admin-userfields.php 7.55 KB
Newer Older
Scott committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
<?php
/*
	Question2Answer by Gideon Greenspan and contributors
	http://www.question2answer.org/

	Description: Controller for admin page for editing custom user fields


	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	More about this license: http://www.question2answer.org/license.php
*/

Scott committed
22
if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
23
	header('Location: ../../../');
Scott committed
24 25
	exit;
}
Scott committed
26

Scott committed
27 28
require_once QA_INCLUDE_DIR . 'app/admin.php';
require_once QA_INCLUDE_DIR . 'db/selects.php';
Scott committed
29 30


Scott committed
31
// Get current list of user fields and determine the state of this admin page
Scott committed
32

Scott committed
33 34 35
$fieldid = qa_post_text('edit');
if (!isset($fieldid))
	$fieldid = qa_get('edit');
Scott committed
36

Scott committed
37
$userfields = qa_db_select_with_pending(qa_db_userfields_selectspec());
Scott committed
38

Scott committed
39 40 41 42 43
$editfield = null;
foreach ($userfields as $userfield) {
	if ($userfield['fieldid'] == $fieldid)
		$editfield = $userfield;
}
Scott committed
44 45


Scott committed
46
// Check admin privileges (do late to allow one DB query)
Scott committed
47

Scott committed
48 49
if (!qa_admin_check_privileges($qa_content))
	return $qa_content;
Scott committed
50 51


Scott committed
52
// Process saving an old or new user field
Scott committed
53

Scott committed
54
$securityexpired = false;
Scott committed
55

Scott committed
56 57
if (qa_clicked('docancel'))
	qa_redirect('admin/users');
Scott committed
58

Scott committed
59 60 61
elseif (qa_clicked('dosavefield')) {
	require_once QA_INCLUDE_DIR . 'db/admin.php';
	require_once QA_INCLUDE_DIR . 'util/string.php';
Scott committed
62

Scott committed
63 64
	if (!qa_check_form_security_code('admin/userfields', qa_post_text('code')))
		$securityexpired = true;
Scott committed
65

Scott committed
66 67 68 69
	else {
		if (qa_post_text('dodelete')) {
			qa_db_userfield_delete($editfield['fieldid']);
			qa_redirect('admin/users');
Scott committed
70

Scott committed
71 72 73 74 75 76 77
		} else {
			$inname = qa_post_text('name');
			$intype = qa_post_text('type');
			$inonregister = (int)qa_post_text('onregister');
			$inflags = $intype | ($inonregister ? QA_FIELD_FLAGS_ON_REGISTER : 0);
			$inposition = qa_post_text('position');
			$inpermit = (int)qa_post_text('permit');
Scott committed
78

Scott committed
79
			$errors = array();
Scott committed
80

Scott committed
81
			// Verify the name is legitimate
Scott committed
82

Scott committed
83 84
			if (qa_strlen($inname) > QA_DB_MAX_PROFILE_TITLE_LENGTH)
				$errors['name'] = qa_lang_sub('main/max_length_x', QA_DB_MAX_PROFILE_TITLE_LENGTH);
Scott committed
85

Scott committed
86
			// Perform appropriate database action
Scott committed
87

Scott committed
88 89 90
			if (isset($editfield['fieldid'])) { // changing existing user field
				qa_db_userfield_set_fields($editfield['fieldid'], isset($errors['name']) ? $editfield['content'] : $inname, $inflags, $inpermit);
				qa_db_userfield_move($editfield['fieldid'], $inposition);
Scott committed
91

Scott committed
92 93
				if (empty($errors))
					qa_redirect('admin/users');
Scott committed
94

Scott committed
95 96 97 98 99 100
				else {
					$userfields = qa_db_select_with_pending(qa_db_userfields_selectspec()); // reload after changes
					foreach ($userfields as $userfield)
						if ($userfield['fieldid'] == $editfield['fieldid'])
							$editfield = $userfield;
				}
Scott committed
101

Scott committed
102
			} elseif (empty($errors)) { // creating a new user field
Scott committed
103

Scott committed
104 105 106 107
				for ($attempt = 0; $attempt < 1000; $attempt++) {
					$suffix = $attempt ? ('-' . (1 + $attempt)) : '';
					$newtag = qa_substr(implode('-', qa_string_to_words($inname)), 0, QA_DB_MAX_PROFILE_TITLE_LENGTH - strlen($suffix)) . $suffix;
					$uniquetag = true;
Scott committed
108

Scott committed
109 110 111
					foreach ($userfields as $userfield) {
						if (qa_strtolower(trim($newtag)) == qa_strtolower(trim($userfield['title'])))
							$uniquetag = false;
Scott committed
112 113
					}

Scott committed
114 115 116 117 118
					if ($uniquetag) {
						$fieldid = qa_db_userfield_create($newtag, $inname, $inflags, $inpermit);
						qa_db_userfield_move($fieldid, $inposition);
						qa_redirect('admin/users');
					}
Scott committed
119
				}
Scott committed
120 121

				qa_fatal_error('Could not create a unique database tag');
Scott committed
122 123 124
			}
		}
	}
Scott committed
125
}
Scott committed
126 127


Scott committed
128
// Prepare content for theme
Scott committed
129

Scott committed
130
$qa_content = qa_content_prepare();
Scott committed
131

Scott committed
132 133
$qa_content['title'] = qa_lang_html('admin/admin_title') . ' - ' . qa_lang_html('admin/users_title');
$qa_content['error'] = $securityexpired ? qa_lang_html('admin/form_security_expired') : qa_admin_page_error();
Scott committed
134

Scott committed
135 136 137
$positionoptions = array();
$previous = null;
$passedself = false;
Scott committed
138

Scott committed
139 140 141 142 143
foreach ($userfields as $userfield) {
	if (isset($previous))
		$positionhtml = qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($passedself ? $userfield : $previous)));
	else
		$positionhtml = qa_lang_html('admin/first');
Scott committed
144

Scott committed
145
	$positionoptions[$userfield['position']] = $positionhtml;
Scott committed
146

Scott committed
147 148
	if ($userfield['fieldid'] == @$editfield['fieldid'])
		$passedself = true;
Scott committed
149

Scott committed
150 151
	$previous = $userfield;
}
Scott committed
152

Scott committed
153 154 155 156 157 158 159 160 161 162 163 164
if (isset($editfield['position']))
	$positionvalue = $positionoptions[$editfield['position']];
else {
	$positionvalue = isset($previous) ? qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($previous))) : qa_lang_html('admin/first');
	$positionoptions[1 + @max(array_keys($positionoptions))] = $positionvalue;
}

$typeoptions = array(
	0 => qa_lang_html('admin/field_single_line'),
	QA_FIELD_FLAGS_MULTI_LINE => qa_lang_html('admin/field_multi_line'),
	QA_FIELD_FLAGS_LINK_URL => qa_lang_html('admin/field_link_url'),
);
Scott committed
165

Scott committed
166 167 168 169 170 171 172 173 174 175 176 177 178 179
$permitoptions = qa_admin_permit_options(QA_PERMIT_ALL, QA_PERMIT_ADMINS, false, false);
$permitvalue = @$permitoptions[isset($inpermit) ? $inpermit : $editfield['permit']];

$qa_content['form'] = array(
	'tags' => 'method="post" action="' . qa_path_html(qa_request()) . '"',

	'style' => 'tall',

	'fields' => array(
		'name' => array(
			'tags' => 'name="name" id="name"',
			'label' => qa_lang_html('admin/field_name'),
			'value' => qa_html(isset($inname) ? $inname : qa_user_userfield_label($editfield)),
			'error' => qa_html(@$errors['name']),
Scott committed
180 181
		),

Scott committed
182 183 184 185 186 187
		'delete' => array(
			'tags' => 'name="dodelete" id="dodelete"',
			'label' => qa_lang_html('admin/delete_field'),
			'value' => 0,
			'type' => 'checkbox',
		),
Scott committed
188

Scott committed
189 190 191 192 193 194 195
		'type' => array(
			'id' => 'type_display',
			'tags' => 'name="type"',
			'label' => qa_lang_html('admin/field_type'),
			'type' => 'select',
			'options' => $typeoptions,
			'value' => @$typeoptions[isset($intype) ? $intype : (@$editfield['flags'] & (QA_FIELD_FLAGS_MULTI_LINE | QA_FIELD_FLAGS_LINK_URL))],
Scott committed
196 197
		),

Scott committed
198 199 200 201 202 203 204
		'permit' => array(
			'id' => 'permit_display',
			'tags' => 'name="permit"',
			'label' => qa_lang_html('admin/permit_to_view'),
			'type' => 'select',
			'options' => $permitoptions,
			'value' => $permitvalue,
Scott committed
205 206
		),

Scott committed
207 208 209 210 211 212 213 214
		'position' => array(
			'id' => 'position_display',
			'tags' => 'name="position"',
			'label' => qa_lang_html('admin/position'),
			'type' => 'select',
			'options' => $positionoptions,
			'value' => $positionvalue,
		),
Scott committed
215

Scott committed
216 217 218 219 220 221 222 223
		'onregister' => array(
			'id' => 'register_display',
			'tags' => 'name="onregister"',
			'label' => qa_lang_html('admin/show_on_register_form'),
			'type' => 'checkbox',
			'value' => isset($inonregister) ? $inonregister : (@$editfield['flags'] & QA_FIELD_FLAGS_ON_REGISTER),
		),
	),
Scott committed
224

Scott committed
225 226 227 228
	'buttons' => array(
		'save' => array(
			'label' => qa_lang_html(isset($editfield['fieldid']) ? 'main/save_button' : ('admin/add_field_button')),
		),
Scott committed
229

Scott committed
230 231 232 233 234
		'cancel' => array(
			'tags' => 'name="docancel"',
			'label' => qa_lang_html('main/cancel_button'),
		),
	),
Scott committed
235

Scott committed
236 237 238 239 240 241
	'hidden' => array(
		'dosavefield' => '1', // for IE
		'edit' => @$editfield['fieldid'],
		'code' => qa_get_form_security_code('admin/userfields'),
	),
);
Scott committed
242

Scott committed
243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259
if (isset($editfield['fieldid'])) {
	qa_set_display_rules($qa_content, array(
		'type_display' => '!dodelete',
		'position_display' => '!dodelete',
		'register_display' => '!dodelete',
		'permit_display' => '!dodelete',
	));
} else {
	unset($qa_content['form']['fields']['delete']);
}

$qa_content['focusid'] = 'name';

$qa_content['navigation']['sub'] = qa_admin_sub_navigation();


return $qa_content;