admin-userfields.php

<?php
/*
	Question2Answer by Gideon Greenspan and contributors
	http://www.question2answer.org/

	File: qa-include/qa-page-admin-userfields.php
	Description: Controller for admin page for editing custom user fields


	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	More about this license: http://www.question2answer.org/license.php
*/

if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
	header('Location: ../');
	exit;
}

require_once QA_INCLUDE_DIR . 'app/admin.php';
require_once QA_INCLUDE_DIR . 'db/selects.php';


// Get current list of user fields and determine the state of this admin page

$fieldid = qa_post_text('edit');
if (!isset($fieldid))
	$fieldid = qa_get('edit');

$userfields = qa_db_select_with_pending(qa_db_userfields_selectspec());

$editfield = null;
foreach ($userfields as $userfield) {
	if ($userfield['fieldid'] == $fieldid)
		$editfield = $userfield;
}


// Check admin privileges (do late to allow one DB query)

if (!qa_admin_check_privileges($qa_content))
	return $qa_content;


// Process saving an old or new user field

$securityexpired = false;

if (qa_clicked('docancel'))
	qa_redirect('admin/users');

elseif (qa_clicked('dosavefield')) {
	require_once QA_INCLUDE_DIR . 'db/admin.php';
	require_once QA_INCLUDE_DIR . 'util/string.php';

	if (!qa_check_form_security_code('admin/userfields', qa_post_text('code')))
		$securityexpired = true;

	else {
		if (qa_post_text('dodelete')) {
			qa_db_userfield_delete($editfield['fieldid']);
			qa_redirect('admin/users');

		} else {
			$inname = qa_post_text('name');
			$intype = qa_post_text('type');
			$inonregister = (int)qa_post_text('onregister');
			$inflags = $intype | ($inonregister ? QA_FIELD_FLAGS_ON_REGISTER : 0);
			$inposition = qa_post_text('position');
			$inpermit = (int)qa_post_text('permit');

			$errors = array();

			// Verify the name is legitimate

			if (qa_strlen($inname) > QA_DB_MAX_PROFILE_TITLE_LENGTH)
				$errors['name'] = qa_lang_sub('main/max_length_x', QA_DB_MAX_PROFILE_TITLE_LENGTH);

			// Perform appropriate database action

			if (isset($editfield['fieldid'])) { // changing existing user field
				qa_db_userfield_set_fields($editfield['fieldid'], isset($errors['name']) ? $editfield['content'] : $inname, $inflags, $inpermit);
				qa_db_userfield_move($editfield['fieldid'], $inposition);

				if (empty($errors))
					qa_redirect('admin/users');

				else {
					$userfields = qa_db_select_with_pending(qa_db_userfields_selectspec()); // reload after changes
					foreach ($userfields as $userfield)
						if ($userfield['fieldid'] == $editfield['fieldid'])
							$editfield = $userfield;
				}

			} elseif (empty($errors)) { // creating a new user field

				for ($attempt = 0; $attempt < 1000; $attempt++) {
					$suffix = $attempt ? ('-' . (1 + $attempt)) : '';
					$newtag = qa_substr(implode('-', qa_string_to_words($inname)), 0, QA_DB_MAX_PROFILE_TITLE_LENGTH - strlen($suffix)) . $suffix;
					$uniquetag = true;

					foreach ($userfields as $userfield) {
						if (qa_strtolower(trim($newtag)) == qa_strtolower(trim($userfield['title'])))
							$uniquetag = false;
					}

					if ($uniquetag) {
						$fieldid = qa_db_userfield_create($newtag, $inname, $inflags, $inpermit);
						qa_db_userfield_move($fieldid, $inposition);
						qa_redirect('admin/users');
					}
				}

				qa_fatal_error('Could not create a unique database tag');
			}
		}
	}
}


// Prepare content for theme

$qa_content = qa_content_prepare();

$qa_content['title'] = qa_lang_html('admin/admin_title') . ' - ' . qa_lang_html('admin/users_title');
$qa_content['error'] = $securityexpired ? qa_lang_html('admin/form_security_expired') : qa_admin_page_error();

$positionoptions = array();
$previous = null;
$passedself = false;

foreach ($userfields as $userfield) {
	if (isset($previous))
		$positionhtml = qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($passedself ? $userfield : $previous)));
	else
		$positionhtml = qa_lang_html('admin/first');

	$positionoptions[$userfield['position']] = $positionhtml;

	if ($userfield['fieldid'] == @$editfield['fieldid'])
		$passedself = true;

	$previous = $userfield;
}

if (isset($editfield['position']))
	$positionvalue = $positionoptions[$editfield['position']];
else {
	$positionvalue = isset($previous) ? qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($previous))) : qa_lang_html('admin/first');
	$positionoptions[1 + @max(array_keys($positionoptions))] = $positionvalue;
}

$typeoptions = array(
	0 => qa_lang_html('admin/field_single_line'),
	QA_FIELD_FLAGS_MULTI_LINE => qa_lang_html('admin/field_multi_line'),
	QA_FIELD_FLAGS_LINK_URL => qa_lang_html('admin/field_link_url'),
);

$permitoptions = qa_admin_permit_options(QA_PERMIT_ALL, QA_PERMIT_ADMINS, false, false);
$permitvalue = @$permitoptions[isset($inpermit) ? $inpermit : $editfield['permit']];

$qa_content['form'] = array(
	'tags' => 'method="post" action="' . qa_path_html(qa_request()) . '"',

	'style' => 'tall',

	'fields' => array(
		'name' => array(
			'tags' => 'name="name" id="name"',
			'label' => qa_lang_html('admin/field_name'),
			'value' => qa_html(isset($inname) ? $inname : qa_user_userfield_label($editfield)),
			'error' => qa_html(@$errors['name']),
		),

		'delete' => array(
			'tags' => 'name="dodelete" id="dodelete"',
			'label' => qa_lang_html('admin/delete_field'),
			'value' => 0,
			'type' => 'checkbox',
		),

		'type' => array(
			'id' => 'type_display',
			'tags' => 'name="type"',
			'label' => qa_lang_html('admin/field_type'),
			'type' => 'select',
			'options' => $typeoptions,
			'value' => @$typeoptions[isset($intype) ? $intype : (@$editfield['flags'] & (QA_FIELD_FLAGS_MULTI_LINE | QA_FIELD_FLAGS_LINK_URL))],
		),

		'permit' => array(
			'id' => 'permit_display',
			'tags' => 'name="permit"',
			'label' => qa_lang_html('admin/permit_to_view'),
			'type' => 'select',
			'options' => $permitoptions,
			'value' => $permitvalue,
		),

		'position' => array(
			'id' => 'position_display',
			'tags' => 'name="position"',
			'label' => qa_lang_html('admin/position'),
			'type' => 'select',
			'options' => $positionoptions,
			'value' => $positionvalue,
		),

		'onregister' => array(
			'id' => 'register_display',
			'tags' => 'name="onregister"',
			'label' => qa_lang_html('admin/show_on_register_form'),
			'type' => 'checkbox',
			'value' => isset($inonregister) ? $inonregister : (@$editfield['flags'] & QA_FIELD_FLAGS_ON_REGISTER),
		),
	),

	'buttons' => array(
		'save' => array(
			'label' => qa_lang_html(isset($editfield['fieldid']) ? 'main/save_button' : ('admin/add_field_button')),
		),

		'cancel' => array(
			'tags' => 'name="docancel"',
			'label' => qa_lang_html('main/cancel_button'),
		),
	),

	'hidden' => array(
		'dosavefield' => '1', // for IE
		'edit' => @$editfield['fieldid'],
		'code' => qa_get_form_security_code('admin/userfields'),
	),
);

if (isset($editfield['fieldid'])) {
	qa_set_display_rules($qa_content, array(
		'type_display' => '!dodelete',
		'position_display' => '!dodelete',
		'register_display' => '!dodelete',
		'permit_display' => '!dodelete',
	));
} else {
	unset($qa_content['form']['fields']['delete']);
}

$qa_content['focusid'] = 'name';

$qa_content['navigation']['sub'] = qa_admin_sub_navigation();


return $qa_content;