Code Coverage for /data/phpBB/includes/ucp/ucp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	CRAP	0.00% covered (danger)	0.00%	0 / 872
ucp_groups	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	29756	0.00% covered (danger)	0.00%	0 / 868
main				0.00% covered (danger)	0.00%	0 / 1	29756	0.00% covered (danger)	0.00%	0 / 868

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	/**
23	* ucp_groups
24	*/
25	class ucp_groups
26	{
27	var $u_action;
28
29	function main($id, $mode)
30	{
31	global $config, $phpbb_root_path, $phpEx, $phpbb_admin_path;
32	global $db, $user, $auth, $cache, $template;
33	global $request, $phpbb_container, $phpbb_log;
34
35	/** @var \phpbb\language\language $language Language object */
36	$language = $phpbb_container->get('language');
37
38	$user->add_lang('groups');
39
40	$return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>');
41
42	$mark_ary = $request->variable('mark', array(0));
43	$submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
44
45	/** @var \phpbb\group\helper $group_helper */
46	$group_helper = $phpbb_container->get('group_helper');
47
48	switch ($mode)
49	{
50	case 'membership':
51
52	$this->page_title = 'UCP_USERGROUPS_MEMBER';
53
54	if ($submit \|\| isset($_POST['change_default']))
55	{
56	$action = (isset($_POST['change_default'])) ? 'change_default' : $request->variable('action', '');
57	$group_id = ($action == 'change_default') ? $request->variable('default', 0) : $request->variable('selected', 0);
58
59	if (!$group_id)
60	{
61	trigger_error('NO_GROUP_SELECTED');
62	}
63
64	$sql = 'SELECT group_id, group_name, group_type
65	FROM ' . GROUPS_TABLE . "
66	WHERE group_id IN ($group_id, {$user->data['group_id']})";
67	$result = $db->sql_query($sql);
68
69	$group_row = array();
70	while ($row = $db->sql_fetchrow($result))
71	{
72	$row['group_name'] = $group_helper->get_name($row['group_name']);
73	$group_row[$row['group_id']] = $row;
74	}
75	$db->sql_freeresult($result);
76
77	if (!count($group_row))
78	{
79	trigger_error('GROUP_NOT_EXIST');
80	}
81
82	switch ($action)
83	{
84	case 'change_default':
85	// User already having this group set as default?
86	if ($group_id == $user->data['group_id'])
87	{
88	trigger_error($user->lang['ALREADY_DEFAULT_GROUP'] . $return_page);
89	}
90
91	if (!$auth->acl_get('u_chggrp'))
92	{
93	send_status_line(403, 'Forbidden');
94	trigger_error($user->lang['NOT_AUTHORISED'] . $return_page);
95	}
96
97	// User needs to be member of the group in order to make it default
98	if (!group_memberships($group_id, $user->data['user_id'], true))
99	{
100	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
101	}
102
103	if (confirm_box(true))
104	{
105	group_user_attributes('default', $group_id, $user->data['user_id']);
106
107	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_CHANGE', false, array(
108	'reportee_id' => $user->data['user_id'],
109	sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name'])
110	));
111
112	meta_refresh(3, $this->u_action);
113	trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page);
114	}
115	else
116	{
117	$s_hidden_fields = array(
118	'default' => $group_id,
119	'change_default'=> true
120	);
121
122	confirm_box(false, sprintf($user->lang['GROUP_CHANGE_DEFAULT'], $group_row[$group_id]['group_name']), build_hidden_fields($s_hidden_fields));
123	}
124
125	break;
126
127	case 'resign':
128
129	// User tries to resign from default group but is not allowed to change it?
130	if ($group_id == $user->data['group_id'] && !$auth->acl_get('u_chggrp'))
131	{
132	trigger_error($user->lang['NOT_RESIGN_FROM_DEFAULT_GROUP'] . $return_page);
133	}
134
135	if (!($row = group_memberships($group_id, $user->data['user_id'])))
136	{
137	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
138	}
139	list(, $row) = each($row);
140
141	$sql = 'SELECT group_type
142	FROM ' . GROUPS_TABLE . '
143	WHERE group_id = ' . $group_id;
144	$result = $db->sql_query($sql);
145	$group_type = (int) $db->sql_fetchfield('group_type');
146	$db->sql_freeresult($result);
147
148	if ($group_type != GROUP_OPEN && $group_type != GROUP_FREE)
149	{
150	trigger_error($user->lang['CANNOT_RESIGN_GROUP'] . $return_page);
151	}
152
153	if (confirm_box(true))
154	{
155	group_user_del($group_id, $user->data['user_id']);
156
157	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_RESIGN', false, array(
158	'reportee_id' => $user->data['user_id'],
159	$group_row[$group_id]['group_name']
160	));
161
162	meta_refresh(3, $this->u_action);
163	trigger_error($user->lang[($row['user_pending']) ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page);
164	}
165	else
166	{
167	$s_hidden_fields = array(
168	'selected' => $group_id,
169	'action' => 'resign',
170	'submit' => true
171	);
172
173	confirm_box(false, ($row['user_pending']) ? 'GROUP_RESIGN_PENDING' : 'GROUP_RESIGN_MEMBERSHIP', build_hidden_fields($s_hidden_fields));
174	}
175
176	break;
177
178	case 'join':
179
180	$sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
181	FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
182	WHERE ug.user_id = u.user_id
183	AND ug.group_id = ' . $group_id . '
184	AND ug.user_id = ' . $user->data['user_id'];
185	$result = $db->sql_query($sql);
186	$row = $db->sql_fetchrow($result);
187	$db->sql_freeresult($result);
188
189	if ($row)
190	{
191	if ($row['user_pending'])
192	{
193	trigger_error($user->lang['ALREADY_IN_GROUP_PENDING'] . $return_page);
194	}
195
196	trigger_error($user->lang['ALREADY_IN_GROUP'] . $return_page);
197	}
198
199	// Check permission to join (open group or request)
200	if ($group_row[$group_id]['group_type'] != GROUP_OPEN && $group_row[$group_id]['group_type'] != GROUP_FREE)
201	{
202	trigger_error($user->lang['CANNOT_JOIN_GROUP'] . $return_page);
203	}
204
205	if (confirm_box(true))
206	{
207	if ($group_row[$group_id]['group_type'] == GROUP_FREE)
208	{
209	group_user_add($group_id, $user->data['user_id']);
210	}
211	else
212	{
213	group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1);
214	}
215
216	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), false, array(
217	'reportee_id' => $user->data['user_id'],
218	$group_row[$group_id]['group_name']
219	));
220
221	meta_refresh(3, $this->u_action);
222	trigger_error($user->lang[($group_row[$group_id]['group_type'] == GROUP_FREE) ? 'GROUP_JOINED' : 'GROUP_JOINED_PENDING'] . $return_page);
223	}
224	else
225	{
226	$s_hidden_fields = array(
227	'selected' => $group_id,
228	'action' => 'join',
229	'submit' => true
230	);
231
232	confirm_box(false, ($group_row[$group_id]['group_type'] == GROUP_FREE) ? 'GROUP_JOIN' : 'GROUP_JOIN_PENDING', build_hidden_fields($s_hidden_fields));
233	}
234
235	break;
236
237	case 'demote':
238
239	if (!($row = group_memberships($group_id, $user->data['user_id'])))
240	{
241	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
242	}
243	list(, $row) = each($row);
244
245	if (!$row['group_leader'])
246	{
247	trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
248	}
249
250	if (confirm_box(true))
251	{
252	group_user_attributes('demote', $group_id, $user->data['user_id']);
253
254	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_DEMOTE', false, array(
255	'reportee_id' => $user->data['user_id'],
256	$group_row[$group_id]['group_name']
257	));
258
259	meta_refresh(3, $this->u_action);
260	trigger_error($user->lang['USER_GROUP_DEMOTED'] . $return_page);
261	}
262	else
263	{
264	$s_hidden_fields = array(
265	'selected' => $group_id,
266	'action' => 'demote',
267	'submit' => true
268	);
269
270	confirm_box(false, 'USER_GROUP_DEMOTE', build_hidden_fields($s_hidden_fields));
271	}
272
273	break;
274	}
275	}
276
277	$sql = 'SELECT g.*, ug.group_leader, ug.user_pending
278	FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
279	WHERE ug.user_id = ' . $user->data['user_id'] . '
280	AND g.group_id = ug.group_id
281	ORDER BY g.group_type DESC, g.group_name';
282	$result = $db->sql_query($sql);
283
284	$group_id_ary = array();
285	$leader_count = $member_count = $pending_count = 0;
286	while ($row = $db->sql_fetchrow($result))
287	{
288	$block = ($row['group_leader']) ? 'leader' : (($row['user_pending']) ? 'pending' : 'member');
289
290	switch ($row['group_type'])
291	{
292	case GROUP_OPEN:
293	$group_status = 'OPEN';
294	break;
295
296	case GROUP_CLOSED:
297	$group_status = 'CLOSED';
298	break;
299
300	case GROUP_HIDDEN:
301	$group_status = 'HIDDEN';
302	break;
303
304	case GROUP_SPECIAL:
305	$group_status = 'SPECIAL';
306	break;
307
308	case GROUP_FREE:
309	$group_status = 'FREE';
310	break;
311	}
312
313	$template->assign_block_vars($block, array(
314	'GROUP_ID' => $row['group_id'],
315	'GROUP_NAME' => $group_helper->get_name($row['group_name']),
316	'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'],
317	'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
318	'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status],
319	'GROUP_COLOUR' => $row['group_colour'],
320
321	'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']),
322
323	'S_GROUP_DEFAULT' => ($row['group_id'] == $user->data['group_id']) ? true : false,
324	'S_ROW_COUNT' => ${$block . '_count'}++)
325	);
326
327	$group_id_ary[] = (int) $row['group_id'];
328	}
329	$db->sql_freeresult($result);
330
331	// Hide hidden groups unless user is an admin with group privileges
332	$sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')';
333
334	$sql = 'SELECT group_id, group_name, group_colour, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type, group_founder_manage
335	FROM ' . GROUPS_TABLE . '
336	WHERE ' . ((count($group_id_ary)) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . "
337	group_type $sql_and
338	ORDER BY group_type DESC, group_name";
339	$result = $db->sql_query($sql);
340
341	$nonmember_count = 0;
342	while ($row = $db->sql_fetchrow($result))
343	{
344	switch ($row['group_type'])
345	{
346	case GROUP_OPEN:
347	$group_status = 'OPEN';
348	break;
349
350	case GROUP_CLOSED:
351	$group_status = 'CLOSED';
352	break;
353
354	case GROUP_HIDDEN:
355	$group_status = 'HIDDEN';
356	break;
357
358	case GROUP_SPECIAL:
359	$group_status = 'SPECIAL';
360	break;
361
362	case GROUP_FREE:
363	$group_status = 'FREE';
364	break;
365	}
366
367	$template->assign_block_vars('nonmember', array(
368	'GROUP_ID' => $row['group_id'],
369	'GROUP_NAME' => $group_helper->get_name($row['group_name']),
370	'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'],
371	'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
372	'GROUP_CLOSED' => ($row['group_type'] <> GROUP_CLOSED \|\| $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? false : true,
373	'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status],
374	'S_CAN_JOIN' => ($row['group_type'] == GROUP_OPEN \|\| $row['group_type'] == GROUP_FREE) ? true : false,
375	'GROUP_COLOUR' => $row['group_colour'],
376
377	'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']),
378
379	'S_ROW_COUNT' => $nonmember_count++)
380	);
381	}
382	$db->sql_freeresult($result);
383
384	$template->assign_vars(array(
385	'S_CHANGE_DEFAULT' => ($auth->acl_get('u_chggrp')) ? true : false,
386	'S_LEADER_COUNT' => $leader_count,
387	'S_MEMBER_COUNT' => $member_count,
388	'S_PENDING_COUNT' => $pending_count,
389	'S_NONMEMBER_COUNT' => $nonmember_count,
390
391	'S_UCP_ACTION' => $this->u_action)
392	);
393
394	break;
395
396	case 'manage':
397
398	$this->page_title = 'UCP_USERGROUPS_MANAGE';
399	$action = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', '');
400	$group_id = $request->variable('g', 0);
401
402	if (!function_exists('phpbb_get_user_rank'))
403	{
404	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
405	}
406
407	add_form_key('ucp_groups');
408
409	if ($group_id)
410	{
411	$sql = 'SELECT g.*, t.teampage_position AS group_teampage
412	FROM ' . GROUPS_TABLE . ' g
413	LEFT JOIN ' . TEAMPAGE_TABLE . ' t
414	ON (t.group_id = g.group_id)
415	WHERE g.group_id = ' . $group_id;
416	$result = $db->sql_query($sql);
417	$group_row = $db->sql_fetchrow($result);
418	$db->sql_freeresult($result);
419
420	if (!$group_row)
421	{
422	trigger_error($user->lang['NO_GROUP'] . $return_page);
423	}
424
425	// Check if the user is allowed to manage this group if set to founder only.
426	if ($user->data['user_type'] != USER_FOUNDER && $group_row['group_founder_manage'])
427	{
428	trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . $return_page, E_USER_WARNING);
429	}
430
431	$group_name = $group_row['group_name'];
432	$group_type = $group_row['group_type'];
433
434	$avatar = phpbb_get_group_avatar($group_row, 'GROUP_AVATAR', true);
435
436	$template->assign_vars(array(
437	'GROUP_NAME' => $group_helper->get_name($group_name),
438	'GROUP_INTERNAL_NAME' => $group_name,
439	'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
440	'GROUP_DESC_DISP' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']),
441	'GROUP_TYPE' => $group_row['group_type'],
442
443	'AVATAR' => !empty($avatar) ? $avatar : '',
444	'AVATAR_IMAGE' => !empty($avatar) ? $avatar : '',
445	'AVATAR_WIDTH' => isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '',
446	'AVATAR_HEIGHT' => isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '',
447	));
448	}
449
450	switch ($action)
451	{
452	case 'edit':
453
454	if (!$group_id)
455	{
456	trigger_error($user->lang['NO_GROUP'] . $return_page);
457	}
458
459	if (!($row = group_memberships($group_id, $user->data['user_id'])))
460	{
461	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
462	}
463	list(, $row) = each($row);
464
465	if (!$row['group_leader'])
466	{
467	trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
468	}
469
470	$user->add_lang(array('acp/groups', 'acp/common'));
471
472	$update = (isset($_POST['update'])) ? true : false;
473
474	$error = array();
475
476	// Setup avatar data for later
477	$avatars_enabled = false;
478	$avatar_drivers = null;
479	$avatar_data = null;
480	$avatar_error = array();
481
482	/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
483	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
484
485	if ($config['allow_avatar'])
486	{
487	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
488
489	// This is normalised data, without the group_ prefix
490	$avatar_data = \phpbb\avatar\manager::clean_row($group_row, 'group');
491	}
492
493	// Handle deletion of avatars
494	if ($request->is_set_post('avatar_delete'))
495	{
496	if (confirm_box(true))
497	{
498	$avatar_data['id'] = substr($avatar_data['id'], 1);
499	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, GROUPS_TABLE, 'group_');
500	$cache->destroy('sql', GROUPS_TABLE);
501
502	$message = $action === 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED';
503	trigger_error($user->lang[$message] . $return_page);
504	}
505	else
506	{
507	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
508	'avatar_delete' => true,
509	'i' => $id,
510	'mode' => $mode,
511	'g' => $group_id,
512	'action' => $action,
513	)));
514	}
515	}
516
517	// Did we submit?
518	if ($update)
519	{
520	$group_name = $request->variable('group_name', '', true);
521	$group_desc = $request->variable('group_desc', '', true);
522	$group_type = $request->variable('group_type', GROUP_FREE);
523
524	$allow_desc_bbcode = $request->variable('desc_parse_bbcode', false);
525	$allow_desc_urls = $request->variable('desc_parse_urls', false);
526	$allow_desc_smilies = $request->variable('desc_parse_smilies', false);
527
528	$submit_ary = array(
529	'colour' => $request->variable('group_colour', ''),
530	'rank' => $request->variable('group_rank', 0),
531	'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
532	'message_limit' => $request->variable('group_message_limit', 0),
533	'max_recipients'=> $request->variable('group_max_recipients', 0),
534	'legend' => $group_row['group_legend'],
535	'teampage' => $group_row['group_teampage'],
536	);
537
538	if (!check_form_key('ucp_groups'))
539	{
540	$error[] = $user->lang['FORM_INVALID'];
541	}
542
543	if (!count($error) && $config['allow_avatar'])
544	{
545	// Handle avatar
546	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
547
548	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
549	{
550	$driver = $phpbb_avatar_manager->get_driver($driver_name);
551	$result = $driver->process_form($request, $template, $user, $avatar_data, $avatar_error);
552
553	if ($result && empty($avatar_error))
554	{
555	$result['avatar_type'] = $driver_name;
556
557	$submit_ary = array_merge($submit_ary, $result);
558	}
559	}
560
561	// Merge any avatars errors into the primary error array
562	$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
563	}
564
565	// Validate submitted colour value
566	if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true))))
567	{
568	// Replace "error" string with its real, localised form
569	$error = array_merge($error, $colour_error);
570	}
571
572	if (!count($error))
573	{
574	// Only set the rank, colour, etc. if it's changed or if we're adding a new
575	// group. This prevents existing group members being updated if no changes
576	// were made.
577	// However there are some attributes that need to be set everytime,
578	// otherwise the group gets removed from the feature.
579	$set_attributes = array('legend', 'teampage');
580
581	$group_attributes = array();
582	$test_variables = array(
583	'rank' => 'int',
584	'colour' => 'string',
585	'avatar' => 'string',
586	'avatar_type' => 'string',
587	'avatar_width' => 'int',
588	'avatar_height' => 'int',
589	'receive_pm' => 'int',
590	'legend' => 'int',
591	'teampage' => 'int',
592	'message_limit' => 'int',
593	'max_recipients'=> 'int',
594	);
595
596	foreach ($test_variables as $test => $type)
597	{
598	if (isset($submit_ary[$test]) && ($action == 'add' \|\| $group_row['group_' . $test] != $submit_ary[$test] \|\| isset($group_attributes['group_avatar']) && strpos($test, 'avatar') === 0 \|\| in_array($test, $set_attributes)))
599	{
600	settype($submit_ary[$test], $type);
601	$group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
602	}
603	}
604
605	if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
606	{
607	$cache->destroy('sql', GROUPS_TABLE);
608	$cache->destroy('sql', TEAMPAGE_TABLE);
609
610	$message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
611	trigger_error($user->lang[$message] . $return_page);
612	}
613	}
614
615	if (count($error))
616	{
617	$error = array_map(array(&$user, 'lang'), $error);
618	$group_rank = $submit_ary['rank'];
619
620	$group_desc_data = array(
621	'text' => $group_desc,
622	'allow_bbcode' => $allow_desc_bbcode,
623	'allow_smilies' => $allow_desc_smilies,
624	'allow_urls' => $allow_desc_urls
625	);
626	}
627	}
628	else if (!$group_id)
629	{
630	$group_desc_data = array(
631	'text' => '',
632	'allow_bbcode' => true,
633	'allow_smilies' => true,
634	'allow_urls' => true
635	);
636	$group_rank = 0;
637	$group_type = GROUP_OPEN;
638	}
639	else
640	{
641	$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']);
642	$group_rank = $group_row['group_rank'];
643	}
644
645	$sql = 'SELECT *
646	FROM ' . RANKS_TABLE . '
647	WHERE rank_special = 1
648	ORDER BY rank_title';
649	$result = $db->sql_query($sql);
650
651	$rank_options = '<option value="0"' . ((!$group_rank) ? ' selected="selected"' : '') . '>' . $user->lang['USER_DEFAULT'] . '</option>';
652	while ($row = $db->sql_fetchrow($result))
653	{
654	$selected = ($group_rank && $row['rank_id'] == $group_rank) ? ' selected="selected"' : '';
655	$rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
656	}
657	$db->sql_freeresult($result);
658
659	$type_free = ($group_type == GROUP_FREE) ? ' checked="checked"' : '';
660	$type_open = ($group_type == GROUP_OPEN) ? ' checked="checked"' : '';
661	$type_closed = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
662	$type_hidden = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
663
664	// Load up stuff for avatars
665	if ($config['allow_avatar'])
666	{
667	$avatars_enabled = false;
668	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type']));
669
670	// Assign min and max values before generating avatar driver html
671	$template->assign_vars(array(
672	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
673	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
674	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
675	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
676	));
677
678	foreach ($avatar_drivers as $current_driver)
679	{
680	$driver = $phpbb_avatar_manager->get_driver($current_driver);
681
682	$avatars_enabled = true;
683	$template->set_filenames(array(
684	'avatar' => $driver->get_template_name(),
685	));
686
687	if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error))
688	{
689	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
690	$driver_upper = strtoupper($driver_name);
691	$template->assign_block_vars('avatar_drivers', array(
692	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
693	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
694
695	'DRIVER' => $driver_name,
696	'SELECTED' => $current_driver == $selected_driver,
697	'OUTPUT' => $template->assign_display('avatar'),
698	));
699	}
700	}
701	}
702
703	if (isset($phpbb_avatar_manager) && !$update)
704	{
705	// Merge any avatars errors into the primary error array
706	$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
707	}
708
709	$template->assign_vars(array(
710	'S_EDIT' => true,
711	'S_INCLUDE_SWATCH' => true,
712	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
713	'S_ERROR' => (count($error)) ? true : false,
714	'S_SPECIAL_GROUP' => ($group_type == GROUP_SPECIAL) ? true : false,
715	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
716	'S_GROUP_MANAGE' => true,
717
718	'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '',
719	'GROUP_RECEIVE_PM' => (isset($group_row['group_receive_pm']) && $group_row['group_receive_pm']) ? ' checked="checked"' : '',
720	'GROUP_MESSAGE_LIMIT' => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0,
721	'GROUP_MAX_RECIPIENTS' => (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0,
722
723	'GROUP_DESC' => $group_desc_data['text'],
724	'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'],
725	'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'],
726	'S_DESC_SMILIES_CHECKED'=> $group_desc_data['allow_smilies'],
727
728	'S_RANK_OPTIONS' => $rank_options,
729
730	'GROUP_TYPE_FREE' => GROUP_FREE,
731	'GROUP_TYPE_OPEN' => GROUP_OPEN,
732	'GROUP_TYPE_CLOSED' => GROUP_CLOSED,
733	'GROUP_TYPE_HIDDEN' => GROUP_HIDDEN,
734	'GROUP_TYPE_SPECIAL' => GROUP_SPECIAL,
735
736	'GROUP_FREE' => $type_free,
737	'GROUP_OPEN' => $type_open,
738	'GROUP_CLOSED' => $type_closed,
739	'GROUP_HIDDEN' => $type_hidden,
740
741	'S_UCP_ACTION' => $this->u_action . "&action=$action&g=$group_id",
742	'L_AVATAR_EXPLAIN' => phpbb_avatar_explanation_string(),
743	));
744
745	break;
746
747	case 'list':
748
749	if (!$group_id)
750	{
751	trigger_error($user->lang['NO_GROUP'] . $return_page);
752	}
753
754	if (!($row = group_memberships($group_id, $user->data['user_id'])))
755	{
756	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
757	}
758	list(, $row) = each($row);
759
760	if (!$row['group_leader'])
761	{
762	trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
763	}
764
765	$user->add_lang(array('acp/groups', 'acp/common'));
766	$start = $request->variable('start', 0);
767
768	// Grab the leaders - always, on every page...
769	$sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
770	FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug
771	WHERE ug.group_id = $group_id
772	AND u.user_id = ug.user_id
773	AND ug.group_leader = 1
774	ORDER BY ug.user_pending DESC, u.username_clean";
775	$result = $db->sql_query($sql);
776
777	while ($row = $db->sql_fetchrow($result))
778	{
779	$template->assign_block_vars('leader', array(
780	'USERNAME' => $row['username'],
781	'USERNAME_COLOUR' => $row['user_colour'],
782	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
783	'U_USER_VIEW' => get_username_string('profile', $row['user_id'], $row['username']),
784	'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
785	'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
786	'USER_POSTS' => $row['user_posts'],
787	'USER_ID' => $row['user_id'])
788	);
789	}
790	$db->sql_freeresult($result);
791
792	// Total number of group members (non-leaders)
793	$sql = 'SELECT COUNT(user_id) AS total_members
794	FROM ' . USER_GROUP_TABLE . "
795	WHERE group_id = $group_id
796	AND group_leader = 0";
797	$result = $db->sql_query($sql);
798	$total_members = (int) $db->sql_fetchfield('total_members');
799	$db->sql_freeresult($result);
800
801	// Grab the members
802	$sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
803	FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug
804	WHERE ug.group_id = $group_id
805	AND u.user_id = ug.user_id
806	AND ug.group_leader = 0
807	ORDER BY ug.user_pending DESC, u.username_clean";
808	$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
809
810	$pending = false;
811	$approved = false;
812
813	while ($row = $db->sql_fetchrow($result))
814	{
815	if ($row['user_pending'] && !$pending)
816	{
817	$template->assign_block_vars('member', array(
818	'S_PENDING' => true)
819	);
820	$template->assign_var('S_PENDING_SET', true);
821
822	$pending = true;
823	}
824	else if (!$row['user_pending'] && !$approved)
825	{
826	$template->assign_block_vars('member', array(
827	'S_APPROVED' => true)
828	);
829	$template->assign_var('S_APPROVED_SET', true);
830
831	$approved = true;
832	}
833
834	$template->assign_block_vars('member', array(
835	'USERNAME' => $row['username'],
836	'USERNAME_COLOUR' => $row['user_colour'],
837	'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
838	'U_USER_VIEW' => get_username_string('profile', $row['user_id'], $row['username']),
839	'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
840	'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
841	'USER_POSTS' => $row['user_posts'],
842	'USER_ID' => $row['user_id'])
843	);
844	}
845	$db->sql_freeresult($result);
846
847	$s_action_options = '';
848	$options = array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'deleteusers' => 'DELETE');
849
850	foreach ($options as $option => $lang)
851	{
852	$s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>';
853	}
854
855	/* @var $pagination \phpbb\pagination */
856	$pagination = $phpbb_container->get('pagination');
857	$base_url = $this->u_action . "&action=$action&g=$group_id";
858	$start = $pagination->validate_start($start, $config['topics_per_page'], $total_members);
859	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $total_members, $config['topics_per_page'], $start);
860
861	$template->assign_vars(array(
862	'S_LIST' => true,
863	'S_ACTION_OPTIONS' => $s_action_options,
864
865	'U_ACTION' => $this->u_action . "&g=$group_id",
866	'S_UCP_ACTION' => $this->u_action . "&g=$group_id",
867	'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=usernames'),
868	));
869
870	break;
871
872	case 'approve':
873
874	if (!$group_id)
875	{
876	trigger_error($user->lang['NO_GROUP'] . $return_page);
877	}
878
879	if (!check_form_key('ucp_groups'))
880	{
881	trigger_error($user->lang('FORM_INVALID') . $return_page);
882	}
883
884	if (!($row = group_memberships($group_id, $user->data['user_id'])))
885	{
886	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
887	}
888	list(, $row) = each($row);
889
890	if (!$row['group_leader'])
891	{
892	trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
893	}
894
895	$user->add_lang('acp/groups');
896
897	// Approve, demote or promote
898	group_user_attributes('approve', $group_id, $mark_ary, false, false);
899
900	trigger_error($user->lang['USERS_APPROVED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'));
901
902	break;
903
904	case 'default':
905
906	if (!$group_id)
907	{
908	trigger_error($user->lang['NO_GROUP'] . $return_page);
909	}
910
911	if (!($row = group_memberships($group_id, $user->data['user_id'])))
912	{
913	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
914	}
915	list(, $row) = each($row);
916
917	if (!$row['group_leader'])
918	{
919	trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
920	}
921
922	$group_row['group_name'] = $group_helper->get_name($group_row['group_name']);
923
924	if (confirm_box(true))
925	{
926	if (!count($mark_ary))
927	{
928	$start = 0;
929
930	do
931	{
932	$sql = 'SELECT user_id
933	FROM ' . USER_GROUP_TABLE . "
934	WHERE group_id = $group_id
935	ORDER BY user_id";
936	$result = $db->sql_query_limit($sql, 200, $start);
937
938	$mark_ary = array();
939	if ($row = $db->sql_fetchrow($result))
940	{
941	do
942	{
943	$mark_ary[] = $row['user_id'];
944	}
945	while ($row = $db->sql_fetchrow($result));
946
947	group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
948
949	$start = (count($mark_ary) < 200) ? 0 : $start + 200;
950	}
951	else
952	{
953	$start = 0;
954	}
955	$db->sql_freeresult($result);
956	}
957	while ($start);
958	}
959	else
960	{
961	group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
962	}
963
964	$user->add_lang('acp/groups');
965
966	trigger_error($user->lang['GROUP_DEFS_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'));
967	}
968	else
969	{
970	$user->add_lang('acp/common');
971
972	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
973	'mark' => $mark_ary,
974	'g' => $group_id,
975	'i' => $id,
976	'mode' => $mode,
977	'action' => $action))
978	);
979	}
980
981	// redirect to last screen
982	redirect($this->u_action . '&action=list&g=' . $group_id);
983
984	break;
985
986	case 'deleteusers':
987
988	$user->add_lang(array('acp/groups', 'acp/common'));
989
990	if (!($row = group_memberships($group_id, $user->data['user_id'])))
991	{
992	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
993	}
994	list(, $row) = each($row);
995
996	if (!$row['group_leader'])
997	{
998	trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
999	}
1000
1001	$group_row['group_name'] = $group_helper->get_name($group_row['group_name']);
1002
1003	if (confirm_box(true))
1004	{
1005	if (!$group_id)
1006	{
1007	trigger_error($user->lang['NO_GROUP'] . $return_page);
1008	}
1009
1010	$error = group_user_del($group_id, $mark_ary, false, $group_row['group_name']);
1011
1012	if ($error)
1013	{
1014	trigger_error($user->lang[$error] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'));
1015	}
1016
1017	trigger_error($user->lang['GROUP_USERS_REMOVE'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'));
1018	}
1019	else
1020	{
1021	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
1022	'mark' => $mark_ary,
1023	'g' => $group_id,
1024	'i' => $id,
1025	'mode' => $mode,
1026	'action' => $action))
1027	);
1028	}
1029
1030	// redirect to last screen
1031	redirect($this->u_action . '&action=list&g=' . $group_id);
1032
1033	break;
1034
1035	case 'addusers':
1036
1037	$user->add_lang(array('acp/groups', 'acp/common'));
1038
1039	$names = $request->variable('usernames', '', true);
1040
1041	if (!$group_id)
1042	{
1043	trigger_error($user->lang['NO_GROUP'] . $return_page);
1044	}
1045
1046	if (!$names)
1047	{
1048	trigger_error($user->lang['NO_USERS'] . $return_page);
1049	}
1050
1051	if (!($row = group_memberships($group_id, $user->data['user_id'])))
1052	{
1053	trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
1054	}
1055	list(, $row) = each($row);
1056
1057	if (!$row['group_leader'])
1058	{
1059	trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
1060	}
1061
1062	$name_ary = array_unique(explode("\n", $names));
1063	$group_name = $group_helper->get_name($group_row['group_name']);
1064
1065	$default = $request->variable('default', 0);
1066
1067	if (confirm_box(true))
1068	{
1069	$return_manage_page = '<br /><br />' . $language->lang('RETURN_PAGE', '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>');
1070
1071	// Add user/s to group
1072	if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row))
1073	{
1074	$display_message = $language->lang($error);
1075
1076	if ($error == 'GROUP_USERS_INVALID')
1077	{
1078	// Find which users don't exist
1079	$actual_name_ary = $name_ary;
1080	$actual_user_id_ary = [];
1081	user_get_id_name($actual_user_id_ary, $actual_name_ary, false, true);
1082
1083	$display_message = $language->lang('GROUP_USERS_INVALID', implode($language->lang('COMMA_SEPARATOR'), array_udiff($name_ary, $actual_name_ary, 'strcasecmp')));
1084	}
1085
1086	trigger_error($display_message . $return_manage_page);
1087	}
1088
1089	trigger_error($language->lang('GROUP_USERS_ADDED') . $return_manage_page);
1090	}
1091	else
1092	{
1093	$s_hidden_fields = array(
1094	'default' => $default,
1095	'usernames' => $names,
1096	'g' => $group_id,
1097	'i' => $id,
1098	'mode' => $mode,
1099	'action' => $action
1100	);
1101
1102	confirm_box(false, $user->lang('GROUP_CONFIRM_ADD_USERS', count($name_ary), implode($user->lang['COMMA_SEPARATOR'], $name_ary)), build_hidden_fields($s_hidden_fields));
1103	}
1104
1105	trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'));
1106
1107	break;
1108
1109	default:
1110	$user->add_lang('acp/common');
1111
1112	$sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_desc, g.group_desc_uid, g.group_desc_bitfield, g.group_desc_options, g.group_type, ug.group_leader
1113	FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
1114	WHERE ug.user_id = ' . $user->data['user_id'] . '
1115	AND g.group_id = ug.group_id
1116	AND ug.group_leader = 1
1117	ORDER BY g.group_type DESC, g.group_name';
1118	$result = $db->sql_query($sql);
1119
1120	while ($value = $db->sql_fetchrow($result))
1121	{
1122	$template->assign_block_vars('leader', array(
1123	'GROUP_NAME' => $group_helper->get_name($value['group_name']),
1124	'GROUP_DESC' => generate_text_for_display($value['group_desc'], $value['group_desc_uid'], $value['group_desc_bitfield'], $value['group_desc_options']),
1125	'GROUP_TYPE' => $value['group_type'],
1126	'GROUP_ID' => $value['group_id'],
1127	'GROUP_COLOUR' => $value['group_colour'],
1128
1129	'U_LIST' => $this->u_action . "&action=list&g={$value['group_id']}",
1130	'U_EDIT' => $this->u_action . "&action=edit&g={$value['group_id']}")
1131	);
1132	}
1133	$db->sql_freeresult($result);
1134
1135	break;
1136	}
1137
1138	break;
1139	}
1140
1141	$this->tpl_name = 'ucp_groups_' . $mode;
1142	}
1143	}