; ++$i) {
01217 $groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n";
01218 }
01219 $groupsBox .= '</select>';
01220
01221 $groupsForm = <<<GROUPSFORM
01222 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups">
01223 $groupsBox
01224 <input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br />
01225 <input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" />
01226 </form>
01227
01228 GROUPSFORM;
01229
01230 return $groupsForm;
01231 }