2 /***********************************************************************
4 Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org)
6 This file is part of PunBB.
8 PunBB is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published
10 by the Free Software Foundation; either version 2 of the License,
11 or (at your option) any later version.
13 PunBB is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place, Suite 330, Boston,
23 ************************************************************************/
26 // Tell header.php to use the admin template
27 define('PUN_ADMIN_CONSOLE', 1);
29 define('PUN_ROOT', './');
30 require PUN_ROOT
.'include/common.php';
31 require PUN_ROOT
.'include/common_admin.php';
34 if ($pun_user['g_id'] > PUN_ADMIN
)
35 message($lang_common['No permission']);
38 // Add/edit a group (stage 1)
39 if (isset($_POST['add_group']) ||
isset($_GET['edit_group']))
41 if (isset($_POST['add_group']))
43 $base_group = intval($_POST['base_group']);
45 $result = $db->query('SELECT * FROM '.$db->prefix
.'groups WHERE g_id='.$base_group) or error('Unable to fetch user group info', __FILE__
, __LINE__
, $db->error());
46 $group = $db->fetch_assoc($result);
50 else // We are editing a group
52 $group_id = intval($_GET['edit_group']);
54 message($lang_common['Bad request']);
56 $result = $db->query('SELECT * FROM '.$db->prefix
.'groups WHERE g_id='.$group_id) or error('Unable to fetch user group info', __FILE__
, __LINE__
, $db->error());
57 if (!$db->num_rows($result))
58 message($lang_common['Bad request']);
60 $group = $db->fetch_assoc($result);
66 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / User groups';
67 $required_fields = array('req_title' => 'Group title');
68 $focus_element = array('groups2', 'req_title');
69 require PUN_ROOT
.'header.php';
71 generate_admin_menu('groups');
74 <div
class="blockform">
75 <h2
><span
>Group settings
</span
></h2
>
77 <form id
="groups2" method
="post" action
="admin_groups.php" onsubmit
="return process_form(this)">
78 <p
class="submittop"><input type
="submit" name
="add_edit_group" value
=" Save " /></p
>
80 <input type
="hidden" name
="mode" value
="<?php echo $mode ?>" />
81 <?php
if ($mode == 'edit'): ?
> <input type
="hidden" name
="group_id" value
="<?php echo $group_id ?>" />
82 <?php
endif; ?
><?php
if ($mode == 'add'): ?
> <input type
="hidden" name
="base_group" value
="<?php echo $base_group ?>" />
83 <?php
endif; ?
> <fieldset
>
84 <legend
>Setup group options
and permissions
</legend
>
85 <div
class="infldset">
86 <p
>Below options
and permissions are the
default permissions
for the user group
. These options apply
if no forum specific permissions are in effect
.</p
>
87 <table
class="aligntop" cellspacing
="0">
89 <th scope
="row">Group title
</th
>
91 <input type
="text" name
="req_title" size
="25" maxlength
="50" value
="<?php if ($mode == 'edit') echo pun_htmlspecialchars($group['g_title']); ?>" tabindex
="1" />
95 <th scope
="row">User title
</th
>
97 <input type
="text" name
="user_title" size
="25" maxlength
="50" value
="<?php echo pun_htmlspecialchars($group['g_user_title']) ?>" tabindex
="2" />
98 <span
>This title will override any rank users in this group have attained
. Leave blank to
use default title
or rank
.</span
>
101 <?php
if ($group['g_id'] != PUN_ADMIN
): ?
> <tr
>
102 <th scope
="row">Read board
</th
>
104 <input type
="radio" name
="read_board" value
="1"<?php
if ($group['g_read_board'] == '1') echo ' checked="checked"' ?
> tabindex
="3" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="read_board" value
="0"<?php
if ($group['g_read_board'] == '0') echo ' checked="checked"' ?
> tabindex
="4" /> 
;<strong
>No
</strong
>
105 <span
>Allow users in this group to view the board
. This setting applies to every aspect of the board
and can therefore not be overridden by forum specific settings
. If this is set to
"No", users in this group will only be able to login
/logout
and register
.</span
>
109 <th scope
="row">Post replies
</th
>
111 <input type
="radio" name
="post_replies" value
="1"<?php
if ($group['g_post_replies'] == '1') echo ' checked="checked"' ?
> tabindex
="5" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="post_replies" value
="0"<?php
if ($group['g_post_replies'] == '0') echo ' checked="checked"' ?
> tabindex
="6" /> 
;<strong
>No
</strong
>
112 <span
>Allow users in this group to post replies in topics
.</span
>
116 <th scope
="row">Post topics
</th
>
118 <input type
="radio" name
="post_topics" value
="1"<?php
if ($group['g_post_topics'] == '1') echo ' checked="checked"' ?
> tabindex
="7" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="post_topics" value
="0"<?php
if ($group['g_post_topics'] == '0') echo ' checked="checked"' ?
> tabindex
="8" /> 
;<strong
>No
</strong
>
119 <span
>Allow users in this group to post
new topics
.</span
>
122 <?php
if ($group['g_id'] != PUN_GUEST
): ?
> <tr
>
123 <th scope
="row">Edit posts
</th
>
125 <input type
="radio" name
="edit_posts" value
="1"<?php
if ($group['g_edit_posts'] == '1') echo ' checked="checked"' ?
> tabindex
="11" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="edit_posts" value
="0"<?php
if ($group['g_edit_posts'] == '0') echo ' checked="checked"' ?
> tabindex
="12" /> 
;<strong
>No
</strong
>
126 <span
>Allow users in this group to edit their own posts
.</span
>
130 <th scope
="row">Delete posts
</th
>
132 <input type
="radio" name
="delete_posts" value
="1"<?php
if ($group['g_delete_posts'] == '1') echo ' checked="checked"' ?
> tabindex
="13" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="delete_posts" value
="0"<?php
if ($group['g_delete_posts'] == '0') echo ' checked="checked"' ?
> tabindex
="14" /> 
;<strong
>No
</strong
>
133 <span
>Allow users in this group to delete their own posts
.</span
>
137 <th scope
="row">Delete topics
</th
>
139 <input type
="radio" name
="delete_topics" value
="1"<?php
if ($group['g_delete_topics'] == '1') echo ' checked="checked"' ?
> tabindex
="15" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="delete_topics" value
="0"<?php
if ($group['g_delete_topics'] == '0') echo ' checked="checked"' ?
> tabindex
="16" /> 
;<strong
>No
</strong
>
140 <span
>Allow users in this group to delete their own
topics (including any replies
).</span
>
144 <th scope
="row">Set user title
</th
>
146 <input type
="radio" name
="set_title" value
="1"<?php
if ($group['g_set_title'] == '1') echo ' checked="checked"' ?
> tabindex
="17" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="set_title" value
="0"<?php
if ($group['g_set_title'] == '0') echo ' checked="checked"' ?
> tabindex
="18" /> 
;<strong
>No
</strong
>
147 <span
>Allow users in this group to set their own user title
.</span
>
151 <th scope
="row">Use search
</th
>
153 <input type
="radio" name
="search" value
="1"<?php
if ($group['g_search'] == '1') echo ' checked="checked"' ?
> tabindex
="19" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="search" value
="0"<?php
if ($group['g_search'] == '0') echo ' checked="checked"' ?
> tabindex
="20" /> 
;<strong
>No
</strong
>
154 <span
>Allow users in this group to
use the search feature
.</span
>
158 <th scope
="row">Search user
list</th
>
160 <input type
="radio" name
="search_users" value
="1"<?php
if ($group['g_search_users'] == '1') echo ' checked="checked"' ?
> tabindex
="21" /> 
;<strong
>Yes
</strong
> 
; 
; 
;<input type
="radio" name
="search_users" value
="0"<?php
if ($group['g_search_users'] == '0') echo ' checked="checked"' ?
> tabindex
="22" /> 
;<strong
>No
</strong
>
161 <span
>Allow users in this group to freetext search
for users in the user
list.</span
>
164 <?php
if ($group['g_id'] != PUN_GUEST
): ?
> <tr
>
165 <th scope
="row">Edit subjects interval
</th
>
167 <input type
="text" name
="edit_subjects_interval" size
="5" maxlength
="5" value
="<?php echo $group['g_edit_subjects_interval'] ?>" tabindex
="23" />
168 <span
>Number of seconds after post time that users in this group may edit the subject of topics they
've posted. Set to 0 to allow edits indefinitely.</span>
172 <th scope="row">Post flood interval</th>
174 <input type="text" name="post_flood" size="5" maxlength="4" value="<?php echo $group['g_post_flood
'] ?>" tabindex="24" />
175 <span>Number of seconds that users in this group have to wait between posts. Set to 0 to disable.</span>
179 <th scope="row">Search flood interval</th>
181 <input type="text" name="search_flood" size="5" maxlength="4" value="<?php echo $group['g_search_flood
'] ?>" tabindex="25" />
182 <span>Number of seconds that users in this group have to wait between searches. Set to 0 to disable.</span>
185 <?php endif; ?><?php endif; ?> </table>
186 <?php if ($group['g_id
'] == PUN_MOD ): ?> <p class="warntext">Please note that in order for a user in this group to have moderator abilities, he/she must be assigned to moderate one or more forums. This is done via the user administration page of the user's profile
.</p
>
187 <?php
endif; ?
> </div
>
190 <p
class="submitend"><input type
="submit" name
="add_edit_group" value
=" Save " tabindex
="26" /></p
>
194 <div
class="clearer"></div
>
198 require PUN_ROOT
.'footer.php';
202 // Add/edit a group (stage 2)
203 else if (isset($_POST['add_edit_group']))
205 confirm_referrer('admin_groups.php');
207 // Is this the admin group? (special rules apply)
208 $is_admin_group = (isset($_POST['group_id']) && $_POST['group_id'] == PUN_ADMIN
) ?
true : false;
210 $title = trim($_POST['req_title']);
211 $user_title = trim($_POST['user_title']);
212 $read_board = isset($_POST['read_board']) ?
intval($_POST['read_board']) : '1';
213 $post_replies = isset($_POST['post_replies']) ?
intval($_POST['post_replies']) : '1';
214 $post_topics = isset($_POST['post_topics']) ?
intval($_POST['post_topics']) : '1';
215 $edit_posts = isset($_POST['edit_posts']) ?
intval($_POST['edit_posts']) : ($is_admin_group) ?
'1' : '0';
216 $delete_posts = isset($_POST['delete_posts']) ?
intval($_POST['delete_posts']) : ($is_admin_group) ?
'1' : '0';
217 $delete_topics = isset($_POST['delete_topics']) ?
intval($_POST['delete_topics']) : ($is_admin_group) ?
'1' : '0';
218 $set_title = isset($_POST['set_title']) ?
intval($_POST['set_title']) : ($is_admin_group) ?
'1' : '0';
219 $search = isset($_POST['search']) ?
intval($_POST['search']) : '1';
220 $search_users = isset($_POST['search_users']) ?
intval($_POST['search_users']) : '1';
221 $edit_subjects_interval = isset($_POST['edit_subjects_interval']) ?
intval($_POST['edit_subjects_interval']) : '0';
222 $post_flood = isset($_POST['post_flood']) ?
intval($_POST['post_flood']) : '0';
223 $search_flood = isset($_POST['search_flood']) ?
intval($_POST['search_flood']) : '0';
226 message('You must enter a group title.');
228 $user_title = ($user_title != '') ?
'\''.$db->escape($user_title).'\'' : 'NULL';
230 if ($_POST['mode'] == 'add')
232 $result = $db->query('SELECT 1 FROM '.$db->prefix
.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__
, __LINE__
, $db->error());
233 if ($db->num_rows($result))
234 message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
236 $db->query('INSERT INTO '.$db->prefix
.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__
, __LINE__
, $db->error());
237 $new_group_id = $db->insert_id();
239 // Now lets copy the forum specific permissions from the group which this group is based on
240 $result = $db->query('SELECT forum_id, read_forum, post_replies, post_topics FROM '.$db->prefix
.'forum_perms WHERE group_id='.intval($_POST['base_group'])) or error('Unable to fetch group forum permission list', __FILE__
, __LINE__
, $db->error());
241 while ($cur_forum_perm = $db->fetch_assoc($result))
242 $db->query('INSERT INTO '.$db->prefix
.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__
, __LINE__
, $db->error());
246 $result = $db->query('SELECT 1 FROM '.$db->prefix
.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__
, __LINE__
, $db->error());
247 if ($db->num_rows($result))
248 message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
250 $db->query('UPDATE '.$db->prefix
.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__
, __LINE__
, $db->error());
253 // Regenerate the quickjump cache
254 require_once PUN_ROOT
.'include/cache.php';
255 generate_quickjump_cache();
257 redirect('admin_groups.php', 'Group '.(($_POST['mode'] == 'edit') ?
'edited' : 'added').'. Redirecting …');
262 else if (isset($_POST['set_default_group']))
264 confirm_referrer('admin_groups.php');
266 $group_id = intval($_POST['default_group']);
268 message($lang_common['Bad request']);
270 $db->query('UPDATE '.$db->prefix
.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__
, __LINE__
, $db->error());
272 // Regenerate the config cache
273 require_once PUN_ROOT
.'include/cache.php';
274 generate_config_cache();
276 redirect('admin_groups.php', 'Default group set. Redirecting …');
281 else if (isset($_GET['del_group']))
283 confirm_referrer('admin_groups.php');
285 $group_id = intval($_GET['del_group']);
287 message($lang_common['Bad request']);
289 // Make sure we don't remove the default group
290 if ($group_id == $pun_config['o_default_user_group'])
291 message('The default group cannot be removed. In order to delete this group, you must first setup a different group as the default.');
294 // Check if this group has any members
295 $result = $db->query('SELECT g.g_title, COUNT(u.id) FROM '.$db->prefix
.'groups AS g INNER JOIN '.$db->prefix
.'users AS u ON g.g_id=u.group_id WHERE g.g_id='.$group_id.' GROUP BY g.g_id, g_title') or error('Unable to fetch group info', __FILE__
, __LINE__
, $db->error());
297 // If the group doesn't have any members or if we've already selected a group to move the members to
298 if (!$db->num_rows($result) ||
isset($_POST['del_group']))
300 if (isset($_POST['del_group']))
302 $move_to_group = intval($_POST['move_to_group']);
303 $db->query('UPDATE '.$db->prefix
.'users SET group_id='.$move_to_group.' WHERE group_id='.$group_id) or error('Unable to move users into group', __FILE__
, __LINE__
, $db->error());
306 // Delete the group and any forum specific permissions
307 $db->query('DELETE FROM '.$db->prefix
.'groups WHERE g_id='.$group_id) or error('Unable to delete group', __FILE__
, __LINE__
, $db->error());
308 $db->query('DELETE FROM '.$db->prefix
.'forum_perms WHERE group_id='.$group_id) or error('Unable to delete group forum permissions', __FILE__
, __LINE__
, $db->error());
310 // Regenerate the quickjump cache
311 require_once PUN_ROOT
.'include/cache.php';
312 generate_quickjump_cache();
314 redirect('admin_groups.php', 'Group removed. Redirecting …');
318 list($group_title, $group_members) = $db->fetch_row($result);
320 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / User groups';
321 require PUN_ROOT
.'header.php';
323 generate_admin_menu('groups');
326 <div
class="blockform">
327 <h2
><span
>Remove group
</span
></h2
>
329 <form id
="groups" method
="post" action
="admin_groups.php?del_group=<?php echo $group_id ?>">
332 <legend
>Move users currently in group
</legend
>
333 <div
class="infldset">
334 <p
>The group
"<?php echo pun_htmlspecialchars($group_title) ?>" currently has
<?php
echo $group_members ?
> members
. Please select a group to which these members will be assigned upon removal
.</p
>
336 <select name
="move_to_group">
339 $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix
.'groups WHERE g_id!='.PUN_GUEST
.' AND g_id!='.$group_id.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__
, __LINE__
, $db->error());
341 while ($cur_group = $db->fetch_assoc($result))
343 if ($cur_group['g_id'] == PUN_MEMBER
) // Pre-select the pre-defined Members group
344 echo "\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
346 echo "\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
355 <p
><input type
="submit" name
="del_group" value
="Delete group" /></p
>
359 <div
class="clearer"></div
>
363 require PUN_ROOT
.'footer.php';
367 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / User groups';
368 require PUN_ROOT
.'header.php';
370 generate_admin_menu('groups');
373 <div
class="blockform">
374 <h2
><span
>Add
/setup groups
</span
></h2
>
376 <form id
="groups" method
="post" action
="admin_groups.php?action=foo">
379 <legend
>Add
new group
</legend
>
380 <div
class="infldset">
381 <table
class="aligntop" cellspacing
="0">
383 <th scope
="row">Base
new group on
<div
><input type
="submit" name
="add_group" value
=" Add " tabindex
="2" /></div
></th
>
385 <select id
="base_group" name
="base_group" tabindex
="1">
388 $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix
.'groups WHERE g_id>'.PUN_GUEST
.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__
, __LINE__
, $db->error());
390 while ($cur_group = $db->fetch_assoc($result))
392 if ($cur_group['g_id'] == $pun_config['o_default_user_group'])
393 echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
395 echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
400 <span
>Select a user group from which the
new group will inherit it
's permission settings. The next page will let you fine-tune said settings.</span>
409 <legend>Set default group</legend>
410 <div class="infldset">
411 <table class="aligntop" cellspacing="0">
413 <th scope="row">Default group<div><input type="submit" name="set_default_group" value=" Save " tabindex="4" /></div></th>
415 <select id="default_group" name="default_group" tabindex="3">
418 $result = $db->query('SELECT g_id
, g_title FROM
'.$db->prefix.'groups WHERE g_id
>'.PUN_GUEST.' ORDER BY g_title
') or error('Unable to fetch user group
list', __FILE__, __LINE__, $db->error());
420 while ($cur_group = $db->fetch_assoc($result))
422 if ($cur_group['g_id
'] == $pun_config['o_default_user_group
'])
423 echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value
="'.$cur_group['g_id'].'" selected
="selected">'.pun_htmlspecialchars($cur_group['g_title
']).'</option
>'."\n";
425 echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value
="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title
']).'</option
>'."\n";
430 <span>This is the default user group, e.g. the group users are placed in when they register. For security reasons, users can't be placed in either the moderator
or administrator user groups by
default.</span
>
440 <h2
class="block2"><span
>Existing groups
</span
></h2
>
442 <div
class="fakeform">
445 <legend
>Edit
/remove groups
</legend
>
446 <div
class="infldset">
447 <p
>The pre
-defined groups Guests
, Administrators
, Moderators
and Members cannot be removed
. They can however be edited
. Please note though
, that in some groups
, some options are
unavailable (e
.g
. the
<em
>edit posts
</em
> permission
for guests
). Administrators always have full permissions
.</p
>
448 <table cellspacing
="0">
451 $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix
.'groups ORDER BY g_id') or error('Unable to fetch user group list', __FILE__
, __LINE__
, $db->error());
453 while ($cur_group = $db->fetch_assoc($result))
454 echo "\t\t\t\t\t\t\t\t".'<tr><th scope="row"><a href="admin_groups.php?edit_group='.$cur_group['g_id'].'">Edit</a>'.(($cur_group['g_id'] > PUN_MEMBER
) ?
' - <a href="admin_groups.php?del_group='.$cur_group['g_id'].'">Remove</a>' : '').'</th><td>'.pun_htmlspecialchars($cur_group['g_title']).'</td></tr>'."\n";
464 <div
class="clearer"></div
>
468 require PUN_ROOT
.'footer.php';