PageRenderTime 68ms CodeModel.GetById 26ms RepoModel.GetById 1ms app.codeStats 1ms

/system/cp/cp.members.php

https://github.com/danboy/Croissierd
PHP | 5601 lines | 3639 code | 1365 blank | 597 comment | 544 complexity | 2223e2fee1dd8e25ecf455659a1e1645 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. /*
  3. =====================================================
  4. ExpressionEngine - by EllisLab
  5. -----------------------------------------------------
  6. http://expressionengine.com/
  7. -----------------------------------------------------
  8. Copyright (c) 2003 - 2010 EllisLab, Inc.
  9. =====================================================
  10. THIS IS COPYRIGHTED SOFTWARE
  11. PLEASE READ THE LICENSE AGREEMENT
  12. http://expressionengine.com/docs/license.html
  13. =====================================================
  14. File: cp.members.php
  15. -----------------------------------------------------
  16. Purpose: Member management functions
  17. =====================================================
  18. */
  19. if ( ! defined('EXT'))
  20. {
  21. exit('Invalid file request');
  22. }
  23. class Members {
  24. // Default member groups. We used these for translation purposes
  25. var $english = array('Guests', 'Banned', 'Members', 'Pending', 'Super Admins');
  26. var $perpage = 50; // Number of results on the "View all member" page
  27. var $no_delete = array('1', '2', '3', '4'); // Member groups that can not be deleted
  28. /** -----------------------------
  29. /** Constructor
  30. /** -----------------------------*/
  31. function Members()
  32. {
  33. global $LANG;
  34. // Fetch the language files
  35. $LANG->fetch_language_file('myaccount');
  36. $LANG->fetch_language_file('members');
  37. }
  38. /* END */
  39. /** -----------------------------
  40. /** View all members
  41. /** -----------------------------*/
  42. function view_all_members($message = '')
  43. {
  44. global $IN, $LANG, $DSP, $LOC, $DB, $PREFS;
  45. // These variables are only set when one of the pull-down menus is used
  46. // We use it to construct the SQL query with
  47. $group_id = $IN->GBL('group_id', 'GP');
  48. $order = $IN->GBL('order', 'GP');
  49. $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members");
  50. $total_members = $query->row['count'];
  51. // Begin building the page output
  52. $r = $DSP->qdiv('tableHeading', $LANG->line('view_members'));
  53. if ($message != '')
  54. {
  55. $r .= $DSP->qdiv('box', $message);
  56. }
  57. // Declare the "filtering" form
  58. $r .= $DSP->form_open(array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=view_members'));
  59. $DSP->right_crumb($LANG->line('new_member_search'), BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=member_search');
  60. // Table start
  61. $r .= $DSP->div('box');
  62. $r .= $DSP->table('', '0', '', '100%').
  63. $DSP->tr().
  64. $DSP->td('itemWrapper', '', '5').NL;
  65. // Member group selection pull-down menu
  66. $r .= $DSP->input_select_header('group_id').
  67. $DSP->input_select_option('', $LANG->line('member_groups')).
  68. $DSP->input_select_option('', $LANG->line('all'));
  69. // Fetch the names of all member groups and write each one in an <option> field
  70. $query = $DB->query("SELECT group_title, group_id FROM exp_member_groups WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' order by group_title");
  71. foreach ($query->result as $row)
  72. {
  73. $group_name = $row['group_title'];
  74. if (in_array($group_name, $this->english))
  75. {
  76. $group_name = $LANG->line(strtolower(str_replace(" ", "_", $group_name)));
  77. }
  78. $r .= $DSP->input_select_option($row['group_id'], $group_name, ($group_id == $row['group_id']) ? 1 : '');
  79. }
  80. $r .= $DSP->input_select_footer().
  81. $DSP->nbs(2);
  82. // "display order" pull-down menu
  83. $sel_1 = ($order == 'desc') ? 1 : '';
  84. $sel_2 = ($order == 'asc') ? 1 : '';
  85. $sel_3 = ($order == 'username') ? 1 : '';
  86. $sel_4 = ($order == 'username_desc') ? 1 : '';
  87. $sel_5 = ($order == 'screen_name') ? 1 : '';
  88. $sel_6 = ($order == 'screen_name_desc') ? 1 : '';
  89. $sel_7 = ($order == 'email') ? 1 : '';
  90. $sel_8 = ($order == 'email_desc') ? 1 : '';
  91. $r .= $DSP->input_select_header('order').
  92. $DSP->input_select_option('desc', $LANG->line('sort_order'), $sel_1).
  93. $DSP->input_select_option('asc', $LANG->line('ascending'), $sel_2).
  94. $DSP->input_select_option('desc', $LANG->line('descending'), $sel_1).
  95. $DSP->input_select_option('username_asc', $LANG->line('username_asc'), $sel_3).
  96. $DSP->input_select_option('username_desc', $LANG->line('username_desc'), $sel_4).
  97. $DSP->input_select_option('screen_name_asc', $LANG->line('screen_name_asc'), $sel_5).
  98. $DSP->input_select_option('screen_name_desc', $LANG->line('screen_name_desc'), $sel_6).
  99. $DSP->input_select_option('email_asc', $LANG->line('email_asc'), $sel_7).
  100. $DSP->input_select_option('email_desc', $LANG->line('email_desc'), $sel_8).
  101. $DSP->input_select_footer().
  102. $DSP->nbs(2);
  103. // Submit button and close filtering form
  104. $r .= $DSP->input_submit($LANG->line('submit'), 'submit');
  105. $r .= $DSP->td_c().
  106. $DSP->td('defaultRight', '', 2).
  107. $DSP->heading($LANG->line('total_members').NBS.NBS.$total_members.NBS.NBS.NBS.NBS.NBS, 5).
  108. $DSP->td_c().
  109. $DSP->tr_c().
  110. $DSP->table_c();
  111. $r .= $DSP->div_c();
  112. $r .= $DSP->form_close();
  113. // Build the SQL query as well as the query string for the paginate links
  114. $pageurl = BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=view_members';
  115. if ($group_id)
  116. {
  117. $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = ".$group_id);
  118. $total_count = $query->row['count'];
  119. }
  120. else
  121. {
  122. $total_count = $total_members;
  123. }
  124. // No result? Show the "no results" message
  125. if ($total_count == 0)
  126. {
  127. $r .= $DSP->qdiv('', BR.$LANG->line('no_members_matching_that_criteria'));
  128. return $DSP->set_return_data( $LANG->line('view_members'),
  129. $r,
  130. $LANG->line('view_members')
  131. );
  132. }
  133. // Get the current row number and add the LIMIT clause to the SQL query
  134. if ( ! $rownum = $IN->GBL('rownum', 'GP'))
  135. {
  136. $rownum = 0;
  137. }
  138. $sql = "SELECT member_id FROM exp_members ";
  139. if ($group_id)
  140. {
  141. $sql .= " WHERE group_id = $group_id";
  142. $pageurl .= AMP.'group_id='.$group_id;
  143. }
  144. $o_sql = " ORDER BY ";
  145. if ($order)
  146. {
  147. $pageurl .= AMP.'order='.$order;
  148. switch ($order)
  149. {
  150. case 'asc' : $o_sql .= "join_date asc";
  151. break;
  152. case 'desc' : $o_sql .= "join_date desc";
  153. break;
  154. case 'username_asc' : $o_sql .= "username asc";
  155. break;
  156. case 'username_desc' : $o_sql .= "username desc";
  157. break;
  158. case 'screen_name_asc' : $o_sql .= "screen_name asc";
  159. break;
  160. case 'screen_name_desc' : $o_sql .= "screen_name desc";
  161. break;
  162. case 'email_asc' : $o_sql .= "email asc";
  163. break;
  164. case 'email_desc' : $o_sql .= "email desc";
  165. break;
  166. default : $o_sql .= "join_date desc";
  167. }
  168. }
  169. else
  170. {
  171. $o_sql .= "join_date desc";
  172. }
  173. $query = $DB->query($sql.$o_sql." LIMIT ".$rownum.", ".$this->perpage);
  174. $sql = "SELECT exp_members.username,
  175. exp_members.member_id,
  176. exp_members.screen_name,
  177. exp_members.email,
  178. exp_members.join_date,
  179. exp_members.last_visit,
  180. exp_member_groups.group_title
  181. FROM exp_members, exp_member_groups
  182. WHERE exp_members.group_id = exp_member_groups.group_id
  183. AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
  184. AND exp_members.member_id IN (";
  185. foreach ($query->result as $row)
  186. {
  187. $sql .= $row['member_id'].',';
  188. }
  189. $sql = substr($sql, 0, -1).')';
  190. $query = $DB->query($sql.$o_sql);
  191. // "select all" checkbox
  192. $r .= $DSP->toggle();
  193. $DSP->body_props .= ' onload="magic_check()" ';
  194. $r .= $DSP->magic_checkboxes();
  195. // Declare the "delete" form
  196. $r .= $DSP->form_open(
  197. array(
  198. 'action' => 'C=admin'.AMP.'M=members'.AMP.'P=mbr_conf',
  199. 'name' => 'target',
  200. 'id' => 'target'
  201. )
  202. );
  203. // Build the table heading
  204. $r .= $DSP->table('tableBorder', '0', '', '100%').
  205. $DSP->tr().
  206. $DSP->table_qcell('tableHeadingAlt', $LANG->line('username')).
  207. $DSP->table_qcell('tableHeadingAlt', $LANG->line('screen_name')).
  208. $DSP->table_qcell('tableHeadingAlt', $LANG->line('email')).
  209. $DSP->table_qcell('tableHeadingAlt', $LANG->line('join_date')).
  210. $DSP->table_qcell('tableHeadingAlt', $LANG->line('last_visit')).
  211. $DSP->table_qcell('tableHeadingAlt', $LANG->line('member_group')).
  212. $DSP->table_qcell('tableHeadingAlt', $DSP->input_checkbox('toggleflag', '', '', "onclick=\"toggle(this);\"")).
  213. $DSP->tr_c();
  214. // Loop through the query result and write each table row
  215. $i = 0;
  216. foreach($query->result as $row)
  217. {
  218. $style = ($i % 2) ? 'tableCellOne' : 'tableCellTwo'; $i++;
  219. $r .= $DSP->tr();
  220. // Username
  221. $r .= $DSP->table_qcell($style,
  222. $DSP->anchor(
  223. BASE.AMP.'C=myaccount'.AMP.'id='.$row['member_id'],
  224. '<b>'.$row['username'].'</b>'
  225. )
  226. );
  227. // Screen name
  228. $screen = ($row['screen_name'] == '') ? "--" : '<b>'.$row['screen_name'].'</b>';
  229. $r .= $DSP->table_qcell($style, $screen);
  230. // Email
  231. $r .= $DSP->table_qcell($style,
  232. $DSP->mailto($row['email'], $row['email'])
  233. );
  234. // Join date
  235. $r .= $DSP->td($style).
  236. $LOC->convert_timestamp('%Y', $row['join_date']).'-'.
  237. $LOC->convert_timestamp('%m', $row['join_date']).'-'.
  238. $LOC->convert_timestamp('%d', $row['join_date']).
  239. $DSP->td_c();
  240. // Last visit date
  241. $r .= $DSP->td($style);
  242. if ($row['last_visit'] != 0)
  243. {
  244. $r .= $LOC->set_human_time($row['last_visit']);
  245. }
  246. else
  247. {
  248. $r .= "--";
  249. }
  250. $r .= $DSP->td_c();
  251. // Member group
  252. $r .= $DSP->td($style);
  253. $group_name = $row['group_title'];
  254. if (in_array($group_name, $this->english))
  255. {
  256. $group_name = $LANG->line(strtolower(str_replace(" ", "_", $group_name)));
  257. }
  258. $r .= $group_name;
  259. $r .= $DSP->td_c();
  260. // Delete checkbox
  261. $r .= $DSP->table_qcell($style, $DSP->input_checkbox('toggle[]', $row['member_id'], '', ' id="delete_box_'.$row['member_id'].'"'));
  262. $r .= $DSP->tr_c();
  263. } // End foreach
  264. $r .= $DSP->table_c();
  265. $r .= $DSP->table('', '0', '', '98%');
  266. $r .= $DSP->tr().
  267. $DSP->td();
  268. // Pass the relevant data to the paginate class so it can display the "next page" links
  269. $r .= $DSP->div('crumblinks').
  270. $DSP->pager(
  271. $pageurl,
  272. $total_count,
  273. $this->perpage,
  274. $rownum,
  275. 'rownum'
  276. ).
  277. $DSP->div_c().
  278. $DSP->td_c().
  279. $DSP->td('defaultRight');
  280. // Delete button
  281. $r .= $DSP->input_submit($LANG->line('submit'));
  282. $r .= NBS.$DSP->input_select_header('action');
  283. if ($group_id == '4' && $PREFS->ini('req_mbr_activation') == 'email' && $DSP->allowed_group('can_admin_members'))
  284. {
  285. $r .= $DSP->input_select_option('resend', $LANG->line('resend_activation_emails'));
  286. }
  287. $r .= $DSP->input_select_option('delete', $LANG->line('delete_selected')).
  288. $DSP->input_select_footer().
  289. $DSP->td_c().
  290. $DSP->tr_c();
  291. // Table end
  292. $r .= $DSP->table_c().
  293. $DSP->form_close();
  294. // Set output data
  295. $DSP->title = $LANG->line('view_members');
  296. $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
  297. $DSP->crumb_item($LANG->line('view_members'));
  298. $DSP->body = $r;
  299. }
  300. /* END */
  301. /** -----------------------------------------------------------
  302. /** Member Action Confirm
  303. /** -----------------------------------------------------------*/
  304. function member_confirm()
  305. {
  306. if (isset($_POST['action']) && $_POST['action'] == 'resend')
  307. {
  308. $this->resend_activation_emails();
  309. }
  310. else
  311. {
  312. $this->member_delete_confirm();
  313. }
  314. }
  315. /* END */
  316. /** -----------------------------------------------------------
  317. /** Resend Pending Member's Activation Emails
  318. /** -----------------------------------------------------------*/
  319. function resend_activation_emails()
  320. {
  321. global $DSP, $LANG, $DB, $PREFS, $IN, $FNS, $REGX;
  322. if ( ! $DSP->allowed_group('can_admin_members') OR $PREFS->ini('req_mbr_activation') !== 'email')
  323. {
  324. return $DSP->no_access_message();
  325. }
  326. if ($IN->GBL('mid', 'GET') !== FALSE)
  327. {
  328. $_POST['toggle'] = $IN->GBL('mid', 'GET');
  329. }
  330. if ( ! $IN->GBL('toggle', 'POST'))
  331. {
  332. return $this->view_all_members();
  333. }
  334. $damned = array();
  335. foreach ($_POST as $key => $val)
  336. {
  337. if (strstr($key, 'toggle') AND ! is_array($val))
  338. {
  339. $damned[] = $DB->escape_str($val);
  340. }
  341. }
  342. if (sizeof($damned) == 0)
  343. {
  344. return $this->view_all_members();
  345. }
  346. $query = $DB->query("SELECT screen_name, username, email, authcode FROM exp_members WHERE member_id IN ('".implode("','", $damned)."')");
  347. if ($query->num_rows == 0)
  348. {
  349. return $this->view_all_members();
  350. }
  351. $qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';
  352. $action_id = $FNS->fetch_action_id('Member', 'activate_member');
  353. $template = $FNS->fetch_email_template('mbr_activation_instructions');
  354. $swap = array(
  355. 'site_name' => stripslashes($PREFS->ini('site_name')),
  356. 'site_url' => $PREFS->ini('site_url')
  357. );
  358. if ( ! class_exists('EEmail'))
  359. {
  360. require PATH_CORE.'core.email'.EXT;
  361. }
  362. $email = new EEmail;
  363. foreach($query->result as $row)
  364. {
  365. $swap['name'] = ($row['screen_name'] != '') ? $row['screen_name'] : $row['username'];
  366. $swap['activation_url'] = $FNS->fetch_site_index(0, 0).$qs.'ACT='.$action_id.'&id='.$row['authcode'];
  367. $swap['username'] = $row['username'];
  368. $swap['email'] = $row['email'];
  369. /** ----------------------------
  370. /** Send email
  371. /** ----------------------------*/
  372. $email->initialize();
  373. $email->wordwrap = true;
  374. $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
  375. $email->to($row['email']);
  376. $email->subject($FNS->var_swap($template['title'], $swap));
  377. $email->message($REGX->entities_to_ascii($FNS->var_swap($template['data'], $swap)));
  378. $email->Send();
  379. }
  380. return $this->view_all_members($DSP->qdiv('success', $LANG->line(($IN->GBL('mid', 'GET') !== FALSE) ? 'activation_email_resent' : 'activation_emails_resent')));
  381. }
  382. /* END */
  383. /** -----------------------------------------------------------
  384. /** Delete Member (confirm)
  385. /** -----------------------------------------------------------*/
  386. // Warning message if you try to delete members
  387. //-----------------------------------------------------------
  388. function member_delete_confirm()
  389. {
  390. global $IN, $DSP, $LANG, $DB, $SESS, $PREFS;
  391. if ( ! $DSP->allowed_group('can_delete_members'))
  392. {
  393. return $DSP->no_access_message();
  394. }
  395. $from_myaccount = FALSE;
  396. $entries_exit = FALSE;
  397. if ($IN->GBL('mid', 'GET') !== FALSE)
  398. {
  399. $from_myaccount = TRUE;
  400. $_POST['toggle'] = $IN->GBL('mid', 'GET');
  401. }
  402. if ( ! $IN->GBL('toggle', 'POST'))
  403. {
  404. return $this->view_all_members();
  405. }
  406. $r = $DSP->form_open(array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=mbr_delete'));
  407. $i = 0;
  408. $damned = array();
  409. foreach ($_POST as $key => $val)
  410. {
  411. if (strstr($key, 'toggle') AND ! is_array($val))
  412. {
  413. $r .= $DSP->input_hidden('delete[]', $val);
  414. // Is the user trying to delete himself?
  415. if ($SESS->userdata('member_id') == $val)
  416. {
  417. return $DSP->error_message($LANG->line('can_not_delete_self'));
  418. }
  419. $damned[] = $DB->escape_str($val);
  420. $i++;
  421. }
  422. }
  423. $r .= $DSP->qdiv('alertHeading', $LANG->line('delete_member'));
  424. $r .= $DSP->div('box');
  425. if ($i == 1)
  426. {
  427. $r .= $DSP->qdiv('itemWrapper', '<b>'.$LANG->line('delete_member_confirm').'</b>');
  428. $query = $DB->query("SELECT screen_name FROM exp_members WHERE member_id = '".$DB->escape_str($damned['0'])."'");
  429. $r .= $DSP->qdiv('itemWrapper', $DSP->qdiv('highlight', $query->row['screen_name']));
  430. }
  431. else
  432. {
  433. $r .= '<b>'.$LANG->line('delete_members_confirm').'</b>';
  434. }
  435. $r .= $DSP->qdiv('itemWrapper', $DSP->qdiv('alert', $LANG->line('action_can_not_be_undone')));
  436. /** ----------------------------------------------------------
  437. /** Do the users being deleted have entries assigned to them?
  438. /** ----------------------------------------------------------*/
  439. $sql = "SELECT COUNT(entry_id) AS count FROM exp_weblog_titles WHERE author_id ";
  440. if ($i == 1)
  441. {
  442. $sqlb = "= '".$DB->escape_str($damned['0'])."'";
  443. }
  444. else
  445. {
  446. $sqlb = " IN ('".implode("','",$damned)."')";
  447. }
  448. $query = $DB->query($sql.$sqlb);
  449. if ($query->row['count'] > 0)
  450. {
  451. $entries_exit = TRUE;
  452. $r .= $DSP->input_hidden('entries_exit', 'yes');
  453. }
  454. if ($DB->table_exists('exp_gallery_entries') === TRUE)
  455. {
  456. $sql = "SELECT COUNT(entry_id) AS count FROM exp_gallery_entries WHERE author_id ";
  457. $query = $DB->query($sql.$sqlb);
  458. if ($query->row['count'] > 0)
  459. {
  460. $entries_exit = TRUE;
  461. $r .= $DSP->input_hidden('gallery_entries_exit', 'yes');
  462. }
  463. }
  464. /** ----------------------------------------------------------
  465. /** If so, fetch the member names for reassigment
  466. /** ----------------------------------------------------------*/
  467. if ($entries_exit == TRUE)
  468. {
  469. // Fetch the member_group of each user being deleted
  470. $sql = "SELECT group_id FROM exp_members WHERE member_id ";
  471. if ($i == 1)
  472. {
  473. $sql .= " = '".$DB->escape_str($damned['0'])."'";
  474. }
  475. else
  476. {
  477. $sql .= " IN ('".implode("','",$damned)."')";
  478. }
  479. $query = $DB->query($sql);
  480. $group_ids[] = 1;
  481. if ($query->num_rows > 0)
  482. {
  483. foreach($query->result as $row)
  484. {
  485. $group_ids[] = $row['group_id'];
  486. }
  487. }
  488. $group_ids = array_unique($group_ids);
  489. // Find Valid Member Replacements
  490. $query = $DB->query("SELECT exp_members.member_id, username, screen_name
  491. FROM exp_members
  492. LEFT JOIN exp_member_groups on exp_member_groups.group_id = exp_members.group_id
  493. WHERE exp_member_groups.group_id IN (".implode(",",$group_ids).")
  494. AND exp_members.member_id NOT IN ('".implode("','",$damned)."')
  495. AND (exp_members.in_authorlist = 'y' OR exp_member_groups.include_in_authorlist = 'y')
  496. AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
  497. ORDER BY screen_name asc, username asc");
  498. if ($query->num_rows == 0)
  499. {
  500. $query = $DB->query("SELECT member_id, username, screen_name
  501. FROM exp_members
  502. WHERE group_id = 1
  503. AND member_id NOT IN ('".implode("','",$damned)."')
  504. ORDER BY screen_name asc, username asc");
  505. }
  506. $r .= $DSP->div('itemWrapper');
  507. $r .= $DSP->div('defaultBold');
  508. $r .= ($i == 1) ? $LANG->line('heir_to_member_entries') : $LANG->line('heir_to_members_entries');
  509. $r .= $DSP->div_c();
  510. $r .= $DSP->div('itemWrapper');
  511. $r .= $DSP->input_select_header('heir');
  512. foreach($query->result as $row)
  513. {
  514. $r .= $DSP->input_select_option($row['member_id'], ($row['screen_name'] != '') ? $row['screen_name'] : $row['username']);
  515. }
  516. $r .= $DSP->input_select_footer();
  517. $r .= $DSP->div_c();
  518. $r .= $DSP->div_c();
  519. }
  520. $r .= $DSP->qdiv('itemWrapper', $DSP->input_submit($LANG->line('delete'))).
  521. $DSP->div_c().
  522. $DSP->form_close();
  523. $DSP->title = $LANG->line('delete_member');
  524. $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
  525. $DSP->crumb_item($LANG->line('delete_member'));
  526. $DSP->body = $r;
  527. }
  528. /* END */
  529. /** ----------------------------------------------
  530. /** Login as Member - SuperAdmins only!
  531. /** ----------------------------------------------*/
  532. function login_as_member()
  533. {
  534. global $IN, $DSP, $LANG, $DB, $SESS, $PREFS, $FNS, $LOG;
  535. if ($SESS->userdata['group_id'] != 1)
  536. {
  537. return $DSP->no_access_message();
  538. }
  539. if (($id = $IN->GBL('mid', 'GET')) === FALSE)
  540. {
  541. return $DSP->no_access_message();
  542. }
  543. if ($SESS->userdata['member_id'] == $id)
  544. {
  545. return $DSP->no_access_message();
  546. }
  547. /** ----------------------------------------
  548. /** Fetch member data
  549. /** ----------------------------------------*/
  550. $sql = "SELECT exp_members.screen_name, exp_member_groups.can_access_cp
  551. FROM exp_members, exp_member_groups
  552. WHERE member_id = '".$DB->escape_str($id)."'
  553. AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
  554. AND exp_members.group_id = exp_member_groups.group_id";
  555. $query = $DB->query($sql);
  556. if ($query->num_rows == 0)
  557. {
  558. return $DSP->no_access_message();
  559. }
  560. $DSP->title = $LANG->line('login_as_member');
  561. $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
  562. $DSP->crumb_item($LANG->line('login_as_member'));
  563. /** ----------------------------------------
  564. /** Create Our Little Redirect Form
  565. /** ----------------------------------------*/
  566. $r = $DSP->form_open(
  567. array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=do_login_as_member'),
  568. array('mid' => $id)
  569. );
  570. $r .= $DSP->qdiv('default', '', 'menu_contents');
  571. $r .= $DSP->table('tableBorder', '0', '', '100%');
  572. $r .= $DSP->tr().
  573. $DSP->td('tableHeadingAlt', '', '2').$LANG->line('login_as_member').
  574. $DSP->td_c().
  575. $DSP->tr_c();
  576. $r .= $DSP->tr().
  577. $DSP->td('tableCellOne').
  578. $DSP->qdiv('alert', $LANG->line('action_can_not_be_undone')).
  579. $DSP->qdiv('itemWrapper', str_replace('%screen_name%', $query->row['screen_name'], $LANG->line('login_as_member_description'))).
  580. $DSP->td_c().
  581. $DSP->tr_c();
  582. $r .= $DSP->tr().
  583. $DSP->td('tableCellTwo');
  584. $r .= $DSP->qdiv('',
  585. $DSP->input_radio('return_destination', 'site', 1).$DSP->nbs(3).
  586. $LANG->line('site_homepage')
  587. );
  588. if ($query->row['can_access_cp'] == 'y')
  589. {
  590. $r .= $DSP->qdiv('',
  591. $DSP->input_radio('return_destination', 'cp').$DSP->nbs(3).
  592. $LANG->line('control_panel')
  593. );
  594. }
  595. $r .= $DSP->qdiv('',
  596. $DSP->input_radio('return_destination', 'other', '').$DSP->nbs(3).
  597. $LANG->line('other').NBS.':'.NBS.$DSP->input_text('other_url', $FNS->fetch_site_index(), '30', '80', 'input', '500px')
  598. );
  599. $r .= $DSP->td_c().
  600. $DSP->tr_c().
  601. $DSP->tr().
  602. $DSP->td('tableCellOne').
  603. $DSP->qdiv('itemWrapper', $DSP->input_submit($LANG->line('submit'), 'submit')).
  604. $DSP->td_c().
  605. $DSP->tr_c().
  606. $DSP->table_c().
  607. $DSP->div_c();
  608. $DSP->body = $r;
  609. }
  610. /* END */
  611. /** ----------------------------------------------
  612. /** Login as Member - SuperAdmins only!
  613. /** ----------------------------------------------*/
  614. function do_login_as_member()
  615. {
  616. global $IN, $DSP, $LANG, $DB, $SESS, $PREFS, $FNS, $LOG, $REGX;
  617. if ($SESS->userdata['group_id'] != 1)
  618. {
  619. return $DSP->no_access_message();
  620. }
  621. if (($id = $IN->GBL('mid')) === FALSE)
  622. {
  623. return $DSP->no_access_message();
  624. }
  625. if ($SESS->userdata['member_id'] == $id)
  626. {
  627. return $DSP->no_access_message();
  628. }
  629. /** ----------------------------------------
  630. /** Fetch member data
  631. /** ----------------------------------------*/
  632. $sql = "SELECT exp_members.username, exp_members.password, exp_members.unique_id, exp_members.member_id, exp_members.group_id, exp_member_groups.can_access_cp
  633. FROM exp_members, exp_member_groups
  634. WHERE member_id = '".$DB->escape_str($id)."'
  635. AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
  636. AND exp_members.group_id = exp_member_groups.group_id";
  637. $query = $DB->query($sql);
  638. if ($query->num_rows == 0)
  639. {
  640. return $DSP->no_access_message();
  641. }
  642. $LANG->fetch_language_file('login');
  643. /** --------------------------------------------------
  644. /** Do we allow multiple logins on the same account?
  645. /** --------------------------------------------------*/
  646. if ($PREFS->ini('allow_multi_logins') == 'n')
  647. {
  648. // Kill old sessions first
  649. $SESS->gc_probability = 100;
  650. $SESS->delete_old_sessions();
  651. $expire = time() - $SESS->session_length;
  652. // See if there is a current session
  653. $result = $DB->query("SELECT ip_address, user_agent
  654. FROM exp_sessions
  655. WHERE member_id = '".$query->row['member_id']."'
  656. AND last_activity > $expire");
  657. // If a session exists, trigger the error message
  658. if ($result->num_rows == 1)
  659. {
  660. if ($SESS->userdata['ip_address'] != $result->row['ip_address'] ||
  661. $SESS->userdata['user_agent'] != $result->row['user_agent'] )
  662. {
  663. return $DSP->error_message($LANG->line('multi_login_warning'));
  664. }
  665. }
  666. }
  667. /** ----------------------------------------
  668. /** Log the SuperAdmin login
  669. /** ----------------------------------------*/
  670. $LOG->log_action($LANG->line('login_as_user').':'.NBS.$query->row['username']);
  671. /** ----------------------------------------
  672. /** Set cookies
  673. /** ----------------------------------------*/
  674. // Set cookie expiration to one year if the "remember me" button is clicked
  675. $expire = 0;
  676. $type = (isset($_POST['return_destination']) && $_POST['return_destination'] == 'cp') ? $PREFS->ini('admin_session_type') : $PREFS->ini('user_session_type');
  677. if ($type != 's')
  678. {
  679. $FNS->set_cookie($SESS->c_expire , time()+$expire, $expire);
  680. $FNS->set_cookie($SESS->c_uniqueid , $query->row['unique_id'], $expire);
  681. $FNS->set_cookie($SESS->c_password , $query->row['password'], $expire);
  682. $FNS->set_cookie($SESS->c_anon , 1, $expire);
  683. }
  684. /** ----------------------------------------
  685. /** Create a new session
  686. /** ----------------------------------------*/
  687. $session_id = $SESS->create_new_session($query->row['member_id'], TRUE);
  688. /** ----------------------------------------
  689. /** Delete old password lockouts
  690. /** ----------------------------------------*/
  691. $SESS->delete_password_lockout();
  692. /** ----------------------------------------
  693. /** Redirect the user to the return page
  694. /** ----------------------------------------*/
  695. $return_path = $FNS->fetch_site_index();
  696. if (isset($_POST['return_destination']))
  697. {
  698. if ($_POST['return_destination'] == 'cp')
  699. {
  700. $s = ($PREFS->ini('admin_session_type') != 'c') ? $SESS->userdata['session_id'] : 0;
  701. $return_path = $PREFS->ini('cp_url', FALSE).'?S='.$s;
  702. }
  703. elseif ($_POST['return_destination'] == 'other' && isset($_POST['other_url']) && stristr($_POST['other_url'], 'http'))
  704. {
  705. $return_path = $REGX->xss_clean(strip_tags($_POST['other_url']));
  706. }
  707. }
  708. $FNS->redirect($return_path);
  709. exit;
  710. }
  711. /* END */
  712. /** ---------------------------------------------
  713. /** Delete Members
  714. /** ---------------------------------------------*/
  715. function member_delete()
  716. {
  717. global $IN, $DSP, $PREFS, $LANG, $SESS, $FNS, $DB, $STAT, $EXT;
  718. if ( ! $DSP->allowed_group('can_delete_members'))
  719. {
  720. return $DSP->no_access_message();
  721. }
  722. if ( ! $IN->GBL('delete', 'POST'))
  723. {
  724. return $this->view_all_members();
  725. }
  726. /** ---------------------------------------------
  727. /** Fetch member ID numbers and build the query
  728. /** ---------------------------------------------*/
  729. $ids = array();
  730. $mids = array();
  731. foreach ($_POST as $key => $val)
  732. {
  733. if (strstr($key, 'delete') AND ! is_array($val) AND $val != '')
  734. {
  735. $ids[] = "member_id = '".$DB->escape_str($val)."'";
  736. $mids[] = $DB->escape_str($val);
  737. }
  738. }
  739. $IDS = implode(" OR ", $ids);
  740. // SAFETY CHECK
  741. // Let's fetch the Member Group ID of each member being deleted
  742. // If there is a Super Admin in the bunch we'll run a few more safeties
  743. $super_admins = 0;
  744. $query = $DB->query("SELECT group_id FROM exp_members WHERE ".$IDS);
  745. foreach ($query->result as $row)
  746. {
  747. if ($query->row['group_id'] == 1)
  748. {
  749. $super_admins++;
  750. }
  751. }
  752. if ($super_admins > 0)
  753. {
  754. // You must be a Super Admin to delete a Super Admin
  755. if ($SESS->userdata['group_id'] != 1)
  756. {
  757. return $DSP->error_message($LANG->line('must_be_superadmin_to_delete_one'));
  758. }
  759. // You can't detete the only Super Admin
  760. $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '1'");
  761. if ($super_admins >= $query->row['count'])
  762. {
  763. return $DSP->error_message($LANG->line('can_not_delete_super_admin'));
  764. }
  765. }
  766. // If we got this far we're clear to delete the members
  767. $DB->query("DELETE FROM exp_members WHERE ".$IDS);
  768. $DB->query("DELETE FROM exp_member_data WHERE ".$IDS);
  769. $DB->query("DELETE FROM exp_member_homepage WHERE ".$IDS);
  770. foreach($mids as $val)
  771. {
  772. $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '$val' AND message_read = 'n'");
  773. $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '$val'");
  774. $DB->query("DELETE FROM exp_message_data WHERE sender_id = '$val'");
  775. $DB->query("DELETE FROM exp_message_folders WHERE member_id = '$val'");
  776. $DB->query("DELETE FROM exp_message_listed WHERE member_id = '$val'");
  777. if ($message_query->num_rows > 0)
  778. {
  779. foreach($message_query->result as $row)
  780. {
  781. $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'");
  782. $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'"));
  783. }
  784. }
  785. }
  786. /** ----------------------------------
  787. /** Are there forum posts to delete?
  788. /** ----------------------------------*/
  789. if ($PREFS->ini('forum_is_installed') == "y")
  790. {
  791. $DB->query("DELETE FROM exp_forum_subscriptions WHERE ".$IDS);
  792. $DB->query("DELETE FROM exp_forum_pollvotes WHERE ".$IDS);
  793. $IDS = str_replace('member_id', 'admin_member_id', $IDS);
  794. $DB->query("DELETE FROM exp_forum_administrators WHERE ".$IDS);
  795. $IDS = str_replace('admin_member_id', 'mod_member_id', $IDS);
  796. $DB->query("DELETE FROM exp_forum_moderators WHERE ".$IDS);
  797. $IDS = str_replace('mod_member_id', 'author_id', $IDS);
  798. $DB->query("DELETE FROM exp_forum_topics WHERE ".$IDS);
  799. // Snag the affected topic id's before deleting the members for the update afterwards
  800. $query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE ".$IDS);
  801. if ($query->num_rows > 0)
  802. {
  803. $topic_ids = array();
  804. foreach ($query->result as $row)
  805. {
  806. $topic_ids[] = $row['topic_id'];
  807. }
  808. $topic_ids = array_unique($topic_ids);
  809. }
  810. $DB->query("DELETE FROM exp_forum_posts WHERE ".$IDS);
  811. $DB->query("DELETE FROM exp_forum_polls WHERE ".$IDS);
  812. // Kill any attachments
  813. $query = $DB->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE ".str_replace('author_id', 'member_id', $IDS));
  814. if ($query->num_rows > 0)
  815. {
  816. // Grab the upload path
  817. $res = $DB->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
  818. $paths = array();
  819. foreach ($res->result as $row)
  820. {
  821. $paths[$row['board_id']] = $row['board_upload_path'];
  822. }
  823. foreach ($query->result as $row)
  824. {
  825. if ( ! isset($paths[$row['board_id']]))
  826. {
  827. continue;
  828. }
  829. $file = $paths[$row['board_id']].$row['filehash'].$row['extension'];
  830. $thumb = $paths[$row['board_id']].$row['filehash'].'_t'.$row['extension'];
  831. @unlink($file);
  832. @unlink($thumb);
  833. $DB->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'");
  834. }
  835. }
  836. // Update the forum stats
  837. $query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
  838. if ( ! class_exists('Forum'))
  839. {
  840. require PATH_MOD.'forum/mod.forum'.EXT;
  841. require PATH_MOD.'forum/mod.forum_core'.EXT;
  842. }
  843. $FRM = new Forum_Core;
  844. foreach ($query->result as $row)
  845. {
  846. $FRM->_update_post_stats($row['forum_id']);
  847. }
  848. if (isset($topic_ids))
  849. {
  850. foreach ($topic_ids as $topic_id)
  851. {
  852. $FRM->_update_topic_stats($topic_id);
  853. }
  854. }
  855. }
  856. /** -------------------------------------
  857. /** Delete comments and update entry stats
  858. /** -------------------------------------*/
  859. $weblog_ids = array();
  860. $IDS = str_replace('member_id', 'author_id', $IDS);
  861. $query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE ".$IDS);
  862. if ($query->num_rows > 0)
  863. {
  864. $DB->query("DELETE FROM exp_comments WHERE ".$IDS);
  865. foreach ($query->result as $row)
  866. {
  867. $weblog_ids[] = $row['weblog_id'];
  868. $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($row['entry_id'])."'");
  869. $comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
  870. $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'");
  871. $DB->query("UPDATE exp_weblog_titles
  872. SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date'
  873. WHERE entry_id = '{$row['entry_id']}'");
  874. }
  875. }
  876. if (count($weblog_ids) > 0)
  877. {
  878. foreach (array_unique($weblog_ids) as $weblog_id)
  879. {
  880. $STAT->update_comment_stats($weblog_id);
  881. }
  882. }
  883. /** ----------------------------------
  884. /** Reassign Entires to Heir
  885. /** ----------------------------------*/
  886. $heir_id = $IN->GBL('heir', 'POST');
  887. $entries_exit = $IN->GBL('entries_exit', 'POST');
  888. $gallery_entries_exit = $IN->GBL('gallery_entries_exit', 'POST');
  889. if ($heir_id !== FALSE && is_numeric($heir_id))
  890. {
  891. if ($entries_exit == 'yes')
  892. {
  893. $DB->query("UPDATE exp_weblog_titles SET author_id = '{$heir_id}' WHERE
  894. ".str_replace('member_id', 'author_id', $IDS));
  895. $query = $DB->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date
  896. FROM exp_weblog_titles
  897. WHERE author_id = '{$heir_id}'");
  898. $DB->query("UPDATE exp_members
  899. SET total_entries = '".$DB->escape_str($query->row['count'])."', last_entry_date = '".$DB->escape_str($query->row['entry_date'])."'
  900. WHERE member_id = '{$heir_id}'");
  901. }
  902. if ($gallery_entries_exit == 'yes')
  903. {
  904. $DB->query("UPDATE exp_gallery_entries SET author_id = '{$heir_id}' WHERE ".str_replace('member_id', 'author_id', $IDS));
  905. }
  906. }
  907. // -------------------------------------------
  908. // 'cp_members_member_delete_end' hook.
  909. // - Additional processing when a member is deleted through the CP
  910. //
  911. $edata = $EXT->call_extension('cp_members_member_delete_end');
  912. if ($EXT->end_script === TRUE) return;
  913. //
  914. // -------------------------------------------
  915. // Update global stats
  916. $STAT->update_member_stats();
  917. $message = (count($ids) == 1) ? $DSP->qdiv('success', $LANG->line('member_deleted')) :
  918. $DSP->qdiv('success', $LANG->line('members_deleted'));
  919. return $this->view_all_members($message);
  920. }
  921. /* END */
  922. /** -----------------------------
  923. /** Member group overview
  924. /** -----------------------------*/
  925. function member_group_manager($message = '')
  926. {
  927. global $LANG, $DSP, $DB, $IN, $PREFS;
  928. $row_limit = 20;
  929. $paginate = '';
  930. if ( ! $DSP->allowed_group('can_admin_mbr_groups'))
  931. {
  932. return $DSP->no_access_message();
  933. }
  934. $sql = "SELECT group_id, group_title, can_access_cp, is_locked
  935. FROM exp_member_groups
  936. WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
  937. ORDER BY exp_member_groups.group_title";
  938. $g_query = $DB->query("SELECT group_id, group_title FROM exp_member_groups WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'");
  939. if ($g_query->num_rows > $row_limit)
  940. {
  941. $row_count = ( ! $IN->GBL('row')) ? 0 : $IN->GBL('row');
  942. $paginate = $DSP->pager( BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=mbr_group_manager',
  943. $g_query->num_rows,
  944. $row_limit,
  945. $row_count,
  946. 'row'
  947. );
  948. $sql .= " LIMIT ".$row_count.", ".$row_limit;
  949. }
  950. $query = $DB->query($sql);
  951. $DSP->body .= $DSP->qdiv('tableHeading', $LANG->line('member_groups'));
  952. if ($message != '')
  953. $DSP->body .= $DSP->qdiv('box', $message);
  954. $DSP->body .= $DSP->table('tableBorder', '0', '', '100%').
  955. $DSP->tr().
  956. $DSP->table_qcell('tableHeadingAlt',
  957. array(
  958. $LANG->line('group_title'),
  959. $LANG->line('edit_group'),
  960. $LANG->line('security_lock'),
  961. $LANG->line('group_id'),
  962. $LANG->line('mbrs'),
  963. $LANG->line('delete')
  964. )
  965. ).
  966. $DSP->tr_c();
  967. $i = 0;
  968. foreach($query->result as $row)
  969. {
  970. $group_name = $row['group_title'];
  971. if (in_array($group_name, $this->english))
  972. {
  973. $group_name = $LANG->line(strtolower(str_replace(" ", "_", $group_name)));
  974. }
  975. $style = ($i % 2) ? 'tableCellOne' : 'tableCellTwo'; $i++;
  976. $DSP->body .= $DSP->tr();
  977. $title = ($row['can_access_cp'] == 'y') ? $DSP->qspan('highlight', $DSP->required().NBS.$group_name) : $group_name;
  978. $DSP->body .= $DSP->table_qcell($style, $DSP->qspan('defaultBold', $title), '25%');
  979. $DSP->body .= $DSP->table_qcell($style, $DSP->anchor(BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=edit_mbr_group'.AMP.'group_id='.$row['group_id'], $LANG->line('edit_group')), '18%');
  980. $status = ($row['is_locked'] == 'y') ? $DSP->qdiv('highlight', $LANG->line('locked')) : $DSP->qdiv('highlight_alt', $LANG->line('unlocked'));
  981. $DSP->body .= $DSP->table_qcell($style, $status, '17%');
  982. $DSP->body .= $DSP->table_qcell($style, $row['group_id'], '15%');
  983. $group_id = $row['group_id'];
  984. $cquery = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '{$group_id}'");
  985. $DSP->body .= $DSP->table_qcell($style, $DSP->qspan('lightLinks', '('.$cquery->row['count'].')').NBS.
  986. $DSP->anchor(BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=view_members'.AMP.'group_id='.$row['group_id'],
  987. $LANG->line('view')), '15%');
  988. $delete = ( ! in_array($row['group_id'], $this->no_delete)) ? $DSP->anchor(BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=mbr_group_del_conf'.AMP.'group_id='.$row['group_id'], $LANG->line('delete')) : '--';
  989. $DSP->body .= $DSP->table_qcell($style, $delete, '10%');
  990. $DSP->body .= $DSP->tr_c();
  991. }
  992. $DSP->body .= $DSP->table_c();
  993. if ($paginate != '')
  994. {
  995. $DSP->body .= $DSP->qdiv('itemWrapper', $DSP->qdiv('defaultBold', $paginate));
  996. }
  997. $DSP->body .= $DSP->qdiv('bigPad', $DSP->qspan('alert', '*').NBS.$LANG->line('member_has_cp_access'));
  998. $DSP->body .= $DSP->form_open(array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=edit_mbr_group'));
  999. $DSP->body .= $DSP->div('box');
  1000. $DSP->body .= NBS.NBS.$LANG->line('create_group_based_on_old').$DSP->nbs(3);
  1001. $DSP->body .= $DSP->input_select_header('clone_id');
  1002. foreach($g_query->result as $row)
  1003. {
  1004. $DSP->body .= $DSP->input_select_option($row['group_id'], $row['group_title']);
  1005. }
  1006. $DSP->body .= $DSP->input_select_footer();
  1007. $DSP->body .= $DSP->nbs(2).$DSP->input_submit();
  1008. $DSP->body .= $DSP->div_c();
  1009. $DSP->body .= $DSP->form_close();
  1010. $DSP->title = $LANG->line('member_groups');
  1011. $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
  1012. $DSP->crumb_item($LANG->line('member_groups'));
  1013. $DSP->right_crumb($LANG->line('create_new_member_group'), BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=edit_mbr_group');
  1014. }
  1015. /* END */
  1016. /** ----------------------------------
  1017. /** Edit/Create a member group form
  1018. /** ----------------------------------*/
  1019. function edit_member_group_form($msg='')
  1020. {
  1021. global $IN, $DSP, $DB, $SESS, $LANG, $PREFS;
  1022. /** ----------------------------------------------------
  1023. /** Only super admins can administrate member groups
  1024. /** ----------------------------------------------------*/
  1025. if ($SESS->userdata['group_id'] != 1)
  1026. {
  1027. return $DSP->no_access_message($LANG->line('only_superadmins_can_admin_groups'));
  1028. }
  1029. $group_id = $IN->GBL('group_id');
  1030. $clone_id = $IN->GBL('clone_id');
  1031. $id = ( ! $group_id) ? '3' : $group_id;
  1032. // Assign the page title
  1033. $title = ($group_id != '') ? $LANG->line('edit_member_group') : $LANG->line('create_member_group');
  1034. /** ----------------------------------
  1035. /** Fetch the Sites
  1036. /** ----------------------------------*/
  1037. if ($PREFS->ini('multiple_sites_enabled') == 'y')
  1038. {
  1039. $sites_query = $DB->query("SELECT * FROM exp_sites ORDER BY site_label");
  1040. }
  1041. else
  1042. {
  1043. $sites_query = $DB->query("SELECT * FROM exp_sites WHERE site_id = '1'");
  1044. }
  1045. /** ----------------------------------
  1046. /** Fetch the member group data
  1047. /** ----------------------------------*/
  1048. if ($clone_id != '') $id = $clone_id;
  1049. $query = $DB->query("SELECT * FROM exp_member_groups WHERE group_id = '".$DB->escape_str($id)."'");
  1050. $result = ($query->num_rows == 0) ? FALSE : TRUE;
  1051. $group_data = array();
  1052. foreach($query->result as $row)
  1053. {
  1054. $group_data[$row['site_id']] = $row;
  1055. }
  1056. $default_id = $query->row['site_id'];
  1057. /** ----------------------------------
  1058. /** Translate the group title
  1059. /** ----------------------------------*/
  1060. // We only translate this if it has not been edited
  1061. $group_title = ($group_id == '') ? '' : $group_data[$default_id]['group_title'];
  1062. $group_description = ($group_id == '') ? '' : $group_data[$default_id]['group_description'];

Large files files are truncated, but you can click here to view the full file