admin-userfields.php

<?php
/*
	Question2Answer by Gideon Greenspan and contributors
	http://www.question2answer.org/

	File: qa-include/qa-page-admin-userfields.php
	Description: Controller for admin page for editing custom user fields


	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	More about this license: http://www.question2answer.org/license.php
*/

	if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
		header('Location: ../');
		exit;
	}

	require_once QA_INCLUDE_DIR.'app/admin.php';
	require_once QA_INCLUDE_DIR.'db/selects.php';


//	Get current list of user fields and determine the state of this admin page

	$fieldid=qa_post_text('edit');
	if (!isset($fieldid))
		$fieldid=qa_get('edit');

	$userfields=qa_db_select_with_pending(qa_db_userfields_selectspec());

	$editfield=null;
	foreach ($userfields as $userfield)
		if ($userfield['fieldid']==$fieldid)
			$editfield=$userfield;


//	Check admin privileges (do late to allow one DB query)

	if (!qa_admin_check_privileges($qa_content))
		return $qa_content;


//	Process saving an old or new user field

	$securityexpired=false;

	if (qa_clicked('docancel'))
		qa_redirect('admin/users');

	elseif (qa_clicked('dosavefield')) {
		require_once QA_INCLUDE_DIR.'db/admin.php';
		require_once QA_INCLUDE_DIR.'util/string.php';

		if (!qa_check_form_security_code('admin/userfields', qa_post_text('code')))
			$securityexpired=true;

		else {
			if (qa_post_text('dodelete')) {
				qa_db_userfield_delete($editfield['fieldid']);
				qa_redirect('admin/users');

			} else {
				$inname=qa_post_text('name');
				$intype=qa_post_text('type');
				$inonregister=(int)qa_post_text('onregister');
				$inflags=$intype | ($inonregister ? QA_FIELD_FLAGS_ON_REGISTER : 0);
				$inposition=qa_post_text('position');
				$inpermit=(int)qa_post_text('permit');

				$errors=array();

			//	Verify the name is legitimate

				if (qa_strlen($inname)>QA_DB_MAX_PROFILE_TITLE_LENGTH)
					$errors['name']=qa_lang_sub('main/max_length_x', QA_DB_MAX_PROFILE_TITLE_LENGTH);

			//	Perform appropriate database action

				if (isset($editfield['fieldid'])) { // changing existing user field
					qa_db_userfield_set_fields($editfield['fieldid'], isset($errors['name']) ? $editfield['content'] : $inname, $inflags, $inpermit);
					qa_db_userfield_move($editfield['fieldid'], $inposition);

					if (empty($errors))
						qa_redirect('admin/users');

					else {
						$userfields=qa_db_select_with_pending(qa_db_userfields_selectspec()); // reload after changes
						foreach ($userfields as $userfield)
							if ($userfield['fieldid']==$editfield['fieldid'])
								$editfield=$userfield;
					}

				} elseif (empty($errors)) { // creating a new user field

					for ($attempt=0; $attempt<1000; $attempt++) {
						$suffix=$attempt ? ('-'.(1+$attempt)) : '';
						$newtag=qa_substr(implode('-', qa_string_to_words($inname)), 0, QA_DB_MAX_PROFILE_TITLE_LENGTH-strlen($suffix)).$suffix;
						$uniquetag=true;

						foreach ($userfields as $userfield)
							if (qa_strtolower(trim($newtag)) == qa_strtolower(trim($userfield['title'])))
								$uniquetag=false;

						if ($uniquetag) {
							$fieldid=qa_db_userfield_create($newtag, $inname, $inflags, $inpermit);
							qa_db_userfield_move($fieldid, $inposition);
							qa_redirect('admin/users');
						}
					}

					qa_fatal_error('Could not create a unique database tag');
				}
			}
		}
	}


//	Prepare content for theme

	$qa_content=qa_content_prepare();

	$qa_content['title']=qa_lang_html('admin/admin_title').' - '.qa_lang_html('admin/users_title');
	$qa_content['error']=$securityexpired ? qa_lang_html('admin/form_security_expired') : qa_admin_page_error();

	$positionoptions=array();
	$previous=null;
	$passedself=false;

	foreach ($userfields as $userfield) {
		if (isset($previous))
			$positionhtml=qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($passedself ? $userfield : $previous)));
		else
			$positionhtml=qa_lang_html('admin/first');

		$positionoptions[$userfield['position']]=$positionhtml;

		if ($userfield['fieldid']==@$editfield['fieldid'])
			$passedself=true;

		$previous=$userfield;
	}

	if (isset($editfield['position']))
		$positionvalue=$positionoptions[$editfield['position']];
	else {
		$positionvalue=isset($previous) ? qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($previous))) : qa_lang_html('admin/first');
		$positionoptions[1+@max(array_keys($positionoptions))]=$positionvalue;
	}

	$typeoptions=array(
		0 => qa_lang_html('admin/field_single_line'),
		QA_FIELD_FLAGS_MULTI_LINE => qa_lang_html('admin/field_multi_line'),
		QA_FIELD_FLAGS_LINK_URL => qa_lang_html('admin/field_link_url'),
	);

	$permitoptions=qa_admin_permit_options(QA_PERMIT_ALL, QA_PERMIT_ADMINS, false, false);
	$permitvalue=@$permitoptions[isset($inpermit) ? $inpermit : $editfield['permit']];

	$qa_content['form']=array(
		'tags' => 'method="post" action="'.qa_path_html(qa_request()).'"',

		'style' => 'tall',

		'fields' => array(
			'name' => array(
				'tags' => 'name="name" id="name"',
				'label' => qa_lang_html('admin/field_name'),
				'value' => qa_html(isset($inname) ? $inname : qa_user_userfield_label($editfield)),
				'error' => qa_html(@$errors['name']),
			),

			'delete' => array(
				'tags' => 'name="dodelete" id="dodelete"',
				'label' => qa_lang_html('admin/delete_field'),
				'value' => 0,
				'type' => 'checkbox',
			),

			'type' => array(
				'id' => 'type_display',
				'tags' => 'name="type"',
				'label' => qa_lang_html('admin/field_type'),
				'type' => 'select',
				'options' => $typeoptions,
				'value' => @$typeoptions[isset($intype) ? $intype : (@$editfield['flags']&(QA_FIELD_FLAGS_MULTI_LINE|QA_FIELD_FLAGS_LINK_URL))],
			),

			'permit' => array(
				'id' => 'permit_display',
				'tags' => 'name="permit"',
				'label' => qa_lang_html('admin/permit_to_view'),
				'type' => 'select',
				'options' => $permitoptions,
				'value' => $permitvalue,
			),

			'position' => array(
				'id' => 'position_display',
				'tags' => 'name="position"',
				'label' => qa_lang_html('admin/position'),
				'type' => 'select',
				'options' => $positionoptions,
				'value' => $positionvalue,
			),

			'onregister' => array(
				'id' => 'register_display',
				'tags' => 'name="onregister"',
				'label' => qa_lang_html('admin/show_on_register_form'),
				'type' => 'checkbox',
				'value' => isset($inonregister) ? $inonregister : (@$editfield['flags']&QA_FIELD_FLAGS_ON_REGISTER),
			),
		),

		'buttons' => array(
			'save' => array(
				'label' => qa_lang_html(isset($editfield['fieldid']) ? 'main/save_button' : ('admin/add_field_button')),
			),

			'cancel' => array(
				'tags' => 'name="docancel"',
				'label' => qa_lang_html('main/cancel_button'),
			),
		),

		'hidden' => array(
			'dosavefield' => '1', // for IE
			'edit' => @$editfield['fieldid'],
			'code' => qa_get_form_security_code('admin/userfields'),
		),
	);

	if (isset($editfield['fieldid']))
		qa_set_display_rules($qa_content, array(
			'type_display' => '!dodelete',
			'position_display' => '!dodelete',
			'register_display' => '!dodelete',
			'permit_display' => '!dodelete',
		));
	else
		unset($qa_content['form']['fields']['delete']);

	$qa_content['focusid']='name';

	$qa_content['navigation']['sub']=qa_admin_sub_navigation();


	return $qa_content;


/*
	Omit PHP closing tag to help avoid accidental output
*/