X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fgroup.php;h=a282dbccf571c8ff5558a099c928b666235545da;hb=ffd5217ffaab826eb7f16c112a9f39b548298b81;hp=e5c6b92aea61c7643897812851c10fdc6dcd3a60;hpb=ac824fe83e67950f9303d13d574ff00b57dd5727;p=friendica.git diff --git a/mod/group.php b/mod/group.php index e5c6b92aea..a282dbccf5 100644 --- a/mod/group.php +++ b/mod/group.php @@ -7,7 +7,7 @@ function validate_members(&$item) { function group_init(&$a) { if(local_user()) { require_once('include/group.php'); - $a->page['aside'] = group_side(); + $a->page['aside'] = group_side('contacts','group',false,(($a->argc > 1) ? intval($a->argv[1]) : 0)); } } @@ -21,10 +21,12 @@ function group_post(&$a) { } if(($a->argc == 2) && ($a->argv[1] === 'new')) { + check_form_security_token_redirectOnErr('/group/new', 'group_edit'); + $name = notags(trim($_POST['groupname'])); $r = group_add(local_user(),$name); if($r) { - notice( t('Group created.') . EOL ); + info( t('Group created.') . EOL ); $r = group_byname(local_user(),$name); if($r) goaway($a->get_baseurl() . '/group/' . $r); @@ -35,6 +37,8 @@ function group_post(&$a) { return; // NOTREACHED } if(($a->argc == 2) && (intval($a->argv[1]))) { + check_form_security_token_redirectOnErr('/group', 'group_edit'); + $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user()) @@ -53,48 +57,48 @@ function group_post(&$a) { intval($group['id']) ); if($r) - notice( t('Group name changed.') . EOL ); - } - $members = $_POST['group_members_select']; - array_walk($members,'validate_members'); - $r = q("DELETE FROM `group_member` WHERE `gid` = %d AND `uid` = %d", - intval($a->argv[1]), - intval(local_user()) - ); - $result = true; - if(count($members)) { - foreach($members as $member) { - $r = q("INSERT INTO `group_member` ( `uid`, `gid`, `contact-id`) - VALUES ( %d, %d, %d )", - intval(local_user()), - intval($group['id']), - intval($member) - ); - if(! $r) - $result = false; - } + info( t('Group name changed.') . EOL ); } - if($result) - notice( t('Membership list updated.') . EOL); + $a->page['aside'] = group_side(); } return; } function group_content(&$a) { - + $change = false; + if(! local_user()) { notice( t('Permission denied') . EOL); return; } + // Switch to text mode interface if we have more than 'n' contacts or group members + + $switchtotext = get_pconfig(local_user(),'system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = get_config('system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = 400; + + $tpl = get_markup_template('group_edit.tpl'); + $context = array('$submit' => t('Submit')); + if(($a->argc == 2) && ($a->argv[1] === 'new')) { - $tpl = load_view_file('view/group_new.tpl'); - $o .= replace_macros($tpl,array()); - return $o; + + return replace_macros($tpl, $context + array( + '$title' => t('Create a group of contacts/friends.'), + '$gname' => array('groupname',t('Group Name: '), '', ''), + '$gid' => 'new', + '$form_security_token' => get_form_security_token("group_edit"), + )); + + } if(($a->argc == 3) && ($a->argv[1] === 'drop')) { + check_form_security_token_redirectOnErr('/group', 'group_drop', 't'); + if(intval($a->argv[2])) { $r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[2]), @@ -103,18 +107,29 @@ function group_content(&$a) { if(count($r)) $result = group_rmv(local_user(),$r[0]['name']); if($result) - notice( t('Group removed.') . EOL); + info( t('Group removed.') . EOL); else notice( t('Unable to remove group.') . EOL); } goaway($a->get_baseurl() . '/group'); - return; // NOTREACHED + // NOTREACHED } + if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) { + check_form_security_token_ForbiddenOnErr('group_member_change', 't'); + + $r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1", + intval($a->argv[2]), + intval(local_user()) + ); + if(count($r)) + $change = intval($a->argv[2]); + } - if(($a->argc == 2) && (intval($a->argv[1]))) { - require_once('view/acl_selectors.php'); - $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", + if(($a->argc > 1) && (intval($a->argv[1]))) { + + require_once('include/acl_selectors.php'); + $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", intval($a->argv[1]), intval(local_user()) ); @@ -123,30 +138,95 @@ function group_content(&$a) { goaway($a->get_baseurl() . '/contacts'); } $group = $r[0]; - $ret = group_get_members($group['id']); + $members = group_get_members($group['id']); $preselected = array(); - if(count($ret)) { - foreach($ret as $p) - $preselected[] = $p['id']; + if(count($members)) { + foreach($members as $member) + $preselected[] = $member['id']; + } + + if($change) { + if(in_array($change,$preselected)) { + group_rmv_member(local_user(),$group['name'],$change); + } + else { + group_add_member(local_user(),$group['name'],$change); + } + + $members = group_get_members($group['id']); + $preselected = array(); + if(count($members)) { + foreach($members as $member) + $preselected[] = $member['id']; + } } - $drop_tpl = load_view_file('view/group_drop.tpl'); + + $drop_tpl = get_markup_template('group_drop.tpl'); $drop_txt = replace_macros($drop_tpl, array( '$id' => $group['id'], - '$delete' => t('Delete') + '$delete' => t('Delete'), + '$form_security_token' => get_form_security_token("group_drop"), )); $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false); - $tpl = load_view_file('view/group_edit.tpl'); - $o .= replace_macros($tpl, array( + + $context = $context + array( + '$title' => t('Group Editor'), + '$gname' => array('groupname',t('Group Name: '),$group['name'], ''), '$gid' => $group['id'], - '$name' => $group['name'], '$drop' => $drop_txt, - '$selector' => contact_select('group_members_select','group_members_select',$preselected,25,false,$celeb) - )); + '$form_security_token' => get_form_security_token('group_edit'), + ); } - return $o; -} \ No newline at end of file + if(! isset($group)) + return; + + $groupeditor = array( + 'label_members' => t('Members'), + 'members' => array(), + 'label_contacts' => t('All Contacts'), + 'contacts' => array(), + ); + + $sec_token = addslashes(get_form_security_token('group_member_change')); + $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); + foreach($members as $member) { + if($member['url']) { + $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;'; + $groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode); + } + else + group_rmv_member(local_user(),$group['name'],$member['id']); + } + + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 and `pending` = 0 and `self` = 0 ORDER BY `name` ASC", + intval(local_user()) + ); + + if(count($r)) { + $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); + foreach($r as $member) { + if(! in_array($member['id'],$preselected)) { + $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;'; + $groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode); + } + } + } + + $context['$groupeditor'] = $groupeditor; + $context['$desc'] = t('Click on a contact to add or remove.'); + + if($change) { + $tpl = get_markup_template('groupeditor.tpl'); + echo replace_macros($tpl, $context); + killme(); + } + + return replace_macros($tpl, $context); + +} +