admin_groups.php - This PHP code is part of an administrati…

/upload/admin/admin_groups.php

http://torrentpier2.googlecode.com/ · PHP · 186 lines · 150 code · 27 blank · 9 comment · 28 complexity · b64af79356f6da36f35b8796758992c2 MD5 · raw file


<?php

// ACP Header - START
if (!empty($setmodules))
{
	$module['Groups']['Manage'] = basename(__FILE__);
	return;
}
require('./pagestart.php');
// ACP Header - END

require(INC_DIR .'functions_group.php');

$group_id = isset($_REQUEST[POST_GROUPS_URL]) ? intval($_REQUEST[POST_GROUPS_URL]) : 0;
$mode     = isset($_REQUEST['mode']) ? strval($_REQUEST['mode']) : '';

attachment_quota_settings('group', isset($_POST['group_update']), $mode);

if (!empty($_POST['edit']) || !empty($_POST['new']))
{
	if (!empty($_POST['edit']))
	{
		if (!$row = get_group_data($group_id))
		{
			bb_die($lang['GROUP_NOT_EXIST']);
		}
		$group_info = array(
			'group_name'        => $row['group_name'],
			'group_description' => $row['group_description'],
			'group_moderator'   => $row['group_moderator'],
			'group_mod_name'    => $row['moderator_name'],
			'group_type'        => $row['group_type'],
		);
		$mode = 'editgroup';
		$template->assign_block_vars('group_edit', array());
	}
	else if (!empty($_POST['new']))
	{
		$group_info = array(
			'group_name'        => '',
			'group_description' => '',
			'group_moderator'   => '',
			'group_mod_name'    => '',
			'group_type'        => GROUP_OPEN,
		);
		$mode = 'newgroup';
	}

	// Ok, now we know everything about them, let's show the page.
	$s_hidden_fields = '
		<input type="hidden" name="mode" value="'. $mode .'" />
		<input type="hidden" name="'. POST_GROUPS_URL .'" value="'. $group_id .'" />
	';

	$template->assign_vars(array(
		'TPL_EDIT_GROUP'         => true,

		'GROUP_NAME'             => stripslashes(htmlspecialchars($group_info['group_name'])),
		'GROUP_DESCRIPTION'      => stripslashes(htmlspecialchars($group_info['group_description'])),
		'GROUP_MODERATOR'        => replace_quote($group_info['group_mod_name']),
		'T_GROUP_EDIT_DELETE'    => ($mode == 'newgroup') ? $lang['CREATE_NEW_GROUP'] : $lang['EDIT_GROUP'],
		'U_SEARCH_USER'          => BB_ROOT ."search.php?mode=searchuser",
		'S_GROUP_OPEN_TYPE'      => GROUP_OPEN,
		'S_GROUP_CLOSED_TYPE'    => GROUP_CLOSED,
		'S_GROUP_HIDDEN_TYPE'    => GROUP_HIDDEN,
		'S_GROUP_OPEN_CHECKED'   => ($group_info['group_type'] == GROUP_OPEN) ? HTML_CHECKED : '',
		'S_GROUP_CLOSED_CHECKED' => ($group_info['group_type'] == GROUP_CLOSED) ? HTML_CHECKED : '',
		'S_GROUP_HIDDEN_CHECKED' => ($group_info['group_type'] == GROUP_HIDDEN ) ? HTML_CHECKED : '',
		'S_GROUP_ACTION'         => "admin_groups.php",
		'S_HIDDEN_FIELDS'        => $s_hidden_fields,
	));
}
else if (!empty($_POST['group_update']))
{
	if (!empty($_POST['group_delete']))
	{
		if (!$group_info = get_group_data($group_id))
		{
			bb_die($lang['GROUP_NOT_EXIST']);
		}
		// Delete Group
		delete_group($group_id);

		$message = $lang['DELETED_GROUP'] .'<br /><br />';
		$message .= sprintf($lang['CLICK_RETURN_GROUPSADMIN'], '<a href="admin_groups.php">', '</a>') .'<br /><br />';
		$message .= sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>');

		bb_die($message);
	}
	else
	{
		$group_type = isset($_POST['group_type']) ? intval($_POST['group_type']) : GROUP_OPEN;
		$group_name = isset($_POST['group_name']) ? trim($_POST['group_name']) : '';
		$group_desc = isset($_POST['group_description']) ? trim($_POST['group_description']) : '';

		$group_moderator = isset($_POST['username']) ? $_POST['username'] : '';

		if ($group_name === '')
		{
			bb_die($lang['NO_GROUP_NAME']);
		}
		else if ($group_moderator === '')
		{
			bb_die($lang['NO_GROUP_MODERATOR']);
		}
		$this_userdata = get_userdata($group_moderator, true);

		if (!$group_moderator = $this_userdata['user_id'])
		{
			bb_die($lang['NO_GROUP_MODERATOR']);
		}

		$sql_ary = array(
			'group_type'        => (int) $group_type,
			'group_name'        => (string) $group_name,
			'group_description' => (string) $group_desc,
			'group_moderator'   => (int) $group_moderator,
			'group_single_user' => 0,
		);

		if ($mode == "editgroup")
		{
			if (!$group_info = get_group_data($group_id))
			{
				bb_die($lang['GROUP_NOT_EXIST']);
			}

			if ($group_info['group_moderator'] != $group_moderator)
			{
				// Create user_group for new group's moderator
				add_user_into_group($group_id, $group_moderator);
                $sql_ary['group_time']  = TIMENOW;

				// Delete old moderator's user_group
				if (isset($_POST['delete_old_moderator']))
				{
					delete_user_group($group_id, $group_info['group_moderator']);
				}
			}

			$sql_args = DB()->build_array('UPDATE', $sql_ary);

			// Update group's data
			DB()->query("UPDATE ". BB_GROUPS ." SET $sql_args WHERE group_id = $group_id");

			$message = $lang['UPDATED_GROUP'] .'<br /><br />';
			$message .= sprintf($lang['CLICK_RETURN_GROUPSADMIN'], '<a href="admin_groups.php">', '</a>') .'<br /><br />';
			$message .= sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>');

			bb_die($message);
		}
		else if ($mode == 'newgroup')
		{
			$sql_ary['group_time']  = TIMENOW;
			$sql_args = DB()->build_array('INSERT', $sql_ary);

			// Create new group
			DB()->query("INSERT INTO ". BB_GROUPS ." $sql_args");
			$new_group_id = DB()->sql_nextid();

			// Create user_group for group's moderator
			add_user_into_group($new_group_id, $group_moderator);

			$message = $lang['ADDED_NEW_GROUP'] .'<br /><br />';
			$message .= sprintf($lang['CLICK_RETURN_GROUPSADMIN'], '<a href="admin_groups.php">', '</a>') .'<br /><br />';
			$message .= sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>');

			bb_die($message);
		}
		else
		{
			bb_die($lang['NO_GROUP_ACTION']);
		}
	}
}
else
{
	$template->assign_vars(array(
		'TPL_GROUP_SELECT' => true,

		'S_GROUP_ACTION'   => "admin_groups.php",
		'S_GROUP_SELECT'   => stripslashes(get_select('groups')),
	));
}

print_page('admin_groups.tpl', 'admin');

Summary ✨

This PHP code is part of an administration interface for managing groups within a bulletin board system (BBS). It handles group creation, editing, and deletion, as well as updating group settings such as moderator information and type. The code uses database queries to interact with the BBS’s data storage.

Alerts (28)

'require(' Dynamic require detected; use static paths (e.g., require '/path/file.php') for security
12
'$_REQUEST[' Unbounded request input detected; limit size (e.g., check Content-Length or use max input vars) to prevent memory exhaustion
14 15
'$_POST[' Unbounded request input detected; limit size (e.g., check Content-Length or use max input vars) to prevent memory exhaustion
17 19 21 37 73 75 92 93 94 96 135
'die(' Abrupt termination detected; use try-catch or custom error handlers for better control
25 79 88 100 104 110 125 150 168 172
Complexity hotspot; lines 66 to 68 (total complexity: 3)
66 67 68
Complexity hotspot; line 152 (total complexity: 3)
152