1)); // if not a system administrator, must have admin-access to both this group // and ALL parent groups to delete if (!$editable and ($g > 1) and is_allowed(ACCESS_ADMIN)) { $q = 'select * from groups,affiliations where groupid=affiliateid and affiliateid=' . $g . ';'; $r = query ($q); if ($r) { $parentcount = 0; $idlist = ''; while ($info = mysql_fetch_array($r, MYSQL_ASSOC)) { if ($idlist) $idlist .= ','; $idlist .= $info['affiliationid']; $parentcount++; } } // sa security check on list of parent ids: number of rows returned must equal number of groups in the list! if ($idlist) { $q = 'select * from memberships,access where memberid = ' . $p_id . ' and groupid = usergroupid and functiongroupid in (' . $idlist . ') and functionid=' . ACCESS_ADMIN . ';'; $r = query ($q); $editable = (mysql_num_rows($r) == $parentcount); } } return $editable; } // deleteforumdata // - handles forums, topics & messages // - will delete data owned by given list of ids in specified table and return list of owner ids for the next delete // $tablename: table to be searched, e.g. 'forums' // $ownercolumnname: column name of owning data type, e.g. 'ownergroupid' // $owneridlist: comma-separated list of owner ids to match, e.g. '3,4' // $idcolumnname: primary key id in table being searched, e.g. 'forumid' function deleteforumdata ($tablename, $ownercolumnname, $owneridlist, $idcolumnname) { $q = 'select * from ' . $tablename . ' where ' . $ownercolumnname . ' in (' . $owneridlist . ');'; $r = query ($q); $idlist = ''; if ($r and ($owneridlist)) { $count = 0; $idlist = ''; while ($info = mysql_fetch_array($r, MYSQL_ASSOC)) { if ($idlist) $idlist .= ','; $idlist .= $info[$idcolumnname]; $count++; } if ($count) { $q = 'delete from ' . $tablename . ' where ' . $ownercolumnname . ' in (' . $owneridlist . ');'; $r = query ($q); } } return $idlist; } // handle deletes if ($_GET["delete"]) { if (delete_allowed()) { $r = query ('delete from groups where groupid=' . $g . ';') or die ('Error deleting group!'); if ($r) { $r = query ('delete from memberships where groupid=' . $g . ';'); $r = query ('delete from positions where groupid=' . $g . ';'); $r = query ('delete from affiliations where affiliateid=' . $g . ' or affiliationid = ' . $g . ';'); $r = query ('delete from access where usergroupid=' . $g . ' or functiongroupid=' . $g . ';'); // discussion forums $forumlist = deleteforumdata ('forums','ownergroupid',$g,'forumid'); $topiclist = deleteforumdata ('topics','ownerforumid',$forumlist,'topicid'); $messagelist = deleteforumdata ('messages','ownertopicid',$topiclist,'messageid'); $g = 0; $change_report = 'group deleted.'; } else { noteerror('Could not delete group (database error).'); } } else { include "accessdenied.php"; } } // handle unspecified target if ($g == 0) { printhtmlheader('Create New group'); printmasthead ('Create New group','masthead_groupedit'); printeditfeedback(); print (''); die (); } if ($g > 0) { $r = query ("select * from groups where groupid=" . $g . ";"); $g_info = mysql_fetch_array($r, MYSQL_ASSOC) or die ("Error accessing database for group id=" . $g); $editable = is_allowed (ACCESS_DATAENTRY); if (!$editable) { include "accessdenied.php"; } } elseif (($g < 0) and ($u_id > 0)) { // group < 0: indicates new group to be created! // must be SA; or if a new subgroup, must have admin-access to parent group $editable = $userinfo['sa']; if ((!$editable) and $parent) { // security check for admin-access to parent group $q = 'select * from memberships,access where memberid = ' . $p_id; $q .= ' and groupid = usergroupid and functiongroupid = ' . $parent; $q .= ' and functionid = ' . ACCESS_ADMIN . ';'; $r = query ($q) or die ('Error accessing security table.'); if ($functioninfo = mysql_fetch_array($r, MYSQL_ASSOC)) { // found at least one $editable = TRUE; } } if (!$editable) { include "accessdenied.php"; } } else { include "accessdenied.php"; } // BASIC INFORMATION FORM RESULTS if ($_POST["edit_groupname"]) { $changed = FALSE; if ($g<0) { // negative group code means create new group! $sql = 'insert into groups set '; $g_info = array ( "groupname" => '', "mailaddress" => '', "phone" => '', "fax" => '', "email" => '', "webpage" => '', "picture" => '', "description" => '' ); } else { $sql = 'update groups set '; } function installvalue ($fieldname) { global $g_info,$changed,$sql; $postfieldname = "edit_" . $fieldname; if ($g_info[$fieldname] != $_POST[$postfieldname]) { if ($changed) $sql .= ', '; $changed = TRUE; $newvalue = $_POST[$postfieldname]; if (($fieldname == 'webpage') and ($newvalue <> '')) { $test=strtolower(substr($newvalue,0,7)); if ($test <> 'http://') { $newvalue = 'http://' . $newvalue; } } $sql .= $fieldname . '="' . sqlsafe($newvalue) . '"'; $g_info[$fieldname] = $newvalue; } } // name: ensure no duplicates! $q = 'select * from groups where (groupname="' . sqlsafe($_POST["edit_groupname"]) . '")'; $q .= ' and (groupid<>' . $g . ');'; $r = query ($q) or die ('Error accessing database.'); if (mysql_num_rows($r)) { noteerror('The group "' . crunchtext($_POST["edit_groupname"]) . '" already exists.'); $_POST["edit_groupname"] = $g_info["groupname"]; } // basic information installvalue ("groupname"); installvalue ("mailaddress"); installvalue ("phone"); installvalue ("fax"); installvalue ("email"); installvalue ("webpage"); installvalue ("picture"); installvalue ("description"); // FINISH SQL STATEMENT AND CHANGE DATABASE if ($g > 0) $sql .= ' where groupid=' . $g . ';'; // do not change database if there was an error! if ($error_report) $changed = FALSE; if ($changed) { $r = query ($sql); if ($r) { $change_report = 'Information updated!'; } else { noteerror ('Error updating information with "'.$sql.'"'); } if (($g < 0) and (!$error_report)) { $r = query ('select * from groups where groupname="' . sqlsafe($_POST["edit_groupname"]) . '";') or noteerror ('Error finding new group id #'); if (!$error_report) { $g_info = mysql_fetch_array($r, MYSQL_ASSOC); $g = $g_info["groupid"]; } // phase 2: install link to parent, if applicable if ($parent and (!$error_report)) { // insert affiliation entry $r = query('insert into affiliations set affiliateid=' . $g . ', affiliationid=' . $parent . ';') or noteerror ('Error linking new group as subgroup.'); // establish who has admin-access to parent group $q = 'select * from access where functiongroupid = ' . $parent; $q .= ' and functionid = ' . ACCESS_ADMIN . ';'; $r = query ($q) or noteerror ('Error accessing security table.'); $hasadmingroups = FALSE; while ($functioninfo = mysql_fetch_array($r, MYSQL_ASSOC)) { $admingroups[] = $functioninfo["usergroupid"]; $hasadmingroups = TRUE; } // grant admin-access to new subgroup to all administrators of parent group if ($hasadmingroups) { foreach ($admingroups as $admingroup) { $r = query('insert into access set usergroupid=' . $admingroup . ', functiongroupid=' . $g . ', functionid=1, accesslevel=1;') or noteerror ('Error updating security table.'); } // foreach } // if ($hasadmingroups) } // if ($parent) // phase 3: install default permissions; currently view-forum to all internet if (!$errorreport) { $q = 'insert into access set usergroupid=-2, functiongroupid=' . $g . ', functionid=' . ACCESS_FORUM_VIEW . ', accesslevel=1;'; $r = query($q) or noteerror ('Error granting default forum-viewing permissions.'); $q = 'insert into access set usergroupid=' . $g . ', functiongroupid=' . $g . ', functionid=' . ACCESS_FORUM_NEWTOPIC . ', accesslevel=1;'; $r = query($q) or noteerror ('Error granting default forum-posting permissions.'); } // if (!$errorreport) } // if ($g < 0) } // if ($changed) } // POSITION-EDIT FORM RESULTS $positioncount = 0; while (isset($_POST["edit_position_id_" . ++$positioncount]) and $g) { // get information $positionid = $_POST["edit_position_id_" . $positioncount]; $positionname = $_POST["edit_position_name_" . $positioncount]; $positionsort = $_POST["edit_position_sort_" . $positioncount]; if (!$positionsort) $positionsort = 1; $positiondelete = $_POST["edit_position_delete_" . $positioncount]; // create new position if (!$positionid) { if ($positionname) { $q = 'insert into positions set positionname="' . sqlsafe($positionname) . '",'; $q .= ' sortlevel=' . $positionsort . ', groupid=' . $g_info["groupid"] . ';'; if (query($q)) { $change_report = 'Information updated!'; } else { noteerror ('Error installing new position with query: "' . $q . '"'); } } // delete position } elseif ($positiondelete) { if (query ('delete from positions where positionid=' . $positionid . ';')) { $change_report = 'Information updated!'; } else { noteerror ('Error deleting position.'); } if (query ('update memberships set positionid=0 where positionid=' . $positionid . ';')) { $change_report = 'Information updated!'; } else { noteerror ('Error deleting position.'); } // edit position } else { $q = 'update positions set positionname="' . sqlsafe($positionname) . '",'; $q .= ' sortlevel=' . $positionsort . ', groupid=' . $g_info["groupid"]; $q .= ' where positionid=' . $positionid . ';'; if (query($q)) { $change_report = 'Information updated!'; } else { noteerror ('Error updating position with query: "' . $q . '"'); } } } // ============================================================================================= // ----- BEGIN VISIBLE PAGE ----- // ============================================================================================= function masthead_groupedit () { global $g, $userinfo, $BGCOLOUR_LIGHT, $BGCOLOUR_DARK; masthead_group_search(); print ''; if ($_GET["deleteconfirm"]) { print ' Permanently delete this group '; $q = 'select messageid,topicid,forumid,subject from groups,forums,topics,messages '; $q .= 'where groupid=ownergroupid and forumid=ownerforumid and topicid=ownertopicid and groupid=' . $g . ';'; $r = query ($q); if ($r) { if (mysql_num_rows($r)) { print '(and its ' . mysql_num_rows($r) . ' forum messages) '; } } print '- Are you sure? '; print '| Yes '; print '| No '; print '|'; } else { if ($userinfo["sa"]) { print ' '; print 'New group |'; } if (!$g) { print ' Return to Directory |'; } if (delete_allowed()) { print ' Delete |'; } if ($g) { print ' Browse |'; print ' Change members |'; if (is_allowed(ACCESS_ADMIN)) { print ' Change subgroups |'; print ' '; print 'Edit forums |'; print ' '; print 'Security |'; } } } print ""; } if ($g>0) { $pagetitle = crunchtext($g_info["groupname"]); } else { $pagetitle = "Create New group"; } printhtmlheader ($pagetitle); printmasthead ('Edit group Information','masthead_groupedit'); printeditfeedback(); if ($g>0) { print '

' . crunchtext($g_info["groupname"]) . "

\n"; } else if ($parent > 0) { print "

New Subgroup of "; $r = query ("select * from groups where groupid=" . $parent . ";"); $parentgroupinfo = mysql_fetch_array($r, MYSQL_ASSOC) or die ("Error accessing database for group id=" . $parent); print crunchtext($parentgroupinfo["groupname"]); print "

\n"; } else { print "

New group

\n"; } // append '?g=#' for existing groups; for new groups (negative numbers) leave it hidden in the form // BASIC INFO FORM // install "g" for group id $urltag = ''; if ($g > 0) $urltag = '?g=' . $g; $_POST["g"] = $g; $_POST["parent"] = $parent; function showsectiontitle ($titletext) { print "

$titletext

\n"; } function showeditabletext ($fieldname, $displayname, $inputtype='TEXT') { global $g_info; print '' . $displayname . ''; print ""; // create and install "edit_[fieldname]" POST variables for use in the form $formfield = "edit_" . $fieldname; $_POST[$formfield] = $g_info[$fieldname]; if ($inputtype == 'INT') { formnumberinput ($formfield, 50); } elseif ($inputtype == 'PASS'){ formpasswordinput ($formfield, 50); } elseif ($inputtype == 'TEXTAREA'){ formtextareainput ($formfield, 50, 4); } else { formtextinput ($formfield, 50); } print "\n"; } showsectiontitle ("Basic Information"); formstart($urltag); // hidden fields formhiddeninput ("g"); formhiddeninput ("parent"); print "\n"; showeditabletext ("groupname","Name:"); showeditabletext ("mailaddress","Mailing Address:"); showeditabletext ("phone","Phone:"); showeditabletext ("fax","Fax:"); showeditabletext ("email","Email:"); showeditabletext ("webpage","Web Page :"); showeditabletext ("picture","Picture (URL):"); showeditabletext ("description","Description" . highlighttext("*") . ":",'TEXTAREA'); print ""; print "

" . highlighttext("*HTML tags are supported in this field.") . "

\n"; // POSITION-EDIT FORM // creates arbitrary number of position-edit form variables: // edit_position_id_# // edit_position_name_# // edit_position_sort_# // edit_position_delete_# // ... where # runs from 1 to (total positions in group) // if the first variable holds a value of zero, this is a new position to create $positioncount = 0; function showposition ($positionid,$positionname,$positionsortlevel) { global $positioncount; $positionformid="edit_position_id_" . ++$positioncount; $_POST[$positionformid] = $positionid; $positionformname="edit_position_name_" . $positioncount; $_POST[$positionformname] = $positionname; $positionformsort="edit_position_sort_" . $positioncount; $_POST[$positionformsort] = $positionsortlevel; $positionformdelete="edit_position_delete_" . $positioncount; $_POST[$positionformdelete] = false; print ""; formhiddeninput ($positionformid); formtextinput ($positionformname); print ""; formnumberinput ($positionformsort,5); if ($positionid) { print ""; formcheckboxinput ($positionformdelete); print "Delete"; } print "\n"; } if ($g > 0) { showsectiontitle ("Positions"); print "\n"; print ""; $q = 'select * from positions where groupid=' . $g . ' order by sortlevel desc;'; $r = query ($q) or die ('Error accessing position information.'); while ($position = mysql_fetch_array($r, MYSQL_ASSOC)) { showposition ($position["positionid"],$position["positionname"],$position["sortlevel"]); } while ($positioncount < 3) { showposition (0,'',1); } showposition (0,'',1); print "

Position Name	Sort" . highlighttext('*') . "

\n"; } formend(); if ($g > 0) { $footnote = "

*A number that determines how these positions are sorted on the display page"; $footnote .= " (higher numbers sort first).
"; print highlighttext($footnote); } ?>