• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/admin.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00034         /*  Consistency check:
00035 1) Check all available classes (modules) - to refine
00036 
00037 2) See, if all their functions actionView(), actionEdit(), actionX exist
00038 in the perms table or not (and create also). If
00039 not, give option to create that permission. - to refine
00040 
00041 3) See if any extra option exists in the database, if it does, warn the user. - to refine
00042 
00043 4) See if any user with the name admin exists or not. If it does not,
00044 create it and give it a random and display all required information, - to remove
00045 
00046 5) See if the admin user has all perms at page 0 or not. If not, give him
00047 all perms and inform him - to remove
00048 
00049 6) See if all minimum rows n tables required for the cms to run exist or
00050 not, if they do not, create them. - to remove
00051 
00052 7) User management: List of all users, ability to edit everything about
00053 them, ability to activate users, ability to create users - to refine
00054 
00055 8) Ability to change perm ranks (like page move up and move ) - done
00056  *
00057  *
00058  * */
00059 
00060 function globalSettingsForm()
00061 {
00062         global $ICONS;
00063         $globalform=<<<globalform
00064         <style>
00065         #tabBar {
00066                 display: none;
00067         }
00068         </style>
00069         <script type="text/javascript">
00070                 total = 4;
00071                 function showOption(num) {
00072                         for(i=1;i<=total;i++)
00073                         document.getElementById('globaloption'+i).style.display="none";
00074                         document.getElementById('globaloption'+num).style.display="block";
00075                 }
00076                 window.onload=function() {
00077                         for(i=1;i<=total;i++)
00078                         document.getElementById('globaloption'+i).style.display="none";
00079                         showOption(1);
00080                         document.getElementById('tabBar').style.display="block";
00081                 }
00082         </script>
00083         <fieldset>
00084         <legend>{$ICONS['Global Settings']['small']}Global Settings</legend>
00085         <div id="tabBar">
00086         <table style="width:100%">
00087         <tr>
00088         <td id="subaction" style="width:35%"><a onclick="showOption(1);"><Button>Website Information</Button></td>
00089         <td style="width:35%"><a onclick="showOption(2);"><Button>Template and Navigation</Button></td>
00090         <td style="width:35%"><a onclick="showOption(3);"><Button>Email and Registrations</Button></td>
00091         <td style="width:35%"><a onclick="showOption(4);"><Button>Security and Maintainence</Button></td>
00092         </tr>
00093         </table>
00094         </div>
00095 globalform;
00096         return $globalform."<form method='POST' action='./+admin&subaction=global'><div id=\"globaloption1\">".websiteInfoSettingsForm()."</div><div id=\"globaloption2\">".templateSettingsForm()."</div><div id=\"globaloption3\">".registrationsSettingsForm()."</div><div id=\"globaloption4\">".securitySettingsForm()."</div><input type='hidden' name='update_global_settings' /><input type='submit' value='Update' /><input type='button' value='Cancel' onclick=\"window.open('./+view','_top')\" /></form></fieldset>";
00097         }
00098         
00099 function websiteInfoSettingsForm()
00100 {
00101         global $pageFullPath;
00102         global $CMSTEMPLATE;
00103         global $urlRequestRoot,$templateFolder,$cmsFolder;
00104         $globals=getGlobalSettings();
00105         foreach($globals as $var=>$val) 
00106                 $$var=$val;
00107         $globalform=<<<globalform
00108         <table style="width:100%">
00109         <tr>
00110         <td style="width:35%">Website Name :</td>
00111         <td style="width:65%"><input type="text" name='cms_title' value="$cms_title"></td>
00112         </tr>
00113         <tr>
00114         <td>Site Description :</td>
00115         <td><textarea style="width:98%" rows=10 cols=10 name='cms_desc' />$cms_desc</textarea></td>
00116         </tr>
00117         <tr>
00118         <td>Site Keywords (comma-separated) :</td>
00119         <td><input type="text" name='cms_keywords' value='$cms_keywords'></td>
00120         </tr>
00121         <tr>
00122         <td>Site Footer :</td>
00123         <td><textarea style="width:98%" rows=10 cols=10 name='cms_footer' />$cms_footer</textarea></td>
00124         </tr>
00125         </table>
00126 globalform;
00127         return $globalform;
00128 }
00129 function templateSettingsForm()
00130 {
00131 global $pageFullPath;
00132         global $CMSTEMPLATE;
00133         global $urlRequestRoot,$templateFolder,$cmsFolder;
00134         $globals=getGlobalSettings();
00135         foreach($globals as $var=>$val) 
00136                 $$var=$val;
00137 $templates = getAvailableTemplates();
00138 $allow_pagespecific_header=$allow_pagespecific_header==0?"":"checked";
00139 $allow_pagespecific_template=$allow_pagespecific_template==0?"":"checked";
00140 
00141 $globalform=<<<globalform
00142         <table style="width:100%">
00143         <tr>
00144         <td>Default template :</td>
00145         <td><select name='default_template'>
00146 globalform;
00147 
00148         
00149         for($i=0; $i<count($templates); $i++)
00150         {
00151                 if($templates[$i]==DEF_TEMPLATE)
00152                 $globalform.="<option value='".$templates[$i]."' selected >".ucwords($templates[$i])."</option>";
00153                 else
00154                 $globalform.="<option value='".$templates[$i]."' >".ucwords($templates[$i])."</option>";
00155         }
00156 
00157 $globalform.=<<<globalform
00158         </select>
00159         </td>
00160         </tr>
00161         <tr>
00162         <td>Allow Page-specific Template ?</td>
00163         <td><input name='allow_page_template' type='checkbox' $allow_pagespecific_template></td>
00164         </tr>
00165         <tr>
00166         <td>Allow Page-specific Headers ?</td>
00167         <td><input name='allow_page_header' type='checkbox' $allow_pagespecific_header></td>
00168         </tr>
00169         
00170         <tr>
00171         <td>Show Breadcrumbs Submenu ?</td>
00172         <td><input name='breadcrumb_submenu' type='checkbox' $breadcrumb_submenu></td>
00173         </tr>
00174         </table>
00175 globalform;
00176 return $globalform;
00177 }
00178 
00179 function registrationsSettingsForm()
00180 {
00181 global $pageFullPath;
00182         global $CMSTEMPLATE;
00183         global $urlRequestRoot,$templateFolder,$cmsFolder;
00184         $globals=getGlobalSettings();
00185         foreach($globals as $var=>$val) 
00186                 $$var=$val;
00187 $activate_useronreg=$default_user_activate==0?"":"checked";
00188 $default_mailverify=$default_mail_verify==0?"":"checked";
00189 $breadcrumb_submenu=$breadcrumb_submenu==0?"":"checked";
00190 $allow_login=$allow_login==0?"":"checked";
00191 
00192 
00193 $globalform=<<<globalform
00194         <table style="width:100%">
00195         <tr>
00196         <td>Send Mail on Registration ?</td>
00197         <td><input name='send_mail_on_reg' type='checkbox' $default_mailverify></td>
00198         </tr>
00199         <tr>
00200         <td>Website Email :</td>
00201         <td><input type="text" name='cms_email' value='$cms_email'></td>
00202         </tr>
00203         
00204         <tr>
00205         <td>Activate User On Registration ?</td>
00206         <td><input name='activate_useronreg' type='checkbox' $activate_useronreg></td>
00207         </tr>
00208         <tr>
00209         <td>Allow Users to Login/Register ?</td>
00210         <td><input name='allow_login' type='checkbox' $allow_login></td>
00211         </tr>
00212         <tr>
00213         <td>Notify Users about Form Deadline before (in days) ?</td>
00214         <td><input type="text" name='deadline_notify' value='$deadline_notify'></td>
00215         </tr>
00216         </table>
00217 globalform;
00218 return $globalform;
00219 }
00220 
00221 function getBlacklistTable()
00222 {
00223         $black = "Blacklist<table><tr><td style='width:35%'>Domains</td><td style='width:65%'>IPs</td><td>Actions</td></tr>";   
00224         $query = "SELECT * FROM `".MYSQL_DATABASE_PREFIX."blacklist`";
00225         $result = mysql_query($query) or displayerror("Unable to load Blacklisted Information".mysql_error());
00226         while($row=mysql_fetch_array($result))
00227                 $black .="<tr><td>$row[1]</td><td>$row[2]</td><td><a href='./+admin&subaction=global&del_black=$row[0]'>Delete</a></td></tr>";  
00228         $black .="<tr><td><input type='text' name='blacklist_domain'></td><td><input type='text' name='blacklist_ip'></td><td></td></tr>";
00229         $black.="</table>";
00230         return $black;
00231 }
00232 function setblacklist($domain="",$ip="")
00233 {
00234         $www = strstr($domain,'.',1);
00235         if($www=="www")
00236                 $domain = substr($domain,4);
00237         if($ip=="")
00238                 $ip=gethostbyname($domain);
00239         $chk_query = "SELECT * FROM `".MYSQL_DATABASE_PREFIX."blacklist` WHERE `domain` = '$domain' AND `ip`= '$ip'";
00240         $chk_result = mysql_num_rows(mysql_query($chk_query));
00241         if($chk_result<1)
00242         {
00243                 $query="INSERT INTO `".MYSQL_DATABASE_PREFIX."blacklist` (`domain`,`ip`) VALUES ('$domain','$ip')";
00244                 $result =mysql_query($query) or displayerror("Unable to update blackilist".mysql_error());
00245         }       
00246         return 1;
00247 }
00248 function delete_blacklist()
00249 {
00250         $id = safe_html($_GET['del_black']);
00251         $query = "DELETE FROM `".MYSQL_DATABASE_PREFIX."blacklist` WHERE `id` = '$id'";
00252         $result =mysql_query($query) or displayerror("Unable to Delete blacklist". mysql_error());
00253         if(mysql_affected_rows()>0)     
00254                         displayinfo("Blackilist Deleted Successfully");
00255         return 1;
00256 }
00257 function securitySettingsForm()
00258 {
00259 global $pageFullPath;
00260         global $CMSTEMPLATE;
00261         global $urlRequestRoot,$templateFolder,$cmsFolder;
00262         $globals=getGlobalSettings();
00263         $blacklist = getBlacklistTable();
00264         foreach($globals as $var=>$val) 
00265                 $$var=$val;
00266         $openidno_ischecked=($openid_enabled=='false')?'checked':'';
00267         $openidyes_ischecked=($openid_enabled=='false')?'':'checked';
00268         $recapt_ischecked=($recaptcha=='1')?'checked':'';
00269         $globalform=<<<globalform
00270         <table style="width:100%">
00271         <tr>
00272         <td style="width:35%">Upload Limit (bytes) </td>
00273         <td style="width:"65%"><input type="text" name='upload_limit' value='$upload_limit'></td>
00274         </tr>
00275         <tr>
00276         <td>Site Reindex Frequency (days) </td>
00277         <td><input type="text" name='reindex_frequency' value='$reindex_frequency'></td>
00278         </tr>
00279         <tr>
00280                         <td><label for="optEnableOpenID">Enable OpenID?</label></td>
00281                         <td>
00282                         <labe><input type="radio" name="openid_enabled" id="optEnableOpenIDNo" value="false" $openidno_ischecked />No</label>
00283                         <label><input type="radio" name="openid_enabled" id="optEnableOpenIDYes" value="true" $openidyes_ischecked />Yes</label>
00284                         </td>
00285         </tr>
00286         <tr>
00287                 <td>Censor Words (use | to seperate the words. Please dont use spaces) </td>
00288                 <td><textarea style="width:98%" rows=10 cols=10 name='censor_words' />$censor_words</textarea></td>
00289         </tr>
00290         <tr>
00291         <td>Use ReCAPTCHA ?</td>
00292         <td>
00293                                 <label><input type="checkbox" name="recaptcha_enable" id="recaptcha_enable" value="Yes" $recapt_ischecked/>Yes</label>
00294                         </td>
00295                 </tr>
00296                 <tr>
00297                         <td><label for="public_key">ReCAPTCHA Public Key:</label></td>
00298                         <td><input type="text" id="public_key" name="public_key" value='$recaptcha_public' /></td>
00299                 </tr>
00300                 <tr>
00301                         <td><label for="private_key">ReCAPTCHA Private Key:</label></td>
00302                         <td><input type="text" id="private_key" name="private_key" value='$recaptcha_private' /></td>
00303                 </tr>
00304         </table>
00305 $blacklist
00306 globalform;
00307 return $globalform;
00308 }
00309 
00310 
00311 
00312 
00313 function extension($file) {
00314         $start = strrpos($file,".");
00315         $len = strlen($file);
00316         return substr($file,$start,$len-$start);
00317 }
00318 
00319 function delDir($dirname) {
00320         if (is_dir($dirname))
00321                 $dir_handle = opendir($dirname);
00322         if (!isset($dir_handle) || !$dir_handle)
00323                 return false;
00324         while($file = readdir($dir_handle)) {
00325                 if ($file != "." && $file != "..") {
00326                         if (!is_dir($dirname."/".$file))
00327                                 unlink($dirname."/".$file);
00328                         else
00329                                 delDir($dirname.'/'.$file);             
00330                 }
00331         }
00332         closedir($dir_handle);
00333         rmdir($dirname);
00334         return true;
00335 }
00336 
00337 function getSuggestions($pattern) {
00338         $suggestionsQuery = "SELECT IF(user_email LIKE \"$pattern%\", 1, " .
00339                         "IF(`user_fullname` LIKE \"$pattern%\", 2, " .
00340                         "IF(`user_fullname` LIKE \"% $pattern%\", 3, " .
00341                         "IF(`user_email` LIKE \"%$pattern%\", 4, " .
00342                         "IF(`user_fullname` LIKE \"%$pattern%\", 5, 6" .
00343                         "))))) AS `relevance`,  `user_email`, `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE " .
00344                         "  `user_activated`=1 AND(`user_email` LIKE \"%$pattern%\" OR `user_fullname` LIKE \"%$pattern%\" ) ORDER BY `relevance`";
00345 //                      echo $suggestionsQuery;
00346         $suggestionsResult = mysql_query($suggestionsQuery);
00347 
00348         $suggestions = array($pattern);
00349 
00350         while($suggestionsRow = mysql_fetch_row($suggestionsResult)) {
00351                 $suggestions[] = $suggestionsRow[1] . ' - ' . $suggestionsRow[2];
00352         }
00353 
00354         return join($suggestions, ',');
00355 }
00356 
00357 function admin($pageid, $userid) {
00358         
00359         if(isset($_GET['doaction']) && $_GET['doaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
00360                 if(strlen($_GET['forwhat']) >= 3) {
00361                         echo getSuggestions($_GET['forwhat']);
00362                         disconnect();
00363                         exit();
00364                 }
00365         }
00366         global $urlRequestRoot,$templateFolder,$cmsFolder,$ICONS;
00367     if(isset($_GET['indexsite'])) {
00368                 global $sourceFolder;
00369                 require("$sourceFolder/modules/search/admin/spider.php");
00370                 if($_GET['indexsite'] == 1) {
00371                         $serveruri=$_SERVER['SCRIPT_NAME'];
00372                         $uri=substr($serveruri,0,stripos($serveruri,"index.php"));
00373                         $site = "http://" . $_SERVER['HTTP_HOST'] . $uri . "home/";
00374                         index_site($site, 0, -1, 'full', "", "+\n&", 0);
00375                         displayinfo("Index for site created");
00376                 } else {
00377                         index_all();
00378                 }
00379         }
00380         
00381         $result = mysql_fetch_array(mysql_query("SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'reindex_frequency'"));
00382         if($result != NULL)
00383                 $threshold = $result['value'];
00384         else
00385                 $threshold = 30;
00386         $result = mysql_fetch_array(mysql_query("SELECT to_days(CURRENT_TIMESTAMP)-to_days(`indexdate`) AS 'diff' FROM `sites` WHERE `url` LIKE '%home%'"));
00387         
00388         if($result == NULL)
00389                 displayinfo("It seems the site doesn't have index for the search to work. Click <a href='./+admin&indexsite=1'>here</a> to index the site.");
00390         else if($result['diff'] > $threshold)
00391                 displayinfo("Your site index was created {$result['diff']} days before. Click <a href='./+admin&indexsite=2'>here</a> to reindex your site.");
00392         
00393         $quicklinks = <<<ADMINPAGE
00394         <fieldset>
00395         <legend>{$ICONS['Website Administration']['small']}Website Administration</legend>
00396         <a name='quicklinks'></a>
00397         <table class="iconspanel">
00398         <tr>
00399         <td><a href="./+admin&subaction=global"><div>{$ICONS['Global Settings']['large']}<br/>Global Settings</div></a></td>    
00400         <td><a href="./+admin&subaction=template"><div>{$ICONS['Templates Management']['large']}<br/>Templates Management</div></a></td>
00401         <td><a href="./+admin&subaction=module"><div>{$ICONS['Modules Management']['large']}<br/>Module Management</div></a></td>
00402         <td><a href="./+admin&subaction=widgets"><div>{$ICONS['Widgets']['large']}<br/>Widgets Management</div></a></td>
00403         </tr>
00404         <tr>
00405         <td><a href="./+admin&subaction=icon"><div>{$ICONS['Icons']['large']}<br/>Icons Management</div></a></td>
00406         <td><a href="./+admin&subaction=email"><div>{$ICONS['Email Registrants']['large']}<br/>Email Registrants</div></a></td>
00407         <td><a href="./+admin&subaction=editgroups"><div>{$ICONS['User Groups']['large']}<br/>Group Management</div></a></td>
00408         <td><a href="./+admin&subaction=expert"><div>{$ICONS['Site Maintenance']['large']}<br/>Site Maintenance</div></a></td>
00409         </tr>
00410         <tr>
00411         
00412         <td colspan=2><a href="./+admin&subaction=useradmin"><div>{$ICONS['User Management']['large']}<br/>User Management</div></a></td>
00413         <td colspan=2><a href="./+admin&subaction=editprofileform"><div>{$ICONS['User Profile']['large']}<br/>User Profiles</div></a></td>
00414         </tr>
00415 
00416         </table>
00417         </fieldset>
00418 ADMINPAGE;
00419         if(isset($_GET['subaction'])) {
00420                 require_once("email.lib.php");
00421                 if($_GET['subaction'] == "email")
00422                         return  displayEmail().$quicklinks;
00423                 else if($_GET['subaction'] == "openemail")
00424                         return displayEmail(escape($_GET['name'])).$quicklinks;
00425                 else if($_GET['subaction'] == "emailsend") {
00426                         sendEmail();
00427                         return  displayEmail(escape($_POST['emailtemplates'])).$quicklinks;
00428                 }
00429                 else if($_GET['subaction'] == "emailsave") {
00430                         saveEmail();
00431                         return  displayEmail(escape($_POST['emailtemplates'])).$quicklinks ;
00432                 }
00433         }
00434         if(isset($_GET['subaction']) && ($_GET['subaction']=='module'||$_GET['subaction']=='template')) {
00435                 $type = escape($_GET['subaction']);
00436                 if($type=='module')
00437                         displaywarning("Module Installation/Uninstallation has the potential to completely bring down the CMS, so Install only modules from trusted source");
00438                 require_once("module.lib.php");
00439                 require_once("template.lib.php");
00440                 $type = ucfirst($type);
00441                 $function = "handle{$type}Management";
00442                 $op = $function();
00443                 if($op != "") return $op.$quicklinks;
00444                 return managementForm($type).$quicklinks;
00445         }
00446         global $sourceFolder;   
00447         if(!isset($_GET['subaction']) && !isset($_GET['subsubaction'])) return $quicklinks;
00448         require_once("users.lib.php");
00449         $op="";$ophead=""; $str="";
00450         
00451         
00452         
00453         
00454         if (isset($_GET['subaction'])||isset($_GET['subsubaction'])||isset ($_GET['id'])||isset ($_GET['movePermId'])||isset ($_GET['module'])) {
00455         
00456                 if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_POST['update_global_settings'])) 
00457                         updateGlobalSettings();
00458                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_GET['del_black']))
00459                         delete_blacklist(); 
00460                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'useradmin')
00461                 { 
00462                         $op .= handleUserMgmt();
00463                         $ophead="{$ICONS['User Management']['small']}User Management";
00464                 }
00465                 else if (isset($_GET['subaction']) &&  $_GET['subaction'] == 'widgets') 
00466                 { 
00467                         $op .= handleWidgetAdmin($pageid); 
00468                         $ophead="{$ICONS['Widgets']['small']}Widgets Management"; 
00469                 }
00470                 else if(isset($_GET['subaction']) && $_GET['subaction'] == 'icon')
00471                 {
00472                         require_once("iconmanagement.lib.php");
00473                         $res = handleIconManagement();
00474                         if(isset($_GET['iconURL']))
00475                                 return $res;
00476                         
00477                         $op .= $res;
00478                         $ophead = "{$ICONS['Icons']['small']}Icons Management";
00479                 }
00480                 else if (isset($_GET['subaction']) &&  $_GET['subaction'] == 'editgroups') {
00481                         require_once("permission.lib.php");
00482                         $pagepath = array();
00483                         parseUrlDereferenced($pageid, $pagepath);
00484                         $virtue = '';
00485                         $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, array_reverse(getGroupIds($userid)), $virtue);
00486                         $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
00487                         $op .= groupManagementForm($userid, $modifiableGroups, $pagepath);
00488                         $ophead="{$ICONS['Group Management']['small']}Group Management";
00489                 }
00490                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadtemplates')
00491                 { 
00492                         $op .= reloadTemplates(); 
00493                         $ophead="{$ICONS['Templates Management']['small']}Reloading Templates"; 
00494                 }
00495                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadmodules')
00496                 { 
00497                         $op .= reloadModules(); 
00498                         $ophead="{$ICONS['Modules Management']['small']}Reloading Modules"; 
00499                 }
00500                 else if (isset($_GET['subaction']) && $_GET['subaction'] == 'checkPerm')
00501                 { 
00502                         $op .= admin_checkFunctionPerms(); 
00503                         $ophead="{$ICONS['Access Permissions']['small']}Checking Permissions Consistency"; 
00504                 }
00505                 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminUser')
00506                 { 
00507                         $op .= admin_checkAdminUser(); 
00508                         $ophead="Checking Administrator User"; 
00509                 }
00510                 elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminPerms')
00511                 {
00512                  $op .= admin_checkAdminPerms(); 
00513                  $ophead="Checking Administrator Permissions"; 
00514                 }
00515                 elseif (isset($_GET['subaction']) && ($_GET['subaction'] == 'changePermRank'))
00516                 { 
00517                         $op .= admin_changePermRank(); 
00518                         $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank"; 
00519                 }
00520                 elseif ((isset($_GET['subaction']) && ($_GET['subaction'] == 'editprofileform')) ||
00521                         (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editprofileform'))
00522                 { 
00523                         $op .= admin_editProfileForm(); 
00524                         $ophead="{$ICONS['User Profile']['small']}Edit User Profile Form"; 
00525                 }
00526                 elseif (isset ($_GET['id'])) 
00527                         $op .= admin_userAdmin();
00528                 elseif (isset ($_GET['movePermId']))
00529                 { 
00530                         $op .= admin_changePermRank(); 
00531                         $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank"; 
00532                 }
00533                 elseif (isset ($_GET['module']))
00534                 { 
00535                         $op .= admin_changePermRank(escape($_GET['module'])); 
00536                         $ophead="{$ICONS['Access Permissions']['small']}Changing Permissions Rank for module '".escape($_GET['module'])."'"; 
00537                 }
00538         }
00539         if($op!="")
00540         {
00541                 $op ="<fieldset><legend>$ophead</legend>$op</fieldset>";
00542         }
00543 
00544         if(isset($_GET['subaction']) && $_GET['subaction']=='global')
00545          $str .= globalSettingsForm();
00546         else if(isset($_GET['subaction']) && $_GET['subaction']=='editgroups') {
00547                 //do nothing so that "expert only" doesn't comes up
00548         }
00549         else if(isset($_GET['subaction']) && $_GET['subaction']=='useradmin')
00550         {
00551                 
00552                 $op .= userManagementForm();
00553         }
00554         else if(isset($_GET['subaction']) && $_GET['subaction']=='expert')
00555         {
00556                 $str .= "<fieldset><legend>{$ICONS['Site Maintenance']['small']}Experts Only</legend>";
00557                 $str .= '<a href="./+admin&subaction=checkPerm">Check Permission List</a><br />';
00558                 $str .= '<a href="./+admin&subaction=checkAdminUser">Check Admin User</a><br />';
00559                 $str .= '<a href="./+admin&subaction=checkAdminPerms">Check Admin Perms</a><br />';
00560                 $str .= '<a href="./+admin&subaction=changePermRank">Change Perm Ranks</a><br />';
00561                 $str .= '<a href="./+admin&subaction=reloadtemplates">Reload Templates</a><br />';
00562                 $str .= '<a href="./+admin&subaction=reloadmodules">Reload Modules</a><br />';
00563                 $str .= '<a href="./+admin&indexsite=2">Reindex Site for Searching</a></br/></fieldset>';
00564                 
00565                 
00566         }
00567         
00568         return $str.$op.$quicklinks;
00569 
00570 }
00571 
00572 function managementForm($type) {
00573         $function = "getAvailable{$type}s";
00574         $modules = $function();
00575         $modulesList = "<select name='{$type}'>";
00576         foreach($modules as $module)
00577                 $modulesList .= "<option value='" . $module . "'>" . $module . "</option>";
00578         $modulesList .= "</select>";
00579         global $ICONS;
00580         $smallIcon = $ICONS[$type.'s Management']['small'];
00581         $subaction = ($type=="Module")?'module':($type=="Template"?'template':"");
00582         $form=<<<FORM
00583         <script type="text/javascript">
00584         function delconfirm(obj) {
00585                 return confirm("Are you sure want to delete '" + document.getElementById('modules').value + "' {$type}?");
00586         }
00587         </script>
00588         <fieldset>
00589         <legend>{$smallIcon}{$type} Management</legend>
00590         <form name='module' method='POST' action="./+admin&subaction={$subaction}&subsubaction=install" enctype="multipart/form-data">
00591         Add new {$type}: <input type='file' name='file' id='file' /><input type='submit' name='btn_install' value='Upload' />
00592         </form>
00593         <br/><br/>
00594         <form method='POST' action="./+admin&subaction={$subaction}&subsubaction=uninstall" enctype="multipart/form-data">
00595         Delete Existing {$type}: {$modulesList}<input type='submit' name='btn_uninstall' value='Uninstall' onclick='return delconfirm(this);' />
00596         </form>
00597         </fieldset>
00598 FORM;
00599         return $form;
00600 }
00601 
00602 function updateGlobalSettings()
00603 {
00604        
00605         $global=array();
00606         $global['allow_pagespecific_header']=isset($_POST['allow_page_header'])?1:0;
00607         $global['allow_pagespecific_template']=isset($_POST['allow_page_template'])?1:0;
00608         $global['default_user_activate']=isset($_POST['activate_useronreg'])?1:0;
00609         $global['default_mail_verify']=isset($_POST['send_mail_on_reg'])?1:0;
00610         $global['breadcrumb_submenu']=isset($_POST['breadcrumb_submenu'])?1:0;
00611 
00612         $global['allow_login']=isset($_POST['allow_login'])?1:0;
00613         $global['deadline_notify']=$_POST['deadline_notify'];
00614         $global['cms_title']=escape($_POST['cms_title']);
00615         $global['default_template']=escape($_POST['default_template']);
00616         $global['cms_email']=escape($_POST['cms_email']);
00617         $global['upload_limit']=escape($_POST['upload_limit']);
00618         $global['reindex_frequency']=escape($_POST['reindex_frequency']);
00619         $global['cms_desc']=escape($_POST['cms_desc']);
00620         $global['cms_keywords']=escape($_POST['cms_keywords']);
00621         $global['cms_footer']=escape($_POST['cms_footer']);
00622         $global['blacklist_domain']=escape($_POST['blacklist_domain']);
00623         $global['blacklist_ip']=escape($_POST['blacklist_ip']);
00624         $global['censor_words']=safe_html($_POST['censor_words']);
00625         $blacklist_domain = safe_html($_POST['blacklist_domain']);
00626         $blacklist_ip = safe_html($_POST['blacklist_ip']);
00627         if(!(($blacklist_domain=="")&&($blacklist_ip=="")))
00628                 setblacklist($blacklist_domain,$blacklist_ip);
00629         if(isset($_POST['openid_enabled']) && escape($_POST['openid_enabled']=='true')) //if user submitted true
00630           { 
00631             if (iscurlinstalled()) //check if curl is enabled
00632               $global['openid_enabled']='true'; // enable openid
00633             else
00634               {
00635                 global $curl_message;
00636                 displaywarning($curl_message); //dispaly warnning that curl is not enabled
00637                 $global['openid_enabled']='false'; //disable openid
00638               }
00639           }
00640         else  //if user submitted false
00641           $global['openid_enabled']='false'; //disable openid
00642         if(isset($_POST['recaptcha_enable'])) //if user submitted true
00643           { 
00644             if (($_POST['public_key']!=NULL)&&($_POST['private_key']!=NULL))
00645                 {           
00646                   $global['recaptcha']='1'; // enable recaptcha
00647                   $global['recaptcha_public']=escape($_POST['public_key']);
00648                   $global['recaptcha_private']=escape($_POST['private_key']);
00649             
00650                 }
00651         else
00652               {
00653                 displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled"); //dispaly warning
00654                 $global['recaptcha']='0'; //disable recaptcha
00655               }
00656           }
00657         else
00658             $global['recaptcha']='0';
00659         setGlobalSettings($global);
00660 
00661         displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
00662         
00663 }
00664 
00665 function admin_checkFunctionPerms() {
00666         global $sourceFolder;
00667         $returnStr="";
00668         //1) Check all available classes (modules)
00669         if ($handle = opendir($sourceFolder . '/modules')) {
00670                 while (false !== ($file = readdir($handle))) {
00671                         $list[] = $file;
00672                 }
00673                 closedir($handle);
00674         }
00675         foreach ($list as $temp) {
00676                 if (strpos($temp, '.lib.php')==strlen($temp)-8) {
00677                         $moduleArray[] = str_replace('.lib.php', '', $temp);
00678                 }
00679         }
00680         $moduleList = "";
00681         foreach ($moduleArray as $module) {
00682                 $moduleList .= $module . ", ";
00683         }
00684         $moduleList .= "";      
00685 
00686         $returnStr.="<br/>The following modules/classes exist in the file system:<br>$moduleList";
00687         $moduleList = "";
00688 
00689         //      2) See, if all their functions actionView(), actionEdit(), actionX exist
00690         //in the perms table or not (and create also). If
00691         //not, give option to create that permission.
00692 
00693         global $sourceFolder;
00694         global $moduleFolder;
00695         foreach ($moduleArray as $module) {
00696                 $perm = array ();
00697                 reset($perm);
00698                 $i = 0;
00699                 if (($module != 'forum') && ($module != 'poll') && ($module != 'contest')/* && ($module != 'gallery')*/) {
00700 
00701         
00702                         require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00703 
00704                         $functionArray = get_class_methods($module);
00705         
00706                         if($functionArray==NULL)  //means something's wrong, probably the class is not defined properly
00707                         {
00708                                 $returnStr.="<br/><b>Please check the Class definition of $module. It may have undefined functions. Please define the functions or declare the class as an abstract class</b>";
00709                                 continue;
00710                         }
00711                         foreach ($functionArray as $method) {
00712                                 if ((substr($method, 0, 6)) == 'action') {
00713                                         $permission = str_replace('action', "", $method);
00714                                         $permission = strtolower($permission);
00715                                         $perm[$i] = $permission;
00716                                         $i = $i +1;
00717                                 }
00718                         }
00719 
00720                         $permList = "";
00721                         foreach ($perm as $permElements) {
00722                                 $permList .= $permElements . ", ";
00723                         }
00724                         $returnStr.="<br/>The following methods/functions/actions exist in the filesystem class for $module:<br> $permList";
00725                         $perm[] = 'create';
00726                         $permExists = "";
00727                         $i = 0;
00728 
00729                         foreach ($perm as $permission) {
00730                                 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module' AND `perm_action`='$permission'";
00731                                 $result = mysql_query($query);
00732                                 if (mysql_num_rows($result) > 0) {
00733                                         if ($i == 1)
00734                                                 $permExists .= ", "; // Just to append ,(comma) after every perm but last
00735                                         $permExists .= $permission;
00736                                         $i = 1;
00737                                 } else {
00738                                         $returnStr.="<br/><b>$permission DOES NOT exist for $module but will be created</b><br>";
00739                                         $query = "SELECT MAX(perm_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00740                                         $result = mysql_query($query) or die(mysql_error());
00741                                         $row = mysql_fetch_assoc($result);
00742                                         $permid = $row['MAX'] + 1;
00743                                         $query = "SELECT MAX(perm_rank) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00744                                         $result = mysql_query($query) or die(mysql_error());
00745                                         $row = mysql_fetch_assoc($result);
00746                                         $permrank = $row['MAX'] + 1;
00747                                         $desc = $permission . " the " . $module;
00748                                         $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "permissionlist`(`perm_id` ,`page_module` ,`perm_action` ,`perm_text` ,`perm_rank` ,`perm_description`)VALUES ('$permid', '$module', '$permission', '$permission', '$permrank', '$desc') ";
00749                                         $result = mysql_query($query) or die(mysql_error());
00750                                         if (mysql_affected_rows())
00751                                                 displayinfo("$permission has been created for $module");
00752                                 }
00753                         }
00754 
00755                         $permExists .= ".";//Adding the last period.
00756                         $returnStr.="<br/>The following permissions exist in database for $module :<br>$permExists";
00757                          
00758                 }
00759 
00760         }
00761 
00762         //3) See if any extra option exists in the database, if it does, warn the user.
00763 
00764         foreach ($moduleArray as $module) {
00765                 if (($module != 'forum') && ($module != 'poll') && ($module!='contest')/* && ($module != 'gallery')*/) {
00766                         require_once ($sourceFolder . "/" . $moduleFolder . "/" . $module . ".lib.php");
00767                         $class = new $module ();
00768                         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module`='$module'";
00769                         $result = mysql_query($query);
00770                         while ($tempres = mysql_fetch_assoc($result)) {
00771 
00772                                 $permName = ucfirst($tempres['perm_action']);
00773                                 $method = "action" . $permName;
00774 
00775                                 if (!(method_exists($class, $method)))
00776                                         $returnStr.="<br/>Permission $method, perm id = $tempres[perm_id] exists in database but not in class $module";
00777 
00778                         }
00779 
00780                 }
00781         }
00782         return $returnStr;
00783 }
00784 //4) See if any user with the name admin exists or not. If it does not,
00785 //create it and give it a random and display all required information,
00786 
00787 function admin_checkAdminUser() {
00788         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin'";
00789         $result = mysql_query($query);
00790         if (mysql_num_rows($result) > 0) {
00791                 displayinfo("User \"Admin\" exists in database.");
00792         } else {
00793                 $query = "SELECT MAX(user_id) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "users` ";
00794                 $result = mysql_query($query) or die(mysql_error() . "check.lib L:141");
00795                 $row = mysql_fetch_assoc($result);
00796                 $uid = $row['MAX'] + 1;
00797                 $passwd = rand();
00798                 $adminPasswd = md5($passwd);
00799                 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users`( `user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password`  ,`user_activated`)VALUES ( $uid , 'admin', 'admin@cms.org', 'Administrator', '$adminPasswd', '1')";
00800                 
00801                 $result = mysql_query($query) or die(mysql_error());
00802                 if (mysql_affected_rows() > 0) {
00803                         displayinfo("User Admin has been created with email admin@cms.org and password as $passwd");
00804                 } else
00805                         displayerror("Failed to create user Admin");
00806         }
00807 }
00808 
00809 function admin_checkAdminPerms()
00810 /*
00811  *
00812  * 5) See if the admin user has all perms at page 0 or not. If not, give him
00813  *    all perms and inform him
00814  */
00815  {
00816         $returnStr="";
00817         $str="";
00818         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='admin' ";
00819         $result = mysql_query($query);
00820         if (mysql_num_rows($result) > 0) {
00821                 $temp = mysql_fetch_array($result);
00822                 $user_Id = $temp['user_id'];
00823                 $query1 = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist`";
00824                 $result1 = mysql_query($query1);
00825                 while ($temp1 = mysql_fetch_assoc($result1)) {
00826                         foreach ($temp1 as $var => $val) {
00827                                 if ($var == 'perm_id') {
00828                                         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type`='user' AND `usergroup_id`=$user_Id AND `page_id`=0 AND `perm_id`=$val AND `perm_permission`='Y'";
00829                                         $result = mysql_query($query) or die(mysql_error());
00830                                         if (!mysql_num_rows($result)) {
00831                                                 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "userpageperm` (`perm_type`,`page_id`,`usergroup_id`,`perm_id`,`perm_permission`) VALUES ('user','0','$user_Id','$val','Y')";
00832                                                 $result2 = mysql_query($query);
00833                                                 if (mysql_affected_rows())
00834                                                         $returnStr.="\n<br>User Admin userId=$user_Id has been allotted permission $temp1[perm_action] of module $temp1[page_module] over page 0";
00835                                                 else
00836                                                         $returnStr.="\n<br>Failed to create permission $temp1[perm_action] of module $temp1[page_module] over page 0 for User Admin userId=$user_Id";
00837                                         } else {
00838                                                 $str .= "";
00839                                                 $str .= "\n<tr><td>" . $temp1['page_module'] . "</td><td>" . $temp1['perm_action'] . "</td></tr>";
00840                                         }
00841                                 }
00842                         }
00843                 }
00844                 if ($str != '')
00845                         $returnStr.="The following permissions exist for user admin: <table border=\"1\"><tr><th>Module</th><th>Permission</th></tr>" .$str. "</table>";
00846 
00847         } else {
00848                 $returnStr.=admin_checkAdminUser();
00849                 $returnStr.=admin_checkAdminPerms();
00850         }
00851         return $returnStr;
00852 }
00853 
00854 
00855 /*
00856  * 8) Ability to change perm ranks (like page move up and move )
00857  *
00858  * */
00859 
00860 function admin_changePermRank($module="") {
00861         require_once("tbman_executer.lib.php");
00862 
00863         //checking if this is the first time it is being called
00864         $pv = "";
00865         if(isset($_POST['querystring'])) {
00866                 $pv = $_POST;
00867         } else {
00868                 $pv = "SELECT * FROM `". MYSQL_DATABASE_PREFIX ."permissionlist`";
00869         }
00870         $table = new tbman_executer($pv);
00871         $table->formaction="./+admin&subaction=changePermRank";
00872         return $table->execute();
00873         
00874 }
00875 
00876 
00877 function admin_editProfileForm() {
00878         include_once('profile.lib.php');
00879         return getProfileFormEditForm();
00880 }
00881 
00882 function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath) {
00883         require_once("group.lib.php");
00884         global $ICONS;
00885         global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder,$sourceFolder;
00886         $scriptsFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/scripts";
00887         $imagesFolder = "$urlRequestRoot/$cmsFolder/$templateFolder/common/images";
00888 
00890         $groupRow = $groupId = $userId = null;
00891         $subAction = ''; //isset($_GET['subaction']) ? $_GET['subaction'] : '';
00892         if ((isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname'])) || (isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])))
00893                 $subAction = 'showeditform';
00894         elseif(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform')
00895                 $subAction = 'associateform';
00896         elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail']))
00897                 $subAction = 'deleteuser';
00898         elseif (isset($_POST['btnAddUserToGroup']))
00899                 $subAction = 'addusertogroup';
00900         elseif (isset($_POST['btnSaveGroupProperties']))
00901                 $subAction = 'savegroupproperties';
00902         elseif (isset($_POST['btnEditGroupPriorities']) || (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities'))
00903                 $subAction = 'editgrouppriorities';
00904 
00905         if(isset($_POST['selEditGroups']) || isset($_GET['groupname'])) {
00906                 $groupRow = getGroupRow( isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname']) );
00907                 $groupId = $groupRow['group_id'];
00908                 if($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) {
00909                         displayerror('Error! Invalid group requested.');
00910                         return ;
00911                 }
00912 
00913                 if(!is_null($groupId)) {
00914                         if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
00915                                 displayerror('You do not have the permission to modify the selected group.');
00916                                 return '';
00917                         }
00918                 }
00919         }
00920         if(isset($_GET['useremail'])) {
00921                 $userId = getUserIdFromEmail($_GET['useremail']);
00922         }
00923 
00924         if($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) {
00925                 if ($subAction == 'deleteuser') {
00926                         if($groupRow['form_id'] != 0) {
00927                                 displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.');
00928                         }
00929                         elseif (!$userId) {
00930                                 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00931                         }
00932                         else {
00933                                 $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = ' . $userId . ' AND `group_id` = ' . $groupId;
00934                                 $deleteResult = mysql_query($deleteQuery);
00935                                 if(!$deleteResult || mysql_affected_rows() != 1) {
00936                                         displayerror('Could not delete user with the given E-mail from the given group.');
00937                                 }
00938                                 else {
00939                                         displayinfo('Successfully removed user from the current group');
00940 
00941                                         if($userId == $currentUserId) {
00942                                                 $virtue = '';
00943                                                 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
00944                                                 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
00945                                         }
00946                                 }
00947                         }
00948                 }
00949                 elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) {
00950                         $updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '".escape($_POST['txtGroupDescription'])."' WHERE `group_id` = $groupId";
00951                         $updateResult = mysql_query($updateQuery);
00952                         if (!$updateResult) {
00953                                 displayerror('Could not update database.');
00954                         }
00955                         else {
00956                                 displayinfo('Changes to the group have been successfully saved.');
00957                         }
00958                         $groupRow = getGroupRow($groupRow['group_name']);
00959                 }
00960                 elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') {
00961                         if($groupRow['form_id'] != 0) {
00962                                 displayerror('The selected group is associated with a form. To add a user, register the user to the form.');
00963                         }
00964                         else {
00965                                 $passedEmails = explode(',', escape($_POST['txtUserEmail']));
00966 
00967                                 for($i = 0; $i < count($passedEmails); $i++) {
00968                                         $hyphenPos = strpos($passedEmails[$i], '-');
00969                                         if ($hyphenPos >= 0) {
00970                                                 $userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1));
00971                                         }
00972                                         else {
00973                                                 $userEmail = escape($_POST['txtUserEmail']);
00974                                         }
00975 
00976                                         $userId = getUserIdFromEmail($userEmail);
00977                                         if(!$userId || $userId < 1) {
00978                                                 displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
00979                                         }
00980 
00981                                         if(!addUserToGroupName($groupRow['group_name'], $userId)) {
00982                                                 displayerror('Could not add the given user to the current group.');
00983                                         }
00984                                         else {
00985                                                 displayinfo('User has been successfully inserted into the given group.');
00986                                         }
00987                                 }
00988                         }
00989                 }
00990                 elseif ($subAction == 'associateform') {
00991                         if(isset($_POST['btnAssociateGroup'])) {
00992                                 $pageIdArray = array();
00993                                 $formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray);
00994                                 if($formPageId <= 0 || getPageModule($formPageId) != 'form') {
00995                                         displayerror('Invalid page selected! The page you selected is not a form.');
00996                                 }
00997                                 elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form'))
00998                                         displayerror('You do not have the permissions to associate the selected form with a group.');
00999                                 else {
01000                                         $formModuleId = getModuleComponentIdFromPageId($formPageId, 'form');
01001                                         require_once("$sourceFolder/$moduleFolder/form.lib.php");
01002 
01003                                         if(isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) {
01004                                                 associateGroupWithForm($groupId, $formModuleId);
01005                                                 $groupRow = getGroupRow($groupRow['group_name']);
01006                                         }
01007                                         else
01008                                                 displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.');
01009                                 }
01010                         }
01011                         elseif(isset($_POST['btnUnassociateGroup'])) {
01012                                 if($groupRow['form_id'] <= 0) {
01013                                         displayerror('The selected group is currently not associated with any form.');
01014                                 }
01015                                 elseif(!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) {
01016                                         displayerror('You do not have the permissions to unassociate the form from this group.');
01017                                 }
01018                                 else {
01019                                         unassociateFormFromGroup($groupId);
01020                                         $virtue = '';
01021                                         $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01022                                         $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01023                                         $groupRow = getGroupRow($groupRow['group_name']);
01024                                 }
01025                         }
01026                 }
01027 
01028                 if($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
01029                         displayerror('You do not have the permission to modify the selected group.');
01030                         return '';
01031                 }
01032 
01033                 $usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`';
01034                 $usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`';
01035                 $userQuery = "SELECT `user_email`, `user_fullname` FROM $usergroupTable, $usersTable WHERE `group_id` =  $groupId AND $usersTable.`user_id` = $usergroupTable.`user_id` ORDER BY `user_email`";
01036                 $userResult = mysql_query($userQuery);
01037                 if(!$userResult) {
01038                         displayerror('Error! Could not fetch group information.');
01039                         return '';
01040                 }
01041         
01042                 $userEmails = array();
01043                 $userFullnames = array();
01044                 while($userRow = mysql_fetch_row($userResult)) {
01045                         $userEmails[] = $userRow[0];
01046                         $userFullnames[] = $userRow[1];
01047                 }
01048                 
01049                 $groupEditForm = <<<GROUPEDITFORM
01050                         <h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br />
01051                         <fieldset style="padding: 8px">
01052                                 <legend>{$ICONS['User Groups']['small']}Group Properties</legend>
01053                                 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01054                                         Group Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" />
01055                                         <input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" />
01056                                 </form>
01057                         </fieldset>
01058 
01059                         <br />
01060                         <fieldset style="padding: 8px">
01061                                 <legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend>
01062 GROUPEDITFORM;
01063 
01064                 $userCount = mysql_num_rows($userResult);
01065                 global $urlRequestRoot, $cmsFolder, $templateFolder,$sourceFolder;
01066                 $deleteImage = "<img src=\"$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />";
01067 
01068                 for($i = 0; $i < $userCount; $i++) {
01069                         $isntAssociatedWithForm = ($groupRow['form_id'] == 0);
01070                         if($isntAssociatedWithForm)
01071                                 $groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>";
01072                         $groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n";
01073                 }
01074 
01075                 $associateForm = '';
01076                 if($groupRow['form_id'] == 0) {
01077                         $associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId));
01078                         $associableFormCount = count($associableForms);
01079                         $associableFormsBox = '<select name="selFormPath">';
01080                         for($i = 0; $i < $associableFormCount; ++$i) {
01081                                 $associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>';
01082                         }
01083                         $associableFormsBox .= '</select>';
01084                         $associateForm = <<<GROUPASSOCIATEFORM
01085 
01086                         Select a form to associate the group with: $associableFormsBox
01087                         <input type="submit" name="btnAssociateGroup" value="Associate Group with Form" />
01088 GROUPASSOCIATEFORM;
01089                 }
01090                 else {
01091                         $associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']);
01092                         $associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' .
01093                                         '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />';
01094                 }
01095 
01096                 $groupEditForm .= '</fieldset>';
01097                 if($groupRow['form_id'] == 0) {
01098                         $groupEditForm .= <<<GROUPEDITFORM
01099                                 <br />
01100                                 <fieldset style="padding: 8px">
01101                                         <legend>{$ICONS['Add']['small']}Add Users to Group</legend>
01102                                         <form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
01103                                                 Email ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" />
01104                                                 <div id="suggestionDiv" class="suggestionbox"></div>
01105 
01106                                                 <script language="javascript" type="text/javascript" src="$scriptsFolder/ajaxsuggestionbox.js"></script>
01107                                                 <script language="javascript" type="text/javascript">
01108                                                 <!--
01109                                                         var addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%");
01110                                                         addUserBox.loadingImageUrl = '$imagesFolder/ajaxloading.gif';
01111                                                 -->
01112                                                 </script>
01113 
01114                                                 <input type="submit" name="btnAddUserToGroup" value="Add User to Group" />
01115                                         </form>
01116                                 </fieldset>
01117 GROUPEDITFORM;
01118                 }
01119                 $groupEditForm .= <<<GROUPEDITFORM
01120                         <br />
01121                         <fieldset style="padding: 8px">
01122                                 <legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend>
01123                                 <form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST">
01124                                         $associateForm
01125                                 </form>
01126                         </fieldset>
01127 GROUPEDITFORM;
01128 
01129                 return $groupEditForm;
01130         }
01131 
01132         if ($subAction == 'editgrouppriorities') {
01133                 $modifiableCount = count($modifiableGroups);
01134                 $userMaxPriority = $maxPriorityGroup = 1;
01135                 if($modifiableCount != 0) {
01136                         $userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']);
01137                         $maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id'];
01138                 }
01139 
01140                 if(isset($_GET['dowhat']) && !is_null($groupId)) {
01141                         if($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') {
01142                                 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true);
01143                         }
01144                         elseif($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') {
01145                                 shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false);
01146                         }
01147                         elseif($_GET['dowhat'] == 'emptygroup') {
01148                                 emptyGroup($groupRow['group_name']);
01149                         }
01150                         elseif($_GET['dowhat'] == 'deletegroup') {
01151                                 if(deleteGroup($groupRow['group_name'])) {
01152                                         $virtue = '';
01153                                         $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01154                                         $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01155                                 }
01156                         }
01157 
01158                         $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01159                 }
01160                 elseif(isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') {
01161                         if(isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) {
01162                                 $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '".escape($_POST['txtGroupName'])."'";
01163                                 $existsResult = mysql_query($existsQuery);
01164                                 if(trim($_POST['txtGroupName']) == '') {
01165                                         displayerror('Cannot create a group with an empty name. Please type in a name for the new group.');
01166                                 }
01167                                 elseif(mysql_num_rows($existsResult) >= 1) {
01168                                         displayerror('A group with the name you specified already exists.');
01169                                 }
01170                                 else {
01171                                         $idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
01172                                         $idResult = mysql_query($idQuery);
01173                                         $idRow = mysql_fetch_row($idResult);
01174                                         $newGroupId = 2;
01175                                         if(!is_null($idRow[0])) {
01176                                                 $newGroupId = $idRow[0] + 1;
01177                                         }
01178 
01179                                         $newGroupPriority = 1;
01180                                         if($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) {
01181                                                 $newGroupPriority = escape($_POST['selGroupPriority']);
01182                                         }
01183 
01184                                         $addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' .
01185                                                         "VALUES($newGroupId, '".escape($_POST['txtGroupName'])."', '".escape($_POST['txtGroupDescription'])."', $newGroupPriority)";
01186                                         $addGroupResult = mysql_query($addGroupQuery);
01187                                         if($addGroupResult) {
01188                                                 displayinfo('New group added successfully.');
01189 
01190                                                 if(isset($_POST['chkAddMe'])) {
01191                                                         $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ($currentUserId, $newGroupId)";
01192                                                         if(!mysql_query($insertQuery)) {
01193                                                                 displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query());
01194                                                         }
01195                                                 }
01196                                                 $virtue = '';
01197                                                 $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
01198                                                 $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
01199                                         }
01200                                         else {
01201                                                 displayerror('Could not run MySQL query. New group could not be added.');
01202                                         }
01203                                 }
01204                         }
01205 
01206                         $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
01207                 }
01208 
01209                 $modifiableCount = count($modifiableGroups);
01210                 if($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) {
01211                         $modifiableGroups = array_reverse($modifiableGroups);
01212                 }
01213                 $previousPriority = $modifiableGroups[0]['group_priority'];
01214                 global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder,$sourceFolder;
01215                 $iconsFolderUrl = "$urlRequestRoot/$cmsFolder/$templateFolder/common/icons/16x16";
01216                 $moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />';
01217                 $moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />';
01218                 $moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />';
01219                 $moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />';
01220                 $emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />';
01221                 $deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />';
01222 
01223                 $groupsForm = '<h3>Edit Group Priorities</h3><br />';
01224                 for($i = 0; $i < $modifiableCount; $i++) {
01225                         if($modifiableGroups[$i]['group_priority'] != $previousPriority) {
01226                                 $groupsForm .= '<br /><br /><hr /><br />';
01227                         }
01228                         $groupsForm .=
01229                                         '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' .
01230                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' .
01231                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' .
01232                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' .
01233                                         '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' .
01234                                         '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' .
01235                                         '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' .
01236                                         '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n";
01237                         $previousPriority = $modifiableGroups[$i]['group_priority'];
01238                 }
01239 
01240                 $priorityBox = '<option value="1">1</option>';
01241                 for($i = 2; $i <= $userMaxPriority; ++$i) {
01242                         $priorityBox .= '<option value="' . $i . '">' . $i . '</option>';
01243                 }
01244                 $groupsForm .= <<<GROUPSFORM
01245                 <br /><br />
01246                 <fieldset style="padding: 8px">
01247                         <legend>Create New Group:</legend>
01248 
01249                         <form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup">
01250                                 <label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br />
01251                                 <label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br />
01252                                 <label>Group Priority: <select name="selGroupPriority">$priorityBox</select><br />
01253                                 <label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br />
01254                                 <input type="submit" name="btnAddNewGroup" value="Add Group" />
01255                         </form>
01256                 </fieldset>
01257 GROUPSFORM;
01258 
01259                 return $groupsForm;
01260         }
01261 
01262 
01263         $modifiableCount = count($modifiableGroups);
01264         $groupsBox = '<select name="selEditGroups">';
01265         for($i = 0; $i < $modifiableCount; ++$i) {
01266                 $groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n";
01267         }
01268         $groupsBox .= '</select>';
01269 
01270         $groupsForm = <<<GROUPSFORM
01271                 <form name="groupeditform" method="POST" action="./+admin&subaction=editgroups">
01272                         $groupsBox
01273                         <input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br />
01274                         <input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" />
01275                 </form>
01276 
01277 GROUPSFORM;
01278 
01279         return $groupsForm;
01280 }

Generated on Mon Mar 14 2011 05:35:29 for Pragyan CMS by  doxygen 1.7.1