• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/admin.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00034         /*  Consistency check:
00035 1) Check all available classes (modules) - to refine
00036 
00037 2) See, if all their functions actionView(), actionEdit(), actionX exist
00038 in the perms table or not (and create also). If
00039 not, give option to create that permission. - to refine
00040 
00041 3) See if any extra option exists in the database, if it does, warn the user. - to refine
00042 
00043 4) See if any user with the name admin exists or not. If it does not,
00044 create it and give it a random and display all required information, - to remove
00045 
00046 5) See if the admin user has all perms at page 0 or not. If not, give him
00047 all perms and inform him - to remove
00048 
00049 6) See if all minimum rows n tables required for the cms to run exist or
00050 not, if they do not, create them. - to remove
00051 
00052 7) User management: List of all users, ability to edit everything about
00053 them, ability to activate users, ability to create users - to refine
00054 
00055 8) Ability to change perm ranks (like page move up and move ) - done
00056  *
00057  *
00058  * */
00059 
00060 function globalSettingsForm()
00061 {
00062         global $ICONS;
00063         $globalform=<<<globalform
00064         <style>
00065         #tabBar {
00066                 display: none;
00067         }
00068         </style>
00069         <script type="text/javascript">
00070                 total = 4;
00071                 function showOption(num) {
00072                         for(i=1;i<=total;i++)
00073                         document.getElementById('globaloption'+i).style.display="none";
00074                         document.getElementById('globaloption'+num).style.display="block";
00075                 }
00076                 window.onload=function() {
00077                         for(i=1;i<=total;i++)
00078                         document.getElementById('globaloption'+i).style.display="none";
00079                         showOption(1);
00080                         document.getElementById('tabBar').style.display="block";
00081                 }
00082         </script>
00083         <fieldset>
00084         <legend>{$ICONS['Global Settings']['small']}Global Settings</legend>
00085         <div id="tabBar">
00086         <table style="width:100%">
00087         <tr>
00088         <td id="subaction" style="width:35%"><a onclick="showOption(1);"><Button>Website Information</Button></td>
00089         <td style="width:35%"><a onclick="showOption(2);"><Button>Template and Navigation</Button></td>
00090         <td style="width:35%"><a onclick="showOption(3);"><Button>Email and Registrations</Button></td>
00091         <td style="width:35%"><a onclick="showOption(4);"><Button>Security and Maintainence</Button></td>
00092         </tr>
00093         </table>
00094         </div>
00095 globalform;
00096         return $globalform."<form method='POST' action='./+admin&subaction=global'><div id=\"globaloption1\">".websiteInfoSettingsForm()."</div><div id=\"globaloption2\">".templateSettingsForm()."</div><div id=\"globaloption3\">".registrationsSettingsForm()."</div><div id=\"globaloption4\">".securitySettingsForm()."</div><input type='hidden' name='update_global_settings' /><input type='submit' value='Update' /><input type='button' value='Cancel' onclick=\"window.open('./+view','_top')\" /></form></fieldset>";
00097         }
00098         
00099 function websiteInfoSettingsForm()
00100 {
00101         global $pageFullPath;
00102         global $CMSTEMPLATE;
00103         global $urlRequestRoot,$templateFolder,$cmsFolder;
00104         $globals=getGlobalSettings();
00105         foreach($globals as $var=>$val) 
00106                 $$var=$val;
00107         $globalform=<<<globalform
00108         <table style="width:100%">
00109         <tr>
00110         <td style="width:35%">Website Name :</td>
00111         <td style="width:65%"><input type="text" name='cms_title' value="$cms_title"></td>
00112         </tr>
00113         <tr>
00114         <td>Site Description :</td>
00115         <td><textarea style="width:98%" rows=10 cols=10 name='cms_desc' />$cms_desc</textarea></td>
00116         </tr>
00117         <tr>
00118         <td>Site Keywords (comma-separated) :</td>
00119         <td><input type="text" name='cms_keywords' value='$cms_keywords'></td>
00120         </tr>
00121         <tr>
00122         <td>Site Footer :</td>
00123         <td><textarea style="width:98%" rows=10 cols=10 name='cms_footer' />$cms_footer</textarea></td>
00124         </tr>
00125         </table>
00126 globalform;
00127         return $globalform;
00128 }
00129 function templateSettingsForm()
00130 {
00131 global $pageFullPath;
00132         global $CMSTEMPLATE;
00133         global $urlRequestRoot,$templateFolder,$cmsFolder;
00134         $globals=getGlobalSettings();
00135         foreach($globals as $var=>$val) 
00136                 $$var=$val;
00137 $templates = getAvailableTemplates();
00138 $allow_pagespecific_header=$allow_pagespecific_header==0?"":"checked";
00139 $allow_pagespecific_template=$allow_pagespecific_template==0?"":"checked";
00140 
00141 $globalform=<<<globalform
00142         <table style="width:100%">
00143         <tr>
00144         <td>Default template :</td>
00145         <td><select name='default_template'>
00146 globalform;
00147 
00148         
00149         for($i=0; $i<count($templates); $i++)
00150         {
00151                 if($templates[$i]==DEF_TEMPLATE)
00152                 $globalform.="<option value='".$templates[$i]."' selected >".ucwords($templates[$i])."</option>";
00153                 else
00154                 $globalform.="<option value='".$templates[$i]."' >".ucwords($templates[$i])."</option>";
00155         }
00156 
00157 $globalform.=<<<globalform
00158         </select>
00159         </td>
00160         </tr>
00161         <tr>
00162         <td>Allow Page-specific Template ?</td>
00163         <td><input name='allow_page_template' type='checkbox' $allow_pagespecific_template></td>
00164         </tr>
00165         <tr>
00166         <td>Allow Page-specific Headers ?</td>
00167         <td><input name='allow_page_header' type='checkbox' $allow_pagespecific_header></td>
00168         </tr>
00169         
00170         <tr>
00171         <td>Show Breadcrumbs Submenu ?</td>
00172         <td><input name='breadcrumb_submenu' type='checkbox' $breadcrumb_submenu></td>
00173         </tr>
00174         </table>
00175 globalform;
00176 return $globalform;
00177 }
00178 
00179 function registrationsSettingsForm()
00180 {
00181 global $pageFullPath;
00182         global $CMSTEMPLATE;
00183         global $urlRequestRoot,$templateFolder,$cmsFolder;
00184         $globals=getGlobalSettings();
00185         foreach($globals as $var=>$val) 
00186                 $$var=$val;
00187 $activate_useronreg=$default_user_activate==0?"":"checked";
00188 $default_mailverify=$default_mail_verify==0?"":"checked";
00189 $breadcrumb_submenu=$breadcrumb_submenu==0?"":"checked";
00190 $allow_login=$allow_login==0?"":"checked";
00191 
00192 
00193 $globalform=<<<globalform
00194         <table style="width:100%">
00195         <tr>
00196         <td>Send Mail on Registration ?</td>
00197         <td><input name='send_mail_on_reg' type='checkbox' $default_mailverify></td>
00198         </tr>
00199         <tr>
00200         <td>Website Email :</td>
00201         <td><input type="text" name='cms_email' value='$cms_email'></td>
00202         </tr>
00203         
00204         <tr>
00205         <td>Activate User On Registration ?</td>
00206         <td><input name='activate_useronreg' type='checkbox' $activate_useronreg></td>
00207         </tr>
00208         <tr>
00209         <td>Allow Users to Login/Register ?</td>
00210         <td><input name='allow_login' type='checkbox' $allow_login></td>
00211         </tr>
00212         </table>
00213 globalform;
00214 return $globalform;
00215 }
00216 
00217 
00218 function securitySettingsForm()
00219 {
00220 global $pageFullPath;
00221         global $CMSTEMPLATE;
00222         global $urlRequestRoot,$templateFolder,$cmsFolder;
00223         $globals=getGlobalSettings();
00224         foreach($globals as $var=>$val) 
00225                 $$var=$val;
00226         $openidno_ischecked=($openid_enabled=='false')?'checked':'';
00227         $openidyes_ischecked=($openid_enabled=='false')?'':'checked';
00228         $recapt_ischecked=($recaptcha=='1')?'checked':'';
00229         $globalform=<<<globalform
00230         <table style="width:100%">
00231         <tr>
00232         <td style="width:35%">Upload Limit (bytes) </td>
00233         <td style="width:"65%"><input type="text" name='upload_limit' value='$upload_limit'></td>
00234         </tr>
00235         <tr>
00236         <td>Site Reindex Frequency (days) </td>
00237         <td><input type="text" name='reindex_frequency' value='$reindex_frequency'></td>
00238         </tr>
00239         <tr>
00240                         <td><label for="optEnableOpenID">Enable OpenID?</label></td>
00241                         <td>
00242                         <labe><input type="radio" name="openid_enabled" id="optEnableOpenIDNo" value="false" $openidno_ischecked />No</label>
00243                         <label><input type="radio" name="openid_enabled" id="optEnableOpenIDYes" value="true" $openidyes_ischecked />Yes</label>
00244                         </td>
00245         </tr>
00246         <tr>
00247                 <td>Censor Words (use | to seperate the words. Please dont use spaces) </td>
00248                 <td><textarea style="width:98%" rows=10 cols=10 name='censor_words' />$censor_words</textarea></td>
00249         </tr>
00250         <tr>
00251         <td>Use ReCAPTCHA ?</td>
00252         <td>
00253                                 <label><input type="checkbox" name="recaptcha_enable" id="recaptcha_enable" value="Yes" $recapt_ischecked/>Yes</label>
00254                         </td>
00255                 </tr>
00256                 <tr>
00257                         <td><label for="public_key">ReCAPTCHA Public Key:</label></td>
00258                         <td><input type="text" id="public_key" name="public_key" value='$recaptcha_public' /></td>
00259                 </tr>
00260                 <tr>
00261                         <td><label for="private_key">ReCAPTCHA Private Key:</label></td>
00262                         <td><input type="text" id="private_key" name="private_key" value='$recaptcha_private' /></td>
00263                 </tr>
00264         </table>
00265 globalform;
00266 return $globalform;
00267 }
00268 
00269 
00270 
00271 
00272 function extension($file) {
00273         $start = strrpos($file,".");
00274         $len = strlen($file);
00275         return substr($file,$start,$len-$start);
00276 }
00277 
00278 function delDir($dirname) {
00279         if (is_dir($dirname))
00280                 $dir_handle = opendir($dirname);
00281         if (!isset($dir_handle) || !$dir_handle)
00282                 return false;
00283         while($file = readdir($dir_handle)) {
00284                 if ($file != "." && $file != "..") {
00285                         if (!is_dir($dirname."/".$file))
00286                                 unlink($dirname."/".$file);
00287                         else
00288                                 delDir($dirname.'/'.$file);             
00289                 }
00290         }
00291         closedir($dir_handle);
00292         rmdir($dirname);
00293         return true;
00294 }
00295 
00296 function getSuggestions($pattern) {
00297         $suggestionsQuery = "SELECT IF(user_email LIKE \"$pattern%\", 1, " .
00298                         "IF(`user_fullname` LIKE \"$pattern%\", 2, " .
00299                         "IF(`user_fullname` LIKE \"% $pattern%\", 3, " .
00300                         "IF(`user_email` LIKE \"%$pattern%\", 4, " .
00301                         "IF(`user_fullname` LIKE \"%$pattern%\", 5, 6" .
00302                         "))))) AS `relevance`,  `user_email`, `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE " .
00303                         "  `user_activated`=1 AND(`user_email` LIKE \"%$pattern%\" OR `user_fullname` LIKE \"%$pattern%\" ) ORDER BY `relevance`";
00304 //                      echo $suggestionsQuery;
00305         $suggestionsResult = mysql_query($suggestionsQuery);
00306 
00307         $suggestions = array($pattern);
00308 
00309         while($suggestionsRow = mysql_fetch_row($suggestionsResult)) {
00310                 $suggestions[] = $suggestionsRow[1] . ' - ' . $suggestionsRow[2];
00311         }
00312 
00313         return join($suggestions, ',');
00314 }
00315 
00316 function admin($pageid, $userid) {
00317         
00318         if(isset($_GET['doaction']) && $_GET['doaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
00319                 if(strlen($_GET['forwhat']) >= 3) {
00320                         echo getSuggestions($_GET['forwhat']);
00321                         disconnect();
00322                         exit();
00323                 }
00324         }
00325         global $urlRequestRoot,$templateFolder,$cmsFolder,$ICONS;
00326     if(isset($_GET['indexsite'])) {
00327                 global $sourceFolder;
00328                 require("$sourceFolder/modules/search/admin/spider.php");
00329                 if($_GET['indexsite'] == 1) {
00330                         $serveruri=$_SERVER['SCRIPT_NAME'];
00331                         $uri=substr($serveruri,0,stripos($serveruri,"index.php"));
00332                         $site = "http://" . $_SERVER['HTTP_HOST'] . $uri . "home/";
00333                         index_site($site, 0, -1, 'full', "", "+\n&", 0);
00334                         displayinfo("Index for site created");
00335                 } else {
00336                         index_all();
00337                 }
00338         }
00339         
00340         $result = mysql_fetch_array(mysql_query("SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'reindex_frequency'"));
00341         if($result != NULL)
00342                 $threshold = $result['value'];
00343         else
00344                 $threshold = 30;
00345         $result = mysql_fetch_array(mysql_query("SELECT to_days(CURRENT_TIMESTAMP)-to_days(`indexdate`) AS 'diff' FROM `sites` WHERE `url` LIKE '%home%'"));
00346         
00347         if($result == NULL)
00348                 displayinfo("It seems the site doesn't have index for the search to work. Click <a href='./+admin&indexsite=1'>here</a> to index the site.");
00349         else if($result['diff'] > $threshold)
00350                 displayinfo("Your site index was created {$result['diff']} days before. Click <a href='./+admin&indexsite=2'>here</a> to reindex your site.");
00351         
00352         $quicklinks = <<<ADMINPAGE
00353         <fieldset>
00354         <legend>{$ICONS['Website Administration']['small']}Website Administration</legend>
00355         <a name='quicklinks'></a>
00356         <table class="iconspanel">
00357         <tr>
00358         <td><a href="./+admin&subaction=global"><div>{$ICONS['Global Settings']['large']}<br/>Global Settings</div></a></td>    
00359         <td><a href="./+admin&subaction=template"><div>{$ICONS['Templates Management']['large']}<br/>Templates Management</div></a></td>
00360         <td><a href="./+admin&subaction=module"><div>{$ICONS['Modules Management']['large']}<br/>Module Management</div></a></td>
00361         <td><a href="./+admin&subaction=widgets"><div>{$ICONS['Widgets']['large']}<br/>Widgets Management</div></a></td>
00362         </tr>
00363         <tr>
00364         <td><a href="./+admin&subaction=icon"><div>{$ICONS['Icons']['large']}<br/>Icons Management</div></a></td>
00365         <td><a href="./+admin&subaction=email"><div>{$ICONS['Email Registrants']['large']}<br/>Email Registrants</div></a></td>
00366         <td><a href="./+admin&subaction=editgroups"><div>{$ICONS['User Groups']['large']}<br/>Group Management</div></a></td>
00367         <td><a href="./+admin&subaction=expert"><div>{$ICONS['Site Maintenance']['large']}<br/>Site Maintenance</div></a></td>
00368         </tr>
00369         <tr>
00370         
00371         <td colspan=2><a href="./+admin&subaction=useradmin"><div>{$ICONS['User Management']['large']}<br/>User Management</div></a></td>
00372         <td colspan=2><a href="./+admin&subaction=editprofileform"><div>{$ICONS['User Profile']['large']}<br/>User Profiles</div></a></td>
00373         </tr>
00374 
00375         </table>
00376         </fieldset>
00377 ADMINPAGE;
00378         if(isset($_GET['subaction'])) {
00379                 require_once("email.lib.php");
00380                 if($_GET['subaction'] == "email")
00381                         return  displayEmail().$quicklinks;
00382                 else if($_GET['subaction'] == "openemail")
00383                         return displayEmail(escape($_GET['name'])).$quicklinks;
00384                 else if($_GET['subaction'] == "emailsend") {
00385                         sendEmail();
00386                         return  displayEmail(escape($_POST['emailtemplates'])).$quicklinks;
00387                 }
00388                 else if($_GET['subaction'] == "emailsave") {
00389                         saveEmail();
00390                         return  displayEmail(escape($_POST['emailtemplates'])).$quicklinks ;
00391                 }
00392         }
00393         if(isset($_GET['subaction']) && ($_GET['subaction']=='module'||$_GET['subaction']=='template')) {
00394                 $type = escape($_GET['subaction']);
00395                 if($type=='module')
00396                         displaywarning("Module Installation/Uninstallation has the potential to completely bring down the CMS, so Install only modules from trusted source");
00397                 require_once("module.lib.php");
00398                 require_once("template.lib.php");
00399                 $type = ucfirst($type);
00400                 $function = "handle{$type}Management";
00401                 $op = $function();
00402                 if($op != "") return $op.$quicklinks;
00403                 return managementForm($type).$quicklinks;
00404         }
00405         global $sourceFolder;   
00406         if(!isset($_GET['subaction']) && !isset($_GET['subsubaction'])) return $quicklinks;
00407         require_once("users.lib.php");
00408         $op="";$ophead=""; $str="";
00409         
00410         
00411         
00412         
00413         if (isset($_GET['subaction'])||isset($_GET['subsubaction'])||isset ($_GET['id'])||isset ($_GET['movePermId'])||isset ($_GET['module'])) {
00414         
00415                 if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_POST['update_global_settings'])) 
00416                         updateGlobalSettings();
00417                 
00418                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'useradmin')
00419                 { 
00420                         $op .= handleUserMgmt();
00421                         $ophead="{$ICONS['User Management']['small']}User Management";
00422                 }
00423                 else if (isset($_GET['subaction']) &&  $_GET['subaction'] == 'widgets') 
00424                 { 
00425                         $op .= handleWidgetAdmin($pageid); 
00426                         $ophead="{$ICONS['Widgets']['small']}Widgets Management"; 
00427                 }
00428                 else if(isset($_GET['subaction']) && $_GET['subaction'] == 'icon')
00429                 {
00430                         require_once("iconmanagement.lib.php");
00431                         $res = handleIconManagement();
00432                         if(isset($_GET['iconURL']))
00433                                 return $res;
00434                         
00435                         $op .= $res;
00436                         $ophead = "{$ICONS['Icons']['small']}Icons Management";
00437                 }
00438                 else if (isset($_GET['subaction']) &&  $_GET['subaction'] == 'editgroups') {
00439                         require_once("permission.lib.php");
00440                         $pagepath = array();
00441                         parseUrlDereferenced($pageid, $pagepath);
00442                         $virtue = '';
00443                         $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, array_reverse(getGroupIds($userid)), $virtue);
00444                         $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00445                         $op .= groupManagementForm($userid, $modifiableGroups, $pagepath);
00446                         $ophead="{$ICONS['Group Management']['small']}Group Management";
00447                 }
00448                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadtemplates')
00449                 { 
00450                         $op .= reloadTemplates(); 
00451                         $ophead="{$ICONS['Templates Management']['small']}Reloading Templates"; 
00452                 }
00453                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadmodules')
00454                 { 
00455                         $op .= reloadModules(); 
00456                         $ophead="{$ICONS['Modules Management']['small']}Reloading Modules"; 
00457                 }
00458                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'checkPerm')
00459                 { 
00460                         $op .= admin_checkFunctionPerms(); 
00461                         $ophead="{$ICONS['Access Permissions']['small']}Checking Permissions Consistency"; 
00462                 }
00463                 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminUser')
00464                 { 
00465                         $op .= admin_checkAdminUser(); 
00466                         $ophead="Checking Administrator User"; 
00467                 }
00468                 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminPerms')
00469                 {
00470                  $op .= admin_checkAdminPerms(); 
00471                  $ophead="Checking Administrator Permissions"; 
00472                 }
00473                 elseif (isset($_GET['subaction']) && ($_GET['subaction'] == 'changePermRank'))
00474                 { 
00475                         $op .= admin_changePermRank(); 
00476                         $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank"; 
00477                 }
00478                 elseif ((isset($_GET['subaction']) && ($_GET['subaction'] == 'editprofileform')) ||
00479                         (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editprofileform'))
00480                 { 
00481                         $op .= admin_editProfileForm(); 
00482                         $ophead="{$ICONS['User Profile']['small']}Edit User Profile Form"; 
00483                 }
00484                 elseif (isset ($_GET['id'])) 
00485                         $op .= admin_userAdmin();
00486                 elseif (isset ($_GET['movePermId']))
00487                 { 
00488                         $op .= admin_changePermRank(); 
00489                         $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank"; 
00490                 }
00491                 elseif (isset ($_GET['module']))
00492                 { 
00493                         $op .= admin_changePermRank(escape($_GET['module'])); 
00494                         $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank for module '".escape($_GET['module'])."'"; 
00495                 }
00496         }
00497         if($op!="")
00498         {
00499                 $op ="<fieldset><legend>$ophead</legend>$op</fieldset>";
00500         }
00501 
00502         if(isset($_GET['subaction']) && $_GET['subaction']=='global')
00503          $str .= globalSettingsForm();
00504         else if(isset($_GET['subaction']) && $_GET['subaction']=='editgroups') {
00505                 //do nothing so that "expert only" doesn't comes up
00506         }
00507         else if(isset($_GET['subaction']) && $_GET['subaction']=='useradmin')
00508         {
00509                 
00510                 $op .= userManagementForm();
00511         }
00512         else if(isset($_GET['subaction']) && $_GET['subaction']=='expert')
00513         {
00514                 $str .= "<fieldset><legend>{$ICONS['Site Maintenance']['small']}Experts Only</legend>";
00515                 $str .= '<a href="./+admin&subaction=checkPerm">Check Permission List</a><br />';
00516                 $str .= '<a href="./+admin&subaction=checkAdminUser">Check Admin User</a><br />';
00517                 $str .= '<a href="./+admin&subaction=checkAdminPerms">Check Admin Perms</a><br />';
00518                 $str .= '<a href="./+admin&subaction=changePermRank">Change Perm Ranks</a><br />';
00519                 $str .= '<a href="./+admin&subaction=reloadtemplates">Reload Templates</a><br />';
00520                 $str .= '<a href="./+admin&subaction=reloadmodules">Reload Modules</a><br />';
00521                 $str .= '<a href="./+admin&indexsite=2">Reindex Site for Searching</a></br/></fieldset>';
00522                 
00523                 
00524         }
00525         
00526         return $str.$op.$quicklinks;
00527 
00528 }
00529 
00530 function managementForm($type) {
00531         $function = "getAvailable{$type}s";
00532         $modules = $function();
00533         $modulesList = "<select name='{$type}'>";
00534         foreach($modules as $module)
00535                 $modulesList .= "<option value='" . $module . "'>" . $module . "</option>";
00536         $modulesList .= "</select>";
00537         global $ICONS;
00538         $smallIcon = $ICONS[$type.'s Management']['small'];
00539         $subaction = ($type=="Module")?'module':($type=="Template"?'template':"");
00540         $form=<<<FORM
00541         <script type="text/javascript">
00542         function delconfirm(obj) {
00543                 return confirm("Are you sure want to delete '" + document.getElementById('modules').value + "' {$type}?");
00544         }
00545         </script>
00546         <fieldset>
00547         <legend>{$smallIcon}{$type} Management</legend>
00548         <form name='module' method='POST' action="./+admin&subaction={$subaction}&subsubaction=install" enctype="multipart/form-data">
00549         Add new {$type}: <input type='file' name='file' id='file' /><input type='submit' name='btn_install' value='Upload' />
00550         </form>
00551         <br/><br/>
00552         <form method='POST' action="./+admin&subaction={$subaction}&subsubaction=uninstall" enctype="multipart/form-data">
00553         Delete Existing {$type}: {$modulesList}<input type='submit' name='btn_uninstall' value='Uninstall' onclick='return delconfirm(this);' />
00554         </form>
00555         </fieldset>
00556 FORM;
00557         return $form;
00558 }
00559 
00560 function updateGlobalSettings()
00561 {
00562        
00563         $global=array();
00564         $global['allow_pagespecific_header']=isset($_POST['allow_page_header'])?1:0;
00565         $global['allow_pagespecific_template']=isset($_POST['allow_page_template'])?1:0;
00566         $global['default_user_activate']=isset($_POST['activate_useronreg'])?1:0;
00567         $global['default_mail_verify']=isset($_POST['send_mail_on_reg'])?1:0;
00568         $global['breadcrumb_submenu']=isset($_POST['breadcrumb_submenu'])?1:0;
00569 
00570         $global['allow_login']=isset($_POST['allow_login'])?1:0;
00571         $global['cms_title']=escape($_POST['cms_title']);
00572         $global['default_template']=escape($_POST['default_template']);
00573         $global['cms_email']=escape($_POST['cms_email']);
00574         $global['upload_limit']=escape($_POST['upload_limit']);
00575         $global['reindex_frequency']=escape($_POST['reindex_frequency']);
00576         $global['cms_desc']=escape($_POST['cms_desc']);
00577         $global['cms_keywords']=escape($_POST['cms_keywords']);
00578         $global['cms_footer']=escape($_POST['cms_footer']);
00579         $global['censor_words']=safe_html($_POST['censor_words']);
00580         if(isset($_POST['openid_enabled']) && escape($_POST['openid_enabled']=='true')) //if user submitted true
00581           { 
00582             if (iscurlinstalled()) //check if curl is enabled
00583               $global['openid_enabled']='true'; // enable openid
00584             else
00585               {
00586                 global $curl_message;
00587                 displaywarning($curl_message); //dispaly warnning that curl is not enabled
00588                 $global['openid_enabled']='false'; //disable openid
00589               }
00590           }
00591         else  //if user submitted false
00592           $global['openid_enabled']='false'; //disable openid
00593         if(isset($_POST['recaptcha_enable'])) //if user submitted true
00594           { 
00595             if (($_POST['public_key']!=NULL)&&($_POST['private_key']!=NULL))
00596                 {           
00597                   $global['recaptcha']='1'; // enable recaptcha
00598                   $global['recaptcha_public']=escape($_POST['public_key']);
00599                   $global['recaptcha_private']=escape($_POST['private_key']);
00600             
00601                 }
00602         else
00603               {
00604                 displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled"); //dispaly warning
00605                 $global['recaptcha']='0'; //disable recaptcha
00606               }
00607           }
00608         else
00609             $global['recaptcha']='0';
00610         setGlobalSettings($global);
00611 
00612         displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
00613         
00614 }
00615 
00616 function admin_checkFunctionPerms() {
00617         global $sourceFolder;
00618         $returnStr="";
00619         //1) Check all available classes (modules)
00620         if ($handle = opendir($sourceFolder . '/modules')) {
00621                 while (false !== ($file = readdir($handle))) {
00622                         $list[] = $file;
00623                 }
00624                 closedir($handle);
00625         }
00626         foreach ($list as $temp) {
00627                 if (strpos($temp, '.lib.php')==strlen($temp)-8) {
00628                         $moduleArray[] = str_replace('.lib.php', '', $temp);
00629                 }
00630         }
00631         $moduleList = "";
00632         foreach ($moduleArray as $module) {
00633                 $moduleList .= $module . ", ";
00634         }
00635         $moduleList .= "";      
00636 
00637         $returnStr.="<br/>The following modules/classes exist in the file system:<br>$moduleList";
00638         $moduleList = "";
00639 
00640         //      2) See, if all their functions actionView(), actionEdit(), actionX exist
00641         //in the perms table or not (and create also). If
00642         //not, give option to create that permission.
00643 
00644         global $sourceFolder;
00645         global $moduleFolder;
00646         foreach ($moduleArray as $module) {
00647                 $perm = array ();
00648                 reset($perm);
00649                 $i = 0;
00650                 if (($module != 'forum') && ($module != 'poll') && ($module != 'contest')/* && ($module != 'gallery')*/) {
00651 
00652         
00653                         require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00654 
00655                         $functionArray = get_class_methods($module);
00656         
00657                         if($functionArray==NULL)  //means something's wrong, probably the class is not defined properly
00658                         {
00659                                 $returnStr.="<br/><b>Please check the Class definition of $module. It may have undefined functions. Please define the functions or declare the class as an abstract class</b>";
00660                                 continue;
00661                         }
00662                         foreach ($functionArray as $method) {
00663                                 if ((substr($method, 0, 6)) == 'action') {
00664                                         $permission = str_replace('action', "", $method);
00665                                         $permission = strtolower($permission);
00666                                         $perm[$i] = $permission;
00667                                         $i = $i +1;
00668                                 }
00669                         }
00670 
00671                         $permList = "";
00672                         foreach ($perm as $permElements) {
00673                                 $permList .= $permElements . ", ";
00674                         }
00675                         $returnStr.="<br/>The following methods/functions/actions exist in the filesystem class for $module:<br> $permList";
00676                         $perm[] = 'create';
00677                         $permExists = "";
00678                         $i = 0;
00679 
00680                         foreach ($perm as $permission) {
00681                                 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module' AND `perm_action`='$permission'";
00682                                 $result = mysql_query($query);
00683                                 if (mysql_num_rows($result) > 0) {
00684                                         if ($i == 1)
00685                                                 $permExists .= ", "; // Just to append ,(comma) after every perm but last
00686                                         $permExists .= $permission;
00687                                         $i = 1;
00688                                 } else {
00689                                         $returnStr.="<br/><b>$permission DOES NOT exist for $module but will be created</b><br>";
00690                                         $query = "SELECT MAX(perm_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00691                                         $result = mysql_query($query) or die(mysql_error());
00692                                         $row = mysql_fetch_assoc($result);
00693                                         $permid = $row['MAX'] + 1;
00694                                         $query = "SELECT MAX(perm_rank) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00695                                         $result = mysql_query($query) or die(mysql_error());
00696                                         $row = mysql_fetch_assoc($result);
00697                                         $permrank = $row['MAX'] + 1;
00698                                         $desc = $permission . " the " . $module;
00699                                         $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "permissionlist`(`perm_id` ,`page_module` ,`perm_action` ,`perm_text` ,`perm_rank` ,`perm_description`)VALUES ('$permid', '$module', '$permission', '$permission', '$permrank', '$desc') ";
00700                                         $result = mysql_query($query) or die(mysql_error());
00701                                         if (mysql_affected_rows())
00702                                                 displayinfo("$permission has been created for $module");
00703                                 }
00704                         }
00705 
00706                         $permExists .= ".";//Adding the last period.
00707                         $returnStr.="<br/>The following permissions exist in database for $module :<br>$permExists";
00708                          
00709                 }
00710 
00711         }
00712 
00713         //3) See if any extra option exists in the database, if it does, warn the user.
00714 
00715         foreach ($moduleArray as $module) {
00716                 if (($module != 'forum') && ($module != 'poll') && ($module!='contest')/* && ($module != 'gallery')*/) {
00717                         require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00718                         $class = new $module ();
00719                         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00720                         $result = mysql_query($query);
00721                         while ($tempres = mysql_fetch_assoc($result)) {
00722 
00723                                 $permName = ucfirst($tempres['perm_action']);
00724                                 $method = "action" . $permName;
00725 
00726                                 if (!(method_exists($class, $method)))
00727                                         $returnStr.="<br/>Permission $method, perm id = $tempres[perm_id] exists in database but not in class $module";
00728 
00729                         }
00730 
00731                 }
00732         }
00733         return $returnStr;
00734 }
00735 //4) See if any user with the name admin exists or not. If it does not,
00736 //create it and give it a random and display all required information,
00737 
00738 function admin_checkAdminUser() {
00739         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin'";
00740         $result = mysql_query($query);
00741         if (mysql_num_rows($result) > 0) {
00742                 displayinfo("User \"Admin\" exists in database.");
00743         } else {
00744                 $query = "SELECT MAX(user_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "users` ";
00745                 $result = mysql_query($query) or die(mysql_error() . "check.lib L:141");
00746                 $row = mysql_fetch_assoc($result);
00747                 $uid = $row['MAX'] + 1;
00748                 $passwd = rand();
00749                 $adminPasswd = md5($passwd);
00750                 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users`( `user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password`  ,`user_activated`)VALUES ( $uid , 'admin', 'admin@cms.org', 'Administrator', '$adminPasswd', '1')";
00751                 
00752                 $result = mysql_query($query) or die(mysql_error());
00753                 if (mysql_affected_rows() > 0) {
00754                         displayinfo("User Admin has been created with email admin@cms.org and password as $passwd");
00755                 } else
00756                         displayerror("Failed to create user Admin");
00757         }
00758 }
00759 
00760 function admin_checkAdminPerms()
00761 /*
00762  *
00763  * 5) See if the admin user has all perms at page 0 or not. If not, give him
00764  *    all perms and inform him
00765  */
00766  {
00767         $returnStr="";
00768         $str="";
00769         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin' ";
00770         $result = mysql_query($query);
00771         if (mysql_num_rows($result) > 0) {
00772                 $temp = mysql_fetch_array($result);
00773                 $user_Id = $temp['user_id'];
00774                 $query1 = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00775                 $result1 = mysql_query($query1);
00776                 while ($temp1 = mysql_fetch_assoc($result1)) {
00777                         foreach ($temp1 as $var => $val) {
00778                                 if ($var == 'perm_id') {
00779                                         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type`='user' AND `usergroup_id`=$user_Id AND `page_id`=0 AND `perm_id`=$val AND `perm_permission`='Y'";
00780                                         $result = mysql_query($query) or die(mysql_error());
00781                                         if (!mysql_num_rows($result)) {
00782                                                 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "userpageperm` (`perm_type`,`page_id`,`usergroup_id`,`perm_id`,`perm_permission`) VALUES ('user','0','$user_Id','$val','Y')";
00783                                                 $result2 = mysql_query($query);
00784                                                 if (mysql_affected_rows())
00785                                                         $returnStr.="\n<br>User Admin userId=$user_Id has been allotted permission $temp1[perm_action] of module $temp1[page_module] over page 0";
00786                                                 else
00787                                                         $returnStr.="\n<br>Failed to create permission $temp1[perm_action] of module $temp1[page_module] over page 0 for User Admin userId=$user_Id";
00788                                         } else {
00789                                                 $str .= "";
00790                                                 $str .= "\n<tr><td>" . $temp1['page_module'] . "</td><td>" . $temp1['perm_action'] . "</td></tr>";
00791                                         }
00792                                 }
00793                         }
00794                 }
00795                 if ($str != '')
00796                         $returnStr.="The following permissions exist for user admin: <table border=\"1\"><tr><th>Module</th><th>Permission</th></tr>" .$str. "</table>";
00797 
00798         } else {
00799                 $returnStr.=admin_checkAdminUser();
00800                 $returnStr.=admin_checkAdminPerms();
00801         }
00802         return $returnStr;
00803 }
00804 
00805 
00806 /*
00807  * 8) Ability to change perm ranks (like page move up and move )
00808  *
00809  * */
00810 
00811 function admin_changePermRank($module="") {
00812         require_once("tbman_executer.lib.php");
00813 
00814         //checking if this is the first time it is being called
00815         $pv = "";
00816         if(isset($_POST['querystring'])) {
00817                 $pv = $_POST;
00818         } else {
00819                 $pv = "SELECT * FROM `". MYSQL_DATABASE_PREFIX ."permissionlist`";
00820         }
00821         $table = new tbman_executer($pv);
00822         $table->formaction="./+admin&subaction=changePermRank";
00823         return $table->execute();
00824         
00825 }
00826 
00827 
00828 function admin_editProfileForm() {
00829         include_once('profile.lib.php');
00830         return getProfileFormEditForm();
00831 }
00832 
00833 function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath) {
00834         require_once("group.lib.php");
00835         global $ICONS;
00836         global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder,$sourceFolder;
00837         $scriptsFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts";
00838         $imagesFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/images";
00839 
00841         $groupRow = $groupId = $userId = null;
00842         $subAction = ''; //isset($_GET['subaction']) ? $_GET['subaction'] : '';
00843         if ((isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname'])) || (isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])))
00844                 $subAction = 'showeditform';
00845         elseif(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform')
00846                 $subAction = 'associateform';
00847         elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail']))
00848                 $subAction = 'deleteuser';
00849         elseif (isset($_POST['btnAddUserToGroup']))
00850                 $subAction = 'addusertogroup';
00851         elseif (isset($_POST['btnSaveGroupProperties']))
00852                 $subAction = 'savegroupproperties';
00853         elseif (isset($_POST['btnEditGroupPriorities']) || (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities'))
00854                 $subAction = 'editgrouppriorities';
00855 
00856         if(isset($_POST['selEditGroups']) || isset($_GET['groupname'])) {
00857                 $groupRow = getGroupRow( isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname']) );
00858                 $groupId = $groupRow['group_id'];
00859                 if($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) {
00860                         displayerror('Error! Invalid group requested.');
00861                         return ;
00862                 }
00863 
00864                 if(!is_null($groupId)) {
00865                         if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
00866                                 displayerror('You do not have the permission to modify the selected group.');
00867                                 return '';
00868                         }
00869                 }
00870         }
00871         if(isset($_GET['useremail'])) {
00872                 $userId = getUserIdFromEmail($_GET['useremail']);
00873         }
00874 
00875         if($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) {
00876                 if ($subAction == 'deleteuser') {
00877                         if($groupRow['form_id'] != 0) {
00878                                 displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.');
00879                         }
00880                         elseif (!$userId) {
00881                                 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00882                         }
00883                         else {
00884                                 $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = ' . $userId . ' AND `group_id` = ' . $groupId;
00885                                 $deleteResult = mysql_query($deleteQuery);
00886                                 if(!$deleteResult || mysql_affected_rows() != 1) {
00887                                         displayerror('Could not delete user with the given E-mail from the given group.');
00888                                 }
00889                                 else {
00890                                         displayinfo('Successfully removed user from the current group');
00891 
00892                                         if($userId == $currentUserId) {
00893                                                 $virtue = '';
00894                                                 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
00895                                                 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
00896                                         }
00897                                 }
00898                         }
00899                 }
00900                 elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) {
00901                         $updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '".escape($_POST['txtGroupDescription'])."' WHERE `group_id` = $groupId";
00902                         $updateResult = mysql_query($updateQuery);
00903                         if (!$updateResult) {
00904                                 displayerror('Could not update database.');
00905                         }
00906                         else {
00907                                 displayinfo('Changes to the group have been successfully saved.');
00908                         }
00909                         $groupRow = getGroupRow($groupRow['group_name']);
00910                 }
00911                 elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') {
00912                         if($groupRow['form_id'] != 0) {
00913                                 displayerror('The selected group is associated with a form. To add a user, register the user to the form.');
00914                         }
00915                         else {
00916                                 $passedEmails = explode(',', escape($_POST['txtUserEmail']));
00917 
00918                                 for($i = 0; $i < count($passedEmails); $i++) {
00919                                         $hyphenPos = strpos($passedEmails[$i], '-');
00920                                         if ($hyphenPos >= 0) {
00921                                                 $userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1));
00922                                         }
00923                                         else {
00924                                                 $userEmail = escape($_POST['txtUserEmail']);
00925                                         }
00926 
00927                                         $userId = getUserIdFromEmail($userEmail);
00928                                         if(!$userId || $userId < 1) {
00929                                                 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00930                                         }
00931 
00932                                         if(!addUserToGroupName($groupRow['group_name'], $userId)) {
00933                                                 displayerror('Could not add the given user to the current group.');
00934                                         }
00935                                         else {
00936                                                 displayinfo('User has been successfully inserted into the given group.');
00937                                         }
00938                                 }
00939                         }
00940                 }
00941                 elseif ($subAction == 'associateform') {
00942                         if(isset($_POST['btnAssociateGroup'])) {
00943                                 $pageIdArray = array();
00944                                 $formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray);
00945                                 if($formPageId <= 0 || getPageModule($formPageId) != 'form') {
00946                                         displayerror('Invalid page selected! The page you selected is not a form.');
00947                                 }
00948                                 elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form'))
00949                                         displayerror('You do not have the permissions to associate the selected form with a group.');
00950                                 else {
00951                                         $formModuleId = getModuleComponentIdFromPageId($formPageId, 'form');
00952                                         require_once("$sourceFolder/$moduleFolder/form.lib.php");
00953 
00954                                         if(isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) {
00955                                                 associateGroupWithForm($groupId, $formModuleId);
00956                                                 $groupRow = getGroupRow($groupRow['group_name']);
00957                                         }
00958                                         else
00959                                                 displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.');
00960                                 }
00961                         }
00962                         elseif(isset($_POST['btnUnassociateGroup'])) {
00963                                 if($groupRow['form_id'] <= 0) {
00964                                         displayerror('The selected group is currently not associated with any form.');
00965                                 }
00966                                 elseif(!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) {
00967                                         displayerror('You do not have the permissions to unassociate the form from this group.');
00968                                 }
00969                                 else {
00970                                         unassociateFormFromGroup($groupId);
00971                                         $virtue = '';
00972                                         $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
00973                                         $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
00974                                         $groupRow = getGroupRow($groupRow['group_name']);
00975                                 }
00976                         }
00977                 }
00978 
00979                 if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
00980                         displayerror('You do not have the permission to modify the selected group.');
00981                         return '';
00982                 }
00983 
00984                 $usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`';
00985                 $usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`';
00986                 $userQuery = "SELECT `user_email`, `user_fullname` FROM $usergroupTable, $usersTable WHERE `group_id` =  $groupId AND $usersTable.`user_id` = $usergroupTable.`user_id` ORDER BY `user_email`";
00987                 $userResult = mysql_query($userQuery);
00988                 if(!$userResult) {
00989                         displayerror('Error! Could not fetch group information.');
00990                         return '';
00991                 }
00992         
00993                 $userEmails = array();
00994                 $userFullnames = array();
00995                 while($userRow = mysql_fetch_row($userResult)) {
00996                         $userEmails[] = $userRow[0];
00997                         $userFullnames[] = $userRow[1];
00998                 }
00999                 
01000                 $groupEditForm = <<<GROUPEDITFORM
01001                         <h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br />
01002                         <fieldset style="padding: 8px">
01003                                 <legend>{$ICONS['User Groups']['small']}Group Properties</legend>
01004                                 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01005                                         Group Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" />
01006                                         <input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" />
01007                                 </form>
01008                         </fieldset>
01009 
01010                         <br />
01011                         <fieldset style="padding: 8px">
01012                                 <legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend>
01013 GROUPEDITFORM;
01014 
01015                 $userCount = mysql_num_rows($userResult);
01016                 global $urlRequestRoot, $cmsFolder, $templateFolder,$sourceFolder;
01017                 $deleteImage = "<img src=\"$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />";
01018 
01019                 for($i = 0; $i < $userCount; $i++) {
01020                         $isntAssociatedWithForm = ($groupRow['form_id'] == 0);
01021                         if($isntAssociatedWithForm)
01022                                 $groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>";
01023                         $groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n";
01024                 }
01025 
01026                 $associateForm = '';
01027                 if($groupRow['form_id'] == 0) {
01028                         $associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId));
01029                         $associableFormCount = count($associableForms);
01030                         $associableFormsBox = '<select name="selFormPath">';
01031                         for($i = 0; $i < $associableFormCount; ++$i) {
01032                                 $associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>';
01033                         }
01034                         $associableFormsBox .= '</select>';
01035                         $associateForm = <<<GROUPASSOCIATEFORM
01036 
01037                         Select a form to associate the group with: $associableFormsBox
01038                         <input type="submit" name="btnAssociateGroup" value="Associate Group with Form" />
01039 GROUPASSOCIATEFORM;
01040                 }
01041                 else {
01042                         $associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']);
01043                         $associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' .
01044                                         '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />';
01045                 }
01046 
01047                 $groupEditForm .= '</fieldset>';
01048                 if($groupRow['form_id'] == 0) {
01049                         $groupEditForm .= <<<GROUPEDITFORM
01050                                 <br />
01051                                 <fieldset style="padding: 8px">
01052                                         <legend>{$ICONS['Add']['small']}Add Users to Group</legend>
01053                                         <form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01054                                                 Email ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" />
01055                                                 <div id="suggestionDiv" class="suggestionbox"></div>
01056 
01057                                                 <script language="javascript" type="text/javascript" src="$scriptsFolder/ajaxsuggestionbox.js"></script>
01058                                                 <script language="javascript" type="text/javascript">
01059                                                 <!--
01060                                                         var addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%");
01061                                                         addUserBox.loadingImageUrl = '$imagesFolder/ajaxloading.gif';
01062                                                 -->
01063                                                 </script>
01064 
01065                                                 <input type="submit" name="btnAddUserToGroup" value="Add User to Group" />
01066                                         </form>
01067                                 </fieldset>
01068 GROUPEDITFORM;
01069                 }
01070                 $groupEditForm .= <<<GROUPEDITFORM
01071                         <br />
01072                         <fieldset style="padding: 8px">
01073                                 <legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend>
01074                                 <form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST">
01075                                         $associateForm
01076                                 </form>
01077                         </fieldset>
01078 GROUPEDITFORM;
01079 
01080                 return $groupEditForm;
01081         }
01082 
01083         if ($subAction == 'editgrouppriorities') {
01084                 $modifiableCount = count($modifiableGroups);
01085                 $userMaxPriority = $maxPriorityGroup = 1;
01086                 if($modifiableCount != 0) {
01087                         $userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']);
01088                         $maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id'];
01089                 }
01090 
01091                 if(isset($_GET['dowhat']) && !is_null($groupId)) {
01092                         if($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') {
01093                                 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true);
01094                         }
01095                         elseif($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') {
01096                                 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false);
01097                         }
01098                         elseif($_GET['dowhat'] == 'emptygroup') {
01099                                 emptyGroup($groupRow['group_name']);
01100                         }
01101                         elseif($_GET['dowhat'] == 'deletegroup') {
01102                                 if(deleteGroup($groupRow['group_name'])) {
01103                                         $virtue = '';
01104                                         $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01105                                         $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01106                                 }
01107                         }
01108 
01109                         $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01110                 }
01111                 elseif(isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') {
01112                         if(isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) {
01113                                 $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '".escape($_POST['txtGroupName'])."'";
01114                                 $existsResult = mysql_query($existsQuery);
01115                                 if(trim($_POST['txtGroupName']) == '') {
01116                                         displayerror('Cannot create a group with an empty name. Please type in a name for the new group.');
01117                                 }
01118                                 elseif(mysql_num_rows($existsResult) >= 1) {
01119                                         displayerror('A group with the name you specified already exists.');
01120                                 }
01121                                 else {
01122                                         $idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
01123                                         $idResult = mysql_query($idQuery);
01124                                         $idRow = mysql_fetch_row($idResult);
01125                                         $newGroupId = 2;
01126                                         if(!is_null($idRow[0])) {
01127                                                 $newGroupId = $idRow[0] + 1;
01128                                         }
01129 
01130                                         $newGroupPriority = 1;
01131                                         if($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) {
01132                                                 $newGroupPriority = escape($_POST['selGroupPriority']);
01133                                         }
01134 
01135                                         $addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' .
01136                                                         "VALUES($newGroupId, '".escape($_POST['txtGroupName'])."', '".escape($_POST['txtGroupDescription'])."', $newGroupPriority)";
01137                                         $addGroupResult = mysql_query($addGroupQuery);
01138                                         if($addGroupResult) {
01139                                                 displayinfo('New group added successfully.');
01140 
01141                                                 if(isset($_POST['chkAddMe'])) {
01142                                                         $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ($currentUserId, $newGroupId)";
01143                                                         if(!mysql_query($insertQuery)) {
01144                                                                 displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query());
01145                                                         }
01146                                                 }
01147                                                 $virtue = '';
01148                                                 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01149                                                 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01150                                         }
01151                                         else {
01152                                                 displayerror('Could not run MySQL query. New group could not be added.');
01153                                         }
01154                                 }
01155                         }
01156 
01157                         $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01158                 }
01159 
01160                 $modifiableCount = count($modifiableGroups);
01161                 if($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) {
01162                         $modifiableGroups = array_reverse($modifiableGroups);
01163                 }
01164                 $previousPriority = $modifiableGroups[0]['group_priority'];
01165                 global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder,$sourceFolder;
01166                 $iconsFolderUrl = "$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16";
01167                 $moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />';
01168                 $moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />';
01169                 $moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />';
01170                 $moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />';
01171                 $emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />';
01172                 $deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />';
01173 
01174                 $groupsForm = '<h3>Edit Group Priorities</h3><br />';
01175                 for($i = 0; $i < $modifiableCount; $i++) {
01176                         if($modifiableGroups[$i]['group_priority'] != $previousPriority) {
01177                                 $groupsForm .= '<br /><br /><hr /><br />';
01178                         }
01179                         $groupsForm .=
01180                                         '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' .
01181                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' .
01182                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' .
01183                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' .
01184                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' .
01185                                         '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' .
01186                                         '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' .
01187                                         '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n";
01188                         $previousPriority = $modifiableGroups[$i]['group_priority'];
01189                 }
01190 
01191                 $priorityBox = '<option value="1">1</option>';
01192                 for($i = 2; $i <= $userMaxPriority; ++$i) {
01193                         $priorityBox .= '<option value="' . $i . '">' . $i . '</option>';
01194                 }
01195                 $groupsForm .= <<<GROUPSFORM
01196                 <br /><br />
01197                 <fieldset style="padding: 8px">
01198                         <legend>Create New Group:</legend>
01199 
01200                         <form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup">
01201                                 <label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br />
01202                                 <label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br />
01203                                 <label>Group Priority: <select name="selGroupPriority">$priorityBox</select><br />
01204                                 <label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br />
01205                                 <input type="submit" name="btnAddNewGroup" value="Add Group" />
01206                         </form>
01207                 </fieldset>
01208 GROUPSFORM;
01209 
01210                 return $groupsForm;
01211         }
01212 
01213 
01214         $modifiableCount = count($modifiableGroups);
01215         $groupsBox = '<select name="selEditGroups">';
01216         for($i = 0; $i < $modifiableCount; ++$i) {
01217                 $groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n";
01218         }
01219         $groupsBox .= '</select>';
01220 
01221         $groupsForm = <<<GROUPSFORM
01222                 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups">
01223                         $groupsBox
01224                         <input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br />
01225                         <input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" />
01226                 </form>
01227 
01228 GROUPSFORM;
01229 
01230         return $groupsForm;
01231 }

Generated on Sun Jan 2 2011 04:55:31 for Pragyan CMS by  doxygen 1.7.1