00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060 function globalSettingsForm()
00061 {
00062 global $ICONS;
00063 $globalform=<<<globalform
00064 <style>
00065 #tabBar {
00066 display: none;
00067 }
00068 </style>
00069 <script type="text/javascript">
00070 total = 4;
00071 function showOption(num) {
00072 for(i=1;i<=total;i++)
00073 document.getElementById('globaloption'+i).style.display="none";
00074 document.getElementById('globaloption'+num).style.display="block";
00075 }
00076 window.onload=function() {
00077 for(i=1;i<=total;i++)
00078 document.getElementById('globaloption'+i).style.display="none";
00079 showOption(1);
00080 document.getElementById('tabBar').style.display="block";
00081 }
00082 </script>
00083 <fieldset>
00084 <legend>{$ICONS['Global Settings']['small']}Global Settings</legend>
00085 <div id="tabBar">
00086 <table style="width:100%">
00087 <tr>
00088 <td id="subaction" style="width:35%"><a onclick="showOption(1);"><Button>Website Information</Button></td>
00089 <td style="width:35%"><a onclick="showOption(2);"><Button>Template and Navigation</Button></td>
00090 <td style="width:35%"><a onclick="showOption(3);"><Button>Email and Registrations</Button></td>
00091 <td style="width:35%"><a onclick="showOption(4);"><Button>Security and Maintainence</Button></td>
00092 </tr>
00093 </table>
00094 </div>
00095 globalform;
00096 return $globalform."<form method='POST' action='./+admin&subaction=global'><div id=\"globaloption1\">".websiteInfoSettingsForm()."</div><div id=\"globaloption2\">".templateSettingsForm()."</div><div id=\"globaloption3\">".registrationsSettingsForm()."</div><div id=\"globaloption4\">".securitySettingsForm()."</div><input type='hidden' name='update_global_settings' /><input type='submit' value='Update' /><input type='button' value='Cancel' onclick=\"window.open('./+view','_top')\" /></form></fieldset>";
00097 }
00098
00099 function websiteInfoSettingsForm()
00100 {
00101 global $pageFullPath;
00102 global $CMSTEMPLATE;
00103 global $urlRequestRoot,$templateFolder,$cmsFolder;
00104 $globals=getGlobalSettings();
00105 foreach($globals as $var=>$val)
00106 $$var=$val;
00107 $globalform=<<<globalform
00108 <table style="width:100%">
00109 <tr>
00110 <td style="width:35%">Website Name :</td>
00111 <td style="width:65%"><input type="text" name='cms_title' value="$cms_title"></td>
00112 </tr>
00113 <tr>
00114 <td>Site Description :</td>
00115 <td><textarea style="width:98%" rows=10 cols=10 name='cms_desc' />$cms_desc</textarea></td>
00116 </tr>
00117 <tr>
00118 <td>Site Keywords (comma-separated) :</td>
00119 <td><input type="text" name='cms_keywords' value='$cms_keywords'></td>
00120 </tr>
00121 <tr>
00122 <td>Site Footer :</td>
00123 <td><textarea style="width:98%" rows=10 cols=10 name='cms_footer' />$cms_footer</textarea></td>
00124 </tr>
00125 </table>
00126 globalform;
00127 return $globalform;
00128 }
00129 function templateSettingsForm()
00130 {
00131 global $pageFullPath;
00132 global $CMSTEMPLATE;
00133 global $urlRequestRoot,$templateFolder,$cmsFolder;
00134 $globals=getGlobalSettings();
00135 foreach($globals as $var=>$val)
00136 $$var=$val;
00137 $templates = getAvailableTemplates();
00138 $allow_pagespecific_header=$allow_pagespecific_header==0?"":"checked";
00139 $allow_pagespecific_template=$allow_pagespecific_template==0?"":"checked";
00140
00141 $globalform=<<<globalform
00142 <table style="width:100%">
00143 <tr>
00144 <td>Default template :</td>
00145 <td><select name='default_template'>
00146 globalform;
00147
00148
00149 for($i=0; $i<count($templates); $i++)
00150 {
00151 if($templates[$i]==DEF_TEMPLATE)
00152 $globalform.="<option value='".$templates[$i]."' selected >".ucwords($templates[$i])."</option>";
00153 else
00154 $globalform.="<option value='".$templates[$i]."' >".ucwords($templates[$i])."</option>";
00155 }
00156
00157 $globalform.=<<<globalform
00158 </select>
00159 </td>
00160 </tr>
00161 <tr>
00162 <td>Allow Page-specific Template ?</td>
00163 <td><input name='allow_page_template' type='checkbox' $allow_pagespecific_template></td>
00164 </tr>
00165 <tr>
00166 <td>Allow Page-specific Headers ?</td>
00167 <td><input name='allow_page_header' type='checkbox' $allow_pagespecific_header></td>
00168 </tr>
00169
00170 <tr>
00171 <td>Show Breadcrumbs Submenu ?</td>
00172 <td><input name='breadcrumb_submenu' type='checkbox' $breadcrumb_submenu></td>
00173 </tr>
00174 </table>
00175 globalform;
00176 return $globalform;
00177 }
00178
00179 function registrationsSettingsForm()
00180 {
00181 global $pageFullPath;
00182 global $CMSTEMPLATE;
00183 global $urlRequestRoot,$templateFolder,$cmsFolder;
00184 $globals=getGlobalSettings();
00185 foreach($globals as $var=>$val)
00186 $$var=$val;
00187 $activate_useronreg=$default_user_activate==0?"":"checked";
00188 $default_mailverify=$default_mail_verify==0?"":"checked";
00189 $breadcrumb_submenu=$breadcrumb_submenu==0?"":"checked";
00190 $allow_login=$allow_login==0?"":"checked";
00191
00192
00193 $globalform=<<<globalform
00194 <table style="width:100%">
00195 <tr>
00196 <td>Send Mail on Registration ?</td>
00197 <td><input name='send_mail_on_reg' type='checkbox' $default_mailverify></td>
00198 </tr>
00199 <tr>
00200 <td>Website Email :</td>
00201 <td><input type="text" name='cms_email' value='$cms_email'></td>
00202 </tr>
00203
00204 <tr>
00205 <td>Activate User On Registration ?</td>
00206 <td><input name='activate_useronreg' type='checkbox' $activate_useronreg></td>
00207 </tr>
00208 <tr>
00209 <td>Allow Users to Login/Register ?</td>
00210 <td><input name='allow_login' type='checkbox' $allow_login></td>
00211 </tr>
00212 <tr>
00213 <td>Notify Users about Form Deadline before (in days) ?</td>
00214 <td><input type="text" name='deadline_notify' value='$deadline_notify'></td>
00215 </tr>
00216 </table>
00217 globalform;
00218 return $globalform;
00219 }
00220
00221 function getBlacklistTable()
00222 {
00223 $black = "Blacklist<table><tr><td style='width:35%'>Domains</td><td style='width:65%'>IPs</td><td>Actions</td></tr>";
00224 $query = "SELECT * FROM `".MYSQL_DATABASE_PREFIX."blacklist`";
00225 $result = mysql_query($query) or displayerror("Unable to load Blacklisted Information".mysql_error());
00226 while($row=mysql_fetch_array($result))
00227 $black .="<tr><td>$row[1]</td><td>$row[2]</td><td><a href='./+admin&subaction=global&del_black=$row[0]'>Delete</a></td></tr>";
00228 $black .="<tr><td><input type='text' name='blacklist_domain'></td><td><input type='text' name='blacklist_ip'></td><td></td></tr>";
00229 $black.="</table>";
00230 return $black;
00231 }
00232 function setblacklist($domain="",$ip="")
00233 {
00234 $www = strstr($domain,'.',1);
00235 if($www=="www")
00236 $domain = substr($domain,4);
00237 if($ip=="")
00238 $ip=gethostbyname($domain);
00239 $chk_query = "SELECT * FROM `".MYSQL_DATABASE_PREFIX."blacklist` WHERE `domain` = '$domain' AND `ip`= '$ip'";
00240 $chk_result = mysql_num_rows(mysql_query($chk_query));
00241 if($chk_result<1)
00242 {
00243 $query="INSERT INTO `".MYSQL_DATABASE_PREFIX."blacklist` (`domain`,`ip`) VALUES ('$domain','$ip')";
00244 $result =mysql_query($query) or displayerror("Unable to update blackilist".mysql_error());
00245 }
00246 return 1;
00247 }
00248 function delete_blacklist()
00249 {
00250 $id = safe_html($_GET['del_black']);
00251 $query = "DELETE FROM `".MYSQL_DATABASE_PREFIX."blacklist` WHERE `id` = '$id'";
00252 $result =mysql_query($query) or displayerror("Unable to Delete blacklist". mysql_error());
00253 if(mysql_affected_rows()>0)
00254 displayinfo("Blackilist Deleted Successfully");
00255 return 1;
00256 }
00257 function securitySettingsForm()
00258 {
00259 global $pageFullPath;
00260 global $CMSTEMPLATE;
00261 global $urlRequestRoot,$templateFolder,$cmsFolder;
00262 $globals=getGlobalSettings();
00263 $blacklist = getBlacklistTable();
00264 foreach($globals as $var=>$val)
00265 $$var=$val;
00266 $openidno_ischecked=($openid_enabled=='false')?'checked':'';
00267 $openidyes_ischecked=($openid_enabled=='false')?'':'checked';
00268 $recapt_ischecked=($recaptcha=='1')?'checked':'';
00269 $globalform=<<<globalform
00270 <table style="width:100%">
00271 <tr>
00272 <td style="width:35%">Upload Limit (bytes) </td>
00273 <td style="width:"65%"><input type="text" name='upload_limit' value='$upload_limit'></td>
00274 </tr>
00275 <tr>
00276 <td>Site Reindex Frequency (days) </td>
00277 <td><input type="text" name='reindex_frequency' value='$reindex_frequency'></td>
00278 </tr>
00279 <tr>
00280 <td><label for="optEnableOpenID">Enable OpenID?</label></td>
00281 <td>
00282 <labe><input type="radio" name="openid_enabled" id="optEnableOpenIDNo" value="false" $openidno_ischecked />No</label>
00283 <label><input type="radio" name="openid_enabled" id="optEnableOpenIDYes" value="true" $openidyes_ischecked />Yes</label>
00284 </td>
00285 </tr>
00286 <tr>
00287 <td>Censor Words (use | to seperate the words. Please dont use spaces) </td>
00288 <td><textarea style="width:98%" rows=10 cols=10 name='censor_words' />$censor_words</textarea></td>
00289 </tr>
00290 <tr>
00291 <td>Use ReCAPTCHA ?</td>
00292 <td>
00293 <label><input type="checkbox" name="recaptcha_enable" id="recaptcha_enable" value="Yes" $recapt_ischecked/>Yes</label>
00294 </td>
00295 </tr>
00296 <tr>
00297 <td><label for="public_key">ReCAPTCHA Public Key:</label></td>
00298 <td><input type="text" id="public_key" name="public_key" value='$recaptcha_public' /></td>
00299 </tr>
00300 <tr>
00301 <td><label for="private_key">ReCAPTCHA Private Key:</label></td>
00302 <td><input type="text" id="private_key" name="private_key" value='$recaptcha_private' /></td>
00303 </tr>
00304 </table>
00305 $blacklist
00306 globalform;
00307 return $globalform;
00308 }
00309
00310
00311
00312
00313 function extension($file) {
00314 $start = strrpos($file,".");
00315 $len = strlen($file);
00316 return substr($file,$start,$len-$start);
00317 }
00318
00319 function delDir($dirname) {
00320 if (is_dir($dirname))
00321 $dir_handle = opendir($dirname);
00322 if (!isset($dir_handle) || !$dir_handle)
00323 return false;
00324 while($file = readdir($dir_handle)) {
00325 if ($file != "." && $file != "..") {
00326 if (!is_dir($dirname."/".$file))
00327 unlink($dirname."/".$file);
00328 else
00329 delDir($dirname.'/'.$file);
00330 }
00331 }
00332 closedir($dir_handle);
00333 rmdir($dirname);
00334 return true;
00335 }
00336
00337 function getSuggestions($pattern) {
00338 $suggestionsQuery = "SELECT IF(user_email LIKE \"$pattern%\", 1, " .
00339 "IF(`user_fullname` LIKE \"$pattern%\", 2, " .
00340 "IF(`user_fullname` LIKE \"% $pattern%\", 3, " .
00341 "IF(`user_email` LIKE \"%$pattern%\", 4, " .
00342 "IF(`user_fullname` LIKE \"%$pattern%\", 5, 6" .
00343 "))))) AS `relevance`, `user_email`, `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE " .
00344 " `user_activated`=1 AND(`user_email` LIKE \"%$pattern%\" OR `user_fullname` LIKE \"%$pattern%\" ) ORDER BY `relevance`";
00345
00346 $suggestionsResult = mysql_query($suggestionsQuery);
00347
00348 $suggestions = array($pattern);
00349
00350 while($suggestionsRow = mysql_fetch_row($suggestionsResult)) {
00351 $suggestions[] = $suggestionsRow[1] . ' - ' . $suggestionsRow[2];
00352 }
00353
00354 return join($suggestions, ',');
00355 }
00356
00357 function admin($pageid, $userid) {
00358
00359 if(isset($_GET['doaction']) && $_GET['doaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
00360 if(strlen($_GET['forwhat']) >= 3) {
00361 echo getSuggestions($_GET['forwhat']);
00362 disconnect();
00363 exit();
00364 }
00365 }
00366 global $urlRequestRoot,$templateFolder,$cmsFolder,$ICONS;
00367 if(isset($_GET['indexsite'])) {
00368 global $sourceFolder;
00369 require("$sourceFolder/modules/search/admin/spider.php");
00370 if($_GET['indexsite'] == 1) {
00371 $serveruri=$_SERVER['SCRIPT_NAME'];
00372 $uri=substr($serveruri,0,stripos($serveruri,"index.php"));
00373 $site = "http://" . $_SERVER['HTTP_HOST'] . $uri . "home/";
00374 index_site($site, 0, -1, 'full', "", "+\n&", 0);
00375 displayinfo("Index for site created");
00376 } else {
00377 index_all();
00378 }
00379 }
00380
00381 $result = mysql_fetch_array(mysql_query("SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'reindex_frequency'"));
00382 if($result != NULL)
00383 $threshold = $result['value'];
00384 else
00385 $threshold = 30;
00386 $result = mysql_fetch_array(mysql_query("SELECT to_days(CURRENT_TIMESTAMP)-to_days(`indexdate`) AS 'diff' FROM `sites` WHERE `url` LIKE '%home%'"));
00387
00388 if($result == NULL)
00389 displayinfo("It seems the site doesn't have index for the search to work. Click <a href='./+admin&indexsite=1'>here</a> to index the site.");
00390 else if($result['diff'] > $threshold)
00391 displayinfo("Your site index was created {$result['diff']} days before. Click <a href='./+admin&indexsite=2'>here</a> to reindex your site.");
00392
00393 $quicklinks = <<<ADMINPAGE
00394 <fieldset>
00395 <legend>{$ICONS['Website Administration']['small']}Website Administration</legend>
00396 <a name='quicklinks'></a>
00397 <table class="iconspanel">
00398 <tr>
00399 <td><a href="./+admin&subaction=global"><div>{$ICONS['Global Settings']['large']}<br/>Global Settings</div></a></td>
00400 <td><a href="./+admin&subaction=template"><div>{$ICONS['Templates Management']['large']}<br/>Templates Management</div></a></td>
00401 <td><a href="./+admin&subaction=module"><div>{$ICONS['Modules Management']['large']}<br/>Module Management</div></a></td>
00402 <td><a href="./+admin&subaction=widgets"><div>{$ICONS['Widgets']['large']}<br/>Widgets Management</div></a></td>
00403 </tr>
00404 <tr>
00405 <td><a href="./+admin&subaction=icon"><div>{$ICONS['Icons']['large']}<br/>Icons Management</div></a></td>
00406 <td><a href="./+admin&subaction=email"><div>{$ICONS['Email Registrants']['large']}<br/>Email Registrants</div></a></td>
00407 <td><a href="./+admin&subaction=editgroups"><div>{$ICONS['User Groups']['large']}<br/>Group Management</div></a></td>
00408 <td><a href="./+admin&subaction=expert"><div>{$ICONS['Site Maintenance']['large']}<br/>Site Maintenance</div></a></td>
00409 </tr>
00410 <tr>
00411
00412 <td colspan=2><a href="./+admin&subaction=useradmin"><div>{$ICONS['User Management']['large']}<br/>User Management</div></a></td>
00413 <td colspan=2><a href="./+admin&subaction=editprofileform"><div>{$ICONS['User Profile']['large']}<br/>User Profiles</div></a></td>
00414 </tr>
00415
00416 </table>
00417 </fieldset>
00418 ADMINPAGE;
00419 if(isset($_GET['subaction'])) {
00420 require_once("email.lib.php");
00421 if($_GET['subaction'] == "email")
00422 return displayEmail().$quicklinks;
00423 else if($_GET['subaction'] == "openemail")
00424 return displayEmail(escape($_GET['name'])).$quicklinks;
00425 else if($_GET['subaction'] == "emailsend") {
00426 sendEmail();
00427 return displayEmail(escape($_POST['emailtemplates'])).$quicklinks;
00428 }
00429 else if($_GET['subaction'] == "emailsave") {
00430 saveEmail();
00431 return displayEmail(escape($_POST['emailtemplates'])).$quicklinks ;
00432 }
00433 }
00434 if(isset($_GET['subaction']) && ($_GET['subaction']=='module'||$_GET['subaction']=='template')) {
00435 $type = escape($_GET['subaction']);
00436 if($type=='module')
00437 displaywarning("Module Installation/Uninstallation has the potential to completely bring down the CMS, so Install only modules from trusted source");
00438 require_once("module.lib.php");
00439 require_once("template.lib.php");
00440 $type = ucfirst($type);
00441 $function = "handle{$type}Management";
00442 $op = $function();
00443 if($op != "") return $op.$quicklinks;
00444 return managementForm($type).$quicklinks;
00445 }
00446 global $sourceFolder;
00447 if(!isset($_GET['subaction']) && !isset($_GET['subsubaction'])) return $quicklinks;
00448 require_once("users.lib.php");
00449 $op="";$ophead=""; $str="";
00450
00451
00452
00453
00454 if (isset($_GET['subaction'])||isset($_GET['subsubaction'])||isset ($_GET['id'])||isset ($_GET['movePermId'])||isset ($_GET['module'])) {
00455
00456 if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_POST['update_global_settings']))
00457 updateGlobalSettings();
00458 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_GET['del_black']))
00459 delete_blacklist();
00460 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'useradmin')
00461 {
00462 $op .= handleUserMgmt();
00463 $ophead="{$ICONS['User Management']['small']}User Management";
00464 }
00465 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'widgets')
00466 {
00467 $op .= handleWidgetAdmin($pageid);
00468 $ophead="{$ICONS['Widgets']['small']}Widgets Management";
00469 }
00470 else if(isset($_GET['subaction']) && $_GET['subaction'] == 'icon')
00471 {
00472 require_once("iconmanagement.lib.php");
00473 $res = handleIconManagement();
00474 if(isset($_GET['iconURL']))
00475 return $res;
00476
00477 $op .= $res;
00478 $ophead = "{$ICONS['Icons']['small']}Icons Management";
00479 }
00480 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups') {
00481 require_once("permission.lib.php");
00482 $pagepath = array();
00483 parseUrlDereferenced($pageid, $pagepath);
00484 $virtue = '';
00485 $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, array_reverse(getGroupIds($userid)), $virtue);
00486 $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00487 $op .= groupManagementForm($userid, $modifiableGroups, $pagepath);
00488 $ophead="{$ICONS['Group Management']['small']}Group Management";
00489 }
00490 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadtemplates')
00491 {
00492 $op .= reloadTemplates();
00493 $ophead="{$ICONS['Templates Management']['small']}Reloading Templates";
00494 }
00495 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadmodules')
00496 {
00497 $op .= reloadModules();
00498 $ophead="{$ICONS['Modules Management']['small']}Reloading Modules";
00499 }
00500 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'checkPerm')
00501 {
00502 $op .= admin_checkFunctionPerms();
00503 $ophead="{$ICONS['Access Permissions']['small']}Checking Permissions Consistency";
00504 }
00505 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminUser')
00506 {
00507 $op .= admin_checkAdminUser();
00508 $ophead="Checking Administrator User";
00509 }
00510 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminPerms')
00511 {
00512 $op .= admin_checkAdminPerms();
00513 $ophead="Checking Administrator Permissions";
00514 }
00515 elseif (isset($_GET['subaction']) && ($_GET['subaction'] == 'changePermRank'))
00516 {
00517 $op .= admin_changePermRank();
00518 $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank";
00519 }
00520 elseif ((isset($_GET['subaction']) && ($_GET['subaction'] == 'editprofileform')) ||
00521 (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editprofileform'))
00522 {
00523 $op .= admin_editProfileForm();
00524 $ophead="{$ICONS['User Profile']['small']}Edit User Profile Form";
00525 }
00526 elseif (isset ($_GET['id']))
00527 $op .= admin_userAdmin();
00528 elseif (isset ($_GET['movePermId']))
00529 {
00530 $op .= admin_changePermRank();
00531 $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank";
00532 }
00533 elseif (isset ($_GET['module']))
00534 {
00535 $op .= admin_changePermRank(escape($_GET['module']));
00536 $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank for module '".escape($_GET['module'])."'";
00537 }
00538 }
00539 if($op!="")
00540 {
00541 $op ="<fieldset><legend>$ophead</legend>$op</fieldset>";
00542 }
00543
00544 if(isset($_GET['subaction']) && $_GET['subaction']=='global')
00545 $str .= globalSettingsForm();
00546 else if(isset($_GET['subaction']) && $_GET['subaction']=='editgroups') {
00547
00548 }
00549 else if(isset($_GET['subaction']) && $_GET['subaction']=='useradmin')
00550 {
00551
00552 $op .= userManagementForm();
00553 }
00554 else if(isset($_GET['subaction']) && $_GET['subaction']=='expert')
00555 {
00556 $str .= "<fieldset><legend>{$ICONS['Site Maintenance']['small']}Experts Only</legend>";
00557 $str .= '<a href="./+admin&subaction=checkPerm">Check Permission List</a><br />';
00558 $str .= '<a href="./+admin&subaction=checkAdminUser">Check Admin User</a><br />';
00559 $str .= '<a href="./+admin&subaction=checkAdminPerms">Check Admin Perms</a><br />';
00560 $str .= '<a href="./+admin&subaction=changePermRank">Change Perm Ranks</a><br />';
00561 $str .= '<a href="./+admin&subaction=reloadtemplates">Reload Templates</a><br />';
00562 $str .= '<a href="./+admin&subaction=reloadmodules">Reload Modules</a><br />';
00563 $str .= '<a href="./+admin&indexsite=2">Reindex Site for Searching</a></br/></fieldset>';
00564
00565
00566 }
00567
00568 return $str.$op.$quicklinks;
00569
00570 }
00571
00572 function managementForm($type) {
00573 $function = "getAvailable{$type}s";
00574 $modules = $function();
00575 $modulesList = "<select name='{$type}'>";
00576 foreach($modules as $module)
00577 $modulesList .= "<option value='" . $module . "'>" . $module . "</option>";
00578 $modulesList .= "</select>";
00579 global $ICONS;
00580 $smallIcon = $ICONS[$type.'s Management']['small'];
00581 $subaction = ($type=="Module")?'module':($type=="Template"?'template':"");
00582 $form=<<<FORM
00583 <script type="text/javascript">
00584 function delconfirm(obj) {
00585 return confirm("Are you sure want to delete '" + document.getElementById('modules').value + "' {$type}?");
00586 }
00587 </script>
00588 <fieldset>
00589 <legend>{$smallIcon}{$type} Management</legend>
00590 <form name='module' method='POST' action="./+admin&subaction={$subaction}&subsubaction=install" enctype="multipart/form-data">
00591 Add new {$type}: <input type='file' name='file' id='file' /><input type='submit' name='btn_install' value='Upload' />
00592 </form>
00593 <br/><br/>
00594 <form method='POST' action="./+admin&subaction={$subaction}&subsubaction=uninstall" enctype="multipart/form-data">
00595 Delete Existing {$type}: {$modulesList}<input type='submit' name='btn_uninstall' value='Uninstall' onclick='return delconfirm(this);' />
00596 </form>
00597 </fieldset>
00598 FORM;
00599 return $form;
00600 }
00601
00602 function updateGlobalSettings()
00603 {
00604
00605 $global=array();
00606 $global['allow_pagespecific_header']=isset($_POST['allow_page_header'])?1:0;
00607 $global['allow_pagespecific_template']=isset($_POST['allow_page_template'])?1:0;
00608 $global['default_user_activate']=isset($_POST['activate_useronreg'])?1:0;
00609 $global['default_mail_verify']=isset($_POST['send_mail_on_reg'])?1:0;
00610 $global['breadcrumb_submenu']=isset($_POST['breadcrumb_submenu'])?1:0;
00611
00612 $global['allow_login']=isset($_POST['allow_login'])?1:0;
00613 $global['deadline_notify']=$_POST['deadline_notify'];
00614 $global['cms_title']=escape($_POST['cms_title']);
00615 $global['default_template']=escape($_POST['default_template']);
00616 $global['cms_email']=escape($_POST['cms_email']);
00617 $global['upload_limit']=escape($_POST['upload_limit']);
00618 $global['reindex_frequency']=escape($_POST['reindex_frequency']);
00619 $global['cms_desc']=escape($_POST['cms_desc']);
00620 $global['cms_keywords']=escape($_POST['cms_keywords']);
00621 $global['cms_footer']=escape($_POST['cms_footer']);
00622 $global['blacklist_domain']=escape($_POST['blacklist_domain']);
00623 $global['blacklist_ip']=escape($_POST['blacklist_ip']);
00624 $global['censor_words']=safe_html($_POST['censor_words']);
00625 $blacklist_domain = safe_html($_POST['blacklist_domain']);
00626 $blacklist_ip = safe_html($_POST['blacklist_ip']);
00627 if(!(($blacklist_domain=="")&&($blacklist_ip=="")))
00628 setblacklist($blacklist_domain,$blacklist_ip);
00629 if(isset($_POST['openid_enabled']) && escape($_POST['openid_enabled']=='true'))
00630 {
00631 if (iscurlinstalled())
00632 $global['openid_enabled']='true';
00633 else
00634 {
00635 global $curl_message;
00636 displaywarning($curl_message);
00637 $global['openid_enabled']='false';
00638 }
00639 }
00640 else
00641 $global['openid_enabled']='false';
00642 if(isset($_POST['recaptcha_enable']))
00643 {
00644 if (($_POST['public_key']!=NULL)&&($_POST['private_key']!=NULL))
00645 {
00646 $global['recaptcha']='1';
00647 $global['recaptcha_public']=escape($_POST['public_key']);
00648 $global['recaptcha_private']=escape($_POST['private_key']);
00649
00650 }
00651 else
00652 {
00653 displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled");
00654 $global['recaptcha']='0';
00655 }
00656 }
00657 else
00658 $global['recaptcha']='0';
00659 setGlobalSettings($global);
00660
00661 displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
00662
00663 }
00664
00665 function admin_checkFunctionPerms() {
00666 global $sourceFolder;
00667 $returnStr="";
00668
00669 if ($handle = opendir($sourceFolder . '/modules')) {
00670 while (false !== ($file = readdir($handle))) {
00671 $list[] = $file;
00672 }
00673 closedir($handle);
00674 }
00675 foreach ($list as $temp) {
00676 if (strpos($temp, '.lib.php')==strlen($temp)-8) {
00677 $moduleArray[] = str_replace('.lib.php', '', $temp);
00678 }
00679 }
00680 $moduleList = "";
00681 foreach ($moduleArray as $module) {
00682 $moduleList .= $module . ", ";
00683 }
00684 $moduleList .= "";
00685
00686 $returnStr.="<br/>The following modules/classes exist in the file system:<br>$moduleList";
00687 $moduleList = "";
00688
00689
00690
00691
00692
00693 global $sourceFolder;
00694 global $moduleFolder;
00695 foreach ($moduleArray as $module) {
00696 $perm = array ();
00697 reset($perm);
00698 $i = 0;
00699 if (($module != 'forum') && ($module != 'poll') && ($module != 'contest')) {
00700
00701
00702 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00703
00704 $functionArray = get_class_methods($module);
00705
00706 if($functionArray==NULL)
00707 {
00708 $returnStr.="<br/><b>Please check the Class definition of $module. It may have undefined functions. Please define the functions or declare the class as an abstract class</b>";
00709 continue;
00710 }
00711 foreach ($functionArray as $method) {
00712 if ((substr($method, 0, 6)) == 'action') {
00713 $permission = str_replace('action', "", $method);
00714 $permission = strtolower($permission);
00715 $perm[$i] = $permission;
00716 $i = $i +1;
00717 }
00718 }
00719
00720 $permList = "";
00721 foreach ($perm as $permElements) {
00722 $permList .= $permElements . ", ";
00723 }
00724 $returnStr.="<br/>The following methods/functions/actions exist in the filesystem class for $module:<br> $permList";
00725 $perm[] = 'create';
00726 $permExists = "";
00727 $i = 0;
00728
00729 foreach ($perm as $permission) {
00730 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module' AND `perm_action`='$permission'";
00731 $result = mysql_query($query);
00732 if (mysql_num_rows($result) > 0) {
00733 if ($i == 1)
00734 $permExists .= ", ";
00735 $permExists .= $permission;
00736 $i = 1;
00737 } else {
00738 $returnStr.="<br/><b>$permission DOES NOT exist for $module but will be created</b><br>";
00739 $query = "SELECT MAX(perm_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00740 $result = mysql_query($query) or die(mysql_error());
00741 $row = mysql_fetch_assoc($result);
00742 $permid = $row['MAX'] + 1;
00743 $query = "SELECT MAX(perm_rank) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00744 $result = mysql_query($query) or die(mysql_error());
00745 $row = mysql_fetch_assoc($result);
00746 $permrank = $row['MAX'] + 1;
00747 $desc = $permission . " the " . $module;
00748 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "permissionlist`(`perm_id` ,`page_module` ,`perm_action` ,`perm_text` ,`perm_rank` ,`perm_description`)VALUES ('$permid', '$module', '$permission', '$permission', '$permrank', '$desc') ";
00749 $result = mysql_query($query) or die(mysql_error());
00750 if (mysql_affected_rows())
00751 displayinfo("$permission has been created for $module");
00752 }
00753 }
00754
00755 $permExists .= ".";
00756 $returnStr.="<br/>The following permissions exist in database for $module :<br>$permExists";
00757
00758 }
00759
00760 }
00761
00762
00763
00764 foreach ($moduleArray as $module) {
00765 if (($module != 'forum') && ($module != 'poll') && ($module!='contest')) {
00766 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00767 $class = new $module ();
00768 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00769 $result = mysql_query($query);
00770 while ($tempres = mysql_fetch_assoc($result)) {
00771
00772 $permName = ucfirst($tempres['perm_action']);
00773 $method = "action" . $permName;
00774
00775 if (!(method_exists($class, $method)))
00776 $returnStr.="<br/>Permission $method, perm id = $tempres[perm_id] exists in database but not in class $module";
00777
00778 }
00779
00780 }
00781 }
00782 return $returnStr;
00783 }
00784
00785
00786
00787 function admin_checkAdminUser() {
00788 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin'";
00789 $result = mysql_query($query);
00790 if (mysql_num_rows($result) > 0) {
00791 displayinfo("User \"Admin\" exists in database.");
00792 } else {
00793 $query = "SELECT MAX(user_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "users` ";
00794 $result = mysql_query($query) or die(mysql_error() . "check.lib L:141");
00795 $row = mysql_fetch_assoc($result);
00796 $uid = $row['MAX'] + 1;
00797 $passwd = rand();
00798 $adminPasswd = md5($passwd);
00799 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users`( `user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_activated`)VALUES ( $uid , 'admin', 'admin@cms.org', 'Administrator', '$adminPasswd', '1')";
00800
00801 $result = mysql_query($query) or die(mysql_error());
00802 if (mysql_affected_rows() > 0) {
00803 displayinfo("User Admin has been created with email admin@cms.org and password as $passwd");
00804 } else
00805 displayerror("Failed to create user Admin");
00806 }
00807 }
00808
00809 function admin_checkAdminPerms()
00810
00811
00812
00813
00814
00815 {
00816 $returnStr="";
00817 $str="";
00818 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin' ";
00819 $result = mysql_query($query);
00820 if (mysql_num_rows($result) > 0) {
00821 $temp = mysql_fetch_array($result);
00822 $user_Id = $temp['user_id'];
00823 $query1 = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00824 $result1 = mysql_query($query1);
00825 while ($temp1 = mysql_fetch_assoc($result1)) {
00826 foreach ($temp1 as $var => $val) {
00827 if ($var == 'perm_id') {
00828 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type`='user' AND `usergroup_id`=$user_Id AND `page_id`=0 AND `perm_id`=$val AND `perm_permission`='Y'";
00829 $result = mysql_query($query) or die(mysql_error());
00830 if (!mysql_num_rows($result)) {
00831 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "userpageperm` (`perm_type`,`page_id`,`usergroup_id`,`perm_id`,`perm_permission`) VALUES ('user','0','$user_Id','$val','Y')";
00832 $result2 = mysql_query($query);
00833 if (mysql_affected_rows())
00834 $returnStr.="\n<br>User Admin userId=$user_Id has been allotted permission $temp1[perm_action] of module $temp1[page_module] over page 0";
00835 else
00836 $returnStr.="\n<br>Failed to create permission $temp1[perm_action] of module $temp1[page_module] over page 0 for User Admin userId=$user_Id";
00837 } else {
00838 $str .= "";
00839 $str .= "\n<tr><td>" . $temp1['page_module'] . "</td><td>" . $temp1['perm_action'] . "</td></tr>";
00840 }
00841 }
00842 }
00843 }
00844 if ($str != '')
00845 $returnStr.="The following permissions exist for user admin: <table border=\"1\"><tr><th>Module</th><th>Permission</th></tr>" .$str. "</table>";
00846
00847 } else {
00848 $returnStr.=admin_checkAdminUser();
00849 $returnStr.=admin_checkAdminPerms();
00850 }
00851 return $returnStr;
00852 }
00853
00854
00855
00856
00857
00858
00859
00860 function admin_changePermRank($module="") {
00861 require_once("tbman_executer.lib.php");
00862
00863
00864 $pv = "";
00865 if(isset($_POST['querystring'])) {
00866 $pv = $_POST;
00867 } else {
00868 $pv = "SELECT * FROM `". MYSQL_DATABASE_PREFIX ."permissionlist`";
00869 }
00870 $table = new tbman_executer($pv);
00871 $table->formaction="./+admin&subaction=changePermRank";
00872 return $table->execute();
00873
00874 }
00875
00876
00877 function admin_editProfileForm() {
00878 include_once('profile.lib.php');
00879 return getProfileFormEditForm();
00880 }
00881
00882 function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath) {
00883 require_once("group.lib.php");
00884 global $ICONS;
00885 global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder,$sourceFolder;
00886 $scriptsFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts";
00887 $imagesFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/images";
00888
00890 $groupRow = $groupId = $userId = null;
00891 $subAction = '';
00892 if ((isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname'])) || (isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])))
00893 $subAction = 'showeditform';
00894 elseif(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform')
00895 $subAction = 'associateform';
00896 elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail']))
00897 $subAction = 'deleteuser';
00898 elseif (isset($_POST['btnAddUserToGroup']))
00899 $subAction = 'addusertogroup';
00900 elseif (isset($_POST['btnSaveGroupProperties']))
00901 $subAction = 'savegroupproperties';
00902 elseif (isset($_POST['btnEditGroupPriorities']) || (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities'))
00903 $subAction = 'editgrouppriorities';
00904
00905 if(isset($_POST['selEditGroups']) || isset($_GET['groupname'])) {
00906 $groupRow = getGroupRow( isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname']) );
00907 $groupId = $groupRow['group_id'];
00908 if($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) {
00909 displayerror('Error! Invalid group requested.');
00910 return ;
00911 }
00912
00913 if(!is_null($groupId)) {
00914 if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
00915 displayerror('You do not have the permission to modify the selected group.');
00916 return '';
00917 }
00918 }
00919 }
00920 if(isset($_GET['useremail'])) {
00921 $userId = getUserIdFromEmail($_GET['useremail']);
00922 }
00923
00924 if($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) {
00925 if ($subAction == 'deleteuser') {
00926 if($groupRow['form_id'] != 0) {
00927 displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.');
00928 }
00929 elseif (!$userId) {
00930 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00931 }
00932 else {
00933 $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = ' . $userId . ' AND `group_id` = ' . $groupId;
00934 $deleteResult = mysql_query($deleteQuery);
00935 if(!$deleteResult || mysql_affected_rows() != 1) {
00936 displayerror('Could not delete user with the given E-mail from the given group.');
00937 }
00938 else {
00939 displayinfo('Successfully removed user from the current group');
00940
00941 if($userId == $currentUserId) {
00942 $virtue = '';
00943 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
00944 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
00945 }
00946 }
00947 }
00948 }
00949 elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) {
00950 $updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '".escape($_POST['txtGroupDescription'])."' WHERE `group_id` = $groupId";
00951 $updateResult = mysql_query($updateQuery);
00952 if (!$updateResult) {
00953 displayerror('Could not update database.');
00954 }
00955 else {
00956 displayinfo('Changes to the group have been successfully saved.');
00957 }
00958 $groupRow = getGroupRow($groupRow['group_name']);
00959 }
00960 elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') {
00961 if($groupRow['form_id'] != 0) {
00962 displayerror('The selected group is associated with a form. To add a user, register the user to the form.');
00963 }
00964 else {
00965 $passedEmails = explode(',', escape($_POST['txtUserEmail']));
00966
00967 for($i = 0; $i < count($passedEmails); $i++) {
00968 $hyphenPos = strpos($passedEmails[$i], '-');
00969 if ($hyphenPos >= 0) {
00970 $userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1));
00971 }
00972 else {
00973 $userEmail = escape($_POST['txtUserEmail']);
00974 }
00975
00976 $userId = getUserIdFromEmail($userEmail);
00977 if(!$userId || $userId < 1) {
00978 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00979 }
00980
00981 if(!addUserToGroupName($groupRow['group_name'], $userId)) {
00982 displayerror('Could not add the given user to the current group.');
00983 }
00984 else {
00985 displayinfo('User has been successfully inserted into the given group.');
00986 }
00987 }
00988 }
00989 }
00990 elseif ($subAction == 'associateform') {
00991 if(isset($_POST['btnAssociateGroup'])) {
00992 $pageIdArray = array();
00993 $formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray);
00994 if($formPageId <= 0 || getPageModule($formPageId) != 'form') {
00995 displayerror('Invalid page selected! The page you selected is not a form.');
00996 }
00997 elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form'))
00998 displayerror('You do not have the permissions to associate the selected form with a group.');
00999 else {
01000 $formModuleId = getModuleComponentIdFromPageId($formPageId, 'form');
01001 require_once("$sourceFolder/$moduleFolder/form.lib.php");
01002
01003 if(isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) {
01004 associateGroupWithForm($groupId, $formModuleId);
01005 $groupRow = getGroupRow($groupRow['group_name']);
01006 }
01007 else
01008 displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.');
01009 }
01010 }
01011 elseif(isset($_POST['btnUnassociateGroup'])) {
01012 if($groupRow['form_id'] <= 0) {
01013 displayerror('The selected group is currently not associated with any form.');
01014 }
01015 elseif(!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) {
01016 displayerror('You do not have the permissions to unassociate the form from this group.');
01017 }
01018 else {
01019 unassociateFormFromGroup($groupId);
01020 $virtue = '';
01021 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01022 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01023 $groupRow = getGroupRow($groupRow['group_name']);
01024 }
01025 }
01026 }
01027
01028 if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
01029 displayerror('You do not have the permission to modify the selected group.');
01030 return '';
01031 }
01032
01033 $usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`';
01034 $usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`';
01035 $userQuery = "SELECT `user_email`, `user_fullname` FROM $usergroupTable, $usersTable WHERE `group_id` = $groupId AND $usersTable.`user_id` = $usergroupTable.`user_id` ORDER BY `user_email`";
01036 $userResult = mysql_query($userQuery);
01037 if(!$userResult) {
01038 displayerror('Error! Could not fetch group information.');
01039 return '';
01040 }
01041
01042 $userEmails = array();
01043 $userFullnames = array();
01044 while($userRow = mysql_fetch_row($userResult)) {
01045 $userEmails[] = $userRow[0];
01046 $userFullnames[] = $userRow[1];
01047 }
01048
01049 $groupEditForm = <<<GROUPEDITFORM
01050 <h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br />
01051 <fieldset style="padding: 8px">
01052 <legend>{$ICONS['User Groups']['small']}Group Properties</legend>
01053 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01054 Group Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" />
01055 <input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" />
01056 </form>
01057 </fieldset>
01058
01059 <br />
01060 <fieldset style="padding: 8px">
01061 <legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend>
01062 GROUPEDITFORM;
01063
01064 $userCount = mysql_num_rows($userResult);
01065 global $urlRequestRoot, $cmsFolder, $templateFolder,$sourceFolder;
01066 $deleteImage = "<img src=\"$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />";
01067
01068 for($i = 0; $i < $userCount; $i++) {
01069 $isntAssociatedWithForm = ($groupRow['form_id'] == 0);
01070 if($isntAssociatedWithForm)
01071 $groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>";
01072 $groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n";
01073 }
01074
01075 $associateForm = '';
01076 if($groupRow['form_id'] == 0) {
01077 $associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId));
01078 $associableFormCount = count($associableForms);
01079 $associableFormsBox = '<select name="selFormPath">';
01080 for($i = 0; $i < $associableFormCount; ++$i) {
01081 $associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>';
01082 }
01083 $associableFormsBox .= '</select>';
01084 $associateForm = <<<GROUPASSOCIATEFORM
01085
01086 Select a form to associate the group with: $associableFormsBox
01087 <input type="submit" name="btnAssociateGroup" value="Associate Group with Form" />
01088 GROUPASSOCIATEFORM;
01089 }
01090 else {
01091 $associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']);
01092 $associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' .
01093 '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />';
01094 }
01095
01096 $groupEditForm .= '</fieldset>';
01097 if($groupRow['form_id'] == 0) {
01098 $groupEditForm .= <<<GROUPEDITFORM
01099 <br />
01100 <fieldset style="padding: 8px">
01101 <legend>{$ICONS['Add']['small']}Add Users to Group</legend>
01102 <form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01103 Email ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" />
01104 <div id="suggestionDiv" class="suggestionbox"></div>
01105
01106 <script language="javascript" type="text/javascript" src="$scriptsFolder/ajaxsuggestionbox.js"></script>
01107 <script language="javascript" type="text/javascript">
01108 <!--
01109 var addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%");
01110 addUserBox.loadingImageUrl = '$imagesFolder/ajaxloading.gif';
01111 -->
01112 </script>
01113
01114 <input type="submit" name="btnAddUserToGroup" value="Add User to Group" />
01115 </form>
01116 </fieldset>
01117 GROUPEDITFORM;
01118 }
01119 $groupEditForm .= <<<GROUPEDITFORM
01120 <br />
01121 <fieldset style="padding: 8px">
01122 <legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend>
01123 <form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST">
01124 $associateForm
01125 </form>
01126 </fieldset>
01127 GROUPEDITFORM;
01128
01129 return $groupEditForm;
01130 }
01131
01132 if ($subAction == 'editgrouppriorities') {
01133 $modifiableCount = count($modifiableGroups);
01134 $userMaxPriority = $maxPriorityGroup = 1;
01135 if($modifiableCount != 0) {
01136 $userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']);
01137 $maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id'];
01138 }
01139
01140 if(isset($_GET['dowhat']) && !is_null($groupId)) {
01141 if($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') {
01142 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true);
01143 }
01144 elseif($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') {
01145 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false);
01146 }
01147 elseif($_GET['dowhat'] == 'emptygroup') {
01148 emptyGroup($groupRow['group_name']);
01149 }
01150 elseif($_GET['dowhat'] == 'deletegroup') {
01151 if(deleteGroup($groupRow['group_name'])) {
01152 $virtue = '';
01153 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01154 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01155 }
01156 }
01157
01158 $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01159 }
01160 elseif(isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') {
01161 if(isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) {
01162 $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '".escape($_POST['txtGroupName'])."'";
01163 $existsResult = mysql_query($existsQuery);
01164 if(trim($_POST['txtGroupName']) == '') {
01165 displayerror('Cannot create a group with an empty name. Please type in a name for the new group.');
01166 }
01167 elseif(mysql_num_rows($existsResult) >= 1) {
01168 displayerror('A group with the name you specified already exists.');
01169 }
01170 else {
01171 $idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
01172 $idResult = mysql_query($idQuery);
01173 $idRow = mysql_fetch_row($idResult);
01174 $newGroupId = 2;
01175 if(!is_null($idRow[0])) {
01176 $newGroupId = $idRow[0] + 1;
01177 }
01178
01179 $newGroupPriority = 1;
01180 if($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) {
01181 $newGroupPriority = escape($_POST['selGroupPriority']);
01182 }
01183
01184 $addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' .
01185 "VALUES($newGroupId, '".escape($_POST['txtGroupName'])."', '".escape($_POST['txtGroupDescription'])."', $newGroupPriority)";
01186 $addGroupResult = mysql_query($addGroupQuery);
01187 if($addGroupResult) {
01188 displayinfo('New group added successfully.');
01189
01190 if(isset($_POST['chkAddMe'])) {
01191 $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ($currentUserId, $newGroupId)";
01192 if(!mysql_query($insertQuery)) {
01193 displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query());
01194 }
01195 }
01196 $virtue = '';
01197 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01198 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01199 }
01200 else {
01201 displayerror('Could not run MySQL query. New group could not be added.');
01202 }
01203 }
01204 }
01205
01206 $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01207 }
01208
01209 $modifiableCount = count($modifiableGroups);
01210 if($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) {
01211 $modifiableGroups = array_reverse($modifiableGroups);
01212 }
01213 $previousPriority = $modifiableGroups[0]['group_priority'];
01214 global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder,$sourceFolder;
01215 $iconsFolderUrl = "$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16";
01216 $moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />';
01217 $moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />';
01218 $moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />';
01219 $moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />';
01220 $emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />';
01221 $deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />';
01222
01223 $groupsForm = '<h3>Edit Group Priorities</h3><br />';
01224 for($i = 0; $i < $modifiableCount; $i++) {
01225 if($modifiableGroups[$i]['group_priority'] != $previousPriority) {
01226 $groupsForm .= '<br /><br /><hr /><br />';
01227 }
01228 $groupsForm .=
01229 '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' .
01230 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' .
01231 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' .
01232 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' .
01233 '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' .
01234 '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' .
01235 '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' .
01236 '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n";
01237 $previousPriority = $modifiableGroups[$i]['group_priority'];
01238 }
01239
01240 $priorityBox = '<option value="1">1</option>';
01241 for($i = 2; $i <= $userMaxPriority; ++$i) {
01242 $priorityBox .= '<option value="' . $i . '">' . $i . '</option>';
01243 }
01244 $groupsForm .= <<<GROUPSFORM
01245 <br /><br />
01246 <fieldset style="padding: 8px">
01247 <legend>Create New Group:</legend>
01248
01249 <form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup">
01250 <label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br />
01251 <label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br />
01252 <label>Group Priority: <select name="selGroupPriority">$priorityBox</select><br />
01253 <label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br />
01254 <input type="submit" name="btnAddNewGroup" value="Add Group" />
01255 </form>
01256 </fieldset>
01257 GROUPSFORM;
01258
01259 return $groupsForm;
01260 }
01261
01262
01263 $modifiableCount = count($modifiableGroups);
01264 $groupsBox = '<select name="selEditGroups">';
01265 for($i = 0; $i < $modifiableCount; ++$i) {
01266 $groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n";
01267 }
01268 $groupsBox .= '</select>';
01269
01270 $groupsForm = <<<GROUPSFORM
01271 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups">
01272 $groupsBox
01273 <input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br />
01274 <input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" />
01275 </form>
01276
01277 GROUPSFORM;
01278
01279 return $groupsForm;
01280 }