<?php /* Question2Answer by Gideon Greenspan and contributors http://www.question2answer.org/ File: qa-include/qa-page-admin-userfields.php Description: Controller for admin page for editing custom user fields This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser header('Location: ../'); exit; } require_once QA_INCLUDE_DIR.'app/admin.php'; require_once QA_INCLUDE_DIR.'db/selects.php'; // Get current list of user fields and determine the state of this admin page $fieldid=qa_post_text('edit'); if (!isset($fieldid)) $fieldid=qa_get('edit'); $userfields=qa_db_select_with_pending(qa_db_userfields_selectspec()); $editfield=null; foreach ($userfields as $userfield) if ($userfield['fieldid']==$fieldid) $editfield=$userfield; // Check admin privileges (do late to allow one DB query) if (!qa_admin_check_privileges($qa_content)) return $qa_content; // Process saving an old or new user field $securityexpired=false; if (qa_clicked('docancel')) qa_redirect('admin/users'); elseif (qa_clicked('dosavefield')) { require_once QA_INCLUDE_DIR.'db/admin.php'; require_once QA_INCLUDE_DIR.'util/string.php'; if (!qa_check_form_security_code('admin/userfields', qa_post_text('code'))) $securityexpired=true; else { if (qa_post_text('dodelete')) { qa_db_userfield_delete($editfield['fieldid']); qa_redirect('admin/users'); } else { $inname=qa_post_text('name'); $intype=qa_post_text('type'); $inonregister=(int)qa_post_text('onregister'); $inflags=$intype | ($inonregister ? QA_FIELD_FLAGS_ON_REGISTER : 0); $inposition=qa_post_text('position'); $inpermit=(int)qa_post_text('permit'); $errors=array(); // Verify the name is legitimate if (qa_strlen($inname)>QA_DB_MAX_PROFILE_TITLE_LENGTH) $errors['name']=qa_lang_sub('main/max_length_x', QA_DB_MAX_PROFILE_TITLE_LENGTH); // Perform appropriate database action if (isset($editfield['fieldid'])) { // changing existing user field qa_db_userfield_set_fields($editfield['fieldid'], isset($errors['name']) ? $editfield['content'] : $inname, $inflags, $inpermit); qa_db_userfield_move($editfield['fieldid'], $inposition); if (empty($errors)) qa_redirect('admin/users'); else { $userfields=qa_db_select_with_pending(qa_db_userfields_selectspec()); // reload after changes foreach ($userfields as $userfield) if ($userfield['fieldid']==$editfield['fieldid']) $editfield=$userfield; } } elseif (empty($errors)) { // creating a new user field for ($attempt=0; $attempt<1000; $attempt++) { $suffix=$attempt ? ('-'.(1+$attempt)) : ''; $newtag=qa_substr(implode('-', qa_string_to_words($inname)), 0, QA_DB_MAX_PROFILE_TITLE_LENGTH-strlen($suffix)).$suffix; $uniquetag=true; foreach ($userfields as $userfield) if (qa_strtolower(trim($newtag)) == qa_strtolower(trim($userfield['title']))) $uniquetag=false; if ($uniquetag) { $fieldid=qa_db_userfield_create($newtag, $inname, $inflags, $inpermit); qa_db_userfield_move($fieldid, $inposition); qa_redirect('admin/users'); } } qa_fatal_error('Could not create a unique database tag'); } } } } // Prepare content for theme $qa_content=qa_content_prepare(); $qa_content['title']=qa_lang_html('admin/admin_title').' - '.qa_lang_html('admin/users_title'); $qa_content['error']=$securityexpired ? qa_lang_html('admin/form_security_expired') : qa_admin_page_error(); $positionoptions=array(); $previous=null; $passedself=false; foreach ($userfields as $userfield) { if (isset($previous)) $positionhtml=qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($passedself ? $userfield : $previous))); else $positionhtml=qa_lang_html('admin/first'); $positionoptions[$userfield['position']]=$positionhtml; if ($userfield['fieldid']==@$editfield['fieldid']) $passedself=true; $previous=$userfield; } if (isset($editfield['position'])) $positionvalue=$positionoptions[$editfield['position']]; else { $positionvalue=isset($previous) ? qa_lang_html_sub('admin/after_x', qa_html(qa_user_userfield_label($previous))) : qa_lang_html('admin/first'); $positionoptions[1+@max(array_keys($positionoptions))]=$positionvalue; } $typeoptions=array( 0 => qa_lang_html('admin/field_single_line'), QA_FIELD_FLAGS_MULTI_LINE => qa_lang_html('admin/field_multi_line'), QA_FIELD_FLAGS_LINK_URL => qa_lang_html('admin/field_link_url'), ); $permitoptions=qa_admin_permit_options(QA_PERMIT_ALL, QA_PERMIT_ADMINS, false, false); $permitvalue=@$permitoptions[isset($inpermit) ? $inpermit : $editfield['permit']]; $qa_content['form']=array( 'tags' => 'method="post" action="'.qa_path_html(qa_request()).'"', 'style' => 'tall', 'fields' => array( 'name' => array( 'tags' => 'name="name" id="name"', 'label' => qa_lang_html('admin/field_name'), 'value' => qa_html(isset($inname) ? $inname : qa_user_userfield_label($editfield)), 'error' => qa_html(@$errors['name']), ), 'delete' => array( 'tags' => 'name="dodelete" id="dodelete"', 'label' => qa_lang_html('admin/delete_field'), 'value' => 0, 'type' => 'checkbox', ), 'type' => array( 'id' => 'type_display', 'tags' => 'name="type"', 'label' => qa_lang_html('admin/field_type'), 'type' => 'select', 'options' => $typeoptions, 'value' => @$typeoptions[isset($intype) ? $intype : (@$editfield['flags']&(QA_FIELD_FLAGS_MULTI_LINE|QA_FIELD_FLAGS_LINK_URL))], ), 'permit' => array( 'id' => 'permit_display', 'tags' => 'name="permit"', 'label' => qa_lang_html('admin/permit_to_view'), 'type' => 'select', 'options' => $permitoptions, 'value' => $permitvalue, ), 'position' => array( 'id' => 'position_display', 'tags' => 'name="position"', 'label' => qa_lang_html('admin/position'), 'type' => 'select', 'options' => $positionoptions, 'value' => $positionvalue, ), 'onregister' => array( 'id' => 'register_display', 'tags' => 'name="onregister"', 'label' => qa_lang_html('admin/show_on_register_form'), 'type' => 'checkbox', 'value' => isset($inonregister) ? $inonregister : (@$editfield['flags']&QA_FIELD_FLAGS_ON_REGISTER), ), ), 'buttons' => array( 'save' => array( 'label' => qa_lang_html(isset($editfield['fieldid']) ? 'main/save_button' : ('admin/add_field_button')), ), 'cancel' => array( 'tags' => 'name="docancel"', 'label' => qa_lang_html('main/cancel_button'), ), ), 'hidden' => array( 'dosavefield' => '1', // for IE 'edit' => @$editfield['fieldid'], 'code' => qa_get_form_security_code('admin/userfields'), ), ); if (isset($editfield['fieldid'])) qa_set_display_rules($qa_content, array( 'type_display' => '!dodelete', 'position_display' => '!dodelete', 'register_display' => '!dodelete', 'permit_display' => '!dodelete', )); else unset($qa_content['form']['fields']['delete']); $qa_content['focusid']='name'; $qa_content['navigation']['sub']=qa_admin_sub_navigation(); return $qa_content; /* Omit PHP closing tag to help avoid accidental output */