Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 640
0.00% covered (danger)
0.00%
0 / 1
CRAP
0.00% covered (danger)
0.00%
0 / 1
ucp_groups
0.00% covered (danger)
0.00%
0 / 638
0.00% covered (danger)
0.00%
0 / 1
28056
0.00% covered (danger)
0.00%
0 / 1
 main
0.00% covered (danger)
0.00%
0 / 638
0.00% covered (danger)
0.00%
0 / 1
28056
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14/**
15* @ignore
16*/
17if (!defined('IN_PHPBB'))
18{
19    exit;
20}
21
22/**
23* ucp_groups
24*/
25class ucp_groups
26{
27    var $u_action;
28
29    function main($id, $mode)
30    {
31        global $config, $phpbb_root_path, $phpEx, $phpbb_admin_path;
32        global $db, $user, $auth, $cache, $template;
33        global $request, $phpbb_container, $phpbb_log;
34
35        /** @var \phpbb\language\language $language Language object */
36        $language = $phpbb_container->get('language');
37
38        $user->add_lang('groups');
39
40        $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>');
41
42        $mark_ary    = $request->variable('mark', array(0));
43        $submit        = $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
44
45        /** @var \phpbb\group\helper $group_helper */
46        $group_helper = $phpbb_container->get('group_helper');
47
48        switch ($mode)
49        {
50            case 'membership':
51
52                $this->page_title = 'UCP_USERGROUPS_MEMBER';
53
54                if ($submit || isset($_POST['change_default']))
55                {
56                    $action = (isset($_POST['change_default'])) ? 'change_default' : $request->variable('action', '');
57                    $group_id = ($action == 'change_default') ? $request->variable('default', 0) : $request->variable('selected', 0);
58
59                    if (!$group_id)
60                    {
61                        trigger_error('NO_GROUP_SELECTED');
62                    }
63
64                    $sql = 'SELECT group_id, group_name, group_type
65                        FROM ' . GROUPS_TABLE . "
66                        WHERE group_id IN ($group_id{$user->data['group_id']})";
67                    $result = $db->sql_query($sql);
68
69                    $group_row = array();
70                    while ($row = $db->sql_fetchrow($result))
71                    {
72                        $row['group_name'] = $group_helper->get_name($row['group_name']);
73                        $group_row[$row['group_id']] = $row;
74                    }
75                    $db->sql_freeresult($result);
76
77                    if (!count($group_row))
78                    {
79                        trigger_error('GROUP_NOT_EXIST');
80                    }
81
82                    switch ($action)
83                    {
84                        case 'change_default':
85                            // User already having this group set as default?
86                            if ($group_id == $user->data['group_id'])
87                            {
88                                trigger_error($user->lang['ALREADY_DEFAULT_GROUP'] . $return_page);
89                            }
90
91                            if (!$auth->acl_get('u_chggrp'))
92                            {
93                                send_status_line(403, 'Forbidden');
94                                trigger_error($user->lang['NOT_AUTHORISED'] . $return_page);
95                            }
96
97                            // User needs to be member of the group in order to make it default
98                            if (!group_memberships($group_id, $user->data['user_id'], true))
99                            {
100                                trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
101                            }
102
103                            if (confirm_box(true))
104                            {
105                                group_user_attributes('default', $group_id, $user->data['user_id']);
106
107                                $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_CHANGE', false, array(
108                                    'reportee_id' => $user->data['user_id'],
109                                    sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name'])
110                                ));
111
112                                meta_refresh(3, $this->u_action);
113                                trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page);
114                            }
115                            else
116                            {
117                                $s_hidden_fields = array(
118                                    'default'        => $group_id,
119                                    'change_default'=> true
120                                );
121
122                                confirm_box(false, sprintf($user->lang['GROUP_CHANGE_DEFAULT'], $group_row[$group_id]['group_name']), build_hidden_fields($s_hidden_fields));
123                            }
124
125                        break;
126
127                        case 'resign':
128
129                            // User tries to resign from default group but is not allowed to change it?
130                            if ($group_id == $user->data['group_id'] && !$auth->acl_get('u_chggrp'))
131                            {
132                                trigger_error($user->lang['NOT_RESIGN_FROM_DEFAULT_GROUP'] . $return_page);
133                            }
134
135                            if (!($row = group_memberships($group_id, $user->data['user_id'])))
136                            {
137                                trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
138                            }
139                            $row = current($row);
140
141                            $sql = 'SELECT group_type
142                                FROM ' . GROUPS_TABLE . '
143                                WHERE group_id = ' . $group_id;
144                            $result = $db->sql_query($sql);
145                            $group_type = (int) $db->sql_fetchfield('group_type');
146                            $db->sql_freeresult($result);
147
148                            if ($group_type != GROUP_OPEN && $group_type != GROUP_FREE)
149                            {
150                                trigger_error($user->lang['CANNOT_RESIGN_GROUP'] . $return_page);
151                            }
152
153                            if (confirm_box(true))
154                            {
155                                group_user_del($group_id, $user->data['user_id']);
156
157                                $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_RESIGN', false, array(
158                                    'reportee_id' => $user->data['user_id'],
159                                    $group_row[$group_id]['group_name']
160                                ));
161
162                                meta_refresh(3, $this->u_action);
163                                trigger_error($user->lang[($row['user_pending']) ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page);
164                            }
165                            else
166                            {
167                                $s_hidden_fields = array(
168                                    'selected'        => $group_id,
169                                    'action'        => 'resign',
170                                    'submit'        => true
171                                );
172
173                                confirm_box(false, ($row['user_pending']) ? 'GROUP_RESIGN_PENDING' : 'GROUP_RESIGN_MEMBERSHIP', build_hidden_fields($s_hidden_fields));
174                            }
175
176                        break;
177
178                        case 'join':
179
180                            $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
181                                FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
182                                WHERE ug.user_id = u.user_id
183                                    AND ug.group_id = ' . $group_id . '
184                                    AND ug.user_id = ' . $user->data['user_id'];
185                            $result = $db->sql_query($sql);
186                            $row = $db->sql_fetchrow($result);
187                            $db->sql_freeresult($result);
188
189                            if ($row)
190                            {
191                                if ($row['user_pending'])
192                                {
193                                    trigger_error($user->lang['ALREADY_IN_GROUP_PENDING'] . $return_page);
194                                }
195
196                                trigger_error($user->lang['ALREADY_IN_GROUP'] . $return_page);
197                            }
198
199                            // Check permission to join (open group or request)
200                            if ($group_row[$group_id]['group_type'] != GROUP_OPEN && $group_row[$group_id]['group_type'] != GROUP_FREE)
201                            {
202                                trigger_error($user->lang['CANNOT_JOIN_GROUP'] . $return_page);
203                            }
204
205                            if (confirm_box(true))
206                            {
207                                if ($group_row[$group_id]['group_type'] == GROUP_FREE)
208                                {
209                                    group_user_add($group_id, $user->data['user_id']);
210                                }
211                                else
212                                {
213                                    group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1);
214                                }
215
216                                $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), false, array(
217                                    'reportee_id' => $user->data['user_id'],
218                                    $group_row[$group_id]['group_name']
219                                ));
220
221                                meta_refresh(3, $this->u_action);
222                                trigger_error($user->lang[($group_row[$group_id]['group_type'] == GROUP_FREE) ? 'GROUP_JOINED' : 'GROUP_JOINED_PENDING'] . $return_page);
223                            }
224                            else
225                            {
226                                $s_hidden_fields = array(
227                                    'selected'        => $group_id,
228                                    'action'        => 'join',
229                                    'submit'        => true
230                                );
231
232                                confirm_box(false, ($group_row[$group_id]['group_type'] == GROUP_FREE) ? 'GROUP_JOIN' : 'GROUP_JOIN_PENDING', build_hidden_fields($s_hidden_fields));
233                            }
234
235                        break;
236
237                        case 'demote':
238
239                            if (!($row = group_memberships($group_id, $user->data['user_id'])))
240                            {
241                                trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
242                            }
243                            $row = current($row);
244
245                            if (!$row['group_leader'])
246                            {
247                                trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
248                            }
249
250                            if (confirm_box(true))
251                            {
252                                group_user_attributes('demote', $group_id, $user->data['user_id']);
253
254                                $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_DEMOTE', false, array(
255                                    'reportee_id' => $user->data['user_id'],
256                                    $group_row[$group_id]['group_name']
257                                ));
258
259                                meta_refresh(3, $this->u_action);
260                                trigger_error($user->lang['USER_GROUP_DEMOTED'] . $return_page);
261                            }
262                            else
263                            {
264                                $s_hidden_fields = array(
265                                    'selected'        => $group_id,
266                                    'action'        => 'demote',
267                                    'submit'        => true
268                                );
269
270                                confirm_box(false, 'USER_GROUP_DEMOTE', build_hidden_fields($s_hidden_fields));
271                            }
272
273                        break;
274                    }
275                }
276
277                $sql = 'SELECT g.*, ug.group_leader, ug.user_pending
278                    FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
279                    WHERE ug.user_id = ' . $user->data['user_id'] . '
280                        AND g.group_id = ug.group_id
281                    ORDER BY g.group_type DESC, g.group_name';
282                $result = $db->sql_query($sql);
283
284                $group_id_ary = array();
285                $leader_count = $member_count = $pending_count = 0;
286                while ($row = $db->sql_fetchrow($result))
287                {
288                    $block = ($row['group_leader']) ? 'leader' : (($row['user_pending']) ? 'pending' : 'member');
289
290                    switch ($row['group_type'])
291                    {
292                        case GROUP_OPEN:
293                            $group_status = 'OPEN';
294                        break;
295
296                        case GROUP_CLOSED:
297                            $group_status = 'CLOSED';
298                        break;
299
300                        case GROUP_HIDDEN:
301                            $group_status = 'HIDDEN';
302                        break;
303
304                        case GROUP_SPECIAL:
305                            $group_status = 'SPECIAL';
306                        break;
307
308                        case GROUP_FREE:
309                            $group_status = 'FREE';
310                        break;
311                    }
312
313                    $template->assign_block_vars($block, array(
314                        'GROUP_ID'        => $row['group_id'],
315                        'GROUP_NAME'    => $group_helper->get_name($row['group_name']),
316                        'GROUP_DESC'    => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'],
317                        'GROUP_SPECIAL'    => ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
318                        'GROUP_STATUS'    => $user->lang['GROUP_IS_' . $group_status],
319                        'GROUP_COLOUR'    => $row['group_colour'],
320
321                        'U_VIEW_GROUP'    => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']),
322
323                        'S_GROUP_DEFAULT'    => ($row['group_id'] == $user->data['group_id']) ? true : false,
324                        'S_ROW_COUNT'        => ${$block . '_count'}++)
325                    );
326
327                    $group_id_ary[] = (int) $row['group_id'];
328                }
329                $db->sql_freeresult($result);
330
331                // Hide hidden groups unless user is an admin with group privileges
332                $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')';
333
334                $sql = 'SELECT group_id, group_name, group_colour, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type, group_founder_manage
335                    FROM ' . GROUPS_TABLE . '
336                    WHERE ' . ((count($group_id_ary)) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . "
337                        group_type $sql_and
338                    ORDER BY group_type DESC, group_name";
339                $result = $db->sql_query($sql);
340
341                $nonmember_count = 0;
342                while ($row = $db->sql_fetchrow($result))
343                {
344                    switch ($row['group_type'])
345                    {
346                        case GROUP_OPEN:
347                            $group_status = 'OPEN';
348                        break;
349
350                        case GROUP_CLOSED:
351                            $group_status = 'CLOSED';
352                        break;
353
354                        case GROUP_HIDDEN:
355                            $group_status = 'HIDDEN';
356                        break;
357
358                        case GROUP_SPECIAL:
359                            $group_status = 'SPECIAL';
360                        break;
361
362                        case GROUP_FREE:
363                            $group_status = 'FREE';
364                        break;
365                    }
366
367                    $template->assign_block_vars('nonmember', array(
368                        'GROUP_ID'        => $row['group_id'],
369                        'GROUP_NAME'    => $group_helper->get_name($row['group_name']),
370                        'GROUP_DESC'    => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'],
371                        'GROUP_SPECIAL'    => ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
372                        'GROUP_CLOSED'    => ($row['group_type'] <> GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? false : true,
373                        'GROUP_STATUS'    => $user->lang['GROUP_IS_' . $group_status],
374                        'S_CAN_JOIN'    => ($row['group_type'] == GROUP_OPEN || $row['group_type'] == GROUP_FREE) ? true : false,
375                        'GROUP_COLOUR'    => $row['group_colour'],
376
377                        'U_VIEW_GROUP'    => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']),
378
379                        'S_ROW_COUNT'    => $nonmember_count++)
380                    );
381                }
382                $db->sql_freeresult($result);
383
384                $template->assign_vars(array(
385                    'S_CHANGE_DEFAULT'    => ($auth->acl_get('u_chggrp')) ? true : false,
386                    'S_LEADER_COUNT'    => $leader_count,
387                    'S_MEMBER_COUNT'    => $member_count,
388                    'S_PENDING_COUNT'    => $pending_count,
389                    'S_NONMEMBER_COUNT'    => $nonmember_count,
390
391                    'S_UCP_ACTION'            => $this->u_action)
392                );
393
394            break;
395
396            case 'manage':
397
398                $this->page_title = 'UCP_USERGROUPS_MANAGE';
399                $action        = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', '');
400                $group_id    = $request->variable('g', 0);
401
402                if (!function_exists('phpbb_get_user_rank'))
403                {
404                    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
405                }
406
407                add_form_key('ucp_groups');
408
409                if ($group_id)
410                {
411                    $sql = 'SELECT g.*, t.teampage_position AS group_teampage
412                        FROM ' . GROUPS_TABLE . ' g
413                        LEFT JOIN ' . TEAMPAGE_TABLE . ' t
414                            ON (t.group_id = g.group_id)
415                        WHERE g.group_id = ' . $group_id;
416                    $result = $db->sql_query($sql);
417                    $group_row = $db->sql_fetchrow($result);
418                    $db->sql_freeresult($result);
419
420                    if (!$group_row)
421                    {
422                        trigger_error($user->lang['NO_GROUP'] . $return_page);
423                    }
424
425                    // Check if the user is allowed to manage this group if set to founder only.
426                    if ($user->data['user_type'] != USER_FOUNDER && $group_row['group_founder_manage'])
427                    {
428                        trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . $return_page, E_USER_WARNING);
429                    }
430
431                    $group_name = $group_row['group_name'];
432                    $group_type = $group_row['group_type'];
433
434                    /** @var \phpbb\avatar\helper $avatar_helper */
435                    $avatar_helper = $phpbb_container->get('avatar.helper');
436
437                    $group_avatar = $avatar_helper->get_group_avatar($group_row, 'GROUP_AVATAR', true);
438                    $template->assign_vars($avatar_helper->get_template_vars($group_avatar));
439
440                    $template->assign_vars(array(
441                        'GROUP_NAME'            => $group_helper->get_name($group_name),
442                        'GROUP_INTERNAL_NAME'    => $group_name,
443                        'GROUP_COLOUR'            => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
444                        'GROUP_DESC_DISP'        => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']),
445                        'GROUP_TYPE'            => $group_row['group_type'],
446                    ));
447                }
448
449                switch ($action)
450                {
451                    case 'edit':
452
453                        if (!$group_id)
454                        {
455                            trigger_error($user->lang['NO_GROUP'] . $return_page);
456                        }
457
458                        if (!($row = group_memberships($group_id, $user->data['user_id'])))
459                        {
460                            trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
461                        }
462                        $row = current($row);
463
464                        if (!$row['group_leader'])
465                        {
466                            trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
467                        }
468
469                        $user->add_lang(array('acp/groups', 'acp/common'));
470
471                        $update    = (isset($_POST['update'])) ? true : false;
472
473                        $error = array();
474
475                        // Setup avatar data for later
476                        $avatars_enabled = false;
477                        $avatar_drivers = null;
478                        $avatar_data = null;
479                        $avatar_error = array();
480
481                        /** @var \phpbb\avatar\manager $phpbb_avatar_manager */
482                        $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
483
484                        if ($config['allow_avatar'])
485                        {
486                            $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
487
488                            // This is normalised data, without the group_ prefix
489                            $avatar_data = \phpbb\avatar\manager::clean_row($group_row, 'group');
490                        }
491
492                        // Handle deletion of avatars
493                        if ($request->is_set_post('avatar_delete'))
494                        {
495                            if (confirm_box(true))
496                            {
497                                $avatar_data['id'] = substr($avatar_data['id'], 1);
498                                $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, GROUPS_TABLE, 'group_');
499                                $cache->destroy('sql', GROUPS_TABLE);
500
501                                $message = $action === 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED';
502                                trigger_error($user->lang[$message] . $return_page);
503                            }
504                            else
505                            {
506                                confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
507                                    'avatar_delete'     => true,
508                                    'i'                 => $id,
509                                    'mode'              => $mode,
510                                    'g'                    => $group_id,
511                                    'action'            => $action,
512                                )));
513                            }
514                        }
515
516                        // Did we submit?
517                        if ($update)
518                        {
519                            $group_name    = $request->variable('group_name', '', true);
520                            $group_desc = $request->variable('group_desc', '', true);
521                            $group_type    = $request->variable('group_type', GROUP_FREE);
522
523                            $allow_desc_bbcode    = $request->variable('desc_parse_bbcode', false);
524                            $allow_desc_urls    = $request->variable('desc_parse_urls', false);
525                            $allow_desc_smilies    = $request->variable('desc_parse_smilies', false);
526
527                            $submit_ary = array(
528                                'colour'        => $request->variable('group_colour', ''),
529                                'rank'            => $request->variable('group_rank', 0),
530                                'receive_pm'    => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
531                                'message_limit'    => $request->variable('group_message_limit', 0),
532                                'max_recipients'=> $request->variable('group_max_recipients', 0),
533                                'legend'    => $group_row['group_legend'],
534                                'teampage'    => $group_row['group_teampage'],
535                            );
536
537                            if (!check_form_key('ucp_groups'))
538                            {
539                                $error[] = $user->lang['FORM_INVALID'];
540                            }
541
542                            if (!count($error) && $config['allow_avatar'])
543                            {
544                                // Handle avatar
545                                $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
546
547                                if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
548                                {
549                                    $driver = $phpbb_avatar_manager->get_driver($driver_name);
550                                    $result = $driver->process_form($request, $template, $user, $avatar_data, $avatar_error);
551
552                                    if ($result && empty($avatar_error))
553                                    {
554                                        $result['avatar_type'] = $driver_name;
555
556                                        $submit_ary = array_merge($submit_ary, $result);
557                                    }
558                                }
559
560                                // Merge any avatars errors into the primary error array
561                                $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
562                            }
563
564                            // Validate submitted colour value
565                            if ($colour_error = validate_data($submit_ary, array('colour'    => array('hex_colour', true))))
566                            {
567                                // Replace "error" string with its real, localised form
568                                $error = array_merge($error, $colour_error);
569                            }
570
571                            if (!count($error))
572                            {
573                                // Only set the rank, colour, etc. if it's changed or if we're adding a new
574                                // group. This prevents existing group members being updated if no changes
575                                // were made.
576                                // However there are some attributes that need to be set everytime,
577                                // otherwise the group gets removed from the feature.
578                                $set_attributes = array('legend', 'teampage');
579
580                                $group_attributes = array();
581                                $test_variables = array(
582                                    'rank'            => 'int',
583                                    'colour'        => 'string',
584                                    'avatar'        => 'string',
585                                    'avatar_type'    => 'string',
586                                    'avatar_width'    => 'int',
587                                    'avatar_height'    => 'int',
588                                    'receive_pm'    => 'int',
589                                    'legend'        => 'int',
590                                    'teampage'        => 'int',
591                                    'message_limit'    => 'int',
592                                    'max_recipients'=> 'int',
593                                );
594
595                                foreach ($test_variables as $test => $type)
596                                {
597                                    if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test] || isset($group_attributes['group_avatar']) && strpos($test, 'avatar') === 0 || in_array($test, $set_attributes)))
598                                    {
599                                        settype($submit_ary[$test], $type);
600                                        $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
601                                    }
602                                }
603
604                                if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
605                                {
606                                    $cache->destroy('sql', GROUPS_TABLE);
607                                    $cache->destroy('sql', TEAMPAGE_TABLE);
608
609                                    $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
610                                    trigger_error($user->lang[$message] . $return_page);
611                                }
612                            }
613
614                            if (count($error))
615                            {
616                                $error = array_map(array(&$user, 'lang'), $error);
617                                $group_rank = $submit_ary['rank'];
618
619                                $group_desc_data = array(
620                                    'text'            => $group_desc,
621                                    'allow_bbcode'    => $allow_desc_bbcode,
622                                    'allow_smilies'    => $allow_desc_smilies,
623                                    'allow_urls'    => $allow_desc_urls
624                                );
625                            }
626                        }
627                        else if (!$group_id)
628                        {
629                            $group_desc_data = array(
630                                'text'            => '',
631                                'allow_bbcode'    => true,
632                                'allow_smilies'    => true,
633                                'allow_urls'    => true
634                            );
635                            $group_rank = 0;
636                            $group_type = GROUP_OPEN;
637                        }
638                        else
639                        {
640                            $group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']);
641                            $group_rank = $group_row['group_rank'];
642                        }
643
644                        $sql = 'SELECT *
645                            FROM ' . RANKS_TABLE . '
646                            WHERE rank_special = 1
647                            ORDER BY rank_title';
648                        $result = $db->sql_query($sql);
649
650                        $rank_options = '<option value="0"' . ((!$group_rank) ? ' selected="selected"' : '') . '>' . $user->lang['USER_DEFAULT'] . '</option>';
651                        while ($row = $db->sql_fetchrow($result))
652                        {
653                            $selected = ($group_rank && $row['rank_id'] == $group_rank) ? ' selected="selected"' : '';
654                            $rank_options .= '<option value="' . $row['rank_id'] . '"' . $selected . '>' . $row['rank_title'] . '</option>';
655                        }
656                        $db->sql_freeresult($result);
657
658                        $type_free        = ($group_type == GROUP_FREE) ? ' checked="checked"' : '';
659                        $type_open        = ($group_type == GROUP_OPEN) ? ' checked="checked"' : '';
660                        $type_closed    = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
661                        $type_hidden    = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
662
663                        // Load up stuff for avatars
664                        if ($config['allow_avatar'])
665                        {
666                            $avatars_enabled = false;
667                            $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type']));
668
669                            // Assign min and max values before generating avatar driver html
670                            $template->assign_vars(array(
671                                    'AVATAR_MIN_WIDTH'        => $config['avatar_min_width'],
672                                    'AVATAR_MAX_WIDTH'        => $config['avatar_max_width'],
673                                    'AVATAR_MIN_HEIGHT'        => $config['avatar_min_height'],
674                                    'AVATAR_MAX_HEIGHT'        => $config['avatar_max_height'],
675                            ));
676
677                            foreach ($avatar_drivers as $current_driver)
678                            {
679                                $driver = $phpbb_avatar_manager->get_driver($current_driver);
680
681                                $avatars_enabled = true;
682                                $template->set_filenames(array(
683                                    'avatar' => $driver->get_template_name(),
684                                ));
685
686                                if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error))
687                                {
688                                    $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
689                                    $driver_upper = strtoupper($driver_name);
690                                    $template->assign_block_vars('avatar_drivers', array(
691                                        'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
692                                        'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
693
694                                        'DRIVER' => $driver_name,
695                                        'SELECTED' => $current_driver == $selected_driver,
696                                        'OUTPUT' => $template->assign_display('avatar'),
697                                    ));
698                                }
699                            }
700                        }
701
702                        if (isset($phpbb_avatar_manager) && !$update)
703                        {
704                            // Merge any avatars errors into the primary error array
705                            $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
706                        }
707
708                        $template->assign_vars(array(
709                            'S_EDIT'            => true,
710                            'S_INCLUDE_SWATCH'    => true,
711                            'S_FORM_ENCTYPE'    => ' enctype="multipart/form-data"',
712                            'S_ERROR'            => (count($error)) ? true : false,
713                            'S_SPECIAL_GROUP'    => ($group_type == GROUP_SPECIAL) ? true : false,
714                            'S_AVATARS_ENABLED'    => ($config['allow_avatar'] && $avatars_enabled),
715                            'S_GROUP_MANAGE'    => true,
716
717                            'ERROR_MSG'                => (count($error)) ? implode('<br />', $error) : '',
718                            'GROUP_RECEIVE_PM'        => (isset($group_row['group_receive_pm']) && $group_row['group_receive_pm']) ? ' checked="checked"' : '',
719                            'GROUP_MESSAGE_LIMIT'    => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0,
720                            'GROUP_MAX_RECIPIENTS'    => (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0,
721
722                            'GROUP_DESC'            => $group_desc_data['text'],
723                            'S_DESC_BBCODE_CHECKED'    => $group_desc_data['allow_bbcode'],
724                            'S_DESC_URLS_CHECKED'    => $group_desc_data['allow_urls'],
725                            'S_DESC_SMILIES_CHECKED'=> $group_desc_data['allow_smilies'],
726
727                            'S_RANK_OPTIONS'        => $rank_options,
728
729                            'GROUP_TYPE_FREE'        => GROUP_FREE,
730                            'GROUP_TYPE_OPEN'        => GROUP_OPEN,
731                            'GROUP_TYPE_CLOSED'        => GROUP_CLOSED,
732                            'GROUP_TYPE_HIDDEN'        => GROUP_HIDDEN,
733                            'GROUP_TYPE_SPECIAL'    => GROUP_SPECIAL,
734
735                            'GROUP_FREE'        => $type_free,
736                            'GROUP_OPEN'        => $type_open,
737                            'GROUP_CLOSED'        => $type_closed,
738                            'GROUP_HIDDEN'        => $type_hidden,
739
740                            'S_UCP_ACTION'        => $this->u_action . "&amp;action=$action&amp;g=$group_id",
741                            'L_AVATAR_EXPLAIN'    => phpbb_avatar_explanation_string(),
742                        ));
743
744                    break;
745
746                    case 'list':
747
748                        if (!$group_id)
749                        {
750                            trigger_error($user->lang['NO_GROUP'] . $return_page);
751                        }
752
753                        if (!($row = group_memberships($group_id, $user->data['user_id'])))
754                        {
755                            trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
756                        }
757                        $row = current($row);
758
759                        if (!$row['group_leader'])
760                        {
761                            trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
762                        }
763
764                        $user->add_lang(array('acp/groups', 'acp/common'));
765                        $start = $request->variable('start', 0);
766
767                        // Grab the leaders - always, on every page...
768                        $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
769                            FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug
770                            WHERE ug.group_id = $group_id
771                                AND u.user_id = ug.user_id
772                                AND ug.group_leader = 1
773                            ORDER BY ug.user_pending DESC, u.username_clean";
774                        $result = $db->sql_query($sql);
775
776                        while ($row = $db->sql_fetchrow($result))
777                        {
778                            $template->assign_block_vars('leader', array(
779                                'USERNAME'            => $row['username'],
780                                'USERNAME_COLOUR'    => $row['user_colour'],
781                                'USERNAME_FULL'        => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
782                                'U_USER_VIEW'        => get_username_string('profile', $row['user_id'], $row['username']),
783                                'S_GROUP_DEFAULT'    => ($row['group_id'] == $group_id) ? true : false,
784                                'JOINED'            => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
785                                'USER_POSTS'        => $row['user_posts'],
786                                'USER_ID'            => $row['user_id'])
787                            );
788                        }
789                        $db->sql_freeresult($result);
790
791                        // Total number of group members (non-leaders)
792                        $sql = 'SELECT COUNT(user_id) AS total_members
793                            FROM ' . USER_GROUP_TABLE . "
794                            WHERE group_id = $group_id
795                                AND group_leader = 0";
796                        $result = $db->sql_query($sql);
797                        $total_members = (int) $db->sql_fetchfield('total_members');
798                        $db->sql_freeresult($result);
799
800                        // Grab the members
801                        $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
802                            FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug
803                            WHERE ug.group_id = $group_id
804                                AND u.user_id = ug.user_id
805                                AND ug.group_leader = 0
806                            ORDER BY ug.user_pending DESC, u.username_clean";
807                        $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
808
809                        $pending = false;
810                        $approved = false;
811
812                        while ($row = $db->sql_fetchrow($result))
813                        {
814                            if ($row['user_pending'] && !$pending)
815                            {
816                                $template->assign_block_vars('member', array(
817                                    'S_PENDING'        => true)
818                                );
819                                $template->assign_var('S_PENDING_SET', true);
820
821                                $pending = true;
822                            }
823                            else if (!$row['user_pending'] && !$approved)
824                            {
825                                $template->assign_block_vars('member', array(
826                                    'S_APPROVED'        => true)
827                                );
828                                $template->assign_var('S_APPROVED_SET', true);
829
830                                $approved = true;
831                            }
832
833                            $template->assign_block_vars('member', array(
834                                'USERNAME'            => $row['username'],
835                                'USERNAME_COLOUR'    => $row['user_colour'],
836                                'USERNAME_FULL'        => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
837                                'U_USER_VIEW'        => get_username_string('profile', $row['user_id'], $row['username']),
838                                'S_GROUP_DEFAULT'    => ($row['group_id'] == $group_id) ? true : false,
839                                'JOINED'            => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
840                                'USER_POSTS'        => $row['user_posts'],
841                                'USER_ID'            => $row['user_id'])
842                            );
843                        }
844                        $db->sql_freeresult($result);
845
846                        $s_action_options = '';
847                        $options = array('default' => 'DEFAULT', 'approve' => 'APPROVE', 'deleteusers' => 'DELETE');
848
849                        foreach ($options as $option => $lang)
850                        {
851                            $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>';
852                        }
853
854                        /* @var $pagination \phpbb\pagination */
855                        $pagination = $phpbb_container->get('pagination');
856                        $base_url = $this->u_action . "&amp;action=$action&amp;g=$group_id";
857                        $start = $pagination->validate_start($start, $config['topics_per_page'], $total_members);
858                        $pagination->generate_template_pagination($base_url, 'pagination', 'start', $total_members, $config['topics_per_page'], $start);
859
860                        $template->assign_vars(array(
861                            'S_LIST'            => true,
862                            'S_ACTION_OPTIONS'    => $s_action_options,
863
864                            'U_ACTION'            => $this->u_action . "&amp;g=$group_id",
865                            'S_UCP_ACTION'        => $this->u_action . "&amp;g=$group_id",
866                            'U_FIND_USERNAME'    => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=usernames'),
867                        ));
868
869                    break;
870
871                    case 'approve':
872
873                        if (!$group_id)
874                        {
875                            trigger_error($user->lang['NO_GROUP'] . $return_page);
876                        }
877
878                        if (!check_form_key('ucp_groups'))
879                        {
880                            trigger_error($user->lang('FORM_INVALID') . $return_page);
881                        }
882
883                        if (!($row = group_memberships($group_id, $user->data['user_id'])))
884                        {
885                            trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
886                        }
887                        $row = current($row);
888
889                        if (!$row['group_leader'])
890                        {
891                            trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
892                        }
893
894                        $user->add_lang('acp/groups');
895
896                        // Approve, demote or promote
897                        group_user_attributes('approve', $group_id, $mark_ary, false, false);
898
899                        trigger_error($user->lang['USERS_APPROVED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
900
901                    break;
902
903                    case 'default':
904
905                        if (!$group_id)
906                        {
907                            trigger_error($user->lang['NO_GROUP'] . $return_page);
908                        }
909
910                        if (!($row = group_memberships($group_id, $user->data['user_id'])))
911                        {
912                            trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
913                        }
914                        $row = current($row);
915
916                        if (!$row['group_leader'])
917                        {
918                            trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
919                        }
920
921                        $group_row['group_name'] = $group_helper->get_name($group_row['group_name']);
922
923                        if (confirm_box(true))
924                        {
925                            if (!count($mark_ary))
926                            {
927                                $start = 0;
928
929                                do
930                                {
931                                    $sql = 'SELECT user_id
932                                        FROM ' . USER_GROUP_TABLE . "
933                                        WHERE group_id = $group_id
934                                        ORDER BY user_id";
935                                    $result = $db->sql_query_limit($sql, 200, $start);
936
937                                    $mark_ary = array();
938                                    if ($row = $db->sql_fetchrow($result))
939                                    {
940                                        do
941                                        {
942                                            $mark_ary[] = $row['user_id'];
943                                        }
944                                        while ($row = $db->sql_fetchrow($result));
945
946                                        group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
947
948                                        $start = (count($mark_ary) < 200) ? 0 : $start + 200;
949                                    }
950                                    else
951                                    {
952                                        $start = 0;
953                                    }
954                                    $db->sql_freeresult($result);
955                                }
956                                while ($start);
957                            }
958                            else
959                            {
960                                group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
961                            }
962
963                            $user->add_lang('acp/groups');
964
965                            trigger_error($user->lang['GROUP_DEFS_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
966                        }
967                        else
968                        {
969                            $user->add_lang('acp/common');
970
971                            confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
972                                'mark'        => $mark_ary,
973                                'g'            => $group_id,
974                                'i'            => $id,
975                                'mode'        => $mode,
976                                'action'    => $action))
977                            );
978                        }
979
980                        // redirect to last screen
981                        redirect($this->u_action . '&amp;action=list&amp;g=' . $group_id);
982
983                    break;
984
985                    case 'deleteusers':
986
987                        $user->add_lang(array('acp/groups', 'acp/common'));
988
989                        if (!($row = group_memberships($group_id, $user->data['user_id'])))
990                        {
991                            trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
992                        }
993                        $row = current($row);
994
995                        if (!$row['group_leader'])
996                        {
997                            trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
998                        }
999
1000                        $group_row['group_name'] = $group_helper->get_name($group_row['group_name']);
1001
1002                        if (confirm_box(true))
1003                        {
1004                            if (!$group_id)
1005                            {
1006                                trigger_error($user->lang['NO_GROUP'] . $return_page);
1007                            }
1008
1009                            $error = group_user_del($group_id, $mark_ary, false, $group_row['group_name']);
1010
1011                            if ($error)
1012                            {
1013                                trigger_error($user->lang[$error] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
1014                            }
1015
1016                            trigger_error($user->lang['GROUP_USERS_REMOVE'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
1017                        }
1018                        else
1019                        {
1020                            confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
1021                                'mark'        => $mark_ary,
1022                                'g'            => $group_id,
1023                                'i'            => $id,
1024                                'mode'        => $mode,
1025                                'action'    => $action))
1026                            );
1027                        }
1028
1029                        // redirect to last screen
1030                        redirect($this->u_action . '&amp;action=list&amp;g=' . $group_id);
1031
1032                    break;
1033
1034                    case 'addusers':
1035
1036                        $user->add_lang(array('acp/groups', 'acp/common'));
1037
1038                        $names = $request->variable('usernames', '', true);
1039
1040                        if (!$group_id)
1041                        {
1042                            trigger_error($user->lang['NO_GROUP'] . $return_page);
1043                        }
1044
1045                        if (!$names)
1046                        {
1047                            trigger_error($user->lang['NO_USERS'] . $return_page);
1048                        }
1049
1050                        if (!($row = group_memberships($group_id, $user->data['user_id'])))
1051                        {
1052                            trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
1053                        }
1054                        $row = current($row);
1055
1056                        if (!$row['group_leader'])
1057                        {
1058                            trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page);
1059                        }
1060
1061                        $name_ary = array_unique(explode("\n", $names));
1062                        $group_name = $group_helper->get_name($group_row['group_name']);
1063
1064                        $default = $request->variable('default', 0);
1065
1066                        if (confirm_box(true))
1067                        {
1068                            $return_manage_page = '<br /><br />' . $language->lang('RETURN_PAGE', '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>');
1069
1070                            // Add user/s to group
1071                            if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row))
1072                            {
1073                                $display_message = $language->lang($error);
1074
1075                                if ($error == 'GROUP_USERS_INVALID')
1076                                {
1077                                    // Find which users don't exist
1078                                    $actual_name_ary = $name_ary;
1079                                    $actual_user_id_ary = [];
1080                                    user_get_id_name($actual_user_id_ary, $actual_name_ary, false, true);
1081
1082                                    $display_message = $language->lang('GROUP_USERS_INVALID', implode($language->lang('COMMA_SEPARATOR'), array_udiff($name_ary, $actual_name_ary, 'strcasecmp')));
1083                                }
1084
1085                                trigger_error($display_message . $return_manage_page);
1086                            }
1087
1088                            trigger_error($language->lang('GROUP_USERS_ADDED') . $return_manage_page);
1089                        }
1090                        else
1091                        {
1092                            $s_hidden_fields = array(
1093                                'default'    => $default,
1094                                'usernames'    => $names,
1095                                'g'            => $group_id,
1096                                'i'            => $id,
1097                                'mode'        => $mode,
1098                                'action'    => $action
1099                            );
1100
1101                            confirm_box(false, $user->lang('GROUP_CONFIRM_ADD_USERS', count($name_ary), implode($user->lang['COMMA_SEPARATOR'], $name_ary)), build_hidden_fields($s_hidden_fields));
1102                        }
1103
1104                        trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
1105
1106                    break;
1107
1108                    default:
1109                        $user->add_lang('acp/common');
1110
1111                        $sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_desc, g.group_desc_uid, g.group_desc_bitfield, g.group_desc_options, g.group_type, ug.group_leader
1112                            FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
1113                            WHERE ug.user_id = ' . $user->data['user_id'] . '
1114                                AND g.group_id = ug.group_id
1115                                AND ug.group_leader = 1
1116                            ORDER BY g.group_type DESC, g.group_name';
1117                        $result = $db->sql_query($sql);
1118
1119                        while ($value = $db->sql_fetchrow($result))
1120                        {
1121                            $template->assign_block_vars('leader', array(
1122                                'GROUP_NAME'    => $group_helper->get_name($value['group_name']),
1123                                'GROUP_DESC'    => generate_text_for_display($value['group_desc'], $value['group_desc_uid'], $value['group_desc_bitfield'], $value['group_desc_options']),
1124                                'GROUP_TYPE'    => $value['group_type'],
1125                                'GROUP_ID'        => $value['group_id'],
1126                                'GROUP_COLOUR'    => $value['group_colour'],
1127
1128                                'U_LIST'    => $this->u_action . "&amp;action=list&amp;g={$value['group_id']}",
1129                                'U_EDIT'    => $this->u_action . "&amp;action=edit&amp;g={$value['group_id']}")
1130                            );
1131                        }
1132                        $db->sql_freeresult($result);
1133
1134                    break;
1135                }
1136
1137            break;
1138        }
1139
1140        $this->tpl_name = 'ucp_groups_' . $mode;
1141    }
1142}