qa-page-admin-userfields.php

<?php
	
/*
	Question2Answer (c) Gideon Greenspan

	http://www.question2answer.org/

	
	File: qa-include/qa-page-admin-userfields.php
	Version: See define()s at top of qa-include/qa-base.php
	Description: Controller for admin page for editing custom user fields


	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.
	
	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	More about this license: http://www.question2answer.org/license.php
*/

	if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
		header('Location: ../');
		exit;
	}

	require_once QA_INCLUDE_DIR.'qa-app-admin.php';
	require_once QA_INCLUDE_DIR.'qa-db-selects.php';

	
//	Get current list of user fields and determine the state of this admin page

	$fieldid=qa_post_text('edit');
	if (!isset($fieldid))
		$fieldid=qa_get('edit');
		
	$userfields=qa_db_select_with_pending(qa_db_userfields_selectspec());

	$editfield=null;
	foreach ($userfields as $userfield)
		if ($userfield['fieldid']==$fieldid)
			$editfield=$userfield;
	

//	Check admin privileges (do late to allow one DB query)

	if (!qa_admin_check_privileges($qa_content))
		return $qa_content;
		
		
//	Process saving an old or new user field
	
	$securityexpired=false;
	
	if (qa_clicked('docancel'))
		qa_redirect('admin/users');

	elseif (qa_clicked('dosavefield')) {
		require_once QA_INCLUDE_DIR.'qa-db-admin.php';
		require_once QA_INCLUDE_DIR.'qa-util-string.php';
		
		if (!qa_check_form_security_code('admin/userfields', qa_post_text('code')))
			$securityexpired=true;
		
		else {
			if (qa_post_text('dodelete')) {
				qa_db_userfield_delete($editfield['fieldid']);
				qa_redirect('admin/users');
			
			} else {
				$inname=qa_post_text('name');
				$intype=qa_post_text('type');
				$inonregister=(int)qa_post_text('onregister');
				$inflags=$intype | ($inonregister ? QA_FIELD_FLAGS_ON_REGISTER : 0);
				$inposition=qa_post_text('position');
				$inpermit=(int)qa_post_text('permit');
	
				$errors=array();
				
			//	Verify the name is legitimate
			
				if (qa_strlen($inname)>QA_DB_MAX_PROFILE_TITLE_LENGTH)
					$errors['name']=qa_lang_sub('main/max_length_x', QA_DB_MAX_PROFILE_TITLE_LENGTH);
	
			//	Perform appropriate database action
		
				if (isset($editfield['fieldid'])) { // changing existing user field
					qa_db_userfield_set_fields($editfield['fieldid'], isset($errors['name']) ? $editfield['content'] : $inname, $inflags, $inpermit);
					qa_db_userfield_move($editfield['fieldid'], $inposition);
					
					if (empty($errors))
						qa_redirect('admin/users');
	
					else {
						$userfields=qa_db_select_with_pending(qa_db_userfields_selectspec()); // reload after changes
						foreach ($userfields as $userfield)
							if ($userfield['fieldid']==$editfield['fieldid'])
								$editfield=$userfield;
					}
		
				} elseif (empty($errors)) { // creating a new user field
	
					for ($attempt=0; $attempt<1000; $attempt++) {
						$suffix=$attempt ? ('-'.(1+$attempt)) : '';
						$newtag=qa_substr(implode('-', qa_string_to_words($inname)), 0, QA_DB_MAX_PROFILE_TITLE_LENGTH-strlen($suffix)).$suffix;
						$uniquetag=true;
					
						foreach ($userfields as $userfield)	
							if (qa_strtolower(trim($newtag)) == qa_strtolower(trim($userfield['title'])))
								$uniquetag=false;
								
						if ($uniquetag) {
							$fieldid=qa_db_userfield_create($newtag, $inname, $inflags, $inpermit);
							qa_db_userfield_move($fieldid, $inposition);
							qa_redirect('admin/users');
						}
					}
					
					qa_fatal_error('Could not create a unique database tag');
				}
			}
		}
	}
	
		
//	Prepare content for theme
	
	$qa_content=qa_content_prepare();

	$qa_content['title']=qa_lang_html('admin/admin_title').' - '.qa_lang_html('admin/users_title');
	$qa_content['error']=$securityexpired ? qa_lang_html('admin/form_security_expired') : qa_admin_page_error();

	$positionoptions=array();
	$previous=null;
	$passedself=false;
	
	foreach ($userfields as $userfield) {
		if (isset($previous))
			$positionhtml=qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($passedself ? $userfield : $previous)));
		else
			$positionhtml=qa_lang_html('admin/first');
				
		$positionoptions[$userfield['position']]=$positionhtml;
			
		if ($userfield['fieldid']==@$editfield['fieldid'])
			$passedself=true;

		$previous=$userfield;
	}
	
	if (isset($editfield['position']))
		$positionvalue=$positionoptions[$editfield['position']];
	else {
		$positionvalue=isset($previous) ? qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($previous))) : qa_lang_html('admin/first');
		$positionoptions[1+@max(array_keys($positionoptions))]=$positionvalue;
	}
	
	$typeoptions=array(
		0 => qa_lang_html('admin/field_single_line'),
		QA_FIELD_FLAGS_MULTI_LINE => qa_lang_html('admin/field_multi_line'),
		QA_FIELD_FLAGS_LINK_URL => qa_lang_html('admin/field_link_url'),
	);
	
	$permitoptions=qa_admin_permit_options(QA_PERMIT_ALL, QA_PERMIT_ADMINS, false, false);
	$permitvalue=@$permitoptions[isset($inpermit) ? $inpermit : $editfield['permit']];

	$qa_content['form']=array(
		'tags' => 'method="post" action="'.qa_path_html(qa_request()).'"',
		
		'style' => 'tall',
		
		'fields' => array(
			'name' => array(
				'tags' => 'name="name" id="name"',
				'label' => qa_lang_html('admin/field_name'),
				'value' => qa_html(isset($inname) ? $inname : qa_user_userfield_label($editfield)),
				'error' => qa_html(@$errors['name']),
			),
			
			'delete' => array(
				'tags' => 'name="dodelete" id="dodelete"',
				'label' => qa_lang_html('admin/delete_field'),
				'value' => 0,
				'type' => 'checkbox',
			),
			
			'type' => array(
				'id' => 'type_display',
				'tags' => 'name="type"',
				'label' => qa_lang_html('admin/field_type'),
				'type' => 'select',
				'options' => $typeoptions,
				'value' => @$typeoptions[isset($intype) ? $intype : (@$editfield['flags']&(QA_FIELD_FLAGS_MULTI_LINE|QA_FIELD_FLAGS_LINK_URL))],
			),
			
			'permit' => array(
				'id' => 'permit_display',
				'tags' => 'name="permit"',
				'label' => qa_lang_html('admin/permit_to_view'),
				'type' => 'select',
				'options' => $permitoptions,
				'value' => $permitvalue,
			),
			
			'position' => array(
				'id' => 'position_display',
				'tags' => 'name="position"',
				'label' => qa_lang_html('admin/position'),
				'type' => 'select',
				'options' => $positionoptions,
				'value' => $positionvalue,
			),			

			'onregister' => array(
				'id' => 'register_display',
				'tags' => 'name="onregister"',
				'label' => qa_lang_html('admin/show_on_register_form'),
				'type' => 'checkbox',
				'value' => isset($inonregister) ? $inonregister : (@$editfield['flags']&QA_FIELD_FLAGS_ON_REGISTER),
			),
		),

		'buttons' => array(
			'save' => array(
				'label' => qa_lang_html(isset($editfield['fieldid']) ? 'main/save_button' : ('admin/add_field_button')),
			),
			
			'cancel' => array(
				'tags' => 'name="docancel"',
				'label' => qa_lang_html('main/cancel_button'),
			),
		),
		
		'hidden' => array(
			'dosavefield' => '1', // for IE
			'edit' => @$editfield['fieldid'],
			'code' => qa_get_form_security_code('admin/userfields'),
		),
	);
	
	if (isset($editfield['fieldid']))
		qa_set_display_rules($qa_content, array(
			'type_display' => '!dodelete',
			'position_display' => '!dodelete',
			'register_display' => '!dodelete',
			'permit_display' => '!dodelete',
		));
	else
		unset($qa_content['form']['fields']['delete']);
	
	$qa_content['focusid']='name';

	$qa_content['navigation']['sub']=qa_admin_sub_navigation();

	
	return $qa_content;


/*
	Omit PHP closing tag to help avoid accidental output
*/