From 3afd05636e46aedb53e1c1d954d23d6563b5e104 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 2 Jun 2011 22:40:08 +0200
Subject: admin groups

---
 includes/pages/admin_groups.php | 73 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 includes/pages/admin_groups.php

(limited to 'includes/pages/admin_groups.php')

diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
new file mode 100644
index 00000000..5d9d8180
--- /dev/null
+++ b/includes/pages/admin_groups.php
@@ -0,0 +1,73 @@
+<?php
+function admin_groups() {
+	global $user;
+
+	$html = "";
+	$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+	if (!isset ($_REQUEST["action"])) {
+		$groups_html = "";
+		foreach ($groups as $group) {
+			$groups_html .= '<tr>';
+			$groups_html .= '<td>' . $group['Name'] . '</td>';
+			$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+			$privileges_html = array ();
+			foreach ($privileges as $priv)
+				$privileges_html[] = $priv['name'];
+			$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
+			$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
+			$groups_html .= '</tr>';
+		}
+
+		return template_render('../templates/admin_groups.html', array (
+			'nick' => $user['Nick'],
+			'groups' => $groups_html
+		));
+	} else {
+		switch ($_REQUEST["action"]) {
+			case 'edit' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($room) > 0) {
+					list ($room) = $room;
+					$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+					$privileges_html = "";
+					foreach ($privileges as $priv)
+						$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
+
+					$html .= template_render('../templates/admin_groups_edit_form.html', array (
+						'link' => page_link_to("admin_groups"),
+						'id' => $id,
+						'privileges' => $privileges_html
+					));
+				} else
+					return error("No Group found.");
+				break;
+
+			case 'save' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (!is_array($_REQUEST['privileges']))
+					$_REQUEST['privileges'] = array ();
+				if (count($room) > 0) {
+					list ($room) = $room;
+					sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+					foreach ($_REQUEST['privileges'] as $priv)
+						if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
+							sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+					header("Location: " . page_link_to("admin_groups"));
+				} else
+					return error("No Group found.");
+				break;
+		}
+	}
+	return $html;
+}
+?>
-- 
cgit v1.2.3-54-g00ecf


From 93dd7113b13b06de1701b216b77bb73e76421fb5 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Fri, 3 Jun 2011 11:17:09 +0200
Subject: admin_groups minor cleanup

---
 includes/pages/admin_groups.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'includes/pages/admin_groups.php')

diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 5d9d8180..842640d8 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -7,15 +7,23 @@ function admin_groups() {
 	if (!isset ($_REQUEST["action"])) {
 		$groups_html = "";
 		foreach ($groups as $group) {
-			$groups_html .= '<tr>';
-			$groups_html .= '<td>' . $group['Name'] . '</td>';
+			$groups_html .= sprintf(
+				'<tr><td>%s</td>',
+				$group['Name']
+			);
 			$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
 			$privileges_html = array ();
+
 			foreach ($privileges as $priv)
 				$privileges_html[] = $priv['name'];
-			$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
-			$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
-			$groups_html .= '</tr>';
+
+			$groups_html .= sprintf(
+				'<td>%s</td>'
+				. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
+				join(', ', $privileges_html),
+				page_link_to("admin_groups"),
+				$group['UID']
+			);
 		}
 
 		return template_render('../templates/admin_groups.html', array (
-- 
cgit v1.2.3-54-g00ecf


From 5d9335fe183a0486c593975c45c2abe6875ab719 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Fri, 3 Jun 2011 20:24:36 +0200
Subject: admin_questions: More templates + sql fixes

---
 includes/pages/admin_groups.php          | 12 +++++++++++-
 includes/pages/admin_language.php        | 18 ++++++++++++++----
 includes/pages/admin_questions.php       | 31 ++++++++++++++++++++-----------
 templates/admin_question_answered.html   |  9 +++++++++
 templates/admin_question_unanswered.html | 14 ++++++++++++++
 templates/admin_questions.html           |  6 +++---
 6 files changed, 71 insertions(+), 19 deletions(-)
 create mode 100644 templates/admin_question_answered.html
 create mode 100644 templates/admin_question_unanswered.html

(limited to 'includes/pages/admin_groups.php')

diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 842640d8..770f09b4 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -44,7 +44,17 @@ function admin_groups() {
 					$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
 					$privileges_html = "";
 					foreach ($privileges as $priv)
-						$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
+						$privileges_html .= sprintf(
+							'<tr><td><input type="checkbox" '
+							. 'name="privileges[]" value="%s" %s />'
+							. '</td> <td>%s</td> <td>%s</td></tr>',
+							$priv['id'],
+							($priv['group_id'] != ""
+							? 'checked="checked"'
+							: ''),
+							$priv['name'],
+							$priv['desc']
+						);
 
 					$html .= template_render('../templates/admin_groups_edit_form.html', array (
 						'link' => page_link_to("admin_groups"),
diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php
index a866528e..749cd643 100644
--- a/includes/pages/admin_language.php
+++ b/includes/pages/admin_language.php
@@ -72,19 +72,29 @@ function admin_language() {
 		foreach ($_POST as $k => $v) {
 			if ($k != "TextID") {
 				$sql_test = "SELECT * FROM `Sprache` " .
-				"WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k'";
+				"WHERE `TextID`='" . sql_escape($_POST["TextID"])
+				. "' AND `Sprache`='"
+				. sql_escape($k) . "'";
+
 				$erg_test = sql_query($sql_test);
 
 				if (mysql_num_rows($erg_test) == 0) {
 					$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " .
-					"VALUES ('" . $_POST["TextID"] . "', '$k', '$v')";
+					"VALUES ('" . sql_escape($_POST["TextID"]) . "', '"
+					. sql_escape($k) . "', '"
+					. sql_escape($v) . "')";
+
 					$html .= $sql_save . "<br />";
 					$Erg = sql_query($sql_save);
 					$html .= success("$k Save: OK<br />\n");
 				} else
 					if (mysql_result($erg_test, 0, "Text") != $v) {
-						$sql_save = "UPDATE `Sprache` SET `Text`='$v' " .
-						"WHERE `TextID`='" . $_POST["TextID"] . "' AND `Sprache`='$k' ";
+						$sql_save = "UPDATE `Sprache` SET `Text`='"
+						. sql_escape($v) . "' " .
+						"WHERE `TextID`='"
+						. sql_escape($_POST["TextID"])
+						. "' AND `Sprache`='" . sql_escape($k) . "' ";
+
 						$html .= $sql_save . "<br />";
 						$Erg = sql_query($sql_save);
 						$html .= success(" $k Update: OK<br />\n");
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 5355dd86..0e4469d5 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -18,19 +18,28 @@ function admin_questions() {
 	if (!isset ($_REQUEST['action'])) {
 		$open_questions = "";
 		$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
-		foreach ($questions as $question) {
-			$open_questions .= '<tr><td>' . UID2Nick($question['UID']) . '</td><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
-			$open_questions .= '<td><form action="' . page_link_to("admin_questions") . '&action=answer" method="post"><textarea name="answer"></textarea><input type="hidden" name="id" value="' . $question['QID'] . '" /><br /><input type="submit" name="submit" value="Send" /></form></td>';
-			$open_questions .= '<td><a href="' . page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
-		}
+		foreach ($questions as $question)
+			$open_questions .= template_render(
+				'../templates/admin_question_unanswered.html', array (
+				'question_nick' => UID2Nick($question['UID']),
+				'question_id'   => $question['QID'],
+				'link'          => page_link_to("admin_questions"),
+				'question'      => str_replace("\n", '<br />', $question['Question'])
+			));
 
 		$answered_questions = "";
 		$questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
-		foreach ($questions as $question) {
-			$answered_questions .= '<tr><td>' . UID2Nick($question['UID']) . '</td><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>';
-			$answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>';
-			$answered_questions .= '<td><a href="' . page_link_to("admin_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>';
-		}
+
+		foreach ($questions as $question)
+			$answered_questions .= template_render(
+				'../templates/admin_question_answered.html', array (
+				'question_id'   => $question['QID'],
+				'question_nick' => UID2Nick($question['UID']),
+				'question'      => str_replace("\n", "<br />", $question['Question']),
+				'answer_nick'   => UID2Nick($question['AID']),
+				'answer'        => str_replace("\n", "<br />", $question['Answer']),
+				'link'          => page_link_to("admin_questions"),
+			));
 
 		return template_render('../templates/admin_questions.html', array (
 			'link' => page_link_to("admin_questions"),
@@ -73,4 +82,4 @@ function admin_questions() {
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/templates/admin_question_answered.html b/templates/admin_question_answered.html
new file mode 100644
index 00000000..e4f07932
--- /dev/null
+++ b/templates/admin_question_answered.html
@@ -0,0 +1,9 @@
+<tr>
+	<td> %question_nick% </td>
+	<td> %question% </td>
+	<td> %answer_nick% </td>
+	<td> %answer% </td>
+	<td>
+		<a href="%link%&action=delete&id=%question_id%">Delete</a>
+	</td>
+</tr>
diff --git a/templates/admin_question_unanswered.html b/templates/admin_question_unanswered.html
new file mode 100644
index 00000000..fc3db78a
--- /dev/null
+++ b/templates/admin_question_unanswered.html
@@ -0,0 +1,14 @@
+<tr>
+	<td> %question_nick% </td>
+	<td> %question% </td>
+	<td>
+		<form action="%link%&action=answer" method="post">
+		<textarea name="answer"></textarea>
+		<input type="hidden" name="id" value="%question_id%" />
+		<input type="submit" name="submit" value="Send" />
+		</form>
+	</td>
+	<td>
+		<a href="%link%&action=delete&id=%question_id%">Delete</a>
+	</td>
+</tr>
diff --git a/templates/admin_questions.html b/templates/admin_questions.html
index ad8d6572..171f10b5 100644
--- a/templates/admin_questions.html
+++ b/templates/admin_questions.html
@@ -24,6 +24,9 @@ Not yet answered questions:
 <table>
     <thead>
         <tr>
+            <th>
+                From
+            </th>
             <th>
                 Question
             </th>
@@ -33,9 +36,6 @@ Not yet answered questions:
             <th>
                 Answer
             </th>
-            <th>
-                From
-            </th>
             <th>
                 &nbsp;
             </th>
-- 
cgit v1.2.3-54-g00ecf