diff options
Diffstat (limited to 'phpBB/includes/ucp/ucp_groups.php')
-rw-r--r-- | phpBB/includes/ucp/ucp_groups.php | 147 |
1 files changed, 91 insertions, 56 deletions
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 86a8226d5b..cf6e049748 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -30,16 +30,20 @@ class ucp_groups { global $config, $phpbb_root_path, $phpEx, $phpbb_admin_path; global $db, $user, $auth, $cache, $template; - global $request, $phpbb_container; + global $request, $phpbb_container, $phpbb_log; + + /** @var \phpbb\language\language $language Language object */ + $language = $phpbb_container->get('language'); $user->add_lang('groups'); $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>'); - $mark_ary = request_var('mark', array(0)); + $mark_ary = $request->variable('mark', array(0)); $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST); - $delete = $request->variable('delete', false, false, \phpbb\request\request_interface::POST); - $error = $data = array(); + + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); switch ($mode) { @@ -49,8 +53,8 @@ class ucp_groups if ($submit || isset($_POST['change_default'])) { - $action = (isset($_POST['change_default'])) ? 'change_default' : request_var('action', ''); - $group_id = ($action == 'change_default') ? request_var('default', 0) : request_var('selected', 0); + $action = (isset($_POST['change_default'])) ? 'change_default' : $request->variable('action', ''); + $group_id = ($action == 'change_default') ? $request->variable('default', 0) : $request->variable('selected', 0); if (!$group_id) { @@ -65,12 +69,12 @@ class ucp_groups $group_row = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $group_helper->get_name($row['group_name']); $group_row[$row['group_id']] = $row; } $db->sql_freeresult($result); - if (!sizeof($group_row)) + if (!count($group_row)) { trigger_error('GROUP_NOT_EXIST'); } @@ -86,6 +90,7 @@ class ucp_groups if (!$auth->acl_get('u_chggrp')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NOT_AUTHORISED'] . $return_page); } @@ -99,7 +104,10 @@ class ucp_groups { group_user_attributes('default', $group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_CHANGE', sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name'])); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_CHANGE', false, array( + 'reportee_id' => $user->data['user_id'], + sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name']) + )); meta_refresh(3, $this->u_action); trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page); @@ -146,7 +154,10 @@ class ucp_groups { group_user_del($group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_RESIGN', $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_RESIGN', false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang[($row['user_pending']) ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page); @@ -202,7 +213,10 @@ class ucp_groups group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1); } - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang[($group_row[$group_id]['group_type'] == GROUP_FREE) ? 'GROUP_JOINED' : 'GROUP_JOINED_PENDING'] . $return_page); @@ -237,7 +251,10 @@ class ucp_groups { group_user_attributes('demote', $group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_DEMOTE', $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_DEMOTE', false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang['USER_GROUP_DEMOTED'] . $return_page); @@ -295,7 +312,7 @@ class ucp_groups $template->assign_block_vars($block, array( 'GROUP_ID' => $row['group_id'], - 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], @@ -316,7 +333,7 @@ class ucp_groups $sql = 'SELECT group_id, group_name, group_colour, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type, group_founder_manage FROM ' . GROUPS_TABLE . ' - WHERE ' . ((sizeof($group_id_ary)) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . " + WHERE ' . ((count($group_id_ary)) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . " group_type $sql_and ORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); @@ -349,7 +366,7 @@ class ucp_groups $template->assign_block_vars('nonmember', array( 'GROUP_ID' => $row['group_id'], - 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true, 'GROUP_CLOSED' => ($row['group_type'] <> GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? false : true, @@ -379,10 +396,13 @@ class ucp_groups case 'manage': $this->page_title = 'UCP_USERGROUPS_MANAGE'; - $action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''); - $group_id = request_var('g', 0); + $action = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', ''); + $group_id = $request->variable('g', 0); - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('phpbb_get_user_rank')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } add_form_key('ucp_groups'); @@ -414,7 +434,7 @@ class ucp_groups $avatar = phpbb_get_group_avatar($group_row, 'GROUP_AVATAR', true); $template->assign_vars(array( - 'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name, + 'GROUP_NAME' => $group_helper->get_name($group_name), 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '', 'GROUP_DESC_DISP' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']), @@ -447,11 +467,8 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false; $user->add_lang(array('acp/groups', 'acp/common')); - $data = $submit_ary = array(); - $update = (isset($_POST['update'])) ? true : false; $error = array(); @@ -499,29 +516,33 @@ class ucp_groups // Did we submit? if ($update) { - $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); - $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); - $group_type = request_var('group_type', GROUP_FREE); + $group_name = $request->variable('group_name', '', true); + $group_desc = $request->variable('group_desc', '', true); + $group_type = $request->variable('group_type', GROUP_FREE); - $allow_desc_bbcode = request_var('desc_parse_bbcode', false); - $allow_desc_urls = request_var('desc_parse_urls', false); - $allow_desc_smilies = request_var('desc_parse_smilies', false); + $allow_desc_bbcode = $request->variable('desc_parse_bbcode', false); + $allow_desc_urls = $request->variable('desc_parse_urls', false); + $allow_desc_smilies = $request->variable('desc_parse_smilies', false); $submit_ary = array( - 'colour' => request_var('group_colour', ''), - 'rank' => request_var('group_rank', 0), + 'colour' => $request->variable('group_colour', ''), + 'rank' => $request->variable('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, - 'message_limit' => request_var('group_message_limit', 0), - 'max_recipients'=> request_var('group_max_recipients', 0), + 'message_limit' => $request->variable('group_message_limit', 0), + 'max_recipients'=> $request->variable('group_max_recipients', 0), 'legend' => $group_row['group_legend'], 'teampage' => $group_row['group_teampage'], ); - if ($config['allow_avatar']) + if (!check_form_key('ucp_groups')) + { + $error[] = $user->lang['FORM_INVALID']; + } + + if (!count($error) && $config['allow_avatar']) { // Handle avatar $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); - $config_name = preg_replace('#^avatar\.driver.#', '', $driver_name); if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) { @@ -540,11 +561,6 @@ class ucp_groups $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } - if (!check_form_key('ucp_groups')) - { - $error[] = $user->lang['FORM_INVALID']; - } - // Validate submitted colour value if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) { @@ -552,7 +568,7 @@ class ucp_groups $error = array_merge($error, $colour_error); } - if (!sizeof($error)) + if (!count($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes @@ -595,7 +611,7 @@ class ucp_groups } } - if (sizeof($error)) + if (count($error)) { $error = array_map(array(&$user, 'lang'), $error); $group_rank = $submit_ary['rank']; @@ -610,7 +626,6 @@ class ucp_groups } else if (!$group_id) { - $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc_data = array( 'text' => '', 'allow_bbcode' => true, @@ -694,12 +709,12 @@ class ucp_groups 'S_EDIT' => true, 'S_INCLUDE_SWATCH' => true, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', - 'S_ERROR' => (sizeof($error)) ? true : false, + 'S_ERROR' => (count($error)) ? true : false, 'S_SPECIAL_GROUP' => ($group_type == GROUP_SPECIAL) ? true : false, 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled), 'S_GROUP_MANAGE' => true, - 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '', 'GROUP_RECEIVE_PM' => (isset($group_row['group_receive_pm']) && $group_row['group_receive_pm']) ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0, 'GROUP_MAX_RECIPIENTS' => (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0, @@ -747,7 +762,7 @@ class ucp_groups } $user->add_lang(array('acp/groups', 'acp/common')); - $start = request_var('start', 0); + $start = $request->variable('start', 0); // Grab the leaders - always, on every page... $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending @@ -836,6 +851,7 @@ class ucp_groups $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $base_url = $this->u_action . "&action=$action&g=$group_id"; $start = $pagination->validate_start($start, $config['topics_per_page'], $total_members); @@ -859,6 +875,11 @@ class ucp_groups trigger_error($user->lang['NO_GROUP'] . $return_page); } + if (!check_form_key('ucp_groups')) + { + trigger_error($user->lang('FORM_INVALID') . $return_page); + } + if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); @@ -897,11 +918,11 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $group_row['group_name'] = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { - if (!sizeof($mark_ary)) + if (!count($mark_ary)) { $start = 0; @@ -924,7 +945,7 @@ class ucp_groups group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); - $start = (sizeof($mark_ary) < 200) ? 0 : $start + 200; + $start = (count($mark_ary) < 200) ? 0 : $start + 200; } else { @@ -976,7 +997,7 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $group_row['group_name'] = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { @@ -1014,7 +1035,7 @@ class ucp_groups $user->add_lang(array('acp/groups', 'acp/common')); - $names = utf8_normalize_nfc(request_var('usernames', '', true)); + $names = $request->variable('usernames', '', true); if (!$group_id) { @@ -1038,19 +1059,33 @@ class ucp_groups } $name_ary = array_unique(explode("\n", $names)); - $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_name = $group_helper->get_name($group_row['group_name']); - $default = request_var('default', 0); + $default = $request->variable('default', 0); if (confirm_box(true)) { + $return_manage_page = '<br /><br />' . $language->lang('RETURN_PAGE', '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'); + // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row)) { - trigger_error($user->lang[$error] . $return_page); + $display_message = $language->lang($error); + + if ($error == 'GROUP_USERS_INVALID') + { + // Find which users don't exist + $actual_name_ary = $name_ary; + $actual_user_id_ary = []; + user_get_id_name($actual_user_id_ary, $actual_name_ary, false, true); + + $display_message = $language->lang('GROUP_USERS_INVALID', implode($language->lang('COMMA_SEPARATOR'), array_udiff($name_ary, $actual_name_ary, 'strcasecmp'))); + } + + trigger_error($display_message . $return_manage_page); } - trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); + trigger_error($language->lang('GROUP_USERS_ADDED') . $return_manage_page); } else { @@ -1063,7 +1098,7 @@ class ucp_groups 'action' => $action ); - confirm_box(false, $user->lang('GROUP_CONFIRM_ADD_USERS', sizeof($name_ary), implode($user->lang['COMMA_SEPARATOR'], $name_ary)), build_hidden_fields($s_hidden_fields)); + confirm_box(false, $user->lang('GROUP_CONFIRM_ADD_USERS', count($name_ary), implode($user->lang['COMMA_SEPARATOR'], $name_ary)), build_hidden_fields($s_hidden_fields)); } trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); @@ -1084,7 +1119,7 @@ class ucp_groups while ($value = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array( - 'GROUP_NAME' => ($value['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $value['group_name']] : $value['group_name'], + 'GROUP_NAME' => $group_helper->get_name($value['group_name']), 'GROUP_DESC' => generate_text_for_display($value['group_desc'], $value['group_desc_uid'], $value['group_desc_bitfield'], $value['group_desc_options']), 'GROUP_TYPE' => $value['group_type'], 'GROUP_ID' => $value['group_id'], |